upstream: use the new variant log macros instead of prepending
__func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
This commit is contained in:
parent
9e2c4f6422
commit
816036f142
192
.depend
192
.depend
|
@ -2,103 +2,103 @@
|
|||
# Run "make depend" to rebuild.
|
||||
|
||||
# DO NOT DELETE
|
||||
addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h
|
||||
addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h ./ssherr.h
|
||||
atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
|
||||
audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
|
||||
auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ./ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
|
||||
auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
|
||||
auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ./ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
|
||||
auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ./ssherr.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h authfile.h
|
||||
auth.o: monitor_wrap.h ssherr.h compat.h channels.h
|
||||
auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
|
||||
auth.o: authfile.h monitor_wrap.h compat.h channels.h
|
||||
auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ./ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h
|
||||
auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ./ssherr.h log.h misc.h servconf.h
|
||||
auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h pathnames.h
|
||||
auth2-hostbased.o: ssherr.h match.h
|
||||
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h
|
||||
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h
|
||||
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
|
||||
auth2-pubkey.o: canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h sk-api.h
|
||||
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h auth-options.h
|
||||
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h ./ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h
|
||||
auth2-hostbased.o: pathnames.h match.h
|
||||
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ./ssherr.h misc.h servconf.h
|
||||
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h misc.h servconf.h compat.h ssh2.h monitor_wrap.h
|
||||
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ./ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
|
||||
auth2-pubkey.o: auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h
|
||||
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h ./ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h
|
||||
auth2.o: digest.h
|
||||
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h monitor_wrap.h
|
||||
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h
|
||||
authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h
|
||||
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h
|
||||
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h ./ssherr.h atomicio.h misc.h
|
||||
authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ./ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h
|
||||
bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
|
||||
canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h canohost.h misc.h
|
||||
canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h canohost.h misc.h
|
||||
chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
|
||||
channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
|
||||
channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ./ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
|
||||
cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
|
||||
cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
|
||||
cipher-chachapoly-libcrypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h sshbuf.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
|
||||
cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ./ssherr.h digest.h openbsd-compat/openssl-compat.h
|
||||
cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h
|
||||
clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
|
||||
clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h
|
||||
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h match.h kex.h mac.h crypto_api.h
|
||||
clientloop.o: myproposal.h log.h ./ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h
|
||||
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ./ssherr.h match.h kex.h mac.h crypto_api.h
|
||||
dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
|
||||
digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h digest.h
|
||||
digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h ssherr.h
|
||||
dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
|
||||
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ./ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h
|
||||
dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ./ssherr.h dns.h log.h digest.h
|
||||
ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
|
||||
entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h
|
||||
fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
|
||||
ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
|
||||
groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h
|
||||
groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h ./ssherr.h
|
||||
gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
|
||||
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h pathnames.h ssherr.h digest.h hmac.h
|
||||
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h match.h
|
||||
kex.o: misc.h monitor.h ssherr.h sshbuf.h digest.h
|
||||
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
|
||||
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ./ssherr.h misc.h pathnames.h digest.h hmac.h
|
||||
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ./ssherr.h
|
||||
kex.o: match.h misc.h monitor.h sshbuf.h digest.h
|
||||
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ./ssherr.h ssh2.h
|
||||
kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
|
||||
kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h
|
||||
kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h
|
||||
kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h ./ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h
|
||||
kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexsntrup4591761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h
|
||||
krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h
|
||||
log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h
|
||||
kexsntrup4591761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ./ssherr.h
|
||||
krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ./ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h
|
||||
log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h match.h
|
||||
loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h ./ssherr.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h
|
||||
logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
|
||||
mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ./ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
|
||||
md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h
|
||||
misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ./ssherr.h ssh.h sshbuf.h
|
||||
moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h sk-api.h
|
||||
monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ./ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h
|
||||
monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
|
||||
monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h
|
||||
monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h monitor_fdpass.h
|
||||
monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h
|
||||
monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h
|
||||
msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
|
||||
mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h
|
||||
nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
|
||||
packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h canohost.h misc.h channels.h ssh.h
|
||||
packet.o: packet.h dispatch.h ssherr.h sshbuf.h
|
||||
monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ./ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h
|
||||
msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ./ssherr.h log.h atomicio.h msg.h misc.h
|
||||
mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ./ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h
|
||||
nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ./ssherr.h packet.h dispatch.h channels.h compat.h log.h
|
||||
packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h
|
||||
packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ./ssherr.h canohost.h misc.h
|
||||
platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h
|
||||
platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
|
||||
progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
|
||||
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
|
||||
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ./ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
|
||||
readconf.o: uidswap.h myproposal.h digest.h
|
||||
readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h
|
||||
readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ./ssherr.h ssh.h uidswap.h
|
||||
rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
|
||||
sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
|
@ -109,70 +109,70 @@ sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compa
|
|||
sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
|
||||
scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h
|
||||
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h
|
||||
servconf.o: mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
|
||||
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
|
||||
serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h
|
||||
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
|
||||
scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ./ssherr.h misc.h progressmeter.h utf8.h
|
||||
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ./ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
|
||||
servconf.o: sshkey.h kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
|
||||
serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h
|
||||
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ./ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ./ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
|
||||
session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
|
||||
sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
|
||||
sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ./ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ./ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
|
||||
sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h
|
||||
sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
|
||||
sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h sftp.h misc.h xmalloc.h
|
||||
sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ./ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
|
||||
sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ./ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sntrup4591761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h ssh-sk.h sk-api.h
|
||||
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h
|
||||
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ./ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h
|
||||
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ./ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h
|
||||
ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h
|
||||
ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ./ssherr.h digest.h sshkey.h
|
||||
ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h digest.h
|
||||
ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h
|
||||
ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h
|
||||
ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h
|
||||
ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ./ssherr.h sshbuf.h sshkey.h ssh.h digest.h
|
||||
ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ./ssherr.h sshbuf.h sshkey.h ssh.h
|
||||
ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ./ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h
|
||||
ssh-keyscan.o: ./ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h
|
||||
ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
|
||||
ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h
|
||||
ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ./ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h
|
||||
ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h
|
||||
ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshkey.h
|
||||
ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ./ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h
|
||||
ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h sshkey.h
|
||||
ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-sk-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h sshkey.h msg.h digest.h pathnames.h ssh-sk.h misc.h
|
||||
ssh-sk-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h authfd.h misc.h sshbuf.h msg.h uidswap.h ssherr.h ssh-sk.h
|
||||
ssh-sk-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h sshbuf.h sshkey.h msg.h digest.h pathnames.h ssh-sk.h misc.h
|
||||
ssh-sk-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ./ssherr.h sshkey.h authfd.h misc.h sshbuf.h msg.h uidswap.h ssh-sk.h
|
||||
ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels.h
|
||||
ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h
|
||||
ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc.h
|
||||
ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ./ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h
|
||||
ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ./ssherr.h
|
||||
sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h
|
||||
sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h
|
||||
sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
|
||||
sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h atomicio.h
|
||||
sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h
|
||||
sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h misc.h
|
||||
sshconnect.o: authfd.h kex.h mac.h crypto_api.h
|
||||
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h ssherr.h
|
||||
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h ./ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
|
||||
sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
|
||||
sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h ssh-sk.h sk-api.h
|
||||
sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h sk-api.h
|
||||
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
ssherr.o: ssherr.h
|
||||
sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h ./ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
|
||||
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ./ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
|
||||
sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h
|
||||
ssherr.o: ./ssherr.h
|
||||
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
|
||||
sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h
|
||||
sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h
|
||||
sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h misc.h sshbuf.h sshsig.h ssherr.h sshkey.h match.h digest.h
|
||||
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ./ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
|
||||
sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ./ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h
|
||||
sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h ./ssherr.h misc.h
|
||||
sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h ./ssherr.h misc.h sshbuf.h sshsig.h sshkey.h match.h digest.h
|
||||
sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
|
||||
ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h compat.h sshbuf.h ssherr.h ttymodes.h
|
||||
uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h
|
||||
ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h compat.h sshbuf.h ttymodes.h
|
||||
uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h uidswap.h xmalloc.h
|
||||
umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
|
||||
verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h
|
||||
xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ./ssherr.h
|
||||
xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
|
|
20
addrmatch.c
20
addrmatch.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */
|
||||
/* $OpenBSD: addrmatch.c,v 1.15 2020/10/18 11:32:01 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
|
||||
|
@ -381,7 +381,7 @@ addr_match_list(const char *addr, const char *_list)
|
|||
int ret = 0, r;
|
||||
|
||||
if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
|
||||
debug2("%s: couldn't parse address %.100s", __func__, addr);
|
||||
debug2_f("couldn't parse address %.100s", addr);
|
||||
return 0;
|
||||
}
|
||||
if ((o = list = strdup(_list)) == NULL)
|
||||
|
@ -397,8 +397,8 @@ addr_match_list(const char *addr, const char *_list)
|
|||
/* Prefer CIDR address matching */
|
||||
r = addr_pton_cidr(cp, &match_addr, &masklen);
|
||||
if (r == -2) {
|
||||
debug2("%s: inconsistent mask length for "
|
||||
"match network \"%.100s\"", __func__, cp);
|
||||
debug2_f("inconsistent mask length for "
|
||||
"match network \"%.100s\"", cp);
|
||||
ret = -2;
|
||||
break;
|
||||
} else if (r == 0) {
|
||||
|
@ -441,15 +441,14 @@ addr_match_cidr_list(const char *addr, const char *_list)
|
|||
int ret = 0, r;
|
||||
|
||||
if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
|
||||
debug2("%s: couldn't parse address %.100s", __func__, addr);
|
||||
debug2_f("couldn't parse address %.100s", addr);
|
||||
return 0;
|
||||
}
|
||||
if ((o = list = strdup(_list)) == NULL)
|
||||
return -1;
|
||||
while ((cp = strsep(&list, ",")) != NULL) {
|
||||
if (*cp == '\0') {
|
||||
error("%s: empty entry in list \"%.100s\"",
|
||||
__func__, o);
|
||||
error_f("empty entry in list \"%.100s\"", o);
|
||||
ret = -1;
|
||||
break;
|
||||
}
|
||||
|
@ -462,15 +461,14 @@ addr_match_cidr_list(const char *addr, const char *_list)
|
|||
|
||||
/* Stop junk from reaching getaddrinfo. +3 is for masklen */
|
||||
if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
|
||||
error("%s: list entry \"%.100s\" too long",
|
||||
__func__, cp);
|
||||
error_f("list entry \"%.100s\" too long", cp);
|
||||
ret = -1;
|
||||
break;
|
||||
}
|
||||
#define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/"
|
||||
if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
|
||||
error("%s: list entry \"%.100s\" contains invalid "
|
||||
"characters", __func__, cp);
|
||||
error_f("list entry \"%.100s\" contains invalid "
|
||||
"characters", cp);
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-options.c,v 1.93 2020/08/27 01:07:09 djm Exp $ */
|
||||
/* $OpenBSD: auth-options.c,v 1.94 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
|
@ -79,7 +79,7 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
int r, ret = -1, found;
|
||||
|
||||
if ((c = sshbuf_fromb(oblob)) == NULL) {
|
||||
error("%s: sshbuf_fromb failed", __func__);
|
||||
error_f("sshbuf_fromb failed");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -88,8 +88,7 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
data = NULL;
|
||||
if ((r = sshbuf_get_cstring(c, &name, NULL)) != 0 ||
|
||||
(r = sshbuf_froms(c, &data)) != 0) {
|
||||
error("Unable to parse certificate options: %s",
|
||||
ssh_err(r));
|
||||
error_r(r, "Unable to parse certificate options");
|
||||
goto out;
|
||||
}
|
||||
debug3("found certificate option \"%.100s\" len %zu",
|
||||
|
@ -125,8 +124,8 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
} else if (strcmp(name, "force-command") == 0) {
|
||||
if ((r = sshbuf_get_cstring(data, &command,
|
||||
NULL)) != 0) {
|
||||
error("Unable to parse \"%s\" "
|
||||
"section: %s", name, ssh_err(r));
|
||||
error_r(r, "Unable to parse \"%s\" "
|
||||
"section", name);
|
||||
goto out;
|
||||
}
|
||||
if (opts->force_command != NULL) {
|
||||
|
@ -140,8 +139,8 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
} else if (strcmp(name, "source-address") == 0) {
|
||||
if ((r = sshbuf_get_cstring(data, &allowed,
|
||||
NULL)) != 0) {
|
||||
error("Unable to parse \"%s\" "
|
||||
"section: %s", name, ssh_err(r));
|
||||
error_r(r, "Unable to parse \"%s\" "
|
||||
"section", name);
|
||||
goto out;
|
||||
}
|
||||
if (opts->required_from_host_cert != NULL) {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */
|
||||
/* $OpenBSD: auth-passwd.c,v 1.48 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -152,14 +152,14 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as)
|
|||
if ((r = sshbuf_putf(loginmsg,
|
||||
"Your password will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
if (actimeleft != 0 && actimeleft < acwarntime) {
|
||||
daysleft = actimeleft / DAY + 1;
|
||||
if ((r = sshbuf_putf(loginmsg,
|
||||
"Your account will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-rhosts.c,v 1.52 2020/04/17 03:30:05 djm Exp $ */
|
||||
/* $OpenBSD: auth-rhosts.c,v 1.53 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -223,7 +223,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
if (!rhosts_files[rhosts_file_index] &&
|
||||
stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
|
||||
stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
|
||||
debug3("%s: no hosts access files exist", __func__);
|
||||
debug3_f("no hosts access files exist");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -232,7 +232,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
* shosts.equiv.
|
||||
*/
|
||||
if (pw->pw_uid == 0)
|
||||
debug3("%s: root user, ignoring system hosts files", __func__);
|
||||
debug3_f("root user, ignoring system hosts files");
|
||||
else {
|
||||
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
|
||||
client_user, pw->pw_name)) {
|
||||
|
|
38
auth.c
38
auth.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth.c,v 1.148 2020/10/16 13:26:13 djm Exp $ */
|
||||
/* $OpenBSD: auth.c,v 1.149 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -492,10 +492,10 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
|
|||
error("WARNING: revoked key for %s attempted authentication",
|
||||
host);
|
||||
else if (host_status == HOST_OK)
|
||||
debug("%s: key for %s found at %s:%ld", __func__,
|
||||
debug_f("key for %s found at %s:%ld",
|
||||
found->host, found->file, found->line);
|
||||
else
|
||||
debug("%s: key for host %s not found", __func__, host);
|
||||
debug_f("key for host %s not found", host);
|
||||
|
||||
free_hostkeys(hostkeys);
|
||||
|
||||
|
@ -635,7 +635,7 @@ auth_key_is_revoked(struct sshkey *key)
|
|||
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
error("%s: fingerprint key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "fingerprint key");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -648,9 +648,9 @@ auth_key_is_revoked(struct sshkey *key)
|
|||
sshkey_type(key), fp, options.revoked_keys_file);
|
||||
goto out;
|
||||
default:
|
||||
error("Error checking authentication key %s %s in "
|
||||
"revoked keys file %s: %s", sshkey_type(key), fp,
|
||||
options.revoked_keys_file, ssh_err(r));
|
||||
error_r(r, "Error checking authentication key %s %s in "
|
||||
"revoked keys file %s", sshkey_type(key), fp,
|
||||
options.revoked_keys_file);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -676,7 +676,7 @@ auth_debug_add(const char *fmt,...)
|
|||
vsnprintf(buf, sizeof(buf), fmt, args);
|
||||
va_end(args);
|
||||
if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
|
||||
fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_cstring");
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -689,8 +689,7 @@ auth_debug_send(struct ssh *ssh)
|
|||
return;
|
||||
while (sshbuf_len(auth_debug) != 0) {
|
||||
if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0)
|
||||
fatal("%s: sshbuf_get_cstring: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_get_cstring");
|
||||
ssh_packet_send_debug(ssh, "%s", msg);
|
||||
free(msg);
|
||||
}
|
||||
|
@ -702,7 +701,7 @@ auth_debug_reset(void)
|
|||
if (auth_debug != NULL)
|
||||
sshbuf_reset(auth_debug);
|
||||
else if ((auth_debug = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
}
|
||||
|
||||
struct passwd *
|
||||
|
@ -866,17 +865,17 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
|
|||
if (child != NULL)
|
||||
*child = NULL;
|
||||
|
||||
debug3("%s: %s command \"%s\" running as %s (flags 0x%x)", __func__,
|
||||
debug3_f("%s command \"%s\" running as %s (flags 0x%x)",
|
||||
tag, command, pw->pw_name, flags);
|
||||
|
||||
/* Check consistency */
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
|
||||
(flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) {
|
||||
error("%s: inconsistent flags", __func__);
|
||||
error_f("inconsistent flags");
|
||||
return 0;
|
||||
}
|
||||
if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) {
|
||||
error("%s: inconsistent flags/output", __func__);
|
||||
error_f("inconsistent flags/output");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -988,7 +987,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
|
|||
return 0;
|
||||
}
|
||||
/* Success */
|
||||
debug3("%s: %s pid %ld", __func__, tag, (long)pid);
|
||||
debug3_f("%s pid %ld", tag, (long)pid);
|
||||
if (child != NULL)
|
||||
*child = f;
|
||||
return pid;
|
||||
|
@ -1073,7 +1072,7 @@ auth_activate_options(struct ssh *ssh, struct sshauthopt *opts)
|
|||
struct sshauthopt *old = auth_opts;
|
||||
const char *emsg = NULL;
|
||||
|
||||
debug("%s: setting new authentication options", __func__);
|
||||
debug_f("setting new authentication options");
|
||||
if ((auth_opts = sshauthopt_merge(old, opts, &emsg)) == NULL) {
|
||||
error("Inconsistent authentication options: %s", emsg);
|
||||
return -1;
|
||||
|
@ -1087,7 +1086,7 @@ auth_restrict_session(struct ssh *ssh)
|
|||
{
|
||||
struct sshauthopt *restricted;
|
||||
|
||||
debug("%s: restricting session", __func__);
|
||||
debug_f("restricting session");
|
||||
|
||||
/* A blank sshauthopt defaults to permitting nothing */
|
||||
restricted = sshauthopt_new();
|
||||
|
@ -1095,7 +1094,7 @@ auth_restrict_session(struct ssh *ssh)
|
|||
restricted->restricted = 1;
|
||||
|
||||
if (auth_activate_options(ssh, restricted) != 0)
|
||||
fatal("%s: failed to restrict session", __func__);
|
||||
fatal_f("failed to restrict session");
|
||||
sshauthopt_free(restricted);
|
||||
}
|
||||
|
||||
|
@ -1170,8 +1169,7 @@ auth_authorise_keyopts(struct ssh *ssh, struct passwd *pw,
|
|||
case -1:
|
||||
default:
|
||||
/* invalid */
|
||||
error("%s: Certificate source-address invalid",
|
||||
loc);
|
||||
error("%s: Certificate source-address invalid", loc);
|
||||
/* FALLTHROUGH */
|
||||
case 0:
|
||||
logit("%s: Authentication tried for %.100s with valid "
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-chall.c,v 1.53 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/* $OpenBSD: auth2-chall.c,v 1.54 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2001 Per Allansson. All rights reserved.
|
||||
|
@ -112,15 +112,14 @@ kbdint_alloc(const char *devs)
|
|||
kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
|
||||
if (strcmp(devs, "") == 0) {
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
for (i = 0; devices[i]; i++) {
|
||||
if ((r = sshbuf_putf(b, "%s%s",
|
||||
sshbuf_len(b) ? "," : "", devices[i]->name)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
sshbuf_free(b);
|
||||
} else {
|
||||
kbdintctxt->devices = xstrdup(devs);
|
||||
|
@ -268,15 +267,15 @@ send_userauth_info_request(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, instr)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, "")) != 0 || /* language not used */
|
||||
(r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "start packet");
|
||||
for (i = 0; i < kbdintctxt->nreq; i++) {
|
||||
if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, echo_on[i])) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble packet");
|
||||
}
|
||||
if ((r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
for (i = 0; i < kbdintctxt->nreq; i++)
|
||||
free(prompts[i]);
|
||||
|
@ -299,29 +298,29 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
|
|||
char **response = NULL;
|
||||
|
||||
if (authctxt == NULL)
|
||||
fatal("input_userauth_info_response: no authctxt");
|
||||
fatal_f("no authctxt");
|
||||
kbdintctxt = authctxt->kbdintctxt;
|
||||
if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
|
||||
fatal("input_userauth_info_response: no kbdintctxt");
|
||||
fatal_f("no kbdintctxt");
|
||||
if (kbdintctxt->device == NULL)
|
||||
fatal("input_userauth_info_response: no device");
|
||||
fatal_f("no device");
|
||||
|
||||
authctxt->postponed = 0; /* reset */
|
||||
if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if (nresp != kbdintctxt->nreq)
|
||||
fatal("input_userauth_info_response: wrong number of replies");
|
||||
fatal_f("wrong number of replies");
|
||||
if (nresp > 100)
|
||||
fatal("input_userauth_info_response: too many replies");
|
||||
fatal_f("too many replies");
|
||||
if (nresp > 0) {
|
||||
response = xcalloc(nresp, sizeof(char *));
|
||||
for (i = 0; i < nresp; i++)
|
||||
if ((r = sshpkt_get_cstring(ssh, &response[i],
|
||||
NULL)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
for (i = 0; i < nresp; i++) {
|
||||
if ((r = sshpkt_get_cstring(ssh, &response[i], NULL)) != 0)
|
||||
fatal_fr(r, "parse response");
|
||||
}
|
||||
}
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
|
||||
|
||||
|
|
26
auth2-gss.c
26
auth2-gss.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.30 2020/10/18 11:32:01 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -71,7 +71,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
u_char *doid = NULL;
|
||||
|
||||
if ((r = sshpkt_get_u32(ssh, &mechs)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (mechs == 0) {
|
||||
debug("Mechanism negotiation is not supported");
|
||||
|
@ -85,7 +85,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
|
||||
present = 0;
|
||||
if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse oid");
|
||||
|
||||
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
|
||||
doid[1] == len - 2) {
|
||||
|
@ -104,7 +104,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
}
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
free(doid);
|
||||
return (0);
|
||||
}
|
||||
|
@ -123,7 +123,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 ||
|
||||
(r = sshpkt_put_string(ssh, doid, len)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
free(doid);
|
||||
|
||||
|
@ -152,7 +152,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
|||
gssctxt = authctxt->methoddata;
|
||||
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
recv_tok.value = p;
|
||||
recv_tok.length = len;
|
||||
|
@ -168,7 +168,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
|||
(r = sshpkt_put_string(ssh, send_tok.value,
|
||||
send_tok.length)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send ERRTOK packet");
|
||||
}
|
||||
authctxt->postponed = 0;
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
|
||||
|
@ -180,7 +180,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
|||
(r = sshpkt_put_string(ssh, send_tok.value,
|
||||
send_tok.length)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send TOKEN packet");
|
||||
}
|
||||
if (maj_status == GSS_S_COMPLETE) {
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
|
||||
|
@ -216,7 +216,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
|
|||
gssctxt = authctxt->methoddata;
|
||||
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
recv_tok.value = p;
|
||||
recv_tok.length = len;
|
||||
|
||||
|
@ -258,7 +258,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
|
|||
*/
|
||||
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
|
||||
|
||||
|
@ -293,16 +293,16 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
|
|||
gssctxt = authctxt->methoddata;
|
||||
|
||||
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
mic.value = p;
|
||||
mic.length = len;
|
||||
ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
|
||||
"gssapi-with-mic");
|
||||
|
||||
if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
|
||||
fatal("%s: sshbuf_mutable_ptr failed", __func__);
|
||||
fatal_f("sshbuf_mutable_ptr failed");
|
||||
gssbuf.length = sshbuf_len(b);
|
||||
|
||||
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-hostbased.c,v 1.42 2019/11/25 00:51:37 djm Exp $ */
|
||||
/* $OpenBSD: auth2-hostbased.c,v 1.43 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -74,9 +74,9 @@ userauth_hostbased(struct ssh *ssh)
|
|||
(r = sshpkt_get_cstring(ssh, &chost, NULL)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &cuser, NULL)) != 0 ||
|
||||
(r = sshpkt_get_string(ssh, &sig, &slen)) != 0)
|
||||
fatal("%s: packet parsing: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
debug("%s: cuser %s chost %s pkalg %s slen %zu", __func__,
|
||||
debug_f("cuser %s chost %s pkalg %s slen %zu",
|
||||
cuser, chost, pkalg, slen);
|
||||
#ifdef DEBUG_PK
|
||||
debug("signature:");
|
||||
|
@ -85,21 +85,21 @@ userauth_hostbased(struct ssh *ssh)
|
|||
pktype = sshkey_type_from_name(pkalg);
|
||||
if (pktype == KEY_UNSPEC) {
|
||||
/* this is perfectly legal */
|
||||
logit("%s: unsupported public key algorithm: %s",
|
||||
__func__, pkalg);
|
||||
logit_f("unsupported public key algorithm: %s",
|
||||
pkalg);
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
|
||||
error("%s: key_from_blob: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "key_from_blob");
|
||||
goto done;
|
||||
}
|
||||
if (key == NULL) {
|
||||
error("%s: cannot decode key: %s", __func__, pkalg);
|
||||
error_f("cannot decode key: %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if (key->type != pktype) {
|
||||
error("%s: type mismatch for decoded key "
|
||||
"(received %d, expected %d)", __func__, key->type, pktype);
|
||||
error_f("type mismatch for decoded key "
|
||||
"(received %d, expected %d)", key->type, pktype);
|
||||
goto done;
|
||||
}
|
||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
||||
|
@ -109,25 +109,25 @@ userauth_hostbased(struct ssh *ssh)
|
|||
goto done;
|
||||
}
|
||||
if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1) {
|
||||
logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
|
||||
__func__, sshkey_type(key));
|
||||
logit_f("key type %s not in HostbasedAcceptedKeyTypes",
|
||||
sshkey_type(key));
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_check_cert_sigtype(key,
|
||||
options.ca_sign_algorithms)) != 0) {
|
||||
logit("%s: certificate signature algorithm %s: %s", __func__,
|
||||
logit_fr(r, "certificate signature algorithm %s",
|
||||
(key->cert == NULL || key->cert->signature_type == NULL) ?
|
||||
"(null)" : key->cert->signature_type, ssh_err(r));
|
||||
"(null)" : key->cert->signature_type);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
/* reconstruct packet */
|
||||
if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
|
||||
(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
|
||||
|
@ -138,7 +138,7 @@ userauth_hostbased(struct ssh *ssh)
|
|||
(r = sshbuf_put_string(b, pkblob, blen)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, chost)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, cuser)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reconstruct packet");
|
||||
#ifdef DEBUG_PK
|
||||
sshbuf_dump(b, stderr);
|
||||
#endif
|
||||
|
@ -157,7 +157,7 @@ userauth_hostbased(struct ssh *ssh)
|
|||
auth2_record_key(authctxt, authenticated, key);
|
||||
sshbuf_free(b);
|
||||
done:
|
||||
debug2("%s: authenticated %d", __func__, authenticated);
|
||||
debug2_f("authenticated %d", authenticated);
|
||||
sshkey_free(key);
|
||||
free(pkalg);
|
||||
free(pkblob);
|
||||
|
@ -183,7 +183,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
resolvedname = auth_get_canonical_hostname(ssh, options.use_dns);
|
||||
ipaddr = ssh_remote_ipaddr(ssh);
|
||||
|
||||
debug2("%s: chost %s resolvedname %s ipaddr %s", __func__,
|
||||
debug2_f("chost %s resolvedname %s ipaddr %s",
|
||||
chost, resolvedname, ipaddr);
|
||||
|
||||
if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
|
||||
|
@ -193,9 +193,8 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
|
||||
if (options.hostbased_uses_name_from_packet_only) {
|
||||
if (auth_rhosts2(pw, cuser, chost, chost) == 0) {
|
||||
debug2("%s: auth_rhosts2 refused "
|
||||
"user \"%.100s\" host \"%.100s\" (from packet)",
|
||||
__func__, cuser, chost);
|
||||
debug2_f("auth_rhosts2 refused user \"%.100s\" "
|
||||
"host \"%.100s\" (from packet)", cuser, chost);
|
||||
return 0;
|
||||
}
|
||||
lookup = chost;
|
||||
|
@ -205,14 +204,14 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
"client sends %s, but we resolve %s to %s",
|
||||
chost, ipaddr, resolvedname);
|
||||
if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) {
|
||||
debug2("%s: auth_rhosts2 refused "
|
||||
debug2_f("auth_rhosts2 refused "
|
||||
"user \"%.100s\" host \"%.100s\" addr \"%.100s\"",
|
||||
__func__, cuser, resolvedname, ipaddr);
|
||||
cuser, resolvedname, ipaddr);
|
||||
return 0;
|
||||
}
|
||||
lookup = resolvedname;
|
||||
}
|
||||
debug2("%s: access allowed by auth_rhosts2", __func__);
|
||||
debug2_f("access allowed by auth_rhosts2");
|
||||
|
||||
if (sshkey_is_cert(key) &&
|
||||
sshkey_cert_check_authority(key, 1, 0, lookup, &reason)) {
|
||||
|
@ -237,7 +236,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
if (sshkey_is_cert(key)) {
|
||||
if ((fp = sshkey_fingerprint(key->cert->signature_key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
verbose("Accepted certificate ID \"%s\" signed by "
|
||||
"%s CA %s from %s@%s", key->cert->key_id,
|
||||
sshkey_type(key->cert->signature_key), fp,
|
||||
|
@ -245,7 +244,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
} else {
|
||||
if ((fp = sshkey_fingerprint(key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
verbose("Accepted %s public key %s from %s@%s",
|
||||
sshkey_type(key), fp, cuser, lookup);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-kbdint.c,v 1.11 2019/11/13 04:47:52 deraadt Exp $ */
|
||||
/* $OpenBSD: auth2-kbdint.c,v 1.12 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -52,7 +52,7 @@ userauth_kbdint(struct ssh *ssh)
|
|||
if ((r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &devs, NULL)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
debug("keyboard-interactive devs %s", devs);
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-none.c,v 1.22 2018/07/09 21:35:50 markus Exp $ */
|
||||
/* $OpenBSD: auth2-none.c,v 1.23 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -65,7 +65,7 @@ userauth_none(struct ssh *ssh)
|
|||
|
||||
none_enabled = 0;
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if (options.permit_empty_passwd && options.password_authentication)
|
||||
return (PRIVSEP(auth_password(ssh, "")));
|
||||
return (0);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-passwd.c,v 1.18 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/* $OpenBSD: auth2-passwd.c,v 1.19 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -60,7 +60,7 @@ userauth_passwd(struct ssh *ssh)
|
|||
(r = sshpkt_get_cstring(ssh, &password, &len)) != 0 ||
|
||||
(change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (change)
|
||||
logit("password change not supported");
|
||||
|
|
104
auth2-pubkey.c
104
auth2-pubkey.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-pubkey.c,v 1.100 2020/08/27 01:07:09 djm Exp $ */
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.101 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -104,17 +104,17 @@ userauth_pubkey(struct ssh *ssh)
|
|||
if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
|
||||
(r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
|
||||
fatal("%s: parse request failed: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) {
|
||||
char *keystring;
|
||||
struct sshbuf *pkbuf;
|
||||
|
||||
if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL)
|
||||
fatal("%s: sshbuf_from failed", __func__);
|
||||
fatal_f("sshbuf_from failed");
|
||||
if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL)
|
||||
fatal("%s: sshbuf_dtob64 failed", __func__);
|
||||
debug2("%s: %s user %s %s public key %s %s", __func__,
|
||||
fatal_f("sshbuf_dtob64 failed");
|
||||
debug2_f("%s user %s %s public key %s %s",
|
||||
authctxt->valid ? "valid" : "invalid", authctxt->user,
|
||||
have_sig ? "attempting" : "querying", pkalg, keystring);
|
||||
sshbuf_free(pkbuf);
|
||||
|
@ -124,21 +124,20 @@ userauth_pubkey(struct ssh *ssh)
|
|||
pktype = sshkey_type_from_name(pkalg);
|
||||
if (pktype == KEY_UNSPEC) {
|
||||
/* this is perfectly legal */
|
||||
verbose("%s: unsupported public key algorithm: %s",
|
||||
__func__, pkalg);
|
||||
verbose_f("unsupported public key algorithm: %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
|
||||
error("%s: could not parse key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse key");
|
||||
goto done;
|
||||
}
|
||||
if (key == NULL) {
|
||||
error("%s: cannot decode key: %s", __func__, pkalg);
|
||||
error_f("cannot decode key: %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if (key->type != pktype) {
|
||||
error("%s: type mismatch for decoded key "
|
||||
"(received %d, expected %d)", __func__, key->type, pktype);
|
||||
error_f("type mismatch for decoded key "
|
||||
"(received %d, expected %d)", key->type, pktype);
|
||||
goto done;
|
||||
}
|
||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
||||
|
@ -152,15 +151,15 @@ userauth_pubkey(struct ssh *ssh)
|
|||
goto done;
|
||||
}
|
||||
if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) {
|
||||
logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
|
||||
__func__, sshkey_ssh_name(key));
|
||||
logit_f("key type %s not in PubkeyAcceptedKeyTypes",
|
||||
sshkey_ssh_name(key));
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_check_cert_sigtype(key,
|
||||
options.ca_sign_algorithms)) != 0) {
|
||||
logit("%s: certificate signature algorithm %s: %s", __func__,
|
||||
logit_fr(r, "certificate signature algorithm %s",
|
||||
(key->cert == NULL || key->cert->signature_type == NULL) ?
|
||||
"(null)" : key->cert->signature_type, ssh_err(r));
|
||||
"(null)" : key->cert->signature_type);
|
||||
goto done;
|
||||
}
|
||||
key_s = format_key(key);
|
||||
|
@ -168,29 +167,23 @@ userauth_pubkey(struct ssh *ssh)
|
|||
ca_s = format_key(key->cert->signature_key);
|
||||
|
||||
if (have_sig) {
|
||||
debug3("%s: have %s signature for %s%s%s",
|
||||
__func__, pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ",
|
||||
ca_s == NULL ? "" : ca_s);
|
||||
debug3_f("have %s signature for %s%s%s", pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
|
||||
if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse signature packet");
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (ssh->compat & SSH_OLD_SESSIONID) {
|
||||
if ((r = sshbuf_put(b, session_id2,
|
||||
session_id2_len)) != 0)
|
||||
fatal("%s: sshbuf_put session id: %s",
|
||||
__func__, ssh_err(r));
|
||||
if ((r = sshbuf_put(b, session_id2, session_id2_len)) != 0)
|
||||
fatal_fr(r, "put old session id");
|
||||
} else {
|
||||
if ((r = sshbuf_put_string(b, session_id2,
|
||||
session_id2_len)) != 0)
|
||||
fatal("%s: sshbuf_put_string session id: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "put session id");
|
||||
}
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user",
|
||||
__func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
goto done;
|
||||
}
|
||||
/* reconstruct packet */
|
||||
|
@ -204,8 +197,7 @@ userauth_pubkey(struct ssh *ssh)
|
|||
(r = sshbuf_put_u8(b, have_sig)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, pkalg)) != 0 ||
|
||||
(r = sshbuf_put_string(b, pkblob, blen)) != 0)
|
||||
fatal("%s: build packet failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "reconstruct packet");
|
||||
#ifdef DEBUG_PK
|
||||
sshbuf_dump(b, stderr);
|
||||
#endif
|
||||
|
@ -221,9 +213,8 @@ userauth_pubkey(struct ssh *ssh)
|
|||
if (authenticated == 1 && sig_details != NULL) {
|
||||
auth2_record_info(authctxt, "signature count = %u",
|
||||
sig_details->sk_counter);
|
||||
debug("%s: sk_counter = %u, sk_flags = 0x%02x",
|
||||
__func__, sig_details->sk_counter,
|
||||
sig_details->sk_flags);
|
||||
debug_f("sk_counter = %u, sk_flags = 0x%02x",
|
||||
sig_details->sk_counter, sig_details->sk_flags);
|
||||
req_presence = (options.pubkey_auth_options &
|
||||
PUBKEYAUTH_TOUCH_REQUIRED) ||
|
||||
!authopts->no_require_user_presence;
|
||||
|
@ -256,17 +247,14 @@ userauth_pubkey(struct ssh *ssh)
|
|||
}
|
||||
auth2_record_key(authctxt, authenticated, key);
|
||||
} else {
|
||||
debug("%s: test pkalg %s pkblob %s%s%s",
|
||||
__func__, pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ",
|
||||
ca_s == NULL ? "" : ca_s);
|
||||
debug_f("test pkalg %s pkblob %s%s%s", pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
|
||||
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user",
|
||||
__func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
goto done;
|
||||
}
|
||||
/* XXX fake reply and always send PK_OK ? */
|
||||
|
@ -284,16 +272,16 @@ userauth_pubkey(struct ssh *ssh)
|
|||
(r = sshpkt_put_string(ssh, pkblob, blen)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
authctxt->postponed = 1;
|
||||
}
|
||||
}
|
||||
done:
|
||||
if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) {
|
||||
debug("%s: key options inconsistent with existing", __func__);
|
||||
debug_f("key options inconsistent with existing");
|
||||
authenticated = 0;
|
||||
}
|
||||
debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
|
||||
debug2_f("authenticated %d pkalg %s", authenticated, pkalg);
|
||||
|
||||
sshbuf_free(b);
|
||||
sshauthopt_free(authopts);
|
||||
|
@ -500,20 +488,20 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
}
|
||||
if ((ca_fp = sshkey_fingerprint(cert->signature_key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
if ((key_fp = sshkey_fingerprint(key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) {
|
||||
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_base64 failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_base64(key, &keytext)) != 0) {
|
||||
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_base64 failed");
|
||||
goto out;
|
||||
}
|
||||
snprintf(serial_s, sizeof(serial_s), "%llu",
|
||||
|
@ -535,7 +523,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
"s", serial_s,
|
||||
(char *)NULL);
|
||||
if (tmp == NULL)
|
||||
fatal("%s: percent_expand failed", __func__);
|
||||
fatal_f("percent_expand failed");
|
||||
free(av[i]);
|
||||
av[i] = tmp;
|
||||
}
|
||||
|
@ -598,7 +586,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
*authoptsp = NULL;
|
||||
|
||||
if ((found = sshkey_new(want_keytype)) == NULL) {
|
||||
debug3("%s: keytype %d failed", __func__, want_keytype);
|
||||
debug3_f("keytype %d failed", want_keytype);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -640,7 +628,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
/* We have a candidate key, perform authorisation checks */
|
||||
if ((fp = sshkey_fingerprint(found,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: fingerprint failed", __func__);
|
||||
fatal_f("fingerprint failed");
|
||||
|
||||
debug("%s: matching %s found: %s %s", loc,
|
||||
sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp);
|
||||
|
@ -697,7 +685,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
|
||||
success:
|
||||
if (finalopts == NULL)
|
||||
fatal("%s: internal error: missing options", __func__);
|
||||
fatal_f("internal error: missing options");
|
||||
if (authoptsp != NULL) {
|
||||
*authoptsp = finalopts;
|
||||
finalopts = NULL;
|
||||
|
@ -776,9 +764,9 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
|
||||
if ((r = sshkey_in_file(key->cert->signature_key,
|
||||
options.trusted_user_ca_keys, 1, 0)) != 0) {
|
||||
debug2("%s: CA %s %s is not listed in %s: %s", __func__,
|
||||
debug2_fr(r, "CA %s %s is not listed in %s",
|
||||
sshkey_type(key->cert->signature_key), ca_fp,
|
||||
options.trusted_user_ca_keys, ssh_err(r));
|
||||
options.trusted_user_ca_keys);
|
||||
goto out;
|
||||
}
|
||||
/*
|
||||
|
@ -803,7 +791,7 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
goto fail_reason;
|
||||
}
|
||||
if (use_authorized_principals && principals_opts == NULL)
|
||||
fatal("%s: internal error: missing principals_opts", __func__);
|
||||
fatal_f("internal error: missing principals_opts");
|
||||
if (sshkey_cert_check_authority(key, 0, 1,
|
||||
use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
|
||||
goto fail_reason;
|
||||
|
@ -928,11 +916,11 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
/* Prepare AuthorizedKeysCommand */
|
||||
if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_base64(key, &keytext)) != 0) {
|
||||
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_base64 failed");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -959,7 +947,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
"k", keytext,
|
||||
(char *)NULL);
|
||||
if (tmp == NULL)
|
||||
fatal("%s: percent_expand failed", __func__);
|
||||
fatal_f("percent_expand failed");
|
||||
free(av[i]);
|
||||
av[i] = tmp;
|
||||
}
|
||||
|
|
56
auth2.c
56
auth2.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2.c,v 1.158 2020/03/06 18:16:21 markus Exp $ */
|
||||
/* $OpenBSD: auth2.c,v 1.159 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -145,7 +145,7 @@ userauth_send_banner(struct ssh *ssh, const char *msg)
|
|||
(r = sshpkt_put_cstring(ssh, msg)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, "")) != 0 || /* language, unused */
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
debug("%s: sent", __func__);
|
||||
}
|
||||
|
||||
|
@ -232,11 +232,11 @@ user_specific_delay(const char *user)
|
|||
(void)snprintf(b, sizeof b, "%llu%s",
|
||||
(unsigned long long)options.timing_secret, user);
|
||||
if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
|
||||
fatal("%s: ssh_digest_memory", __func__);
|
||||
fatal_f("ssh_digest_memory");
|
||||
/* 0-4.2 ms of delay */
|
||||
delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
|
||||
freezero(hash, len);
|
||||
debug3("%s: user specific delay %0.3lfms", __func__, delay/1000);
|
||||
debug3_f("user specific delay %0.3lfms", delay/1000);
|
||||
return MIN_FAIL_DELAY_SECONDS + delay;
|
||||
}
|
||||
|
||||
|
@ -252,8 +252,8 @@ ensure_minimum_time_since(double start, double seconds)
|
|||
|
||||
ts.tv_sec = remain;
|
||||
ts.tv_nsec = (remain - ts.tv_sec) * 1000000000;
|
||||
debug3("%s: elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)",
|
||||
__func__, elapsed*1000, remain*1000, req*1000);
|
||||
debug3_f("elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)",
|
||||
elapsed*1000, remain*1000, req*1000);
|
||||
nanosleep(&ts, NULL);
|
||||
}
|
||||
|
||||
|
@ -286,8 +286,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
authctxt->user = xstrdup(user);
|
||||
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
|
||||
authctxt->valid = 1;
|
||||
debug2("%s: setting up authctxt for %s",
|
||||
__func__, user);
|
||||
debug2_f("setting up authctxt for %s", user);
|
||||
} else {
|
||||
/* Invalid user, fake password information */
|
||||
authctxt->pw = fakepw();
|
||||
|
@ -417,7 +416,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send success packet");
|
||||
/* now we can break out */
|
||||
authctxt->success = 1;
|
||||
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
|
||||
|
@ -433,14 +432,14 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
auth_maxtries_exceeded(ssh);
|
||||
}
|
||||
methods = authmethods_get(authctxt);
|
||||
debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
|
||||
debug3_f("failure partial=%d next methods=\"%s\"",
|
||||
partial, methods);
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, methods)) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, partial)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send failure packet");
|
||||
free(methods);
|
||||
}
|
||||
}
|
||||
|
@ -478,7 +477,7 @@ authmethods_get(Authctxt *authctxt)
|
|||
int i, r;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
for (i = 0; authmethods[i] != NULL; i++) {
|
||||
if (strcmp(authmethods[i]->name, "none") == 0)
|
||||
continue;
|
||||
|
@ -490,10 +489,10 @@ authmethods_get(Authctxt *authctxt)
|
|||
continue;
|
||||
if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
|
||||
authmethods[i]->name)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
if ((list = sshbuf_dup_string(b)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
sshbuf_free(b);
|
||||
return list;
|
||||
}
|
||||
|
@ -585,7 +584,7 @@ auth2_setup_methods_lists(Authctxt *authctxt)
|
|||
|
||||
if (options.num_auth_methods == 0)
|
||||
return 0;
|
||||
debug3("%s: checking methods", __func__);
|
||||
debug3_f("checking methods");
|
||||
authctxt->auth_methods = xcalloc(options.num_auth_methods,
|
||||
sizeof(*authctxt->auth_methods));
|
||||
authctxt->num_auth_methods = 0;
|
||||
|
@ -673,7 +672,7 @@ auth2_update_methods_lists(Authctxt *authctxt, const char *method,
|
|||
{
|
||||
u_int i, found = 0;
|
||||
|
||||
debug3("%s: updating methods list after \"%s\"", __func__, method);
|
||||
debug3_f("updating methods list after \"%s\"", method);
|
||||
for (i = 0; i < authctxt->num_auth_methods; i++) {
|
||||
if (!remove_method(&(authctxt->auth_methods[i]), method,
|
||||
submethod))
|
||||
|
@ -688,7 +687,7 @@ auth2_update_methods_lists(Authctxt *authctxt, const char *method,
|
|||
}
|
||||
/* This should not happen, but would be bad if it did */
|
||||
if (!found)
|
||||
fatal("%s: method not in AuthenticationMethods", __func__);
|
||||
fatal_f("method not in AuthenticationMethods");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -716,7 +715,7 @@ auth2_record_info(Authctxt *authctxt, const char *fmt, ...)
|
|||
va_end(ap);
|
||||
|
||||
if (i == -1)
|
||||
fatal("%s: vasprintf failed", __func__);
|
||||
fatal_f("vasprintf failed");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -732,7 +731,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
|
|||
int r;
|
||||
|
||||
if ((r = sshkey_from_private(key, &dup)) != 0)
|
||||
fatal("%s: copy key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "copy key");
|
||||
sshkey_free(authctxt->auth_method_key);
|
||||
authctxt->auth_method_key = dup;
|
||||
|
||||
|
@ -741,11 +740,11 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
|
|||
|
||||
/* If authenticated, make sure we don't accept this key again */
|
||||
if ((r = sshkey_from_private(key, &dup)) != 0)
|
||||
fatal("%s: copy key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "copy key");
|
||||
if (authctxt->nprev_keys >= INT_MAX ||
|
||||
(tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys,
|
||||
authctxt->nprev_keys + 1, sizeof(*authctxt->prev_keys))) == NULL)
|
||||
fatal("%s: reallocarray failed", __func__);
|
||||
fatal_f("reallocarray failed");
|
||||
authctxt->prev_keys = tmp;
|
||||
authctxt->prev_keys[authctxt->nprev_keys] = dup;
|
||||
authctxt->nprev_keys++;
|
||||
|
@ -763,7 +762,7 @@ auth2_key_already_used(Authctxt *authctxt, const struct sshkey *key)
|
|||
if (sshkey_equal_public(key, authctxt->prev_keys[i])) {
|
||||
fp = sshkey_fingerprint(authctxt->prev_keys[i],
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT);
|
||||
debug3("%s: key already used: %s %s", __func__,
|
||||
debug3_f("key already used: %s %s",
|
||||
sshkey_type(authctxt->prev_keys[i]),
|
||||
fp == NULL ? "UNKNOWN" : fp);
|
||||
free(fp);
|
||||
|
@ -785,35 +784,34 @@ auth2_update_session_info(Authctxt *authctxt, const char *method,
|
|||
|
||||
if (authctxt->session_info == NULL) {
|
||||
if ((authctxt->session_info = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
}
|
||||
|
||||
/* Append method[/submethod] */
|
||||
if ((r = sshbuf_putf(authctxt->session_info, "%s%s%s",
|
||||
method, submethod == NULL ? "" : "/",
|
||||
submethod == NULL ? "" : submethod)) != 0)
|
||||
fatal("%s: append method: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append method");
|
||||
|
||||
/* Append key if present */
|
||||
if (authctxt->auth_method_key != NULL) {
|
||||
if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
|
||||
(r = sshkey_format_text(authctxt->auth_method_key,
|
||||
authctxt->session_info)) != 0)
|
||||
fatal("%s: append key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append key");
|
||||
}
|
||||
|
||||
if (authctxt->auth_method_info != NULL) {
|
||||
/* Ensure no ambiguity here */
|
||||
if (strchr(authctxt->auth_method_info, '\n') != NULL)
|
||||
fatal("%s: auth_method_info contains \\n", __func__);
|
||||
fatal_f("auth_method_info contains \\n");
|
||||
if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
|
||||
(r = sshbuf_putf(authctxt->session_info, "%s",
|
||||
authctxt->auth_method_info)) != 0) {
|
||||
fatal("%s: append method info: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "append method info");
|
||||
}
|
||||
}
|
||||
if ((r = sshbuf_put_u8(authctxt->session_info, '\n')) != 0)
|
||||
fatal("%s: append: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append");
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: canohost.c,v 1.74 2019/06/28 13:35:04 deraadt Exp $ */
|
||||
/* $OpenBSD: canohost.c,v 1.75 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -96,7 +96,7 @@ get_socket_address(int sock, int remote, int flags)
|
|||
/* Get the address in ascii. */
|
||||
if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
|
||||
sizeof(ntop), NULL, 0, flags)) != 0) {
|
||||
error("%s: getnameinfo %d failed: %s", __func__,
|
||||
error_f("getnameinfo %d failed: %s",
|
||||
flags, ssh_gai_strerror(r));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -141,7 +141,7 @@ get_local_name(int fd)
|
|||
|
||||
/* Handle the case where we were passed a pipe */
|
||||
if (gethostname(myname, sizeof(myname)) == -1) {
|
||||
verbose("%s: gethostname: %s", __func__, strerror(errno));
|
||||
verbose_f("gethostname: %s", strerror(errno));
|
||||
host = xstrdup("UNKNOWN");
|
||||
} else {
|
||||
host = xstrdup(myname);
|
||||
|
@ -186,7 +186,7 @@ get_sock_port(int sock, int local)
|
|||
/* Return port number. */
|
||||
if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
|
||||
strport, sizeof(strport), NI_NUMERICSERV)) != 0)
|
||||
fatal("%s: getnameinfo NI_NUMERICSERV failed: %s", __func__,
|
||||
fatal_f("getnameinfo NI_NUMERICSERV failed: %s",
|
||||
ssh_gai_strerror(r));
|
||||
return atoi(strport);
|
||||
}
|
||||
|
|
463
channels.c
463
channels.c
File diff suppressed because it is too large
Load Diff
336
clientloop.c
336
clientloop.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: clientloop.c,v 1.353 2020/10/14 00:55:17 djm Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.354 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -233,13 +233,13 @@ set_control_persist_exit_time(struct ssh *ssh)
|
|||
} else if (channel_still_open(ssh)) {
|
||||
/* some client connections are still open */
|
||||
if (control_persist_exit_time > 0)
|
||||
debug2("%s: cancel scheduled exit", __func__);
|
||||
debug2_f("cancel scheduled exit");
|
||||
control_persist_exit_time = 0;
|
||||
} else if (control_persist_exit_time <= 0) {
|
||||
/* a client connection has recently closed */
|
||||
control_persist_exit_time = monotime() +
|
||||
(time_t)options.control_persist_timeout;
|
||||
debug2("%s: schedule exit in %d seconds", __func__,
|
||||
debug2_f("schedule exit in %d seconds",
|
||||
options.control_persist_timeout);
|
||||
}
|
||||
/* else we are already counting down to the timeout */
|
||||
|
@ -307,7 +307,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
|
|||
if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
|
||||
display + 10)) < 0 ||
|
||||
(size_t)r >= sizeof(xdisplay)) {
|
||||
error("%s: display name too long", __func__);
|
||||
error_f("display name too long");
|
||||
return -1;
|
||||
}
|
||||
display = xdisplay;
|
||||
|
@ -322,15 +322,14 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
|
|||
*/
|
||||
mktemp_proto(xauthdir, sizeof(xauthdir));
|
||||
if (mkdtemp(xauthdir) == NULL) {
|
||||
error("%s: mkdtemp: %s",
|
||||
__func__, strerror(errno));
|
||||
error_f("mkdtemp: %s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
do_unlink = 1;
|
||||
if ((r = snprintf(xauthfile, sizeof(xauthfile),
|
||||
"%s/xauthfile", xauthdir)) < 0 ||
|
||||
(size_t)r >= sizeof(xauthfile)) {
|
||||
error("%s: xauthfile path too long", __func__);
|
||||
error_f("xauthfile path too long");
|
||||
rmdir(xauthdir);
|
||||
return -1;
|
||||
}
|
||||
|
@ -356,7 +355,7 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
|
|||
SSH_X11_PROTO, x11_timeout_real,
|
||||
_PATH_DEVNULL);
|
||||
}
|
||||
debug2("%s: xauth command: %s", __func__, cmd);
|
||||
debug2_f("xauth command: %s", cmd);
|
||||
|
||||
if (timeout != 0 && x11_refuse_time == 0) {
|
||||
now = monotime() + 1;
|
||||
|
@ -445,7 +444,7 @@ client_check_window_change(struct ssh *ssh)
|
|||
if (!received_window_change_signal)
|
||||
return;
|
||||
received_window_change_signal = 0;
|
||||
debug2("%s: changed", __func__);
|
||||
debug2_f("changed");
|
||||
channel_send_window_changes(ssh);
|
||||
}
|
||||
|
||||
|
@ -487,7 +486,7 @@ server_alive_check(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, 1)) != 0 || /* boolean: want reply */
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: send packet: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
/* Insert an empty placeholder to maintain ordering */
|
||||
client_register_global_confirm(NULL, NULL);
|
||||
schedule_server_alive_check();
|
||||
|
@ -569,7 +568,7 @@ client_wait_until_can_do_something(struct ssh *ssh,
|
|||
/* Note: we might still have data in the buffers. */
|
||||
if ((r = sshbuf_putf(stderr_buffer,
|
||||
"select: %s\r\n", strerror(errno))) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
quit_pending = 1;
|
||||
} else if (options.server_alive_interval > 0 && !FD_ISSET(connection_in,
|
||||
*readsetp) && monotime() >= server_alive_time)
|
||||
|
@ -629,8 +628,7 @@ client_process_net_input(struct ssh *ssh, fd_set *readset)
|
|||
if ((r = sshbuf_putf(stderr_buffer,
|
||||
"Connection to %.300s closed by remote host.\r\n",
|
||||
host)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
quit_pending = 1;
|
||||
return;
|
||||
}
|
||||
|
@ -650,8 +648,7 @@ client_process_net_input(struct ssh *ssh, fd_set *readset)
|
|||
if ((r = sshbuf_putf(stderr_buffer,
|
||||
"Read from remote host %.300s: %.100s\r\n",
|
||||
host, strerror(errno))) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
quit_pending = 1;
|
||||
return;
|
||||
}
|
||||
|
@ -701,8 +698,7 @@ client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx)
|
|||
if (tochan) {
|
||||
if ((r = sshbuf_put(c->extended, errmsg,
|
||||
strlen(errmsg))) != 0)
|
||||
fatal("%s: buffer error %s", __func__,
|
||||
ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put");
|
||||
} else
|
||||
error("%s", errmsg);
|
||||
if (cr->action == CONFIRM_TTY) {
|
||||
|
@ -750,8 +746,8 @@ client_register_global_confirm(global_confirm_cb *cb, void *ctx)
|
|||
last_gc = TAILQ_LAST(&global_confirms, global_confirms);
|
||||
if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) {
|
||||
if (++last_gc->ref_count >= INT_MAX)
|
||||
fatal("%s: last_gc->ref_count = %d",
|
||||
__func__, last_gc->ref_count);
|
||||
fatal_f("last_gc->ref_count = %d",
|
||||
last_gc->ref_count);
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -914,7 +910,7 @@ print_escape_help(struct sshbuf *b, int escape_char, int mux_client,
|
|||
|
||||
if ((r = sshbuf_putf(b,
|
||||
"%c?\r\nSupported escape sequences:\r\n", escape_char)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
|
||||
suppress_flags =
|
||||
(mux_client ? SUPPRESS_MUXCLIENT : 0) |
|
||||
|
@ -926,14 +922,14 @@ print_escape_help(struct sshbuf *b, int escape_char, int mux_client,
|
|||
continue;
|
||||
if ((r = sshbuf_putf(b, " %c%-3s - %s\r\n",
|
||||
escape_char, esc_txt[i].cmd, esc_txt[i].text)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
}
|
||||
|
||||
if ((r = sshbuf_putf(b,
|
||||
" %c%c - send the escape character by typing it twice\r\n"
|
||||
"(Note that escapes are only recognized immediately after "
|
||||
"newline.)\r\n", escape_char, escape_char)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -973,8 +969,7 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
/* Terminate the connection. */
|
||||
if ((r = sshbuf_putf(berr, "%c.\r\n",
|
||||
efc->escape_char)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
if (c && c->ctl_chan != -1) {
|
||||
chan_read_failed(ssh, c);
|
||||
chan_write_failed(ssh, c);
|
||||
|
@ -1003,16 +998,14 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
"%c%s escape not available to "
|
||||
"multiplexed sessions\r\n",
|
||||
efc->escape_char, b)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
continue;
|
||||
}
|
||||
/* Suspend the program. Inform the user */
|
||||
if ((r = sshbuf_putf(berr,
|
||||
"%c^Z [suspend ssh]\r\n",
|
||||
efc->escape_char)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
|
||||
/* Restore terminal modes and suspend. */
|
||||
client_suspend_self(bin, bout, berr);
|
||||
|
@ -1023,13 +1016,11 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
case 'B':
|
||||
if ((r = sshbuf_putf(berr,
|
||||
"%cB\r\n", efc->escape_char)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
channel_request_start(ssh, c->self, "break", 0);
|
||||
if ((r = sshpkt_put_u32(ssh, 1000)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: send packet: %s", __func__,
|
||||
ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
continue;
|
||||
|
||||
case 'R':
|
||||
|
@ -1049,8 +1040,7 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
if ((r = sshbuf_putf(berr,
|
||||
"%c%c [Logging to syslog]\r\n",
|
||||
efc->escape_char, ch)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
continue;
|
||||
}
|
||||
if (ch == 'V' && options.log_level >
|
||||
|
@ -1063,8 +1053,7 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
"%c%c [LogLevel %s]\r\n",
|
||||
efc->escape_char, ch,
|
||||
log_level_name(options.log_level))) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
continue;
|
||||
|
||||
case '&':
|
||||
|
@ -1082,11 +1071,9 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
/* Stop listening for new connections. */
|
||||
channel_stop_listening(ssh);
|
||||
|
||||
if ((r = sshbuf_putf(berr,
|
||||
"%c& [backgrounded]\n", efc->escape_char))
|
||||
!= 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
if ((r = sshbuf_putf(berr, "%c& "
|
||||
"[backgrounded]\n", efc->escape_char)) != 0)
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
|
||||
/* Fork into background. */
|
||||
pid = fork();
|
||||
|
@ -1101,8 +1088,7 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
/* The child continues serving connections. */
|
||||
/* fake EOF on stdin */
|
||||
if ((r = sshbuf_put_u8(bin, 4)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_u8");
|
||||
return -1;
|
||||
case '?':
|
||||
print_escape_help(berr, efc->escape_char,
|
||||
|
@ -1113,12 +1099,10 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
case '#':
|
||||
if ((r = sshbuf_putf(berr, "%c#\r\n",
|
||||
efc->escape_char)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
s = channel_open_message(ssh);
|
||||
if ((r = sshbuf_put(berr, s, strlen(s))) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put");
|
||||
free(s);
|
||||
continue;
|
||||
|
||||
|
@ -1132,8 +1116,7 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
if (ch != efc->escape_char) {
|
||||
if ((r = sshbuf_put_u8(bin,
|
||||
efc->escape_char)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_u8");
|
||||
bytes++;
|
||||
}
|
||||
/* Escaped characters fall through here */
|
||||
|
@ -1160,7 +1143,7 @@ process_escapes(struct ssh *ssh, Channel *c,
|
|||
*/
|
||||
last_was_cr = (ch == '\r' || ch == '\n');
|
||||
if ((r = sshbuf_put_u8(bin, ch)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_u8");
|
||||
bytes++;
|
||||
}
|
||||
return bytes;
|
||||
|
@ -1246,30 +1229,30 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
|
|||
debug("pledge: id");
|
||||
if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty",
|
||||
NULL) == -1)
|
||||
fatal("%s pledge(): %s", __func__, strerror(errno));
|
||||
fatal_f("pledge(): %s", strerror(errno));
|
||||
|
||||
} else if (options.forward_x11 || options.permit_local_command) {
|
||||
debug("pledge: exec");
|
||||
if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
|
||||
NULL) == -1)
|
||||
fatal("%s pledge(): %s", __func__, strerror(errno));
|
||||
fatal_f("pledge(): %s", strerror(errno));
|
||||
|
||||
} else if (options.update_hostkeys) {
|
||||
debug("pledge: filesystem full");
|
||||
if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
|
||||
NULL) == -1)
|
||||
fatal("%s pledge(): %s", __func__, strerror(errno));
|
||||
fatal_f("pledge(): %s", strerror(errno));
|
||||
|
||||
} else if (!option_clear_or_none(options.proxy_command) ||
|
||||
fork_after_authentication_flag) {
|
||||
debug("pledge: proc");
|
||||
if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
|
||||
fatal("%s pledge(): %s", __func__, strerror(errno));
|
||||
fatal_f("pledge(): %s", strerror(errno));
|
||||
|
||||
} else {
|
||||
debug("pledge: network");
|
||||
if (pledge("stdio unix inet dns proc tty", NULL) == -1)
|
||||
fatal("%s pledge(): %s", __func__, strerror(errno));
|
||||
fatal_f("pledge(): %s", strerror(errno));
|
||||
}
|
||||
|
||||
start_time = monotime_double();
|
||||
|
@ -1285,7 +1268,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
|
|||
|
||||
/* Initialize buffer. */
|
||||
if ((stderr_buffer = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
client_init_dispatch(ssh);
|
||||
|
||||
|
@ -1336,8 +1319,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
|
|||
/* manual rekey request */
|
||||
debug("need rekeying");
|
||||
if ((r = kex_start_rekex(ssh)) != 0)
|
||||
fatal("%s: kex_start_rekex: %s", __func__,
|
||||
ssh_err(r));
|
||||
fatal_fr(r, "kex_start_rekex");
|
||||
need_rekeying = 0;
|
||||
} else {
|
||||
/*
|
||||
|
@ -1414,7 +1396,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
|
|||
(r = sshpkt_put_cstring(ssh, "")) != 0 || /* language tag */
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: send disconnect: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send disconnect");
|
||||
|
||||
channel_free_all(ssh);
|
||||
|
||||
|
@ -1451,7 +1433,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
|
|||
if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) {
|
||||
if ((r = sshbuf_putf(stderr_buffer,
|
||||
"Connection to %.64s closed.\r\n", host)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
}
|
||||
|
||||
/* Output any buffered data for stderr. */
|
||||
|
@ -1462,7 +1444,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
|
|||
if (len < 0 || (u_int)len != sshbuf_len(stderr_buffer))
|
||||
error("Write failed flushing stderr buffer.");
|
||||
else if ((r = sshbuf_consume(stderr_buffer, len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_consume");
|
||||
}
|
||||
|
||||
/* Clear and free any buffers. */
|
||||
|
@ -1499,15 +1481,15 @@ client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type,
|
|||
(r = sshpkt_get_cstring(ssh, &originator_address, NULL)) != 0 ||
|
||||
(r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: parse packet: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
debug("%s: listen %s port %d, originator %s port %d", __func__,
|
||||
debug_f("listen %s port %d, originator %s port %d",
|
||||
listen_address, listen_port, originator_address, originator_port);
|
||||
|
||||
if (listen_port > 0xffff)
|
||||
error("%s: invalid listen port", __func__);
|
||||
error_f("invalid listen port");
|
||||
else if (originator_port > 0xffff)
|
||||
error("%s: invalid originator port", __func__);
|
||||
error_f("invalid originator port");
|
||||
else {
|
||||
c = channel_connect_by_listen_address(ssh,
|
||||
listen_address, listen_port, "forwarded-tcpip",
|
||||
|
@ -1516,7 +1498,7 @@ client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type,
|
|||
|
||||
if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) {
|
||||
if ((b = sshbuf_new()) == NULL) {
|
||||
error("%s: alloc reply", __func__);
|
||||
error_f("alloc reply");
|
||||
goto out;
|
||||
}
|
||||
/* reconstruct and send to muxclient */
|
||||
|
@ -1531,8 +1513,7 @@ client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type,
|
|||
(r = sshbuf_put_cstring(b, originator_address)) != 0 ||
|
||||
(r = sshbuf_put_u32(b, originator_port)) != 0 ||
|
||||
(r = sshbuf_put_stringb(c->output, b)) != 0) {
|
||||
error("%s: compose for muxclient %s", __func__,
|
||||
ssh_err(r));
|
||||
error_fr(r, "compose for muxclient");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
@ -1556,9 +1537,9 @@ client_request_forwarded_streamlocal(struct ssh *ssh,
|
|||
if ((r = sshpkt_get_cstring(ssh, &listen_path, NULL)) != 0 ||
|
||||
(r = sshpkt_get_string(ssh, NULL, NULL)) != 0 || /* reserved */
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: parse packet: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
debug("%s: request: %s", __func__, listen_path);
|
||||
debug_f("request: %s", listen_path);
|
||||
|
||||
c = channel_connect_by_listen_path(ssh, listen_path,
|
||||
"forwarded-streamlocal@openssh.com", "forwarded-streamlocal");
|
||||
|
@ -1588,7 +1569,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
|
|||
if ((r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||
|
||||
(r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: parse packet: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
/* XXX check permission */
|
||||
/* XXX range check originator port? */
|
||||
debug("client_request_x11: request from %s %u", originator,
|
||||
|
@ -1623,8 +1604,7 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
|
|||
}
|
||||
if (r != 0) {
|
||||
if (r != SSH_ERR_AGENT_NOT_PRESENT)
|
||||
debug("%s: ssh_get_authentication_socket: %s",
|
||||
__func__, ssh_err(r));
|
||||
debug_fr(r, "ssh_get_authentication_socket");
|
||||
return NULL;
|
||||
}
|
||||
c = channel_new(ssh, "authentication agent connection",
|
||||
|
@ -1785,16 +1765,15 @@ client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh)
|
|||
exit_status = exitval;
|
||||
} else {
|
||||
/* Probably for a mux channel that has already closed */
|
||||
debug("%s: no sink for exit-status on channel %d",
|
||||
__func__, id);
|
||||
debug_f("no sink for exit-status on channel %d",
|
||||
id);
|
||||
}
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
goto out;
|
||||
}
|
||||
if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) {
|
||||
if (!c->have_remote_id)
|
||||
fatal("%s: channel %d: no remote_id",
|
||||
__func__, c->self);
|
||||
fatal_f("channel %d: no remote_id", c->self);
|
||||
if ((r = sshpkt_start(ssh, success ?
|
||||
SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
|
||||
|
@ -1895,8 +1874,8 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
|
|||
for (i = 0; i < ctx->nkeys; i++) {
|
||||
if (sshkey_equal(l->key, ctx->keys[i])) {
|
||||
ctx->other_name_seen = 1;
|
||||
debug3("%s: found %s key under different "
|
||||
"name/addr at %s:%ld", __func__,
|
||||
debug3_f("found %s key under different "
|
||||
"name/addr at %s:%ld",
|
||||
sshkey_ssh_name(ctx->keys[i]),
|
||||
l->path, l->linenum);
|
||||
return 0;
|
||||
|
@ -1907,8 +1886,8 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
|
|||
/* Don't proceed if revocation or CA markers are present */
|
||||
/* XXX relax this */
|
||||
if (l->marker != MRK_NONE) {
|
||||
debug3("%s: hostkeys file %s:%ld has CA/revocation marker",
|
||||
__func__, l->path, l->linenum);
|
||||
debug3_f("hostkeys file %s:%ld has CA/revocation marker",
|
||||
l->path, l->linenum);
|
||||
ctx->complex_hostspec = 1;
|
||||
return 0;
|
||||
}
|
||||
|
@ -1917,8 +1896,8 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
|
|||
if (ctx->ip_str != NULL && (l->match & HKF_MATCH_HOST) == 0 &&
|
||||
strchr(l->hosts, ',') != NULL) {
|
||||
ctx->other_name_seen = 1;
|
||||
debug3("%s: found address %s against different hostname at "
|
||||
"%s:%ld", __func__, ctx->ip_str, l->path, l->linenum);
|
||||
debug3_f("found address %s against different hostname at "
|
||||
"%s:%ld", ctx->ip_str, l->path, l->linenum);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1927,8 +1906,8 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
|
|||
* that contain more than two entries (ssh never writes these).
|
||||
*/
|
||||
if (hostspec_is_complex(l->hosts)) {
|
||||
debug3("%s: hostkeys file %s:%ld complex host specification",
|
||||
__func__, l->path, l->linenum);
|
||||
debug3_f("hostkeys file %s:%ld complex host specification",
|
||||
l->path, l->linenum);
|
||||
ctx->complex_hostspec = 1;
|
||||
return 0;
|
||||
}
|
||||
|
@ -1937,18 +1916,17 @@ hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
|
|||
for (i = 0; i < ctx->nkeys; i++) {
|
||||
if (!sshkey_equal(l->key, ctx->keys[i]))
|
||||
continue;
|
||||
debug3("%s: found %s key at %s:%ld", __func__,
|
||||
debug3_f("found %s key at %s:%ld",
|
||||
sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum);
|
||||
ctx->keys_match[i] |= l->match;
|
||||
return 0;
|
||||
}
|
||||
/* This line contained a key that not offered by the server */
|
||||
debug3("%s: deprecated %s key at %s:%ld", __func__,
|
||||
sshkey_ssh_name(l->key), l->path, l->linenum);
|
||||
debug3_f("deprecated %s key at %s:%ld", sshkey_ssh_name(l->key),
|
||||
l->path, l->linenum);
|
||||
if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1,
|
||||
sizeof(*ctx->old_keys))) == NULL)
|
||||
fatal("%s: recallocarray failed nold = %zu",
|
||||
__func__, ctx->nold);
|
||||
fatal_f("recallocarray failed nold = %zu", ctx->nold);
|
||||
ctx->old_keys = tmp;
|
||||
ctx->old_keys[ctx->nold++] = l->key;
|
||||
l->key = NULL;
|
||||
|
@ -1972,7 +1950,7 @@ hostkeys_check_old(struct hostkey_foreach_line *l, void *_ctx)
|
|||
for (i = 0; i < ctx->nold; i++) {
|
||||
if (!sshkey_equal(l->key, ctx->old_keys[i]))
|
||||
continue;
|
||||
debug3("%s: found deprecated %s key at %s:%ld as %s", __func__,
|
||||
debug3_f("found deprecated %s key at %s:%ld as %s",
|
||||
sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum,
|
||||
hashed ? "[HASHED]" : l->hosts);
|
||||
ctx->old_key_seen = 1;
|
||||
|
@ -1992,21 +1970,21 @@ check_old_keys_othernames(struct hostkeys_update_ctx *ctx)
|
|||
size_t i;
|
||||
int r;
|
||||
|
||||
debug2("%s: checking for %zu deprecated keys", __func__, ctx->nold);
|
||||
debug2_f("checking for %zu deprecated keys", ctx->nold);
|
||||
for (i = 0; i < options.num_user_hostfiles; i++) {
|
||||
debug3("%s: searching %s for %s / %s", __func__,
|
||||
debug3_f("searching %s for %s / %s",
|
||||
options.user_hostfiles[i], ctx->host_str,
|
||||
ctx->ip_str ? ctx->ip_str : "(none)");
|
||||
if ((r = hostkeys_foreach(options.user_hostfiles[i],
|
||||
hostkeys_check_old, ctx, ctx->host_str, ctx->ip_str,
|
||||
HKF_WANT_PARSE_KEY)) != 0) {
|
||||
if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) {
|
||||
debug("%s: hostkeys file %s does not exist",
|
||||
__func__, options.user_hostfiles[i]);
|
||||
debug_f("hostkeys file %s does not exist",
|
||||
options.user_hostfiles[i]);
|
||||
continue;
|
||||
}
|
||||
error("%s: hostkeys_foreach failed for %s: %s",
|
||||
__func__, options.user_hostfiles[i], ssh_err(r));
|
||||
error_fr(r, "hostkeys_foreach failed for %s",
|
||||
options.user_hostfiles[i]);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
@ -2036,7 +2014,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
|
|||
continue;
|
||||
if ((fp = sshkey_fingerprint(ctx->keys[i],
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed", __func__);
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
if (first && asking)
|
||||
hostkey_change_preamble(loglevel);
|
||||
do_log2(loglevel, "Learned new hostkey: %s %s",
|
||||
|
@ -2047,7 +2025,7 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
|
|||
for (i = 0; i < ctx->nold; i++) {
|
||||
if ((fp = sshkey_fingerprint(ctx->old_keys[i],
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed", __func__);
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
if (first && asking)
|
||||
hostkey_change_preamble(loglevel);
|
||||
do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
|
||||
|
@ -2096,11 +2074,12 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
|
|||
*/
|
||||
if (stat(options.user_hostfiles[i], &sb) != 0) {
|
||||
if (errno == ENOENT) {
|
||||
debug("%s: known hosts file %s does not exist",
|
||||
__func__, strerror(errno));
|
||||
debug_f("known hosts file %s does not "
|
||||
"exist", options.user_hostfiles[i]);
|
||||
} else {
|
||||
error("%s: known hosts file %s inaccessible",
|
||||
__func__, strerror(errno));
|
||||
error_f("known hosts file %s "
|
||||
"inaccessible: %s",
|
||||
options.user_hostfiles[i], strerror(errno));
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
@ -2109,8 +2088,8 @@ update_known_hosts(struct hostkeys_update_ctx *ctx)
|
|||
i == 0 ? ctx->keys : NULL, i == 0 ? ctx->nkeys : 0,
|
||||
options.hash_known_hosts, 0,
|
||||
options.fingerprint_hash)) != 0) {
|
||||
error("%s: hostfile_replace_entries failed for %s: %s",
|
||||
__func__, options.user_hostfiles[i], ssh_err(r));
|
||||
error_fr(r, "hostfile_replace_entries failed for %s",
|
||||
options.user_hostfiles[i]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -2127,7 +2106,7 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
|
|||
size_t siglen;
|
||||
|
||||
if (ctx->nnew == 0)
|
||||
fatal("%s: ctx->nnew == 0", __func__); /* sanity */
|
||||
fatal_f("ctx->nnew == 0"); /* sanity */
|
||||
if (type != SSH2_MSG_REQUEST_SUCCESS) {
|
||||
error("Server failed to confirm ownership of "
|
||||
"private host keys");
|
||||
|
@ -2138,10 +2117,10 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
|
|||
sshkey_type_from_name(ssh->kex->hostkey_alg));
|
||||
|
||||
if ((signdata = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
/* Don't want to accidentally accept an unbound signature */
|
||||
if (ssh->kex->session_id_len == 0)
|
||||
fatal("%s: ssh->kex->session_id_len == 0", __func__);
|
||||
fatal_f("ssh->kex->session_id_len == 0");
|
||||
/*
|
||||
* Expect a signature for each of the ctx->nnew private keys we
|
||||
* haven't seen before. They will be in the same order as the
|
||||
|
@ -2157,12 +2136,10 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
|
|||
(r = sshbuf_put_string(signdata, ssh->kex->session_id,
|
||||
ssh->kex->session_id_len)) != 0 ||
|
||||
(r = sshkey_puts(ctx->keys[i], signdata)) != 0)
|
||||
fatal("%s: failed to prepare signature: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "compose signdata");
|
||||
/* Extract and verify signature */
|
||||
if ((r = sshpkt_get_string_direct(ssh, &sig, &siglen)) != 0) {
|
||||
error("%s: couldn't parse message: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "parse sig");
|
||||
goto out;
|
||||
}
|
||||
/*
|
||||
|
@ -2175,19 +2152,19 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
|
|||
sshbuf_ptr(signdata), sshbuf_len(signdata),
|
||||
use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0,
|
||||
NULL)) != 0) {
|
||||
error("%s: server gave bad signature for %s key %zu",
|
||||
__func__, sshkey_type(ctx->keys[i]), i);
|
||||
error_f("server gave bad signature for %s key %zu",
|
||||
sshkey_type(ctx->keys[i]), i);
|
||||
goto out;
|
||||
}
|
||||
/* Key is good. Mark it as 'seen' */
|
||||
ctx->keys_verified[i] = 1;
|
||||
ndone++;
|
||||
}
|
||||
/* Shouldn't happen */
|
||||
if (ndone != ctx->nnew)
|
||||
fatal("%s: ndone != ctx->nnew (%zu / %zu)", __func__,
|
||||
ndone, ctx->nnew); /* Shouldn't happen */
|
||||
fatal_f("ndone != ctx->nnew (%zu / %zu)", ndone, ctx->nnew);
|
||||
if ((r = sshpkt_get_end(ssh)) != 0) {
|
||||
error("%s: protocol error", __func__);
|
||||
error_f("protocol error");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -2236,7 +2213,7 @@ client_input_hostkeys(struct ssh *ssh)
|
|||
u_int want;
|
||||
|
||||
if (hostkeys_seen)
|
||||
fatal("%s: server already sent hostkeys", __func__);
|
||||
fatal_f("server already sent hostkeys");
|
||||
if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK &&
|
||||
options.batch_mode)
|
||||
return 1; /* won't ask in batchmode, so don't even try */
|
||||
|
@ -2248,53 +2225,51 @@ client_input_hostkeys(struct ssh *ssh)
|
|||
sshkey_free(key);
|
||||
key = NULL;
|
||||
if ((r = sshpkt_get_string_direct(ssh, &blob, &len)) != 0) {
|
||||
error("%s: couldn't parse message: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "parse key");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_from_blob(blob, len, &key)) != 0) {
|
||||
do_log2(r == SSH_ERR_KEY_TYPE_UNKNOWN ?
|
||||
do_log2_fr(r, r == SSH_ERR_KEY_TYPE_UNKNOWN ?
|
||||
SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR,
|
||||
"%s: parse key: %s", __func__, ssh_err(r));
|
||||
"convert key");
|
||||
continue;
|
||||
}
|
||||
fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT);
|
||||
debug3("%s: received %s key %s", __func__,
|
||||
sshkey_type(key), fp);
|
||||
debug3_f("received %s key %s", sshkey_type(key), fp);
|
||||
free(fp);
|
||||
|
||||
if (!key_accepted_by_hostkeyalgs(key)) {
|
||||
debug3("%s: %s key not permitted by HostkeyAlgorithms",
|
||||
__func__, sshkey_ssh_name(key));
|
||||
debug3_f("%s key not permitted by "
|
||||
"HostkeyAlgorithms", sshkey_ssh_name(key));
|
||||
continue;
|
||||
}
|
||||
/* Skip certs */
|
||||
if (sshkey_is_cert(key)) {
|
||||
debug3("%s: %s key is a certificate; skipping",
|
||||
__func__, sshkey_ssh_name(key));
|
||||
debug3_f("%s key is a certificate; skipping",
|
||||
sshkey_ssh_name(key));
|
||||
continue;
|
||||
}
|
||||
/* Ensure keys are unique */
|
||||
for (i = 0; i < ctx->nkeys; i++) {
|
||||
if (sshkey_equal(key, ctx->keys[i])) {
|
||||
error("%s: received duplicated %s host key",
|
||||
__func__, sshkey_ssh_name(key));
|
||||
error_f("received duplicated %s host key",
|
||||
sshkey_ssh_name(key));
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
/* Key is good, record it */
|
||||
if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1,
|
||||
sizeof(*ctx->keys))) == NULL)
|
||||
fatal("%s: recallocarray failed nkeys = %zu",
|
||||
__func__, ctx->nkeys);
|
||||
fatal_f("recallocarray failed nkeys = %zu",
|
||||
ctx->nkeys);
|
||||
ctx->keys = tmp;
|
||||
ctx->keys[ctx->nkeys++] = key;
|
||||
key = NULL;
|
||||
}
|
||||
|
||||
if (ctx->nkeys == 0) {
|
||||
debug("%s: server sent no hostkeys", __func__);
|
||||
debug_f("server sent no hostkeys");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -2302,7 +2277,7 @@ client_input_hostkeys(struct ssh *ssh)
|
|||
sizeof(*ctx->keys_match))) == NULL ||
|
||||
(ctx->keys_verified = calloc(ctx->nkeys,
|
||||
sizeof(*ctx->keys_verified))) == NULL)
|
||||
fatal("%s: calloc failed", __func__);
|
||||
fatal_f("calloc failed");
|
||||
|
||||
get_hostfile_hostname_ipaddr(host,
|
||||
options.check_host_ip ? (struct sockaddr *)&hostaddr : NULL,
|
||||
|
@ -2311,19 +2286,19 @@ client_input_hostkeys(struct ssh *ssh)
|
|||
|
||||
/* Find which keys we already know about. */
|
||||
for (i = 0; i < options.num_user_hostfiles; i++) {
|
||||
debug("%s: searching %s for %s / %s", __func__,
|
||||
debug_f("searching %s for %s / %s",
|
||||
options.user_hostfiles[i], ctx->host_str,
|
||||
ctx->ip_str ? ctx->ip_str : "(none)");
|
||||
if ((r = hostkeys_foreach(options.user_hostfiles[i],
|
||||
hostkeys_find, ctx, ctx->host_str, ctx->ip_str,
|
||||
HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) {
|
||||
if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) {
|
||||
debug("%s: hostkeys file %s does not exist",
|
||||
__func__, options.user_hostfiles[i]);
|
||||
debug_f("hostkeys file %s does not exist",
|
||||
options.user_hostfiles[i]);
|
||||
continue;
|
||||
}
|
||||
error("%s: hostkeys_foreach failed for %s: %s",
|
||||
__func__, options.user_hostfiles[i], ssh_err(r));
|
||||
error_fr(r, "hostkeys_foreach failed for %s",
|
||||
options.user_hostfiles[i]);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
@ -2338,26 +2313,25 @@ client_input_hostkeys(struct ssh *ssh)
|
|||
ctx->nincomplete++;
|
||||
}
|
||||
|
||||
debug3("%s: %zu server keys: %zu new, %zu retained, "
|
||||
"%zu incomplete match. %zu to remove", __func__, ctx->nkeys,
|
||||
ctx->nnew, ctx->nkeys - ctx->nnew - ctx->nincomplete,
|
||||
debug3_f("%zu server keys: %zu new, %zu retained, "
|
||||
"%zu incomplete match. %zu to remove", ctx->nkeys, ctx->nnew,
|
||||
ctx->nkeys - ctx->nnew - ctx->nincomplete,
|
||||
ctx->nincomplete, ctx->nold);
|
||||
|
||||
if (ctx->nnew == 0 && ctx->nold == 0) {
|
||||
debug("%s: no new or deprecated keys from server", __func__);
|
||||
debug_f("no new or deprecated keys from server");
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Various reasons why we cannot proceed with the update */
|
||||
if (ctx->complex_hostspec) {
|
||||
debug("%s: CA/revocation marker, manual host list or wildcard "
|
||||
"host pattern found, skipping UserKnownHostsFile update",
|
||||
__func__);
|
||||
debug_f("CA/revocation marker, manual host list or wildcard "
|
||||
"host pattern found, skipping UserKnownHostsFile update");
|
||||
goto out;
|
||||
}
|
||||
if (ctx->other_name_seen) {
|
||||
debug("%s: host key found matching a different name/address, "
|
||||
"skipping UserKnownHostsFile update", __func__);
|
||||
debug_f("host key found matching a different name/address, "
|
||||
"skipping UserKnownHostsFile update");
|
||||
goto out;
|
||||
}
|
||||
/*
|
||||
|
@ -2371,8 +2345,8 @@ client_input_hostkeys(struct ssh *ssh)
|
|||
if (check_old_keys_othernames(ctx) != 0)
|
||||
goto out; /* error already logged */
|
||||
if (ctx->old_key_seen) {
|
||||
debug("%s: key(s) for %s%s%s exist under other names; "
|
||||
"skipping UserKnownHostsFile update", __func__,
|
||||
debug_f("key(s) for %s%s%s exist under other names; "
|
||||
"skipping UserKnownHostsFile update",
|
||||
ctx->host_str, ctx->ip_str == NULL ? "" : ",",
|
||||
ctx->ip_str == NULL ? "" : ctx->ip_str);
|
||||
goto out;
|
||||
|
@ -2392,27 +2366,24 @@ client_input_hostkeys(struct ssh *ssh)
|
|||
* We have received previously-unseen keys from the server.
|
||||
* Ask the server to confirm ownership of the private halves.
|
||||
*/
|
||||
debug3("%s: asking server to prove ownership for %zu keys",
|
||||
__func__, ctx->nnew);
|
||||
debug3_f("asking server to prove ownership for %zu keys", ctx->nnew);
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh,
|
||||
"hostkeys-prove-00@openssh.com")) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */
|
||||
fatal("%s: prepare hostkeys-prove: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "prepare hostkeys-prove");
|
||||
if ((buf = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
for (i = 0; i < ctx->nkeys; i++) {
|
||||
if (ctx->keys_match[i])
|
||||
continue;
|
||||
sshbuf_reset(buf);
|
||||
if ((r = sshkey_putb(ctx->keys[i], buf)) != 0 ||
|
||||
(r = sshpkt_put_stringb(ssh, buf)) != 0) {
|
||||
fatal("%s: assemble hostkeys-prove: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
(r = sshpkt_put_stringb(ssh, buf)) != 0)
|
||||
fatal_fr(r, "assemble hostkeys-prove");
|
||||
}
|
||||
if ((r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: sshpkt_send: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send hostkeys-prove");
|
||||
client_register_global_confirm(
|
||||
client_global_hostkeys_private_confirm, ctx);
|
||||
ctx = NULL; /* will be freed in callback */
|
||||
|
@ -2456,6 +2427,19 @@ client_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
return r;
|
||||
}
|
||||
|
||||
static void
|
||||
client_send_env(struct ssh *ssh, int id, const char *name, const char *val)
|
||||
{
|
||||
int r;
|
||||
|
||||
debug("channel %d: setting env %s = \"%s\"", id, name, val);
|
||||
channel_request_start(ssh, id, "env", 0);
|
||||
if ((r = sshpkt_put_cstring(ssh, name)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, val)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal_fr(r, "send setenv");
|
||||
}
|
||||
|
||||
void
|
||||
client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem,
|
||||
const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd,
|
||||
|
@ -2465,10 +2449,10 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem,
|
|||
char *name, *val;
|
||||
Channel *c = NULL;
|
||||
|
||||
debug2("%s: id %d", __func__, id);
|
||||
debug2_f("id %d", id);
|
||||
|
||||
if ((c = channel_lookup(ssh, id)) == NULL)
|
||||
fatal("%s: channel %d: unknown channel", __func__, id);
|
||||
fatal_f("channel %d: unknown channel", id);
|
||||
|
||||
ssh_packet_set_interactive(ssh, want_tty,
|
||||
options.ip_qos_interactive, options.ip_qos_bulk);
|
||||
|
@ -2488,12 +2472,12 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem,
|
|||
(r = sshpkt_put_u32(ssh, (u_int)ws.ws_row)) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0)
|
||||
fatal("%s: build packet: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "build pty-req");
|
||||
if (tiop == NULL)
|
||||
tiop = get_saved_tio();
|
||||
ssh_tty_make_modes(ssh, -1, tiop);
|
||||
if ((r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: send packet: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send pty-req");
|
||||
/* XXX wait for reply */
|
||||
c->client_tty = 1;
|
||||
}
|
||||
|
@ -2522,15 +2506,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem,
|
|||
free(name);
|
||||
continue;
|
||||
}
|
||||
|
||||
debug("Sending env %s = %s", name, val);
|
||||
channel_request_start(ssh, id, "env", 0);
|
||||
if ((r = sshpkt_put_cstring(ssh, name)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, val)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0) {
|
||||
fatal("%s: send packet: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
client_send_env(ssh, id, name, val);
|
||||
free(name);
|
||||
}
|
||||
}
|
||||
|
@ -2542,13 +2518,7 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem,
|
|||
continue;
|
||||
}
|
||||
*val++ = '\0';
|
||||
|
||||
debug("Setting env %s = %s", name, val);
|
||||
channel_request_start(ssh, id, "env", 0);
|
||||
if ((r = sshpkt_put_cstring(ssh, name)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, val)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: send packet: %s", __func__, ssh_err(r));
|
||||
client_send_env(ssh, id, name, val);
|
||||
free(name);
|
||||
}
|
||||
|
||||
|
@ -2570,14 +2540,12 @@ client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem,
|
|||
}
|
||||
if ((r = sshpkt_put_stringb(ssh, cmd)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: send command: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send command");
|
||||
} else {
|
||||
channel_request_start(ssh, id, "shell", 1);
|
||||
client_expect_confirm(ssh, id, "shell", CONFIRM_CLOSE);
|
||||
if ((r = sshpkt_send(ssh)) != 0) {
|
||||
fatal("%s: send shell request: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
if ((r = sshpkt_send(ssh)) != 0)
|
||||
fatal_fr(r, "send shell");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
14
compat.c
14
compat.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: compat.c,v 1.115 2020/07/05 23:59:45 djm Exp $ */
|
||||
/* $OpenBSD: compat.c,v 1.116 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -162,10 +162,10 @@ compat_cipher_proposal(char *cipher_prop)
|
|||
{
|
||||
if (!(datafellows & SSH_BUG_BIGENDIANAES))
|
||||
return cipher_prop;
|
||||
debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
|
||||
debug2_f("original cipher proposal: %s", cipher_prop);
|
||||
if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
|
||||
fatal("match_filter_denylist failed");
|
||||
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
|
||||
debug2_f("compat cipher proposal: %s", cipher_prop);
|
||||
if (*cipher_prop == '\0')
|
||||
fatal("No supported ciphers found");
|
||||
return cipher_prop;
|
||||
|
@ -176,10 +176,10 @@ compat_pkalg_proposal(char *pkalg_prop)
|
|||
{
|
||||
if (!(datafellows & SSH_BUG_RSASIGMD5))
|
||||
return pkalg_prop;
|
||||
debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
|
||||
debug2_f("original public key proposal: %s", pkalg_prop);
|
||||
if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
|
||||
fatal("match_filter_denylist failed");
|
||||
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
|
||||
debug2_f("compat public key proposal: %s", pkalg_prop);
|
||||
if (*pkalg_prop == '\0')
|
||||
fatal("No supported PK algorithms found");
|
||||
return pkalg_prop;
|
||||
|
@ -190,7 +190,7 @@ compat_kex_proposal(char *p)
|
|||
{
|
||||
if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
|
||||
return p;
|
||||
debug2("%s: original KEX proposal: %s", __func__, p);
|
||||
debug2_f("original KEX proposal: %s", p);
|
||||
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
|
||||
if ((p = match_filter_denylist(p,
|
||||
"curve25519-sha256@libssh.org")) == NULL)
|
||||
|
@ -201,7 +201,7 @@ compat_kex_proposal(char *p)
|
|||
"diffie-hellman-group-exchange-sha1")) == NULL)
|
||||
fatal("match_filter_denylist failed");
|
||||
}
|
||||
debug2("%s: compat KEX proposal: %s", __func__, p);
|
||||
debug2_f("compat KEX proposal: %s", p);
|
||||
if (*p == '\0')
|
||||
fatal("No supported key exchange algorithms found");
|
||||
return p;
|
||||
|
|
6
dh.c
6
dh.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: dh.c,v 1.71 2019/09/06 06:08:11 djm Exp $ */
|
||||
/* $OpenBSD: dh.c,v 1.72 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
*
|
||||
|
@ -240,7 +240,7 @@ dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
|
|||
}
|
||||
|
||||
if ((tmp = BN_new()) == NULL) {
|
||||
error("%s: BN_new failed", __func__);
|
||||
error_f("BN_new failed");
|
||||
return 0;
|
||||
}
|
||||
if (!BN_sub(tmp, dh_p, BN_value_one()) ||
|
||||
|
@ -458,7 +458,7 @@ dh_new_group18(void)
|
|||
DH *
|
||||
dh_new_group_fallback(int max)
|
||||
{
|
||||
debug3("%s: requested max size %d", __func__, max);
|
||||
debug3_f("requested max size %d", max);
|
||||
if (max < 3072) {
|
||||
debug3("using 2k bit group 14");
|
||||
return dh_new_group14();
|
||||
|
|
7
dns.c
7
dns.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: dns.c,v 1.38 2018/02/23 15:58:37 markus Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.39 2020/10/18 11:32:01 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
|
@ -128,8 +128,7 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
|
|||
if (*algorithm && *digest_type) {
|
||||
if ((r = sshkey_fingerprint_raw(key, fp_alg, digest,
|
||||
digest_len)) != 0)
|
||||
fatal("%s: sshkey_fingerprint_raw: %s", __func__,
|
||||
ssh_err(r));
|
||||
fatal_fr(r, "sshkey_fingerprint_raw");
|
||||
success = 1;
|
||||
} else {
|
||||
*digest = NULL;
|
||||
|
@ -348,7 +347,7 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
|
|||
|
||||
/* No SSHFP record was generated at all */
|
||||
if (success == 0) {
|
||||
error("%s: unsupported algorithm and/or digest_type", __func__);
|
||||
error_f("unsupported algorithm and/or digest_type");
|
||||
}
|
||||
|
||||
return success;
|
||||
|
|
12
gss-genr.c
12
gss-genr.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.27 2020/10/18 11:32:01 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
|
||||
|
@ -115,7 +115,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
int r;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
if (major_status != NULL)
|
||||
*major_status = ctxt->major;
|
||||
|
@ -130,7 +130,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
|
||||
if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 ||
|
||||
(r = sshbuf_put_u8(b, '\n')) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble GSS_CODE");
|
||||
|
||||
gss_release_buffer(&lmin, &msg);
|
||||
} while (ctx != 0);
|
||||
|
@ -142,13 +142,13 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
|
||||
if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 ||
|
||||
(r = sshbuf_put_u8(b, '\n')) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble MECH_CODE");
|
||||
|
||||
gss_release_buffer(&lmin, &msg);
|
||||
} while (ctx != 0);
|
||||
|
||||
if ((r = sshbuf_put_u8(b, '\n')) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble newline");
|
||||
ret = xstrdup((const char *)sshbuf_ptr(b));
|
||||
sshbuf_free(b);
|
||||
return (ret);
|
||||
|
@ -269,7 +269,7 @@ ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
|
|||
(r = sshbuf_put_cstring(b, user)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, service)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, context)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble buildmic");
|
||||
}
|
||||
|
||||
int
|
||||
|
|
57
hostfile.c
57
hostfile.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: hostfile.c,v 1.85 2020/10/11 22:13:37 djm Exp $ */
|
||||
/* $OpenBSD: hostfile.c,v 1.86 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -141,12 +141,12 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
|
|||
ssh_hmac_init(ctx, salt, len) < 0 ||
|
||||
ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
|
||||
ssh_hmac_final(ctx, result, sizeof(result)))
|
||||
fatal("%s: ssh_hmac failed", __func__);
|
||||
fatal_f("ssh_hmac failed");
|
||||
ssh_hmac_free(ctx);
|
||||
|
||||
if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
|
||||
__b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
|
||||
fatal("%s: __b64_ntop failed", __func__);
|
||||
fatal_f("__b64_ntop failed");
|
||||
|
||||
snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt,
|
||||
HASH_DELIM, uu_result);
|
||||
|
@ -246,7 +246,7 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx)
|
|||
return 0;
|
||||
}
|
||||
|
||||
debug3("%s: found %skey type %s in file %s:%lu", __func__,
|
||||
debug3_f("found %skey type %s in file %s:%lu",
|
||||
l->marker == MRK_NONE ? "" :
|
||||
(l->marker == MRK_CA ? "ca " : "revoked "),
|
||||
sshkey_type(l->key), l->path, l->linenum);
|
||||
|
@ -279,12 +279,10 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
|
|||
if ((r = hostkeys_foreach(path, record_hostkey, &ctx, host, NULL,
|
||||
HKF_WANT_MATCH|HKF_WANT_PARSE_KEY)) != 0) {
|
||||
if (r != SSH_ERR_SYSTEM_ERROR && errno != ENOENT)
|
||||
debug("%s: hostkeys_foreach failed for %s: %s",
|
||||
__func__, path, ssh_err(r));
|
||||
debug_fr(r, "hostkeys_foreach failed for %s", path);
|
||||
}
|
||||
if (ctx.num_loaded != 0)
|
||||
debug3("%s: loaded %lu keys from %s", __func__,
|
||||
ctx.num_loaded, host);
|
||||
debug3_f("loaded %lu keys from %s", ctx.num_loaded, host);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -435,7 +433,7 @@ write_host_entry(FILE *f, const char *host, const char *ip,
|
|||
|
||||
if (store_hash) {
|
||||
if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) {
|
||||
error("%s: host_hash failed", __func__);
|
||||
error_f("host_hash failed");
|
||||
free(lhost);
|
||||
return 0;
|
||||
}
|
||||
|
@ -449,7 +447,7 @@ write_host_entry(FILE *f, const char *host, const char *ip,
|
|||
if ((r = sshkey_write(key, f)) == 0)
|
||||
success = 1;
|
||||
else
|
||||
error("%s: sshkey_write failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_write");
|
||||
fputc('\n', f);
|
||||
/* If hashing is enabled, the IP address needs to go on its own line */
|
||||
if (success && store_hash && ip != NULL)
|
||||
|
@ -546,7 +544,7 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx)
|
|||
continue;
|
||||
ctx->match_keys[i] |= l->match;
|
||||
fprintf(ctx->out, "%s\n", l->line);
|
||||
debug3("%s: %s key already at %s:%ld", __func__,
|
||||
debug3_f("%s key already at %s:%ld",
|
||||
sshkey_type(l->key), l->path, l->linenum);
|
||||
return 0;
|
||||
}
|
||||
|
@ -608,14 +606,14 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
|
|||
|
||||
if ((fd = mkstemp(temp)) == -1) {
|
||||
oerrno = errno;
|
||||
error("%s: mkstemp: %s", __func__, strerror(oerrno));
|
||||
error_f("mkstemp: %s", strerror(oerrno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
if ((ctx.out = fdopen(fd, "w")) == NULL) {
|
||||
oerrno = errno;
|
||||
close(fd);
|
||||
error("%s: fdopen: %s", __func__, strerror(oerrno));
|
||||
error_f("fdopen: %s", strerror(oerrno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
|
@ -624,7 +622,7 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
|
|||
if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip,
|
||||
HKF_WANT_PARSE_KEY)) != 0) {
|
||||
oerrno = errno;
|
||||
error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "hostkeys_foreach");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
|
@ -676,30 +674,28 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
|
|||
/* Backup the original file and replace it with the temporary */
|
||||
if (unlink(back) == -1 && errno != ENOENT) {
|
||||
oerrno = errno;
|
||||
error("%s: unlink %.100s: %s", __func__,
|
||||
back, strerror(errno));
|
||||
error_f("unlink %.100s: %s", back, strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
if (link(filename, back) == -1) {
|
||||
oerrno = errno;
|
||||
error("%s: link %.100s to %.100s: %s", __func__,
|
||||
filename, back, strerror(errno));
|
||||
error_f("link %.100s to %.100s: %s", filename,
|
||||
back, strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
if (rename(temp, filename) == -1) {
|
||||
oerrno = errno;
|
||||
error("%s: rename \"%s\" to \"%s\": %s", __func__,
|
||||
temp, filename, strerror(errno));
|
||||
error_f("rename \"%s\" to \"%s\": %s", temp,
|
||||
filename, strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
} else {
|
||||
/* No changes made; just delete the temporary file */
|
||||
if (unlink(temp) != 0)
|
||||
error("%s: unlink \"%s\": %s", __func__,
|
||||
temp, strerror(errno));
|
||||
error_f("unlink \"%s\": %s", temp, strerror(errno));
|
||||
}
|
||||
|
||||
/* success */
|
||||
|
@ -756,7 +752,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
if ((f = fopen(path, "r")) == NULL)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
|
||||
debug3("%s: reading file \"%s\"", __func__, path);
|
||||
debug3_f("reading file \"%s\"", path);
|
||||
while (getline(&line, &linesize, f) != -1) {
|
||||
linenum++;
|
||||
line[strcspn(line, "\n")] = '\0';
|
||||
|
@ -784,8 +780,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
}
|
||||
|
||||
if ((lineinfo.marker = check_markers(&cp)) == MRK_ERROR) {
|
||||
verbose("%s: invalid marker at %s:%lu",
|
||||
__func__, path, linenum);
|
||||
verbose_f("invalid marker at %s:%lu", path, linenum);
|
||||
if ((options & HKF_WANT_MATCH) == 0)
|
||||
goto bad;
|
||||
continue;
|
||||
|
@ -801,8 +796,8 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
if (host != NULL) {
|
||||
if ((s = match_maybe_hashed(host, lineinfo.hosts,
|
||||
&hashed)) == -1) {
|
||||
debug2("%s: %s:%ld: bad host hash \"%.32s\"",
|
||||
__func__, path, linenum, lineinfo.hosts);
|
||||
debug2_f("%s:%ld: bad host hash \"%.32s\"",
|
||||
path, linenum, lineinfo.hosts);
|
||||
goto bad;
|
||||
}
|
||||
if (s == 1) {
|
||||
|
@ -814,9 +809,9 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
if (ip != NULL) {
|
||||
if ((s = match_maybe_hashed(ip, lineinfo.hosts,
|
||||
&hashed)) == -1) {
|
||||
debug2("%s: %s:%ld: bad ip hash "
|
||||
"\"%.32s\"", __func__, path,
|
||||
linenum, lineinfo.hosts);
|
||||
debug2_f("%s:%ld: bad ip hash "
|
||||
"\"%.32s\"", path, linenum,
|
||||
lineinfo.hosts);
|
||||
goto bad;
|
||||
}
|
||||
if (s == 1) {
|
||||
|
@ -851,7 +846,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
* lines.
|
||||
*/
|
||||
if ((lineinfo.key = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||
error("%s: sshkey_new failed", __func__);
|
||||
error_f("sshkey_new failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
break;
|
||||
}
|
||||
|
|
100
kex.c
100
kex.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kex.c,v 1.159 2020/07/05 23:59:45 djm Exp $ */
|
||||
/* $OpenBSD: kex.c,v 1.160 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -360,14 +360,13 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp)
|
|||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) { /* skip cookie */
|
||||
error("%s: consume cookie: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "consume cookie");
|
||||
goto out;
|
||||
}
|
||||
/* extract kex init proposal strings */
|
||||
for (i = 0; i < PROPOSAL_MAX; i++) {
|
||||
if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) {
|
||||
error("%s: parse proposal %u: %s", __func__,
|
||||
i, ssh_err(r));
|
||||
error_fr(r, "parse proposal %u", i);
|
||||
goto out;
|
||||
}
|
||||
debug2("%s: %s", proposal_names[i], proposal[i]);
|
||||
|
@ -375,7 +374,7 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp)
|
|||
/* first kex follows / reserved */
|
||||
if ((r = sshbuf_get_u8(b, &v)) != 0 || /* first_kex_follows */
|
||||
(r = sshbuf_get_u32(b, &i)) != 0) { /* reserved */
|
||||
error("%s: parse: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
goto out;
|
||||
}
|
||||
if (first_kex_follows != NULL)
|
||||
|
@ -439,7 +438,7 @@ kex_send_ext_info(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, algs)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0) {
|
||||
error("%s: compose: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose");
|
||||
goto out;
|
||||
}
|
||||
/* success */
|
||||
|
@ -491,14 +490,14 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh)
|
|||
if (strcmp(name, "server-sig-algs") == 0) {
|
||||
/* Ensure no \0 lurking in value */
|
||||
if (memchr(val, '\0', vlen) != NULL) {
|
||||
error("%s: nul byte in %s", __func__, name);
|
||||
error_f("nul byte in %s", name);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
debug("%s: %s=<%s>", __func__, name, val);
|
||||
debug_f("%s=<%s>", name, val);
|
||||
kex->server_sig_algs = val;
|
||||
val = NULL;
|
||||
} else
|
||||
debug("%s: %s (unrecognised)", __func__, name);
|
||||
debug_f("%s (unrecognised)", name);
|
||||
free(name);
|
||||
free(val);
|
||||
}
|
||||
|
@ -536,7 +535,7 @@ kex_send_kexinit(struct ssh *ssh)
|
|||
int r;
|
||||
|
||||
if (kex == NULL) {
|
||||
error("%s: no hex", __func__);
|
||||
error_f("no hex");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
if (kex->flags & KEX_INIT_SENT)
|
||||
|
@ -545,12 +544,12 @@ kex_send_kexinit(struct ssh *ssh)
|
|||
|
||||
/* generate a random cookie */
|
||||
if (sshbuf_len(kex->my) < KEX_COOKIE_LEN) {
|
||||
error("%s: bad kex length: %zu < %d", __func__,
|
||||
error_f("bad kex length: %zu < %d",
|
||||
sshbuf_len(kex->my), KEX_COOKIE_LEN);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL) {
|
||||
error("%s: buffer error", __func__);
|
||||
error_f("buffer error");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
arc4random_buf(cookie, KEX_COOKIE_LEN);
|
||||
|
@ -558,7 +557,7 @@ kex_send_kexinit(struct ssh *ssh)
|
|||
if ((r = sshpkt_start(ssh, SSH2_MSG_KEXINIT)) != 0 ||
|
||||
(r = sshpkt_putb(ssh, kex->my)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0) {
|
||||
error("%s: compose reply: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose reply");
|
||||
return r;
|
||||
}
|
||||
debug("SSH2_MSG_KEXINIT sent");
|
||||
|
@ -578,7 +577,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
|
|||
|
||||
debug("SSH2_MSG_KEXINIT received");
|
||||
if (kex == NULL) {
|
||||
error("%s: no hex", __func__);
|
||||
error_f("no hex");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
|
||||
|
@ -589,13 +588,13 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
|
|||
/* discard packet */
|
||||
for (i = 0; i < KEX_COOKIE_LEN; i++) {
|
||||
if ((r = sshpkt_get_u8(ssh, NULL)) != 0) {
|
||||
error("%s: discard cookie: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "discard cookie");
|
||||
return r;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < PROPOSAL_MAX; i++) {
|
||||
if ((r = sshpkt_get_string(ssh, NULL, NULL)) != 0) {
|
||||
error("%s: discard proposal: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "discard proposal");
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
@ -623,7 +622,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
|
|||
if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
|
||||
return (kex->kex[kex->kex_type])(ssh);
|
||||
|
||||
error("%s: unknown kex type %u", __func__, kex->kex_type);
|
||||
error_f("unknown kex type %u", kex->kex_type);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
|
@ -739,11 +738,11 @@ int
|
|||
kex_start_rekex(struct ssh *ssh)
|
||||
{
|
||||
if (ssh->kex == NULL) {
|
||||
error("%s: no kex", __func__);
|
||||
error_f("no kex");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
if (ssh->kex->done == 0) {
|
||||
error("%s: requested twice", __func__);
|
||||
error_f("requested twice");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
ssh->kex->done = 0;
|
||||
|
@ -758,7 +757,7 @@ choose_enc(struct sshenc *enc, char *client, char *server)
|
|||
if (name == NULL)
|
||||
return SSH_ERR_NO_CIPHER_ALG_MATCH;
|
||||
if ((enc->cipher = cipher_by_name(name)) == NULL) {
|
||||
error("%s: unsupported cipher %s", __func__, name);
|
||||
error_f("unsupported cipher %s", name);
|
||||
free(name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
@ -780,7 +779,7 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
|
|||
if (name == NULL)
|
||||
return SSH_ERR_NO_MAC_ALG_MATCH;
|
||||
if (mac_setup(mac, name) < 0) {
|
||||
error("%s: unsupported MAC %s", __func__, name);
|
||||
error_f("unsupported MAC %s", name);
|
||||
free(name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
@ -807,7 +806,7 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
|
|||
if (strcmp(name, "none") == 0) {
|
||||
comp->type = COMP_NONE;
|
||||
} else {
|
||||
error("%s: unsupported compression scheme %s", __func__, name);
|
||||
error_f("unsupported compression scheme %s", name);
|
||||
free(name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
@ -826,7 +825,7 @@ choose_kex(struct kex *k, char *client, char *server)
|
|||
if (k->name == NULL)
|
||||
return SSH_ERR_NO_KEX_ALG_MATCH;
|
||||
if ((kexalg = kex_alg_by_name(k->name)) == NULL) {
|
||||
error("%s: unsupported KEX method %s", __func__, k->name);
|
||||
error_f("unsupported KEX method %s", k->name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
k->kex_type = kexalg->type;
|
||||
|
@ -846,8 +845,7 @@ choose_hostkeyalg(struct kex *k, char *client, char *server)
|
|||
return SSH_ERR_NO_HOSTKEY_ALG_MATCH;
|
||||
k->hostkey_type = sshkey_type_from_name(k->hostkey_alg);
|
||||
if (k->hostkey_type == KEY_UNSPEC) {
|
||||
error("%s: unsupported hostkey algorithm %s", __func__,
|
||||
k->hostkey_alg);
|
||||
error_f("unsupported hostkey algorithm %s", k->hostkey_alg);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg);
|
||||
|
@ -1018,7 +1016,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
|
|||
kex->session_id_len) != 0 ||
|
||||
ssh_digest_final(hashctx, digest, mdsz) != 0) {
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
error("%s: KEX hash failed", __func__);
|
||||
error_f("KEX hash failed");
|
||||
goto out;
|
||||
}
|
||||
ssh_digest_free(hashctx);
|
||||
|
@ -1035,7 +1033,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
|
|||
ssh_digest_update(hashctx, hash, hashlen) != 0 ||
|
||||
ssh_digest_update(hashctx, digest, have) != 0 ||
|
||||
ssh_digest_final(hashctx, digest + have, mdsz) != 0) {
|
||||
error("%s: KDF failed", __func__);
|
||||
error_f("KDF failed");
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1100,7 +1098,7 @@ kex_load_hostkey(struct ssh *ssh, struct sshkey **prvp, struct sshkey **pubp)
|
|||
*prvp = NULL;
|
||||
if (kex->load_host_public_key == NULL ||
|
||||
kex->load_host_private_key == NULL) {
|
||||
error("%s: missing hostkey loader", __func__);
|
||||
error_f("missing hostkey loader");
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
}
|
||||
*pubp = kex->load_host_public_key(kex->hostkey_type,
|
||||
|
@ -1118,7 +1116,7 @@ kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key)
|
|||
struct kex *kex = ssh->kex;
|
||||
|
||||
if (kex->verify_host_key == NULL) {
|
||||
error("%s: missing hostkey verifier", __func__);
|
||||
error_f("missing hostkey verifier");
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
}
|
||||
if (server_host_key->type != kex->hostkey_type ||
|
||||
|
@ -1155,7 +1153,7 @@ send_error(struct ssh *ssh, char *msg)
|
|||
msg, strlen(msg)) != strlen(msg) ||
|
||||
atomicio(vwrite, ssh_packet_get_connection_out(ssh),
|
||||
crnl, strlen(crnl)) != strlen(crnl))
|
||||
error("%s: write: %.100s", __func__, strerror(errno));
|
||||
error_f("write: %.100s", strerror(errno));
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1187,7 +1185,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
version_addendum == NULL ? "" : " ",
|
||||
version_addendum == NULL ? "" : version_addendum)) != 0) {
|
||||
oerrno = errno;
|
||||
error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshbuf_putf");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -1195,18 +1193,18 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
sshbuf_mutable_ptr(our_version),
|
||||
sshbuf_len(our_version)) != sshbuf_len(our_version)) {
|
||||
oerrno = errno;
|
||||
debug("%s: write: %.100s", __func__, strerror(errno));
|
||||
debug_f("write: %.100s", strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */
|
||||
oerrno = errno;
|
||||
error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshbuf_consume_end");
|
||||
goto out;
|
||||
}
|
||||
our_version_string = sshbuf_dup_string(our_version);
|
||||
if (our_version_string == NULL) {
|
||||
error("%s: sshbuf_dup_string failed", __func__);
|
||||
error_f("sshbuf_dup_string failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1217,8 +1215,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
if (n >= SSH_MAX_PRE_BANNER_LINES) {
|
||||
send_error(ssh, "No SSH identification string "
|
||||
"received.");
|
||||
error("%s: No SSH version received in first %u lines "
|
||||
"from server", __func__, SSH_MAX_PRE_BANNER_LINES);
|
||||
error_f("No SSH version received in first %u lines "
|
||||
"from server", SSH_MAX_PRE_BANNER_LINES);
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1237,8 +1235,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
goto out;
|
||||
} else if (r == -1) {
|
||||
oerrno = errno;
|
||||
error("%s: %s",
|
||||
__func__, strerror(errno));
|
||||
error_f("%s", strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1247,14 +1244,12 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
len = atomicio(read, ssh_packet_get_connection_in(ssh),
|
||||
&c, 1);
|
||||
if (len != 1 && errno == EPIPE) {
|
||||
error("%s: Connection closed by remote host",
|
||||
__func__);
|
||||
error_f("Connection closed by remote host");
|
||||
r = SSH_ERR_CONN_CLOSED;
|
||||
goto out;
|
||||
} else if (len != 1) {
|
||||
oerrno = errno;
|
||||
error("%s: read: %.100s",
|
||||
__func__, strerror(errno));
|
||||
error_f("read: %.100s", strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1265,18 +1260,17 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
if (c == '\n')
|
||||
break;
|
||||
if (c == '\0' || expect_nl) {
|
||||
error("%s: banner line contains invalid "
|
||||
"characters", __func__);
|
||||
error_f("banner line contains invalid "
|
||||
"characters");
|
||||
goto invalid;
|
||||
}
|
||||
if ((r = sshbuf_put_u8(peer_version, c)) != 0) {
|
||||
oerrno = errno;
|
||||
error("%s: sshbuf_put: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "sshbuf_put");
|
||||
goto out;
|
||||
}
|
||||
if (sshbuf_len(peer_version) > SSH_MAX_BANNER_LEN) {
|
||||
error("%s: banner line too long", __func__);
|
||||
error_f("banner line too long");
|
||||
goto invalid;
|
||||
}
|
||||
}
|
||||
|
@ -1286,26 +1280,26 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
break;
|
||||
/* If not, then just log the line and continue */
|
||||
if ((cp = sshbuf_dup_string(peer_version)) == NULL) {
|
||||
error("%s: sshbuf_dup_string failed", __func__);
|
||||
error_f("sshbuf_dup_string failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
/* Do not accept lines before the SSH ident from a client */
|
||||
if (ssh->kex->server) {
|
||||
error("%s: client sent invalid protocol identifier "
|
||||
"\"%.256s\"", __func__, cp);
|
||||
error_f("client sent invalid protocol identifier "
|
||||
"\"%.256s\"", cp);
|
||||
free(cp);
|
||||
goto invalid;
|
||||
}
|
||||
debug("%s: banner line %zu: %s", __func__, n, cp);
|
||||
debug_f("banner line %zu: %s", n, cp);
|
||||
free(cp);
|
||||
}
|
||||
peer_version_string = sshbuf_dup_string(peer_version);
|
||||
if (peer_version_string == NULL)
|
||||
error("%s: sshbuf_dup_string failed", __func__);
|
||||
error_f("sshbuf_dup_string failed");
|
||||
/* XXX must be same size for sscanf */
|
||||
if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) {
|
||||
error("%s: calloc failed", __func__);
|
||||
error_f("calloc failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
|
100
krl.c
100
krl.c
|
@ -14,7 +14,7 @@
|
|||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: krl.c,v 1.51 2020/08/27 01:06:18 djm Exp $ */
|
||||
/* $OpenBSD: krl.c,v 1.52 2020/10/18 11:32:01 djm Exp $ */
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
|
@ -44,7 +44,7 @@
|
|||
|
||||
/* #define DEBUG_KRL */
|
||||
#ifdef DEBUG_KRL
|
||||
# define KRL_DBG(x) debug3 x
|
||||
# define KRL_DBG(x) debug3_f x
|
||||
#else
|
||||
# define KRL_DBG(x)
|
||||
#endif
|
||||
|
@ -241,8 +241,7 @@ revoked_certs_for_ca_key(struct ssh_krl *krl, const struct sshkey *ca_key,
|
|||
RB_INIT(&rc->revoked_serials);
|
||||
RB_INIT(&rc->revoked_key_ids);
|
||||
TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry);
|
||||
KRL_DBG(("%s: new CA %s", __func__,
|
||||
ca_key == NULL ? "*" : sshkey_type(ca_key)));
|
||||
KRL_DBG(("new CA %s", ca_key == NULL ? "*" : sshkey_type(ca_key)));
|
||||
*rcp = rc;
|
||||
return 0;
|
||||
}
|
||||
|
@ -252,7 +251,7 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
|
|||
{
|
||||
struct revoked_serial rs, *ers, *crs, *irs;
|
||||
|
||||
KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi));
|
||||
KRL_DBG(("insert %llu:%llu", lo, hi));
|
||||
memset(&rs, 0, sizeof(rs));
|
||||
rs.lo = lo;
|
||||
rs.hi = hi;
|
||||
|
@ -264,15 +263,14 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
|
|||
memcpy(irs, &rs, sizeof(*irs));
|
||||
ers = RB_INSERT(revoked_serial_tree, rt, irs);
|
||||
if (ers != NULL) {
|
||||
KRL_DBG(("%s: bad: ers != NULL", __func__));
|
||||
KRL_DBG(("bad: ers != NULL"));
|
||||
/* Shouldn't happen */
|
||||
free(irs);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
ers = irs;
|
||||
} else {
|
||||
KRL_DBG(("%s: overlap found %llu:%llu", __func__,
|
||||
ers->lo, ers->hi));
|
||||
KRL_DBG(("overlap found %llu:%llu", ers->lo, ers->hi));
|
||||
/*
|
||||
* The inserted entry overlaps an existing one. Grow the
|
||||
* existing entry.
|
||||
|
@ -290,33 +288,31 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
|
|||
|
||||
/* Check predecessors */
|
||||
while ((crs = RB_PREV(revoked_serial_tree, rt, ers)) != NULL) {
|
||||
KRL_DBG(("%s: pred %llu:%llu", __func__, crs->lo, crs->hi));
|
||||
KRL_DBG(("pred %llu:%llu", crs->lo, crs->hi));
|
||||
if (ers->lo != 0 && crs->hi < ers->lo - 1)
|
||||
break;
|
||||
/* This entry overlaps. */
|
||||
if (crs->lo < ers->lo) {
|
||||
ers->lo = crs->lo;
|
||||
KRL_DBG(("%s: pred extend %llu:%llu", __func__,
|
||||
ers->lo, ers->hi));
|
||||
KRL_DBG(("pred extend %llu:%llu", ers->lo, ers->hi));
|
||||
}
|
||||
RB_REMOVE(revoked_serial_tree, rt, crs);
|
||||
free(crs);
|
||||
}
|
||||
/* Check successors */
|
||||
while ((crs = RB_NEXT(revoked_serial_tree, rt, ers)) != NULL) {
|
||||
KRL_DBG(("%s: succ %llu:%llu", __func__, crs->lo, crs->hi));
|
||||
KRL_DBG(("succ %llu:%llu", crs->lo, crs->hi));
|
||||
if (ers->hi != (u_int64_t)-1 && crs->lo > ers->hi + 1)
|
||||
break;
|
||||
/* This entry overlaps. */
|
||||
if (crs->hi > ers->hi) {
|
||||
ers->hi = crs->hi;
|
||||
KRL_DBG(("%s: succ extend %llu:%llu", __func__,
|
||||
ers->lo, ers->hi));
|
||||
KRL_DBG(("succ extend %llu:%llu", ers->lo, ers->hi));
|
||||
}
|
||||
RB_REMOVE(revoked_serial_tree, rt, crs);
|
||||
free(crs);
|
||||
}
|
||||
KRL_DBG(("%s: done, final %llu:%llu", __func__, ers->lo, ers->hi));
|
||||
KRL_DBG(("done, final %llu:%llu", ers->lo, ers->hi));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -352,7 +348,7 @@ ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key,
|
|||
if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)
|
||||
return r;
|
||||
|
||||
KRL_DBG(("%s: revoke %s", __func__, key_id));
|
||||
KRL_DBG(("revoke %s", key_id));
|
||||
if ((rki = calloc(1, sizeof(*rki))) == NULL ||
|
||||
(rki->key_id = strdup(key_id)) == NULL) {
|
||||
free(rki);
|
||||
|
@ -411,7 +407,7 @@ ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key)
|
|||
size_t len;
|
||||
int r;
|
||||
|
||||
debug3("%s: revoke type %s", __func__, sshkey_type(key));
|
||||
debug3_f("revoke type %s", sshkey_type(key));
|
||||
if ((r = plain_key_blob(key, &blob, &len)) != 0)
|
||||
return r;
|
||||
return revoke_blob(&krl->revoked_keys, blob, len);
|
||||
|
@ -437,7 +433,7 @@ revoke_by_hash(struct revoked_blob_tree *target, const u_char *p, size_t len)
|
|||
int
|
||||
ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len)
|
||||
{
|
||||
debug3("%s: revoke by sha1", __func__);
|
||||
debug3_f("revoke by sha1");
|
||||
if (len != 20)
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
return revoke_by_hash(&krl->revoked_sha1s, p, len);
|
||||
|
@ -446,7 +442,7 @@ ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len)
|
|||
int
|
||||
ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len)
|
||||
{
|
||||
debug3("%s: revoke by sha256", __func__);
|
||||
debug3_f("revoke by sha256");
|
||||
if (len != 32)
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
return revoke_by_hash(&krl->revoked_sha256s, p, len);
|
||||
|
@ -542,9 +538,9 @@ choose_next_state(int current_state, u_int64_t contig, int final,
|
|||
*force_new_section = 1;
|
||||
cost = cost_bitmap_restart;
|
||||
}
|
||||
KRL_DBG(("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
|
||||
KRL_DBG(("contig %llu last_gap %llu next_gap %llu final %d, costs:"
|
||||
"list %llu range %llu bitmap %llu new bitmap %llu, "
|
||||
"selected 0x%02x%s", __func__, (long long unsigned)contig,
|
||||
"selected 0x%02x%s", (long long unsigned)contig,
|
||||
(long long unsigned)last_gap, (long long unsigned)next_gap, final,
|
||||
(long long unsigned)cost_list, (long long unsigned)cost_range,
|
||||
(long long unsigned)cost_bitmap,
|
||||
|
@ -602,7 +598,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials);
|
||||
rs != NULL;
|
||||
rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
|
||||
KRL_DBG(("%s: serial %llu:%llu state 0x%02x", __func__,
|
||||
KRL_DBG(("serial %llu:%llu state 0x%02x",
|
||||
(long long unsigned)rs->lo, (long long unsigned)rs->hi,
|
||||
state));
|
||||
|
||||
|
@ -622,7 +618,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
*/
|
||||
if (state != 0 && (force_new_sect || next_state != state ||
|
||||
state == KRL_SECTION_CERT_SERIAL_RANGE)) {
|
||||
KRL_DBG(("%s: finish state 0x%02x", __func__, state));
|
||||
KRL_DBG(("finish state 0x%02x", state));
|
||||
switch (state) {
|
||||
case KRL_SECTION_CERT_SERIAL_LIST:
|
||||
case KRL_SECTION_CERT_SERIAL_RANGE:
|
||||
|
@ -642,7 +638,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
|
||||
/* If we are starting a new section then prepare it now */
|
||||
if (next_state != state || force_new_sect) {
|
||||
KRL_DBG(("%s: start state 0x%02x", __func__,
|
||||
KRL_DBG(("start state 0x%02x",
|
||||
next_state));
|
||||
state = next_state;
|
||||
sshbuf_reset(sect);
|
||||
|
@ -678,7 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
break;
|
||||
case KRL_SECTION_CERT_SERIAL_BITMAP:
|
||||
if (rs->lo - bitmap_start > INT_MAX) {
|
||||
error("%s: insane bitmap gap", __func__);
|
||||
error_f("insane bitmap gap");
|
||||
goto out;
|
||||
}
|
||||
for (i = 0; i < contig; i++) {
|
||||
|
@ -694,8 +690,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
}
|
||||
/* Flush the remaining section, if any */
|
||||
if (state != 0) {
|
||||
KRL_DBG(("%s: serial final flush for state 0x%02x",
|
||||
__func__, state));
|
||||
KRL_DBG(("serial final flush for state 0x%02x", state));
|
||||
switch (state) {
|
||||
case KRL_SECTION_CERT_SERIAL_LIST:
|
||||
case KRL_SECTION_CERT_SERIAL_RANGE:
|
||||
|
@ -711,12 +706,12 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
(r = sshbuf_put_stringb(buf, sect)) != 0)
|
||||
goto out;
|
||||
}
|
||||
KRL_DBG(("%s: serial done ", __func__));
|
||||
KRL_DBG(("serial done "));
|
||||
|
||||
/* Now output a section for any revocations by key ID */
|
||||
sshbuf_reset(sect);
|
||||
RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {
|
||||
KRL_DBG(("%s: key ID %s", __func__, rki->key_id));
|
||||
KRL_DBG(("key ID %s", rki->key_id));
|
||||
if ((r = sshbuf_put_cstring(sect, rki->key_id)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -772,7 +767,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
|
|||
/* Finally, output sections for revocations by public key/hash */
|
||||
sshbuf_reset(sect);
|
||||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
|
||||
KRL_DBG(("%s: key len %zu ", __func__, rb->len));
|
||||
KRL_DBG(("key len %zu ", rb->len));
|
||||
if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -783,7 +778,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
|
|||
}
|
||||
sshbuf_reset(sect);
|
||||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) {
|
||||
KRL_DBG(("%s: hash len %zu ", __func__, rb->len));
|
||||
KRL_DBG(("hash len %zu ", rb->len));
|
||||
if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -795,7 +790,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
|
|||
}
|
||||
sshbuf_reset(sect);
|
||||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha256s) {
|
||||
KRL_DBG(("%s: hash len %zu ", __func__, rb->len));
|
||||
KRL_DBG(("hash len %zu ", rb->len));
|
||||
if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -807,8 +802,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
|
|||
}
|
||||
|
||||
for (i = 0; i < nsign_keys; i++) {
|
||||
KRL_DBG(("%s: signature key %s", __func__,
|
||||
sshkey_ssh_name(sign_keys[i])));
|
||||
KRL_DBG(("sig key %s", sshkey_ssh_name(sign_keys[i])));
|
||||
if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 ||
|
||||
(r = sshkey_puts(sign_keys[i], buf)) != 0)
|
||||
goto out;
|
||||
|
@ -817,7 +811,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
|
|||
sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL,
|
||||
NULL, 0)) != 0)
|
||||
goto out;
|
||||
KRL_DBG(("%s: signature sig len %zu", __func__, slen));
|
||||
KRL_DBG(("signature sig len %zu", slen));
|
||||
if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -874,7 +868,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
|
|||
if ((r = sshbuf_get_u8(buf, &type)) != 0 ||
|
||||
(r = sshbuf_froms(buf, &subsect)) != 0)
|
||||
goto out;
|
||||
KRL_DBG(("%s: subsection type 0x%02x", __func__, type));
|
||||
KRL_DBG(("subsection type 0x%02x", type));
|
||||
/* sshbuf_dump(subsect, stderr); */
|
||||
|
||||
switch (type) {
|
||||
|
@ -911,7 +905,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
|
|||
nbits = bitmap_nbits(bitmap);
|
||||
for (serial = 0; serial < (u_int64_t)nbits; serial++) {
|
||||
if (serial > 0 && serial_lo + serial == 0) {
|
||||
error("%s: bitmap wraps u64", __func__);
|
||||
error_f("bitmap wraps u64");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
|
@ -970,7 +964,7 @@ blob_section(struct sshbuf *sect, struct revoked_blob_tree *target_tree,
|
|||
if ((r = sshbuf_get_string(sect, &rdata, &rlen)) != 0)
|
||||
return r;
|
||||
if (expected_len != 0 && rlen != expected_len) {
|
||||
error("%s: bad length", __func__);
|
||||
error_f("bad length");
|
||||
free(rdata);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
|
@ -1001,7 +995,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
*krlp = NULL;
|
||||
if (sshbuf_len(buf) < sizeof(KRL_MAGIC) - 1 ||
|
||||
memcmp(sshbuf_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) {
|
||||
debug3("%s: not a KRL", __func__);
|
||||
debug3_f("not a KRL");
|
||||
return SSH_ERR_KRL_BAD_MAGIC;
|
||||
}
|
||||
|
||||
|
@ -1014,7 +1008,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
goto out;
|
||||
|
||||
if ((krl = ssh_krl_init()) == NULL) {
|
||||
error("%s: alloc failed", __func__);
|
||||
error_f("alloc failed");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -1051,7 +1045,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
|
||||
(r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0)
|
||||
goto out;
|
||||
KRL_DBG(("%s: first pass, section 0x%02x", __func__, type));
|
||||
KRL_DBG(("first pass, section 0x%02x", type));
|
||||
if (type != KRL_SECTION_SIGNATURE) {
|
||||
if (sig_seen) {
|
||||
error("KRL contains non-signature section "
|
||||
|
@ -1127,7 +1121,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
|
||||
(r = sshbuf_froms(copy, §)) != 0)
|
||||
goto out;
|
||||
KRL_DBG(("%s: second pass, section 0x%02x", __func__, type));
|
||||
KRL_DBG(("second pass, section 0x%02x", type));
|
||||
|
||||
switch (type) {
|
||||
case KRL_SECTION_CERTIFICATES:
|
||||
|
@ -1230,7 +1224,7 @@ is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc)
|
|||
rki.key_id = key->cert->key_id;
|
||||
erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
|
||||
if (erki != NULL) {
|
||||
KRL_DBG(("%s: revoked by key ID", __func__));
|
||||
KRL_DBG(("revoked by key ID"));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
|
||||
|
@ -1245,7 +1239,7 @@ is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc)
|
|||
rs.lo = rs.hi = key->cert->serial;
|
||||
ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
|
||||
if (ers != NULL) {
|
||||
KRL_DBG(("%s: revoked serial %llu matched %llu:%llu", __func__,
|
||||
KRL_DBG(("revoked serial %llu matched %llu:%llu",
|
||||
key->cert->serial, ers->lo, ers->hi));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
|
@ -1268,7 +1262,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
|
|||
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
|
||||
free(rb.blob);
|
||||
if (erb != NULL) {
|
||||
KRL_DBG(("%s: revoked by key SHA1", __func__));
|
||||
KRL_DBG(("revoked by key SHA1"));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
memset(&rb, 0, sizeof(rb));
|
||||
|
@ -1278,7 +1272,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
|
|||
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha256s, &rb);
|
||||
free(rb.blob);
|
||||
if (erb != NULL) {
|
||||
KRL_DBG(("%s: revoked by key SHA256", __func__));
|
||||
KRL_DBG(("revoked by key SHA256"));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
|
||||
|
@ -1289,7 +1283,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
|
|||
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
|
||||
free(rb.blob);
|
||||
if (erb != NULL) {
|
||||
KRL_DBG(("%s: revoked by explicit key", __func__));
|
||||
KRL_DBG(("revoked by explicit key"));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
|
||||
|
@ -1312,7 +1306,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
|
|||
return r;
|
||||
}
|
||||
|
||||
KRL_DBG(("%s: %llu no match", __func__, key->cert->serial));
|
||||
KRL_DBG(("%llu no match", key->cert->serial));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1321,15 +1315,15 @@ ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key)
|
|||
{
|
||||
int r;
|
||||
|
||||
KRL_DBG(("%s: checking key", __func__));
|
||||
KRL_DBG(("checking key"));
|
||||
if ((r = is_key_revoked(krl, key)) != 0)
|
||||
return r;
|
||||
if (sshkey_is_cert(key)) {
|
||||
debug2("%s: checking CA key", __func__);
|
||||
debug2_f("checking CA key");
|
||||
if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0)
|
||||
return r;
|
||||
}
|
||||
KRL_DBG(("%s: key okay", __func__));
|
||||
KRL_DBG(("key okay"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1348,7 +1342,7 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
|
|||
}
|
||||
if ((r = ssh_krl_from_blob(krlbuf, &krl, NULL, 0)) != 0)
|
||||
goto out;
|
||||
debug2("%s: checking KRL %s", __func__, path);
|
||||
debug2_f("checking KRL %s", path);
|
||||
r = ssh_krl_check_key(krl, key);
|
||||
out:
|
||||
sshbuf_free(krlbuf);
|
||||
|
@ -1385,7 +1379,7 @@ krl_dump(struct ssh_krl *krl, FILE *f)
|
|||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
|
||||
if ((r = sshkey_from_blob(rb->blob, rb->len, &key)) != 0) {
|
||||
ret = SSH_ERR_INVALID_FORMAT;
|
||||
error("Parse key in KRL: %s", ssh_err(r));
|
||||
error_r(r, "parse KRL key");
|
||||
continue;
|
||||
}
|
||||
if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
|
||||
|
|
97
misc.c
97
misc.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: misc.c,v 1.154 2020/10/03 09:22:26 djm Exp $ */
|
||||
/* $OpenBSD: misc.c,v 1.155 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
|
||||
|
@ -1111,9 +1111,9 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent,
|
|||
size_t len;
|
||||
|
||||
if ((buf = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (parseerror == NULL)
|
||||
fatal("%s: null parseerror arg", __func__);
|
||||
fatal_f("null parseerror arg");
|
||||
*parseerror = 1;
|
||||
|
||||
/* Gather keys if we're doing percent expansion. */
|
||||
|
@ -1123,14 +1123,15 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent,
|
|||
if (keys[num_keys].key == NULL)
|
||||
break;
|
||||
keys[num_keys].repl = va_arg(ap, char *);
|
||||
if (keys[num_keys].repl == NULL)
|
||||
fatal("%s: NULL replacement for token %s", __func__, keys[num_keys].key);
|
||||
if (keys[num_keys].repl == NULL) {
|
||||
fatal_f("NULL replacement for token %s",
|
||||
keys[num_keys].key);
|
||||
}
|
||||
}
|
||||
if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL)
|
||||
fatal("%s: too many keys", __func__);
|
||||
fatal_f("too many keys");
|
||||
if (num_keys == 0)
|
||||
fatal("%s: percent expansion without token list",
|
||||
__func__);
|
||||
fatal_f("percent expansion without token list");
|
||||
}
|
||||
|
||||
/* Expand string */
|
||||
|
@ -1139,28 +1140,24 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent,
|
|||
if (dollar && string[0] == '$' && string[1] == '{') {
|
||||
string += 2; /* skip over '${' */
|
||||
if ((varend = strchr(string, '}')) == NULL) {
|
||||
error("%s: environment variable '%s' missing "
|
||||
"closing '}'", __func__, string);
|
||||
error_f("environment variable '%s' missing "
|
||||
"closing '}'", string);
|
||||
goto out;
|
||||
}
|
||||
len = varend - string;
|
||||
if (len == 0) {
|
||||
error("%s: zero-length environment variable",
|
||||
__func__);
|
||||
error_f("zero-length environment variable");
|
||||
goto out;
|
||||
}
|
||||
var = xmalloc(len + 1);
|
||||
(void)strlcpy(var, string, len + 1);
|
||||
if ((val = getenv(var)) == NULL) {
|
||||
error("%s: env var ${%s} has no value",
|
||||
__func__, var);
|
||||
error_f("env var ${%s} has no value", var);
|
||||
missingvar = 1;
|
||||
} else {
|
||||
debug3("%s: expand ${%s} -> '%s'", __func__,
|
||||
var, val);
|
||||
debug3_f("expand ${%s} -> '%s'", var, val);
|
||||
if ((r = sshbuf_put(buf, val, strlen(val))) !=0)
|
||||
fatal("%s: sshbuf_put: %s", __func__,
|
||||
ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put ${}");
|
||||
}
|
||||
free(var);
|
||||
string += len;
|
||||
|
@ -1174,10 +1171,8 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent,
|
|||
*/
|
||||
if (*string != '%' || !percent) {
|
||||
append:
|
||||
if ((r = sshbuf_put_u8(buf, *string)) != 0) {
|
||||
fatal("%s: sshbuf_put_u8: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
if ((r = sshbuf_put_u8(buf, *string)) != 0)
|
||||
fatal_fr(r, "sshbuf_put_u8 %%");
|
||||
continue;
|
||||
}
|
||||
string++;
|
||||
|
@ -1185,26 +1180,24 @@ vdollar_percent_expand(int *parseerror, int dollar, int percent,
|
|||
if (*string == '%')
|
||||
goto append;
|
||||
if (*string == '\0') {
|
||||
error("%s: invalid format", __func__);
|
||||
error_f("invalid format");
|
||||
goto out;
|
||||
}
|
||||
for (i = 0; i < num_keys; i++) {
|
||||
if (strchr(keys[i].key, *string) != NULL) {
|
||||
if ((r = sshbuf_put(buf, keys[i].repl,
|
||||
strlen(keys[i].repl))) != 0) {
|
||||
fatal("%s: sshbuf_put: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
strlen(keys[i].repl))) != 0)
|
||||
fatal_fr(r, "sshbuf_put %%-repl");
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (i >= num_keys) {
|
||||
error("%s: unknown key %%%c", __func__, *string);
|
||||
error_f("unknown key %%%c", *string);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
if (!missingvar && (ret = sshbuf_dup_string(buf)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
*parseerror = 0;
|
||||
out:
|
||||
sshbuf_free(buf);
|
||||
|
@ -1248,7 +1241,7 @@ percent_expand(const char *string, ...)
|
|||
ret = vdollar_percent_expand(&err, 0, 1, string, ap);
|
||||
va_end(ap);
|
||||
if (err)
|
||||
fatal("%s failed", __func__);
|
||||
fatal_f("failed");
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -1267,7 +1260,7 @@ percent_dollar_expand(const char *string, ...)
|
|||
ret = vdollar_percent_expand(&err, 1, 1, string, ap);
|
||||
va_end(ap);
|
||||
if (err)
|
||||
fatal("%s failed", __func__);
|
||||
fatal_f("failed");
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -1300,16 +1293,16 @@ tun_open(int tun, int mode, char **ifname)
|
|||
break;
|
||||
}
|
||||
} else {
|
||||
debug("%s: invalid tunnel %u", __func__, tun);
|
||||
debug_f("invalid tunnel %u", tun);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (fd == -1) {
|
||||
debug("%s: %s open: %s", __func__, name, strerror(errno));
|
||||
debug_f("%s open: %s", name, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
|
||||
debug_f("%s mode %d fd %d", name, mode, fd);
|
||||
|
||||
/* Bring interface up if it is not already */
|
||||
snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
|
||||
|
@ -1317,16 +1310,16 @@ tun_open(int tun, int mode, char **ifname)
|
|||
goto failed;
|
||||
|
||||
if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) {
|
||||
debug("%s: get interface %s flags: %s", __func__,
|
||||
ifr.ifr_name, strerror(errno));
|
||||
debug_f("get interface %s flags: %s", ifr.ifr_name,
|
||||
strerror(errno));
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (!(ifr.ifr_flags & IFF_UP)) {
|
||||
ifr.ifr_flags |= IFF_UP;
|
||||
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) {
|
||||
debug("%s: activate interface %s: %s", __func__,
|
||||
ifr.ifr_name, strerror(errno));
|
||||
debug_f("activate interface %s: %s", ifr.ifr_name,
|
||||
strerror(errno));
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
|
@ -1677,7 +1670,7 @@ mktemp_proto(char *s, size_t len)
|
|||
}
|
||||
r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX");
|
||||
if (r < 0 || (size_t)r >= len)
|
||||
fatal("%s: template string too short", __func__);
|
||||
fatal_f("template string too short");
|
||||
}
|
||||
|
||||
static const struct {
|
||||
|
@ -1764,8 +1757,7 @@ unix_listener(const char *path, int backlog, int unlink_first)
|
|||
sunaddr.sun_family = AF_UNIX;
|
||||
if (strlcpy(sunaddr.sun_path, path,
|
||||
sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) {
|
||||
error("%s: path \"%s\" too long for Unix domain socket",
|
||||
__func__, path);
|
||||
error_f("path \"%s\" too long for Unix domain socket", path);
|
||||
errno = ENAMETOOLONG;
|
||||
return -1;
|
||||
}
|
||||
|
@ -1773,7 +1765,7 @@ unix_listener(const char *path, int backlog, int unlink_first)
|
|||
sock = socket(PF_UNIX, SOCK_STREAM, 0);
|
||||
if (sock == -1) {
|
||||
saved_errno = errno;
|
||||
error("%s: socket: %.100s", __func__, strerror(errno));
|
||||
error_f("socket: %.100s", strerror(errno));
|
||||
errno = saved_errno;
|
||||
return -1;
|
||||
}
|
||||
|
@ -1783,16 +1775,14 @@ unix_listener(const char *path, int backlog, int unlink_first)
|
|||
}
|
||||
if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
|
||||
saved_errno = errno;
|
||||
error("%s: cannot bind to path %s: %s",
|
||||
__func__, path, strerror(errno));
|
||||
error_f("cannot bind to path %s: %s", path, strerror(errno));
|
||||
close(sock);
|
||||
errno = saved_errno;
|
||||
return -1;
|
||||
}
|
||||
if (listen(sock, backlog) == -1) {
|
||||
saved_errno = errno;
|
||||
error("%s: cannot listen on path %s: %s",
|
||||
__func__, path, strerror(errno));
|
||||
error_f("cannot listen on path %s: %s", path, strerror(errno));
|
||||
close(sock);
|
||||
unlink(path);
|
||||
errno = saved_errno;
|
||||
|
@ -1956,7 +1946,7 @@ argv_assemble(int argc, char **argv)
|
|||
struct sshbuf *buf, *arg;
|
||||
|
||||
if ((buf = sshbuf_new()) == NULL || (arg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
for (i = 0; i < argc; i++) {
|
||||
ws = 0;
|
||||
|
@ -1981,17 +1971,16 @@ argv_assemble(int argc, char **argv)
|
|||
break;
|
||||
}
|
||||
if (r != 0)
|
||||
fatal("%s: sshbuf_put_u8: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_u8");
|
||||
}
|
||||
if ((i != 0 && (r = sshbuf_put_u8(buf, ' ')) != 0) ||
|
||||
(ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0) ||
|
||||
(r = sshbuf_putb(buf, arg)) != 0 ||
|
||||
(ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0))
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
}
|
||||
if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL)
|
||||
fatal("%s: malloc failed", __func__);
|
||||
fatal_f("malloc failed");
|
||||
memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
|
||||
ret[sshbuf_len(buf)] = '\0';
|
||||
sshbuf_free(buf);
|
||||
|
@ -2007,7 +1996,7 @@ exited_cleanly(pid_t pid, const char *tag, const char *cmd, int quiet)
|
|||
|
||||
while (waitpid(pid, &status, 0) == -1) {
|
||||
if (errno != EINTR) {
|
||||
error("%s: waitpid: %s", tag, strerror(errno));
|
||||
error("%s waitpid: %s", tag, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
@ -2422,14 +2411,14 @@ stdfd_devnull(int do_stdin, int do_stdout, int do_stderr)
|
|||
int devnull, ret = 0;
|
||||
|
||||
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
|
||||
error("%s: open %s: %s", __func__, _PATH_DEVNULL,
|
||||
error_f("open %s: %s", _PATH_DEVNULL,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
|
||||
(do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
|
||||
(do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
|
||||
error("%s: dup2: %s", __func__, strerror(errno));
|
||||
error_f("dup2: %s", strerror(errno));
|
||||
ret = -1;
|
||||
}
|
||||
if (devnull > STDERR_FILENO)
|
||||
|
|
295
monitor.c
295
monitor.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: monitor.c,v 1.216 2020/10/18 11:21:59 djm Exp $ */
|
||||
/* $OpenBSD: monitor.c,v 1.217 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
@ -309,8 +309,7 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
|
|||
if (authenticated &&
|
||||
!auth2_update_methods_lists(authctxt,
|
||||
auth_method, auth_submethod)) {
|
||||
debug3("%s: method %s: partial", __func__,
|
||||
auth_method);
|
||||
debug3_f("method %s: partial", auth_method);
|
||||
authenticated = 0;
|
||||
partial = 1;
|
||||
}
|
||||
|
@ -318,8 +317,8 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
|
|||
|
||||
if (authenticated) {
|
||||
if (!(ent->flags & MON_AUTHDECIDE))
|
||||
fatal("%s: unexpected authentication from %d",
|
||||
__func__, ent->type);
|
||||
fatal_f("unexpected authentication from %d",
|
||||
ent->type);
|
||||
if (authctxt->pw->pw_uid == 0 &&
|
||||
!auth_root_allowed(ssh, auth_method))
|
||||
authenticated = 0;
|
||||
|
@ -352,12 +351,11 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
|
|||
}
|
||||
|
||||
if (!authctxt->valid)
|
||||
fatal("%s: authenticated invalid user", __func__);
|
||||
fatal_f("authenticated invalid user");
|
||||
if (strcmp(auth_method, "unknown") == 0)
|
||||
fatal("%s: authentication method name unknown", __func__);
|
||||
fatal_f("authentication method name unknown");
|
||||
|
||||
debug("%s: %s has been authenticated by privileged process",
|
||||
__func__, authctxt->user);
|
||||
debug_f("user %s authenticated by privileged process", authctxt->user);
|
||||
ssh->authctxt = NULL;
|
||||
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
|
||||
|
||||
|
@ -426,38 +424,38 @@ monitor_read_log(struct monitor *pmonitor)
|
|||
int r;
|
||||
|
||||
if ((logmsg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
|
||||
/* Read length */
|
||||
if ((r = sshbuf_reserve(logmsg, 4, &p)) != 0)
|
||||
fatal("%s: reserve: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reserve len");
|
||||
if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) {
|
||||
if (errno == EPIPE) {
|
||||
sshbuf_free(logmsg);
|
||||
debug("%s: child log fd closed", __func__);
|
||||
debug_f("child log fd closed");
|
||||
close(pmonitor->m_log_recvfd);
|
||||
pmonitor->m_log_recvfd = -1;
|
||||
return -1;
|
||||
}
|
||||
fatal("%s: log fd read: %s", __func__, strerror(errno));
|
||||
fatal_f("log fd read: %s", strerror(errno));
|
||||
}
|
||||
if ((r = sshbuf_get_u32(logmsg, &len)) != 0)
|
||||
fatal("%s: get len: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse len");
|
||||
if (len <= 4 || len > 8192)
|
||||
fatal("%s: invalid log message length %u", __func__, len);
|
||||
fatal_f("invalid log message length %u", len);
|
||||
|
||||
/* Read severity, message */
|
||||
sshbuf_reset(logmsg);
|
||||
if ((r = sshbuf_reserve(logmsg, len, &p)) != 0)
|
||||
fatal("%s: reserve: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reserve msg");
|
||||
if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len)
|
||||
fatal("%s: log fd read: %s", __func__, strerror(errno));
|
||||
fatal_f("log fd read: %s", strerror(errno));
|
||||
if ((r = sshbuf_get_cstring(logmsg, &file, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(logmsg, &func, NULL)) != 0 ||
|
||||
(r = sshbuf_get_u32(logmsg, &line)) != 0 ||
|
||||
(r = sshbuf_get_u32(logmsg, &level)) != 0 ||
|
||||
(r = sshbuf_get_cstring(logmsg, &msg, NULL)) != 0)
|
||||
fatal("%s: decode: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
/* Log it */
|
||||
if (log_level_name(level) == NULL)
|
||||
|
@ -490,7 +488,7 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,
|
|||
if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) {
|
||||
if (errno == EINTR || errno == EAGAIN)
|
||||
continue;
|
||||
fatal("%s: poll: %s", __func__, strerror(errno));
|
||||
fatal_f("poll: %s", strerror(errno));
|
||||
}
|
||||
if (pfd[1].revents) {
|
||||
/*
|
||||
|
@ -505,13 +503,13 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,
|
|||
}
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
|
||||
mm_request_receive(pmonitor->m_sendfd, m);
|
||||
if ((r = sshbuf_get_u8(m, &type)) != 0)
|
||||
fatal("%s: decode: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse type");
|
||||
|
||||
debug3("%s: checking request %d", __func__, type);
|
||||
debug3_f("checking request %d", type);
|
||||
|
||||
while (ent->f != NULL) {
|
||||
if (ent->type == type)
|
||||
|
@ -521,15 +519,13 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,
|
|||
|
||||
if (ent->f != NULL) {
|
||||
if (!(ent->flags & MON_PERMIT))
|
||||
fatal("%s: unpermitted request %d", __func__,
|
||||
type);
|
||||
fatal_f("unpermitted request %d", type);
|
||||
ret = (*ent->f)(ssh, pmonitor->m_sendfd, m);
|
||||
sshbuf_free(m);
|
||||
|
||||
/* The child may use this request only once, disable it */
|
||||
if (ent->flags & MON_ONCE) {
|
||||
debug2("%s: %d used once, disabling now", __func__,
|
||||
type);
|
||||
debug2_f("%d used once, disabling now", type);
|
||||
ent->flags &= ~MON_PERMIT;
|
||||
}
|
||||
|
||||
|
@ -539,7 +535,7 @@ monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,
|
|||
return ret;
|
||||
}
|
||||
|
||||
fatal("%s: unsupported request: %d", __func__, type);
|
||||
fatal_f("unsupported request: %d", type);
|
||||
|
||||
/* NOTREACHED */
|
||||
return (-1);
|
||||
|
@ -584,21 +580,19 @@ mm_answer_moduli(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
if ((r = sshbuf_get_u32(m, &min)) != 0 ||
|
||||
(r = sshbuf_get_u32(m, &want)) != 0 ||
|
||||
(r = sshbuf_get_u32(m, &max)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("%s: got parameters: %d %d %d",
|
||||
__func__, min, want, max);
|
||||
debug3_f("got parameters: %d %d %d", min, want, max);
|
||||
/* We need to check here, too, in case the child got corrupted */
|
||||
if (max < min || want < min || max < want)
|
||||
fatal("%s: bad parameters: %d %d %d",
|
||||
__func__, min, want, max);
|
||||
fatal_f("bad parameters: %d %d %d", min, want, max);
|
||||
|
||||
sshbuf_reset(m);
|
||||
|
||||
dh = choose_dh(min, want, max);
|
||||
if (dh == NULL) {
|
||||
if ((r = sshbuf_put_u8(m, 0)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble empty");
|
||||
return (0);
|
||||
} else {
|
||||
/* Send first bignum */
|
||||
|
@ -606,7 +600,7 @@ mm_answer_moduli(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
if ((r = sshbuf_put_u8(m, 1)) != 0 ||
|
||||
(r = sshbuf_put_bignum2(m, dh_p)) != 0 ||
|
||||
(r = sshbuf_put_bignum2(m, dh_g)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
DH_free(dh);
|
||||
}
|
||||
|
@ -628,15 +622,15 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
u_int keyid, compat;
|
||||
const char proof_req[] = "hostkeys-prove-00@openssh.com";
|
||||
|
||||
debug3("%s", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &keyid)) != 0 ||
|
||||
(r = sshbuf_get_string(m, &p, &datlen)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 ||
|
||||
(r = sshbuf_get_u32(m, &compat)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
if (keyid > INT_MAX)
|
||||
fatal("%s: invalid key ID", __func__);
|
||||
fatal_f("invalid key ID");
|
||||
|
||||
/*
|
||||
* Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
|
||||
|
@ -655,21 +649,20 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
* the client sent us.
|
||||
*/
|
||||
if (session_id2_len == 0) /* hostkeys is never first */
|
||||
fatal("%s: bad data length: %zu", __func__, datlen);
|
||||
fatal_f("bad data length: %zu", datlen);
|
||||
if ((key = get_hostkey_public_by_index(keyid, ssh)) == NULL)
|
||||
fatal("%s: no hostkey for index %d", __func__, keyid);
|
||||
fatal_f("no hostkey for index %d", keyid);
|
||||
if ((sigbuf = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
|
||||
(r = sshbuf_put_string(sigbuf, session_id2,
|
||||
session_id2_len)) != 0 ||
|
||||
(r = sshkey_puts(key, sigbuf)) != 0)
|
||||
fatal("%s: couldn't prepare private key "
|
||||
"proof buffer: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble private key proof");
|
||||
if (datlen != sshbuf_len(sigbuf) ||
|
||||
memcmp(p, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf)) != 0)
|
||||
fatal("%s: bad data length: %zu, hostkey proof len %zu",
|
||||
__func__, datlen, sshbuf_len(sigbuf));
|
||||
fatal_f("bad data length: %zu, hostkey proof len %zu",
|
||||
datlen, sshbuf_len(sigbuf));
|
||||
sshbuf_free(sigbuf);
|
||||
is_proof = 1;
|
||||
}
|
||||
|
@ -684,24 +677,21 @@ mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
if ((key = get_hostkey_by_index(keyid)) != NULL) {
|
||||
if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
|
||||
options.sk_provider, NULL, compat)) != 0)
|
||||
fatal("%s: sshkey_sign failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sign");
|
||||
} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
|
||||
auth_sock > 0) {
|
||||
if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen,
|
||||
p, datlen, alg, compat)) != 0) {
|
||||
fatal("%s: ssh_agent_sign failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
p, datlen, alg, compat)) != 0)
|
||||
fatal_fr(r, "agent sign");
|
||||
} else
|
||||
fatal("%s: no hostkey from index %d", __func__, keyid);
|
||||
fatal_f("no hostkey from index %d", keyid);
|
||||
|
||||
debug3("%s: %s signature %p(%zu)", __func__,
|
||||
is_proof ? "hostkey proof" : "KEX", signature, siglen);
|
||||
debug3_f("%s signature %p(%zu)", is_proof ? "hostkey proof" : "KEX",
|
||||
signature, siglen);
|
||||
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_put_string(m, signature, siglen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
free(alg);
|
||||
free(p);
|
||||
|
@ -725,13 +715,13 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
int r, allowed = 0;
|
||||
u_int i;
|
||||
|
||||
debug3("%s", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if (authctxt->attempt++ != 0)
|
||||
fatal("%s: multiple attempts for getpwnam", __func__);
|
||||
fatal_f("multiple attempts for getpwnam");
|
||||
|
||||
if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
pwent = getpwnamallow(ssh, username);
|
||||
|
||||
|
@ -743,7 +733,7 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
if (pwent == NULL) {
|
||||
if ((r = sshbuf_put_u8(m, 0)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble fakepw");
|
||||
authctxt->pw = fakepw();
|
||||
goto out;
|
||||
}
|
||||
|
@ -765,26 +755,23 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
#endif
|
||||
(r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble pw");
|
||||
|
||||
out:
|
||||
ssh_packet_set_log_preamble(ssh, "%suser %s",
|
||||
authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
|
||||
if ((r = sshbuf_put_string(m, &options, sizeof(options))) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble options");
|
||||
|
||||
#define M_CP_STROPT(x) do { \
|
||||
if (options.x != NULL) { \
|
||||
if ((r = sshbuf_put_cstring(m, options.x)) != 0) \
|
||||
fatal("%s: buffer error: %s", \
|
||||
__func__, ssh_err(r)); \
|
||||
} \
|
||||
if (options.x != NULL && \
|
||||
(r = sshbuf_put_cstring(m, options.x)) != 0) \
|
||||
fatal_fr(r, "assemble %s", #x); \
|
||||
} while (0)
|
||||
#define M_CP_STRARRAYOPT(x, nx) do { \
|
||||
for (i = 0; i < options.nx; i++) { \
|
||||
if ((r = sshbuf_put_cstring(m, options.x[i])) != 0) \
|
||||
fatal("%s: buffer error: %s", \
|
||||
__func__, ssh_err(r)); \
|
||||
fatal_fr(r, "assemble %s", #x); \
|
||||
} \
|
||||
} while (0)
|
||||
/* See comment in servconf.h */
|
||||
|
@ -799,10 +786,10 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
* run to it's packet_disconnect(), but it must not allow any
|
||||
* authentication to succeed.
|
||||
*/
|
||||
debug("%s: no valid authentication method lists", __func__);
|
||||
debug_f("no valid authentication method lists");
|
||||
}
|
||||
|
||||
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
|
||||
debug3_f("sending MONITOR_ANS_PWNAM: %d", allowed);
|
||||
mm_request_send(sock, MONITOR_ANS_PWNAM, m);
|
||||
|
||||
/* Allow service/style information on the auth context */
|
||||
|
@ -825,7 +812,7 @@ int mm_answer_auth2_read_banner(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
sshbuf_reset(m);
|
||||
banner = auth2_read_banner();
|
||||
if ((r = sshbuf_put_cstring(m, banner != NULL ? banner : "")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
|
||||
free(banner);
|
||||
|
||||
|
@ -841,9 +828,8 @@ mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
debug3("%s: service=%s, style=%s",
|
||||
__func__, authctxt->service, authctxt->style);
|
||||
fatal_fr(r, "parse");
|
||||
debug3_f("service=%s, style=%s", authctxt->service, authctxt->style);
|
||||
|
||||
if (strlen(authctxt->style) == 0) {
|
||||
free(authctxt->style);
|
||||
|
@ -891,9 +877,9 @@ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
size_t plen;
|
||||
|
||||
if (!options.password_authentication)
|
||||
fatal("%s: password authentication not enabled", __func__);
|
||||
fatal_f("password authentication not enabled");
|
||||
if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
/* Only authenticate if the context is valid */
|
||||
authenticated = options.password_authentication &&
|
||||
auth_password(ssh, passwd);
|
||||
|
@ -901,13 +887,14 @@ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_put_u32(m, authenticated)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
#ifdef USE_PAM
|
||||
if ((r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble PAM");
|
||||
#endif
|
||||
|
||||
debug3("%s: sending result %d", __func__, authenticated);
|
||||
debug3_f("sending result %d", authenticated);
|
||||
mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);
|
||||
|
||||
call_count++;
|
||||
|
@ -930,19 +917,19 @@ mm_answer_bsdauthquery(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
int r;
|
||||
|
||||
if (!options.kbd_interactive_authentication)
|
||||
fatal("%s: kbd-int authentication not enabled", __func__);
|
||||
fatal_f("kbd-int authentication not enabled");
|
||||
success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
|
||||
&prompts, &echo_on) < 0 ? 0 : 1;
|
||||
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_put_u32(m, success)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
if (success) {
|
||||
if ((r = sshbuf_put_cstring(m, prompts[0])) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble prompt");
|
||||
}
|
||||
|
||||
debug3("%s: sending challenge success: %u", __func__, success);
|
||||
debug3_f("sending challenge success: %u", success);
|
||||
mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
|
||||
|
||||
if (success) {
|
||||
|
@ -962,23 +949,23 @@ mm_answer_bsdauthrespond(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
int r, authok;
|
||||
|
||||
if (!options.kbd_interactive_authentication)
|
||||
fatal("%s: kbd-int authentication not enabled", __func__);
|
||||
fatal_f("kbd-int authentication not enabled");
|
||||
if (authctxt->as == NULL)
|
||||
fatal("%s: no bsd auth session", __func__);
|
||||
fatal_f("no bsd auth session");
|
||||
|
||||
if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
authok = options.challenge_response_authentication &&
|
||||
auth_userresponse(authctxt->as, response, 0);
|
||||
authctxt->as = NULL;
|
||||
debug3("%s: <%s> = <%d>", __func__, response, authok);
|
||||
debug3_f("<%s> = <%d>", response, authok);
|
||||
free(response);
|
||||
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_put_u32(m, authok)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
debug3("%s: sending authenticated: %d", __func__, authok);
|
||||
debug3_f("sending authenticated: %d", authok);
|
||||
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
|
||||
|
||||
auth_method = "keyboard-interactive";
|
||||
|
@ -1161,21 +1148,21 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
int r, allowed = 0;
|
||||
struct sshauthopt *opts = NULL;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
if ((r = sshbuf_get_u32(m, &type)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &cuser, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
|
||||
(r = sshkey_froms(m, &key)) != 0 ||
|
||||
(r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("%s: key_from_blob: %p", __func__, key);
|
||||
debug3_f("key_from_blob: %p", key);
|
||||
|
||||
if (key != NULL && authctxt->valid) {
|
||||
/* These should not make it past the privsep child */
|
||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
||||
(datafellows & SSH_BUG_RSASIGMD5) != 0)
|
||||
fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__);
|
||||
fatal_f("passed a SSH_BUG_RSASIGMD5 key");
|
||||
|
||||
switch (type) {
|
||||
case MM_USERKEY:
|
||||
|
@ -1206,13 +1193,13 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
cuser, chost);
|
||||
break;
|
||||
default:
|
||||
fatal("%s: unknown key type %d", __func__, type);
|
||||
fatal_f("unknown key type %d", type);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
debug3("%s: %s authentication%s: %s key is %s", __func__,
|
||||
auth_method, pubkey_auth_attempt ? "" : " test",
|
||||
debug3_f("%s authentication%s: %s key is %s", auth_method,
|
||||
pubkey_auth_attempt ? "" : " test",
|
||||
(key == NULL || !authctxt->valid) ? "invalid" : sshkey_type(key),
|
||||
allowed ? "allowed" : "not allowed");
|
||||
|
||||
|
@ -1224,7 +1211,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
if (allowed) {
|
||||
/* Save temporarily for comparison in verify */
|
||||
if ((r = sshkey_to_blob(key, &key_blob, &key_bloblen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshkey_to_blob");
|
||||
key_blobtype = type;
|
||||
key_opts = opts;
|
||||
hostbased_cuser = cuser;
|
||||
|
@ -1239,9 +1226,9 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_put_u32(m, allowed)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0)
|
||||
fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshauthopt_serialise");
|
||||
mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
|
||||
|
||||
if (!allowed)
|
||||
|
@ -1261,7 +1248,7 @@ monitor_valid_userblob(const u_char *data, u_int datalen)
|
|||
int r, fail = 0;
|
||||
|
||||
if ((b = sshbuf_from(data, datalen)) == NULL)
|
||||
fatal("%s: sshbuf_from", __func__);
|
||||
fatal_f("sshbuf_from");
|
||||
|
||||
if (datafellows & SSH_OLD_SESSIONID) {
|
||||
p = sshbuf_ptr(b);
|
||||
|
@ -1271,21 +1258,21 @@ monitor_valid_userblob(const u_char *data, u_int datalen)
|
|||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
|
||||
fail++;
|
||||
if ((r = sshbuf_consume(b, session_id2_len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "consume");
|
||||
} else {
|
||||
if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse sessionid");
|
||||
if ((session_id2 == NULL) ||
|
||||
(len != session_id2_len) ||
|
||||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
|
||||
fail++;
|
||||
}
|
||||
if ((r = sshbuf_get_u8(b, &type)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse type");
|
||||
if (type != SSH2_MSG_USERAUTH_REQUEST)
|
||||
fail++;
|
||||
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse userstyle");
|
||||
xasprintf(&userstyle, "%s%s%s", authctxt->user,
|
||||
authctxt->style ? ":" : "",
|
||||
authctxt->style ? authctxt->style : "");
|
||||
|
@ -1298,17 +1285,17 @@ monitor_valid_userblob(const u_char *data, u_int datalen)
|
|||
free(cp);
|
||||
if ((r = sshbuf_skip_string(b)) != 0 || /* service */
|
||||
(r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse method");
|
||||
if (strcmp("publickey", cp) != 0)
|
||||
fail++;
|
||||
free(cp);
|
||||
if ((r = sshbuf_get_u8(b, &type)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse pktype");
|
||||
if (type == 0)
|
||||
fail++;
|
||||
if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */
|
||||
(r = sshbuf_skip_string(b)) != 0) /* pkblob */
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse pk");
|
||||
if (sshbuf_len(b) != 0)
|
||||
fail++;
|
||||
sshbuf_free(b);
|
||||
|
@ -1327,9 +1314,9 @@ monitor_valid_hostbasedblob(const u_char *data, u_int datalen,
|
|||
u_char type;
|
||||
|
||||
if ((b = sshbuf_from(data, datalen)) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse sessionid");
|
||||
|
||||
if ((session_id2 == NULL) ||
|
||||
(len != session_id2_len) ||
|
||||
|
@ -1337,11 +1324,11 @@ monitor_valid_hostbasedblob(const u_char *data, u_int datalen,
|
|||
fail++;
|
||||
|
||||
if ((r = sshbuf_get_u8(b, &type)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse type");
|
||||
if (type != SSH2_MSG_USERAUTH_REQUEST)
|
||||
fail++;
|
||||
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse userstyle");
|
||||
xasprintf(&userstyle, "%s%s%s", authctxt->user,
|
||||
authctxt->style ? ":" : "",
|
||||
authctxt->style ? authctxt->style : "");
|
||||
|
@ -1354,17 +1341,17 @@ monitor_valid_hostbasedblob(const u_char *data, u_int datalen,
|
|||
free(cp);
|
||||
if ((r = sshbuf_skip_string(b)) != 0 || /* service */
|
||||
(r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse method");
|
||||
if (strcmp(cp, "hostbased") != 0)
|
||||
fail++;
|
||||
free(cp);
|
||||
if ((r = sshbuf_skip_string(b)) != 0 || /* pkalg */
|
||||
(r = sshbuf_skip_string(b)) != 0) /* pkblob */
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse pk");
|
||||
|
||||
/* verify client host, strip trailing dot if necessary */
|
||||
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse host");
|
||||
if (((len = strlen(cp)) > 0) && cp[len - 1] == '.')
|
||||
cp[len - 1] = '\0';
|
||||
if (strcmp(cp, chost) != 0)
|
||||
|
@ -1373,7 +1360,7 @@ monitor_valid_hostbasedblob(const u_char *data, u_int datalen,
|
|||
|
||||
/* verify client user */
|
||||
if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse ruser");
|
||||
if (strcmp(cp, cuser) != 0)
|
||||
fail++;
|
||||
free(cp);
|
||||
|
@ -1399,11 +1386,11 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
(r = sshbuf_get_string_direct(m, &signature, &signaturelen)) != 0 ||
|
||||
(r = sshbuf_get_string_direct(m, &data, &datalen)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
if (hostbased_cuser == NULL || hostbased_chost == NULL ||
|
||||
!monitor_allowed_key(blob, bloblen))
|
||||
fatal("%s: bad key, not previously allowed", __func__);
|
||||
fatal_f("bad key, not previously allowed");
|
||||
|
||||
/* Empty signature algorithm means NULL. */
|
||||
if (*sigalg == '\0') {
|
||||
|
@ -1413,7 +1400,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
/* XXX use sshkey_froms here; need to change key_blob, etc. */
|
||||
if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
|
||||
fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse key");
|
||||
|
||||
switch (key_blobtype) {
|
||||
case MM_USERKEY:
|
||||
|
@ -1430,15 +1417,15 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
break;
|
||||
}
|
||||
if (!valid_data)
|
||||
fatal("%s: bad signature data blob", __func__);
|
||||
fatal_f("bad signature data blob");
|
||||
|
||||
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed", __func__);
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
|
||||
ret = sshkey_verify(key, signature, signaturelen, data, datalen,
|
||||
sigalg, ssh->compat, &sig_details);
|
||||
debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key,
|
||||
debug3_f("%s %p signature %s%s%s", auth_method, key,
|
||||
(ret == 0) ? "verified" : "unverified",
|
||||
(ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : "");
|
||||
|
||||
|
@ -1482,11 +1469,11 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
encoded_ret = (ret != 0);
|
||||
if ((r = sshbuf_put_u32(m, encoded_ret)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, sig_details != NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
if (sig_details != NULL) {
|
||||
if ((r = sshbuf_put_u32(m, sig_details->sk_counter)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, sig_details->sk_flags)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble sk");
|
||||
}
|
||||
sshkey_sig_details_free(sig_details);
|
||||
mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
|
||||
|
@ -1526,9 +1513,9 @@ mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw)
|
|||
static void
|
||||
mm_session_close(Session *s)
|
||||
{
|
||||
debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
|
||||
debug3_f("session %d pid %ld", s->self, (long)s->pid);
|
||||
if (s->ttyfd != -1) {
|
||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
|
||||
debug3_f("tty %s ptyfd %d", s->tty, s->ptyfd);
|
||||
session_pty_cleanup2(s);
|
||||
}
|
||||
session_unused(s->self);
|
||||
|
@ -1541,7 +1528,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
Session *s;
|
||||
int r, res, fd0;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
sshbuf_reset(m);
|
||||
s = session_new();
|
||||
|
@ -1557,11 +1544,11 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
if ((r = sshbuf_put_u32(m, 1)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, s->tty)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
/* We need to trick ttyslot */
|
||||
if (dup2(s->ttyfd, 0) == -1)
|
||||
fatal("%s: dup2", __func__);
|
||||
fatal_f("dup2");
|
||||
|
||||
mm_record_login(ssh, s, authctxt->pw);
|
||||
|
||||
|
@ -1570,20 +1557,20 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
/* send messages generated by record_login */
|
||||
if ((r = sshbuf_put_stringb(m, loginmsg)) != 0)
|
||||
fatal("%s: put login message: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble loginmsg");
|
||||
sshbuf_reset(loginmsg);
|
||||
|
||||
mm_request_send(sock, MONITOR_ANS_PTY, m);
|
||||
|
||||
if (mm_send_fd(sock, s->ptyfd) == -1 ||
|
||||
mm_send_fd(sock, s->ttyfd) == -1)
|
||||
fatal("%s: send fds failed", __func__);
|
||||
fatal_f("send fds failed");
|
||||
|
||||
/* make sure nothing uses fd 0 */
|
||||
if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1)
|
||||
fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
|
||||
fatal_f("open(/dev/null): %s", strerror(errno));
|
||||
if (fd0 != 0)
|
||||
error("%s: fd0 %d != 0", __func__, fd0);
|
||||
error_f("fd0 %d != 0", fd0);
|
||||
|
||||
/* slave side of pty is not needed */
|
||||
close(s->ttyfd);
|
||||
|
@ -1591,7 +1578,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
/* no need to dup() because nobody closes ptyfd */
|
||||
s->ptymaster = s->ptyfd;
|
||||
|
||||
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);
|
||||
debug3_f("tty %s ptyfd %d", s->tty, s->ttyfd);
|
||||
|
||||
return (0);
|
||||
|
||||
|
@ -1599,7 +1586,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
if (s != NULL)
|
||||
mm_session_close(s);
|
||||
if ((r = sshbuf_put_u32(m, 0)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble 0");
|
||||
mm_request_send(sock, MONITOR_ANS_PTY, m);
|
||||
return (0);
|
||||
}
|
||||
|
@ -1611,10 +1598,10 @@ mm_answer_pty_cleanup(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
char *tty;
|
||||
int r;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if ((r = sshbuf_get_cstring(m, &tty, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse tty");
|
||||
if ((s = session_by_tty(tty)) != NULL)
|
||||
mm_session_close(s);
|
||||
sshbuf_reset(m);
|
||||
|
@ -1628,7 +1615,7 @@ mm_answer_term(struct ssh *ssh, int sock, struct sshbuf *req)
|
|||
extern struct monitor *pmonitor;
|
||||
int res, status;
|
||||
|
||||
debug3("%s: tearing down sessions", __func__);
|
||||
debug3_f("tearing down sessions");
|
||||
|
||||
/* The child is terminating */
|
||||
session_destroy_all(ssh, &mm_session_close);
|
||||
|
@ -1710,9 +1697,9 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
|
|||
struct kex *kex;
|
||||
int r;
|
||||
|
||||
debug3("%s: packet_set_state", __func__);
|
||||
debug3_f("packet_set_state");
|
||||
if ((r = ssh_packet_set_state(ssh, child_state)) != 0)
|
||||
fatal("%s: packet_set_state: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "packet_set_state");
|
||||
sshbuf_free(child_state);
|
||||
child_state = NULL;
|
||||
|
||||
|
@ -1744,13 +1731,13 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
|
|||
void
|
||||
mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor)
|
||||
{
|
||||
debug3("%s: Waiting for new keys", __func__);
|
||||
debug3_f("Waiting for new keys");
|
||||
|
||||
if ((child_state = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
|
||||
child_state);
|
||||
debug3("%s: GOT new keys", __func__);
|
||||
debug3_f("GOT new keys");
|
||||
}
|
||||
|
||||
|
||||
|
@ -1770,7 +1757,7 @@ monitor_openfds(struct monitor *mon, int do_logfds)
|
|||
#endif
|
||||
|
||||
if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
|
||||
fatal("%s: socketpair: %s", __func__, strerror(errno));
|
||||
fatal_f("socketpair: %s", strerror(errno));
|
||||
#ifdef SO_ZEROIZE
|
||||
if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1)
|
||||
error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));
|
||||
|
@ -1784,7 +1771,7 @@ monitor_openfds(struct monitor *mon, int do_logfds)
|
|||
|
||||
if (do_logfds) {
|
||||
if (pipe(pair) == -1)
|
||||
fatal("%s: pipe: %s", __func__, strerror(errno));
|
||||
fatal_f("pipe: %s", strerror(errno));
|
||||
FD_CLOSEONEXEC(pair[0]);
|
||||
FD_CLOSEONEXEC(pair[1]);
|
||||
mon->m_log_recvfd = pair[0];
|
||||
|
@ -1823,10 +1810,10 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
int r;
|
||||
|
||||
if (!options.gss_authentication)
|
||||
fatal("%s: GSSAPI authentication not enabled", __func__);
|
||||
fatal_f("GSSAPI authentication not enabled");
|
||||
|
||||
if ((r = sshbuf_get_string(m, &p, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
goid.elements = p;
|
||||
goid.length = len;
|
||||
|
||||
|
@ -1836,7 +1823,7 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_put_u32(m, major)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
|
||||
|
||||
|
@ -1856,10 +1843,10 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
int r;
|
||||
|
||||
if (!options.gss_authentication)
|
||||
fatal("%s: GSSAPI authentication not enabled", __func__);
|
||||
fatal_f("GSSAPI authentication not enabled");
|
||||
|
||||
if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "ssh_gssapi_get_buffer_desc");
|
||||
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
|
||||
free(in.value);
|
||||
|
||||
|
@ -1867,7 +1854,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
if ((r = sshbuf_put_u32(m, major)) != 0 ||
|
||||
(r = sshbuf_put_string(m, out.value, out.length)) != 0 ||
|
||||
(r = sshbuf_put_u32(m, flags)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);
|
||||
|
||||
gss_release_buffer(&minor, &out);
|
||||
|
@ -1888,11 +1875,11 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
int r;
|
||||
|
||||
if (!options.gss_authentication)
|
||||
fatal("%s: GSSAPI authentication not enabled", __func__);
|
||||
fatal_f("GSSAPI authentication not enabled");
|
||||
|
||||
if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
|
||||
(r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "ssh_gssapi_get_buffer_desc");
|
||||
|
||||
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
|
||||
|
||||
|
@ -1901,7 +1888,7 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_put_u32(m, ret)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);
|
||||
|
||||
|
@ -1918,15 +1905,15 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
|
|||
const char *displayname;
|
||||
|
||||
if (!options.gss_authentication)
|
||||
fatal("%s: GSSAPI authentication not enabled", __func__);
|
||||
fatal_f("GSSAPI authentication not enabled");
|
||||
|
||||
authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
|
||||
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_put_u32(m, authenticated)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
debug3("%s: sending result %d", __func__, authenticated);
|
||||
debug3_f("sending result %d", authenticated);
|
||||
mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
|
||||
|
||||
auth_method = "gssapi-with-mic";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: monitor_fdpass.c,v 1.21 2016/02/29 20:22:36 jca Exp $ */
|
||||
/* $OpenBSD: monitor_fdpass.c,v 1.22 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
|
||||
* All rights reserved.
|
||||
|
@ -89,17 +89,16 @@ mm_send_fd(int sock, int fd)
|
|||
pfd.events = POLLOUT;
|
||||
while ((n = sendmsg(sock, &msg, 0)) == -1 &&
|
||||
(errno == EAGAIN || errno == EINTR)) {
|
||||
debug3("%s: sendmsg(%d): %s", __func__, fd, strerror(errno));
|
||||
debug3_f("sendmsg(%d): %s", fd, strerror(errno));
|
||||
(void)poll(&pfd, 1, -1);
|
||||
}
|
||||
if (n == -1) {
|
||||
error("%s: sendmsg(%d): %s", __func__, fd,
|
||||
strerror(errno));
|
||||
error_f("sendmsg(%d): %s", fd, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (n != 1) {
|
||||
error("%s: sendmsg: expected sent 1 got %zd", __func__, n);
|
||||
error_f("sendmsg: expected sent 1 got %zd", n);
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
|
@ -145,35 +144,34 @@ mm_receive_fd(int sock)
|
|||
pfd.events = POLLIN;
|
||||
while ((n = recvmsg(sock, &msg, 0)) == -1 &&
|
||||
(errno == EAGAIN || errno == EINTR)) {
|
||||
debug3("%s: recvmsg: %s", __func__, strerror(errno));
|
||||
debug3_f("recvmsg: %s", strerror(errno));
|
||||
(void)poll(&pfd, 1, -1);
|
||||
}
|
||||
if (n == -1) {
|
||||
error("%s: recvmsg: %s", __func__, strerror(errno));
|
||||
error_f("recvmsg: %s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (n != 1) {
|
||||
error("%s: recvmsg: expected received 1 got %zd", __func__, n);
|
||||
error_f("recvmsg: expected received 1 got %zd", n);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef HAVE_ACCRIGHTS_IN_MSGHDR
|
||||
if (msg.msg_accrightslen != sizeof(fd)) {
|
||||
error("%s: no fd", __func__);
|
||||
error_f("no fd");
|
||||
return -1;
|
||||
}
|
||||
#else
|
||||
cmsg = CMSG_FIRSTHDR(&msg);
|
||||
if (cmsg == NULL) {
|
||||
error("%s: no message header", __func__);
|
||||
error_f("no message header");
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifndef BROKEN_CMSG_TYPE
|
||||
if (cmsg->cmsg_type != SCM_RIGHTS) {
|
||||
error("%s: expected type %d got %d", __func__,
|
||||
SCM_RIGHTS, cmsg->cmsg_type);
|
||||
error_f("expected %d got %d", SCM_RIGHTS, cmsg->cmsg_type);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
@ -181,7 +179,7 @@ mm_receive_fd(int sock)
|
|||
#endif
|
||||
return fd;
|
||||
#else
|
||||
error("%s: file descriptor passing not supported", __func__);
|
||||
error_f("file descriptor passing not supported");
|
||||
return -1;
|
||||
#endif
|
||||
}
|
||||
|
|
227
monitor_wrap.c
227
monitor_wrap.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: monitor_wrap.c,v 1.120 2020/10/16 13:26:13 djm Exp $ */
|
||||
/* $OpenBSD: monitor_wrap.c,v 1.121 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
|
@ -91,10 +91,10 @@ mm_log_handler(const char *file, const char *func, int line,
|
|||
size_t len;
|
||||
|
||||
if (mon->m_log_sendfd == -1)
|
||||
fatal("%s: no log channel", __func__);
|
||||
fatal_f("no log channel");
|
||||
|
||||
if ((log_msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */
|
||||
(r = sshbuf_put_cstring(log_msg, file)) != 0 ||
|
||||
|
@ -102,13 +102,13 @@ mm_log_handler(const char *file, const char *func, int line,
|
|||
(r = sshbuf_put_u32(log_msg, (u_int)line)) != 0 ||
|
||||
(r = sshbuf_put_u32(log_msg, level)) != 0 ||
|
||||
(r = sshbuf_put_cstring(log_msg, msg)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)
|
||||
fatal("%s: bad length %zu", __func__, len);
|
||||
fatal_f("bad length %zu", len);
|
||||
POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4);
|
||||
if (atomicio(vwrite, mon->m_log_sendfd,
|
||||
sshbuf_mutable_ptr(log_msg), len) != len)
|
||||
fatal("%s: write: %s", __func__, strerror(errno));
|
||||
fatal_f("write: %s", strerror(errno));
|
||||
sshbuf_free(log_msg);
|
||||
}
|
||||
|
||||
|
@ -128,16 +128,16 @@ mm_request_send(int sock, enum monitor_reqtype type, struct sshbuf *m)
|
|||
size_t mlen = sshbuf_len(m);
|
||||
u_char buf[5];
|
||||
|
||||
debug3("%s entering: type %d", __func__, type);
|
||||
debug3_f("entering, type %d", type);
|
||||
|
||||
if (mlen >= 0xffffffff)
|
||||
fatal("%s: bad length %zu", __func__, mlen);
|
||||
fatal_f("bad length %zu", mlen);
|
||||
POKE_U32(buf, mlen + 1);
|
||||
buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
|
||||
if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
|
||||
fatal("%s: write: %s", __func__, strerror(errno));
|
||||
fatal_f("write: %s", strerror(errno));
|
||||
if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen)
|
||||
fatal("%s: write: %s", __func__, strerror(errno));
|
||||
fatal_f("write: %s", strerror(errno));
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -147,21 +147,21 @@ mm_request_receive(int sock, struct sshbuf *m)
|
|||
u_int msg_len;
|
||||
int r;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
|
||||
if (errno == EPIPE)
|
||||
cleanup_exit(255);
|
||||
fatal("%s: read: %s", __func__, strerror(errno));
|
||||
fatal_f("read: %s", strerror(errno));
|
||||
}
|
||||
msg_len = PEEK_U32(buf);
|
||||
if (msg_len > 256 * 1024)
|
||||
fatal("%s: read: bad msg_len %d", __func__, msg_len);
|
||||
fatal_f("read: bad msg_len %d", msg_len);
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reserve");
|
||||
if (atomicio(read, sock, p, msg_len) != msg_len)
|
||||
fatal("%s: read: %s", __func__, strerror(errno));
|
||||
fatal_f("read: %s", strerror(errno));
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -170,14 +170,13 @@ mm_request_receive_expect(int sock, enum monitor_reqtype type, struct sshbuf *m)
|
|||
u_char rtype;
|
||||
int r;
|
||||
|
||||
debug3("%s entering: type %d", __func__, type);
|
||||
debug3_f("entering, type %d", type);
|
||||
|
||||
mm_request_receive(sock, m);
|
||||
if ((r = sshbuf_get_u8(m, &rtype)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
if (rtype != type)
|
||||
fatal("%s: read: rtype %d != type %d", __func__,
|
||||
rtype, type);
|
||||
fatal_f("read: rtype %d != type %d", rtype, type);
|
||||
}
|
||||
|
||||
#ifdef WITH_OPENSSL
|
||||
|
@ -190,27 +189,27 @@ mm_choose_dh(int min, int nbits, int max)
|
|||
struct sshbuf *m;
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u32(m, min)) != 0 ||
|
||||
(r = sshbuf_put_u32(m, nbits)) != 0 ||
|
||||
(r = sshbuf_put_u32(m, max)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m);
|
||||
|
||||
debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
|
||||
debug3_f("waiting for MONITOR_ANS_MODULI");
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m);
|
||||
|
||||
if ((r = sshbuf_get_u8(m, &success)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse success");
|
||||
if (success == 0)
|
||||
fatal("%s: MONITOR_ANS_MODULI failed", __func__);
|
||||
fatal_f("MONITOR_ANS_MODULI failed");
|
||||
|
||||
if ((r = sshbuf_get_bignum2(m, &p)) != 0 ||
|
||||
(r = sshbuf_get_bignum2(m, &g)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse group");
|
||||
|
||||
debug3("%s: remaining %zu", __func__, sshbuf_len(m));
|
||||
debug3_f("remaining %zu", sshbuf_len(m));
|
||||
sshbuf_free(m);
|
||||
|
||||
return (dh_new_group(g, p));
|
||||
|
@ -227,21 +226,21 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
|
|||
u_int ndx = kex->host_key_index(key, 0, ssh);
|
||||
int r;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
|
||||
(r = sshbuf_put_string(m, data, datalen)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, hostkey_alg)) != 0 ||
|
||||
(r = sshbuf_put_u32(m, compat)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m);
|
||||
|
||||
debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
|
||||
debug3_f("waiting for MONITOR_ANS_SIGN");
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m);
|
||||
if ((r = sshbuf_get_string(m, sigp, lenp)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
sshbuf_free(m);
|
||||
|
||||
return (0);
|
||||
|
@ -259,20 +258,20 @@ mm_getpwnamallow(struct ssh *ssh, const char *username)
|
|||
u_char ok;
|
||||
const u_char *p;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_cstring(m, username)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m);
|
||||
|
||||
debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
|
||||
debug3_f("waiting for MONITOR_ANS_PWNAM");
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m);
|
||||
|
||||
if ((r = sshbuf_get_u8(m, &ok)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse success");
|
||||
if (ok == 0) {
|
||||
pw = NULL;
|
||||
goto out;
|
||||
|
@ -281,9 +280,9 @@ mm_getpwnamallow(struct ssh *ssh, const char *username)
|
|||
/* XXX don't like passing struct passwd like this */
|
||||
pw = xcalloc(sizeof(*pw), 1);
|
||||
if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
if (len != sizeof(*pw))
|
||||
fatal("%s: struct passwd size mismatch", __func__);
|
||||
fatal_f("struct passwd size mismatch");
|
||||
memcpy(pw, p, sizeof(*pw));
|
||||
|
||||
if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 ||
|
||||
|
@ -296,24 +295,21 @@ mm_getpwnamallow(struct ssh *ssh, const char *username)
|
|||
#endif
|
||||
(r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse pw");
|
||||
|
||||
out:
|
||||
/* copy options block as a Match directive may have changed some */
|
||||
if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse opts");
|
||||
if (len != sizeof(*newopts))
|
||||
fatal("%s: option block size mismatch", __func__);
|
||||
fatal_f("option block size mismatch");
|
||||
newopts = xcalloc(sizeof(*newopts), 1);
|
||||
memcpy(newopts, p, sizeof(*newopts));
|
||||
|
||||
#define M_CP_STROPT(x) do { \
|
||||
if (newopts->x != NULL) { \
|
||||
if ((r = sshbuf_get_cstring(m, \
|
||||
&newopts->x, NULL)) != 0) \
|
||||
fatal("%s: buffer error: %s", \
|
||||
__func__, ssh_err(r)); \
|
||||
} \
|
||||
if (newopts->x != NULL && \
|
||||
(r = sshbuf_get_cstring(m, &newopts->x, NULL)) != 0) \
|
||||
fatal_fr(r, "parse %s", #x); \
|
||||
} while (0)
|
||||
#define M_CP_STRARRAYOPT(x, nx) do { \
|
||||
newopts->x = newopts->nx == 0 ? \
|
||||
|
@ -321,8 +317,7 @@ out:
|
|||
for (i = 0; i < newopts->nx; i++) { \
|
||||
if ((r = sshbuf_get_cstring(m, \
|
||||
&newopts->x[i], NULL)) != 0) \
|
||||
fatal("%s: buffer error: %s", \
|
||||
__func__, ssh_err(r)); \
|
||||
fatal_fr(r, "parse %s", #x); \
|
||||
} \
|
||||
} while (0)
|
||||
/* See comment in servconf.h */
|
||||
|
@ -350,17 +345,17 @@ mm_auth2_read_banner(void)
|
|||
char *banner;
|
||||
int r;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m);
|
||||
sshbuf_reset(m);
|
||||
|
||||
mm_request_receive_expect(pmonitor->m_recvfd,
|
||||
MONITOR_ANS_AUTH2_READ_BANNER, m);
|
||||
if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
sshbuf_free(m);
|
||||
|
||||
/* treat empty banner as missing banner */
|
||||
|
@ -379,13 +374,13 @@ mm_inform_authserv(char *service, char *style)
|
|||
struct sshbuf *m;
|
||||
int r;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_cstring(m, service)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, style ? style : "")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m);
|
||||
|
||||
|
@ -402,32 +397,31 @@ mm_auth_password(struct ssh *ssh, char *password)
|
|||
u_int maxtries = 0;
|
||||
#endif
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_cstring(m, password)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m);
|
||||
|
||||
debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
|
||||
debug3_f("waiting for MONITOR_ANS_AUTHPASSWORD");
|
||||
mm_request_receive_expect(pmonitor->m_recvfd,
|
||||
MONITOR_ANS_AUTHPASSWORD, m);
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
#ifdef USE_PAM
|
||||
if ((r = sshbuf_get_u32(m, &maxtries)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse PAM");
|
||||
if (maxtries > INT_MAX)
|
||||
fatal("%s: bad maxtries %u", __func__, maxtries);
|
||||
fatal_f(r, "bad maxtries");
|
||||
sshpam_set_maxtries_reached(maxtries);
|
||||
#endif
|
||||
|
||||
sshbuf_free(m);
|
||||
|
||||
debug3("%s: user %sauthenticated",
|
||||
__func__, authenticated ? "" : "not ");
|
||||
debug3_f("user %sauthenticated", authenticated ? "" : "not ");
|
||||
return (authenticated);
|
||||
}
|
||||
|
||||
|
@ -454,33 +448,31 @@ mm_key_allowed(enum mm_keytype type, const char *user, const char *host,
|
|||
int r, allowed = 0;
|
||||
struct sshauthopt *opts = NULL;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if (authoptp != NULL)
|
||||
*authoptp = NULL;
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u32(m, type)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, user ? user : "")) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, host ? host : "")) != 0 ||
|
||||
(r = sshkey_puts(key, m)) != 0 ||
|
||||
(r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m);
|
||||
|
||||
debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
|
||||
debug3_f("waiting for MONITOR_ANS_KEYALLOWED");
|
||||
mm_request_receive_expect(pmonitor->m_recvfd,
|
||||
MONITOR_ANS_KEYALLOWED, m);
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &allowed)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
if (allowed && type == MM_USERKEY) {
|
||||
if ((r = sshauthopt_deserialise(m, &opts)) != 0)
|
||||
fatal("%s: sshauthopt_deserialise: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
fatal_fr(r, "parse");
|
||||
if (allowed && type == MM_USERKEY &&
|
||||
(r = sshauthopt_deserialise(m, &opts)) != 0)
|
||||
fatal_fr(r, "sshauthopt_deserialise");
|
||||
sshbuf_free(m);
|
||||
|
||||
if (authoptp != NULL) {
|
||||
|
@ -509,31 +501,31 @@ mm_sshkey_verify(const struct sshkey *key, const u_char *sig, size_t siglen,
|
|||
u_char sig_details_present, flags;
|
||||
u_int counter;
|
||||
|
||||
debug3("%s entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if (sig_detailsp != NULL)
|
||||
*sig_detailsp = NULL;
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshkey_puts(key, m)) != 0 ||
|
||||
(r = sshbuf_put_string(m, sig, siglen)) != 0 ||
|
||||
(r = sshbuf_put_string(m, data, datalen)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m);
|
||||
|
||||
debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
|
||||
debug3_f("waiting for MONITOR_ANS_KEYVERIFY");
|
||||
mm_request_receive_expect(pmonitor->m_recvfd,
|
||||
MONITOR_ANS_KEYVERIFY, m);
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 ||
|
||||
(r = sshbuf_get_u8(m, &sig_details_present)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
if (sig_details_present && encoded_ret == 0) {
|
||||
if ((r = sshbuf_get_u32(m, &counter)) != 0 ||
|
||||
(r = sshbuf_get_u8(m, &flags)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse sig_details");
|
||||
if (sig_detailsp != NULL) {
|
||||
*sig_detailsp = xcalloc(1, sizeof(**sig_detailsp));
|
||||
(*sig_detailsp)->sk_counter = counter;
|
||||
|
@ -555,12 +547,11 @@ mm_send_keystate(struct ssh *ssh, struct monitor *monitor)
|
|||
int r;
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = ssh_packet_get_state(ssh, m)) != 0)
|
||||
fatal("%s: get_state failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "ssh_packet_get_state");
|
||||
mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m);
|
||||
debug3("%s: Finished sending state", __func__);
|
||||
debug3_f("Finished sending state");
|
||||
sshbuf_free(m);
|
||||
}
|
||||
|
||||
|
@ -574,7 +565,7 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
|
|||
/* Kludge: ensure there are fds free to receive the pty/tty */
|
||||
if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
|
||||
(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
|
||||
error("%s: cannot allocate fds for pty", __func__);
|
||||
error_f("cannot allocate fds for pty");
|
||||
if (tmp1 > 0)
|
||||
close(tmp1);
|
||||
if (tmp2 > 0)
|
||||
|
@ -585,34 +576,34 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
|
|||
close(tmp2);
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m);
|
||||
|
||||
debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
|
||||
debug3_f("waiting for MONITOR_ANS_PTY");
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m);
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &success)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse success");
|
||||
if (success == 0) {
|
||||
debug3("%s: pty alloc failed", __func__);
|
||||
debug3_f("pty alloc failed");
|
||||
sshbuf_free(m);
|
||||
return (0);
|
||||
}
|
||||
if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(m, &msg, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
sshbuf_free(m);
|
||||
|
||||
strlcpy(namebuf, p, namebuflen); /* Possible truncation */
|
||||
free(p);
|
||||
|
||||
if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "put loginmsg");
|
||||
free(msg);
|
||||
|
||||
if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
|
||||
(*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
|
||||
fatal("%s: receive fds failed", __func__);
|
||||
fatal_f("receive fds failed");
|
||||
|
||||
/* Success */
|
||||
return (1);
|
||||
|
@ -627,9 +618,9 @@ mm_session_pty_cleanup2(Session *s)
|
|||
if (s->ttyfd == -1)
|
||||
return;
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_cstring(m, s->tty)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assmble");
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m);
|
||||
sshbuf_free(m);
|
||||
|
||||
|
@ -802,7 +793,7 @@ mm_terminate(void)
|
|||
struct sshbuf *m;
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m);
|
||||
sshbuf_free(m);
|
||||
}
|
||||
|
@ -828,31 +819,31 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
|
|||
char *challenge;
|
||||
int r;
|
||||
|
||||
debug3("%s: entering", __func__);
|
||||
debug3_f("entering");
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m);
|
||||
|
||||
mm_request_receive_expect(pmonitor->m_recvfd,
|
||||
MONITOR_ANS_BSDAUTHQUERY, m);
|
||||
if ((r = sshbuf_get_u32(m, &success)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse success");
|
||||
if (success == 0) {
|
||||
debug3("%s: no challenge", __func__);
|
||||
debug3_f("no challenge");
|
||||
sshbuf_free(m);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
/* Get the challenge, and format the response */
|
||||
if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse challenge");
|
||||
sshbuf_free(m);
|
||||
|
||||
mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
|
||||
(*prompts)[0] = challenge;
|
||||
|
||||
debug3("%s: received challenge: %s", __func__, challenge);
|
||||
debug3_f("received challenge: %s", challenge);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
@ -863,21 +854,21 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
|
|||
struct sshbuf *m;
|
||||
int r, authok;
|
||||
|
||||
debug3("%s: entering", __func__);
|
||||
debug3_f("entering");
|
||||
if (numresponses != 1)
|
||||
return (-1);
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_cstring(m, responses[0])) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m);
|
||||
|
||||
mm_request_receive_expect(pmonitor->m_recvfd,
|
||||
MONITOR_ANS_BSDAUTHRESPOND, m);
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &authok)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
sshbuf_free(m);
|
||||
|
||||
return ((authok == 0) ? -1 : 0);
|
||||
|
@ -931,15 +922,15 @@ mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)
|
|||
*ctx = NULL;
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m);
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m);
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &major)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
sshbuf_free(m);
|
||||
return (major);
|
||||
|
@ -955,19 +946,19 @@ mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
|
|||
int r;
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_string(m, in->value, in->length)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m);
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m);
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &major)) != 0 ||
|
||||
(r = ssh_gssapi_get_buffer_desc(m, out)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
if (flagsp != NULL) {
|
||||
if ((r = sshbuf_get_u32(m, &flags)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse flags");
|
||||
*flagsp = flags;
|
||||
}
|
||||
|
||||
|
@ -984,17 +975,17 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
|
|||
int r;
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 ||
|
||||
(r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m);
|
||||
mm_request_receive_expect(pmonitor->m_recvfd,
|
||||
MONITOR_ANS_GSSCHECKMIC, m);
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &major)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
sshbuf_free(m);
|
||||
return(major);
|
||||
}
|
||||
|
@ -1006,17 +997,17 @@ mm_ssh_gssapi_userok(char *user)
|
|||
int r, authenticated = 0;
|
||||
|
||||
if ((m = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
|
||||
mm_request_receive_expect(pmonitor->m_recvfd,
|
||||
MONITOR_ANS_GSSUSEROK, m);
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
sshbuf_free(m);
|
||||
debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
|
||||
debug3_f("user %sauthenticated", authenticated ? "" : "not ");
|
||||
return (authenticated);
|
||||
}
|
||||
#endif /* GSSAPI */
|
||||
|
|
16
msg.c
16
msg.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: msg.c,v 1.19 2020/06/24 15:08:53 markus Exp $ */
|
||||
/* $OpenBSD: msg.c,v 1.20 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -47,16 +47,16 @@ ssh_msg_send(int fd, u_char type, struct sshbuf *m)
|
|||
u_char buf[5];
|
||||
u_int mlen = sshbuf_len(m);
|
||||
|
||||
debug3("%s: type %u", __func__, (unsigned int)type & 0xff);
|
||||
debug3_f("type %u", (unsigned int)type & 0xff);
|
||||
|
||||
put_u32(buf, mlen + 1);
|
||||
buf[4] = type; /* 1st byte of payload is mesg-type */
|
||||
if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) {
|
||||
error("%s: write: %s", __func__, strerror(errno));
|
||||
error_f("write: %s", strerror(errno));
|
||||
return (-1);
|
||||
}
|
||||
if (atomicio(vwrite, fd, sshbuf_mutable_ptr(m), mlen) != mlen) {
|
||||
error("%s: write: %s", __func__, strerror(errno));
|
||||
error_f("write: %s", strerror(errno));
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
|
@ -73,21 +73,21 @@ ssh_msg_recv(int fd, struct sshbuf *m)
|
|||
|
||||
if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
|
||||
if (errno != EPIPE)
|
||||
error("%s: read header: %s", __func__, strerror(errno));
|
||||
error_f("read header: %s", strerror(errno));
|
||||
return (-1);
|
||||
}
|
||||
msg_len = get_u32(buf);
|
||||
if (msg_len > sshbuf_max_size(m)) {
|
||||
error("%s: read: bad msg_len %u", __func__, msg_len);
|
||||
error_f("read: bad msg_len %u", msg_len);
|
||||
return (-1);
|
||||
}
|
||||
sshbuf_reset(m);
|
||||
if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "reserve");
|
||||
return -1;
|
||||
}
|
||||
if (atomicio(read, fd, p, msg_len) != msg_len) {
|
||||
error("%s: read: %s", __func__, strerror(errno));
|
||||
error_f("read: %s", strerror(errno));
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
|
|
63
nchan.c
63
nchan.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */
|
||||
/* $OpenBSD: nchan.c,v 1.71 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -185,12 +185,11 @@ chan_send_eof2(struct ssh *ssh, Channel *c)
|
|||
switch (c->istate) {
|
||||
case CHAN_INPUT_WAIT_DRAIN:
|
||||
if (!c->have_remote_id)
|
||||
fatal("%s: channel %d: no remote_id",
|
||||
__func__, c->self);
|
||||
fatal_f("channel %d: no remote_id", c->self);
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send CHANNEL_EOF");
|
||||
c->flags |= CHAN_EOF_SENT;
|
||||
break;
|
||||
default:
|
||||
|
@ -214,12 +213,11 @@ chan_send_close2(struct ssh *ssh, Channel *c)
|
|||
error("channel %d: already sent close", c->self);
|
||||
} else {
|
||||
if (!c->have_remote_id)
|
||||
fatal("%s: channel %d: no remote_id",
|
||||
__func__, c->self);
|
||||
fatal_f("channel %d: no remote_id", c->self);
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send CHANNEL_EOF");
|
||||
c->flags |= CHAN_CLOSE_SENT;
|
||||
}
|
||||
}
|
||||
|
@ -238,13 +236,13 @@ chan_send_eow2(struct ssh *ssh, Channel *c)
|
|||
if (!(datafellows & SSH_NEW_OPENSSH))
|
||||
return;
|
||||
if (!c->have_remote_id)
|
||||
fatal("%s: channel %d: no remote_id", __func__, c->self);
|
||||
fatal_f("channel %d: no remote_id", c->self);
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, "eow@openssh.com")) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, 0)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send CHANNEL_EOF");
|
||||
}
|
||||
|
||||
/* shared */
|
||||
|
@ -376,22 +374,20 @@ chan_shutdown_write(struct ssh *ssh, Channel *c)
|
|||
if (c->type == SSH_CHANNEL_LARVAL)
|
||||
return;
|
||||
/* shutdown failure is allowed if write failed already */
|
||||
debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
|
||||
c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd,
|
||||
debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])",
|
||||
c->self, c->istate, c->ostate, c->sock, c->wfd, c->efd,
|
||||
channel_format_extended_usage(c));
|
||||
if (c->sock != -1) {
|
||||
if (shutdown(c->sock, SHUT_WR) == -1) {
|
||||
debug2("channel %d: %s: shutdown() failed for "
|
||||
"fd %d [i%d o%d]: %.100s", c->self, __func__,
|
||||
c->sock, c->istate, c->ostate,
|
||||
strerror(errno));
|
||||
debug2_f("channel %d: shutdown() failed for "
|
||||
"fd %d [i%d o%d]: %.100s", c->self, c->sock,
|
||||
c->istate, c->ostate, strerror(errno));
|
||||
}
|
||||
} else {
|
||||
if (channel_close_fd(ssh, &c->wfd) < 0) {
|
||||
logit("channel %d: %s: close() failed for "
|
||||
"fd %d [i%d o%d]: %.100s",
|
||||
c->self, __func__, c->wfd, c->istate, c->ostate,
|
||||
strerror(errno));
|
||||
logit_f("channel %d: close() failed for "
|
||||
"fd %d [i%d o%d]: %.100s", c->self, c->wfd,
|
||||
c->istate, c->ostate, strerror(errno));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -401,8 +397,8 @@ chan_shutdown_read(struct ssh *ssh, Channel *c)
|
|||
{
|
||||
if (c->type == SSH_CHANNEL_LARVAL)
|
||||
return;
|
||||
debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
|
||||
c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd,
|
||||
debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])",
|
||||
c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd,
|
||||
channel_format_extended_usage(c));
|
||||
if (c->sock != -1) {
|
||||
/*
|
||||
|
@ -411,17 +407,15 @@ chan_shutdown_read(struct ssh *ssh, Channel *c)
|
|||
* HP-UX may return ENOTCONN also.
|
||||
*/
|
||||
if (shutdown(c->sock, SHUT_RD) == -1 && errno != ENOTCONN) {
|
||||
error("channel %d: %s: shutdown() failed for "
|
||||
"fd %d [i%d o%d]: %.100s",
|
||||
c->self, __func__, c->sock, c->istate, c->ostate,
|
||||
strerror(errno));
|
||||
error_f("channel %d: shutdown() failed for "
|
||||
"fd %d [i%d o%d]: %.100s", c->self, c->sock,
|
||||
c->istate, c->ostate, strerror(errno));
|
||||
}
|
||||
} else {
|
||||
if (channel_close_fd(ssh, &c->rfd) < 0) {
|
||||
logit("channel %d: %s: close() failed for "
|
||||
"fd %d [i%d o%d]: %.100s",
|
||||
c->self, __func__, c->rfd, c->istate, c->ostate,
|
||||
strerror(errno));
|
||||
logit_f("channel %d: close() failed for "
|
||||
"fd %d [i%d o%d]: %.100s", c->self, c->rfd,
|
||||
c->istate, c->ostate, strerror(errno));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -434,13 +428,12 @@ chan_shutdown_extended_read(struct ssh *ssh, Channel *c)
|
|||
if (c->extended_usage != CHAN_EXTENDED_READ &&
|
||||
c->extended_usage != CHAN_EXTENDED_IGNORE)
|
||||
return;
|
||||
debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
|
||||
c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd,
|
||||
debug_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])",
|
||||
c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd,
|
||||
channel_format_extended_usage(c));
|
||||
if (channel_close_fd(ssh, &c->efd) < 0) {
|
||||
logit("channel %d: %s: close() failed for "
|
||||
"extended fd %d [i%d o%d]: %.100s",
|
||||
c->self, __func__, c->efd, c->istate, c->ostate,
|
||||
strerror(errno));
|
||||
logit_f("channel %d: close() failed for "
|
||||
"extended fd %d [i%d o%d]: %.100s", c->self, c->efd,
|
||||
c->istate, c->ostate, strerror(errno));
|
||||
}
|
||||
}
|
||||
|
|
51
packet.c
51
packet.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: packet.c,v 1.296 2020/07/05 23:59:45 djm Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.297 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -297,13 +297,13 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
|
|||
int r;
|
||||
|
||||
if (none == NULL) {
|
||||
error("%s: cannot load cipher 'none'", __func__);
|
||||
error_f("cannot load cipher 'none'");
|
||||
return NULL;
|
||||
}
|
||||
if (ssh == NULL)
|
||||
ssh = ssh_alloc_session_state();
|
||||
if (ssh == NULL) {
|
||||
error("%s: could not allocate state", __func__);
|
||||
error_f("could not allocate state");
|
||||
return NULL;
|
||||
}
|
||||
state = ssh->state;
|
||||
|
@ -313,7 +313,7 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
|
|||
(const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 ||
|
||||
(r = cipher_init(&state->receive_context, none,
|
||||
(const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) {
|
||||
error("%s: cipher_init failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "cipher_init failed");
|
||||
free(ssh); /* XXX need ssh_free_session_state? */
|
||||
return NULL;
|
||||
}
|
||||
|
@ -897,8 +897,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
|
|||
max_blocks = &state->max_blocks_in;
|
||||
}
|
||||
if (state->newkeys[mode] != NULL) {
|
||||
debug("%s: rekeying %s, input %llu bytes %llu blocks, "
|
||||
"output %llu bytes %llu blocks", __func__, dir,
|
||||
debug_f("rekeying %s, input %llu bytes %llu blocks, "
|
||||
"output %llu bytes %llu blocks", dir,
|
||||
(unsigned long long)state->p_read.bytes,
|
||||
(unsigned long long)state->p_read.blocks,
|
||||
(unsigned long long)state->p_send.bytes,
|
||||
|
@ -920,7 +920,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
|
|||
return r;
|
||||
}
|
||||
mac->enabled = 1;
|
||||
DBG(debug("%s: cipher_init_context: %s", __func__, dir));
|
||||
DBG(debug_f("cipher_init_context: %s", dir));
|
||||
cipher_free(*ccp);
|
||||
*ccp = NULL;
|
||||
if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len,
|
||||
|
@ -1143,8 +1143,8 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
|
|||
if (tmp > state->extra_pad)
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
pad = state->extra_pad - tmp;
|
||||
DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)",
|
||||
__func__, pad, len, padlen, state->extra_pad));
|
||||
DBG(debug3_f("adding %d (len %d padlen %d extra_pad %d)",
|
||||
pad, len, padlen, state->extra_pad));
|
||||
tmp = padlen;
|
||||
padlen += pad;
|
||||
/* Check whether padlen calculation overflowed */
|
||||
|
@ -1259,7 +1259,7 @@ ssh_packet_send2(struct ssh *ssh)
|
|||
*/
|
||||
if ((need_rekey || state->rekeying) && !ssh_packet_type_is_kex(type)) {
|
||||
if (need_rekey)
|
||||
debug3("%s: rekex triggered", __func__);
|
||||
debug3_f("rekex triggered");
|
||||
debug("enqueue packet: %u", type);
|
||||
p = calloc(1, sizeof(*p));
|
||||
if (p == NULL)
|
||||
|
@ -1301,8 +1301,7 @@ ssh_packet_send2(struct ssh *ssh)
|
|||
*/
|
||||
if (ssh_packet_need_rekeying(ssh,
|
||||
sshbuf_len(p->payload))) {
|
||||
debug3("%s: queued packet triggered rekex",
|
||||
__func__);
|
||||
debug3_f("queued packet triggered rekex");
|
||||
return kex_start_rekex(ssh);
|
||||
}
|
||||
debug("dequeue packet: %u", type);
|
||||
|
@ -1421,7 +1420,7 @@ ssh_packet_read(struct ssh *ssh)
|
|||
int r;
|
||||
|
||||
if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "read");
|
||||
return type;
|
||||
}
|
||||
|
||||
|
@ -1479,7 +1478,7 @@ ssh_packet_read_poll2_mux(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
|||
(r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
|
||||
return r;
|
||||
if (ssh_packet_log_type(*typep))
|
||||
debug3("%s: type %u", __func__, *typep);
|
||||
debug3_f("type %u", *typep);
|
||||
/* sshbuf_dump(state->incoming_packet, stderr); */
|
||||
/* reset for next packet */
|
||||
state->packlen = 0;
|
||||
|
@ -1710,7 +1709,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
|||
|
||||
/* do we need to rekey? */
|
||||
if (ssh_packet_need_rekeying(ssh, 0)) {
|
||||
debug3("%s: rekex triggered", __func__);
|
||||
debug3_f("rekex triggered");
|
||||
if ((r = kex_start_rekex(ssh)) != 0)
|
||||
return r;
|
||||
}
|
||||
|
@ -1836,7 +1835,7 @@ ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...)
|
|||
(r = sshpkt_put_cstring(ssh, "")) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send DEBUG");
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -1892,15 +1891,13 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
|
|||
default:
|
||||
if (vasprintf(&tag, fmt, ap) == -1) {
|
||||
ssh_packet_clear_keys(ssh);
|
||||
logdie("%s: could not allocate failure message",
|
||||
__func__);
|
||||
logdie_f("could not allocate failure message");
|
||||
}
|
||||
ssh_packet_clear_keys(ssh);
|
||||
errno = oerrno;
|
||||
logdie("%s%sConnection %s %s: %s",
|
||||
logdie_r(r, "%s%sConnection %s %s",
|
||||
tag != NULL ? tag : "", tag != NULL ? ": " : "",
|
||||
ssh->state->server_side ? "from" : "to",
|
||||
remote_id, ssh_err(r));
|
||||
ssh->state->server_side ? "from" : "to", remote_id);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1913,7 +1910,7 @@ sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...)
|
|||
sshpkt_vfatal(ssh, r, fmt, ap);
|
||||
/* NOTREACHED */
|
||||
va_end(ap);
|
||||
logdie("%s: should have exited", __func__);
|
||||
logdie_f("should have exited");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -2078,7 +2075,7 @@ ssh_packet_set_tos(struct ssh *ssh, int tos)
|
|||
switch (ssh_packet_connection_af(ssh)) {
|
||||
# ifdef IP_TOS
|
||||
case AF_INET:
|
||||
debug3("%s: set IP_TOS 0x%02x", __func__, tos);
|
||||
debug3_f("set IP_TOS 0x%02x", tos);
|
||||
if (setsockopt(ssh->state->connection_in,
|
||||
IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1)
|
||||
error("setsockopt IP_TOS %d: %.100s:",
|
||||
|
@ -2087,7 +2084,7 @@ ssh_packet_set_tos(struct ssh *ssh, int tos)
|
|||
# endif /* IP_TOS */
|
||||
# ifdef IPV6_TCLASS
|
||||
case AF_INET6:
|
||||
debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos);
|
||||
debug3_f("set IPV6_TCLASS 0x%02x", tos);
|
||||
if (setsockopt(ssh->state->connection_in,
|
||||
IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1)
|
||||
error("setsockopt IPV6_TCLASS %d: %.100s:",
|
||||
|
@ -2216,7 +2213,7 @@ ssh_packet_set_postauth(struct ssh *ssh)
|
|||
{
|
||||
int r;
|
||||
|
||||
debug("%s: called", __func__);
|
||||
debug_f("called");
|
||||
/* This was set in net child, but is not visible in user child */
|
||||
ssh->state->after_authentication = 1;
|
||||
ssh->state->rekeying = 0;
|
||||
|
@ -2472,7 +2469,7 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
|
|||
|
||||
if (sshbuf_len(m))
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
debug3("%s: done", __func__);
|
||||
debug3_f("done");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -2663,7 +2660,7 @@ ssh_packet_send_mux(struct ssh *ssh)
|
|||
cp = sshbuf_mutable_ptr(state->outgoing_packet);
|
||||
type = cp[5];
|
||||
if (ssh_packet_log_type(type))
|
||||
debug3("%s: type %u", __func__, type);
|
||||
debug3_f("type %u", type);
|
||||
/* drop everything, but the connection protocol */
|
||||
if (type >= SSH2_MSG_CONNECTION_MIN &&
|
||||
type <= SSH2_MSG_CONNECTION_MAX) {
|
||||
|
|
23
readconf.c
23
readconf.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: readconf.c,v 1.339 2020/10/16 13:26:13 djm Exp $ */
|
||||
/* $OpenBSD: readconf.c,v 1.340 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -338,7 +338,7 @@ ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
|
|||
ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
|
||||
ssh_digest_update(md, user, strlen(user)) < 0 ||
|
||||
ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
|
||||
fatal("%s: mux digest failed", __func__);
|
||||
fatal_f("mux digest failed");
|
||||
ssh_digest_free(md);
|
||||
return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
|
||||
}
|
||||
|
@ -446,7 +446,7 @@ add_certificate_file(Options *options, const char *path, int userprovided)
|
|||
for (i = 0; i < options->num_certificate_files; i++) {
|
||||
if (options->certificate_file_userprovided[i] == userprovided &&
|
||||
strcmp(options->certificate_files[i], path) == 0) {
|
||||
debug2("%s: ignoring duplicate key %s", __func__, path);
|
||||
debug2_f("ignoring duplicate key %s", path);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
@ -477,7 +477,7 @@ add_identity_file(Options *options, const char *dir, const char *filename,
|
|||
for (i = 0; i < options->num_identity_files; i++) {
|
||||
if (options->identity_file_userprovided[i] == userprovided &&
|
||||
strcmp(options->identity_files[i], path) == 0) {
|
||||
debug2("%s: ignoring duplicate key %s", __func__, path);
|
||||
debug2_f("ignoring duplicate key %s", path);
|
||||
free(path);
|
||||
return;
|
||||
}
|
||||
|
@ -527,7 +527,7 @@ execute_in_shell(const char *cmd)
|
|||
char *argv[4];
|
||||
|
||||
if (stdfd_devnull(1, 1, 0) == -1)
|
||||
fatal("%s: stdfd_devnull failed", __func__);
|
||||
fatal_f("stdfd_devnull failed");
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
|
||||
argv[0] = shell;
|
||||
|
@ -544,11 +544,11 @@ execute_in_shell(const char *cmd)
|
|||
}
|
||||
/* Parent. */
|
||||
if (pid == -1)
|
||||
fatal("%s: fork: %.100s", __func__, strerror(errno));
|
||||
fatal_f("fork: %.100s", strerror(errno));
|
||||
|
||||
while (waitpid(pid, &status, 0) == -1) {
|
||||
if (errno != EINTR && errno != EAGAIN)
|
||||
fatal("%s: waitpid: %s", __func__, strerror(errno));
|
||||
fatal_f("waitpid: %s", strerror(errno));
|
||||
}
|
||||
if (!WIFEXITED(status)) {
|
||||
error("command '%.100s' exited abnormally", cmd);
|
||||
|
@ -1465,10 +1465,9 @@ parse_keytypes:
|
|||
(u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
|
||||
value = (u_char) arg[1] & 31;
|
||||
else {
|
||||
value = 0; /* Avoid compiler warning. */
|
||||
fatal("%.200s line %d: Bad escape character.",
|
||||
filename, linenum);
|
||||
/* NOTREACHED */
|
||||
value = 0; /* Avoid compiler warning. */
|
||||
}
|
||||
if (*activep && *intptr == -1)
|
||||
*intptr = value;
|
||||
|
@ -1866,7 +1865,7 @@ parse_keytypes:
|
|||
return 0;
|
||||
|
||||
default:
|
||||
fatal("%s: Unimplemented opcode %d", __func__, opcode);
|
||||
fatal_f("Unimplemented opcode %d", opcode);
|
||||
}
|
||||
|
||||
/* Check that there is no garbage at end of line. */
|
||||
|
@ -2275,7 +2274,7 @@ fill_default_options(Options * options)
|
|||
do { \
|
||||
if ((r = kex_assemble_names(&options->what, \
|
||||
defaults, all)) != 0) \
|
||||
fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
|
||||
fatal_fr(r, "%s", #what); \
|
||||
} while (0)
|
||||
ASSEMBLE(ciphers, def_cipher, all_cipher);
|
||||
ASSEMBLE(macs, def_mac, all_mac);
|
||||
|
@ -2761,7 +2760,7 @@ dump_client_config(Options *o, const char *host)
|
|||
all_key = sshkey_alg_list(0, 0, 1, ',');
|
||||
if ((r = kex_assemble_names(&o->hostkeyalgorithms, kex_default_pk_alg(),
|
||||
all_key)) != 0)
|
||||
fatal("%s: expand HostKeyAlgorithms: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "expand HostKeyAlgorithms");
|
||||
free(all_key);
|
||||
|
||||
/* Most interesting options first: user, host, port */
|
||||
|
|
30
readpass.c
30
readpass.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: readpass.c,v 1.64 2020/10/03 09:22:26 djm Exp $ */
|
||||
/* $OpenBSD: readpass.c,v 1.65 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -58,27 +58,27 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint)
|
|||
void (*osigchld)(int);
|
||||
|
||||
if (fflush(stdout) != 0)
|
||||
error("%s: fflush: %s", __func__, strerror(errno));
|
||||
error_f("fflush: %s", strerror(errno));
|
||||
if (askpass == NULL)
|
||||
fatal("internal error: askpass undefined");
|
||||
if (pipe(p) == -1) {
|
||||
error("%s: pipe: %s", __func__, strerror(errno));
|
||||
error_f("pipe: %s", strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
osigchld = ssh_signal(SIGCHLD, SIG_DFL);
|
||||
if ((pid = fork()) == -1) {
|
||||
error("%s: fork: %s", __func__, strerror(errno));
|
||||
error_f("fork: %s", strerror(errno));
|
||||
ssh_signal(SIGCHLD, osigchld);
|
||||
return NULL;
|
||||
}
|
||||
if (pid == 0) {
|
||||
close(p[0]);
|
||||
if (dup2(p[1], STDOUT_FILENO) == -1)
|
||||
fatal("%s: dup2: %s", __func__, strerror(errno));
|
||||
fatal_f("dup2: %s", strerror(errno));
|
||||
if (env_hint != NULL)
|
||||
setenv("SSH_ASKPASS_PROMPT", env_hint, 1);
|
||||
execlp(askpass, askpass, msg, (char *)NULL);
|
||||
fatal("%s: exec(%s): %s", __func__, askpass, strerror(errno));
|
||||
fatal_f("exec(%s): %s", askpass, strerror(errno));
|
||||
}
|
||||
close(p[1]);
|
||||
|
||||
|
@ -141,7 +141,7 @@ read_passphrase(const char *prompt, int flags)
|
|||
|
||||
rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
|
||||
if (use_askpass)
|
||||
debug("%s: requested to askpass", __func__);
|
||||
debug_f("requested to askpass");
|
||||
else if (flags & RP_USE_ASKPASS)
|
||||
use_askpass = 1;
|
||||
else if (flags & RP_ALLOW_STDIN) {
|
||||
|
@ -242,7 +242,7 @@ notify_start(int force_askpass, const char *fmt, ...)
|
|||
va_end(args);
|
||||
|
||||
if (fflush(NULL) != 0)
|
||||
error("%s: fflush: %s", __func__, strerror(errno));
|
||||
error_f("fflush: %s", strerror(errno));
|
||||
if (!force_askpass && isatty(STDERR_FILENO)) {
|
||||
(void)write(STDERR_FILENO, "\r", 1);
|
||||
(void)write(STDERR_FILENO, prompt, strlen(prompt));
|
||||
|
@ -252,35 +252,35 @@ notify_start(int force_askpass, const char *fmt, ...)
|
|||
if ((askpass = getenv("SSH_ASKPASS")) == NULL)
|
||||
askpass = _PATH_SSH_ASKPASS_DEFAULT;
|
||||
if (*askpass == '\0') {
|
||||
debug3("%s: cannot notify: no askpass", __func__);
|
||||
debug3_f("cannot notify: no askpass");
|
||||
goto out;
|
||||
}
|
||||
if (getenv("DISPLAY") == NULL &&
|
||||
((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) == NULL ||
|
||||
strcmp(s, "force") != 0)) {
|
||||
debug3("%s: cannot notify: no display", __func__);
|
||||
debug3_f("cannot notify: no display");
|
||||
goto out;
|
||||
}
|
||||
osigchld = ssh_signal(SIGCHLD, SIG_DFL);
|
||||
if ((pid = fork()) == -1) {
|
||||
error("%s: fork: %s", __func__, strerror(errno));
|
||||
error_f("fork: %s", strerror(errno));
|
||||
ssh_signal(SIGCHLD, osigchld);
|
||||
free(prompt);
|
||||
return NULL;
|
||||
}
|
||||
if (pid == 0) {
|
||||
if (stdfd_devnull(1, 1, 0) == -1)
|
||||
fatal("%s: stdfd_devnull failed", __func__);
|
||||
fatal_f("stdfd_devnull failed");
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
setenv("SSH_ASKPASS_PROMPT", "none", 1); /* hint to UI */
|
||||
execlp(askpass, askpass, prompt, (char *)NULL);
|
||||
error("%s: exec(%s): %s", __func__, askpass, strerror(errno));
|
||||
error_f("exec(%s): %s", askpass, strerror(errno));
|
||||
_exit(1);
|
||||
/* NOTREACHED */
|
||||
}
|
||||
if ((ret = calloc(1, sizeof(*ret))) == NULL) {
|
||||
kill(pid, SIGTERM);
|
||||
fatal("%s: calloc failed", __func__);
|
||||
fatal_f("calloc failed");
|
||||
}
|
||||
ret->pid = pid;
|
||||
ret->osigchld = osigchld;
|
||||
|
@ -304,7 +304,7 @@ notify_complete(struct notifier_ctx *ctx)
|
|||
break;
|
||||
}
|
||||
if (ret == -1)
|
||||
fatal("%s: waitpid: %s", __func__, strerror(errno));
|
||||
fatal_f("waitpid: %s", strerror(errno));
|
||||
ssh_signal(SIGCHLD, ctx->osigchld);
|
||||
free(ctx);
|
||||
}
|
||||
|
|
|
@ -10,11 +10,11 @@
|
|||
#include "log.h"
|
||||
|
||||
void sshfatal(const char *file, const char *func, int line, int showfunc,
|
||||
LogLevel level, const char *fmt, ...);
|
||||
LogLevel level, const char *suffix, const char *fmt, ...);
|
||||
|
||||
void
|
||||
sshfatal(const char *file, const char *func, int line, int showfunc,
|
||||
LogLevel level, const char *fmt, ...)
|
||||
LogLevel level, const char *suffix, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
|
||||
|
@ -23,6 +23,8 @@ sshfatal(const char *file, const char *func, int line, int showfunc,
|
|||
va_start(ap, fmt);
|
||||
vfprintf(stderr, fmt, ap);
|
||||
va_end(ap);
|
||||
if (suffix != NULL)
|
||||
fprintf(stderr, ": %s", suffix);
|
||||
fputc('\n', stderr);
|
||||
_exit(1);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */
|
||||
/* $OpenBSD: sandbox-pledge.c,v 1.2 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org>
|
||||
*
|
||||
|
@ -46,7 +46,7 @@ ssh_sandbox_init(struct monitor *m)
|
|||
{
|
||||
struct ssh_sandbox *box;
|
||||
|
||||
debug3("%s: preparing pledge sandbox", __func__);
|
||||
debug3_f("preparing pledge sandbox");
|
||||
box = xcalloc(1, sizeof(*box));
|
||||
box->child_pid = 0;
|
||||
|
||||
|
@ -57,14 +57,14 @@ void
|
|||
ssh_sandbox_child(struct ssh_sandbox *box)
|
||||
{
|
||||
if (pledge("stdio", NULL) == -1)
|
||||
fatal("%s: pledge()", __func__);
|
||||
fatal_f("pledge()");
|
||||
}
|
||||
|
||||
void
|
||||
ssh_sandbox_parent_finish(struct ssh_sandbox *box)
|
||||
{
|
||||
free(box);
|
||||
debug3("%s: finished", __func__);
|
||||
debug3_f("finished");
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sandbox-rlimit.c,v 1.4 2016/09/12 01:22:38 deraadt Exp $ */
|
||||
/* $OpenBSD: sandbox-rlimit.c,v 1.5 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
|
@ -49,7 +49,7 @@ ssh_sandbox_init(struct monitor *monitor)
|
|||
* Strictly, we don't need to maintain any state here but we need
|
||||
* to return non-NULL to satisfy the API.
|
||||
*/
|
||||
debug3("%s: preparing rlimit sandbox", __func__);
|
||||
debug3_f("preparing rlimit sandbox");
|
||||
box = xcalloc(1, sizeof(*box));
|
||||
box->child_pid = 0;
|
||||
|
||||
|
@ -65,18 +65,18 @@ ssh_sandbox_child(struct ssh_sandbox *box)
|
|||
|
||||
#ifndef SANDBOX_SKIP_RLIMIT_FSIZE
|
||||
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
|
||||
fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
|
||||
__func__, strerror(errno));
|
||||
fatal_f("setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
|
||||
strerror(errno));
|
||||
#endif
|
||||
#ifndef SANDBOX_SKIP_RLIMIT_NOFILE
|
||||
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
|
||||
fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
|
||||
__func__, strerror(errno));
|
||||
fatal_f("setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
|
||||
strerror(errno));
|
||||
#endif
|
||||
#ifdef HAVE_RLIMIT_NPROC
|
||||
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
|
||||
fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
|
||||
__func__, strerror(errno));
|
||||
fatal_f("setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
|
||||
strerror(errno));
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -84,7 +84,7 @@ void
|
|||
ssh_sandbox_parent_finish(struct ssh_sandbox *box)
|
||||
{
|
||||
free(box);
|
||||
debug3("%s: finished", __func__);
|
||||
debug3_f("finished");
|
||||
}
|
||||
|
||||
void
|
||||
|
|
6
scp.c
6
scp.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: scp.c,v 1.212 2020/08/03 02:43:41 djm Exp $ */
|
||||
/* $OpenBSD: scp.c,v 1.213 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* scp - secure remote copy. This is basically patched BSD rcp which
|
||||
* uses ssh to do the data transfer (instead of using rcmd).
|
||||
|
@ -848,7 +848,7 @@ brace_expand(const char *pattern, char ***patternsp, size_t *npatternsp)
|
|||
goto fail;
|
||||
}
|
||||
if (invalid)
|
||||
fatal("%s: invalid brace pattern \"%s\"", __func__, cp);
|
||||
fatal_f("invalid brace pattern \"%s\"", cp);
|
||||
if (expanded) {
|
||||
/*
|
||||
* Current entry expanded to new entries on the
|
||||
|
@ -1279,7 +1279,7 @@ sink(int argc, char **argv, const char *src)
|
|||
* the requested destination file glob.
|
||||
*/
|
||||
if (brace_expand(src, &patterns, &npatterns) != 0)
|
||||
fatal("%s: could not expand pattern", __func__);
|
||||
fatal_f("could not expand pattern");
|
||||
}
|
||||
for (first = 1;; first = 0) {
|
||||
cp = buf;
|
||||
|
|
34
servconf.c
34
servconf.c
|
@ -1,5 +1,5 @@
|
|||
|
||||
/* $OpenBSD: servconf.c,v 1.370 2020/10/16 13:26:13 djm Exp $ */
|
||||
/* $OpenBSD: servconf.c,v 1.371 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
|
@ -223,7 +223,7 @@ assemble_algorithms(ServerOptions *o)
|
|||
#define ASSEMBLE(what, defaults, all) \
|
||||
do { \
|
||||
if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
|
||||
fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
|
||||
fatal_fr(r, "%s", #what); \
|
||||
} while (0)
|
||||
ASSEMBLE(ciphers, def_cipher, all_cipher);
|
||||
ASSEMBLE(macs, def_mac, all_mac);
|
||||
|
@ -751,7 +751,7 @@ derelativise_path(const char *path)
|
|||
if (path_absolute(expanded))
|
||||
return expanded;
|
||||
if (getcwd(cwd, sizeof(cwd)) == NULL)
|
||||
fatal("%s: getcwd: %s", __func__, strerror(errno));
|
||||
fatal_f("getcwd: %s", strerror(errno));
|
||||
xasprintf(&ret, "%s/%s", cwd, expanded);
|
||||
free(expanded);
|
||||
return ret;
|
||||
|
@ -794,7 +794,7 @@ add_one_listen_addr(ServerOptions *options, const char *addr,
|
|||
if (i >= options->num_listen_addrs) {
|
||||
/* No entry for this rdomain; allocate one */
|
||||
if (i >= INT_MAX)
|
||||
fatal("%s: too many listen addresses", __func__);
|
||||
fatal_f("too many listen addresses");
|
||||
options->listen_addrs = xrecallocarray(options->listen_addrs,
|
||||
options->num_listen_addrs, options->num_listen_addrs + 1,
|
||||
sizeof(*options->listen_addrs));
|
||||
|
@ -931,10 +931,10 @@ process_permitopen_list(struct ssh *ssh, ServerOpCodes opcode,
|
|||
ch = '\0';
|
||||
host = hpdelim2(&arg, &ch);
|
||||
if (host == NULL || ch == '/')
|
||||
fatal("%s: missing host in %s", __func__, what);
|
||||
fatal_f("missing host in %s", what);
|
||||
host = cleanhostname(host);
|
||||
if (arg == NULL || ((port = permitopen_port(arg)) < 0))
|
||||
fatal("%s: bad port number in %s", __func__, what);
|
||||
fatal_f("bad port number in %s", what);
|
||||
/* Send it to channels layer */
|
||||
channel_add_permission(ssh, FORWARD_ADM,
|
||||
where, host, port);
|
||||
|
@ -2051,17 +2051,15 @@ process_server_config_line_depth(ServerOptions *options, char *line,
|
|||
item, entry);
|
||||
}
|
||||
if (gbuf.gl_pathc > INT_MAX)
|
||||
fatal("%s: too many glob results", __func__);
|
||||
fatal_f("too many glob results");
|
||||
for (n = 0; n < (int)gbuf.gl_pathc; n++) {
|
||||
debug2("%s line %d: including %s",
|
||||
filename, linenum, gbuf.gl_pathv[n]);
|
||||
item = xcalloc(1, sizeof(*item));
|
||||
item->selector = strdup(arg);
|
||||
item->filename = strdup(gbuf.gl_pathv[n]);
|
||||
if ((item->contents = sshbuf_new()) == NULL) {
|
||||
fatal("%s: sshbuf_new failed",
|
||||
__func__);
|
||||
}
|
||||
if ((item->contents = sshbuf_new()) == NULL)
|
||||
fatal_f("sshbuf_new failed");
|
||||
load_server_config(item->filename,
|
||||
item->contents);
|
||||
parse_server_config_depth(options,
|
||||
|
@ -2415,7 +2413,7 @@ load_server_config(const char *filename, struct sshbuf *conf)
|
|||
FILE *f;
|
||||
int r, lineno = 0;
|
||||
|
||||
debug2("%s: filename %s", __func__, filename);
|
||||
debug2_f("filename %s", filename);
|
||||
if ((f = fopen(filename, "r")) == NULL) {
|
||||
perror(filename);
|
||||
exit(1);
|
||||
|
@ -2424,7 +2422,7 @@ load_server_config(const char *filename, struct sshbuf *conf)
|
|||
/* grow buffer, so realloc is avoided for large config files */
|
||||
if (fstat(fileno(f), &st) == 0 && st.st_size > 0 &&
|
||||
(r = sshbuf_allocate(conf, st.st_size)) != 0)
|
||||
fatal("%s: allocate failed: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "allocate");
|
||||
while (getline(&line, &linesize, f) != -1) {
|
||||
lineno++;
|
||||
/*
|
||||
|
@ -2436,13 +2434,13 @@ load_server_config(const char *filename, struct sshbuf *conf)
|
|||
memcpy(cp, "\n", 2);
|
||||
cp = line + strspn(line, " \t\r");
|
||||
if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put");
|
||||
}
|
||||
free(line);
|
||||
if ((r = sshbuf_put_u8(conf, 0)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_u8");
|
||||
fclose(f);
|
||||
debug2("%s: done config len = %zu", __func__, sshbuf_len(conf));
|
||||
debug2_f("done config len = %zu", sshbuf_len(conf));
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -2610,11 +2608,11 @@ parse_server_config_depth(ServerOptions *options, const char *filename,
|
|||
if (depth < 0 || depth > SERVCONF_MAX_DEPTH)
|
||||
fatal("Too many recursive configuration includes");
|
||||
|
||||
debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf),
|
||||
debug2_f("config %s len %zu%s", filename, sshbuf_len(conf),
|
||||
(flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : ""));
|
||||
|
||||
if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
linenum = 1;
|
||||
while ((cp = strsep(&cbuf, "\n")) != NULL) {
|
||||
if (process_server_config_line_depth(options, cp,
|
||||
|
|
84
serverloop.c
84
serverloop.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: serverloop.c,v 1.223 2020/07/03 06:29:57 djm Exp $ */
|
||||
/* $OpenBSD: serverloop.c,v 1.224 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -157,7 +157,7 @@ notify_done(fd_set *readset)
|
|||
|
||||
if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
|
||||
while (read(notify_pipe[0], &c, 1) != -1)
|
||||
debug2("%s: reading", __func__);
|
||||
debug2_f("reading");
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
|
@ -201,13 +201,13 @@ client_alive_check(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, "keepalive@openssh.com"))
|
||||
!= 0 ||
|
||||
(r = sshpkt_put_u8(ssh, 1)) != 0) /* boolean: want reply */
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
} else {
|
||||
channel_request_start(ssh, channel_id,
|
||||
"keepalive@openssh.com", 1);
|
||||
}
|
||||
if ((r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -332,21 +332,17 @@ process_input(struct ssh *ssh, fd_set *readset, int connection_in)
|
|||
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
|
||||
return -1;
|
||||
} else if (len == -1) {
|
||||
if (errno != EINTR && errno != EAGAIN &&
|
||||
errno != EWOULDBLOCK) {
|
||||
verbose("Read error from remote host "
|
||||
"%.100s port %d: %.100s",
|
||||
ssh_remote_ipaddr(ssh),
|
||||
ssh_remote_port(ssh), strerror(errno));
|
||||
cleanup_exit(255);
|
||||
}
|
||||
} else {
|
||||
/* Buffer any received data. */
|
||||
if ((r = ssh_packet_process_incoming(ssh, buf, len))
|
||||
!= 0)
|
||||
fatal("%s: ssh_packet_process_incoming: %s",
|
||||
__func__, ssh_err(r));
|
||||
if (errno == EINTR || errno == EAGAIN ||
|
||||
errno != EWOULDBLOCK)
|
||||
return 0;
|
||||
verbose("Read error from remote host %s port %d: %s",
|
||||
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
|
||||
strerror(errno));
|
||||
cleanup_exit(255);
|
||||
}
|
||||
/* Buffer any received data. */
|
||||
if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0)
|
||||
fatal_fr(r, "ssh_packet_process_incoming");
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -494,17 +490,17 @@ server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg)
|
|||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
||||
if (target_port > 0xFFFF) {
|
||||
error("%s: invalid target port", __func__);
|
||||
error_f("invalid target port");
|
||||
*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
|
||||
goto out;
|
||||
}
|
||||
if (originator_port > 0xFFFF) {
|
||||
error("%s: invalid originator port", __func__);
|
||||
error_f("invalid originator port");
|
||||
*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
|
||||
goto out;
|
||||
}
|
||||
|
||||
debug("%s: originator %s port %u, target %s port %u", __func__,
|
||||
debug_f("originator %s port %u, target %s port %u",
|
||||
originator, originator_port, target, target_port);
|
||||
|
||||
/* XXX fine grained permissions */
|
||||
|
@ -537,7 +533,7 @@ server_request_direct_streamlocal(struct ssh *ssh)
|
|||
int r;
|
||||
|
||||
if (pw == NULL || !the_authctxt->valid)
|
||||
fatal("%s: no/invalid user", __func__);
|
||||
fatal_f("no/invalid user");
|
||||
|
||||
if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||
|
||||
|
@ -545,11 +541,11 @@ server_request_direct_streamlocal(struct ssh *ssh)
|
|||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
||||
if (originator_port > 0xFFFF) {
|
||||
error("%s: invalid originator port", __func__);
|
||||
error_f("invalid originator port");
|
||||
goto out;
|
||||
}
|
||||
|
||||
debug("%s: originator %s port %d, target %s", __func__,
|
||||
debug_f("originator %s port %d, target %s",
|
||||
originator, originator_port, target);
|
||||
|
||||
/* XXX fine grained permissions */
|
||||
|
@ -597,7 +593,7 @@ server_request_tun(struct ssh *ssh)
|
|||
if ((r = sshpkt_get_u32(ssh, &tun)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: parse device", __func__);
|
||||
if (tun > INT_MAX) {
|
||||
debug("%s: invalid tun", __func__);
|
||||
debug_f("invalid tun");
|
||||
goto done;
|
||||
}
|
||||
if (auth_opts->force_tun_device != -1) {
|
||||
|
@ -686,7 +682,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
|
|||
(r = sshpkt_get_u32(ssh, &rwindow)) != 0 ||
|
||||
(r = sshpkt_get_u32(ssh, &rmaxpack)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
||||
debug("%s: ctype %s rchan %u win %u max %u", __func__,
|
||||
debug_f("ctype %s rchan %u win %u max %u",
|
||||
ctype, rchan, rwindow, rmaxpack);
|
||||
|
||||
if (strcmp(ctype, "session") == 0) {
|
||||
|
@ -699,7 +695,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
|
|||
c = server_request_tun(ssh);
|
||||
}
|
||||
if (c != NULL) {
|
||||
debug("%s: confirm %s", __func__, ctype);
|
||||
debug_f("confirm %s", ctype);
|
||||
c->remote_id = rchan;
|
||||
c->have_remote_id = 1;
|
||||
c->remote_window = rwindow;
|
||||
|
@ -716,7 +712,7 @@ server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
|
|||
}
|
||||
}
|
||||
} else {
|
||||
debug("%s: failure %s", __func__, ctype);
|
||||
debug_f("failure %s", ctype);
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, rchan)) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, reason)) != 0 ||
|
||||
|
@ -743,7 +739,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
|
|||
size_t blen, slen;
|
||||
|
||||
if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
|
||||
kexsigtype = sshkey_type_plain(
|
||||
sshkey_type_from_name(ssh->kex->hostkey_alg));
|
||||
|
@ -752,8 +748,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
|
|||
key = NULL;
|
||||
if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 ||
|
||||
(r = sshkey_from_blob(blob, blen, &key)) != 0) {
|
||||
error("%s: couldn't parse key: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "parse key");
|
||||
goto out;
|
||||
}
|
||||
/*
|
||||
|
@ -761,8 +756,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
|
|||
* before attempting to sign anything with it.
|
||||
*/
|
||||
if ((ndx = ssh->kex->host_key_index(key, 1, ssh)) == -1) {
|
||||
error("%s: unknown host %s key",
|
||||
__func__, sshkey_type(key));
|
||||
error_f("unknown host %s key", sshkey_type(key));
|
||||
goto out;
|
||||
}
|
||||
/*
|
||||
|
@ -771,7 +765,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
|
|||
*/
|
||||
if ((key_prv = get_hostkey_by_index(ndx)) == NULL &&
|
||||
(key_pub = get_hostkey_public_by_index(ndx, ssh)) == NULL) {
|
||||
error("%s: can't retrieve hostkey %d", __func__, ndx);
|
||||
error_f("can't retrieve hostkey %d", ndx);
|
||||
goto out;
|
||||
}
|
||||
sshbuf_reset(sigbuf);
|
||||
|
@ -792,8 +786,7 @@ server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
|
|||
sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
|
||||
use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
|
||||
(r = sshbuf_put_string(resp, sig, slen)) != 0) {
|
||||
error("%s: couldn't prepare signature: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "assemble signature");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
@ -822,19 +815,19 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
|
||||
memset(&fwd, 0, sizeof(fwd));
|
||||
if (pw == NULL || !the_authctxt->valid)
|
||||
fatal("%s: no/invalid user", __func__);
|
||||
fatal_f("no/invalid user");
|
||||
|
||||
if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||
|
||||
(r = sshpkt_get_u8(ssh, &want_reply)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
||||
debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply);
|
||||
debug_f("rtype %s want_reply %d", rtype, want_reply);
|
||||
|
||||
/* -R style forwarding */
|
||||
if (strcmp(rtype, "tcpip-forward") == 0) {
|
||||
if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||
|
||||
(r = sshpkt_get_u32(ssh, &port)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: parse tcpip-forward", __func__);
|
||||
debug("%s: tcpip-forward listen %s port %u", __func__,
|
||||
debug_f("tcpip-forward listen %s port %u",
|
||||
fwd.listen_host, port);
|
||||
if (port <= INT_MAX)
|
||||
fwd.listen_port = (int)port;
|
||||
|
@ -854,16 +847,16 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
&allocated_listen_port, &options.fwd_opts);
|
||||
}
|
||||
if ((resp = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
if (allocated_listen_port != 0 &&
|
||||
(r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)
|
||||
fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_u32");
|
||||
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
|
||||
if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||
|
||||
(r = sshpkt_get_u32(ssh, &port)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: parse cancel-tcpip-forward", __func__);
|
||||
|
||||
debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
|
||||
debug_f("cancel-tcpip-forward addr %s port %d",
|
||||
fwd.listen_host, port);
|
||||
if (port <= INT_MAX) {
|
||||
fwd.listen_port = (int)port;
|
||||
|
@ -872,7 +865,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
} else if (strcmp(rtype, "streamlocal-forward@openssh.com") == 0) {
|
||||
if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: parse streamlocal-forward@openssh.com", __func__);
|
||||
debug("%s: streamlocal-forward listen path %s", __func__,
|
||||
debug_f("streamlocal-forward listen path %s",
|
||||
fwd.listen_path);
|
||||
|
||||
/* check permissions */
|
||||
|
@ -891,7 +884,7 @@ server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
} else if (strcmp(rtype, "cancel-streamlocal-forward@openssh.com") == 0) {
|
||||
if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: parse cancel-streamlocal-forward@openssh.com", __func__);
|
||||
debug("%s: cancel-streamlocal-forward path %s", __func__,
|
||||
debug_f("cancel-streamlocal-forward path %s",
|
||||
fwd.listen_path);
|
||||
|
||||
success = channel_cancel_rport_listener(ssh, &fwd);
|
||||
|
@ -947,8 +940,7 @@ server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh)
|
|||
success = session_input_channel_req(ssh, c, rtype);
|
||||
if (want_reply && !(c->flags & CHAN_CLOSE_SENT)) {
|
||||
if (!c->have_remote_id)
|
||||
fatal("%s: channel %d: no remote_id",
|
||||
__func__, c->self);
|
||||
fatal_f("channel %d: no remote_id", c->self);
|
||||
if ((r = sshpkt_start(ssh, success ?
|
||||
SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 ||
|
||||
(r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
|
||||
|
|
131
session.c
131
session.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: session.c,v 1.324 2020/07/07 02:47:21 deraadt Exp $ */
|
||||
/* $OpenBSD: session.c,v 1.325 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
|
@ -253,7 +253,7 @@ display_loginmsg(void)
|
|||
if (sshbuf_len(loginmsg) == 0)
|
||||
return;
|
||||
if ((r = sshbuf_put_u8(loginmsg, 0)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_u8");
|
||||
printf("%s", (char *)sshbuf_ptr(loginmsg));
|
||||
sshbuf_reset(loginmsg);
|
||||
}
|
||||
|
@ -269,16 +269,16 @@ prepare_auth_info_file(struct passwd *pw, struct sshbuf *info)
|
|||
temporarily_use_uid(pw);
|
||||
auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX");
|
||||
if ((fd = mkstemp(auth_info_file)) == -1) {
|
||||
error("%s: mkstemp: %s", __func__, strerror(errno));
|
||||
error_f("mkstemp: %s", strerror(errno));
|
||||
goto out;
|
||||
}
|
||||
if (atomicio(vwrite, fd, sshbuf_mutable_ptr(info),
|
||||
sshbuf_len(info)) != sshbuf_len(info)) {
|
||||
error("%s: write: %s", __func__, strerror(errno));
|
||||
error_f("write: %s", strerror(errno));
|
||||
goto out;
|
||||
}
|
||||
if (close(fd) != 0) {
|
||||
error("%s: close: %s", __func__, strerror(errno));
|
||||
error_f("close: %s", strerror(errno));
|
||||
goto out;
|
||||
}
|
||||
success = 1;
|
||||
|
@ -305,11 +305,10 @@ set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts)
|
|||
tmp = cp = xstrdup(auth_opts->permitopen[i]);
|
||||
/* This shouldn't fail as it has already been checked */
|
||||
if ((host = hpdelim(&cp)) == NULL)
|
||||
fatal("%s: internal error: hpdelim", __func__);
|
||||
fatal_f("internal error: hpdelim");
|
||||
host = cleanhostname(host);
|
||||
if (cp == NULL || (port = permitopen_port(cp)) < 0)
|
||||
fatal("%s: internal error: permitopen port",
|
||||
__func__);
|
||||
fatal_f("internal error: permitopen port");
|
||||
channel_add_permission(ssh,
|
||||
FORWARD_USER, FORWARD_LOCAL, host, port);
|
||||
free(tmp);
|
||||
|
@ -321,11 +320,10 @@ set_fwdpermit_from_authopts(struct ssh *ssh, const struct sshauthopt *opts)
|
|||
tmp = cp = xstrdup(auth_opts->permitlisten[i]);
|
||||
/* This shouldn't fail as it has already been checked */
|
||||
if ((host = hpdelim(&cp)) == NULL)
|
||||
fatal("%s: internal error: hpdelim", __func__);
|
||||
fatal_f("internal error: hpdelim");
|
||||
host = cleanhostname(host);
|
||||
if (cp == NULL || (port = permitopen_port(cp)) < 0)
|
||||
fatal("%s: internal error: permitlisten port",
|
||||
__func__);
|
||||
fatal_f("internal error: permitlisten port");
|
||||
channel_add_permission(ssh,
|
||||
FORWARD_USER, FORWARD_REMOTE, host, port);
|
||||
free(tmp);
|
||||
|
@ -400,18 +398,17 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
|
|||
|
||||
/* Allocate pipes for communicating with the program. */
|
||||
if (pipe(pin) == -1) {
|
||||
error("%s: pipe in: %.100s", __func__, strerror(errno));
|
||||
error_f("pipe in: %.100s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if (pipe(pout) == -1) {
|
||||
error("%s: pipe out: %.100s", __func__, strerror(errno));
|
||||
error_f("pipe out: %.100s", strerror(errno));
|
||||
close(pin[0]);
|
||||
close(pin[1]);
|
||||
return -1;
|
||||
}
|
||||
if (pipe(perr) == -1) {
|
||||
error("%s: pipe err: %.100s", __func__,
|
||||
strerror(errno));
|
||||
error_f("pipe err: %.100s", strerror(errno));
|
||||
close(pin[0]);
|
||||
close(pin[1]);
|
||||
close(pout[0]);
|
||||
|
@ -426,12 +423,11 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
|
|||
|
||||
/* Uses socket pairs to communicate with the program. */
|
||||
if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) {
|
||||
error("%s: socketpair #1: %.100s", __func__, strerror(errno));
|
||||
error_f("socketpair #1: %.100s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) {
|
||||
error("%s: socketpair #2: %.100s", __func__,
|
||||
strerror(errno));
|
||||
error_f("socketpair #2: %.100s", strerror(errno));
|
||||
close(inout[0]);
|
||||
close(inout[1]);
|
||||
return -1;
|
||||
|
@ -443,7 +439,7 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
|
|||
/* Fork the child. */
|
||||
switch ((pid = fork())) {
|
||||
case -1:
|
||||
error("%s: fork: %.100s", __func__, strerror(errno));
|
||||
error_f("fork: %.100s", strerror(errno));
|
||||
#ifdef USE_PIPES
|
||||
close(pin[0]);
|
||||
close(pin[1]);
|
||||
|
@ -578,14 +574,14 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
|
|||
* detect and gracefully fail out-of-fd conditions.
|
||||
*/
|
||||
if ((fdout = dup(ptyfd)) == -1) {
|
||||
error("%s: dup #1: %s", __func__, strerror(errno));
|
||||
error_f("dup #1: %s", strerror(errno));
|
||||
close(ttyfd);
|
||||
close(ptyfd);
|
||||
return -1;
|
||||
}
|
||||
/* we keep a reference to the pty master */
|
||||
if ((ptymaster = dup(ptyfd)) == -1) {
|
||||
error("%s: dup #2: %s", __func__, strerror(errno));
|
||||
error_f("dup #2: %s", strerror(errno));
|
||||
close(ttyfd);
|
||||
close(ptyfd);
|
||||
close(fdout);
|
||||
|
@ -595,7 +591,7 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
|
|||
/* Fork the child. */
|
||||
switch ((pid = fork())) {
|
||||
case -1:
|
||||
error("%s: fork: %.100s", __func__, strerror(errno));
|
||||
error_f("fork: %.100s", strerror(errno));
|
||||
close(fdout);
|
||||
close(ptymaster);
|
||||
close(ttyfd);
|
||||
|
@ -1220,7 +1216,7 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell)
|
|||
stat(user_rc, &st) >= 0) {
|
||||
if (xasprintf(&cmd, "%s -c '%s %s'", shell, _PATH_BSHELL,
|
||||
user_rc) == -1)
|
||||
fatal("%s: xasprintf: %s", __func__, strerror(errno));
|
||||
fatal_f("xasprintf: %s", strerror(errno));
|
||||
if (debug_flag)
|
||||
fprintf(stderr, "Running %s\n", cmd);
|
||||
f = popen(cmd, "w");
|
||||
|
@ -1257,7 +1253,7 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell)
|
|||
s->auth_proto, s->auth_data);
|
||||
}
|
||||
if (xasprintf(&cmd, "%s -q -", options.xauth_location) == -1)
|
||||
fatal("%s: xasprintf: %s", __func__, strerror(errno));
|
||||
fatal_f("xasprintf: %s", strerror(errno));
|
||||
f = popen(cmd, "w");
|
||||
if (f) {
|
||||
fprintf(f, "remove %s\n",
|
||||
|
@ -1336,10 +1332,10 @@ safely_chroot(const char *path, uid_t uid)
|
|||
component[cp - path] = '\0';
|
||||
}
|
||||
|
||||
debug3("%s: checking '%s'", __func__, component);
|
||||
debug3_f("checking '%s'", component);
|
||||
|
||||
if (stat(component, &st) != 0)
|
||||
fatal("%s: stat(\"%s\"): %s", __func__,
|
||||
fatal_f("stat(\"%s\"): %s",
|
||||
component, strerror(errno));
|
||||
if (st.st_uid != 0 || (st.st_mode & 022) != 0)
|
||||
fatal("bad ownership or modes for chroot "
|
||||
|
@ -1357,8 +1353,7 @@ safely_chroot(const char *path, uid_t uid)
|
|||
if (chroot(path) == -1)
|
||||
fatal("chroot(\"%s\"): %s", path, strerror(errno));
|
||||
if (chdir("/") == -1)
|
||||
fatal("%s: chdir(/) after chroot: %s",
|
||||
__func__, strerror(errno));
|
||||
fatal_f("chdir(/) after chroot: %s", strerror(errno));
|
||||
verbose("Changed root directory to \"%s\"", path);
|
||||
}
|
||||
|
||||
|
@ -1727,11 +1722,11 @@ do_child(struct ssh *ssh, Session *s, const char *command)
|
|||
void
|
||||
session_unused(int id)
|
||||
{
|
||||
debug3("%s: session id %d unused", __func__, id);
|
||||
debug3_f("session id %d unused", id);
|
||||
if (id >= options.max_sessions ||
|
||||
id >= sessions_nalloc) {
|
||||
fatal("%s: insane session id %d (max %d nalloc %d)",
|
||||
__func__, id, options.max_sessions, sessions_nalloc);
|
||||
fatal_f("insane session id %d (max %d nalloc %d)",
|
||||
id, options.max_sessions, sessions_nalloc);
|
||||
}
|
||||
memset(&sessions[id], 0, sizeof(*sessions));
|
||||
sessions[id].self = id;
|
||||
|
@ -1753,13 +1748,13 @@ session_new(void)
|
|||
if (sessions_first_unused == -1) {
|
||||
if (sessions_nalloc >= options.max_sessions)
|
||||
return NULL;
|
||||
debug2("%s: allocate (allocated %d max %d)",
|
||||
__func__, sessions_nalloc, options.max_sessions);
|
||||
debug2_f("allocate (allocated %d max %d)",
|
||||
sessions_nalloc, options.max_sessions);
|
||||
tmp = xrecallocarray(sessions, sessions_nalloc,
|
||||
sessions_nalloc + 1, sizeof(*sessions));
|
||||
if (tmp == NULL) {
|
||||
error("%s: cannot allocate %d sessions",
|
||||
__func__, sessions_nalloc + 1);
|
||||
error_f("cannot allocate %d sessions",
|
||||
sessions_nalloc + 1);
|
||||
return NULL;
|
||||
}
|
||||
sessions = tmp;
|
||||
|
@ -1768,16 +1763,14 @@ session_new(void)
|
|||
|
||||
if (sessions_first_unused >= sessions_nalloc ||
|
||||
sessions_first_unused < 0) {
|
||||
fatal("%s: insane first_unused %d max %d nalloc %d",
|
||||
__func__, sessions_first_unused, options.max_sessions,
|
||||
fatal_f("insane first_unused %d max %d nalloc %d",
|
||||
sessions_first_unused, options.max_sessions,
|
||||
sessions_nalloc);
|
||||
}
|
||||
|
||||
s = &sessions[sessions_first_unused];
|
||||
if (s->used) {
|
||||
fatal("%s: session %d already used",
|
||||
__func__, sessions_first_unused);
|
||||
}
|
||||
if (s->used)
|
||||
fatal_f("session %d already used", sessions_first_unused);
|
||||
sessions_first_unused = s->next_unused;
|
||||
s->used = 1;
|
||||
s->next_unused = -1;
|
||||
|
@ -2147,35 +2140,33 @@ session_signal_req(struct ssh *ssh, Session *s)
|
|||
|
||||
if ((r = sshpkt_get_cstring(ssh, &signame, NULL)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0) {
|
||||
error("%s: parse packet: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
goto out;
|
||||
}
|
||||
if ((sig = name2sig(signame)) == -1) {
|
||||
error("%s: unsupported signal \"%s\"", __func__, signame);
|
||||
error_f("unsupported signal \"%s\"", signame);
|
||||
goto out;
|
||||
}
|
||||
if (s->pid <= 0) {
|
||||
error("%s: no pid for session %d", __func__, s->self);
|
||||
error_f("no pid for session %d", s->self);
|
||||
goto out;
|
||||
}
|
||||
if (s->forced || s->is_subsystem) {
|
||||
error("%s: refusing to send signal %s to %s session", __func__,
|
||||
error_f("refusing to send signal %s to %s session",
|
||||
signame, s->forced ? "forced-command" : "subsystem");
|
||||
goto out;
|
||||
}
|
||||
if (!use_privsep || mm_is_monitor()) {
|
||||
error("%s: session signalling requires privilege separation",
|
||||
__func__);
|
||||
error_f("session signalling requires privilege separation");
|
||||
goto out;
|
||||
}
|
||||
|
||||
debug("%s: signal %s, killpg(%ld, %d)", __func__, signame,
|
||||
(long)s->pid, sig);
|
||||
debug_f("signal %s, killpg(%ld, %d)", signame, (long)s->pid, sig);
|
||||
temporarily_use_uid(s->pw);
|
||||
r = killpg(s->pid, sig);
|
||||
restore_uid();
|
||||
if (r != 0) {
|
||||
error("%s: killpg(%ld, %d): %s", __func__, (long)s->pid,
|
||||
error_f("killpg(%ld, %d): %s", (long)s->pid,
|
||||
sig, strerror(errno));
|
||||
goto out;
|
||||
}
|
||||
|
@ -2197,7 +2188,7 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
|
|||
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
|
||||
if (!auth_opts->permit_agent_forwarding_flag ||
|
||||
!options.allow_agent_forwarding) {
|
||||
debug("%s: agent forwarding disabled", __func__);
|
||||
debug_f("agent forwarding disabled");
|
||||
return 0;
|
||||
}
|
||||
if (called) {
|
||||
|
@ -2215,10 +2206,10 @@ session_input_channel_req(struct ssh *ssh, Channel *c, const char *rtype)
|
|||
Session *s;
|
||||
|
||||
if ((s = session_by_channel(c->self)) == NULL) {
|
||||
logit("%s: no session %d req %.100s", __func__, c->self, rtype);
|
||||
logit_f("no session %d req %.100s", c->self, rtype);
|
||||
return 0;
|
||||
}
|
||||
debug("%s: session %d req %s", __func__, s->self, rtype);
|
||||
debug_f("session %d req %s", s->self, rtype);
|
||||
|
||||
/*
|
||||
* a session is in LARVAL state until a shell, a command
|
||||
|
@ -2276,13 +2267,13 @@ void
|
|||
session_pty_cleanup2(Session *s)
|
||||
{
|
||||
if (s == NULL) {
|
||||
error("%s: no session", __func__);
|
||||
error_f("no session");
|
||||
return;
|
||||
}
|
||||
if (s->ttyfd == -1)
|
||||
return;
|
||||
|
||||
debug("%s: session %d release %s", __func__, s->self, s->tty);
|
||||
debug_f("session %d release %s", s->self, s->tty);
|
||||
|
||||
/* Record that the user has logged out. */
|
||||
if (s->pid != 0)
|
||||
|
@ -2338,10 +2329,10 @@ session_close_x11(struct ssh *ssh, int id)
|
|||
Channel *c;
|
||||
|
||||
if ((c = channel_by_id(ssh, id)) == NULL) {
|
||||
debug("%s: x11 channel %d missing", __func__, id);
|
||||
debug_f("x11 channel %d missing", id);
|
||||
} else {
|
||||
/* Detach X11 listener */
|
||||
debug("%s: detach x11 channel %d", __func__, id);
|
||||
debug_f("detach x11 channel %d", id);
|
||||
channel_cancel_cleanup(ssh, id);
|
||||
if (c->ostate != CHAN_OUTPUT_CLOSED)
|
||||
chan_mark_dead(ssh, c);
|
||||
|
@ -2354,13 +2345,13 @@ session_close_single_x11(struct ssh *ssh, int id, void *arg)
|
|||
Session *s;
|
||||
u_int i;
|
||||
|
||||
debug3("%s: channel %d", __func__, id);
|
||||
debug3_f("channel %d", id);
|
||||
channel_cancel_cleanup(ssh, id);
|
||||
if ((s = session_by_x11_channel(id)) == NULL)
|
||||
fatal("%s: no x11 channel %d", __func__, id);
|
||||
fatal_f("no x11 channel %d", id);
|
||||
for (i = 0; s->x11_chanids[i] != -1; i++) {
|
||||
debug("%s: session %d: closing channel %d",
|
||||
__func__, s->self, s->x11_chanids[i]);
|
||||
debug_f("session %d: closing channel %d",
|
||||
s->self, s->x11_chanids[i]);
|
||||
/*
|
||||
* The channel "id" is already closing, but make sure we
|
||||
* close all of its siblings.
|
||||
|
@ -2387,10 +2378,9 @@ session_exit_message(struct ssh *ssh, Session *s, int status)
|
|||
int r;
|
||||
|
||||
if ((c = channel_lookup(ssh, s->chanid)) == NULL)
|
||||
fatal("%s: session %d: no channel %d",
|
||||
__func__, s->self, s->chanid);
|
||||
debug("%s: session %d channel %d pid %ld",
|
||||
__func__, s->self, s->chanid, (long)s->pid);
|
||||
fatal_f("session %d: no channel %d", s->self, s->chanid);
|
||||
debug_f("session %d channel %d pid %ld",
|
||||
s->self, s->chanid, (long)s->pid);
|
||||
|
||||
if (WIFEXITED(status)) {
|
||||
channel_request_start(ssh, s->chanid, "exit-status", 0);
|
||||
|
@ -2414,7 +2404,7 @@ session_exit_message(struct ssh *ssh, Session *s, int status)
|
|||
}
|
||||
|
||||
/* disconnect channel */
|
||||
debug("%s: release channel %d", __func__, s->chanid);
|
||||
debug_f("release channel %d", s->chanid);
|
||||
|
||||
/*
|
||||
* Adjust cleanup callback attachment to send close messages when
|
||||
|
@ -2469,7 +2459,7 @@ session_close_by_pid(struct ssh *ssh, pid_t pid, int status)
|
|||
{
|
||||
Session *s = session_by_pid(pid);
|
||||
if (s == NULL) {
|
||||
debug("%s: no session for pid %ld", __func__, (long)pid);
|
||||
debug_f("no session for pid %ld", (long)pid);
|
||||
return;
|
||||
}
|
||||
if (s->chanid != -1)
|
||||
|
@ -2490,13 +2480,12 @@ session_close_by_channel(struct ssh *ssh, int id, void *arg)
|
|||
u_int i;
|
||||
|
||||
if (s == NULL) {
|
||||
debug("%s: no session for id %d", __func__, id);
|
||||
debug_f("no session for id %d", id);
|
||||
return;
|
||||
}
|
||||
debug("%s: channel %d child %ld", __func__, id, (long)s->pid);
|
||||
debug_f("channel %d child %ld", id, (long)s->pid);
|
||||
if (s->pid != 0) {
|
||||
debug("%s: channel %d: has child, ttyfd %d",
|
||||
__func__, id, s->ttyfd);
|
||||
debug_f("channel %d: has child, ttyfd %d", id, s->ttyfd);
|
||||
/*
|
||||
* delay detach of session, but release pty, since
|
||||
* the fd's to the child are already closed
|
||||
|
|
165
sftp-client.c
165
sftp-client.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sftp-client.c,v 1.136 2020/05/15 03:57:33 djm Exp $ */
|
||||
/* $OpenBSD: sftp-client.c,v 1.137 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
|
@ -140,7 +140,7 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
|
|||
int r;
|
||||
|
||||
if ((r = sshbuf_reserve(m, 4, &p)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reserve");
|
||||
if (atomicio6(read, conn->fd_in, p, 4, sftpio,
|
||||
conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) {
|
||||
if (errno == EPIPE || errno == ECONNRESET)
|
||||
|
@ -150,7 +150,7 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
|
|||
}
|
||||
|
||||
if ((r = sshbuf_get_u32(m, &msg_len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_get_u32");
|
||||
if (msg_len > SFTP_MAX_MSG_LENGTH) {
|
||||
do_log2(initial ? SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_FATAL,
|
||||
"Received message too long %u", msg_len);
|
||||
|
@ -159,7 +159,7 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
|
|||
}
|
||||
|
||||
if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reserve");
|
||||
if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
|
||||
conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL)
|
||||
!= msg_len) {
|
||||
|
@ -184,11 +184,11 @@ send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s,
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, code)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, s, len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id);
|
||||
sshbuf_free(msg);
|
||||
|
@ -202,12 +202,12 @@ send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code,
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, code)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, s, len)) != 0 ||
|
||||
(r = encode_attrib(msg, a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id);
|
||||
sshbuf_free(msg);
|
||||
|
@ -222,11 +222,11 @@ get_status(struct sftp_conn *conn, u_int expected_id)
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
get_msg(conn, msg);
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
|
||||
if (id != expected_id)
|
||||
fatal("ID mismatch (%u != %u)", id, expected_id);
|
||||
|
@ -235,7 +235,7 @@ get_status(struct sftp_conn *conn, u_int expected_id)
|
|||
SSH2_FXP_STATUS, type);
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &status)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
sshbuf_free(msg);
|
||||
|
||||
debug3("SSH2_FXP_STATUS %u", status);
|
||||
|
@ -261,18 +261,18 @@ get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
|
|||
va_end(args);
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
get_msg(conn, msg);
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
if (id != expected_id)
|
||||
fatal("%s: ID mismatch (%u != %u)",
|
||||
errfmt == NULL ? __func__ : errmsg, id, expected_id);
|
||||
if (type == SSH2_FXP_STATUS) {
|
||||
if ((r = sshbuf_get_u32(msg, &status)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse status");
|
||||
if (errfmt != NULL)
|
||||
error("%s: %s", errmsg, fx2txt(status));
|
||||
sshbuf_free(msg);
|
||||
|
@ -282,7 +282,7 @@ get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
|
|||
errfmt == NULL ? __func__ : errmsg, SSH2_FXP_HANDLE, type);
|
||||
|
||||
if ((r = sshbuf_get_string(msg, &handle, len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse handle");
|
||||
sshbuf_free(msg);
|
||||
|
||||
return handle;
|
||||
|
@ -298,12 +298,12 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
|
|||
static Attrib a;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
get_msg(conn, msg);
|
||||
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("Received stat reply T:%u I:%u", type, id);
|
||||
if (id != expected_id)
|
||||
|
@ -312,7 +312,7 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
|
|||
u_int status;
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &status)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse status");
|
||||
if (quiet)
|
||||
debug("Couldn't stat remote file: %s", fx2txt(status));
|
||||
else
|
||||
|
@ -324,7 +324,7 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
|
|||
SSH2_FXP_ATTRS, type);
|
||||
}
|
||||
if ((r = decode_attrib(msg, &a)) != 0) {
|
||||
error("%s: couldn't decode attrib: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "decode_attrib");
|
||||
sshbuf_free(msg);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -344,12 +344,12 @@ get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st,
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
get_msg(conn, msg);
|
||||
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("Received statvfs reply T:%u I:%u", type, id);
|
||||
if (id != expected_id)
|
||||
|
@ -358,7 +358,7 @@ get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st,
|
|||
u_int status;
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &status)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse status");
|
||||
if (quiet)
|
||||
debug("Couldn't statvfs: %s", fx2txt(status));
|
||||
else
|
||||
|
@ -382,7 +382,7 @@ get_decode_statvfs(struct sftp_conn *conn, struct sftp_statvfs *st,
|
|||
(r = sshbuf_get_u64(msg, &st->f_fsid)) != 0 ||
|
||||
(r = sshbuf_get_u64(msg, &flag)) != 0 ||
|
||||
(r = sshbuf_get_u64(msg, &st->f_namemax)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse statvfs");
|
||||
|
||||
st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0;
|
||||
st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0;
|
||||
|
@ -411,10 +411,11 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
|
|||
ret->limit_kbps = 0;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_INIT)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
send_msg(ret, msg);
|
||||
|
||||
sshbuf_reset(msg);
|
||||
|
@ -423,7 +424,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
|
|||
|
||||
/* Expecting a VERSION reply */
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse type");
|
||||
if (type != SSH2_FXP_VERSION) {
|
||||
error("Invalid packet back from SSH2_FXP_INIT (type %u)",
|
||||
type);
|
||||
|
@ -432,7 +433,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
|
|||
return(NULL);
|
||||
}
|
||||
if ((r = sshbuf_get_u32(msg, &ret->version)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse version");
|
||||
|
||||
debug2("Remote version: %u", ret->version);
|
||||
|
||||
|
@ -445,7 +446,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests,
|
|||
|
||||
if ((r = sshbuf_get_cstring(msg, &name, NULL)) != 0 ||
|
||||
(r = sshbuf_get_string(msg, &value, &vlen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse extension");
|
||||
if (strcmp(name, "posix-rename@openssh.com") == 0 &&
|
||||
strcmp((char *)value, "1") == 0) {
|
||||
ret->exts |= SFTP_EXT_POSIX_RENAME;
|
||||
|
@ -512,13 +513,13 @@ do_close(struct sftp_conn *conn, const u_char *handle, u_int handle_len)
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
id = conn->msg_id++;
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_CLOSE)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, handle, handle_len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
|
||||
|
||||
|
@ -549,11 +550,11 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
|
|||
id = conn->msg_id++;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPENDIR)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, path)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose OPENDIR");
|
||||
send_msg(conn, msg);
|
||||
|
||||
handle = get_handle(conn, id, &handle_len,
|
||||
|
@ -578,7 +579,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
|
|||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_READDIR)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, handle, handle_len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose READDIR");
|
||||
send_msg(conn, msg);
|
||||
|
||||
sshbuf_reset(msg);
|
||||
|
@ -587,7 +588,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
|
|||
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("Received reply T:%u I:%u", type, id);
|
||||
|
||||
|
@ -598,8 +599,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
|
|||
u_int rstatus;
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &rstatus)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse status");
|
||||
debug3("Received SSH2_FXP_STATUS %d", rstatus);
|
||||
if (rstatus == SSH2_FX_EOF)
|
||||
break;
|
||||
|
@ -610,9 +610,9 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
|
|||
SSH2_FXP_NAME, type);
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &count)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse count");
|
||||
if (count > SSHBUF_SIZE_MAX)
|
||||
fatal("%s: nonsensical number of entries", __func__);
|
||||
fatal_f("nonsensical number of entries");
|
||||
if (count == 0)
|
||||
break;
|
||||
debug3("Received %d SSH2_FXP_NAME responses", count);
|
||||
|
@ -624,11 +624,9 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
|
|||
NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(msg, &longname,
|
||||
NULL)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse filenames");
|
||||
if ((r = decode_attrib(msg, &a)) != 0) {
|
||||
error("%s: couldn't decode attrib: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "couldn't decode attrib");
|
||||
free(filename);
|
||||
free(longname);
|
||||
goto out;
|
||||
|
@ -843,12 +841,12 @@ do_realpath(struct sftp_conn *conn, const char *path)
|
|||
strlen(path));
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
get_msg(conn, msg);
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
if (id != expected_id)
|
||||
fatal("ID mismatch (%u != %u)", id, expected_id);
|
||||
|
@ -857,7 +855,7 @@ do_realpath(struct sftp_conn *conn, const char *path)
|
|||
u_int status;
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &status)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse status");
|
||||
error("Couldn't canonicalize: %s", fx2txt(status));
|
||||
sshbuf_free(msg);
|
||||
return NULL;
|
||||
|
@ -866,14 +864,14 @@ do_realpath(struct sftp_conn *conn, const char *path)
|
|||
SSH2_FXP_NAME, type);
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &count)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse count");
|
||||
if (count != 1)
|
||||
fatal("Got multiple names (%d) from SSH_FXP_REALPATH", count);
|
||||
|
||||
if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 ||
|
||||
(r = decode_attrib(msg, &a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse filename/attrib");
|
||||
|
||||
debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename,
|
||||
(unsigned long)a.size);
|
||||
|
@ -894,7 +892,7 @@ do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath,
|
|||
int r, use_ext = (conn->exts & SFTP_EXT_POSIX_RENAME) && !force_legacy;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
/* Send rename request */
|
||||
id = conn->msg_id++;
|
||||
|
@ -903,15 +901,15 @@ do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath,
|
|||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg,
|
||||
"posix-rename@openssh.com")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose posix-rename");
|
||||
} else {
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_RENAME)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose rename");
|
||||
}
|
||||
if ((r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, newpath)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose paths");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message %s \"%s\" -> \"%s\"",
|
||||
use_ext ? "posix-rename@openssh.com" :
|
||||
|
@ -939,7 +937,7 @@ do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
|
|||
}
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
/* Send link request */
|
||||
id = conn->msg_id++;
|
||||
|
@ -948,7 +946,7 @@ do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
|
|||
(r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, newpath)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message hardlink@openssh.com \"%s\" -> \"%s\"",
|
||||
oldpath, newpath);
|
||||
|
@ -975,7 +973,7 @@ do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
|
|||
}
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
/* Send symlink request */
|
||||
id = conn->msg_id++;
|
||||
|
@ -983,7 +981,7 @@ do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
|
|||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, newpath)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message SSH2_FXP_SYMLINK \"%s\" -> \"%s\"", oldpath,
|
||||
newpath);
|
||||
|
@ -1010,13 +1008,13 @@ do_fsync(struct sftp_conn *conn, u_char *handle, u_int handle_len)
|
|||
|
||||
/* Send fsync request */
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
id = conn->msg_id++;
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 ||
|
||||
(r = sshbuf_put_string(msg, handle, handle_len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message fsync@openssh.com I:%u", id);
|
||||
sshbuf_free(msg);
|
||||
|
@ -1043,12 +1041,12 @@ do_readlink(struct sftp_conn *conn, const char *path)
|
|||
send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path));
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
get_msg(conn, msg);
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
if (id != expected_id)
|
||||
fatal("ID mismatch (%u != %u)", id, expected_id);
|
||||
|
@ -1057,7 +1055,7 @@ do_readlink(struct sftp_conn *conn, const char *path)
|
|||
u_int status;
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &status)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse status");
|
||||
error("Couldn't readlink: %s", fx2txt(status));
|
||||
sshbuf_free(msg);
|
||||
return(NULL);
|
||||
|
@ -1066,14 +1064,14 @@ do_readlink(struct sftp_conn *conn, const char *path)
|
|||
SSH2_FXP_NAME, type);
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &count)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse count");
|
||||
if (count != 1)
|
||||
fatal("Got multiple names (%d) from SSH_FXP_READLINK", count);
|
||||
|
||||
if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 ||
|
||||
(r = decode_attrib(msg, &a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse filenames/attrib");
|
||||
|
||||
debug3("SSH_FXP_READLINK %s -> %s", path, filename);
|
||||
|
||||
|
@ -1101,12 +1099,12 @@ do_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st,
|
|||
id = conn->msg_id++;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, path)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
sshbuf_free(msg);
|
||||
|
||||
|
@ -1129,12 +1127,12 @@ do_fstatvfs(struct sftp_conn *conn, const u_char *handle, u_int handle_len,
|
|||
id = conn->msg_id++;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 ||
|
||||
(r = sshbuf_put_string(msg, handle, handle_len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
sshbuf_free(msg);
|
||||
|
||||
|
@ -1156,13 +1154,13 @@ do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a)
|
|||
|
||||
id = conn->msg_id++;
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, path)) != 0 ||
|
||||
(r = encode_attrib(msg, a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
sshbuf_free(msg);
|
||||
|
||||
|
@ -1182,13 +1180,13 @@ send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset,
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, handle, handle_len)) != 0 ||
|
||||
(r = sshbuf_put_u64(msg, offset)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
sshbuf_free(msg);
|
||||
}
|
||||
|
@ -1242,7 +1240,7 @@ do_download(struct sftp_conn *conn, const char *remote_path,
|
|||
|
||||
buflen = conn->transfer_buflen;
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
attrib_clear(&junk); /* Send empty attributes */
|
||||
|
||||
|
@ -1253,7 +1251,7 @@ do_download(struct sftp_conn *conn, const char *remote_path,
|
|||
(r = sshbuf_put_cstring(msg, remote_path)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 ||
|
||||
(r = encode_attrib(msg, &junk)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
|
||||
|
||||
|
@ -1339,7 +1337,7 @@ do_download(struct sftp_conn *conn, const char *remote_path,
|
|||
get_msg(conn, msg);
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
|
||||
|
||||
/* Find the request in our queue */
|
||||
|
@ -1353,8 +1351,7 @@ do_download(struct sftp_conn *conn, const char *remote_path,
|
|||
switch (type) {
|
||||
case SSH2_FXP_STATUS:
|
||||
if ((r = sshbuf_get_u32(msg, &status)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse status");
|
||||
if (status != SSH2_FX_EOF)
|
||||
read_error = 1;
|
||||
max_req = 0;
|
||||
|
@ -1364,8 +1361,7 @@ do_download(struct sftp_conn *conn, const char *remote_path,
|
|||
break;
|
||||
case SSH2_FXP_DATA:
|
||||
if ((r = sshbuf_get_string(msg, &data, &len)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse data");
|
||||
debug3("Received data %llu -> %llu",
|
||||
(unsigned long long)req->offset,
|
||||
(unsigned long long)req->offset + len - 1);
|
||||
|
@ -1677,7 +1673,7 @@ do_upload(struct sftp_conn *conn, const char *local_path,
|
|||
}
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
/* Send open request */
|
||||
id = conn->msg_id++;
|
||||
|
@ -1687,7 +1683,7 @@ do_upload(struct sftp_conn *conn, const char *local_path,
|
|||
(r = sshbuf_put_u32(msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|
|
||||
(resume ? SSH2_FXF_APPEND : SSH2_FXF_TRUNC))) != 0 ||
|
||||
(r = encode_attrib(msg, &a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
|
||||
|
||||
|
@ -1744,8 +1740,7 @@ do_upload(struct sftp_conn *conn, const char *local_path,
|
|||
handle_len)) != 0 ||
|
||||
(r = sshbuf_put_u64(msg, offset)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, data, len)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(conn, msg);
|
||||
debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
|
||||
id, (unsigned long long)offset, len);
|
||||
|
@ -1763,16 +1758,14 @@ do_upload(struct sftp_conn *conn, const char *local_path,
|
|||
get_msg(conn, msg);
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
|
||||
(r = sshbuf_get_u32(msg, &rid)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
if (type != SSH2_FXP_STATUS)
|
||||
fatal("Expected SSH2_FXP_STATUS(%d) packet, "
|
||||
"got %d", SSH2_FXP_STATUS, type);
|
||||
|
||||
if ((r = sshbuf_get_u32(msg, &status)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse status");
|
||||
debug3("SSH2_FXP_STATUS %u", status);
|
||||
|
||||
/* Find the request in our queue */
|
||||
|
@ -1791,7 +1784,7 @@ do_upload(struct sftp_conn *conn, const char *local_path,
|
|||
}
|
||||
offset += len;
|
||||
if (offset < 0)
|
||||
fatal("%s: offset < 0", __func__);
|
||||
fatal_f("offset < 0");
|
||||
}
|
||||
sshbuf_free(msg);
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sftp-common.c,v 1.31 2018/09/13 15:23:32 millert Exp $ */
|
||||
/* $OpenBSD: sftp-common.c,v 1.32 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2001 Damien Miller. All rights reserved.
|
||||
|
@ -136,7 +136,7 @@ decode_attrib(struct sshbuf *b, Attrib *a)
|
|||
u_int i, count;
|
||||
|
||||
if ((r = sshbuf_get_u32(b, &count)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
return r;
|
||||
for (i = 0; i < count; i++) {
|
||||
if ((r = sshbuf_get_cstring(b, &type, NULL)) != 0 ||
|
||||
(r = sshbuf_get_string(b, &data, &dlen)) != 0)
|
||||
|
|
121
sftp-server.c
121
sftp-server.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sftp-server.c,v 1.119 2020/07/17 03:51:32 djm Exp $ */
|
||||
/* $OpenBSD: sftp-server.c,v 1.120 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -489,7 +489,7 @@ send_msg(struct sshbuf *m)
|
|||
int r;
|
||||
|
||||
if ((r = sshbuf_put_stringb(oqueue, m)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "enqueue");
|
||||
sshbuf_reset(m);
|
||||
}
|
||||
|
||||
|
@ -522,16 +522,16 @@ send_status(u_int32_t id, u_int32_t status)
|
|||
(status != SSH2_FX_OK && status != SSH2_FX_EOF))
|
||||
logit("sent status %s", status_to_message(status));
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_STATUS)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, status)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
if (version >= 3) {
|
||||
if ((r = sshbuf_put_cstring(msg,
|
||||
status_to_message(status))) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, "")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose message");
|
||||
}
|
||||
send_msg(msg);
|
||||
sshbuf_free(msg);
|
||||
|
@ -543,11 +543,11 @@ send_data_or_handle(char type, u_int32_t id, const u_char *data, int dlen)
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, type)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, data, dlen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(msg);
|
||||
sshbuf_free(msg);
|
||||
}
|
||||
|
@ -578,17 +578,17 @@ send_names(u_int32_t id, int count, const Stat *stats)
|
|||
int i, r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_NAME)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, count)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
debug("request %u: sent names count %d", id, count);
|
||||
for (i = 0; i < count; i++) {
|
||||
if ((r = sshbuf_put_cstring(msg, stats[i].name)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, stats[i].long_name)) != 0 ||
|
||||
(r = encode_attrib(msg, &stats[i].attrib)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose filenames/attrib");
|
||||
}
|
||||
send_msg(msg);
|
||||
sshbuf_free(msg);
|
||||
|
@ -602,11 +602,11 @@ send_attrib(u_int32_t id, const Attrib *a)
|
|||
|
||||
debug("request %u: sent attrib have 0x%x", id, a->flags);
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_ATTRS)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = encode_attrib(msg, a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(msg);
|
||||
sshbuf_free(msg);
|
||||
}
|
||||
|
@ -622,7 +622,7 @@ send_statvfs(u_int32_t id, struct statvfs *st)
|
|||
flag |= (st->f_flag & ST_NOSUID) ? SSH2_FXE_STATVFS_ST_NOSUID : 0;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED_REPLY)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, id)) != 0 ||
|
||||
(r = sshbuf_put_u64(msg, st->f_bsize)) != 0 ||
|
||||
|
@ -636,7 +636,7 @@ send_statvfs(u_int32_t id, struct statvfs *st)
|
|||
(r = sshbuf_put_u64(msg, FSID_TO_ULONG(st->f_fsid))) != 0 ||
|
||||
(r = sshbuf_put_u64(msg, flag)) != 0 ||
|
||||
(r = sshbuf_put_u64(msg, st->f_namemax)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(msg);
|
||||
sshbuf_free(msg);
|
||||
}
|
||||
|
@ -650,10 +650,10 @@ process_init(void)
|
|||
int r;
|
||||
|
||||
if ((r = sshbuf_get_u32(iqueue, &version)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
verbose("received client version %u", version);
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_FXP_VERSION)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0 ||
|
||||
/* POSIX rename extension */
|
||||
|
@ -673,7 +673,7 @@ process_init(void)
|
|||
(r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */
|
||||
(r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, "1")) != 0) /* version */
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(msg);
|
||||
sshbuf_free(msg);
|
||||
}
|
||||
|
@ -689,7 +689,7 @@ process_open(u_int32_t id)
|
|||
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
|
||||
(r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */
|
||||
(r = decode_attrib(iqueue, &a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: open flags %d", id, pflags);
|
||||
flags = flags_from_portable(pflags);
|
||||
|
@ -726,7 +726,7 @@ process_close(u_int32_t id)
|
|||
int r, handle, ret, status = SSH2_FX_FAILURE;
|
||||
|
||||
if ((r = get_handle(iqueue, &handle)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: close handle %u", id, handle);
|
||||
handle_log_close(handle, NULL);
|
||||
|
@ -746,7 +746,7 @@ process_read(u_int32_t id)
|
|||
if ((r = get_handle(iqueue, &handle)) != 0 ||
|
||||
(r = sshbuf_get_u64(iqueue, &off)) != 0 ||
|
||||
(r = sshbuf_get_u32(iqueue, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug("request %u: read \"%s\" (handle %d) off %llu len %d",
|
||||
id, handle_to_name(handle), handle, (unsigned long long)off, len);
|
||||
|
@ -787,7 +787,7 @@ process_write(u_int32_t id)
|
|||
if ((r = get_handle(iqueue, &handle)) != 0 ||
|
||||
(r = sshbuf_get_u64(iqueue, &off)) != 0 ||
|
||||
(r = sshbuf_get_string(iqueue, &data, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug("request %u: write \"%s\" (handle %d) off %llu len %zu",
|
||||
id, handle_to_name(handle), handle, (unsigned long long)off, len);
|
||||
|
@ -799,19 +799,18 @@ process_write(u_int32_t id)
|
|||
if (!(handle_to_flags(handle) & O_APPEND) &&
|
||||
lseek(fd, off, SEEK_SET) == -1) {
|
||||
status = errno_to_portable(errno);
|
||||
error("%s: seek failed", __func__);
|
||||
error_f("seek failed");
|
||||
} else {
|
||||
/* XXX ATOMICIO ? */
|
||||
ret = write(fd, data, len);
|
||||
if (ret == -1) {
|
||||
error("%s: write: %s", __func__,
|
||||
strerror(errno));
|
||||
error_f("write: %s", strerror(errno));
|
||||
status = errno_to_portable(errno);
|
||||
} else if ((size_t)ret == len) {
|
||||
status = SSH2_FX_OK;
|
||||
handle_update_write(handle, ret);
|
||||
} else {
|
||||
debug2("%s: nothing at all written", __func__);
|
||||
debug2_f("nothing at all written");
|
||||
status = SSH2_FX_FAILURE;
|
||||
}
|
||||
}
|
||||
|
@ -829,7 +828,7 @@ process_do_stat(u_int32_t id, int do_lstat)
|
|||
int r, status = SSH2_FX_FAILURE;
|
||||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: %sstat", id, do_lstat ? "l" : "");
|
||||
verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
|
||||
|
@ -866,7 +865,7 @@ process_fstat(u_int32_t id)
|
|||
int fd, r, handle, status = SSH2_FX_FAILURE;
|
||||
|
||||
if ((r = get_handle(iqueue, &handle)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
debug("request %u: fstat \"%s\" (handle %u)",
|
||||
id, handle_to_name(handle), handle);
|
||||
fd = handle_to_fd(handle);
|
||||
|
@ -917,7 +916,7 @@ process_setstat(u_int32_t id)
|
|||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
|
||||
(r = decode_attrib(iqueue, &a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug("request %u: setstat name \"%s\"", id, name);
|
||||
if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
|
||||
|
@ -964,7 +963,7 @@ process_fsetstat(u_int32_t id)
|
|||
|
||||
if ((r = get_handle(iqueue, &handle)) != 0 ||
|
||||
(r = decode_attrib(iqueue, &a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug("request %u: fsetstat handle %d", id, handle);
|
||||
fd = handle_to_fd(handle);
|
||||
|
@ -1028,7 +1027,7 @@ process_opendir(u_int32_t id)
|
|||
int r, handle, status = SSH2_FX_FAILURE;
|
||||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: opendir", id);
|
||||
logit("opendir \"%s\"", path);
|
||||
|
@ -1059,7 +1058,7 @@ process_readdir(u_int32_t id)
|
|||
int r, handle;
|
||||
|
||||
if ((r = get_handle(iqueue, &handle)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug("request %u: readdir \"%s\" (handle %d)", id,
|
||||
handle_to_name(handle), handle);
|
||||
|
@ -1113,7 +1112,7 @@ process_remove(u_int32_t id)
|
|||
int r, status = SSH2_FX_FAILURE;
|
||||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: remove", id);
|
||||
logit("remove name \"%s\"", name);
|
||||
|
@ -1132,7 +1131,7 @@ process_mkdir(u_int32_t id)
|
|||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
|
||||
(r = decode_attrib(iqueue, &a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
|
||||
a.perm & 07777 : 0777;
|
||||
|
@ -1151,7 +1150,7 @@ process_rmdir(u_int32_t id)
|
|||
int r, status;
|
||||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: rmdir", id);
|
||||
logit("rmdir name \"%s\"", name);
|
||||
|
@ -1169,7 +1168,7 @@ process_realpath(u_int32_t id)
|
|||
int r;
|
||||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
if (path[0] == '\0') {
|
||||
free(path);
|
||||
|
@ -1197,7 +1196,7 @@ process_rename(u_int32_t id)
|
|||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: rename", id);
|
||||
logit("rename old \"%s\" new \"%s\"", oldpath, newpath);
|
||||
|
@ -1256,7 +1255,7 @@ process_readlink(u_int32_t id)
|
|||
char *path;
|
||||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: readlink", id);
|
||||
verbose("readlink \"%s\"", path);
|
||||
|
@ -1281,7 +1280,7 @@ process_symlink(u_int32_t id)
|
|||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: symlink", id);
|
||||
logit("symlink old \"%s\" new \"%s\"", oldpath, newpath);
|
||||
|
@ -1301,7 +1300,7 @@ process_extended_posix_rename(u_int32_t id)
|
|||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: posix-rename", id);
|
||||
logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath);
|
||||
|
@ -1320,7 +1319,7 @@ process_extended_statvfs(u_int32_t id)
|
|||
int r;
|
||||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
debug3("request %u: statvfs", id);
|
||||
logit("statvfs \"%s\"", path);
|
||||
|
||||
|
@ -1338,7 +1337,7 @@ process_extended_fstatvfs(u_int32_t id)
|
|||
struct statvfs st;
|
||||
|
||||
if ((r = get_handle(iqueue, &handle)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
debug("request %u: fstatvfs \"%s\" (handle %u)",
|
||||
id, handle_to_name(handle), handle);
|
||||
if ((fd = handle_to_fd(handle)) < 0) {
|
||||
|
@ -1359,7 +1358,7 @@ process_extended_hardlink(u_int32_t id)
|
|||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug3("request %u: hardlink", id);
|
||||
logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath);
|
||||
|
@ -1376,7 +1375,7 @@ process_extended_fsync(u_int32_t id)
|
|||
int handle, fd, r, status = SSH2_FX_OP_UNSUPPORTED;
|
||||
|
||||
if ((r = get_handle(iqueue, &handle)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
debug3("request %u: fsync (handle %u)", id, handle);
|
||||
verbose("fsync \"%s\"", handle_to_name(handle));
|
||||
if ((fd = handle_to_fd(handle)) < 0)
|
||||
|
@ -1397,7 +1396,7 @@ process_extended_lsetstat(u_int32_t id)
|
|||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
|
||||
(r = decode_attrib(iqueue, &a)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
debug("request %u: lsetstat name \"%s\"", id, name);
|
||||
if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
|
||||
|
@ -1444,7 +1443,7 @@ process_extended(u_int32_t id)
|
|||
int i, r;
|
||||
|
||||
if ((r = sshbuf_get_cstring(iqueue, &request, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
for (i = 0; extended_handlers[i].handler != NULL; i++) {
|
||||
if (strcmp(request, extended_handlers[i].ext_name) == 0) {
|
||||
if (!request_permitted(&extended_handlers[i]))
|
||||
|
@ -1487,10 +1486,10 @@ process(void)
|
|||
if (buf_len < msg_len + 4)
|
||||
return;
|
||||
if ((r = sshbuf_consume(iqueue, 4)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "consume");
|
||||
buf_len -= 4;
|
||||
if ((r = sshbuf_get_u8(iqueue, &type)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse type");
|
||||
|
||||
switch (type) {
|
||||
case SSH2_FXP_INIT:
|
||||
|
@ -1501,14 +1500,14 @@ process(void)
|
|||
if (!init_done)
|
||||
fatal("Received extended request before init");
|
||||
if ((r = sshbuf_get_u32(iqueue, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse extended ID");
|
||||
process_extended(id);
|
||||
break;
|
||||
default:
|
||||
if (!init_done)
|
||||
fatal("Received %u request before init", type);
|
||||
if ((r = sshbuf_get_u32(iqueue, &id)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse ID");
|
||||
for (i = 0; handlers[i].handler != NULL; i++) {
|
||||
if (type == handlers[i].type) {
|
||||
if (!request_permitted(&handlers[i])) {
|
||||
|
@ -1535,7 +1534,7 @@ process(void)
|
|||
}
|
||||
if (msg_len > consumed &&
|
||||
(r = sshbuf_consume(iqueue, msg_len - consumed)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "consume");
|
||||
}
|
||||
|
||||
/* Cleanup handler that logs active handles upon normal exit */
|
||||
|
@ -1693,9 +1692,9 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
|
|||
max = out;
|
||||
|
||||
if ((iqueue = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((oqueue = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
rset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
|
||||
wset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
|
||||
|
@ -1722,8 +1721,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
|
|||
SFTP_MAX_MSG_LENGTH)) == 0)
|
||||
FD_SET(in, rset);
|
||||
else if (r != SSH_ERR_NO_BUFFER_SPACE)
|
||||
fatal("%s: sshbuf_check_reserve failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "reserve");
|
||||
|
||||
olen = sshbuf_len(oqueue);
|
||||
if (olen > 0)
|
||||
|
@ -1745,10 +1743,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
|
|||
} else if (len == -1) {
|
||||
error("read: %s", strerror(errno));
|
||||
sftp_server_cleanup_exit(1);
|
||||
} else if ((r = sshbuf_put(iqueue, buf, len)) != 0) {
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
} else if ((r = sshbuf_put(iqueue, buf, len)) != 0)
|
||||
fatal_fr(r, "sshbuf_put");
|
||||
}
|
||||
/* send oqueue to stdout */
|
||||
if (FD_ISSET(out, wset)) {
|
||||
|
@ -1756,10 +1752,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
|
|||
if (len == -1) {
|
||||
error("write: %s", strerror(errno));
|
||||
sftp_server_cleanup_exit(1);
|
||||
} else if ((r = sshbuf_consume(oqueue, len)) != 0) {
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
} else if ((r = sshbuf_consume(oqueue, len)) != 0)
|
||||
fatal_fr(r, "consume");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1771,7 +1765,6 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
|
|||
if (r == 0)
|
||||
process();
|
||||
else if (r != SSH_ERR_NO_BUFFER_SPACE)
|
||||
fatal("%s: sshbuf_check_reserve: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "reserve");
|
||||
}
|
||||
}
|
||||
|
|
4
sftp.c
4
sftp.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sftp.c,v 1.202 2020/10/04 03:04:02 dtucker Exp $ */
|
||||
/* $OpenBSD: sftp.c,v 1.203 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
|
@ -2101,7 +2101,7 @@ complete(EditLine *el, int ch)
|
|||
|
||||
lf = el_line(el);
|
||||
if (el_get(el, EL_CLIENTDATA, (void**)&complete_ctx) != 0)
|
||||
fatal("%s: el_get failed", __func__);
|
||||
fatal_f("el_get failed");
|
||||
|
||||
/* Figure out which argument the cursor points to */
|
||||
cursor = lf->cursor - lf->buffer;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sk-usbhid.c,v 1.27 2020/10/03 03:40:38 djm Exp $ */
|
||||
/* $OpenBSD: sk-usbhid.c,v 1.28 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Markus Friedl
|
||||
* Copyright (c) 2020 Pedro Martelletto
|
||||
|
@ -815,7 +815,7 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
|
|||
}
|
||||
if ((ptr = fido_cred_x5c_ptr(cred)) != NULL) {
|
||||
len = fido_cred_x5c_len(cred);
|
||||
debug3("%s: attestation cert len=%zu", __func__, len);
|
||||
skdebug(__func__, "attestation cert len=%zu", len);
|
||||
if ((response->attestation_cert = calloc(1, len)) == NULL) {
|
||||
skdebug(__func__, "calloc attestation cert failed");
|
||||
goto out;
|
||||
|
@ -825,7 +825,7 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
|
|||
}
|
||||
if ((ptr = fido_cred_authdata_ptr(cred)) != NULL) {
|
||||
len = fido_cred_authdata_len(cred);
|
||||
debug3("%s: authdata len=%zu", __func__, len);
|
||||
skdebug(__func__, "authdata len=%zu", len);
|
||||
if ((response->authdata = calloc(1, len)) == NULL) {
|
||||
skdebug(__func__, "calloc authdata failed");
|
||||
goto out;
|
||||
|
|
32
ssh-add.c
32
ssh-add.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-add.c,v 1.157 2020/08/31 04:33:17 djm Exp $ */
|
||||
/* $OpenBSD: ssh-add.c,v 1.158 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -146,9 +146,9 @@ delete_stdin(int agent_fd, int qflag)
|
|||
if (*cp == '#' || *cp == '\0')
|
||||
continue;
|
||||
if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
|
||||
fatal("%s: sshkey_new", __func__);
|
||||
fatal_f("sshkey_new");
|
||||
if ((r = sshkey_read(key, &cp)) != 0) {
|
||||
error("(stdin):%d: invalid key: %s", lnum, ssh_err(r));
|
||||
error_r(r, "(stdin):%d: invalid key", lnum);
|
||||
continue;
|
||||
}
|
||||
if (delete_one(agent_fd, key, cp, "(stdin)", qflag) == 0)
|
||||
|
@ -185,8 +185,7 @@ delete_file(int agent_fd, const char *filename, int key_only, int qflag)
|
|||
xasprintf(&certpath, "%s-cert.pub", filename);
|
||||
if ((r = sshkey_load_public(certpath, &cert, &comment)) != 0) {
|
||||
if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
|
||||
error("Failed to load certificate \"%s\": %s",
|
||||
certpath, ssh_err(r));
|
||||
error_r(r, "Failed to load certificate \"%s\"", certpath);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -393,8 +392,7 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
|
|||
xasprintf(&certpath, "%s-cert.pub", filename);
|
||||
if ((r = sshkey_load_public(certpath, &cert, NULL)) != 0) {
|
||||
if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
|
||||
error("Failed to load certificate \"%s\": %s",
|
||||
certpath, ssh_err(r));
|
||||
error_r(r, "Failed to load certificate \"%s\"", certpath);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -407,12 +405,12 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
|
|||
|
||||
/* Graft with private bits */
|
||||
if ((r = sshkey_to_certified(private)) != 0) {
|
||||
error("%s: sshkey_to_certified: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_certified");
|
||||
sshkey_free(cert);
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_cert_copy(cert, private)) != 0) {
|
||||
error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_cert_copy");
|
||||
sshkey_free(cert);
|
||||
goto out;
|
||||
}
|
||||
|
@ -420,8 +418,8 @@ add_file(int agent_fd, const char *filename, int key_only, int qflag,
|
|||
|
||||
if ((r = ssh_add_identity_constrained(agent_fd, private, comment,
|
||||
lifetime, confirm, maxsign, skprovider)) != 0) {
|
||||
error("Certificate %s (%s) add failed: %s", certpath,
|
||||
private->cert->key_id, ssh_err(r));
|
||||
error_r(r, "Certificate %s (%s) add failed", certpath,
|
||||
private->cert->key_id);
|
||||
goto out;
|
||||
}
|
||||
/* success */
|
||||
|
@ -484,20 +482,18 @@ test_key(int agent_fd, const char *filename)
|
|||
char data[1024];
|
||||
|
||||
if ((r = sshkey_load_public(filename, &key, NULL)) != 0) {
|
||||
error("Couldn't read public key %s: %s", filename, ssh_err(r));
|
||||
error_r(r, "Couldn't read public key %s", filename);
|
||||
return -1;
|
||||
}
|
||||
arc4random_buf(data, sizeof(data));
|
||||
if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data),
|
||||
NULL, 0)) != 0) {
|
||||
error("Agent signature failed for %s: %s",
|
||||
filename, ssh_err(r));
|
||||
error_r(r, "Agent signature failed for %s", filename);
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
|
||||
NULL, 0, NULL)) != 0) {
|
||||
error("Signature verification failed for %s: %s",
|
||||
filename, ssh_err(r));
|
||||
error_r(r, "Signature verification failed for %s", filename);
|
||||
goto done;
|
||||
}
|
||||
/* success */
|
||||
|
@ -592,13 +588,13 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag)
|
|||
pass = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
|
||||
if ((r = sshsk_load_resident(skprovider, NULL, pass,
|
||||
&keys, &nkeys)) != 0) {
|
||||
error("Unable to load resident keys: %s", ssh_err(r));
|
||||
error_r(r, "Unable to load resident keys");
|
||||
return r;
|
||||
}
|
||||
for (i = 0; i < nkeys; i++) {
|
||||
if ((fp = sshkey_fingerprint(keys[i],
|
||||
fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed", __func__);
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
if ((r = ssh_add_identity_constrained(agent_fd, keys[i], "",
|
||||
lifetime, confirm, maxsign, skprovider)) != 0) {
|
||||
error("Unable to add key %s %s",
|
||||
|
|
172
ssh-agent.c
172
ssh-agent.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-agent.c,v 1.265 2020/10/03 09:22:26 djm Exp $ */
|
||||
/* $OpenBSD: ssh-agent.c,v 1.266 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -238,7 +238,7 @@ send_status(SocketEntry *e, int success)
|
|||
if ((r = sshbuf_put_u32(e->output, 1)) != 0 ||
|
||||
(r = sshbuf_put_u8(e->output, success ?
|
||||
SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
}
|
||||
|
||||
/* send list of supported public keys to 'client' */
|
||||
|
@ -250,21 +250,20 @@ process_request_identities(SocketEntry *e)
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, idtab->nentries)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
TAILQ_FOREACH(id, &idtab->idlist, next) {
|
||||
if ((r = sshkey_puts_opts(id->key, msg, SSHKEY_SERIALIZE_INFO))
|
||||
!= 0 ||
|
||||
(r = sshbuf_put_cstring(msg, id->comment)) != 0) {
|
||||
error("%s: put key/comment: %s", __func__,
|
||||
ssh_err(r));
|
||||
error_fr(r, "compose key/comment");
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "enqueue");
|
||||
sshbuf_free(msg);
|
||||
}
|
||||
|
||||
|
@ -305,7 +304,7 @@ check_websafe_message_contents(struct sshkey *key,
|
|||
struct sshkey *mkey = NULL;
|
||||
|
||||
if ((b = sshbuf_from(msg, len)) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
|
||||
/* SSH userauth request */
|
||||
if ((r = sshbuf_get_string_direct(b, NULL, NULL)) == 0 && /* sess_id */
|
||||
|
@ -317,12 +316,12 @@ check_websafe_message_contents(struct sshkey *key,
|
|||
(r = sshbuf_get_cstring(b, NULL, NULL)) == 0 && /* alg */
|
||||
(r = sshkey_froms(b, &mkey)) == 0 && /* key */
|
||||
sshbuf_len(b) == 0) {
|
||||
debug("%s: parsed userauth", __func__);
|
||||
debug_f("parsed userauth");
|
||||
if (m == SSH2_MSG_USERAUTH_REQUEST && n == 1 &&
|
||||
strcmp(cp1, "ssh-connection") == 0 &&
|
||||
strcmp(cp2, "publickey") == 0 &&
|
||||
sshkey_equal(key, mkey)) {
|
||||
debug("%s: well formed userauth", __func__);
|
||||
debug_f("well formed userauth");
|
||||
matched = 1;
|
||||
}
|
||||
}
|
||||
|
@ -334,7 +333,7 @@ check_websafe_message_contents(struct sshkey *key,
|
|||
return 1;
|
||||
|
||||
if ((b = sshbuf_from(msg, len)) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
cp1 = cp2 = NULL;
|
||||
mkey = NULL;
|
||||
|
||||
|
@ -346,7 +345,7 @@ check_websafe_message_contents(struct sshkey *key,
|
|||
(r = sshbuf_get_cstring(b, NULL, NULL)) == 0 && /* hashalg */
|
||||
(r = sshbuf_get_string_direct(b, NULL, NULL)) == 0 && /* H(msg) */
|
||||
sshbuf_len(b) == 0) {
|
||||
debug("%s: parsed sshsig", __func__);
|
||||
debug_f("parsed sshsig");
|
||||
matched = 1;
|
||||
}
|
||||
|
||||
|
@ -376,20 +375,20 @@ process_sign_request2(SocketEntry *e)
|
|||
struct notifier_ctx *notifier = NULL;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshkey_froms(e->request, &key)) != 0 ||
|
||||
(r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 ||
|
||||
(r = sshbuf_get_u32(e->request, &flags)) != 0) {
|
||||
error("%s: couldn't parse request: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
goto send;
|
||||
}
|
||||
|
||||
if ((id = lookup_identity(key)) == NULL) {
|
||||
verbose("%s: %s key not found", __func__, sshkey_type(key));
|
||||
verbose_f("%s key not found", sshkey_type(key));
|
||||
goto send;
|
||||
}
|
||||
if (id->confirm && confirm_key(id) != 0) {
|
||||
verbose("%s: user refused key", __func__);
|
||||
verbose_f("user refused key");
|
||||
goto send;
|
||||
}
|
||||
if (sshkey_is_sk(id->key)) {
|
||||
|
@ -401,7 +400,7 @@ process_sign_request2(SocketEntry *e)
|
|||
if ((id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
|
||||
if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
|
||||
SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: fingerprint failed", __func__);
|
||||
fatal_f("fingerprint failed");
|
||||
notifier = notify_start(0,
|
||||
"Confirm user presence for key %s %s",
|
||||
sshkey_type(id->key), fp);
|
||||
|
@ -411,7 +410,7 @@ process_sign_request2(SocketEntry *e)
|
|||
if ((r = sshkey_sign(id->key, &signature, &slen,
|
||||
data, dlen, agent_decode_alg(key, flags),
|
||||
id->sk_provider, NULL, compat)) != 0) {
|
||||
error("%s: sshkey_sign: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_sign");
|
||||
goto send;
|
||||
}
|
||||
/* Success */
|
||||
|
@ -423,12 +422,12 @@ process_sign_request2(SocketEntry *e)
|
|||
if (ok == 0) {
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, signature, slen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
} else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose failure");
|
||||
|
||||
if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "enqueue");
|
||||
|
||||
sshbuf_free(msg);
|
||||
free(signature);
|
||||
|
@ -443,17 +442,16 @@ process_remove_identity(SocketEntry *e)
|
|||
Identity *id;
|
||||
|
||||
if ((r = sshkey_froms(e->request, &key)) != 0) {
|
||||
error("%s: get key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse key");
|
||||
goto done;
|
||||
}
|
||||
if ((id = lookup_identity(key)) == NULL) {
|
||||
debug("%s: key not found", __func__);
|
||||
debug_f("key not found");
|
||||
goto done;
|
||||
}
|
||||
/* We have this key, free it. */
|
||||
if (idtab->nentries < 1)
|
||||
fatal("%s: internal error: nentries %d",
|
||||
__func__, idtab->nentries);
|
||||
fatal_f("internal error: nentries %d", idtab->nentries);
|
||||
TAILQ_REMOVE(&idtab->idlist, id, next);
|
||||
free_identity(id);
|
||||
idtab->nentries--;
|
||||
|
@ -524,19 +522,18 @@ process_add_identity(SocketEntry *e)
|
|||
if ((r = sshkey_private_deserialize(e->request, &k)) != 0 ||
|
||||
k == NULL ||
|
||||
(r = sshbuf_get_cstring(e->request, &comment, NULL)) != 0) {
|
||||
error("%s: decode private key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
goto err;
|
||||
}
|
||||
while (sshbuf_len(e->request)) {
|
||||
if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse constraint type");
|
||||
goto err;
|
||||
}
|
||||
switch (ctype) {
|
||||
case SSH_AGENT_CONSTRAIN_LIFETIME:
|
||||
if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) {
|
||||
error("%s: bad lifetime constraint: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "parse lifetime constraint");
|
||||
goto err;
|
||||
}
|
||||
death = monotime() + seconds;
|
||||
|
@ -546,24 +543,21 @@ process_add_identity(SocketEntry *e)
|
|||
break;
|
||||
case SSH_AGENT_CONSTRAIN_MAXSIGN:
|
||||
if ((r = sshbuf_get_u32(e->request, &maxsign)) != 0) {
|
||||
error("%s: bad maxsign constraint: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "parse maxsign constraint");
|
||||
goto err;
|
||||
}
|
||||
if ((r = sshkey_enable_maxsign(k, maxsign)) != 0) {
|
||||
error("%s: cannot enable maxsign: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "enable maxsign");
|
||||
goto err;
|
||||
}
|
||||
break;
|
||||
case SSH_AGENT_CONSTRAIN_EXTENSION:
|
||||
if ((r = sshbuf_get_cstring(e->request,
|
||||
&ext_name, NULL)) != 0) {
|
||||
error("%s: cannot parse extension: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "parse constraint extension");
|
||||
goto err;
|
||||
}
|
||||
debug("%s: constraint ext %s", __func__, ext_name);
|
||||
debug_f("constraint ext %s", ext_name);
|
||||
if (strcmp(ext_name, "sk-provider@openssh.com") == 0) {
|
||||
if (sk_provider != NULL) {
|
||||
error("%s already set", ext_name);
|
||||
|
@ -571,19 +565,18 @@ process_add_identity(SocketEntry *e)
|
|||
}
|
||||
if ((r = sshbuf_get_cstring(e->request,
|
||||
&sk_provider, NULL)) != 0) {
|
||||
error("%s: cannot parse %s: %s",
|
||||
__func__, ext_name, ssh_err(r));
|
||||
error_fr(r, "parse %s", ext_name);
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
error("%s: unsupported constraint \"%s\"",
|
||||
__func__, ext_name);
|
||||
error_f("unsupported constraint \"%s\"",
|
||||
ext_name);
|
||||
goto err;
|
||||
}
|
||||
free(ext_name);
|
||||
break;
|
||||
default:
|
||||
error("%s: Unknown constraint %d", __func__, ctype);
|
||||
error_f("Unknown constraint %d", ctype);
|
||||
err:
|
||||
free(sk_provider);
|
||||
free(ext_name);
|
||||
|
@ -601,7 +594,7 @@ process_add_identity(SocketEntry *e)
|
|||
goto send;
|
||||
}
|
||||
if (strcasecmp(sk_provider, "internal") == 0) {
|
||||
debug("%s: internal provider", __func__);
|
||||
debug_f("internal provider");
|
||||
} else {
|
||||
if (realpath(sk_provider, canonical_provider) == NULL) {
|
||||
verbose("failed provider \"%.100s\": "
|
||||
|
@ -622,7 +615,7 @@ process_add_identity(SocketEntry *e)
|
|||
}
|
||||
}
|
||||
if ((r = sshkey_shield_private(k)) != 0) {
|
||||
error("%s: shield private key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "shield private");
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -648,9 +641,9 @@ process_add_identity(SocketEntry *e)
|
|||
|
||||
if ((fp = sshkey_fingerprint(k, SSH_FP_HASH_DEFAULT,
|
||||
SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed", __func__);
|
||||
debug("%s: add %s %s \"%.100s\" (life: %u) (confirm: %u) "
|
||||
"(provider: %s)", __func__, sshkey_ssh_name(k), fp, comment,
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
debug_f("add %s %s \"%.100s\" (life: %u) (confirm: %u) "
|
||||
"(provider: %s)", sshkey_ssh_name(k), fp, comment,
|
||||
seconds, confirm, sk_provider == NULL ? "none" : sk_provider);
|
||||
free(fp);
|
||||
send:
|
||||
|
@ -673,7 +666,7 @@ process_lock_agent(SocketEntry *e, int lock)
|
|||
* do is abort.
|
||||
*/
|
||||
if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
if (pwlen == 0) {
|
||||
debug("empty password not supported");
|
||||
} else if (locked && !lock) {
|
||||
|
@ -716,11 +709,11 @@ no_identities(SocketEntry *e)
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, 0)) != 0 ||
|
||||
(r = sshbuf_put_stringb(e->output, msg)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
sshbuf_free(msg);
|
||||
}
|
||||
|
||||
|
@ -739,20 +732,19 @@ process_add_smartcard_key(SocketEntry *e)
|
|||
|
||||
if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
goto send;
|
||||
}
|
||||
|
||||
while (sshbuf_len(e->request)) {
|
||||
if ((r = sshbuf_get_u8(e->request, &type)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse type");
|
||||
goto send;
|
||||
}
|
||||
switch (type) {
|
||||
case SSH_AGENT_CONSTRAIN_LIFETIME:
|
||||
if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) {
|
||||
error("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "parse lifetime");
|
||||
goto send;
|
||||
}
|
||||
death = monotime() + seconds;
|
||||
|
@ -761,7 +753,7 @@ process_add_smartcard_key(SocketEntry *e)
|
|||
confirm = 1;
|
||||
break;
|
||||
default:
|
||||
error("%s: Unknown constraint type %d", __func__, type);
|
||||
error_f("Unknown constraint type %d", type);
|
||||
goto send;
|
||||
}
|
||||
}
|
||||
|
@ -775,7 +767,7 @@ process_add_smartcard_key(SocketEntry *e)
|
|||
"provider not allowed", canonical_provider);
|
||||
goto send;
|
||||
}
|
||||
debug("%s: add %.100s", __func__, canonical_provider);
|
||||
debug_f("add %.100s", canonical_provider);
|
||||
if (lifetime && !death)
|
||||
death = monotime() + lifetime;
|
||||
|
||||
|
@ -819,7 +811,7 @@ process_remove_smartcard_key(SocketEntry *e)
|
|||
|
||||
if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
goto send;
|
||||
}
|
||||
free(pin);
|
||||
|
@ -830,7 +822,7 @@ process_remove_smartcard_key(SocketEntry *e)
|
|||
goto send;
|
||||
}
|
||||
|
||||
debug("%s: remove %.100s", __func__, canonical_provider);
|
||||
debug_f("remove %.100s", canonical_provider);
|
||||
for (id = TAILQ_FIRST(&idtab->idlist); id; id = nxt) {
|
||||
nxt = TAILQ_NEXT(id, next);
|
||||
/* Skip file--based keys */
|
||||
|
@ -845,7 +837,7 @@ process_remove_smartcard_key(SocketEntry *e)
|
|||
if (pkcs11_del_provider(canonical_provider) == 0)
|
||||
success = 1;
|
||||
else
|
||||
error("%s: pkcs11_del_provider failed", __func__);
|
||||
error_f("pkcs11_del_provider failed");
|
||||
send:
|
||||
free(provider);
|
||||
send_status(e, success);
|
||||
|
@ -865,10 +857,8 @@ process_message(u_int socknum)
|
|||
int r;
|
||||
SocketEntry *e;
|
||||
|
||||
if (socknum >= sockets_alloc) {
|
||||
fatal("%s: socket number %u >= allocated %u",
|
||||
__func__, socknum, sockets_alloc);
|
||||
}
|
||||
if (socknum >= sockets_alloc)
|
||||
fatal_f("sock %u >= allocated %u", socknum, sockets_alloc);
|
||||
e = &sockets[socknum];
|
||||
|
||||
if (sshbuf_len(e->input) < 5)
|
||||
|
@ -876,8 +866,8 @@ process_message(u_int socknum)
|
|||
cp = sshbuf_ptr(e->input);
|
||||
msg_len = PEEK_U32(cp);
|
||||
if (msg_len > AGENT_MAX_LEN) {
|
||||
debug("%s: socket %u (fd=%d) message too long %u > %u",
|
||||
__func__, socknum, e->fd, msg_len, AGENT_MAX_LEN);
|
||||
debug_f("socket %u (fd=%d) message too long %u > %u",
|
||||
socknum, e->fd, msg_len, AGENT_MAX_LEN);
|
||||
return -1;
|
||||
}
|
||||
if (sshbuf_len(e->input) < msg_len + 4)
|
||||
|
@ -889,13 +879,13 @@ process_message(u_int socknum)
|
|||
(r = sshbuf_get_u8(e->request, &type)) != 0) {
|
||||
if (r == SSH_ERR_MESSAGE_INCOMPLETE ||
|
||||
r == SSH_ERR_STRING_TOO_LARGE) {
|
||||
debug("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
return -1;
|
||||
}
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
}
|
||||
|
||||
debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type);
|
||||
debug_f("socket %u (fd=%d) type %d", socknum, e->fd, type);
|
||||
|
||||
/* check whether agent is locked */
|
||||
if (locked && type != SSH_AGENTC_UNLOCK) {
|
||||
|
@ -969,12 +959,10 @@ new_socket(sock_type type, int fd)
|
|||
for (i = 0; i < sockets_alloc; i++)
|
||||
if (sockets[i].type == AUTH_UNUSED) {
|
||||
sockets[i].fd = fd;
|
||||
if ((sockets[i].input = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
if ((sockets[i].output = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
if ((sockets[i].request = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
if ((sockets[i].input = sshbuf_new()) == NULL ||
|
||||
(sockets[i].output = sshbuf_new()) == NULL ||
|
||||
(sockets[i].request = sshbuf_new()) == NULL)
|
||||
fatal_f("sshbuf_new failed");
|
||||
sockets[i].type = type;
|
||||
return;
|
||||
}
|
||||
|
@ -985,12 +973,10 @@ new_socket(sock_type type, int fd)
|
|||
sockets[i].type = AUTH_UNUSED;
|
||||
sockets_alloc = new_alloc;
|
||||
sockets[old_alloc].fd = fd;
|
||||
if ((sockets[old_alloc].input = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
if ((sockets[old_alloc].output = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
if ((sockets[old_alloc].request = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
if ((sockets[old_alloc].input = sshbuf_new()) == NULL ||
|
||||
(sockets[old_alloc].output = sshbuf_new()) == NULL ||
|
||||
(sockets[old_alloc].request = sshbuf_new()) == NULL)
|
||||
fatal_f("sshbuf_new failed");
|
||||
sockets[old_alloc].type = type;
|
||||
}
|
||||
|
||||
|
@ -1035,14 +1021,13 @@ handle_conn_read(u_int socknum)
|
|||
if (len == -1) {
|
||||
if (errno == EAGAIN || errno == EINTR)
|
||||
return 0;
|
||||
error("%s: read error on socket %u (fd %d): %s",
|
||||
__func__, socknum, sockets[socknum].fd,
|
||||
strerror(errno));
|
||||
error_f("read error on socket %u (fd %d): %s",
|
||||
socknum, sockets[socknum].fd, strerror(errno));
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
if ((r = sshbuf_put(sockets[socknum].input, buf, len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
for (;;) {
|
||||
if ((r = process_message(socknum)) == -1)
|
||||
|
@ -1067,14 +1052,13 @@ handle_conn_write(u_int socknum)
|
|||
if (len == -1) {
|
||||
if (errno == EAGAIN || errno == EINTR)
|
||||
return 0;
|
||||
error("%s: read error on socket %u (fd %d): %s",
|
||||
__func__, socknum, sockets[socknum].fd,
|
||||
strerror(errno));
|
||||
error_f("read error on socket %u (fd %d): %s",
|
||||
socknum, sockets[socknum].fd, strerror(errno));
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
if ((r = sshbuf_consume(sockets[socknum].output, len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "consume");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1096,7 +1080,7 @@ after_poll(struct pollfd *pfd, size_t npfd, u_int maxfds)
|
|||
break;
|
||||
}
|
||||
if (socknum >= sockets_alloc) {
|
||||
error("%s: no socket for fd %d", __func__, pfd[i].fd);
|
||||
error_f("no socket for fd %d", pfd[i].fd);
|
||||
continue;
|
||||
}
|
||||
/* Process events */
|
||||
|
@ -1157,7 +1141,7 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds)
|
|||
}
|
||||
if (npfd != *npfdp &&
|
||||
(pfd = recallocarray(pfd, *npfdp, npfd, sizeof(*pfd))) == NULL)
|
||||
fatal("%s: recallocarray failed", __func__);
|
||||
fatal_f("recallocarray failed");
|
||||
*pfdp = pfd;
|
||||
*npfdp = npfd;
|
||||
|
||||
|
@ -1186,10 +1170,8 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds)
|
|||
(r = sshbuf_check_reserve(sockets[i].output,
|
||||
AGENT_MAX_LEN)) == 0)
|
||||
pfd[j].events = POLLIN;
|
||||
else if (r != SSH_ERR_NO_BUFFER_SPACE) {
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
else if (r != SSH_ERR_NO_BUFFER_SPACE)
|
||||
fatal_fr(r, "reserve");
|
||||
if (sshbuf_len(sockets[i].output) > 0)
|
||||
pfd[j].events |= POLLOUT;
|
||||
j++;
|
||||
|
@ -1218,7 +1200,7 @@ cleanup_socket(void)
|
|||
{
|
||||
if (cleanup_pid != 0 && getpid() != cleanup_pid)
|
||||
return;
|
||||
debug("%s: cleanup", __func__);
|
||||
debug_f("cleanup");
|
||||
if (socket_name[0])
|
||||
unlink(socket_name);
|
||||
if (socket_dir[0])
|
||||
|
@ -1494,7 +1476,7 @@ main(int ac, char **av)
|
|||
|
||||
(void)chdir("/");
|
||||
if (stdfd_devnull(1, 1, 1) == -1)
|
||||
error("%s: stdfd_devnull failed", __func__);
|
||||
error_f("stdfd_devnull failed");
|
||||
|
||||
#ifdef HAVE_SETRLIMIT
|
||||
/* deny core dumps, since memory contains unencrypted private keys */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-ed25519-sk.c,v 1.5 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/* $OpenBSD: ssh-ed25519-sk.c,v 1.6 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -139,8 +139,7 @@ ssh_ed25519_sk_verify(const struct sshkey *key,
|
|||
}
|
||||
if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
|
||||
key->ed25519_pk)) != 0) {
|
||||
debug2("%s: crypto_sign_ed25519_open failed: %d",
|
||||
__func__, ret);
|
||||
debug2_f("crypto_sign_ed25519_open failed: %d", ret);
|
||||
}
|
||||
if (ret != 0 || mlen != smlen - len) {
|
||||
r = SSH_ERR_SIGNATURE_INVALID;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-ed25519.c,v 1.8 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/* $OpenBSD: ssh-ed25519.c,v 1.9 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
|
||||
*
|
||||
|
@ -140,8 +140,7 @@ ssh_ed25519_verify(const struct sshkey *key,
|
|||
memcpy(sm+len, data, datalen);
|
||||
if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
|
||||
key->ed25519_pk)) != 0) {
|
||||
debug2("%s: crypto_sign_ed25519_open failed: %d",
|
||||
__func__, ret);
|
||||
debug2_f("crypto_sign_ed25519_open failed: %d", ret);
|
||||
}
|
||||
if (ret != 0 || mlen != datalen) {
|
||||
r = SSH_ERR_SIGNATURE_INVALID;
|
||||
|
|
304
ssh-keygen.c
304
ssh-keygen.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-keygen.c,v 1.420 2020/09/09 03:08:01 djm Exp $ */
|
||||
/* $OpenBSD: ssh-keygen.c,v 1.421 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -321,7 +321,7 @@ load_identity(const char *filename, char **commentp)
|
|||
if ((r = sshkey_load_private(filename, "", &prv, commentp)) == 0)
|
||||
return prv;
|
||||
if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
|
||||
fatal("Load key \"%s\": %s", filename, ssh_err(r));
|
||||
fatal_r(r, "Load key \"%s\"", filename);
|
||||
if (identity_passphrase)
|
||||
pass = xstrdup(identity_passphrase);
|
||||
else
|
||||
|
@ -329,7 +329,7 @@ load_identity(const char *filename, char **commentp)
|
|||
r = sshkey_load_private(filename, pass, &prv, commentp);
|
||||
freezero(pass, strlen(pass));
|
||||
if (r != 0)
|
||||
fatal("Load key \"%s\": %s", filename, ssh_err(r));
|
||||
fatal_r(r, "Load key \"%s\"", filename);
|
||||
return prv;
|
||||
}
|
||||
|
||||
|
@ -347,11 +347,11 @@ do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
|
|||
int r;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshkey_putb(k, b)) != 0)
|
||||
fatal("key_to_blob failed: %s", ssh_err(r));
|
||||
fatal_fr(r, "put key");
|
||||
if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL)
|
||||
fatal("%s: sshbuf_dtob64_string failed", __func__);
|
||||
fatal_f("sshbuf_dtob64_string failed");
|
||||
|
||||
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
|
||||
snprintf(comment, sizeof(comment),
|
||||
|
@ -388,7 +388,7 @@ do_convert_to_pkcs8(struct sshkey *k)
|
|||
break;
|
||||
#endif
|
||||
default:
|
||||
fatal("%s: unsupported key type %s", __func__, sshkey_type(k));
|
||||
fatal_f("unsupported key type %s", sshkey_type(k));
|
||||
}
|
||||
exit(0);
|
||||
}
|
||||
|
@ -412,7 +412,7 @@ do_convert_to_pem(struct sshkey *k)
|
|||
break;
|
||||
#endif
|
||||
default:
|
||||
fatal("%s: unsupported key type %s", __func__, sshkey_type(k));
|
||||
fatal_f("unsupported key type %s", sshkey_type(k));
|
||||
}
|
||||
exit(0);
|
||||
}
|
||||
|
@ -441,7 +441,7 @@ do_convert_to(struct passwd *pw)
|
|||
do_convert_to_pem(k);
|
||||
break;
|
||||
default:
|
||||
fatal("%s: unknown key format %d", __func__, convert_format);
|
||||
fatal_f("unknown key format %d", convert_format);
|
||||
}
|
||||
exit(0);
|
||||
}
|
||||
|
@ -457,15 +457,15 @@ buffer_get_bignum_bits(struct sshbuf *b, BIGNUM *value)
|
|||
int r;
|
||||
|
||||
if ((r = sshbuf_get_u32(b, &bignum_bits)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
bytes = (bignum_bits + 7) / 8;
|
||||
if (sshbuf_len(b) < bytes)
|
||||
fatal("%s: input buffer too small: need %d have %zu",
|
||||
__func__, bytes, sshbuf_len(b));
|
||||
fatal_f("input buffer too small: need %d have %zu",
|
||||
bytes, sshbuf_len(b));
|
||||
if (BN_bin2bn(sshbuf_ptr(b), bytes, value) == NULL)
|
||||
fatal("%s: BN_bin2bn failed", __func__);
|
||||
fatal_f("BN_bin2bn failed");
|
||||
if ((r = sshbuf_consume(b, bytes)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "consume");
|
||||
}
|
||||
|
||||
static struct sshkey *
|
||||
|
@ -484,7 +484,7 @@ do_convert_private_ssh2(struct sshbuf *b)
|
|||
BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
|
||||
|
||||
if ((r = sshbuf_get_u32(b, &magic)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse magic");
|
||||
|
||||
if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
|
||||
error("bad magic 0x%x != 0x%x", magic,
|
||||
|
@ -497,7 +497,7 @@ do_convert_private_ssh2(struct sshbuf *b)
|
|||
(r = sshbuf_get_u32(b, &i2)) != 0 ||
|
||||
(r = sshbuf_get_u32(b, &i3)) != 0 ||
|
||||
(r = sshbuf_get_u32(b, &i4)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
|
||||
if (strcmp(cipher, "none") != 0) {
|
||||
error("unsupported cipher %s", cipher);
|
||||
|
@ -526,24 +526,24 @@ do_convert_private_ssh2(struct sshbuf *b)
|
|||
(dsa_g = BN_new()) == NULL ||
|
||||
(dsa_pub_key = BN_new()) == NULL ||
|
||||
(dsa_priv_key = BN_new()) == NULL)
|
||||
fatal("%s: BN_new", __func__);
|
||||
fatal_f("BN_new");
|
||||
buffer_get_bignum_bits(b, dsa_p);
|
||||
buffer_get_bignum_bits(b, dsa_g);
|
||||
buffer_get_bignum_bits(b, dsa_q);
|
||||
buffer_get_bignum_bits(b, dsa_pub_key);
|
||||
buffer_get_bignum_bits(b, dsa_priv_key);
|
||||
if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g))
|
||||
fatal("%s: DSA_set0_pqg failed", __func__);
|
||||
fatal_f("DSA_set0_pqg failed");
|
||||
dsa_p = dsa_q = dsa_g = NULL; /* transferred */
|
||||
if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key))
|
||||
fatal("%s: DSA_set0_key failed", __func__);
|
||||
fatal_f("DSA_set0_key failed");
|
||||
dsa_pub_key = dsa_priv_key = NULL; /* transferred */
|
||||
break;
|
||||
case KEY_RSA:
|
||||
if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
|
||||
(e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) ||
|
||||
(e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0))
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse RSA");
|
||||
e = e1;
|
||||
debug("e %lx", e);
|
||||
if (e < 30) {
|
||||
|
@ -555,7 +555,7 @@ do_convert_private_ssh2(struct sshbuf *b)
|
|||
debug("e %lx", e);
|
||||
}
|
||||
if ((rsa_e = BN_new()) == NULL)
|
||||
fatal("%s: BN_new", __func__);
|
||||
fatal_f("BN_new");
|
||||
if (!BN_set_word(rsa_e, e)) {
|
||||
BN_clear_free(rsa_e);
|
||||
sshkey_free(key);
|
||||
|
@ -566,26 +566,26 @@ do_convert_private_ssh2(struct sshbuf *b)
|
|||
(rsa_p = BN_new()) == NULL ||
|
||||
(rsa_q = BN_new()) == NULL ||
|
||||
(rsa_iqmp = BN_new()) == NULL)
|
||||
fatal("%s: BN_new", __func__);
|
||||
fatal_f("BN_new");
|
||||
buffer_get_bignum_bits(b, rsa_d);
|
||||
buffer_get_bignum_bits(b, rsa_n);
|
||||
buffer_get_bignum_bits(b, rsa_iqmp);
|
||||
buffer_get_bignum_bits(b, rsa_q);
|
||||
buffer_get_bignum_bits(b, rsa_p);
|
||||
if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d))
|
||||
fatal("%s: RSA_set0_key failed", __func__);
|
||||
fatal_f("RSA_set0_key failed");
|
||||
rsa_n = rsa_e = rsa_d = NULL; /* transferred */
|
||||
if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q))
|
||||
fatal("%s: RSA_set0_factors failed", __func__);
|
||||
fatal_f("RSA_set0_factors failed");
|
||||
rsa_p = rsa_q = NULL; /* transferred */
|
||||
if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
|
||||
fatal("generate RSA parameters failed: %s", ssh_err(r));
|
||||
fatal_fr(r, "generate RSA parameters");
|
||||
BN_clear_free(rsa_iqmp);
|
||||
break;
|
||||
}
|
||||
rlen = sshbuf_len(b);
|
||||
if (rlen != 0)
|
||||
error("%s: remaining bytes in key blob %d", __func__, rlen);
|
||||
error_f("remaining bytes in key blob %d", rlen);
|
||||
|
||||
/* try the key */
|
||||
if (sshkey_sign(key, &sig, &slen, data, sizeof(data),
|
||||
|
@ -668,12 +668,12 @@ do_convert_from_ssh2(struct passwd *pw, struct sshkey **k, int *private)
|
|||
(encoded[len-3] == '='))
|
||||
encoded[len-3] = '\0';
|
||||
if ((r = sshbuf_b64tod(buf, encoded)) != 0)
|
||||
fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "base64 decode");
|
||||
if (*private) {
|
||||
if ((*k = do_convert_private_ssh2(buf)) == NULL)
|
||||
fatal("%s: private key conversion failed", __func__);
|
||||
fatal_f("private key conversion failed");
|
||||
} else if ((r = sshkey_fromb(buf, k)) != 0)
|
||||
fatal("decode blob failed: %s", ssh_err(r));
|
||||
fatal_fr(r, "parse key");
|
||||
sshbuf_free(buf);
|
||||
fclose(fp);
|
||||
}
|
||||
|
@ -687,7 +687,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private)
|
|||
if ((fp = fopen(identity_file, "r")) == NULL)
|
||||
fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
|
||||
if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
|
||||
fatal("%s: %s is not a recognised public key format", __func__,
|
||||
fatal_f("%s is not a recognised public key format",
|
||||
identity_file);
|
||||
}
|
||||
fclose(fp);
|
||||
|
@ -714,7 +714,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private)
|
|||
break;
|
||||
#endif
|
||||
default:
|
||||
fatal("%s: unsupported pubkey type %d", __func__,
|
||||
fatal_f("unsupported pubkey type %d",
|
||||
EVP_PKEY_base_id(pubkey));
|
||||
}
|
||||
EVP_PKEY_free(pubkey);
|
||||
|
@ -737,7 +737,7 @@ do_convert_from_pem(struct sshkey **k, int *private)
|
|||
fclose(fp);
|
||||
return;
|
||||
}
|
||||
fatal("%s: unrecognised raw private key format", __func__);
|
||||
fatal_f("unrecognised raw private key format");
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -763,7 +763,7 @@ do_convert_from(struct passwd *pw)
|
|||
do_convert_from_pem(&k, &private);
|
||||
break;
|
||||
default:
|
||||
fatal("%s: unknown key format %d", __func__, convert_format);
|
||||
fatal_f("unknown key format %d", convert_format);
|
||||
}
|
||||
|
||||
if (!private) {
|
||||
|
@ -788,8 +788,7 @@ do_convert_from(struct passwd *pw)
|
|||
NULL, 0, NULL, NULL);
|
||||
break;
|
||||
default:
|
||||
fatal("%s: unsupported key type %s", __func__,
|
||||
sshkey_type(k));
|
||||
fatal_f("unsupported key type %s", sshkey_type(k));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -814,7 +813,7 @@ do_print_public(struct passwd *pw)
|
|||
fatal("%s: %s", identity_file, strerror(errno));
|
||||
prv = load_identity(identity_file, &comment);
|
||||
if ((r = sshkey_write(prv, stdout)) != 0)
|
||||
error("sshkey_write failed: %s", ssh_err(r));
|
||||
fatal_fr(r, "write key");
|
||||
if (comment != NULL && *comment != '\0')
|
||||
fprintf(stdout, " %s", comment);
|
||||
fprintf(stdout, "\n");
|
||||
|
@ -850,7 +849,7 @@ do_download(struct passwd *pw)
|
|||
ra = sshkey_fingerprint(keys[i], fingerprint_hash,
|
||||
SSH_FP_RANDOMART);
|
||||
if (fp == NULL || ra == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
|
||||
fp, sshkey_type(keys[i]));
|
||||
if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
|
||||
|
@ -901,7 +900,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment)
|
|||
fp = sshkey_fingerprint(public, fptype, rep);
|
||||
ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
|
||||
if (fp == NULL || ra == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed", __func__);
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
|
||||
comment ? comment : "no comment", sshkey_type(public));
|
||||
if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
|
||||
|
@ -921,12 +920,12 @@ fingerprint_private(const char *path)
|
|||
if (stat(identity_file, &st) == -1)
|
||||
fatal("%s: %s", path, strerror(errno));
|
||||
if ((r = sshkey_load_public(path, &pubkey, &comment)) != 0)
|
||||
debug("load public \"%s\": %s", path, ssh_err(r));
|
||||
debug_r(r, "load public \"%s\"", path);
|
||||
if (pubkey == NULL || comment == NULL || *comment == '\0') {
|
||||
free(comment);
|
||||
if ((r = sshkey_load_private(path, NULL,
|
||||
&privkey, &comment)) != 0)
|
||||
debug("load private \"%s\": %s", path, ssh_err(r));
|
||||
debug_r(r, "load private \"%s\"", path);
|
||||
}
|
||||
if (pubkey == NULL && privkey == NULL)
|
||||
fatal("%s is not a key file.", path);
|
||||
|
@ -1106,18 +1105,17 @@ do_gen_all_hostkeys(struct passwd *pw)
|
|||
bits = 0;
|
||||
type_bits_valid(type, NULL, &bits);
|
||||
if ((r = sshkey_generate(type, bits, &private)) != 0) {
|
||||
error("sshkey_generate failed: %s", ssh_err(r));
|
||||
error_r(r, "sshkey_generate failed");
|
||||
goto failnext;
|
||||
}
|
||||
if ((r = sshkey_from_private(private, &public)) != 0)
|
||||
fatal("sshkey_from_private failed: %s", ssh_err(r));
|
||||
fatal_fr(r, "sshkey_from_private");
|
||||
snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
|
||||
hostname);
|
||||
if ((r = sshkey_save_private(private, prv_tmp, "",
|
||||
comment, private_key_format, openssh_format_cipher,
|
||||
rounds)) != 0) {
|
||||
error("Saving key \"%s\" failed: %s",
|
||||
prv_tmp, ssh_err(r));
|
||||
error_r(r, "Saving key \"%s\" failed", prv_tmp);
|
||||
goto failnext;
|
||||
}
|
||||
if ((fd = mkstemp(pub_tmp)) == -1) {
|
||||
|
@ -1128,8 +1126,8 @@ do_gen_all_hostkeys(struct passwd *pw)
|
|||
(void)fchmod(fd, 0644);
|
||||
(void)close(fd);
|
||||
if ((r = sshkey_save_public(public, pub_tmp, comment)) != 0) {
|
||||
fatal("Unable to save public key to %s: %s",
|
||||
identity_file, ssh_err(r));
|
||||
error_r(r, "Unable to save public key to %s",
|
||||
identity_file);
|
||||
goto failnext;
|
||||
}
|
||||
|
||||
|
@ -1263,8 +1261,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
|
|||
ra = sshkey_fingerprint(l->key,
|
||||
fingerprint_hash, SSH_FP_RANDOMART);
|
||||
if (fp == NULL || ra == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed",
|
||||
__func__);
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
mprintf("%s %s %s%s%s\n", ctx->host,
|
||||
sshkey_type(l->key), fp,
|
||||
l->comment[0] ? " " : "",
|
||||
|
@ -1345,7 +1342,7 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
|
|||
foreach_options)) != 0) {
|
||||
if (inplace)
|
||||
unlink(tmp);
|
||||
fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "hostkeys_foreach");
|
||||
}
|
||||
|
||||
if (inplace)
|
||||
|
@ -1424,7 +1421,7 @@ do_change_passphrase(struct passwd *pw)
|
|||
goto badkey;
|
||||
} else if (r != 0) {
|
||||
badkey:
|
||||
fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
|
||||
fatal_r(r, "Failed to load key %s", identity_file);
|
||||
}
|
||||
if (comment)
|
||||
mprintf("Key has comment '%s'\n", comment);
|
||||
|
@ -1456,8 +1453,7 @@ do_change_passphrase(struct passwd *pw)
|
|||
/* Save the file using the new passphrase. */
|
||||
if ((r = sshkey_save_private(private, identity_file, passphrase1,
|
||||
comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
|
||||
error("Saving key \"%s\" failed: %s.",
|
||||
identity_file, ssh_err(r));
|
||||
error_r(r, "Saving key \"%s\" failed", identity_file);
|
||||
freezero(passphrase1, strlen(passphrase1));
|
||||
sshkey_free(private);
|
||||
free(comment);
|
||||
|
@ -1485,15 +1481,14 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname,
|
|||
int r;
|
||||
|
||||
if (fname == NULL)
|
||||
fatal("%s: no filename", __func__);
|
||||
fatal_f("no filename");
|
||||
if (stat(fname, &st) == -1) {
|
||||
if (errno == ENOENT)
|
||||
return 0;
|
||||
fatal("%s: %s", fname, strerror(errno));
|
||||
}
|
||||
if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
|
||||
fatal("Failed to read v2 public key from \"%s\": %s.",
|
||||
fname, ssh_err(r));
|
||||
fatal_r(r, "Failed to read v2 public key from \"%s\"", fname);
|
||||
export_dns_rr(hname, public, stdout, print_generic);
|
||||
sshkey_free(public);
|
||||
free(comment);
|
||||
|
@ -1520,8 +1515,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
|
|||
&private, &comment)) == 0)
|
||||
passphrase = xstrdup("");
|
||||
else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
|
||||
fatal("Cannot load private key \"%s\": %s.",
|
||||
identity_file, ssh_err(r));
|
||||
fatal_r(r, "Cannot load private key \"%s\"", identity_file);
|
||||
else {
|
||||
if (identity_passphrase)
|
||||
passphrase = xstrdup(identity_passphrase);
|
||||
|
@ -1534,8 +1528,8 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
|
|||
if ((r = sshkey_load_private(identity_file, passphrase,
|
||||
&private, &comment)) != 0) {
|
||||
freezero(passphrase, strlen(passphrase));
|
||||
fatal("Cannot load private key \"%s\": %s.",
|
||||
identity_file, ssh_err(r));
|
||||
fatal_r(r, "Cannot load private key \"%s\"",
|
||||
identity_file);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1576,8 +1570,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
|
|||
if ((r = sshkey_save_private(private, identity_file, passphrase,
|
||||
new_comment, private_key_format, openssh_format_cipher,
|
||||
rounds)) != 0) {
|
||||
error("Saving key \"%s\" failed: %s",
|
||||
identity_file, ssh_err(r));
|
||||
error_r(r, "Saving key \"%s\" failed", identity_file);
|
||||
freezero(passphrase, strlen(passphrase));
|
||||
sshkey_free(private);
|
||||
free(comment);
|
||||
|
@ -1585,14 +1578,12 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
|
|||
}
|
||||
freezero(passphrase, strlen(passphrase));
|
||||
if ((r = sshkey_from_private(private, &public)) != 0)
|
||||
fatal("sshkey_from_private failed: %s", ssh_err(r));
|
||||
fatal_fr(r, "sshkey_from_private");
|
||||
sshkey_free(private);
|
||||
|
||||
strlcat(identity_file, ".pub", sizeof(identity_file));
|
||||
if ((r = sshkey_save_public(public, identity_file, new_comment)) != 0) {
|
||||
fatal("Unable to save public key to %s: %s",
|
||||
identity_file, ssh_err(r));
|
||||
}
|
||||
if ((r = sshkey_save_public(public, identity_file, new_comment)) != 0)
|
||||
fatal_r(r, "Unable to save public key to %s", identity_file);
|
||||
sshkey_free(public);
|
||||
free(comment);
|
||||
|
||||
|
@ -1644,7 +1635,7 @@ prepare_options_buf(struct sshbuf *c, int which)
|
|||
const struct cert_ext *ext;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
sshbuf_reset(c);
|
||||
for (i = 0; i < ncert_ext; i++) {
|
||||
ext = &cert_ext[i];
|
||||
|
@ -1653,18 +1644,18 @@ prepare_options_buf(struct sshbuf *c, int which)
|
|||
continue;
|
||||
if (ext->val == NULL) {
|
||||
/* flag option */
|
||||
debug3("%s: %s", __func__, ext->key);
|
||||
debug3_f("%s", ext->key);
|
||||
if ((r = sshbuf_put_cstring(c, ext->key)) != 0 ||
|
||||
(r = sshbuf_put_string(c, NULL, 0)) != 0)
|
||||
fatal("%s: buffer: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "prepare flag");
|
||||
} else {
|
||||
/* key/value option */
|
||||
debug3("%s: %s=%s", __func__, ext->key, ext->val);
|
||||
debug3_f("%s=%s", ext->key, ext->val);
|
||||
sshbuf_reset(b);
|
||||
if ((r = sshbuf_put_cstring(c, ext->key)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, ext->val)) != 0 ||
|
||||
(r = sshbuf_put_stringb(c, b)) != 0)
|
||||
fatal("%s: buffer: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "prepare k/v");
|
||||
}
|
||||
}
|
||||
sshbuf_free(b);
|
||||
|
@ -1704,12 +1695,11 @@ load_pkcs11_key(char *path)
|
|||
int r, i, nkeys;
|
||||
|
||||
if ((r = sshkey_load_public(path, &public, NULL)) != 0)
|
||||
fatal("Couldn't load CA public key \"%s\": %s",
|
||||
path, ssh_err(r));
|
||||
fatal_r(r, "Couldn't load CA public key \"%s\"", path);
|
||||
|
||||
nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase,
|
||||
&keys, NULL);
|
||||
debug3("%s: %d keys", __func__, nkeys);
|
||||
debug3_f("%d keys", nkeys);
|
||||
if (nkeys <= 0)
|
||||
fatal("cannot read public key from pkcs11");
|
||||
for (i = 0; i < nkeys; i++) {
|
||||
|
@ -1769,13 +1759,11 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
|
|||
* agent.
|
||||
*/
|
||||
if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0)
|
||||
fatal("Cannot load CA public key %s: %s",
|
||||
tmp, ssh_err(r));
|
||||
fatal_r(r, "Cannot load CA public key %s", tmp);
|
||||
if ((r = ssh_get_authentication_socket(&agent_fd)) != 0)
|
||||
fatal("Cannot use public key for CA signature: %s",
|
||||
ssh_err(r));
|
||||
fatal_r(r, "Cannot use public key for CA signature");
|
||||
if ((r = ssh_fetch_identitylist(agent_fd, &agent_ids)) != 0)
|
||||
fatal("Retrieve agent key list: %s", ssh_err(r));
|
||||
fatal_r(r, "Retrieve agent key list");
|
||||
found = 0;
|
||||
for (j = 0; j < agent_ids->nkeys; j++) {
|
||||
if (sshkey_equal(ca, agent_ids->keys[j])) {
|
||||
|
@ -1794,7 +1782,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
|
|||
(ca->sk_flags & SSH_SK_USER_VERIFICATION_REQD)) {
|
||||
if ((pin = read_passphrase("Enter PIN for CA key: ",
|
||||
RP_ALLOW_STDIN)) == NULL)
|
||||
fatal("%s: couldn't read PIN", __func__);
|
||||
fatal_f("couldn't read PIN");
|
||||
}
|
||||
}
|
||||
free(tmp);
|
||||
|
@ -1829,16 +1817,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
|
|||
|
||||
tmp = tilde_expand_filename(argv[i], pw->pw_uid);
|
||||
if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)
|
||||
fatal("%s: unable to open \"%s\": %s",
|
||||
__func__, tmp, ssh_err(r));
|
||||
fatal_r(r, "load pubkey \"%s\"", tmp);
|
||||
if (sshkey_is_cert(public))
|
||||
fatal("%s: key \"%s\" type %s cannot be certified",
|
||||
__func__, tmp, sshkey_type(public));
|
||||
fatal_f("key \"%s\" type %s cannot be certified",
|
||||
tmp, sshkey_type(public));
|
||||
|
||||
/* Prepare certificate to sign */
|
||||
if ((r = sshkey_to_certified(public)) != 0)
|
||||
fatal("Could not upgrade key %s to certificate: %s",
|
||||
tmp, ssh_err(r));
|
||||
fatal_r(r, "Could not upgrade key %s to certificate", tmp);
|
||||
public->cert->type = cert_key_type;
|
||||
public->cert->serial = (u_int64_t)cert_serial;
|
||||
public->cert->key_id = xstrdup(cert_key_id);
|
||||
|
@ -1851,14 +1837,13 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
|
|||
OPTIONS_EXTENSIONS);
|
||||
if ((r = sshkey_from_private(ca,
|
||||
&public->cert->signature_key)) != 0)
|
||||
fatal("sshkey_from_private (ca key): %s", ssh_err(r));
|
||||
fatal_r(r, "sshkey_from_private (ca key)");
|
||||
|
||||
if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) {
|
||||
if ((r = sshkey_certify_custom(public, ca,
|
||||
key_type_name, sk_provider, NULL, agent_signer,
|
||||
&agent_fd)) != 0)
|
||||
fatal("Couldn't certify key %s via agent: %s",
|
||||
tmp, ssh_err(r));
|
||||
fatal_r(r, "Couldn't certify %s via agent", tmp);
|
||||
} else {
|
||||
if (sshkey_is_sk(ca) &&
|
||||
(ca->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
|
||||
|
@ -1870,8 +1855,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
|
|||
sk_provider, pin);
|
||||
notify_complete(notifier);
|
||||
if (r != 0)
|
||||
fatal("Couldn't certify key %s: %s",
|
||||
tmp, ssh_err(r));
|
||||
fatal_r(r, "Couldn't certify key %s", tmp);
|
||||
}
|
||||
|
||||
if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
|
||||
|
@ -1880,8 +1864,8 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
|
|||
free(tmp);
|
||||
|
||||
if ((r = sshkey_save_public(public, out, comment)) != 0) {
|
||||
fatal("Unable to save public key to %s: %s",
|
||||
identity_file, ssh_err(r));
|
||||
fatal_r(r, "Unable to save public key to %s",
|
||||
identity_file);
|
||||
}
|
||||
|
||||
if (!quiet) {
|
||||
|
@ -2041,13 +2025,13 @@ show_options(struct sshbuf *optbuf, int in_critical)
|
|||
int r;
|
||||
|
||||
if ((options = sshbuf_fromb(optbuf)) == NULL)
|
||||
fatal("%s: sshbuf_fromb failed", __func__);
|
||||
fatal_f("sshbuf_fromb failed");
|
||||
while (sshbuf_len(options) != 0) {
|
||||
sshbuf_free(option);
|
||||
option = NULL;
|
||||
if ((r = sshbuf_get_cstring(options, &name, NULL)) != 0 ||
|
||||
(r = sshbuf_froms(options, &option)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse option");
|
||||
printf(" %s", name);
|
||||
if (!in_critical &&
|
||||
(strcmp(name, "permit-X11-forwarding") == 0 ||
|
||||
|
@ -2061,8 +2045,7 @@ show_options(struct sshbuf *optbuf, int in_critical)
|
|||
(strcmp(name, "force-command") == 0 ||
|
||||
strcmp(name, "source-address") == 0)) {
|
||||
if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse critical");
|
||||
printf(" %s\n", arg);
|
||||
free(arg);
|
||||
} else if (sshbuf_len(option) > 0) {
|
||||
|
@ -2091,7 +2074,7 @@ print_cert(struct sshkey *key)
|
|||
ca_fp = sshkey_fingerprint(key->cert->signature_key,
|
||||
fingerprint_hash, SSH_FP_DEFAULT);
|
||||
if (key_fp == NULL || ca_fp == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
sshkey_format_cert_validity(key->cert, valid, sizeof(valid));
|
||||
|
||||
printf(" Type: %s %s certificate\n", sshkey_ssh_name(key),
|
||||
|
@ -2164,8 +2147,7 @@ do_show_cert(struct passwd *pw)
|
|||
if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
|
||||
fatal("sshkey_new");
|
||||
if ((r = sshkey_read(key, &cp)) != 0) {
|
||||
error("%s:%lu: invalid key: %s", path,
|
||||
lnum, ssh_err(r));
|
||||
error_r(r, "%s:%lu: invalid key", path, lnum);
|
||||
continue;
|
||||
}
|
||||
if (!sshkey_is_cert(key)) {
|
||||
|
@ -2192,11 +2174,11 @@ load_krl(const char *path, struct ssh_krl **krlp)
|
|||
int r;
|
||||
|
||||
if ((r = sshbuf_load_file(path, &krlbuf)) != 0)
|
||||
fatal("Unable to load KRL: %s", ssh_err(r));
|
||||
fatal_r(r, "Unable to load KRL %s", path);
|
||||
/* XXX check sigs */
|
||||
if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 ||
|
||||
*krlp == NULL)
|
||||
fatal("Invalid KRL file: %s", ssh_err(r));
|
||||
fatal_r(r, "Invalid KRL file %s", path);
|
||||
sshbuf_free(krlbuf);
|
||||
}
|
||||
|
||||
|
@ -2225,9 +2207,9 @@ hash_to_blob(const char *cp, u_char **blobp, size_t *lenp,
|
|||
tmp[tlen] = '\0';
|
||||
}
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_b64tod(b, tmp)) != 0)
|
||||
fatal("%s:%lu: decode hash failed: %s", file, lnum, ssh_err(r));
|
||||
fatal_r(r, "%s:%lu: decode hash failed", file, lnum);
|
||||
free(tmp);
|
||||
*lenp = sshbuf_len(b);
|
||||
*blobp = xmalloc(*lenp);
|
||||
|
@ -2313,8 +2295,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
|
|||
}
|
||||
if (ssh_krl_revoke_cert_by_serial_range(krl,
|
||||
ca, serial, serial2) != 0) {
|
||||
fatal("%s: revoke serial failed",
|
||||
__func__);
|
||||
fatal_f("revoke serial failed");
|
||||
}
|
||||
} else if (strncasecmp(cp, "id:", 3) == 0) {
|
||||
if (ca == NULL && !wild_ca) {
|
||||
|
@ -2324,15 +2305,14 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
|
|||
cp += 3;
|
||||
cp = cp + strspn(cp, " \t");
|
||||
if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0)
|
||||
fatal("%s: revoke key ID failed", __func__);
|
||||
fatal_f("revoke key ID failed");
|
||||
} else if (strncasecmp(cp, "hash:", 5) == 0) {
|
||||
cp += 5;
|
||||
cp = cp + strspn(cp, " \t");
|
||||
hash_to_blob(cp, &blob, &blen, file, lnum);
|
||||
r = ssh_krl_revoke_key_sha256(krl, blob, blen);
|
||||
if (r != 0)
|
||||
fatal("%s: revoke key failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "revoke key failed");
|
||||
} else {
|
||||
if (strncasecmp(cp, "key:", 4) == 0) {
|
||||
cp += 4;
|
||||
|
@ -2354,8 +2334,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
|
|||
if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
|
||||
fatal("sshkey_new");
|
||||
if ((r = sshkey_read(key, &cp)) != 0)
|
||||
fatal("%s:%lu: invalid key: %s",
|
||||
path, lnum, ssh_err(r));
|
||||
fatal_r(r, "%s:%lu: invalid key", path, lnum);
|
||||
if (was_explicit_key)
|
||||
r = ssh_krl_revoke_key_explicit(krl, key);
|
||||
else if (was_sha1) {
|
||||
|
@ -2375,8 +2354,7 @@ update_krl_from_file(struct passwd *pw, const char *file, int wild_ca,
|
|||
} else
|
||||
r = ssh_krl_revoke_key(krl, key);
|
||||
if (r != 0)
|
||||
fatal("%s: revoke key failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "revoke key failed");
|
||||
freezero(blob, blen);
|
||||
blob = NULL;
|
||||
blen = 0;
|
||||
|
@ -2416,8 +2394,7 @@ do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path,
|
|||
else {
|
||||
tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
|
||||
if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0)
|
||||
fatal("Cannot load CA public key %s: %s",
|
||||
tmp, ssh_err(r));
|
||||
fatal_r(r, "Cannot load CA public key %s", tmp);
|
||||
free(tmp);
|
||||
}
|
||||
}
|
||||
|
@ -2461,8 +2438,7 @@ do_check_krl(struct passwd *pw, int print_krl, int argc, char **argv)
|
|||
krl_dump(krl, stdout);
|
||||
for (i = 0; i < argc; i++) {
|
||||
if ((r = sshkey_load_public(argv[i], &k, &comment)) != 0)
|
||||
fatal("Cannot load public key %s: %s",
|
||||
argv[i], ssh_err(r));
|
||||
fatal_r(r, "Cannot load public key %s", argv[i]);
|
||||
r = ssh_krl_check_key(krl, k);
|
||||
printf("%s%s%s%s: %s\n", argv[i],
|
||||
*comment ? " (" : "", comment, *comment ? ")" : "",
|
||||
|
@ -2496,8 +2472,8 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey)
|
|||
strcmp(privpath + plen - slen, suffixes[i]) != 0)
|
||||
continue;
|
||||
privpath[plen - slen] = '\0';
|
||||
debug("%s: %s looks like a public key, using private key "
|
||||
"path %s instead", __func__, keypath, privpath);
|
||||
debug_f("%s looks like a public key, using private key "
|
||||
"path %s instead", keypath, privpath);
|
||||
}
|
||||
if ((privkey = load_identity(privpath, NULL)) == NULL) {
|
||||
error("Couldn't load identity %s", keypath);
|
||||
|
@ -2514,12 +2490,11 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey)
|
|||
* it capable of signing.
|
||||
*/
|
||||
if ((r = sshkey_to_certified(privkey)) != 0) {
|
||||
error("%s: sshkey_to_certified: %s", __func__,
|
||||
ssh_err(r));
|
||||
error_fr(r, "sshkey_to_certified");
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_cert_copy(pubkey, privkey)) != 0) {
|
||||
error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_cert_copy");
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
@ -2553,12 +2528,12 @@ sign_one(struct sshkey *signkey, const char *filename, int fd,
|
|||
sshkey_type(signkey));
|
||||
if ((pin = read_passphrase(prompt,
|
||||
RP_ALLOW_STDIN)) == NULL)
|
||||
fatal("%s: couldn't read PIN", __func__);
|
||||
fatal_f("couldn't read PIN");
|
||||
}
|
||||
if ((signkey->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
|
||||
if ((fp = sshkey_fingerprint(signkey, fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: fingerprint failed", __func__);
|
||||
fatal_f("fingerprint failed");
|
||||
fprintf(stderr, "Confirm user presence for key %s %s\n",
|
||||
sshkey_type(signkey), fp);
|
||||
free(fp);
|
||||
|
@ -2566,15 +2541,15 @@ sign_one(struct sshkey *signkey, const char *filename, int fd,
|
|||
}
|
||||
if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, pin,
|
||||
fd, sig_namespace, &sigbuf, signer, signer_ctx)) != 0) {
|
||||
error("Signing %s failed: %s", filename, ssh_err(r));
|
||||
error_r(r, "Signing %s failed", filename);
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshsig_armor(sigbuf, &abuf)) != 0) {
|
||||
error("%s: sshsig_armor: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshsig_armor");
|
||||
goto out;
|
||||
}
|
||||
if ((asig = sshbuf_dup_string(abuf)) == NULL) {
|
||||
error("%s: buffer error", __func__);
|
||||
error_f("buffer error");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -2641,17 +2616,17 @@ sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv)
|
|||
}
|
||||
|
||||
if ((r = sshkey_load_public(keypath, &pubkey, NULL)) != 0) {
|
||||
error("Couldn't load public key %s: %s", keypath, ssh_err(r));
|
||||
error_r(r, "Couldn't load public key %s", keypath);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((r = ssh_get_authentication_socket(&agent_fd)) != 0)
|
||||
debug("Couldn't get agent socket: %s", ssh_err(r));
|
||||
debug_r(r, "Couldn't get agent socket");
|
||||
else {
|
||||
if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0)
|
||||
signer = agent_signer;
|
||||
else
|
||||
debug("Couldn't find key in agent: %s", ssh_err(r));
|
||||
debug_r(r, "Couldn't find key in agent");
|
||||
}
|
||||
|
||||
if (signer == NULL) {
|
||||
|
@ -2707,12 +2682,12 @@ sig_verify(const char *signature, const char *sig_namespace,
|
|||
|
||||
memset(&sig_details, 0, sizeof(sig_details));
|
||||
if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
|
||||
error("Couldn't read signature file: %s", ssh_err(r));
|
||||
error_r(r, "Couldn't read signature file");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) {
|
||||
error("%s: sshsig_armor: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshsig_armor");
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace,
|
||||
|
@ -2721,26 +2696,25 @@ sig_verify(const char *signature, const char *sig_namespace,
|
|||
|
||||
if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed", __func__);
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
debug("Valid (unverified) signature from key %s", fp);
|
||||
if (sig_details != NULL) {
|
||||
debug2("%s: signature details: counter = %u, flags = 0x%02x",
|
||||
__func__, sig_details->sk_counter, sig_details->sk_flags);
|
||||
debug2_f("signature details: counter = %u, flags = 0x%02x",
|
||||
sig_details->sk_counter, sig_details->sk_flags);
|
||||
}
|
||||
free(fp);
|
||||
fp = NULL;
|
||||
|
||||
if (revoked_keys != NULL) {
|
||||
if ((r = sshkey_check_revoked(sign_key, revoked_keys)) != 0) {
|
||||
debug3("sshkey_check_revoked failed: %s", ssh_err(r));
|
||||
debug3_fr(r, "sshkey_check_revoked");
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
if (allowed_keys != NULL &&
|
||||
(r = sshsig_check_allowed_keys(allowed_keys, sign_key,
|
||||
principal, sig_namespace)) != 0) {
|
||||
debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r));
|
||||
if (allowed_keys != NULL && (r = sshsig_check_allowed_keys(allowed_keys,
|
||||
sign_key, principal, sig_namespace)) != 0) {
|
||||
debug3_fr(r, "sshsig_check_allowed_keys");
|
||||
goto done;
|
||||
}
|
||||
/* success */
|
||||
|
@ -2749,10 +2723,8 @@ done:
|
|||
if (!quiet) {
|
||||
if (ret == 0) {
|
||||
if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
fatal("%s: sshkey_fingerprint failed",
|
||||
__func__);
|
||||
}
|
||||
SSH_FP_DEFAULT)) == NULL)
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
if (principal == NULL) {
|
||||
printf("Good \"%s\" signature with %s key %s\n",
|
||||
sig_namespace, sshkey_type(sign_key), fp);
|
||||
|
@ -2782,22 +2754,20 @@ sig_find_principals(const char *signature, const char *allowed_keys) {
|
|||
char *principals = NULL, *cp, *tmp;
|
||||
|
||||
if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
|
||||
error("Couldn't read signature file: %s", ssh_err(r));
|
||||
error_r(r, "Couldn't read signature file");
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) {
|
||||
error("%s: sshsig_armor: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshsig_armor");
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshsig_get_pubkey(sigbuf, &sign_key)) != 0) {
|
||||
error("%s: sshsig_get_pubkey: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "sshsig_get_pubkey");
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshsig_find_principals(allowed_keys, sign_key,
|
||||
&principals)) != 0) {
|
||||
error("%s: sshsig_get_principal: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "sshsig_get_principal");
|
||||
goto done;
|
||||
}
|
||||
ret = 0;
|
||||
|
@ -2997,7 +2967,7 @@ do_download_sk(const char *skprovider, const char *device)
|
|||
&keys, &nkeys)) != 0) {
|
||||
if (pin != NULL)
|
||||
freezero(pin, strlen(pin));
|
||||
error("Unable to load resident keys: %s", ssh_err(r));
|
||||
error_r(r, "Unable to load resident keys");
|
||||
return -1;
|
||||
}
|
||||
if (nkeys == 0)
|
||||
|
@ -3014,8 +2984,8 @@ do_download_sk(const char *skprovider, const char *device)
|
|||
}
|
||||
if ((fp = sshkey_fingerprint(keys[i],
|
||||
fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed", __func__);
|
||||
debug("%s: key %zu: %s %s %s (flags 0x%02x)", __func__, i,
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
debug_f("key %zu: %s %s %s (flags 0x%02x)", i,
|
||||
sshkey_type(keys[i]), fp, keys[i]->sk_application,
|
||||
keys[i]->sk_flags);
|
||||
ext = skip_ssh_url_preamble(keys[i]->sk_application);
|
||||
|
@ -3035,8 +3005,7 @@ do_download_sk(const char *skprovider, const char *device)
|
|||
if ((r = sshkey_save_private(keys[i], path, pass,
|
||||
keys[i]->sk_application, private_key_format,
|
||||
openssh_format_cipher, rounds)) != 0) {
|
||||
error("Saving key \"%s\" failed: %s",
|
||||
path, ssh_err(r));
|
||||
error_r(r, "Saving key \"%s\" failed", path);
|
||||
free(path);
|
||||
break;
|
||||
}
|
||||
|
@ -3053,8 +3022,7 @@ do_download_sk(const char *skprovider, const char *device)
|
|||
free(path);
|
||||
if ((r = sshkey_save_public(keys[i], pubpath,
|
||||
keys[i]->sk_application)) != 0) {
|
||||
error("Saving public key \"%s\" failed: %s",
|
||||
pubpath, ssh_err(r));
|
||||
error_r(r, "Saving public key \"%s\" failed", pubpath);
|
||||
free(pubpath);
|
||||
break;
|
||||
}
|
||||
|
@ -3085,8 +3053,7 @@ save_attestation(struct sshbuf *attest, const char *path)
|
|||
r = sshbuf_write_file(path, attest);
|
||||
umask(omask);
|
||||
if (r != 0)
|
||||
fatal("Unable to write attestation data \"%s\": %s", path,
|
||||
ssh_err(r));
|
||||
fatal_r(r, "Unable to write attestation data \"%s\"", path);
|
||||
if (!quiet)
|
||||
printf("Your FIDO attestation certificate has been saved in "
|
||||
"%s\n", path);
|
||||
|
@ -3608,9 +3575,9 @@ main(int argc, char **argv)
|
|||
} else if (strncasecmp(opts[i], "challenge=", 10) == 0) {
|
||||
if ((r = sshbuf_load_file(opts[i] + 10,
|
||||
&challenge)) != 0) {
|
||||
fatal("Unable to load FIDO enrollment "
|
||||
"challenge \"%s\": %s",
|
||||
opts[i] + 10, ssh_err(r));
|
||||
fatal_r(r, "Unable to load FIDO "
|
||||
"enrollment challenge \"%s\"",
|
||||
opts[i] + 10);
|
||||
}
|
||||
} else if (strncasecmp(opts[i],
|
||||
"write-attestation=", 18) == 0) {
|
||||
|
@ -3649,7 +3616,7 @@ main(int argc, char **argv)
|
|||
if (r == 0)
|
||||
break;
|
||||
if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
|
||||
fatal("Key enrollment failed: %s", ssh_err(r));
|
||||
fatal_r(r, "Key enrollment failed");
|
||||
else if (passphrase != NULL) {
|
||||
error("PIN incorrect");
|
||||
freezero(passphrase, strlen(passphrase));
|
||||
|
@ -3676,7 +3643,7 @@ main(int argc, char **argv)
|
|||
break;
|
||||
}
|
||||
if ((r = sshkey_from_private(private, &public)) != 0)
|
||||
fatal("sshkey_from_private failed: %s\n", ssh_err(r));
|
||||
fatal_r(r, "sshkey_from_private");
|
||||
|
||||
if (!have_identity)
|
||||
ask_filename(pw, "Enter file in which to save the key");
|
||||
|
@ -3700,8 +3667,7 @@ main(int argc, char **argv)
|
|||
/* Save the key with the given passphrase and comment. */
|
||||
if ((r = sshkey_save_private(private, identity_file, passphrase,
|
||||
comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
|
||||
error("Saving key \"%s\" failed: %s",
|
||||
identity_file, ssh_err(r));
|
||||
error_r(r, "Saving key \"%s\" failed", identity_file);
|
||||
freezero(passphrase, strlen(passphrase));
|
||||
exit(1);
|
||||
}
|
||||
|
@ -3714,10 +3680,8 @@ main(int argc, char **argv)
|
|||
}
|
||||
|
||||
strlcat(identity_file, ".pub", sizeof(identity_file));
|
||||
if ((r = sshkey_save_public(public, identity_file, comment)) != 0) {
|
||||
fatal("Unable to save public key to %s: %s",
|
||||
identity_file, ssh_err(r));
|
||||
}
|
||||
if ((r = sshkey_save_public(public, identity_file, comment)) != 0)
|
||||
fatal_r(r, "Unable to save public key to %s", identity_file);
|
||||
|
||||
if (!quiet) {
|
||||
fp = sshkey_fingerprint(public, fingerprint_hash,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-keyscan.c,v 1.135 2020/10/18 11:21:59 djm Exp $ */
|
||||
/* $OpenBSD: ssh-keyscan.c,v 1.136 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
||||
*
|
||||
|
@ -367,7 +367,7 @@ tcpconnect(char *host)
|
|||
continue;
|
||||
}
|
||||
if (set_nonblock(s) == -1)
|
||||
fatal("%s: set_nonblock(%d)", __func__, s);
|
||||
fatal_f("set_nonblock(%d)", s);
|
||||
if (connect(s, ai->ai_addr, ai->ai_addrlen) == -1 &&
|
||||
errno != EINPROGRESS)
|
||||
error("connect (`%s'): %s", host, strerror(errno));
|
||||
|
@ -401,7 +401,7 @@ conalloc(char *iname, char *oname, int keytype)
|
|||
if (fdcon[s].c_status)
|
||||
fatal("conalloc: attempt to reuse fdno %d", s);
|
||||
|
||||
debug3("%s: oname %s kt %d", __func__, oname, keytype);
|
||||
debug3_f("oname %s kt %d", oname, keytype);
|
||||
fdcon[s].c_fd = s;
|
||||
fdcon[s].c_status = CS_CON;
|
||||
fdcon[s].c_namebase = namebase;
|
||||
|
@ -787,8 +787,7 @@ main(int argc, char **argv)
|
|||
if (argv[j] == NULL)
|
||||
fp = stdin;
|
||||
else if ((fp = fopen(argv[j], "r")) == NULL)
|
||||
fatal("%s: %s: %s", __progname, argv[j],
|
||||
strerror(errno));
|
||||
fatal("%s: %s: %s", __progname, argv[j], strerror(errno));
|
||||
|
||||
while (getline(&line, &linesize, fp) != -1) {
|
||||
/* Chomp off trailing whitespace and comments */
|
||||
|
@ -810,8 +809,7 @@ main(int argc, char **argv)
|
|||
}
|
||||
|
||||
if (ferror(fp))
|
||||
fatal("%s: %s: %s", __progname, argv[j],
|
||||
strerror(errno));
|
||||
fatal("%s: %s: %s", __progname, argv[j], strerror(errno));
|
||||
|
||||
fclose(fp);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-keysign.c,v 1.64 2020/08/27 01:06:18 djm Exp $ */
|
||||
/* $OpenBSD: ssh-keysign.c,v 1.65 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -78,33 +78,33 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret,
|
|||
fail = 0;
|
||||
|
||||
if ((b = sshbuf_from(data, datalen)) == NULL)
|
||||
fatal("%s: sshbuf_from failed", __func__);
|
||||
fatal_f("sshbuf_from failed");
|
||||
|
||||
/* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */
|
||||
if ((r = sshbuf_get_string(b, NULL, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse session ID");
|
||||
if (len != 20 && len != 32)
|
||||
fail++;
|
||||
|
||||
if ((r = sshbuf_get_u8(b, &type)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse type");
|
||||
if (type != SSH2_MSG_USERAUTH_REQUEST)
|
||||
fail++;
|
||||
|
||||
/* server user */
|
||||
if ((r = sshbuf_skip_string(b)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse user");
|
||||
|
||||
/* service */
|
||||
if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse service");
|
||||
if (strcmp("ssh-connection", p) != 0)
|
||||
fail++;
|
||||
free(p);
|
||||
|
||||
/* method */
|
||||
if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse method");
|
||||
if (strcmp("hostbased", p) != 0)
|
||||
fail++;
|
||||
free(p);
|
||||
|
@ -112,13 +112,13 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret,
|
|||
/* pubkey */
|
||||
if ((r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0 ||
|
||||
(r = sshbuf_get_string(b, &pkblob, &blen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse pk");
|
||||
|
||||
pktype = sshkey_type_from_name(pkalg);
|
||||
if (pktype == KEY_UNSPEC)
|
||||
fail++;
|
||||
else if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
|
||||
error("%s: bad key blob: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "decode key");
|
||||
fail++;
|
||||
} else if (key->type != pktype)
|
||||
fail++;
|
||||
|
@ -127,8 +127,8 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret,
|
|||
|
||||
/* client host name, handle trailing dot */
|
||||
if ((r = sshbuf_get_cstring(b, &p, &len)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
debug2("%s: check expect chost %s got %s", __func__, host, p);
|
||||
fatal_fr(r, "parse hostname");
|
||||
debug2_f("check expect chost %s got %s", host, p);
|
||||
if (strlen(host) != len - 1)
|
||||
fail++;
|
||||
else if (p[len - 1] != '.')
|
||||
|
@ -139,7 +139,7 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret,
|
|||
|
||||
/* local user */
|
||||
if ((r = sshbuf_get_cstring(b, &luser, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse luser");
|
||||
|
||||
if (strcmp(pw->pw_name, luser) != 0)
|
||||
fail++;
|
||||
|
@ -150,7 +150,7 @@ valid_request(struct passwd *pw, char *host, struct sshkey **ret,
|
|||
fail++;
|
||||
sshbuf_free(b);
|
||||
|
||||
debug3("%s: fail %d", __func__, fail);
|
||||
debug3_f("fail %d", fail);
|
||||
|
||||
if (fail)
|
||||
sshkey_free(key);
|
||||
|
@ -228,7 +228,7 @@ main(int argc, char **argv)
|
|||
NULL, &key, NULL);
|
||||
close(key_fd[i]);
|
||||
if (r != 0)
|
||||
debug("parse key %d: %s", i, ssh_err(r));
|
||||
debug_r(r, "parse key %d", i);
|
||||
else if (key != NULL) {
|
||||
keys[i] = key;
|
||||
found = 1;
|
||||
|
@ -243,22 +243,23 @@ main(int argc, char **argv)
|
|||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __progname);
|
||||
if (ssh_msg_recv(STDIN_FILENO, b) < 0)
|
||||
fatal("ssh_msg_recv failed");
|
||||
fatal("%s: ssh_msg_recv failed", __progname);
|
||||
if ((r = sshbuf_get_u8(b, &rver)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: buffer error", __progname);
|
||||
if (rver != version)
|
||||
fatal("bad version: received %d, expected %d", rver, version);
|
||||
fatal("%s: bad version: received %d, expected %d",
|
||||
__progname, rver, version);
|
||||
if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: buffer error", __progname);
|
||||
if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
|
||||
fatal("bad fd = %d", fd);
|
||||
fatal("%s: bad fd = %d", __progname, fd);
|
||||
if ((host = get_local_name(fd)) == NULL)
|
||||
fatal("cannot get local name for fd");
|
||||
fatal("%s: cannot get local name for fd", __progname);
|
||||
|
||||
if ((r = sshbuf_get_string(b, &data, &dlen)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: buffer error", __progname);
|
||||
if (valid_request(pw, host, &key, data, dlen) < 0)
|
||||
fatal("not a valid request");
|
||||
fatal("%s: not a valid request", __progname);
|
||||
free(host);
|
||||
|
||||
found = 0;
|
||||
|
@ -273,21 +274,21 @@ main(int argc, char **argv)
|
|||
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint failed", __progname);
|
||||
fatal("no matching hostkey found for key %s %s",
|
||||
fatal("%s: no matching hostkey found for key %s %s", __progname,
|
||||
sshkey_type(key), fp ? fp : "");
|
||||
}
|
||||
|
||||
if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen,
|
||||
NULL, NULL, NULL, 0)) != 0)
|
||||
fatal("sshkey_sign failed: %s", ssh_err(r));
|
||||
fatal_r(r, "%s: sshkey_sign failed", __progname);
|
||||
free(data);
|
||||
|
||||
/* send reply */
|
||||
sshbuf_reset(b);
|
||||
if ((r = sshbuf_put_string(b, signature, slen)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: buffer error", __progname);
|
||||
if (ssh_msg_send(STDOUT_FILENO, version, b) == -1)
|
||||
fatal("ssh_msg_send failed");
|
||||
fatal("%s: ssh_msg_send failed", __progname);
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-pkcs11-client.c,v 1.16 2020/01/25 00:03:36 djm Exp $ */
|
||||
/* $OpenBSD: ssh-pkcs11-client.c,v 1.17 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
|
||||
|
@ -65,7 +65,7 @@ send_msg(struct sshbuf *m)
|
|||
sshbuf_len(m)) != sshbuf_len(m))
|
||||
error("write to helper failed");
|
||||
if ((r = sshbuf_consume(m, mlen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "consume");
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -93,11 +93,11 @@ recv_msg(struct sshbuf *m)
|
|||
return (0); /* XXX */
|
||||
}
|
||||
if ((r = sshbuf_put(m, buf, l)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put");
|
||||
len -= l;
|
||||
}
|
||||
if ((r = sshbuf_get_u8(m, &c)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse type");
|
||||
return c;
|
||||
}
|
||||
|
||||
|
@ -127,29 +127,29 @@ rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
|
|||
goto fail;
|
||||
key = sshkey_new(KEY_UNSPEC);
|
||||
if (key == NULL) {
|
||||
error("%s: sshkey_new failed", __func__);
|
||||
error_f("sshkey_new failed");
|
||||
goto fail;
|
||||
}
|
||||
key->type = KEY_RSA;
|
||||
RSA_up_ref(rsa);
|
||||
key->rsa = rsa;
|
||||
if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
|
||||
error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "encode key");
|
||||
goto fail;
|
||||
}
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, blob, blen)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, from, flen)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, 0)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(msg);
|
||||
sshbuf_reset(msg);
|
||||
|
||||
if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
|
||||
if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
if (slen <= (size_t)RSA_size(rsa)) {
|
||||
memcpy(to, signature, slen);
|
||||
ret = slen;
|
||||
|
@ -178,13 +178,13 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
|
|||
|
||||
nid = sshkey_ecdsa_key_to_nid(ec);
|
||||
if (nid < 0) {
|
||||
error("%s: couldn't get curve nid", __func__);
|
||||
error_f("couldn't get curve nid");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
key = sshkey_new(KEY_UNSPEC);
|
||||
if (key == NULL) {
|
||||
error("%s: sshkey_new failed", __func__);
|
||||
error_f("sshkey_new failed");
|
||||
goto fail;
|
||||
}
|
||||
key->ecdsa = ec;
|
||||
|
@ -193,22 +193,22 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
|
|||
EC_KEY_up_ref(ec);
|
||||
|
||||
if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
|
||||
error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "encode key");
|
||||
goto fail;
|
||||
}
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, blob, blen)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, 0)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(msg);
|
||||
sshbuf_reset(msg);
|
||||
|
||||
if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
|
||||
if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
cp = signature;
|
||||
ret = d2i_ECDSA_SIG(NULL, &cp, slen);
|
||||
free(signature);
|
||||
|
@ -238,7 +238,7 @@ wrap_key(struct sshkey *k)
|
|||
EC_KEY_set_method(k->ecdsa, helper_ecdsa);
|
||||
#endif /* HAVE_EC_KEY_METHOD_NEW */
|
||||
else
|
||||
fatal("%s: unknown key type", __func__);
|
||||
fatal_f("unknown key type");
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -260,10 +260,10 @@ pkcs11_start_helper_methods(void)
|
|||
#endif /* HAVE_EC_KEY_METHOD_NEW */
|
||||
|
||||
if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
|
||||
fatal("%s: RSA_meth_dup failed", __func__);
|
||||
fatal_f("RSA_meth_dup failed");
|
||||
if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||
|
||||
!RSA_meth_set_priv_enc(helper_rsa, rsa_encrypt))
|
||||
fatal("%s: failed to prepare method", __func__);
|
||||
fatal_f("failed to prepare method");
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
@ -300,7 +300,7 @@ pkcs11_start_helper(void)
|
|||
helper = getenv("SSH_PKCS11_HELPER");
|
||||
if (helper == NULL || strlen(helper) == 0)
|
||||
helper = _PATH_SSH_PKCS11_HELPER;
|
||||
debug("%s: starting %s %s", __func__, helper,
|
||||
debug_f("starting %s %s", helper,
|
||||
verbosity == NULL ? "" : verbosity);
|
||||
execlp(helper, helper, verbosity, (char *)NULL);
|
||||
fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno));
|
||||
|
@ -327,18 +327,18 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
|
|||
return (-1);
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH_AGENTC_ADD_SMARTCARD_KEY)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, name)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, pin)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(msg);
|
||||
sshbuf_reset(msg);
|
||||
|
||||
type = recv_msg(msg);
|
||||
if (type == SSH2_AGENT_IDENTITIES_ANSWER) {
|
||||
if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse nkeys");
|
||||
*keysp = xcalloc(nkeys, sizeof(struct sshkey *));
|
||||
if (labelsp)
|
||||
*labelsp = xcalloc(nkeys, sizeof(char *));
|
||||
|
@ -346,10 +346,9 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp,
|
|||
/* XXX clean up properly instead of fatal() */
|
||||
if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 ||
|
||||
(r = sshbuf_get_cstring(msg, &label, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse key");
|
||||
if ((r = sshkey_from_blob(blob, blen, &k)) != 0)
|
||||
fatal("%s: bad key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "decode key");
|
||||
wrap_key(k);
|
||||
(*keysp)[i] = k;
|
||||
if (labelsp)
|
||||
|
@ -375,11 +374,11 @@ pkcs11_del_provider(char *name)
|
|||
struct sshbuf *msg;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_put_u8(msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, name)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, "")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
send_msg(msg);
|
||||
sshbuf_reset(msg);
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-pkcs11-helper.c,v 1.23 2020/03/06 18:26:21 markus Exp $ */
|
||||
/* $OpenBSD: ssh-pkcs11-helper.c,v 1.24 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -111,7 +111,7 @@ send_msg(struct sshbuf *m)
|
|||
int r;
|
||||
|
||||
if ((r = sshbuf_put_stringb(oqueue, m)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "enqueue");
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -126,35 +126,30 @@ process_add(void)
|
|||
char **labels = NULL;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
if ((nkeys = pkcs11_add_provider(name, pin, &keys, &labels)) > 0) {
|
||||
if ((r = sshbuf_put_u8(msg,
|
||||
SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, nkeys)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
for (i = 0; i < nkeys; i++) {
|
||||
if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) {
|
||||
debug("%s: sshkey_to_blob: %s",
|
||||
__func__, ssh_err(r));
|
||||
debug_fr(r, "encode key");
|
||||
continue;
|
||||
}
|
||||
if ((r = sshbuf_put_string(msg, blob, blen)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, labels[i])) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "compose key");
|
||||
free(blob);
|
||||
add_key(keys[i], name, labels[i]);
|
||||
free(labels[i]);
|
||||
}
|
||||
} else {
|
||||
if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
if ((r = sshbuf_put_u32(msg, -nkeys)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
}
|
||||
} else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0 ||
|
||||
(r = sshbuf_put_u32(msg, -nkeys)) != 0)
|
||||
fatal_fr(r, "compose");
|
||||
free(labels);
|
||||
free(keys); /* keys themselves are transferred to pkcs11_keylist */
|
||||
free(pin);
|
||||
|
@ -171,14 +166,14 @@ process_del(void)
|
|||
int r;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
del_keys_by_name(name);
|
||||
if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ?
|
||||
SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
free(pin);
|
||||
free(name);
|
||||
send_msg(msg);
|
||||
|
@ -198,10 +193,10 @@ process_sign(void)
|
|||
if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 ||
|
||||
(r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 ||
|
||||
(r = sshbuf_get_u32(iqueue, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
|
||||
if ((r = sshkey_from_blob(blob, blen, &key)) != 0)
|
||||
error("%s: sshkey_from_blob: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "decode key");
|
||||
else {
|
||||
if ((found = lookup_key(key)) != NULL) {
|
||||
#ifdef WITH_OPENSSL
|
||||
|
@ -227,26 +222,25 @@ process_sign(void)
|
|||
if (ret != 0)
|
||||
ok = 0;
|
||||
else
|
||||
error("%s: ECDSA_sign"
|
||||
" returns %d", __func__, ret);
|
||||
error_f("ECDSA_sign returned %d", ret);
|
||||
slen = xslen;
|
||||
#endif /* OPENSSL_HAS_ECC */
|
||||
} else
|
||||
error("%s: don't know how to sign with key "
|
||||
"type %d", __func__, (int)key->type);
|
||||
error_f("don't know how to sign with key "
|
||||
"type %d", (int)key->type);
|
||||
#endif /* WITH_OPENSSL */
|
||||
}
|
||||
sshkey_free(key);
|
||||
}
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (ok == 0) {
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 ||
|
||||
(r = sshbuf_put_string(msg, signature, slen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose response");
|
||||
} else {
|
||||
if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose failure response");
|
||||
}
|
||||
free(data);
|
||||
free(blob);
|
||||
|
@ -278,7 +272,7 @@ process(void)
|
|||
return;
|
||||
if ((r = sshbuf_consume(iqueue, 4)) != 0 ||
|
||||
(r = sshbuf_get_u8(iqueue, &type)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse type/len");
|
||||
buf_len -= 4;
|
||||
switch (type) {
|
||||
case SSH_AGENTC_ADD_SMARTCARD_KEY:
|
||||
|
@ -309,7 +303,7 @@ process(void)
|
|||
}
|
||||
if (msg_len > consumed) {
|
||||
if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "consume");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -361,9 +355,9 @@ main(int argc, char **argv)
|
|||
out = STDOUT_FILENO;
|
||||
|
||||
if ((iqueue = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((oqueue = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
while (1) {
|
||||
memset(pfd, 0, sizeof(pfd));
|
||||
|
@ -379,7 +373,7 @@ main(int argc, char **argv)
|
|||
(r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0)
|
||||
pfd[0].events = POLLIN;
|
||||
else if (r != SSH_ERR_NO_BUFFER_SPACE)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reserve");
|
||||
|
||||
if (sshbuf_len(oqueue) > 0)
|
||||
pfd[1].events = POLLOUT;
|
||||
|
@ -399,10 +393,8 @@ main(int argc, char **argv)
|
|||
} else if (len < 0) {
|
||||
error("read: %s", strerror(errno));
|
||||
cleanup_exit(1);
|
||||
} else if ((r = sshbuf_put(iqueue, buf, len)) != 0) {
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
} else if ((r = sshbuf_put(iqueue, buf, len)) != 0)
|
||||
fatal_fr(r, "sshbuf_put");
|
||||
}
|
||||
/* send oqueue to stdout */
|
||||
if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) {
|
||||
|
@ -411,10 +403,8 @@ main(int argc, char **argv)
|
|||
if (len < 0) {
|
||||
error("write: %s", strerror(errno));
|
||||
cleanup_exit(1);
|
||||
} else if ((r = sshbuf_consume(oqueue, len)) != 0) {
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
} else if ((r = sshbuf_consume(oqueue, len)) != 0)
|
||||
fatal_fr(r, "consume");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -425,7 +415,7 @@ main(int argc, char **argv)
|
|||
if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0)
|
||||
process();
|
||||
else if (r != SSH_ERR_NO_BUFFER_SPACE)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reserve");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
77
ssh-pkcs11.c
77
ssh-pkcs11.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-pkcs11.c,v 1.50 2020/05/29 03:14:02 djm Exp $ */
|
||||
/* $OpenBSD: ssh-pkcs11.c,v 1.51 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
|
||||
|
@ -84,10 +84,9 @@ ossl_error(const char *msg)
|
|||
{
|
||||
unsigned long e;
|
||||
|
||||
error("%s: %s", __func__, msg);
|
||||
error_f("%s", msg);
|
||||
while ((e = ERR_get_error()) != 0)
|
||||
error("%s: libcrypto error: %.100s", __func__,
|
||||
ERR_error_string(e, NULL));
|
||||
error_f("libcrypto error: %s", ERR_error_string(e, NULL));
|
||||
}
|
||||
#endif /* HAVE_EC_KEY_METHOD_NEW */
|
||||
|
||||
|
@ -202,7 +201,7 @@ pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
|
|||
{
|
||||
struct pkcs11_key *k11 = ptr;
|
||||
|
||||
debug("%s: parent %p ptr %p idx %d", __func__, parent, ptr, idx);
|
||||
debug_f("parent %p ptr %p idx %d", parent, ptr, idx);
|
||||
if (k11 == NULL)
|
||||
return;
|
||||
if (k11->provider)
|
||||
|
@ -263,7 +262,7 @@ pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si,
|
|||
snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ",
|
||||
si->token.label);
|
||||
if ((pin = read_passphrase(prompt, RP_ALLOW_EOF)) == NULL) {
|
||||
debug("%s: no pin specified", __func__);
|
||||
debug_f("no pin specified");
|
||||
return (-1); /* bail out */
|
||||
}
|
||||
}
|
||||
|
@ -337,8 +336,8 @@ pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj,
|
|||
return (-1);
|
||||
}
|
||||
*val = flag != 0;
|
||||
debug("%s: provider %p slot %lu object %lu: attrib %lu = %d",
|
||||
__func__, k11->provider, k11->slotidx, obj, type, *val);
|
||||
debug_f("provider %p slot %lu object %lu: attrib %lu = %d",
|
||||
k11->provider, k11->slotidx, obj, type, *val);
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -407,7 +406,7 @@ pkcs11_get_key(struct pkcs11_key *k11, CK_MECHANISM_TYPE mech_type)
|
|||
pkcs11_check_obj_bool_attrib(k11, obj, CKA_ALWAYS_AUTHENTICATE,
|
||||
&always_auth); /* ignore errors here */
|
||||
if (always_auth && !did_login) {
|
||||
debug("%s: always-auth key", __func__);
|
||||
debug_f("always-auth key");
|
||||
if (pkcs11_login(k11, CKU_CONTEXT_SPECIFIC) < 0) {
|
||||
error("login failed for always-auth key");
|
||||
return (-1);
|
||||
|
@ -475,7 +474,7 @@ pkcs11_rsa_start_wrapper(void)
|
|||
if (!RSA_meth_set1_name(rsa_method, "pkcs11") ||
|
||||
!RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) ||
|
||||
!RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) {
|
||||
error("%s: setup pkcs11 method failed", __func__);
|
||||
error_f("setup pkcs11 method failed");
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
|
@ -561,7 +560,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
|
|||
goto done;
|
||||
}
|
||||
if (!ECDSA_SIG_set0(ret, r, s)) {
|
||||
error("%s: ECDSA_SIG_set0 failed", __func__);
|
||||
error_f("ECDSA_SIG_set0 failed");
|
||||
ECDSA_SIG_free(ret);
|
||||
ret = NULL;
|
||||
goto done;
|
||||
|
@ -883,7 +882,7 @@ pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
|
|||
goto fail;
|
||||
}
|
||||
if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL))
|
||||
fatal("%s: set key", __func__);
|
||||
fatal_f("set key");
|
||||
rsa_n = rsa_e = NULL; /* transferred */
|
||||
|
||||
if (pkcs11_rsa_wrap(p, slotidx, &key_attr[0], rsa))
|
||||
|
@ -1355,7 +1354,7 @@ pkcs11_rsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx,
|
|||
|
||||
if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv,
|
||||
&pubKey, &privKey)) != CKR_OK) {
|
||||
error("%s: key generation failed: error 0x%lx", __func__, rv);
|
||||
error_f("key generation failed: error 0x%lx", rv);
|
||||
*err = rv;
|
||||
return NULL;
|
||||
}
|
||||
|
@ -1434,12 +1433,12 @@ pkcs11_ecdsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx,
|
|||
break;
|
||||
}
|
||||
if (!ec_curve_infos[i].name) {
|
||||
error("%s: invalid key size %lu", __func__, bits);
|
||||
error_f("invalid key size %lu", bits);
|
||||
return NULL;
|
||||
}
|
||||
if (pkcs11_decode_hex(ec_curve_infos[i].oid_encoded, &ecparams,
|
||||
&ecparams_size) == -1) {
|
||||
error("%s: invalid oid", __func__);
|
||||
error_f("invalid oid");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -1472,7 +1471,7 @@ pkcs11_ecdsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx,
|
|||
|
||||
if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv,
|
||||
&pubKey, &privKey)) != CKR_OK) {
|
||||
error("%s: key generation failed: error 0x%lx", __func__, rv);
|
||||
error_f("key generation failed: error 0x%lx", rv);
|
||||
*err = rv;
|
||||
return NULL;
|
||||
}
|
||||
|
@ -1510,8 +1509,7 @@ pkcs11_register_provider(char *provider_id, char *pin,
|
|||
*labelsp = NULL;
|
||||
|
||||
if (pkcs11_provider_lookup(provider_id) != NULL) {
|
||||
debug("%s: provider already registered: %s",
|
||||
__func__, provider_id);
|
||||
debug_f("provider already registered: %s", provider_id);
|
||||
goto fail;
|
||||
}
|
||||
/* open shared pkcs11-library */
|
||||
|
@ -1560,8 +1558,7 @@ pkcs11_register_provider(char *provider_id, char *pin,
|
|||
goto fail;
|
||||
}
|
||||
if (p->nslots == 0) {
|
||||
debug("%s: provider %s returned no slots", __func__,
|
||||
provider_id);
|
||||
debug_f("provider %s returned no slots", provider_id);
|
||||
ret = -SSH_PKCS11_ERR_NO_SLOTS;
|
||||
goto fail;
|
||||
}
|
||||
|
@ -1580,13 +1577,12 @@ pkcs11_register_provider(char *provider_id, char *pin,
|
|||
if ((rv = f->C_GetTokenInfo(p->slotlist[i], token))
|
||||
!= CKR_OK) {
|
||||
error("C_GetTokenInfo for provider %s slot %lu "
|
||||
"failed: %lu", provider_id, (unsigned long)i, rv);
|
||||
"failed: %lu", provider_id, (u_long)i, rv);
|
||||
continue;
|
||||
}
|
||||
if ((token->flags & CKF_TOKEN_INITIALIZED) == 0) {
|
||||
debug2("%s: ignoring uninitialised token in "
|
||||
"provider %s slot %lu", __func__,
|
||||
provider_id, (unsigned long)i);
|
||||
debug2_f("ignoring uninitialised token in "
|
||||
"provider %s slot %lu", provider_id, (u_long)i);
|
||||
continue;
|
||||
}
|
||||
rmspace(token->label, sizeof(token->label));
|
||||
|
@ -1668,8 +1664,7 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp,
|
|||
pkcs11_provider_unref(p);
|
||||
}
|
||||
if (nkeys == 0)
|
||||
debug("%s: provider %s returned no keys", __func__,
|
||||
provider_id);
|
||||
debug_f("provider %s returned no keys", provider_id);
|
||||
|
||||
return (nkeys);
|
||||
}
|
||||
|
@ -1690,11 +1685,10 @@ pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label,
|
|||
*err = 0;
|
||||
|
||||
if ((p = pkcs11_provider_lookup(provider_id)) != NULL)
|
||||
debug("%s: provider \"%s\" available", __func__, provider_id);
|
||||
debug_f("provider \"%s\" available", provider_id);
|
||||
else if ((ret = pkcs11_register_provider(provider_id, pin, NULL, NULL,
|
||||
&p, CKU_SO)) < 0) {
|
||||
debug("%s: could not register provider %s", __func__,
|
||||
provider_id);
|
||||
debug_f("could not register provider %s", provider_id);
|
||||
goto out;
|
||||
} else
|
||||
reset_provider = 1;
|
||||
|
@ -1705,7 +1699,7 @@ pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label,
|
|||
|
||||
if ((rv = f->C_SetOperationState(session , pin, strlen(pin),
|
||||
CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) {
|
||||
debug("%s: could not supply SO pin: %lu", __func__, rv);
|
||||
debug_f("could not supply SO pin: %lu", rv);
|
||||
reset_pin = 0;
|
||||
} else
|
||||
reset_pin = 1;
|
||||
|
@ -1714,20 +1708,20 @@ pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label,
|
|||
case KEY_RSA:
|
||||
if ((k = pkcs11_rsa_generate_private_key(p, slotidx, label,
|
||||
bits, keyid, err)) == NULL) {
|
||||
debug("%s: failed to generate RSA key", __func__);
|
||||
debug_f("failed to generate RSA key");
|
||||
goto out;
|
||||
}
|
||||
break;
|
||||
case KEY_ECDSA:
|
||||
if ((k = pkcs11_ecdsa_generate_private_key(p, slotidx, label,
|
||||
bits, keyid, err)) == NULL) {
|
||||
debug("%s: failed to generate ECDSA key", __func__);
|
||||
debug_f("failed to generate ECDSA key");
|
||||
goto out;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
*err = SSH_PKCS11_ERR_GENERIC;
|
||||
debug("%s: unknown type %d", __func__, type);
|
||||
debug_f("unknown type %d", type);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -1762,10 +1756,10 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx,
|
|||
*err = 0;
|
||||
|
||||
if ((p = pkcs11_provider_lookup(provider_id)) != NULL) {
|
||||
debug("%s: using provider \"%s\"", __func__, provider_id);
|
||||
debug_f("using provider \"%s\"", provider_id);
|
||||
} else if (pkcs11_register_provider(provider_id, pin, NULL, NULL, &p,
|
||||
CKU_SO) < 0) {
|
||||
debug("%s: could not register provider %s", __func__,
|
||||
debug_f("could not register provider %s",
|
||||
provider_id);
|
||||
goto out;
|
||||
} else
|
||||
|
@ -1777,7 +1771,7 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx,
|
|||
|
||||
if ((rv = f->C_SetOperationState(session , pin, strlen(pin),
|
||||
CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) {
|
||||
debug("%s: could not supply SO pin: %lu", __func__, rv);
|
||||
debug_f("could not supply SO pin: %lu", rv);
|
||||
reset_pin = 0;
|
||||
} else
|
||||
reset_pin = 1;
|
||||
|
@ -1791,8 +1785,8 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx,
|
|||
if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 &&
|
||||
obj != CK_INVALID_HANDLE) {
|
||||
if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) {
|
||||
debug("%s: could not destroy private key 0x%hhx",
|
||||
__func__, keyid);
|
||||
debug_f("could not destroy private key 0x%hhx",
|
||||
keyid);
|
||||
*err = rv;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1813,8 +1807,8 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx,
|
|||
sizeof(key_type));
|
||||
rv = f->C_GetAttributeValue(session, obj, attrs, nattrs);
|
||||
if (rv != CKR_OK) {
|
||||
debug("%s: could not get key type of public key 0x%hhx",
|
||||
__func__, keyid);
|
||||
debug_f("could not get key type of public key 0x%hhx",
|
||||
keyid);
|
||||
*err = rv;
|
||||
key_type = -1;
|
||||
}
|
||||
|
@ -1824,8 +1818,7 @@ pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx,
|
|||
k = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj);
|
||||
|
||||
if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) {
|
||||
debug("%s: could not destroy public key 0x%hhx",
|
||||
__func__, keyid);
|
||||
debug_f("could not destroy public key 0x%hhx", keyid);
|
||||
*err = rv;
|
||||
goto out;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */
|
||||
/* $OpenBSD: ssh-sk-client.c,v 1.8 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Google LLC
|
||||
*
|
||||
|
@ -47,7 +47,7 @@ static int
|
|||
start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
|
||||
{
|
||||
void (*osigchld)(int);
|
||||
int oerrno, pair[2], r = SSH_ERR_INTERNAL_ERROR;
|
||||
int oerrno, pair[2];
|
||||
pid_t pid;
|
||||
char *helper, *verbosity = NULL;
|
||||
|
||||
|
@ -60,8 +60,7 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
|
|||
helper = _PATH_SSH_SK_HELPER;
|
||||
if (access(helper, X_OK) != 0) {
|
||||
oerrno = errno;
|
||||
error("%s: helper \"%s\" unusable: %s", __func__, helper,
|
||||
strerror(errno));
|
||||
error_f("helper \"%s\" unusable: %s", helper, strerror(errno));
|
||||
errno = oerrno;
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
}
|
||||
|
@ -87,22 +86,22 @@ start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
|
|||
if (pid == 0) {
|
||||
if ((dup2(pair[1], STDIN_FILENO) == -1) ||
|
||||
(dup2(pair[1], STDOUT_FILENO) == -1)) {
|
||||
error("%s: dup2: %s", __func__, ssh_err(r));
|
||||
error_f("dup2: %s", strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
close(pair[0]);
|
||||
close(pair[1]);
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
debug("%s: starting %s %s", __func__, helper,
|
||||
debug_f("starting %s %s", helper,
|
||||
verbosity == NULL ? "" : verbosity);
|
||||
execlp(helper, helper, verbosity, (char *)NULL);
|
||||
error("%s: execlp: %s", __func__, strerror(errno));
|
||||
error_f("execlp: %s", strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
close(pair[1]);
|
||||
|
||||
/* success */
|
||||
debug3("%s: started pid=%ld", __func__, (long)pid);
|
||||
debug3_f("started pid=%ld", (long)pid);
|
||||
*fdp = pair[0];
|
||||
*pidp = pid;
|
||||
*osigchldp = osigchld;
|
||||
|
@ -114,7 +113,7 @@ reap_helper(pid_t pid)
|
|||
{
|
||||
int status, oerrno;
|
||||
|
||||
debug3("%s: pid=%ld", __func__, (long)pid);
|
||||
debug3_f("pid=%ld", (long)pid);
|
||||
|
||||
errno = 0;
|
||||
while (waitpid(pid, &status, 0) == -1) {
|
||||
|
@ -123,15 +122,15 @@ reap_helper(pid_t pid)
|
|||
continue;
|
||||
}
|
||||
oerrno = errno;
|
||||
error("%s: waitpid: %s", __func__, strerror(errno));
|
||||
error_f("waitpid: %s", strerror(errno));
|
||||
errno = oerrno;
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
}
|
||||
if (!WIFEXITED(status)) {
|
||||
error("%s: helper exited abnormally", __func__);
|
||||
error_f("helper exited abnormally");
|
||||
return SSH_ERR_AGENT_FAILURE;
|
||||
} else if (WEXITSTATUS(status) != 0) {
|
||||
error("%s: helper exited with non-zero exit status", __func__);
|
||||
error_f("helper exited with non-zero exit status");
|
||||
return SSH_ERR_AGENT_FAILURE;
|
||||
}
|
||||
return 0;
|
||||
|
@ -161,37 +160,37 @@ client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type)
|
|||
(r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 ||
|
||||
(r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 ||
|
||||
(r = sshbuf_putb(req, msg)) != 0) {
|
||||
error("%s: build: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose");
|
||||
goto out;
|
||||
}
|
||||
if ((r = ssh_msg_send(fd, SSH_SK_HELPER_VERSION, req)) != 0) {
|
||||
error("%s: send: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "send");
|
||||
goto out;
|
||||
}
|
||||
if ((r = ssh_msg_recv(fd, resp)) != 0) {
|
||||
error("%s: receive: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "receive");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_get_u8(resp, &version)) != 0) {
|
||||
error("%s: parse version: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse version");
|
||||
goto out;
|
||||
}
|
||||
if (version != SSH_SK_HELPER_VERSION) {
|
||||
error("%s: unsupported version: got %u, expected %u",
|
||||
__func__, version, SSH_SK_HELPER_VERSION);
|
||||
error_f("unsupported version: got %u, expected %u",
|
||||
version, SSH_SK_HELPER_VERSION);
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_get_u32(resp, &rtype)) != 0) {
|
||||
error("%s: parse message type: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse message type");
|
||||
goto out;
|
||||
}
|
||||
if (rtype == SSH_SK_HELPER_ERROR) {
|
||||
if ((r = sshbuf_get_u32(resp, &rerr)) != 0) {
|
||||
error("%s: parse error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
goto out;
|
||||
}
|
||||
debug("%s: helper returned error -%u", __func__, rerr);
|
||||
debug_f("helper returned error -%u", rerr);
|
||||
/* OpenSSH error values are negative; encoded as -err on wire */
|
||||
if (rerr == 0 || rerr >= INT_MAX)
|
||||
r = SSH_ERR_INTERNAL_ERROR;
|
||||
|
@ -199,8 +198,8 @@ client_converse(struct sshbuf *msg, struct sshbuf **respp, u_int type)
|
|||
r = -(int)rerr;
|
||||
goto out;
|
||||
} else if (rtype != type) {
|
||||
error("%s: helper returned incorrect message type %u, "
|
||||
"expecting %u", __func__, rtype, type);
|
||||
error_f("helper returned incorrect message type %u, "
|
||||
"expecting %u", rtype, type);
|
||||
r = SSH_ERR_INTERNAL_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
@ -250,7 +249,7 @@ sshsk_sign(const char *provider, struct sshkey *key,
|
|||
}
|
||||
|
||||
if ((r = sshkey_private_serialize(key, kbuf)) != 0) {
|
||||
error("%s: serialize private key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "encode key");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put_stringb(req, kbuf)) != 0 ||
|
||||
|
@ -259,13 +258,13 @@ sshsk_sign(const char *provider, struct sshkey *key,
|
|||
(r = sshbuf_put_cstring(req, NULL)) != 0 || /* alg */
|
||||
(r = sshbuf_put_u32(req, compat)) != 0 ||
|
||||
(r = sshbuf_put_cstring(req, pin)) != 0) {
|
||||
error("%s: compose: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -273,12 +272,12 @@ sshsk_sign(const char *provider, struct sshkey *key,
|
|||
goto out;
|
||||
|
||||
if ((r = sshbuf_get_string(resp, sigp, lenp)) != 0) {
|
||||
error("%s: parse signature: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse signature");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
if (sshbuf_len(resp) != 0) {
|
||||
error("%s: trailing data in response", __func__);
|
||||
error_f("trailing data in response");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
|
@ -334,7 +333,7 @@ sshsk_enroll(int type, const char *provider_path, const char *device,
|
|||
(r = sshbuf_put_u8(req, flags)) != 0 ||
|
||||
(r = sshbuf_put_cstring(req, pin)) != 0 ||
|
||||
(r = sshbuf_put_stringb(req, challenge_buf)) != 0) {
|
||||
error("%s: compose: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -343,21 +342,21 @@ sshsk_enroll(int type, const char *provider_path, const char *device,
|
|||
|
||||
if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
|
||||
(r = sshbuf_get_stringb(resp, abuf)) != 0) {
|
||||
error("%s: parse signature: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
if (sshbuf_len(resp) != 0) {
|
||||
error("%s: trailing data in response", __func__);
|
||||
error_f("trailing data in response");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
|
||||
error("Unable to parse private key: %s", ssh_err(r));
|
||||
error_fr(r, "encode");
|
||||
goto out;
|
||||
}
|
||||
if (attest != NULL && (r = sshbuf_putb(attest, abuf)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "encode attestation information");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -398,7 +397,7 @@ sshsk_load_resident(const char *provider_path, const char *device,
|
|||
if ((r = sshbuf_put_cstring(req, provider_path)) != 0 ||
|
||||
(r = sshbuf_put_cstring(req, device)) != 0 ||
|
||||
(r = sshbuf_put_cstring(req, pin)) != 0) {
|
||||
error("%s: compose: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -409,21 +408,21 @@ sshsk_load_resident(const char *provider_path, const char *device,
|
|||
/* key, comment */
|
||||
if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
|
||||
(r = sshbuf_get_cstring(resp, NULL, NULL)) != 0) {
|
||||
error("%s: parse signature: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse signature");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
|
||||
error("Unable to parse private key: %s", ssh_err(r));
|
||||
error_fr(r, "decode key");
|
||||
goto out;
|
||||
}
|
||||
if ((tmp = recallocarray(keys, nkeys, nkeys + 1,
|
||||
sizeof(*keys))) == NULL) {
|
||||
error("%s: recallocarray keys failed", __func__);
|
||||
error_f("recallocarray keys failed");
|
||||
goto out;
|
||||
}
|
||||
debug("%s: keys[%zu]: %s %s", __func__,
|
||||
nkeys, sshkey_type(key), key->sk_application);
|
||||
debug_f("keys[%zu]: %s %s", nkeys, sshkey_type(key),
|
||||
key->sk_application);
|
||||
keys = tmp;
|
||||
keys[nkeys++] = key;
|
||||
key = NULL;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-sk-helper.c,v 1.10 2020/05/26 01:59:46 djm Exp $ */
|
||||
/* $OpenBSD: ssh-sk-helper.c,v 1.11 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Google LLC
|
||||
*
|
||||
|
@ -67,7 +67,7 @@ reply_error(int r, char *fmt, ...)
|
|||
free(msg);
|
||||
|
||||
if (r >= 0)
|
||||
fatal("%s: invalid error code %d", __func__, r);
|
||||
fatal_f("invalid error code %d", r);
|
||||
|
||||
if ((resp = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __progname);
|
||||
|
@ -106,17 +106,19 @@ process_sign(struct sshbuf *req)
|
|||
(r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
|
||||
(r = sshbuf_get_u32(req, &compat)) != 0 ||
|
||||
(r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: parse", __progname);
|
||||
if (sshbuf_len(req) != 0)
|
||||
fatal("%s: trailing data in request", __progname);
|
||||
|
||||
if ((r = sshkey_private_deserialize(kbuf, &key)) != 0)
|
||||
fatal("Unable to parse private key: %s", ssh_err(r));
|
||||
if (!sshkey_is_sk(key))
|
||||
fatal("Unsupported key type %s", sshkey_ssh_name(key));
|
||||
fatal_r(r, "%s: Unable to parse private key", __progname);
|
||||
if (!sshkey_is_sk(key)) {
|
||||
fatal("%s: Unsupported key type %s",
|
||||
__progname, sshkey_ssh_name(key));
|
||||
}
|
||||
|
||||
debug("%s: ready to sign with key %s, provider %s: "
|
||||
"msg len %zu, compat 0x%lx", __progname, sshkey_type(key),
|
||||
debug_f("ready to sign with key %s, provider %s: "
|
||||
"msg len %zu, compat 0x%lx", sshkey_type(key),
|
||||
provider, msglen, (u_long)compat);
|
||||
|
||||
null_empty(&pin);
|
||||
|
@ -132,7 +134,7 @@ process_sign(struct sshbuf *req)
|
|||
|
||||
if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_SIGN)) != 0 ||
|
||||
(r = sshbuf_put_string(resp, sig, siglen)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: compose", __progname);
|
||||
out:
|
||||
sshkey_free(key);
|
||||
sshbuf_free(kbuf);
|
||||
|
@ -166,7 +168,7 @@ process_enroll(struct sshbuf *req)
|
|||
(r = sshbuf_get_u8(req, &flags)) != 0 ||
|
||||
(r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
|
||||
(r = sshbuf_froms(req, &challenge)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: parse", __progname);
|
||||
if (sshbuf_len(req) != 0)
|
||||
fatal("%s: trailing data in request", __progname);
|
||||
|
||||
|
@ -189,11 +191,11 @@ process_enroll(struct sshbuf *req)
|
|||
if ((resp = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __progname);
|
||||
if ((r = sshkey_private_serialize(key, kbuf)) != 0)
|
||||
fatal("%s: serialize private key: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: encode key", __progname);
|
||||
if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_ENROLL)) != 0 ||
|
||||
(r = sshbuf_put_stringb(resp, kbuf)) != 0 ||
|
||||
(r = sshbuf_put_stringb(resp, attest)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: compose", __progname);
|
||||
|
||||
out:
|
||||
sshkey_free(key);
|
||||
|
@ -223,7 +225,7 @@ process_load_resident(struct sshbuf *req)
|
|||
if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: parse", __progname);
|
||||
if (sshbuf_len(req) != 0)
|
||||
fatal("%s: trailing data in request", __progname);
|
||||
|
||||
|
@ -241,18 +243,17 @@ process_load_resident(struct sshbuf *req)
|
|||
fatal("%s: sshbuf_new failed", __progname);
|
||||
|
||||
if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_LOAD_RESIDENT)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: compose", __progname);
|
||||
|
||||
for (i = 0; i < nkeys; i++) {
|
||||
debug("%s: key %zu %s %s", __func__, i,
|
||||
sshkey_type(keys[i]), keys[i]->sk_application);
|
||||
debug_f("key %zu %s %s", i, sshkey_type(keys[i]),
|
||||
keys[i]->sk_application);
|
||||
sshbuf_reset(kbuf);
|
||||
if ((r = sshkey_private_serialize(keys[i], kbuf)) != 0)
|
||||
fatal("%s: serialize private key: %s",
|
||||
__progname, ssh_err(r));
|
||||
fatal_r(r, "%s: encode key", __progname);
|
||||
if ((r = sshbuf_put_stringb(resp, kbuf)) != 0 ||
|
||||
(r = sshbuf_put_cstring(resp, "")) != 0) /* comment */
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: compose key", __progname);
|
||||
}
|
||||
|
||||
out:
|
||||
|
@ -311,10 +312,10 @@ main(int argc, char **argv)
|
|||
if (ssh_msg_recv(in, req) < 0)
|
||||
fatal("ssh_msg_recv failed");
|
||||
close(in);
|
||||
debug("%s: received message len %zu", __progname, sshbuf_len(req));
|
||||
debug_f("received message len %zu", sshbuf_len(req));
|
||||
|
||||
if ((r = sshbuf_get_u8(req, &version)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: parse version", __progname);
|
||||
if (version != SSH_SK_HELPER_VERSION) {
|
||||
fatal("unsupported version: received %d, expected %d",
|
||||
version, SSH_SK_HELPER_VERSION);
|
||||
|
@ -323,7 +324,7 @@ main(int argc, char **argv)
|
|||
if ((r = sshbuf_get_u32(req, &rtype)) != 0 ||
|
||||
(r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
|
||||
(r = sshbuf_get_u32(req, &ll)) != 0)
|
||||
fatal("%s: buffer error: %s", __progname, ssh_err(r));
|
||||
fatal_r(r, "%s: parse", __progname);
|
||||
|
||||
if (!vflag && log_level_name((LogLevel)ll) != NULL)
|
||||
log_init(__progname, (LogLevel)ll, log_facility, log_stderr);
|
||||
|
@ -342,7 +343,7 @@ main(int argc, char **argv)
|
|||
fatal("%s: unsupported request type %u", __progname, rtype);
|
||||
}
|
||||
sshbuf_free(req);
|
||||
debug("%s: reply len %zu", __progname, sshbuf_len(resp));
|
||||
debug_f("reply len %zu", sshbuf_len(resp));
|
||||
|
||||
if (ssh_msg_send(out, SSH_SK_HELPER_VERSION, resp) == -1)
|
||||
fatal("ssh_msg_send failed");
|
||||
|
|
87
ssh-sk.c
87
ssh-sk.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-sk.c,v 1.32 2020/09/09 03:08:02 djm Exp $ */
|
||||
/* $OpenBSD: ssh-sk.c,v 1.33 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Google LLC
|
||||
*
|
||||
|
@ -105,11 +105,11 @@ sshsk_open(const char *path)
|
|||
return NULL;
|
||||
}
|
||||
if ((ret = calloc(1, sizeof(*ret))) == NULL) {
|
||||
error("%s: calloc failed", __func__);
|
||||
error_f("calloc failed");
|
||||
return NULL;
|
||||
}
|
||||
if ((ret->path = strdup(path)) == NULL) {
|
||||
error("%s: strdup failed", __func__);
|
||||
error_f("strdup failed");
|
||||
goto fail;
|
||||
}
|
||||
/* Skip the rest if we're using the linked in middleware */
|
||||
|
@ -134,8 +134,8 @@ sshsk_open(const char *path)
|
|||
goto fail;
|
||||
}
|
||||
version = ret->sk_api_version();
|
||||
debug("%s: provider %s implements version 0x%08lx", __func__,
|
||||
ret->path, (u_long)version);
|
||||
debug_f("provider %s implements version 0x%08lx", ret->path,
|
||||
(u_long)version);
|
||||
if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {
|
||||
error("Provider \"%s\" implements unsupported "
|
||||
"version 0x%08lx (supported: 0x%08lx)",
|
||||
|
@ -200,7 +200,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
|
|||
|
||||
*keyp = NULL;
|
||||
if ((key = sshkey_new(KEY_ECDSA_SK)) == NULL) {
|
||||
error("%s: sshkey_new failed", __func__);
|
||||
error_f("sshkey_new failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -208,17 +208,17 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
|
|||
if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL ||
|
||||
(q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL ||
|
||||
(b = sshbuf_new()) == NULL) {
|
||||
error("%s: allocation failed", __func__);
|
||||
error_f("allocation failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put_string(b,
|
||||
resp->public_key, resp->public_key_len)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshbuf_put_string");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa))) != 0) {
|
||||
error("%s: parse key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
|
@ -229,7 +229,7 @@ sshsk_ecdsa_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
|
|||
}
|
||||
if (EC_KEY_set_public_key(key->ecdsa, q) != 1) {
|
||||
/* XXX assume it is a allocation error */
|
||||
error("%s: allocation failed", __func__);
|
||||
error_f("allocation failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -253,17 +253,17 @@ sshsk_ed25519_assemble(struct sk_enroll_response *resp, struct sshkey **keyp)
|
|||
|
||||
*keyp = NULL;
|
||||
if (resp->public_key_len != ED25519_PK_SZ) {
|
||||
error("%s: invalid size: %zu", __func__, resp->public_key_len);
|
||||
error_f("invalid size: %zu", resp->public_key_len);
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) {
|
||||
error("%s: sshkey_new failed", __func__);
|
||||
error_f("sshkey_new failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
|
||||
error("%s: malloc failed", __func__);
|
||||
error_f("malloc failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -288,7 +288,7 @@ sshsk_key_from_response(int alg, const char *application, uint8_t flags,
|
|||
|
||||
/* Check response validity */
|
||||
if (resp->public_key == NULL || resp->key_handle == NULL) {
|
||||
error("%s: sk_enroll response invalid", __func__);
|
||||
error_f("sk_enroll response invalid");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
|
@ -304,25 +304,25 @@ sshsk_key_from_response(int alg, const char *application, uint8_t flags,
|
|||
goto out;
|
||||
break;
|
||||
default:
|
||||
error("%s: unsupported algorithm %d", __func__, alg);
|
||||
error_f("unsupported algorithm %d", alg);
|
||||
r = SSH_ERR_INVALID_ARGUMENT;
|
||||
goto out;
|
||||
}
|
||||
key->sk_flags = flags;
|
||||
if ((key->sk_key_handle = sshbuf_new()) == NULL ||
|
||||
(key->sk_reserved = sshbuf_new()) == NULL) {
|
||||
error("%s: allocation failed", __func__);
|
||||
error_f("allocation failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((key->sk_application = strdup(application)) == NULL) {
|
||||
error("%s: strdup application failed", __func__);
|
||||
error_f("strdup application failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put(key->sk_key_handle, resp->key_handle,
|
||||
resp->key_handle_len)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "put key handle");
|
||||
goto out;
|
||||
}
|
||||
/* success */
|
||||
|
@ -374,18 +374,18 @@ sshsk_add_option(struct sk_option ***optsp, size_t *noptsp,
|
|||
|
||||
if ((opts = recallocarray(opts, nopts, nopts + 2, /* extra for NULL */
|
||||
sizeof(*opts))) == NULL) {
|
||||
error("%s: array alloc failed", __func__);
|
||||
error_f("array alloc failed");
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
}
|
||||
*optsp = opts;
|
||||
*noptsp = nopts + 1;
|
||||
if ((opts[nopts] = calloc(1, sizeof(**opts))) == NULL) {
|
||||
error("%s: alloc failed", __func__);
|
||||
error_f("alloc failed");
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
}
|
||||
if ((opts[nopts]->name = strdup(name)) == NULL ||
|
||||
(opts[nopts]->value = strdup(value)) == NULL) {
|
||||
error("%s: alloc failed", __func__);
|
||||
error_f("alloc failed");
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
}
|
||||
opts[nopts]->required = required;
|
||||
|
@ -438,7 +438,7 @@ fill_attestation_blob(const struct sk_enroll_response *resp,
|
|||
resp->authdata, resp->authdata_len)) != 0 ||
|
||||
(r = sshbuf_put_u32(attest, 0)) != 0 || /* resvd flags */
|
||||
(r = sshbuf_put_string(attest, NULL, 0)) != 0 /* resvd */) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose");
|
||||
return r;
|
||||
}
|
||||
/* success */
|
||||
|
@ -461,8 +461,8 @@ sshsk_enroll(int type, const char *provider_path, const char *device,
|
|||
int r = SSH_ERR_INTERNAL_ERROR;
|
||||
int alg;
|
||||
|
||||
debug("%s: provider \"%s\", device \"%s\", application \"%s\", "
|
||||
"userid \"%s\", flags 0x%02x, challenge len %zu%s", __func__,
|
||||
debug_f("provider \"%s\", device \"%s\", application \"%s\", "
|
||||
"userid \"%s\", flags 0x%02x, challenge len %zu%s",
|
||||
provider_path, device, application, userid, flags,
|
||||
challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf),
|
||||
(pin != NULL && *pin != '\0') ? " with-pin" : "");
|
||||
|
@ -484,22 +484,22 @@ sshsk_enroll(int type, const char *provider_path, const char *device,
|
|||
alg = SSH_SK_ED25519;
|
||||
break;
|
||||
default:
|
||||
error("%s: unsupported key type", __func__);
|
||||
error_f("unsupported key type");
|
||||
r = SSH_ERR_INVALID_ARGUMENT;
|
||||
goto out;
|
||||
}
|
||||
if (provider_path == NULL) {
|
||||
error("%s: missing provider", __func__);
|
||||
error_f("missing provider");
|
||||
r = SSH_ERR_INVALID_ARGUMENT;
|
||||
goto out;
|
||||
}
|
||||
if (application == NULL || *application == '\0') {
|
||||
error("%s: missing application", __func__);
|
||||
error_f("missing application");
|
||||
r = SSH_ERR_INVALID_ARGUMENT;
|
||||
goto out;
|
||||
}
|
||||
if (challenge_buf == NULL) {
|
||||
debug("%s: using random challenge", __func__);
|
||||
debug_f("using random challenge");
|
||||
arc4random_buf(randchall, sizeof(randchall));
|
||||
challenge = randchall;
|
||||
challenge_len = sizeof(randchall);
|
||||
|
@ -510,8 +510,7 @@ sshsk_enroll(int type, const char *provider_path, const char *device,
|
|||
} else {
|
||||
challenge = sshbuf_ptr(challenge_buf);
|
||||
challenge_len = sshbuf_len(challenge_buf);
|
||||
debug3("%s: using explicit challenge len=%zd",
|
||||
__func__, challenge_len);
|
||||
debug3_f("using explicit challenge len=%zd", challenge_len);
|
||||
}
|
||||
if ((skp = sshsk_open(provider_path)) == NULL) {
|
||||
r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
|
||||
|
@ -521,8 +520,7 @@ sshsk_enroll(int type, const char *provider_path, const char *device,
|
|||
/* enroll key */
|
||||
if ((r = skp->sk_enroll(alg, challenge, challenge_len, application,
|
||||
flags, pin, opts, &resp)) != 0) {
|
||||
debug("%s: provider \"%s\" returned failure %d", __func__,
|
||||
provider_path, r);
|
||||
debug_f("provider \"%s\" failure %d", provider_path, r);
|
||||
r = skerr_to_ssherr(r);
|
||||
goto out;
|
||||
}
|
||||
|
@ -557,7 +555,7 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
|
|||
|
||||
/* Check response validity */
|
||||
if (resp->sig_r == NULL || resp->sig_s == NULL) {
|
||||
error("%s: sk_sign response invalid", __func__);
|
||||
error_f("sk_sign response invalid");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
|
@ -570,13 +568,13 @@ sshsk_ecdsa_sig(struct sk_sign_response *resp, struct sshbuf *sig)
|
|||
resp->sig_r, resp->sig_r_len)) != 0 ||
|
||||
(r = sshbuf_put_bignum2_bytes(inner_sig,
|
||||
resp->sig_s, resp->sig_s_len)) != 0) {
|
||||
debug("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose inner");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 ||
|
||||
(r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
|
||||
(r = sshbuf_put_u32(sig, resp->counter)) != 0) {
|
||||
debug("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose");
|
||||
goto out;
|
||||
}
|
||||
#ifdef DEBUG_SK
|
||||
|
@ -601,7 +599,7 @@ sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
|
|||
|
||||
/* Check response validity */
|
||||
if (resp->sig_r == NULL) {
|
||||
error("%s: sk_sign response invalid", __func__);
|
||||
error_f("sk_sign response invalid");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
|
@ -609,7 +607,7 @@ sshsk_ed25519_sig(struct sk_sign_response *resp, struct sshbuf *sig)
|
|||
resp->sig_r, resp->sig_r_len)) != 0 ||
|
||||
(r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
|
||||
(r = sshbuf_put_u32(sig, resp->counter)) != 0) {
|
||||
debug("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose");
|
||||
goto out;
|
||||
}
|
||||
#ifdef DEBUG_SK
|
||||
|
@ -633,7 +631,7 @@ sshsk_sign(const char *provider_path, struct sshkey *key,
|
|||
struct sshbuf *inner_sig = NULL, *sig = NULL;
|
||||
struct sk_option **opts = NULL;
|
||||
|
||||
debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__,
|
||||
debug_f("provider \"%s\", key %s, flags 0x%02x%s",
|
||||
provider_path, sshkey_type(key), key->sk_flags,
|
||||
(pin != NULL && *pin != '\0') ? " with-pin" : "");
|
||||
|
||||
|
@ -668,7 +666,7 @@ sshsk_sign(const char *provider_path, struct sshkey *key,
|
|||
if ((r = skp->sk_sign(alg, data, datalen, key->sk_application,
|
||||
sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle),
|
||||
key->sk_flags, pin, opts, &resp)) != 0) {
|
||||
debug("%s: sk_sign failed with code %d", __func__, r);
|
||||
debug_f("sk_sign failed with code %d", r);
|
||||
r = skerr_to_ssherr(r);
|
||||
goto out;
|
||||
}
|
||||
|
@ -678,7 +676,7 @@ sshsk_sign(const char *provider_path, struct sshkey *key,
|
|||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0) {
|
||||
debug("%s: buffer error (outer): %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose outer");
|
||||
goto out;
|
||||
}
|
||||
switch (type) {
|
||||
|
@ -752,7 +750,7 @@ sshsk_load_resident(const char *provider_path, const char *device,
|
|||
uint8_t flags;
|
||||
struct sk_option **opts = NULL;
|
||||
|
||||
debug("%s: provider \"%s\"%s", __func__, provider_path,
|
||||
debug_f("provider \"%s\"%s", provider_path,
|
||||
(pin != NULL && *pin != '\0') ? ", have-pin": "");
|
||||
|
||||
if (keysp == NULL || nkeysp == NULL)
|
||||
|
@ -772,9 +770,8 @@ sshsk_load_resident(const char *provider_path, const char *device,
|
|||
goto out;
|
||||
}
|
||||
for (i = 0; i < nrks; i++) {
|
||||
debug3("%s: rk %zu: slot = %zu, alg = %d, application = \"%s\"",
|
||||
__func__, i, rks[i]->slot, rks[i]->alg,
|
||||
rks[i]->application);
|
||||
debug3_f("rk %zu: slot = %zu, alg = %d, application = \"%s\"",
|
||||
i, rks[i]->slot, rks[i]->alg, rks[i]->application);
|
||||
/* XXX need better filter here */
|
||||
if (strncmp(rks[i]->application, "ssh:", 4) != 0)
|
||||
continue;
|
||||
|
@ -793,7 +790,7 @@ sshsk_load_resident(const char *provider_path, const char *device,
|
|||
goto out;
|
||||
if ((tmp = recallocarray(keys, nkeys, nkeys + 1,
|
||||
sizeof(*tmp))) == NULL) {
|
||||
error("%s: recallocarray failed", __func__);
|
||||
error_f("recallocarray failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-xmss.c,v 1.2 2020/02/26 13:40:09 jsg Exp $*/
|
||||
/* $OpenBSD: ssh-xmss.c,v 1.3 2020/10/18 11:32:02 djm Exp $*/
|
||||
/*
|
||||
* Copyright (c) 2017 Stefan-Lukas Gazdag.
|
||||
* Copyright (c) 2017 Markus Friedl.
|
||||
|
@ -164,8 +164,7 @@ ssh_xmss_verify(const struct sshkey *key,
|
|||
memcpy(sm+len, data, datalen);
|
||||
if ((ret = xmss_sign_open(m, &mlen, sm, smlen,
|
||||
key->xmss_pk, sshkey_xmss_params(key))) != 0) {
|
||||
debug2("%s: crypto_sign_xmss_open failed: %d",
|
||||
__func__, ret);
|
||||
debug2_f("xmss_sign_open failed: %d", ret);
|
||||
}
|
||||
if (ret != 0 || mlen != datalen) {
|
||||
r = SSH_ERR_SIGNATURE_INVALID;
|
||||
|
|
106
ssh.c
106
ssh.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh.c,v 1.539 2020/10/16 13:26:13 djm Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.540 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -321,8 +321,8 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen)
|
|||
}
|
||||
if (cname != NULL && res->ai_canonname != NULL) {
|
||||
if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
|
||||
error("%s: host \"%s\" cname \"%s\" too long (max %lu)",
|
||||
__func__, name, res->ai_canonname, (u_long)clen);
|
||||
error_f("host \"%s\" cname \"%s\" too long (max %lu)",
|
||||
name, res->ai_canonname, (u_long)clen);
|
||||
if (clen > 0)
|
||||
*cname = '\0';
|
||||
}
|
||||
|
@ -386,29 +386,27 @@ resolve_addr(const char *name, int port, char *caddr, size_t clen)
|
|||
hints.ai_socktype = SOCK_STREAM;
|
||||
hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV;
|
||||
if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
|
||||
debug2("%s: could not resolve name %.100s as address: %s",
|
||||
__func__, name, ssh_gai_strerror(gaierr));
|
||||
debug2_f("could not resolve name %.100s as address: %s",
|
||||
name, ssh_gai_strerror(gaierr));
|
||||
return NULL;
|
||||
}
|
||||
if (res == NULL) {
|
||||
debug("%s: getaddrinfo %.100s returned no addresses",
|
||||
__func__, name);
|
||||
debug_f("getaddrinfo %.100s returned no addresses", name);
|
||||
return NULL;
|
||||
}
|
||||
if (res->ai_next != NULL) {
|
||||
debug("%s: getaddrinfo %.100s returned multiple addresses",
|
||||
__func__, name);
|
||||
debug_f("getaddrinfo %.100s returned multiple addresses", name);
|
||||
goto fail;
|
||||
}
|
||||
if ((gaierr = getnameinfo(res->ai_addr, res->ai_addrlen,
|
||||
addr, sizeof(addr), NULL, 0, NI_NUMERICHOST)) != 0) {
|
||||
debug("%s: Could not format address for name %.100s: %s",
|
||||
__func__, name, ssh_gai_strerror(gaierr));
|
||||
debug_f("Could not format address for name %.100s: %s",
|
||||
name, ssh_gai_strerror(gaierr));
|
||||
goto fail;
|
||||
}
|
||||
if (strlcpy(caddr, addr, clen) >= clen) {
|
||||
error("%s: host \"%s\" addr \"%s\" too long (max %lu)",
|
||||
__func__, name, addr, (u_long)clen);
|
||||
error_f("host \"%s\" addr \"%s\" too long (max %lu)",
|
||||
name, addr, (u_long)clen);
|
||||
if (clen > 0)
|
||||
*caddr = '\0';
|
||||
fail:
|
||||
|
@ -441,7 +439,7 @@ check_follow_cname(int direct, char **namep, const char *cname)
|
|||
if (!direct &&
|
||||
options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
|
||||
return 0;
|
||||
debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
|
||||
debug3_f("check \"%s\" CNAME \"%s\"", *namep, cname);
|
||||
for (i = 0; i < options.num_permitted_cnames; i++) {
|
||||
rule = options.permitted_cnames + i;
|
||||
if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||
|
||||
|
@ -475,10 +473,10 @@ resolve_canonicalize(char **hostp, int port)
|
|||
*/
|
||||
if ((addrs = resolve_addr(*hostp, port,
|
||||
newname, sizeof(newname))) != NULL) {
|
||||
debug2("%s: hostname %.100s is address", __func__, *hostp);
|
||||
debug2_f("hostname %.100s is address", *hostp);
|
||||
if (strcasecmp(*hostp, newname) != 0) {
|
||||
debug2("%s: canonicalised address \"%s\" => \"%s\"",
|
||||
__func__, *hostp, newname);
|
||||
debug2_f("canonicalised address \"%s\" => \"%s\"",
|
||||
*hostp, newname);
|
||||
free(*hostp);
|
||||
*hostp = xstrdup(newname);
|
||||
}
|
||||
|
@ -491,8 +489,7 @@ resolve_canonicalize(char **hostp, int port)
|
|||
* attempts at canonicalisation.
|
||||
*/
|
||||
if (is_addr_fast(*hostp)) {
|
||||
debug("%s: hostname %.100s is an unrecognised address",
|
||||
__func__, *hostp);
|
||||
debug_f("hostname %.100s is an unrecognised address", *hostp);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -511,7 +508,7 @@ resolve_canonicalize(char **hostp, int port)
|
|||
|
||||
/* If domain name is anchored, then resolve it now */
|
||||
if ((*hostp)[strlen(*hostp) - 1] == '.') {
|
||||
debug3("%s: name is fully qualified", __func__);
|
||||
debug3_f("name is fully qualified");
|
||||
fullhost = xstrdup(*hostp);
|
||||
if ((addrs = resolve_host(fullhost, port, 0,
|
||||
newname, sizeof(newname))) != NULL)
|
||||
|
@ -527,16 +524,15 @@ resolve_canonicalize(char **hostp, int port)
|
|||
ndots++;
|
||||
}
|
||||
if (ndots > options.canonicalize_max_dots) {
|
||||
debug3("%s: not canonicalizing hostname \"%s\" (max dots %d)",
|
||||
__func__, *hostp, options.canonicalize_max_dots);
|
||||
debug3_f("not canonicalizing hostname \"%s\" (max dots %d)",
|
||||
*hostp, options.canonicalize_max_dots);
|
||||
return NULL;
|
||||
}
|
||||
/* Attempt each supplied suffix */
|
||||
for (i = 0; i < options.num_canonical_domains; i++) {
|
||||
xasprintf(&fullhost, "%s.%s.", *hostp,
|
||||
options.canonical_domains[i]);
|
||||
debug3("%s: attempting \"%s\" => \"%s\"", __func__,
|
||||
*hostp, fullhost);
|
||||
debug3_f("attempting \"%s\" => \"%s\"", *hostp, fullhost);
|
||||
if ((addrs = resolve_host(fullhost, port, 0,
|
||||
newname, sizeof(newname))) == NULL) {
|
||||
free(fullhost);
|
||||
|
@ -557,7 +553,7 @@ resolve_canonicalize(char **hostp, int port)
|
|||
notfound:
|
||||
if (!options.canonicalize_fallback_local)
|
||||
fatal("%s: Could not resolve host \"%s\"", __progname, *hostp);
|
||||
debug2("%s: host %s not found in any suffix", __func__, *hostp);
|
||||
debug2_f("host %s not found in any suffix", *hostp);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -573,14 +569,14 @@ check_load(int r, const char *path, const char *message)
|
|||
break;
|
||||
case SSH_ERR_INTERNAL_ERROR:
|
||||
case SSH_ERR_ALLOC_FAIL:
|
||||
fatal("load %s \"%s\": %s", message, path, ssh_err(r));
|
||||
fatal_r(r, "load %s \"%s\"", message, path);
|
||||
case SSH_ERR_SYSTEM_ERROR:
|
||||
/* Ignore missing files */
|
||||
if (errno == ENOENT)
|
||||
break;
|
||||
/* FALLTHROUGH */
|
||||
default:
|
||||
error("load %s \"%s\": %s", message, path, ssh_err(r));
|
||||
error_r(r, "load %s \"%s\"", message, path);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -1144,8 +1140,7 @@ main(int ac, char **av)
|
|||
for (i = 0; i < ac; i++) {
|
||||
if ((r = sshbuf_putf(command, "%s%s",
|
||||
i ? " " : "", av[i])) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1406,7 +1401,7 @@ main(int ac, char **av)
|
|||
free(cp);
|
||||
if ((r = sshbuf_put(command, options.remote_command,
|
||||
strlen(options.remote_command))) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
|
||||
if (options.control_path != NULL) {
|
||||
|
@ -1572,13 +1567,13 @@ main(int ac, char **av)
|
|||
/* XXX check errors? */
|
||||
#define L_PUBKEY(p,o) do { \
|
||||
if ((o) >= sensitive_data.nkeys) \
|
||||
fatal("%s pubkey out of array bounds", __func__); \
|
||||
fatal_f("pubkey out of array bounds"); \
|
||||
check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \
|
||||
p, "pubkey"); \
|
||||
} while (0)
|
||||
#define L_CERT(p,o) do { \
|
||||
if ((o) >= sensitive_data.nkeys) \
|
||||
fatal("%s cert out of array bounds", __func__); \
|
||||
fatal_f("cert out of array bounds"); \
|
||||
check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \
|
||||
} while (0)
|
||||
|
||||
|
@ -1701,7 +1696,7 @@ control_persist_detach(void)
|
|||
{
|
||||
pid_t pid;
|
||||
|
||||
debug("%s: backgrounding master process", __func__);
|
||||
debug_f("backgrounding master process");
|
||||
|
||||
/*
|
||||
* master (current process) into the background, and make the
|
||||
|
@ -1709,13 +1704,13 @@ control_persist_detach(void)
|
|||
*/
|
||||
switch ((pid = fork())) {
|
||||
case -1:
|
||||
fatal("%s: fork: %s", __func__, strerror(errno));
|
||||
fatal_f("fork: %s", strerror(errno));
|
||||
case 0:
|
||||
/* Child: master process continues mainloop */
|
||||
break;
|
||||
default:
|
||||
/* Parent: set up mux client to connect to backgrounded master */
|
||||
debug2("%s: background process is %ld", __func__, (long)pid);
|
||||
debug2_f("background process is %ld", (long)pid);
|
||||
stdin_null_flag = ostdin_null_flag;
|
||||
options.request_tty = orequest_tty;
|
||||
tty_flag = otty_flag;
|
||||
|
@ -1727,7 +1722,7 @@ control_persist_detach(void)
|
|||
fatal("Failed to connect to new control master");
|
||||
}
|
||||
if (stdfd_devnull(1, 1, !(log_is_on_stderr() && debug_flag)) == -1)
|
||||
error("%s: stdfd_devnull failed", __func__);
|
||||
error_f("stdfd_devnull failed");
|
||||
daemon(1, 1);
|
||||
setproctitle("%s [mux]", options.control_path);
|
||||
}
|
||||
|
@ -1743,7 +1738,7 @@ fork_postauth(void)
|
|||
if (daemon(1, 1) == -1)
|
||||
fatal("daemon() failed: %.200s", strerror(errno));
|
||||
if (stdfd_devnull(1, 1, !(log_is_on_stderr() && debug_flag)) == -1)
|
||||
error("%s: stdfd_devnull failed", __func__);
|
||||
error_f("stdfd_devnull failed");
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1752,12 +1747,12 @@ forwarding_success(void)
|
|||
if (forward_confirms_pending == -1)
|
||||
return;
|
||||
if (--forward_confirms_pending == 0) {
|
||||
debug("%s: all expected forwarding replies received", __func__);
|
||||
debug_f("all expected forwarding replies received");
|
||||
if (fork_after_authentication_flag)
|
||||
fork_postauth();
|
||||
} else {
|
||||
debug2("%s: %d expected forwarding replies remaining",
|
||||
__func__, forward_confirms_pending);
|
||||
debug2_f("%d expected forwarding replies remaining",
|
||||
forward_confirms_pending);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1780,7 +1775,7 @@ ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt)
|
|||
if (rfwd->listen_path == NULL && rfwd->listen_port == 0) {
|
||||
if (type == SSH2_MSG_REQUEST_SUCCESS) {
|
||||
if ((r = sshpkt_get_u32(ssh, &port)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if (port > 65535) {
|
||||
error("Invalid allocated port %u for remote "
|
||||
"forward to %s:%d", port,
|
||||
|
@ -1846,7 +1841,7 @@ ssh_tun_confirm(struct ssh *ssh, int id, int success, void *arg)
|
|||
cleanup_exit(255);
|
||||
}
|
||||
|
||||
debug("%s: tunnel forward established, id=%d", __func__, id);
|
||||
debug_f("tunnel forward established, id=%d", id);
|
||||
forwarding_success();
|
||||
}
|
||||
|
||||
|
@ -1859,7 +1854,7 @@ ssh_init_stdio_forwarding(struct ssh *ssh)
|
|||
if (options.stdio_forward_host == NULL)
|
||||
return;
|
||||
|
||||
debug3("%s: %s:%d", __func__, options.stdio_forward_host,
|
||||
debug3_f("%s:%d", options.stdio_forward_host,
|
||||
options.stdio_forward_port);
|
||||
|
||||
if ((in = dup(STDIN_FILENO)) == -1 ||
|
||||
|
@ -1867,7 +1862,7 @@ ssh_init_stdio_forwarding(struct ssh *ssh)
|
|||
fatal("channel_connect_stdio_fwd: dup() in/out failed");
|
||||
if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
|
||||
options.stdio_forward_port, in, out)) == NULL)
|
||||
fatal("%s: channel_connect_stdio_fwd failed", __func__);
|
||||
fatal_f("channel_connect_stdio_fwd failed");
|
||||
channel_register_cleanup(ssh, c->self, client_cleanup_stdio_fwd, 0);
|
||||
channel_register_open_confirm(ssh, c->self, ssh_stdio_confirm, NULL);
|
||||
}
|
||||
|
@ -1940,7 +1935,7 @@ ssh_init_forwarding(struct ssh *ssh, char **ifname)
|
|||
error("Could not request tunnel forwarding.");
|
||||
}
|
||||
if (forward_confirms_pending > 0) {
|
||||
debug("%s: expecting replies for %d forwards", __func__,
|
||||
debug_f("expecting replies for %d forwards",
|
||||
forward_confirms_pending);
|
||||
}
|
||||
}
|
||||
|
@ -1955,8 +1950,7 @@ check_agent_present(void)
|
|||
if ((r = ssh_get_authentication_socket(NULL)) != 0) {
|
||||
options.forward_agent = 0;
|
||||
if (r != SSH_ERR_AGENT_NOT_PRESENT)
|
||||
debug("ssh_get_authentication_socket: %s",
|
||||
ssh_err(r));
|
||||
debug_r(r, "ssh_get_authentication_socket");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1993,7 +1987,7 @@ ssh_session2_setup(struct ssh *ssh, int id, int success, void *arg)
|
|||
debug("Requesting authentication agent forwarding.");
|
||||
channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0);
|
||||
if ((r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
}
|
||||
|
||||
/* Tell the packet module whether this is an interactive session. */
|
||||
|
@ -2041,7 +2035,7 @@ ssh_session2_open(struct ssh *ssh)
|
|||
window, packetmax, CHAN_EXTENDED_WRITE,
|
||||
"client-session", /*nonblock*/0);
|
||||
|
||||
debug3("%s: channel_new: %d", __func__, c->self);
|
||||
debug3_f("channel_new: %d", c->self);
|
||||
|
||||
channel_send_open(ssh, c->self);
|
||||
if (!no_shell_flag)
|
||||
|
@ -2127,7 +2121,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
|
|||
"no-more-sessions@openssh.com")) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, 0)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
}
|
||||
|
||||
/* Execute a local command */
|
||||
|
@ -2142,7 +2136,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
|
|||
* as it may want to write to stdout.
|
||||
*/
|
||||
if (!need_controlpersist_detach && stdfd_devnull(0, 1, 0) == -1)
|
||||
error("%s: stdfd_devnull failed", __func__);
|
||||
error_f("stdfd_devnull failed");
|
||||
|
||||
/*
|
||||
* If requested and we are not interested in replies to remote
|
||||
|
@ -2250,8 +2244,8 @@ load_public_identity_files(struct passwd *pw)
|
|||
continue;
|
||||
}
|
||||
if (!sshkey_is_cert(public)) {
|
||||
debug("%s: key %s type %s is not a certificate",
|
||||
__func__, cp, sshkey_type(public));
|
||||
debug_f("key %s type %s is not a certificate",
|
||||
cp, sshkey_type(public));
|
||||
sshkey_free(public);
|
||||
free(cp);
|
||||
continue;
|
||||
|
@ -2265,7 +2259,7 @@ load_public_identity_files(struct passwd *pw)
|
|||
}
|
||||
|
||||
if (options.num_certificate_files > SSH_MAX_CERTIFICATE_FILES)
|
||||
fatal("%s: too many certificates", __func__);
|
||||
fatal_f("too many certificates");
|
||||
for (i = 0; i < options.num_certificate_files; i++) {
|
||||
cp = tilde_expand_filename(options.certificate_files[i],
|
||||
getuid());
|
||||
|
@ -2284,8 +2278,8 @@ load_public_identity_files(struct passwd *pw)
|
|||
continue;
|
||||
}
|
||||
if (!sshkey_is_cert(public)) {
|
||||
debug("%s: key %s type %s is not a certificate",
|
||||
__func__, filename, sshkey_type(public));
|
||||
debug_f("key %s type %s is not a certificate",
|
||||
filename, sshkey_type(public));
|
||||
sshkey_free(public);
|
||||
free(filename);
|
||||
continue;
|
||||
|
|
20
ssh_api.c
20
ssh_api.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh_api.c,v 1.21 2020/08/27 01:06:18 djm Exp $ */
|
||||
/* $OpenBSD: ssh_api.c,v 1.22 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2012 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -356,7 +356,7 @@ _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
|
|||
if (sshbuf_len(banner) >= 4 &&
|
||||
memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0)
|
||||
break;
|
||||
debug("%s: %.*s", __func__, (int)sshbuf_len(banner),
|
||||
debug_f("%.*s", (int)sshbuf_len(banner),
|
||||
sshbuf_ptr(banner));
|
||||
/* Accept lines before banner only on client */
|
||||
if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) {
|
||||
|
@ -469,9 +469,9 @@ _ssh_host_public_key(int type, int nid, struct ssh *ssh)
|
|||
{
|
||||
struct key_entry *k;
|
||||
|
||||
debug3("%s: need %d", __func__, type);
|
||||
debug3_f("need %d", type);
|
||||
TAILQ_FOREACH(k, &ssh->public_keys, next) {
|
||||
debug3("%s: check %s", __func__, sshkey_type(k->key));
|
||||
debug3_f("check %s", sshkey_type(k->key));
|
||||
if (k->key->type == type &&
|
||||
(type != KEY_ECDSA || k->key->ecdsa_nid == nid))
|
||||
return (k->key);
|
||||
|
@ -484,9 +484,9 @@ _ssh_host_private_key(int type, int nid, struct ssh *ssh)
|
|||
{
|
||||
struct key_entry *k;
|
||||
|
||||
debug3("%s: need %d", __func__, type);
|
||||
debug3_f("need %d", type);
|
||||
TAILQ_FOREACH(k, &ssh->private_keys, next) {
|
||||
debug3("%s: check %s", __func__, sshkey_type(k->key));
|
||||
debug3_f("check %s", sshkey_type(k->key));
|
||||
if (k->key->type == type &&
|
||||
(type != KEY_ECDSA || k->key->ecdsa_nid == nid))
|
||||
return (k->key);
|
||||
|
@ -499,9 +499,9 @@ _ssh_verify_host_key(struct sshkey *hostkey, struct ssh *ssh)
|
|||
{
|
||||
struct key_entry *k;
|
||||
|
||||
debug3("%s: need %s", __func__, sshkey_type(hostkey));
|
||||
debug3_f("need %s", sshkey_type(hostkey));
|
||||
TAILQ_FOREACH(k, &ssh->public_keys, next) {
|
||||
debug3("%s: check %s", __func__, sshkey_type(k->key));
|
||||
debug3_f("check %s", sshkey_type(k->key));
|
||||
if (sshkey_equal_public(hostkey, k->key))
|
||||
return (0); /* ok */
|
||||
}
|
||||
|
@ -547,8 +547,8 @@ _ssh_order_hostkeyalgs(struct ssh *ssh)
|
|||
}
|
||||
}
|
||||
if (*replace != '\0') {
|
||||
debug2("%s: orig/%d %s", __func__, ssh->kex->server, orig);
|
||||
debug2("%s: replace/%d %s", __func__, ssh->kex->server, replace);
|
||||
debug2_f("orig/%d %s", ssh->kex->server, orig);
|
||||
debug2_f("replace/%d %s", ssh->kex->server, replace);
|
||||
free(orig);
|
||||
proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = replace;
|
||||
replace = NULL; /* owned by proposal */
|
||||
|
|
68
sshconnect.c
68
sshconnect.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshconnect.c,v 1.340 2020/10/12 08:36:37 kn Exp $ */
|
||||
/* $OpenBSD: sshconnect.c,v 1.341 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -152,7 +152,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
|
|||
*/
|
||||
if (!debug_flag && options.control_path != NULL &&
|
||||
options.control_persist && stdfd_devnull(0, 0, 1) == -1)
|
||||
error("%s: stdfd_devnull failed", __func__);
|
||||
error_f("stdfd_devnull failed");
|
||||
|
||||
argv[0] = shell;
|
||||
argv[1] = "-c";
|
||||
|
@ -235,7 +235,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
|
|||
*/
|
||||
if (!debug_flag && options.control_path != NULL &&
|
||||
options.control_persist && stdfd_devnull(0, 0, 1) == -1)
|
||||
error("%s: stdfd_devnull failed", __func__);
|
||||
error_f("stdfd_devnull failed");
|
||||
|
||||
argv[0] = shell;
|
||||
argv[1] = "-c";
|
||||
|
@ -314,8 +314,7 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
|
|||
htonl(INADDR_LOOPBACK))
|
||||
continue;
|
||||
if (*rlenp < sizeof(struct sockaddr_in)) {
|
||||
error("%s: v4 addr doesn't fit",
|
||||
__func__);
|
||||
error_f("v4 addr doesn't fit");
|
||||
return -1;
|
||||
}
|
||||
*rlenp = sizeof(struct sockaddr_in);
|
||||
|
@ -329,8 +328,7 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
|
|||
IN6_IS_ADDR_LOOPBACK(v6addr)))
|
||||
continue;
|
||||
if (*rlenp < sizeof(struct sockaddr_in6)) {
|
||||
error("%s: v6 addr doesn't fit",
|
||||
__func__);
|
||||
error_f("v6 addr doesn't fit");
|
||||
return -1;
|
||||
}
|
||||
*rlenp = sizeof(struct sockaddr_in6);
|
||||
|
@ -407,15 +405,14 @@ ssh_create_socket(struct addrinfo *ai)
|
|||
}
|
||||
if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen,
|
||||
ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST)) != 0) {
|
||||
error("%s: getnameinfo failed: %s", __func__,
|
||||
ssh_gai_strerror(r));
|
||||
error_f("getnameinfo failed: %s", ssh_gai_strerror(r));
|
||||
goto fail;
|
||||
}
|
||||
if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
|
||||
error("bind %s: %s", ntop, strerror(errno));
|
||||
goto fail;
|
||||
}
|
||||
debug("%s: bound to %s", __func__, ntop);
|
||||
debug_f("bound to %s", ntop);
|
||||
/* success */
|
||||
goto out;
|
||||
fail:
|
||||
|
@ -450,7 +447,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
|
|||
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
|
||||
struct addrinfo *ai;
|
||||
|
||||
debug2("%s", __func__);
|
||||
debug3_f("entering");
|
||||
memset(ntop, 0, sizeof(ntop));
|
||||
memset(strport, 0, sizeof(strport));
|
||||
|
||||
|
@ -474,7 +471,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
|
|||
ntop, sizeof(ntop), strport, sizeof(strport),
|
||||
NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
|
||||
oerrno = errno;
|
||||
error("%s: getnameinfo failed", __func__);
|
||||
error_f("getnameinfo failed");
|
||||
errno = oerrno;
|
||||
continue;
|
||||
}
|
||||
|
@ -545,7 +542,7 @@ ssh_connect(struct ssh *ssh, const char *host, const char *host_arg,
|
|||
(out = dup(STDOUT_FILENO)) == -1) {
|
||||
if (in >= 0)
|
||||
close(in);
|
||||
error("%s: dup() in/out failed", __func__);
|
||||
error_f("dup() in/out failed");
|
||||
return -1; /* ssh_packet_set_connection logs error */
|
||||
}
|
||||
if ((ssh_packet_set_connection(ssh, in, out)) == NULL)
|
||||
|
@ -604,16 +601,15 @@ check_host_cert(const char *host, const struct sshkey *key)
|
|||
}
|
||||
if ((r = sshkey_check_cert_sigtype(key,
|
||||
options.ca_sign_algorithms)) != 0) {
|
||||
logit("%s: certificate signature algorithm %s: %s", __func__,
|
||||
logit_fr(r, "certificate signature algorithm %s",
|
||||
(key->cert == NULL || key->cert->signature_type == NULL) ?
|
||||
"(null)" : key->cert->signature_type, ssh_err(r));
|
||||
"(null)" : key->cert->signature_type);
|
||||
return 0;
|
||||
}
|
||||
/* Do not attempt hostkey update if a certificate was successful */
|
||||
if (options.update_hostkeys != 0) {
|
||||
options.update_hostkeys = 0;
|
||||
debug3("%s: certificate host key in use; disabling "
|
||||
"UpdateHostkeys", __func__);
|
||||
debug3_f("certificate host key in use; disabling UpdateHostkeys");
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
@ -667,7 +663,7 @@ get_hostfile_hostname_ipaddr(char *hostname, struct sockaddr *hostaddr,
|
|||
if (options.proxy_command == NULL) {
|
||||
if (getnameinfo(hostaddr, addrlen,
|
||||
ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0)
|
||||
fatal("%s: getnameinfo failed", __func__);
|
||||
fatal_f("getnameinfo failed");
|
||||
*hostfile_ipaddr = put_host_port(ntop, port);
|
||||
} else {
|
||||
*hostfile_ipaddr = xstrdup("<no hostip for proxy "
|
||||
|
@ -823,8 +819,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
|
|||
path_in_hostfiles(ip_found->file,
|
||||
system_hostfiles, num_system_hostfiles)))) {
|
||||
options.update_hostkeys = 0;
|
||||
debug3("%s: host key found in GlobalKnownHostsFile; "
|
||||
"disabling UpdateHostkeys", __func__);
|
||||
debug3_f("host key found in GlobalKnownHostsFile; "
|
||||
"disabling UpdateHostkeys");
|
||||
}
|
||||
if (options.check_host_ip && ip_status == HOST_NEW) {
|
||||
if (readonly || want_cert)
|
||||
|
@ -847,7 +843,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
|
|||
ra = sshkey_fingerprint(host_key,
|
||||
options.fingerprint_hash, SSH_FP_RANDOMART);
|
||||
if (fp == NULL || ra == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
logit("Host key fingerprint is %s\n%s", fp, ra);
|
||||
free(ra);
|
||||
free(fp);
|
||||
|
@ -894,7 +890,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
|
|||
ra = sshkey_fingerprint(host_key,
|
||||
options.fingerprint_hash, SSH_FP_RANDOMART);
|
||||
if (fp == NULL || ra == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint failed");
|
||||
msg2[0] = '\0';
|
||||
if (options.verify_host_key_dns) {
|
||||
if (matching_host_key_dns)
|
||||
|
@ -1131,8 +1127,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
|
|||
}
|
||||
|
||||
if (!hostkey_trusted && options.update_hostkeys) {
|
||||
debug("%s: hostkey not known or explicitly trusted: "
|
||||
"disabling UpdateHostkeys", __func__);
|
||||
debug_f("hostkey not known or explicitly trusted: "
|
||||
"disabling UpdateHostkeys");
|
||||
options.update_hostkeys = 0;
|
||||
}
|
||||
|
||||
|
@ -1152,10 +1148,9 @@ fail:
|
|||
*/
|
||||
debug("No matching CA found. Retry with plain key");
|
||||
if ((r = sshkey_from_private(host_key, &raw_key)) != 0)
|
||||
fatal("%s: sshkey_from_private: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "decode key");
|
||||
if ((r = sshkey_drop_cert(raw_key)) != 0)
|
||||
fatal("Couldn't drop certificate: %s", ssh_err(r));
|
||||
fatal_r(r, "Couldn't drop certificate");
|
||||
host_key = raw_key;
|
||||
goto retry;
|
||||
}
|
||||
|
@ -1180,7 +1175,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
|
|||
|
||||
if ((fp = sshkey_fingerprint(host_key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: fingerprint host key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "fingerprint host key");
|
||||
r = -1;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1188,8 +1183,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
|
|||
if (sshkey_is_cert(host_key)) {
|
||||
if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: fingerprint CA key: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "fingerprint CA key");
|
||||
r = -1;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1211,8 +1205,8 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
|
|||
}
|
||||
|
||||
if (sshkey_equal(previous_host_key, host_key)) {
|
||||
debug2("%s: server host key %s %s matches cached key",
|
||||
__func__, sshkey_type(host_key), fp);
|
||||
debug2_f("server host key %s %s matches cached key",
|
||||
sshkey_type(host_key), fp);
|
||||
r = 0;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1230,9 +1224,9 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
|
|||
r = -1;
|
||||
goto out;
|
||||
default:
|
||||
error("Error checking host key %s %s in "
|
||||
"revoked keys file %s: %s", sshkey_type(host_key),
|
||||
fp, options.revoked_host_keys, ssh_err(r));
|
||||
error_r(r, "Error checking host key %s %s in "
|
||||
"revoked keys file %s", sshkey_type(host_key),
|
||||
fp, options.revoked_host_keys);
|
||||
r = -1;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1347,7 +1341,7 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
|
|||
ra = sshkey_fingerprint(found->key,
|
||||
options.fingerprint_hash, SSH_FP_RANDOMART);
|
||||
if (fp == NULL || ra == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
logit("WARNING: %s key found for host %s\n"
|
||||
"in %s:%lu\n"
|
||||
"%s key fingerprint %s.",
|
||||
|
@ -1371,7 +1365,7 @@ warn_changed_key(struct sshkey *host_key)
|
|||
fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT);
|
||||
if (fp == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
|
||||
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
|
||||
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
|
||||
|
|
218
sshconnect2.c
218
sshconnect2.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshconnect2.c,v 1.330 2020/10/16 02:37:12 djm Exp $ */
|
||||
/* $OpenBSD: sshconnect2.c,v 1.331 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||
|
@ -143,8 +143,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
|
|||
if (lookup_key_in_hostkeys_by_type(hostkeys,
|
||||
sshkey_type_plain(sshkey_type_from_name(best)),
|
||||
sshkey_ecdsa_nid_from_name(best), NULL)) {
|
||||
debug3("%s: have matching best-preference key type %s, "
|
||||
"using HostkeyAlgorithms verbatim", __func__, best);
|
||||
debug3_f("have matching best-preference key type %s, "
|
||||
"using HostkeyAlgorithms verbatim", best);
|
||||
ret = xstrdup(options.hostkeyalgorithms);
|
||||
goto out;
|
||||
}
|
||||
|
@ -168,7 +168,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
|
|||
|
||||
while ((alg = strsep(&avail, ",")) && *alg != '\0') {
|
||||
if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
|
||||
fatal("%s: unknown alg %s", __func__, alg);
|
||||
fatal_f("unknown alg %s", alg);
|
||||
/*
|
||||
* If we have a @cert-authority marker in known_hosts then
|
||||
* prefer all certificate algorithms.
|
||||
|
@ -192,7 +192,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
|
|||
xasprintf(&ret, "%s%s%s", first,
|
||||
(*first == '\0' || *last == '\0') ? "" : ",", last);
|
||||
if (*first != '\0')
|
||||
debug3("%s: prefer hostkeyalgs: %s", __func__, first);
|
||||
debug3_f("prefer hostkeyalgs: %s", first);
|
||||
|
||||
out:
|
||||
free(best);
|
||||
|
@ -229,11 +229,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
|
|||
all_key = sshkey_alg_list(0, 0, 1, ',');
|
||||
if (kex_assemble_names(&options.hostkeyalgorithms,
|
||||
kex_default_pk_alg(), all_key) != 0)
|
||||
fatal("%s: kex_assemble_namelist", __func__);
|
||||
fatal_f("kex_assemble_namelist");
|
||||
free(all_key);
|
||||
|
||||
if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
|
||||
fatal("%s: kex_names_cat", __func__);
|
||||
fatal_f("kex_names_cat");
|
||||
myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
|
||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||
compat_cipher_proposal(options.ciphers);
|
||||
|
@ -261,7 +261,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
|
|||
|
||||
/* start key exchange */
|
||||
if ((r = kex_setup(ssh, myproposal)) != 0)
|
||||
fatal("kex_setup: %s", ssh_err(r));
|
||||
fatal_r(r, "kex_setup");
|
||||
#ifdef WITH_OPENSSL
|
||||
ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
|
||||
ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
|
||||
|
@ -284,7 +284,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
|
|||
myproposal[PROPOSAL_KEX_ALGS] =
|
||||
compat_kex_proposal(options.kex_algorithms);
|
||||
if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
|
||||
fatal("kex_prop2buf: %s", ssh_err(r));
|
||||
fatal_r(r, "kex_prop2buf");
|
||||
|
||||
session_id2 = ssh->kex->session_id;
|
||||
session_id2_len = ssh->kex->session_id_len;
|
||||
|
@ -295,7 +295,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
|
|||
(r = sshpkt_put_cstring(ssh, "markus")) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -463,14 +463,13 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
|
|||
authctxt.agent_fd = -1;
|
||||
pubkey_prepare(&authctxt);
|
||||
if (authctxt.method == NULL) {
|
||||
fatal("%s: internal error: cannot send userauth none request",
|
||||
__func__);
|
||||
fatal_f("internal error: cannot send userauth none request");
|
||||
}
|
||||
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
ssh->authctxt = &authctxt;
|
||||
ssh_dispatch_init(ssh, &input_userauth_error);
|
||||
|
@ -568,7 +567,7 @@ userauth(struct ssh *ssh, char *authlist)
|
|||
static int
|
||||
input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
|
||||
{
|
||||
fatal("%s: bad message during authentication: type %d", __func__, type);
|
||||
fatal_f("bad message during authentication: type %d", type);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -580,7 +579,7 @@ input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
|
|||
size_t len;
|
||||
int r;
|
||||
|
||||
debug3("%s", __func__);
|
||||
debug3_f("entering");
|
||||
if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0)
|
||||
goto out;
|
||||
|
@ -599,7 +598,7 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
|
|||
Authctxt *authctxt = ssh->authctxt;
|
||||
|
||||
if (authctxt == NULL)
|
||||
fatal("%s: no authentication context", __func__);
|
||||
fatal_f("no authentication context");
|
||||
free(authctxt->authlist);
|
||||
authctxt->authlist = NULL;
|
||||
if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
|
||||
|
@ -617,7 +616,7 @@ input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
|
|||
Authctxt *authctxt = ssh->authctxt;
|
||||
|
||||
if (authctxt == NULL)
|
||||
fatal("%s: no authentication context", __func__);
|
||||
fatal_f("no authentication context");
|
||||
|
||||
fatal("Unexpected authentication success during %s.",
|
||||
authctxt->method->name);
|
||||
|
@ -707,11 +706,11 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
|
|||
goto done;
|
||||
|
||||
if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) {
|
||||
debug("%s: server sent unknown pkalg %s", __func__, pkalg);
|
||||
debug_f("server sent unknown pkalg %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
|
||||
debug("no key from blob. pkalg %s: %s", pkalg, ssh_err(r));
|
||||
debug_r(r, "no key from blob. pkalg %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if (key->type != pktype) {
|
||||
|
@ -735,7 +734,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
|
|||
if (!found || id == NULL) {
|
||||
fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT);
|
||||
error("%s: server replied with unknown key: %s %s", __func__,
|
||||
error_f("server replied with unknown key: %s %s",
|
||||
sshkey_type(key), fp == NULL ? "<ERROR>" : fp);
|
||||
goto done;
|
||||
}
|
||||
|
@ -801,7 +800,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
(r = sshpkt_put_u8(ssh, mech->length)) != 0 ||
|
||||
(r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
|
||||
|
@ -849,7 +848,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
|
|||
(r = sshpkt_put_string(ssh, send_tok.value,
|
||||
send_tok.length)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send %u packet", type);
|
||||
|
||||
gss_release_buffer(&ms, &send_tok);
|
||||
}
|
||||
|
@ -860,17 +859,17 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
|
|||
if ((r = sshpkt_start(ssh,
|
||||
SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send completion");
|
||||
} else {
|
||||
struct sshbuf *b;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
ssh_gssapi_buildmic(b, authctxt->server_user,
|
||||
authctxt->service, "gssapi-with-mic");
|
||||
|
||||
if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
|
||||
fatal("%s: sshbuf_mutable_ptr failed", __func__);
|
||||
fatal_f("sshbuf_mutable_ptr failed");
|
||||
gssbuf.length = sshbuf_len(b);
|
||||
|
||||
status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
|
||||
|
@ -881,7 +880,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
|
|||
(r = sshpkt_put_string(ssh, mic.value,
|
||||
mic.length)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send MIC");
|
||||
}
|
||||
|
||||
sshbuf_free(b);
|
||||
|
@ -1039,7 +1038,7 @@ userauth_none(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -1068,7 +1067,7 @@ userauth_passwd(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, password)) != 0 ||
|
||||
(r = sshpkt_add_padding(ssh, 64)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
free(prompt);
|
||||
if (password != NULL)
|
||||
|
@ -1235,8 +1234,8 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
|
|||
if ((prv = load_identity_file(id)) == NULL)
|
||||
return SSH_ERR_KEY_NOT_FOUND;
|
||||
if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
|
||||
error("%s: private key %s contents do not match public",
|
||||
__func__, id->filename);
|
||||
error_f("private key %s contents do not match public",
|
||||
id->filename);
|
||||
r = SSH_ERR_KEY_NOT_FOUND;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1253,7 +1252,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
|
|||
if ((fp = sshkey_fingerprint(sign_key,
|
||||
options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: fingerprint", __func__);
|
||||
fatal_f("fingerprint failed");
|
||||
notifier = notify_start(options.batch_mode,
|
||||
"Confirm user presence for key %s %s",
|
||||
sshkey_type(sign_key), fp);
|
||||
|
@ -1263,7 +1262,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
|
|||
}
|
||||
if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
|
||||
alg, options.sk_provider, pin, compat)) != 0) {
|
||||
debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
|
||||
debug_fr(r, "sshkey_sign");
|
||||
goto out;
|
||||
}
|
||||
/*
|
||||
|
@ -1271,7 +1270,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
|
|||
* so check what we get back.
|
||||
*/
|
||||
if ((r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) {
|
||||
debug("%s: sshkey_check_sigtype: %s", __func__, ssh_err(r));
|
||||
debug_fr(r, "sshkey_check_sigtype");
|
||||
goto out;
|
||||
}
|
||||
/* success */
|
||||
|
@ -1320,7 +1319,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
|
|||
SSH_FP_DEFAULT)) == NULL)
|
||||
return 0;
|
||||
|
||||
debug3("%s: %s %s", __func__, sshkey_type(id->key), fp);
|
||||
debug3_f("%s %s", sshkey_type(id->key), fp);
|
||||
|
||||
/*
|
||||
* If the key is an certificate, try to find a matching private key
|
||||
|
@ -1357,12 +1356,12 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
|
|||
}
|
||||
}
|
||||
if (sign_id != NULL) {
|
||||
debug2("%s: using private key \"%s\"%s for "
|
||||
"certificate", __func__, id->filename,
|
||||
debug2_f("using private key \"%s\"%s for "
|
||||
"certificate", id->filename,
|
||||
id->agent_fd != -1 ? " from agent" : "");
|
||||
} else {
|
||||
debug("%s: no separate private key for certificate "
|
||||
"\"%s\"", __func__, id->filename);
|
||||
debug_f("no separate private key for certificate "
|
||||
"\"%s\"", id->filename);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1380,26 +1379,22 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
|
|||
signature = NULL;
|
||||
if ((alg = key_sig_algorithm(fallback_sigtype ? NULL : ssh,
|
||||
id->key)) == NULL) {
|
||||
error("%s: no mutual signature supported", __func__);
|
||||
error_f("no mutual signature supported");
|
||||
goto out;
|
||||
}
|
||||
debug3("%s: signing using %s %s", __func__, alg, fp);
|
||||
debug3_f("signing using %s %s", alg, fp);
|
||||
|
||||
sshbuf_free(b);
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (datafellows & SSH_OLD_SESSIONID) {
|
||||
if ((r = sshbuf_put(b, session_id2,
|
||||
session_id2_len)) != 0) {
|
||||
fatal("%s: sshbuf_put: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
session_id2_len)) != 0)
|
||||
fatal_fr(r, "sshbuf_put");
|
||||
} else {
|
||||
if ((r = sshbuf_put_string(b, session_id2,
|
||||
session_id2_len)) != 0) {
|
||||
fatal("%s: sshbuf_put_string: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
session_id2_len)) != 0)
|
||||
fatal_fr(r, "sshbuf_put_string");
|
||||
}
|
||||
skip = sshbuf_len(b);
|
||||
if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
|
||||
|
@ -1409,8 +1404,7 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
|
|||
(r = sshbuf_put_u8(b, 1)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, alg)) != 0 ||
|
||||
(r = sshkey_puts(id->key, b)) != 0) {
|
||||
fatal("%s: assemble signed data: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble signed data");
|
||||
}
|
||||
|
||||
/* generate signature */
|
||||
|
@ -1430,30 +1424,30 @@ sign_and_send_pubkey(struct ssh *ssh, Identity *id)
|
|||
loc, sshkey_type(id->key), fp);
|
||||
continue;
|
||||
}
|
||||
error("%s: signing failed for %s \"%s\"%s: %s", __func__,
|
||||
error_fr(r, "signing failed for %s \"%s\"%s",
|
||||
sshkey_type(sign_id->key), sign_id->filename,
|
||||
id->agent_fd != -1 ? " from agent" : "", ssh_err(r));
|
||||
id->agent_fd != -1 ? " from agent" : "");
|
||||
goto out;
|
||||
}
|
||||
if (slen == 0 || signature == NULL) /* shouldn't happen */
|
||||
fatal("%s: no signature", __func__);
|
||||
fatal_f("no signature");
|
||||
|
||||
/* append signature */
|
||||
if ((r = sshbuf_put_string(b, signature, slen)) != 0)
|
||||
fatal("%s: append signature: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append signature");
|
||||
|
||||
#ifdef DEBUG_PK
|
||||
sshbuf_dump(b, stderr);
|
||||
#endif
|
||||
/* skip session id and packet type */
|
||||
if ((r = sshbuf_consume(b, skip + 1)) != 0)
|
||||
fatal("%s: consume: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "consume");
|
||||
|
||||
/* put remaining data from buffer into packet */
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
|
||||
(r = sshpkt_putb(ssh, b)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: enqueue request: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "enqueue request");
|
||||
|
||||
/* success */
|
||||
sent = 1;
|
||||
|
@ -1477,13 +1471,13 @@ send_pubkey_test(struct ssh *ssh, Identity *id)
|
|||
int sent = 0, r;
|
||||
|
||||
if ((alg = key_sig_algorithm(ssh, id->key)) == NULL) {
|
||||
debug("%s: no mutual signature algorithm", __func__);
|
||||
debug_f("no mutual signature algorithm");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((r = sshkey_to_blob(id->key, &blob, &bloblen)) != 0) {
|
||||
/* we cannot handle this key */
|
||||
debug3("%s: cannot handle key", __func__);
|
||||
debug3_f("cannot handle key");
|
||||
goto out;
|
||||
}
|
||||
/* register callback for USERAUTH_PK_OK message */
|
||||
|
@ -1497,7 +1491,7 @@ send_pubkey_test(struct ssh *ssh, Identity *id)
|
|||
(r = sshpkt_put_cstring(ssh, alg)) != 0 ||
|
||||
(r = sshpkt_put_string(ssh, blob, bloblen)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
sent = 1;
|
||||
|
||||
out:
|
||||
|
@ -1547,14 +1541,13 @@ load_identity_file(Identity *id)
|
|||
break;
|
||||
case SSH_ERR_SYSTEM_ERROR:
|
||||
if (errno == ENOENT) {
|
||||
debug2("Load key \"%s\": %s",
|
||||
id->filename, ssh_err(r));
|
||||
debug2_r(r, "Load key \"%s\"", id->filename);
|
||||
quit = 1;
|
||||
break;
|
||||
}
|
||||
/* FALLTHROUGH */
|
||||
default:
|
||||
error("Load key \"%s\": %s", id->filename, ssh_err(r));
|
||||
error_r(r, "Load key \"%s\"", id->filename);
|
||||
quit = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -1638,15 +1631,14 @@ pubkey_prepare(Authctxt *authctxt)
|
|||
key = options.identity_keys[i];
|
||||
if (key && key->cert &&
|
||||
key->cert->type != SSH2_CERT_TYPE_USER) {
|
||||
debug("%s: ignoring certificate %s: not a user "
|
||||
"certificate", __func__,
|
||||
options.identity_files[i]);
|
||||
debug_f("ignoring certificate %s: not a user "
|
||||
"certificate", options.identity_files[i]);
|
||||
continue;
|
||||
}
|
||||
if (key && sshkey_is_sk(key) && options.sk_provider == NULL) {
|
||||
debug("%s: ignoring authenticator-hosted key %s as no "
|
||||
debug_f("ignoring authenticator-hosted key %s as no "
|
||||
"SecurityKeyProvider has been specified",
|
||||
__func__, options.identity_files[i]);
|
||||
options.identity_files[i]);
|
||||
continue;
|
||||
}
|
||||
options.identity_keys[i] = NULL;
|
||||
|
@ -1662,16 +1654,15 @@ pubkey_prepare(Authctxt *authctxt)
|
|||
key = options.certificates[i];
|
||||
if (!sshkey_is_cert(key) || key->cert == NULL ||
|
||||
key->cert->type != SSH2_CERT_TYPE_USER) {
|
||||
debug("%s: ignoring certificate %s: not a user "
|
||||
"certificate", __func__,
|
||||
options.identity_files[i]);
|
||||
debug_f("ignoring certificate %s: not a user "
|
||||
"certificate", options.identity_files[i]);
|
||||
continue;
|
||||
}
|
||||
if (key && sshkey_is_sk(key) && options.sk_provider == NULL) {
|
||||
debug("%s: ignoring authenticator-hosted key "
|
||||
debug_f("ignoring authenticator-hosted key "
|
||||
"certificate %s as no "
|
||||
"SecurityKeyProvider has been specified",
|
||||
__func__, options.identity_files[i]);
|
||||
options.identity_files[i]);
|
||||
continue;
|
||||
}
|
||||
id = xcalloc(1, sizeof(*id));
|
||||
|
@ -1684,12 +1675,10 @@ pubkey_prepare(Authctxt *authctxt)
|
|||
/* list of keys supported by the agent */
|
||||
if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) {
|
||||
if (r != SSH_ERR_AGENT_NOT_PRESENT)
|
||||
debug("%s: ssh_get_authentication_socket: %s",
|
||||
__func__, ssh_err(r));
|
||||
debug_fr(r, "ssh_get_authentication_socket");
|
||||
} else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
|
||||
if (r != SSH_ERR_AGENT_NO_IDENTITIES)
|
||||
debug("%s: ssh_fetch_identitylist: %s",
|
||||
__func__, ssh_err(r));
|
||||
debug_fr(r, "ssh_fetch_identitylist");
|
||||
close(agent_fd);
|
||||
} else {
|
||||
for (j = 0; j < idlist->nkeys; j++) {
|
||||
|
@ -1766,7 +1755,7 @@ pubkey_prepare(Authctxt *authctxt)
|
|||
debug("Will attempt key: %s", ident);
|
||||
free(ident);
|
||||
}
|
||||
debug2("%s: done", __func__);
|
||||
debug2_f("done");
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1883,7 +1872,7 @@ userauth_kbdint(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, options.kbd_interactive_devices ?
|
||||
options.kbd_interactive_devices : "")) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
|
||||
return 1;
|
||||
|
@ -1973,46 +1962,46 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
|
|||
*lenp = 0;
|
||||
|
||||
if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
|
||||
error("%s: not installed: %s", __func__, strerror(errno));
|
||||
error_f("not installed: %s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if (fflush(stdout) != 0) {
|
||||
error("%s: fflush: %s", __func__, strerror(errno));
|
||||
error_f("fflush: %s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if (pipe(to) == -1) {
|
||||
error("%s: pipe: %s", __func__, strerror(errno));
|
||||
error_f("pipe: %s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if (pipe(from) == -1) {
|
||||
error("%s: pipe: %s", __func__, strerror(errno));
|
||||
error_f("pipe: %s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if ((pid = fork()) == -1) {
|
||||
error("%s: fork: %s", __func__, strerror(errno));
|
||||
error_f("fork: %s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
osigchld = ssh_signal(SIGCHLD, SIG_DFL);
|
||||
if (pid == 0) {
|
||||
close(from[0]);
|
||||
if (dup2(from[1], STDOUT_FILENO) == -1)
|
||||
fatal("%s: dup2: %s", __func__, strerror(errno));
|
||||
fatal_f("dup2: %s", strerror(errno));
|
||||
close(to[1]);
|
||||
if (dup2(to[0], STDIN_FILENO) == -1)
|
||||
fatal("%s: dup2: %s", __func__, strerror(errno));
|
||||
fatal_f("dup2: %s", strerror(errno));
|
||||
close(from[1]);
|
||||
close(to[0]);
|
||||
|
||||
if (dup2(sock, STDERR_FILENO + 1) == -1)
|
||||
fatal("%s: dup2: %s", __func__, strerror(errno));
|
||||
fatal_f("dup2: %s", strerror(errno));
|
||||
sock = STDERR_FILENO + 1;
|
||||
fcntl(sock, F_SETFD, 0); /* keep the socket on exec */
|
||||
closefrom(sock + 1);
|
||||
|
||||
debug3("%s: [child] pid=%ld, exec %s",
|
||||
__func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
|
||||
debug3_f("[child] pid=%ld, exec %s",
|
||||
(long)getpid(), _PATH_SSH_KEY_SIGN);
|
||||
execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
|
||||
fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN,
|
||||
fatal_f("exec(%s): %s", _PATH_SSH_KEY_SIGN,
|
||||
strerror(errno));
|
||||
}
|
||||
close(from[1]);
|
||||
|
@ -2020,49 +2009,47 @@ ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
|
|||
sock = STDERR_FILENO + 1;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
/* send # of sock, data to be signed */
|
||||
if ((r = sshbuf_put_u32(b, sock)) != 0 ||
|
||||
(r = sshbuf_put_string(b, data, datalen)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
if (ssh_msg_send(to[1], version, b) == -1)
|
||||
fatal("%s: couldn't send request", __func__);
|
||||
fatal_f("couldn't send request");
|
||||
sshbuf_reset(b);
|
||||
r = ssh_msg_recv(from[0], b);
|
||||
close(from[0]);
|
||||
close(to[1]);
|
||||
if (r < 0) {
|
||||
error("%s: no reply", __func__);
|
||||
error_f("no reply");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
errno = 0;
|
||||
while (waitpid(pid, &status, 0) == -1) {
|
||||
if (errno != EINTR) {
|
||||
error("%s: waitpid %ld: %s",
|
||||
__func__, (long)pid, strerror(errno));
|
||||
error_f("waitpid %ld: %s", (long)pid, strerror(errno));
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
if (!WIFEXITED(status)) {
|
||||
error("%s: exited abnormally", __func__);
|
||||
error_f("exited abnormally");
|
||||
goto fail;
|
||||
}
|
||||
if (WEXITSTATUS(status) != 0) {
|
||||
error("%s: exited with status %d",
|
||||
__func__, WEXITSTATUS(status));
|
||||
error_f("exited with status %d", WEXITSTATUS(status));
|
||||
goto fail;
|
||||
}
|
||||
if ((r = sshbuf_get_u8(b, &rversion)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "buffer error");
|
||||
goto fail;
|
||||
}
|
||||
if (rversion != version) {
|
||||
error("%s: bad version", __func__);
|
||||
error_f("bad version");
|
||||
goto fail;
|
||||
}
|
||||
if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "buffer error");
|
||||
fail:
|
||||
ssh_signal(SIGCHLD, osigchld);
|
||||
sshbuf_free(b);
|
||||
|
@ -2100,8 +2087,7 @@ userauth_hostbased(struct ssh *ssh)
|
|||
if (authctxt->active_ktype == NULL ||
|
||||
*authctxt->active_ktype == '\0')
|
||||
break;
|
||||
debug3("%s: trying key type %s", __func__,
|
||||
authctxt->active_ktype);
|
||||
debug3_f("trying key type %s", authctxt->active_ktype);
|
||||
|
||||
/* check for a useful key */
|
||||
private = NULL;
|
||||
|
@ -2134,30 +2120,29 @@ userauth_hostbased(struct ssh *ssh)
|
|||
|
||||
if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
debug("%s: trying hostkey %s %s",
|
||||
__func__, sshkey_ssh_name(private), fp);
|
||||
debug_f("trying hostkey %s %s", sshkey_ssh_name(private), fp);
|
||||
|
||||
/* figure out a name for the client host */
|
||||
lname = get_local_name(ssh_packet_get_connection_in(ssh));
|
||||
if (lname == NULL) {
|
||||
error("%s: cannot get local ipaddr/name", __func__);
|
||||
error_f("cannot get local ipaddr/name");
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* XXX sshbuf_put_stringf? */
|
||||
xasprintf(&chost, "%s.", lname);
|
||||
debug2("%s: chost %s", __func__, chost);
|
||||
debug2_f("chost %s", chost);
|
||||
|
||||
/* construct data */
|
||||
if ((b = sshbuf_new()) == NULL) {
|
||||
error("%s: sshbuf_new failed", __func__);
|
||||
error_f("sshbuf_new failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_blob(private, &keyblob, &keylen)) != 0) {
|
||||
error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_blob");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
|
||||
|
@ -2169,7 +2154,7 @@ userauth_hostbased(struct ssh *ssh)
|
|||
(r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, chost)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) {
|
||||
error("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "buffer error");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -2192,7 +2177,7 @@ userauth_hostbased(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 ||
|
||||
(r = sshpkt_put_string(ssh, sig, siglen)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0) {
|
||||
error("%s: packet error: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "packet error");
|
||||
goto out;
|
||||
}
|
||||
success = 1;
|
||||
|
@ -2301,17 +2286,16 @@ authmethods_get(void)
|
|||
int r;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
for (method = authmethods; method->name != NULL; method++) {
|
||||
if (authmethod_is_enabled(method)) {
|
||||
if ((r = sshbuf_putf(b, "%s%s",
|
||||
sshbuf_len(b) ? "," : "", method->name)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
}
|
||||
if ((list = sshbuf_dup_string(b)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
sshbuf_free(b);
|
||||
return list;
|
||||
}
|
||||
|
|
151
sshd.c
151
sshd.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshd.c,v 1.563 2020/10/16 13:26:13 djm Exp $ */
|
||||
/* $OpenBSD: sshd.c,v 1.564 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -410,9 +410,8 @@ demote_sensitive_data(void)
|
|||
if (sensitive_data.host_keys[i]) {
|
||||
if ((r = sshkey_from_private(
|
||||
sensitive_data.host_keys[i], &tmp)) != 0)
|
||||
fatal("could not demote host %s key: %s",
|
||||
sshkey_type(sensitive_data.host_keys[i]),
|
||||
ssh_err(r));
|
||||
fatal_r(r, "could not demote host %s key",
|
||||
sshkey_type(sensitive_data.host_keys[i]));
|
||||
sshkey_free(sensitive_data.host_keys[i]);
|
||||
sensitive_data.host_keys[i] = tmp;
|
||||
}
|
||||
|
@ -502,8 +501,7 @@ privsep_preauth(struct ssh *ssh)
|
|||
if (have_agent) {
|
||||
r = ssh_get_authentication_socket(&auth_sock);
|
||||
if (r != 0) {
|
||||
error("Could not get agent socket: %s",
|
||||
ssh_err(r));
|
||||
error_r(r, "Could not get agent socket");
|
||||
have_agent = 0;
|
||||
}
|
||||
}
|
||||
|
@ -516,17 +514,17 @@ privsep_preauth(struct ssh *ssh)
|
|||
if (errno == EINTR)
|
||||
continue;
|
||||
pmonitor->m_pid = -1;
|
||||
fatal("%s: waitpid: %s", __func__, strerror(errno));
|
||||
fatal_f("waitpid: %s", strerror(errno));
|
||||
}
|
||||
privsep_is_preauth = 0;
|
||||
pmonitor->m_pid = -1;
|
||||
if (WIFEXITED(status)) {
|
||||
if (WEXITSTATUS(status) != 0)
|
||||
fatal("%s: preauth child exited with status %d",
|
||||
__func__, WEXITSTATUS(status));
|
||||
fatal_f("preauth child exited with status %d",
|
||||
WEXITSTATUS(status));
|
||||
} else if (WIFSIGNALED(status))
|
||||
fatal("%s: preauth child terminated by signal %d",
|
||||
__func__, WTERMSIG(status));
|
||||
fatal_f("preauth child terminated by signal %d",
|
||||
WTERMSIG(status));
|
||||
if (box != NULL)
|
||||
ssh_sandbox_parent_finish(box);
|
||||
return 1;
|
||||
|
@ -606,12 +604,11 @@ append_hostkey_type(struct sshbuf *b, const char *s)
|
|||
int r;
|
||||
|
||||
if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) {
|
||||
debug3("%s: %s key not permitted by HostkeyAlgorithms",
|
||||
__func__, s);
|
||||
debug3_f("%s key not permitted by HostkeyAlgorithms", s);
|
||||
return;
|
||||
}
|
||||
if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0)
|
||||
fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
}
|
||||
|
||||
static char *
|
||||
|
@ -623,7 +620,7 @@ list_hostkey_types(void)
|
|||
u_int i;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
key = sensitive_data.host_keys[i];
|
||||
if (key == NULL)
|
||||
|
@ -668,9 +665,9 @@ list_hostkey_types(void)
|
|||
}
|
||||
}
|
||||
if ((ret = sshbuf_dup_string(b)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
sshbuf_free(b);
|
||||
debug("%s: %s", __func__, ret);
|
||||
debug_f("%s", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -784,7 +781,7 @@ notify_hostkeys(struct ssh *ssh)
|
|||
return;
|
||||
|
||||
if ((buf = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
for (i = nkeys = 0; i < options.num_host_key_files; i++) {
|
||||
key = get_hostkey_public_by_index(i, ssh);
|
||||
if (key == NULL || key->type == KEY_UNSPEC ||
|
||||
|
@ -792,8 +789,7 @@ notify_hostkeys(struct ssh *ssh)
|
|||
continue;
|
||||
fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT);
|
||||
debug3("%s: key %d: %s %s", __func__, i,
|
||||
sshkey_ssh_name(key), fp);
|
||||
debug3_f("key %d: %s %s", i, sshkey_ssh_name(key), fp);
|
||||
free(fp);
|
||||
if (nkeys == 0) {
|
||||
/*
|
||||
|
@ -808,15 +804,14 @@ notify_hostkeys(struct ssh *ssh)
|
|||
/* Append the key to the request */
|
||||
sshbuf_reset(buf);
|
||||
if ((r = sshkey_putb(key, buf)) != 0)
|
||||
fatal("%s: couldn't put hostkey %d: %s",
|
||||
__func__, i, ssh_err(r));
|
||||
fatal_fr(r, "couldn't put hostkey %d", i);
|
||||
if ((r = sshpkt_put_stringb(ssh, buf)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: append key", __func__);
|
||||
nkeys++;
|
||||
}
|
||||
debug3("%s: sent %u hostkeys", __func__, nkeys);
|
||||
debug3_f("sent %u hostkeys", nkeys);
|
||||
if (nkeys == 0)
|
||||
fatal("%s: no hostkeys", __func__);
|
||||
fatal_f("no hostkeys");
|
||||
if ((r = sshpkt_send(ssh)) != 0)
|
||||
sshpkt_fatal(ssh, r, "%s: send", __func__);
|
||||
sshbuf_free(buf);
|
||||
|
@ -846,7 +841,7 @@ should_drop_connection(int startups)
|
|||
p += options.max_startups_rate;
|
||||
r = arc4random_uniform(100);
|
||||
|
||||
debug("%s: p %d, r %d", __func__, p, r);
|
||||
debug_f("p %d, r %d", p, r);
|
||||
return (r < p) ? 1 : 0;
|
||||
}
|
||||
|
||||
|
@ -934,18 +929,18 @@ send_rexec_state(int fd, struct sshbuf *conf)
|
|||
struct include_item *item = NULL;
|
||||
int r;
|
||||
|
||||
debug3("%s: entering fd = %d config len %zu", __func__, fd,
|
||||
debug3_f("entering fd = %d config len %zu", fd,
|
||||
sshbuf_len(conf));
|
||||
|
||||
if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
/* pack includes into a string */
|
||||
TAILQ_FOREACH(item, &includes, entry) {
|
||||
if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 ||
|
||||
(r = sshbuf_put_cstring(inc, item->filename)) != 0 ||
|
||||
(r = sshbuf_put_stringb(inc, item->contents)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose includes");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -960,17 +955,17 @@ send_rexec_state(int fd, struct sshbuf *conf)
|
|||
*/
|
||||
if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
|
||||
(r = sshbuf_put_stringb(m, inc)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose config");
|
||||
#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
|
||||
rexec_send_rng_seed(m);
|
||||
#endif
|
||||
if (ssh_msg_send(fd, 0, m) == -1)
|
||||
error("%s: ssh_msg_send failed", __func__);
|
||||
error_f("ssh_msg_send failed");
|
||||
|
||||
sshbuf_free(m);
|
||||
sshbuf_free(inc);
|
||||
|
||||
debug3("%s: done", __func__);
|
||||
debug3_f("done");
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -982,42 +977,42 @@ recv_rexec_state(int fd, struct sshbuf *conf)
|
|||
int r;
|
||||
struct include_item *item;
|
||||
|
||||
debug3("%s: entering fd = %d", __func__, fd);
|
||||
debug3_f("entering fd = %d", fd);
|
||||
|
||||
if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (ssh_msg_recv(fd, m) == -1)
|
||||
fatal("%s: ssh_msg_recv failed", __func__);
|
||||
fatal_f("ssh_msg_recv failed");
|
||||
if ((r = sshbuf_get_u8(m, &ver)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse version");
|
||||
if (ver != 0)
|
||||
fatal("%s: rexec version mismatch", __func__);
|
||||
fatal_f("rexec version mismatch");
|
||||
if ((r = sshbuf_get_string(m, &cp, &len)) != 0 ||
|
||||
(r = sshbuf_get_stringb(m, inc)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse config");
|
||||
|
||||
#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
|
||||
rexec_recv_rng_seed(m);
|
||||
#endif
|
||||
|
||||
if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put");
|
||||
|
||||
while (sshbuf_len(inc) != 0) {
|
||||
item = xcalloc(1, sizeof(*item));
|
||||
if ((item->contents = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 ||
|
||||
(r = sshbuf_get_stringb(inc, item->contents)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse includes");
|
||||
TAILQ_INSERT_TAIL(&includes, item, entry);
|
||||
}
|
||||
|
||||
free(cp);
|
||||
sshbuf_free(m);
|
||||
|
||||
debug3("%s: done", __func__);
|
||||
debug3_f("done");
|
||||
}
|
||||
|
||||
/* Accept a connection from inetd */
|
||||
|
@ -1037,7 +1032,7 @@ server_accept_inetd(int *sock_in, int *sock_out)
|
|||
* ttyfd happens to be one of those.
|
||||
*/
|
||||
if (stdfd_devnull(1, 1, !log_stderr) == -1)
|
||||
error("%s: stdfd_devnull failed", __func__);
|
||||
error_f("stdfd_devnull failed");
|
||||
debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out);
|
||||
}
|
||||
|
||||
|
@ -1219,9 +1214,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
|||
if (errno == EINTR || errno == EAGAIN)
|
||||
continue;
|
||||
if (errno != EPIPE) {
|
||||
error("%s: startup pipe %d (fd=%d): "
|
||||
"read %s", __func__, i,
|
||||
startup_pipes[i], strerror(errno));
|
||||
error_f("startup pipe %d (fd=%d): "
|
||||
"read %s", i, startup_pipes[i],
|
||||
strerror(errno));
|
||||
}
|
||||
/* FALLTHROUGH */
|
||||
case 0:
|
||||
|
@ -1458,7 +1453,7 @@ set_process_rdomain(struct ssh *ssh, const char *name)
|
|||
if (rtable != ortable && setrtable(rtable) != 0)
|
||||
fatal("Unable to set routing domain %d: %s",
|
||||
rtable, strerror(errno));
|
||||
debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable);
|
||||
debug_f("set routing domain %d (was %d)", rtable, ortable);
|
||||
#else /* defined(__OpenBSD__) */
|
||||
fatal("Unable to set routing domain: not supported in this platform");
|
||||
#endif
|
||||
|
@ -1475,16 +1470,16 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg,
|
|||
int r;
|
||||
|
||||
if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL)
|
||||
fatal("%s: ssh_digest_start", __func__);
|
||||
fatal_f("ssh_digest_start");
|
||||
if (key == NULL) { /* finalize */
|
||||
/* add server config in case we are using agent for host keys */
|
||||
if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
|
||||
sshbuf_len(server_cfg)) != 0)
|
||||
fatal("%s: ssh_digest_update", __func__);
|
||||
fatal_f("ssh_digest_update");
|
||||
len = ssh_digest_bytes(SSH_DIGEST_SHA512);
|
||||
hash = xmalloc(len);
|
||||
if (ssh_digest_final(ctx, hash, len) != 0)
|
||||
fatal("%s: ssh_digest_final", __func__);
|
||||
fatal_f("ssh_digest_final");
|
||||
options.timing_secret = PEEK_U64(hash);
|
||||
freezero(hash, len);
|
||||
ssh_digest_free(ctx);
|
||||
|
@ -1492,11 +1487,11 @@ accumulate_host_timing_secret(struct sshbuf *server_cfg,
|
|||
return;
|
||||
}
|
||||
if ((buf = sshbuf_new()) == NULL)
|
||||
fatal("%s could not allocate buffer", __func__);
|
||||
fatal_f("could not allocate buffer");
|
||||
if ((r = sshkey_private_serialize(key, buf)) != 0)
|
||||
fatal("sshkey_private_serialize: %s", ssh_err(r));
|
||||
fatal_fr(r, "decode key");
|
||||
if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0)
|
||||
fatal("%s: ssh_digest_update", __func__);
|
||||
fatal_f("ssh_digest_update");
|
||||
sshbuf_reset(buf);
|
||||
sshbuf_free(buf);
|
||||
}
|
||||
|
@ -1716,7 +1711,7 @@ main(int ac, char **av)
|
|||
|
||||
/* Fetch our configuration */
|
||||
if ((cfg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (rexeced_flag) {
|
||||
setproctitle("%s", "[rexeced]");
|
||||
recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg);
|
||||
|
@ -1811,8 +1806,8 @@ main(int ac, char **av)
|
|||
if ((r = ssh_get_authentication_socket(NULL)) == 0)
|
||||
have_agent = 1;
|
||||
else
|
||||
error("Could not connect to agent \"%s\": %s",
|
||||
options.host_key_agent, ssh_err(r));
|
||||
error_r(r, "Could not connect to agent \"%s\"",
|
||||
options.host_key_agent);
|
||||
}
|
||||
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
|
@ -1823,8 +1818,8 @@ main(int ac, char **av)
|
|||
continue;
|
||||
if ((r = sshkey_load_private(options.host_key_files[i], "",
|
||||
&key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
|
||||
do_log2(ll, "Unable to load host key \"%s\": %s",
|
||||
options.host_key_files[i], ssh_err(r));
|
||||
do_log2_r(r, ll, "Unable to load host key \"%s\"",
|
||||
options.host_key_files[i]);
|
||||
if (sshkey_is_sk(key) &&
|
||||
key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
|
||||
debug("host key %s requires user presence, ignoring",
|
||||
|
@ -1833,15 +1828,15 @@ main(int ac, char **av)
|
|||
}
|
||||
if (r == 0 && key != NULL &&
|
||||
(r = sshkey_shield_private(key)) != 0) {
|
||||
do_log2(ll, "Unable to shield host key \"%s\": %s",
|
||||
options.host_key_files[i], ssh_err(r));
|
||||
do_log2_r(r, ll, "Unable to shield host key \"%s\"",
|
||||
options.host_key_files[i]);
|
||||
sshkey_free(key);
|
||||
key = NULL;
|
||||
}
|
||||
if ((r = sshkey_load_public(options.host_key_files[i],
|
||||
&pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
|
||||
do_log2(ll, "Unable to load host key \"%s\": %s",
|
||||
options.host_key_files[i], ssh_err(r));
|
||||
do_log2_r(r, ll, "Unable to load host key \"%s\"",
|
||||
options.host_key_files[i]);
|
||||
if (pubkey != NULL && key != NULL) {
|
||||
if (!sshkey_equal(pubkey, key)) {
|
||||
error("Public key for %s does not match "
|
||||
|
@ -1852,8 +1847,8 @@ main(int ac, char **av)
|
|||
}
|
||||
if (pubkey == NULL && key != NULL) {
|
||||
if ((r = sshkey_from_private(key, &pubkey)) != 0)
|
||||
fatal("Could not demote key: \"%s\": %s",
|
||||
options.host_key_files[i], ssh_err(r));
|
||||
fatal_r(r, "Could not demote key: \"%s\"",
|
||||
options.host_key_files[i]);
|
||||
}
|
||||
sensitive_data.host_keys[i] = key;
|
||||
sensitive_data.host_pubkeys[i] = pubkey;
|
||||
|
@ -1912,8 +1907,8 @@ main(int ac, char **av)
|
|||
continue;
|
||||
if ((r = sshkey_load_public(options.host_cert_files[i],
|
||||
&key, NULL)) != 0) {
|
||||
error("Could not load host certificate \"%s\": %s",
|
||||
options.host_cert_files[i], ssh_err(r));
|
||||
error_r(r, "Could not load host certificate \"%s\"",
|
||||
options.host_cert_files[i]);
|
||||
continue;
|
||||
}
|
||||
if (!sshkey_is_cert(key)) {
|
||||
|
@ -2115,7 +2110,7 @@ main(int ac, char **av)
|
|||
close(REEXEC_CONFIG_PASS_FD);
|
||||
newsock = sock_out = sock_in = dup(STDIN_FILENO);
|
||||
if (stdfd_devnull(1, 1, 0) == -1)
|
||||
error("%s: stdfd_devnull failed", __func__);
|
||||
error_f("stdfd_devnull failed");
|
||||
debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d",
|
||||
sock_in, sock_out, newsock, startup_pipe, config_s[0]);
|
||||
}
|
||||
|
@ -2216,7 +2211,7 @@ main(int ac, char **av)
|
|||
|
||||
/* prepare buffer to collect messages to display to user after login */
|
||||
if ((loginmsg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
auth_debug_reset();
|
||||
|
||||
if (use_privsep) {
|
||||
|
@ -2224,7 +2219,7 @@ main(int ac, char **av)
|
|||
goto authenticated;
|
||||
} else if (have_agent) {
|
||||
if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
|
||||
error("Unable to get agent socket: %s", ssh_err(r));
|
||||
error_r(r, "Unable to get agent socket");
|
||||
have_agent = 0;
|
||||
}
|
||||
}
|
||||
|
@ -2329,24 +2324,23 @@ sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
|
|||
if (mm_sshkey_sign(ssh, privkey, signature, slenp,
|
||||
data, dlen, alg, options.sk_provider, NULL,
|
||||
ssh->compat) < 0)
|
||||
fatal("%s: privkey sign failed", __func__);
|
||||
fatal_f("privkey sign failed");
|
||||
} else {
|
||||
if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
|
||||
data, dlen, alg, options.sk_provider, NULL,
|
||||
ssh->compat) < 0)
|
||||
fatal("%s: pubkey sign failed", __func__);
|
||||
fatal_f("pubkey sign failed");
|
||||
}
|
||||
} else {
|
||||
if (privkey) {
|
||||
if (sshkey_sign(privkey, signature, slenp, data, dlen,
|
||||
alg, options.sk_provider, NULL, ssh->compat) < 0)
|
||||
fatal("%s: privkey sign failed", __func__);
|
||||
fatal_f("privkey sign failed");
|
||||
} else {
|
||||
if ((r = ssh_agent_sign(auth_sock, pubkey,
|
||||
signature, slenp, data, dlen, alg,
|
||||
ssh->compat)) != 0) {
|
||||
fatal("%s: agent sign failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "agent sign failed");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -2384,7 +2378,7 @@ do_ssh2_kex(struct ssh *ssh)
|
|||
|
||||
/* start key exchange */
|
||||
if ((r = kex_setup(ssh, myproposal)) != 0)
|
||||
fatal("kex_setup: %s", ssh_err(r));
|
||||
fatal_r(r, "kex_setup");
|
||||
kex = ssh->kex;
|
||||
#ifdef WITH_OPENSSL
|
||||
kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
|
||||
|
@ -2416,7 +2410,7 @@ do_ssh2_kex(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, "markus")) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: send test: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send test");
|
||||
#endif
|
||||
debug("KEX done");
|
||||
}
|
||||
|
@ -2431,9 +2425,10 @@ cleanup_exit(int i)
|
|||
pmonitor != NULL && pmonitor->m_pid > 1) {
|
||||
debug("Killing privsep child %d", pmonitor->m_pid);
|
||||
if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
|
||||
errno != ESRCH)
|
||||
error("%s: kill(%d): %s", __func__,
|
||||
pmonitor->m_pid, strerror(errno));
|
||||
errno != ESRCH) {
|
||||
error_f("kill(%d): %s", pmonitor->m_pid,
|
||||
strerror(errno));
|
||||
}
|
||||
}
|
||||
}
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */
|
||||
/* $OpenBSD: sshlogin.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -122,7 +122,7 @@ store_lastlog_message(const char *user, uid_t uid)
|
|||
r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n",
|
||||
time_string, hostname);
|
||||
if (r != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_putf");
|
||||
}
|
||||
# endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */
|
||||
#endif /* NO_SSH_LASTLOG */
|
||||
|
|
114
sshsig.c
114
sshsig.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshsig.c,v 1.17 2020/08/31 00:17:41 djm Exp $ */
|
||||
/* $OpenBSD: sshsig.c,v 1.18 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Google LLC
|
||||
*
|
||||
|
@ -54,27 +54,26 @@ sshsig_armor(const struct sshbuf *blob, struct sshbuf **out)
|
|||
*out = NULL;
|
||||
|
||||
if ((buf = sshbuf_new()) == NULL) {
|
||||
error("%s: sshbuf_new failed", __func__);
|
||||
error_f("sshbuf_new failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((r = sshbuf_put(buf, BEGIN_SIGNATURE,
|
||||
sizeof(BEGIN_SIGNATURE)-1)) != 0) {
|
||||
error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshbuf_putf");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) {
|
||||
error("%s: Couldn't base64 encode signature blob: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "base64 encode signature");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if ((r = sshbuf_put(buf, END_SIGNATURE,
|
||||
sizeof(END_SIGNATURE)-1)) != 0 ||
|
||||
(r = sshbuf_put_u8(buf, '\n')) != 0) {
|
||||
error("%s: sshbuf_put failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshbuf_put");
|
||||
goto out;
|
||||
}
|
||||
/* success */
|
||||
|
@ -96,7 +95,7 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out)
|
|||
char *b64 = NULL;
|
||||
|
||||
if ((sbuf = sshbuf_fromb(sig)) == NULL) {
|
||||
error("%s: sshbuf_fromb failed", __func__);
|
||||
error_f("sshbuf_fromb failed");
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
}
|
||||
|
||||
|
@ -107,7 +106,7 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out)
|
|||
}
|
||||
|
||||
if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) {
|
||||
error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "consume");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -118,24 +117,24 @@ sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out)
|
|||
}
|
||||
|
||||
if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) {
|
||||
error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "consume");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((b64 = sshbuf_dup_string(sbuf)) == NULL) {
|
||||
error("%s: sshbuf_dup_string failed", __func__);
|
||||
error_f("sshbuf_dup_string failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((buf = sshbuf_new()) == NULL) {
|
||||
error("%s: sshbuf_new() failed", __func__);
|
||||
error_f("sshbuf_new() failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((r = sshbuf_b64tod(buf, b64)) != 0) {
|
||||
error("Couldn't decode signature: %s", ssh_err(r));
|
||||
error_fr(r, "decode base64");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -165,7 +164,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
|
|||
|
||||
if ((tosign = sshbuf_new()) == NULL ||
|
||||
(blob = sshbuf_new()) == NULL) {
|
||||
error("%s: sshbuf_new failed", __func__);
|
||||
error_f("sshbuf_new failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto done;
|
||||
}
|
||||
|
@ -175,7 +174,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
|
|||
(r = sshbuf_put_string(tosign, NULL, 0)) != 0 || /* reserved */
|
||||
(r = sshbuf_put_cstring(tosign, hashalg)) != 0 ||
|
||||
(r = sshbuf_put_stringb(tosign, h_message)) != 0) {
|
||||
error("Couldn't construct message to sign: %s", ssh_err(r));
|
||||
error_fr(r, "assemble message to sign");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -187,14 +186,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
|
|||
if ((r = signer(key, &sig, &slen,
|
||||
sshbuf_ptr(tosign), sshbuf_len(tosign),
|
||||
sign_alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) {
|
||||
error("Couldn't sign message: %s", ssh_err(r));
|
||||
error_r(r, "Couldn't sign message (signer)");
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
if ((r = sshkey_sign(key, &sig, &slen,
|
||||
sshbuf_ptr(tosign), sshbuf_len(tosign),
|
||||
sign_alg, sk_provider, sk_pin, 0)) != 0) {
|
||||
error("Couldn't sign message: %s", ssh_err(r));
|
||||
error_r(r, "Couldn't sign message");
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
@ -206,7 +205,7 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
|
|||
(r = sshbuf_put_string(blob, NULL, 0)) != 0 || /* reserved */
|
||||
(r = sshbuf_put_cstring(blob, hashalg)) != 0 ||
|
||||
(r = sshbuf_put_string(blob, sig, slen)) != 0) {
|
||||
error("Couldn't populate blob: %s", ssh_err(r));
|
||||
error_fr(r, "assemble signature object");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -250,7 +249,7 @@ sshsig_check_hashalg(const char *hashalg)
|
|||
if (hashalg == NULL ||
|
||||
match_pattern_list(hashalg, HASHALG_ALLOWED, 0) == 1)
|
||||
return 0;
|
||||
error("%s: unsupported hash algorithm \"%.100s\"", __func__, hashalg);
|
||||
error_f("unsupported hash algorithm \"%.100s\"", hashalg);
|
||||
return SSH_ERR_SIGN_ALG_UNSUPPORTED;
|
||||
}
|
||||
|
||||
|
@ -272,7 +271,7 @@ sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp)
|
|||
(r = sshbuf_get_string(buf, NULL, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(buf, &hashalg, NULL)) != 0 ||
|
||||
(r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0) {
|
||||
error("Couldn't parse signature blob: %s", ssh_err(r));
|
||||
error_fr(r, "parse signature object");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -298,14 +297,14 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
|
|||
char *got_namespace = NULL, *sigtype = NULL, *sig_hashalg = NULL;
|
||||
size_t siglen;
|
||||
|
||||
debug("%s: verify message length %zu", __func__, sshbuf_len(h_message));
|
||||
debug_f("verify message length %zu", sshbuf_len(h_message));
|
||||
if (sig_details != NULL)
|
||||
*sig_details = NULL;
|
||||
if (sign_keyp != NULL)
|
||||
*sign_keyp = NULL;
|
||||
|
||||
if ((toverify = sshbuf_new()) == NULL) {
|
||||
error("%s: sshbuf_new failed", __func__);
|
||||
error_f("sshbuf_new failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto done;
|
||||
}
|
||||
|
@ -315,7 +314,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
|
|||
(r = sshbuf_put_string(toverify, NULL, 0)) != 0 || /* reserved */
|
||||
(r = sshbuf_put_cstring(toverify, hashalg)) != 0 ||
|
||||
(r = sshbuf_put_stringb(toverify, h_message)) != 0) {
|
||||
error("Couldn't construct message to verify: %s", ssh_err(r));
|
||||
error_fr(r, "assemble message to verify");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -327,7 +326,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
|
|||
(r = sshbuf_get_string(signature, NULL, NULL)) != 0 ||
|
||||
(r = sshbuf_get_cstring(signature, &sig_hashalg, NULL)) != 0 ||
|
||||
(r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) {
|
||||
error("Couldn't parse signature blob: %s", ssh_err(r));
|
||||
error_fr(r, "parse signature object");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -339,23 +338,23 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
|
|||
|
||||
if (strcmp(expect_namespace, got_namespace) != 0) {
|
||||
error("Couldn't verify signature: namespace does not match");
|
||||
debug("%s: expected namespace \"%s\" received \"%s\"",
|
||||
__func__, expect_namespace, got_namespace);
|
||||
debug_f("expected namespace \"%s\" received \"%s\"",
|
||||
expect_namespace, got_namespace);
|
||||
r = SSH_ERR_SIGNATURE_INVALID;
|
||||
goto done;
|
||||
}
|
||||
if (strcmp(hashalg, sig_hashalg) != 0) {
|
||||
error("Couldn't verify signature: hash algorithm mismatch");
|
||||
debug("%s: expected algorithm \"%s\" received \"%s\"",
|
||||
__func__, hashalg, sig_hashalg);
|
||||
debug_f("expected algorithm \"%s\" received \"%s\"",
|
||||
hashalg, sig_hashalg);
|
||||
r = SSH_ERR_SIGNATURE_INVALID;
|
||||
goto done;
|
||||
}
|
||||
/* Ensure that RSA keys use an acceptable signature algorithm */
|
||||
if (sshkey_type_plain(key->type) == KEY_RSA) {
|
||||
if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) {
|
||||
error("Couldn't verify signature: unable to get "
|
||||
"signature type: %s", ssh_err(r));
|
||||
error_r(r, "Couldn't verify signature: unable to get "
|
||||
"signature type");
|
||||
goto done;
|
||||
}
|
||||
if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED, 0) != 1) {
|
||||
|
@ -367,7 +366,7 @@ sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
|
|||
}
|
||||
if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify),
|
||||
sshbuf_len(toverify), NULL, 0, sig_details)) != 0) {
|
||||
error("Signature verification failed: %s", ssh_err(r));
|
||||
error_r(r, "Signature verification failed");
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -400,16 +399,15 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp)
|
|||
if ((r = sshsig_check_hashalg(hashalg)) != 0)
|
||||
return r;
|
||||
if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) {
|
||||
error("%s: can't look up hash algorithm %s",
|
||||
__func__, hashalg);
|
||||
error_f("can't look up hash algorithm %s", hashalg);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
if ((r = ssh_digest_buffer(alg, m, hash, sizeof(hash))) != 0) {
|
||||
error("%s: ssh_digest_buffer failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "ssh_digest_buffer");
|
||||
return r;
|
||||
}
|
||||
if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) {
|
||||
debug3("%s: final hash: %s", __func__, hex);
|
||||
debug3_f("final hash: %s", hex);
|
||||
freezero(hex, strlen(hex));
|
||||
}
|
||||
if ((b = sshbuf_new()) == NULL) {
|
||||
|
@ -417,7 +415,7 @@ hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp)
|
|||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) {
|
||||
error("%s: sshbuf_put: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshbuf_put");
|
||||
goto out;
|
||||
}
|
||||
*bp = b;
|
||||
|
@ -444,7 +442,7 @@ sshsig_signb(struct sshkey *key, const char *hashalg,
|
|||
if (out != NULL)
|
||||
*out = NULL;
|
||||
if ((r = hash_buffer(message, hashalg, &b)) != 0) {
|
||||
error("%s: hash_buffer failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "hash buffer");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b,
|
||||
|
@ -472,9 +470,9 @@ sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message,
|
|||
*sign_keyp = NULL;
|
||||
if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
|
||||
return r;
|
||||
debug("%s: signature made with hash \"%s\"", __func__, hashalg);
|
||||
debug_f("signature made with hash \"%s\"", hashalg);
|
||||
if ((r = hash_buffer(message, hashalg, &b)) != 0) {
|
||||
error("%s: hash_buffer failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "hash buffer");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
|
||||
|
@ -503,12 +501,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
|
|||
if ((r = sshsig_check_hashalg(hashalg)) != 0)
|
||||
return r;
|
||||
if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) {
|
||||
error("%s: can't look up hash algorithm %s",
|
||||
__func__, hashalg);
|
||||
error_f("can't look up hash algorithm %s", hashalg);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
if ((ctx = ssh_digest_start(alg)) == NULL) {
|
||||
error("%s: ssh_digest_start failed", __func__);
|
||||
error_f("ssh_digest_start failed");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
for (;;) {
|
||||
|
@ -516,28 +513,27 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
|
|||
if (errno == EINTR || errno == EAGAIN)
|
||||
continue;
|
||||
oerrno = errno;
|
||||
error("%s: read: %s", __func__, strerror(errno));
|
||||
error_f("read: %s", strerror(errno));
|
||||
ssh_digest_free(ctx);
|
||||
errno = oerrno;
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto out;
|
||||
} else if (n == 0) {
|
||||
debug2("%s: hashed %zu bytes", __func__, total);
|
||||
debug2_f("hashed %zu bytes", total);
|
||||
break; /* EOF */
|
||||
}
|
||||
total += (size_t)n;
|
||||
if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) {
|
||||
error("%s: ssh_digest_update: %s",
|
||||
__func__, ssh_err(r));
|
||||
error_fr(r, "ssh_digest_update");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
if ((r = ssh_digest_final(ctx, hash, sizeof(hash))) != 0) {
|
||||
error("%s: ssh_digest_final: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "ssh_digest_final");
|
||||
goto out;
|
||||
}
|
||||
if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) {
|
||||
debug3("%s: final hash: %s", __func__, hex);
|
||||
debug3_f("final hash: %s", hex);
|
||||
freezero(hex, strlen(hex));
|
||||
}
|
||||
if ((b = sshbuf_new()) == NULL) {
|
||||
|
@ -545,7 +541,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp)
|
|||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) {
|
||||
error("%s: sshbuf_put: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshbuf_put");
|
||||
goto out;
|
||||
}
|
||||
*bp = b;
|
||||
|
@ -573,7 +569,7 @@ sshsig_sign_fd(struct sshkey *key, const char *hashalg,
|
|||
if (out != NULL)
|
||||
*out = NULL;
|
||||
if ((r = hash_file(fd, hashalg, &b)) != 0) {
|
||||
error("%s: hash_file failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "hash_file");
|
||||
return r;
|
||||
}
|
||||
if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b,
|
||||
|
@ -601,9 +597,9 @@ sshsig_verify_fd(struct sshbuf *signature, int fd,
|
|||
*sign_keyp = NULL;
|
||||
if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
|
||||
return r;
|
||||
debug("%s: signature made with hash \"%s\"", __func__, hashalg);
|
||||
debug_f("signature made with hash \"%s\"", hashalg);
|
||||
if ((r = hash_file(fd, hashalg, &b)) != 0) {
|
||||
error("%s: hash_file failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "hash_file");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
|
||||
|
@ -713,7 +709,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
|
|||
goto out;
|
||||
}
|
||||
if ((principals = strdup(tmp)) == NULL) {
|
||||
error("%s: strdup failed", __func__);
|
||||
error_f("strdup failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -728,12 +724,12 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line,
|
|||
r = SSH_ERR_KEY_NOT_FOUND;
|
||||
goto out;
|
||||
}
|
||||
debug("%s: %s:%lu: matched principal \"%s\"",
|
||||
__func__, path, linenum, required_principal);
|
||||
debug_f("%s:%lu: matched principal \"%s\"",
|
||||
path, linenum, required_principal);
|
||||
}
|
||||
|
||||
if ((key = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||
error("%s: sshkey_new failed", __func__);
|
||||
error_f("sshkey_new failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -904,7 +900,7 @@ cert_filter_principals(const char *path, u_long linenum,
|
|||
}
|
||||
if ((r = sshbuf_putf(nprincipals, "%s%s",
|
||||
sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) {
|
||||
error("%s: buffer error", __func__);
|
||||
error_f("buffer error");
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
@ -914,7 +910,7 @@ cert_filter_principals(const char *path, u_long linenum,
|
|||
goto out;
|
||||
}
|
||||
if ((principals = sshbuf_dup_string(nprincipals)) == NULL) {
|
||||
error("%s: buffer error", __func__);
|
||||
error_f("buffer error");
|
||||
goto out;
|
||||
}
|
||||
/* success */
|
||||
|
@ -956,8 +952,8 @@ get_matching_principals_from_line(const char *path, u_long linenum, char *line,
|
|||
if ((r = cert_filter_principals(path, linenum,
|
||||
&principals, sign_key)) != 0) {
|
||||
/* error already displayed */
|
||||
debug("%s:%lu: cert_filter_principals: %s",
|
||||
path, linenum, ssh_err(r));
|
||||
debug_r(r, "%s:%lu: cert_filter_principals",
|
||||
path, linenum);
|
||||
goto done;
|
||||
}
|
||||
debug("%s:%lu: matched certificate CA key", path, linenum);
|
||||
|
|
42
ttymodes.c
42
ttymodes.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ttymodes.c,v 1.34 2018/07/09 21:20:26 markus Exp $ */
|
||||
/* $OpenBSD: ttymodes.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -283,11 +283,11 @@ ssh_tty_make_modes(struct ssh *ssh, int fd, struct termios *tiop)
|
|||
int r, ibaud, obaud;
|
||||
|
||||
if ((buf = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
if (tiop == NULL) {
|
||||
if (fd == -1) {
|
||||
debug("%s: no fd or tio", __func__);
|
||||
debug_f("no fd or tio");
|
||||
goto end;
|
||||
}
|
||||
if (tcgetattr(fd, &tio) == -1) {
|
||||
|
@ -304,23 +304,23 @@ ssh_tty_make_modes(struct ssh *ssh, int fd, struct termios *tiop)
|
|||
(r = sshbuf_put_u32(buf, obaud)) != 0 ||
|
||||
(r = sshbuf_put_u8(buf, TTY_OP_ISPEED)) != 0 ||
|
||||
(r = sshbuf_put_u32(buf, ibaud)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose");
|
||||
|
||||
/* Store values of mode flags. */
|
||||
#define TTYCHAR(NAME, OP) \
|
||||
if ((r = sshbuf_put_u8(buf, OP)) != 0 || \
|
||||
(r = sshbuf_put_u32(buf, \
|
||||
special_char_encode(tio.c_cc[NAME]))) != 0) \
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r)); \
|
||||
fatal_fr(r, "compose %s", #NAME);
|
||||
|
||||
#define SSH_TTYMODE_IUTF8 42 /* for SSH_BUG_UTF8TTYMODE */
|
||||
|
||||
#define TTYMODE(NAME, FIELD, OP) \
|
||||
if (OP == SSH_TTYMODE_IUTF8 && (datafellows & SSH_BUG_UTF8TTYMODE)) { \
|
||||
debug3("%s: SSH_BUG_UTF8TTYMODE", __func__); \
|
||||
debug3_f("SSH_BUG_UTF8TTYMODE"); \
|
||||
} else if ((r = sshbuf_put_u8(buf, OP)) != 0 || \
|
||||
(r = sshbuf_put_u32(buf, ((tio.FIELD & NAME) != 0))) != 0) \
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r)); \
|
||||
fatal_fr(r, "compose %s", #NAME);
|
||||
|
||||
#include "ttymodes.h"
|
||||
|
||||
|
@ -331,7 +331,7 @@ end:
|
|||
/* Mark end of mode data. */
|
||||
if ((r = sshbuf_put_u8(buf, TTY_OP_END)) != 0 ||
|
||||
(r = sshpkt_put_stringb(ssh, buf)) != 0)
|
||||
fatal("%s: packet error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "compose end");
|
||||
sshbuf_free(buf);
|
||||
}
|
||||
|
||||
|
@ -351,11 +351,11 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd)
|
|||
size_t len;
|
||||
|
||||
if ((r = sshpkt_get_string_direct(ssh, &data, &len)) != 0)
|
||||
fatal("%s: packet error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse");
|
||||
if (len == 0)
|
||||
return;
|
||||
if ((buf = sshbuf_from(data, len)) == NULL) {
|
||||
error("%s: sshbuf_from failed", __func__);
|
||||
error_f("sshbuf_from failed");
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -371,15 +371,14 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd)
|
|||
|
||||
while (sshbuf_len(buf) > 0) {
|
||||
if ((r = sshbuf_get_u8(buf, &opcode)) != 0)
|
||||
fatal("%s: packet error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse opcode");
|
||||
switch (opcode) {
|
||||
case TTY_OP_END:
|
||||
goto set;
|
||||
|
||||
case TTY_OP_ISPEED:
|
||||
if ((r = sshbuf_get_u32(buf, &baud)) != 0)
|
||||
fatal("%s: packet error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse ispeed");
|
||||
if (failure != -1 &&
|
||||
cfsetispeed(&tio, baud_to_speed(baud)) == -1)
|
||||
error("cfsetispeed failed for %d", baud);
|
||||
|
@ -387,8 +386,7 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd)
|
|||
|
||||
case TTY_OP_OSPEED:
|
||||
if ((r = sshbuf_get_u32(buf, &baud)) != 0)
|
||||
fatal("%s: packet error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "parse ospeed");
|
||||
if (failure != -1 &&
|
||||
cfsetospeed(&tio, baud_to_speed(baud)) == -1)
|
||||
error("cfsetospeed failed for %d", baud);
|
||||
|
@ -397,15 +395,13 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd)
|
|||
#define TTYCHAR(NAME, OP) \
|
||||
case OP: \
|
||||
if ((r = sshbuf_get_u32(buf, &u)) != 0) \
|
||||
fatal("%s: packet error: %s", __func__, \
|
||||
ssh_err(r)); \
|
||||
fatal_fr(r, "parse %s", #NAME); \
|
||||
tio.c_cc[NAME] = special_char_decode(u); \
|
||||
break;
|
||||
#define TTYMODE(NAME, FIELD, OP) \
|
||||
case OP: \
|
||||
if ((r = sshbuf_get_u32(buf, &u)) != 0) \
|
||||
fatal("%s: packet error: %s", __func__, \
|
||||
ssh_err(r)); \
|
||||
fatal_fr(r, "parse %s", #NAME); \
|
||||
if (u) \
|
||||
tio.FIELD |= NAME; \
|
||||
else \
|
||||
|
@ -429,12 +425,10 @@ ssh_tty_parse_modes(struct ssh *ssh, int fd)
|
|||
*/
|
||||
if (opcode > 0 && opcode < 160) {
|
||||
if ((r = sshbuf_get_u32(buf, NULL)) != 0)
|
||||
fatal("%s: packet error: %s", __func__,
|
||||
ssh_err(r));
|
||||
fatal_fr(r, "parse arg");
|
||||
break;
|
||||
} else {
|
||||
logit("%s: unknown opcode %d", __func__,
|
||||
opcode);
|
||||
logit_f("unknown opcode %d", opcode);
|
||||
goto set;
|
||||
}
|
||||
}
|
||||
|
@ -444,7 +438,7 @@ set:
|
|||
len = sshbuf_len(buf);
|
||||
sshbuf_free(buf);
|
||||
if (len > 0) {
|
||||
logit("%s: %zu bytes left", __func__, len);
|
||||
logit_f("%zu bytes left", len);
|
||||
return; /* Don't process bytes passed */
|
||||
}
|
||||
if (failure == -1)
|
||||
|
|
Loading…
Reference in New Issue