- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
This commit is contained in:
parent
89681214ca
commit
9f0f5c64bc
12
ChangeLog
12
ChangeLog
|
@ -28,6 +28,16 @@
|
|||
[auth-rsa.c]
|
||||
log fingerprint on successful public key authentication, simplify
|
||||
usage of key structs; ok markus@
|
||||
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
|
||||
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
|
||||
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
|
||||
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
|
||||
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
|
||||
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
|
||||
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
|
||||
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
|
||||
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
|
||||
basic KNF done while i was looking for something else
|
||||
|
||||
20011219
|
||||
- (stevesk) OpenBSD CVS sync X11 localhost display
|
||||
|
@ -7056,4 +7066,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1700 2001/12/21 01:52:39 djm Exp $
|
||||
$Id: ChangeLog,v 1.1701 2001/12/21 03:45:46 djm Exp $
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-bsdauth.c,v 1.1 2001/05/18 14:13:28 markus Exp $");
|
||||
RCSID("$OpenBSD: auth-bsdauth.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#ifdef BSD_AUTH
|
||||
#include "xmalloc.h"
|
||||
|
@ -36,74 +36,74 @@ bsdauth_init_ctx(Authctxt *authctxt)
|
|||
}
|
||||
|
||||
static int
|
||||
bsdauth_query(void *ctx, char **name, char **infotxt,
|
||||
bsdauth_query(void *ctx, char **name, char **infotxt,
|
||||
u_int *numprompts, char ***prompts, u_int **echo_on)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
char *challenge = NULL;
|
||||
Authctxt *authctxt = ctx;
|
||||
char *challenge = NULL;
|
||||
|
||||
if (authctxt->as != NULL) {
|
||||
debug2("bsdauth_query: try reuse session");
|
||||
challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
|
||||
if (challenge == NULL) {
|
||||
auth_close(authctxt->as);
|
||||
authctxt->as = NULL;
|
||||
}
|
||||
}
|
||||
if (authctxt->as != NULL) {
|
||||
debug2("bsdauth_query: try reuse session");
|
||||
challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
|
||||
if (challenge == NULL) {
|
||||
auth_close(authctxt->as);
|
||||
authctxt->as = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
if (challenge == NULL) {
|
||||
debug2("bsdauth_query: new bsd auth session");
|
||||
debug3("bsdauth_query: style %s",
|
||||
if (challenge == NULL) {
|
||||
debug2("bsdauth_query: new bsd auth session");
|
||||
debug3("bsdauth_query: style %s",
|
||||
authctxt->style ? authctxt->style : "<default>");
|
||||
authctxt->as = auth_userchallenge(authctxt->user,
|
||||
authctxt->as = auth_userchallenge(authctxt->user,
|
||||
authctxt->style, "auth-ssh", &challenge);
|
||||
if (authctxt->as == NULL)
|
||||
challenge = NULL;
|
||||
debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
|
||||
}
|
||||
|
||||
if (challenge == NULL)
|
||||
return -1;
|
||||
if (authctxt->as == NULL)
|
||||
challenge = NULL;
|
||||
debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
|
||||
}
|
||||
|
||||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xmalloc(*numprompts * sizeof(char*));
|
||||
*echo_on = xmalloc(*numprompts * sizeof(u_int));
|
||||
(*echo_on)[0] = 0;
|
||||
(*prompts)[0] = xstrdup(challenge);
|
||||
if (challenge == NULL)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xmalloc(*numprompts * sizeof(char*));
|
||||
*echo_on = xmalloc(*numprompts * sizeof(u_int));
|
||||
(*echo_on)[0] = 0;
|
||||
(*prompts)[0] = xstrdup(challenge);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
bsdauth_respond(void *ctx, u_int numresponses, char **responses)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
int authok;
|
||||
|
||||
if (authctxt->as == 0)
|
||||
error("bsdauth_respond: no bsd auth session");
|
||||
Authctxt *authctxt = ctx;
|
||||
int authok;
|
||||
|
||||
if (numresponses != 1)
|
||||
return -1;
|
||||
if (authctxt->as == 0)
|
||||
error("bsdauth_respond: no bsd auth session");
|
||||
|
||||
authok = auth_userresponse(authctxt->as, responses[0], 0);
|
||||
authctxt->as = NULL;
|
||||
debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
|
||||
if (numresponses != 1)
|
||||
return -1;
|
||||
|
||||
return (authok == 0) ? -1 : 0;
|
||||
authok = auth_userresponse(authctxt->as, responses[0], 0);
|
||||
authctxt->as = NULL;
|
||||
debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
|
||||
|
||||
return (authok == 0) ? -1 : 0;
|
||||
}
|
||||
|
||||
static void
|
||||
bsdauth_free_ctx(void *ctx)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
Authctxt *authctxt = ctx;
|
||||
|
||||
if (authctxt && authctxt->as) {
|
||||
auth_close(authctxt->as);
|
||||
authctxt->as = NULL;
|
||||
}
|
||||
if (authctxt && authctxt->as) {
|
||||
auth_close(authctxt->as);
|
||||
authctxt->as = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
KbdintDevice bsdauth_device = {
|
||||
|
|
74
auth-krb4.c
74
auth-krb4.c
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-krb4.c,v 1.24 2001/06/26 16:15:22 dugsong Exp $");
|
||||
RCSID("$OpenBSD: auth-krb4.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
|
@ -49,7 +49,7 @@ krb4_init(void *context)
|
|||
const char *tkt_root = TKT_ROOT;
|
||||
struct stat st;
|
||||
int fd;
|
||||
|
||||
|
||||
if (!authctxt->krb4_ticket_file) {
|
||||
/* Set unique ticket string manually since we're still root. */
|
||||
authctxt->krb4_ticket_file = xmalloc(MAXPATHLEN);
|
||||
|
@ -79,13 +79,13 @@ krb4_init(void *context)
|
|||
}
|
||||
/* Failure - cancel cleanup function, leaving ticket for inspection. */
|
||||
log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file);
|
||||
|
||||
|
||||
fatal_remove_cleanup(krb4_cleanup_proc, authctxt);
|
||||
cleanup_registered = 0;
|
||||
|
||||
|
||||
xfree(authctxt->krb4_ticket_file);
|
||||
authctxt->krb4_ticket_file = NULL;
|
||||
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -103,10 +103,10 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
|
|||
char localhost[MAXHOSTNAMELEN], phost[INST_SZ], realm[REALM_SZ];
|
||||
u_int32_t faddr;
|
||||
int r;
|
||||
|
||||
|
||||
if ((pw = authctxt->pw) == NULL)
|
||||
return (0);
|
||||
|
||||
|
||||
/*
|
||||
* Try Kerberos password authentication only for non-root
|
||||
* users and only if Kerberos is installed.
|
||||
|
@ -128,7 +128,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
|
|||
}
|
||||
/* Successful authentication. */
|
||||
chown(tkt_string(), pw->pw_uid, pw->pw_gid);
|
||||
|
||||
|
||||
/*
|
||||
* Now that we have a TGT, try to get a local
|
||||
* "rcmd" ticket to ensure that we are not talking
|
||||
|
@ -138,7 +138,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
|
|||
strlcpy(phost, (char *)krb_get_phost(localhost),
|
||||
sizeof(phost));
|
||||
r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33);
|
||||
|
||||
|
||||
if (r == KSUCCESS) {
|
||||
if ((hp = gethostbyname(localhost)) == NULL) {
|
||||
log("Couldn't get local host address!");
|
||||
|
@ -146,7 +146,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
|
|||
}
|
||||
memmove((void *)&faddr, (void *)hp->h_addr,
|
||||
sizeof(faddr));
|
||||
|
||||
|
||||
/* Verify our "rcmd" ticket. */
|
||||
r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost,
|
||||
faddr, &adata, "");
|
||||
|
@ -186,13 +186,13 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
|
|||
} else
|
||||
/* Logging in as root or no local Kerberos realm. */
|
||||
debug("Unable to authenticate to Kerberos.");
|
||||
|
||||
|
||||
failure:
|
||||
krb4_cleanup_proc(authctxt);
|
||||
|
||||
|
||||
if (!options.kerberos_or_local_passwd)
|
||||
return (0);
|
||||
|
||||
|
||||
/* Fall back to ordinary passwd authentication. */
|
||||
return (-1);
|
||||
}
|
||||
|
@ -220,9 +220,9 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
|
|||
socklen_t slen;
|
||||
u_int cksum;
|
||||
int r, s;
|
||||
|
||||
|
||||
s = packet_get_connection_in();
|
||||
|
||||
|
||||
slen = sizeof(local);
|
||||
memset(&local, 0, sizeof(local));
|
||||
if (getsockname(s, (struct sockaddr *) & local, &slen) < 0)
|
||||
|
@ -235,7 +235,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
|
|||
}
|
||||
instance[0] = '*';
|
||||
instance[1] = 0;
|
||||
|
||||
|
||||
/* Get the encrypted request, challenge, and session key. */
|
||||
if ((r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance,
|
||||
0, &adat, ""))) {
|
||||
|
@ -243,11 +243,11 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
|
|||
return (0);
|
||||
}
|
||||
des_key_sched((des_cblock *) adat.session, schedule);
|
||||
|
||||
|
||||
*client = xmalloc(MAX_K_NAME_SZ);
|
||||
(void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname,
|
||||
*adat.pinst ? "." : "", adat.pinst, adat.prealm);
|
||||
|
||||
|
||||
/* Check ~/.klogin authorization now. */
|
||||
if (kuserok(&adat, authctxt->user) != KSUCCESS) {
|
||||
log("Kerberos v4 .klogin authorization failed for %s to "
|
||||
|
@ -259,7 +259,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
|
|||
session key. */
|
||||
cksum = adat.checksum + 1;
|
||||
cksum = htonl(cksum);
|
||||
|
||||
|
||||
/* If we can't successfully encrypt the checksum, we send back an
|
||||
empty message, admitting our failure. */
|
||||
if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1,
|
||||
|
@ -269,10 +269,10 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
|
|||
reply.length = 0;
|
||||
} else
|
||||
reply.length = r;
|
||||
|
||||
|
||||
/* Clear session key. */
|
||||
memset(&adat.session, 0, sizeof(&adat.session));
|
||||
|
||||
|
||||
packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
|
||||
packet_put_string((char *) reply.dat, reply.length);
|
||||
packet_send();
|
||||
|
@ -287,19 +287,19 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string)
|
|||
{
|
||||
CREDENTIALS creds;
|
||||
struct passwd *pw;
|
||||
|
||||
|
||||
if ((pw = authctxt->pw) == NULL)
|
||||
goto failure;
|
||||
|
||||
|
||||
temporarily_use_uid(pw);
|
||||
|
||||
|
||||
if (!radix_to_creds(string, &creds)) {
|
||||
log("Protocol error decoding Kerberos v4 TGT");
|
||||
goto failure;
|
||||
}
|
||||
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
|
||||
strlcpy(creds.service, "krbtgt", sizeof creds.service);
|
||||
|
||||
|
||||
if (strcmp(creds.service, "krbtgt")) {
|
||||
log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
|
||||
creds.pname, creds.pinst[0] ? "." : "", creds.pinst,
|
||||
|
@ -308,10 +308,10 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string)
|
|||
}
|
||||
if (!krb4_init(authctxt))
|
||||
goto failure;
|
||||
|
||||
|
||||
if (in_tkt(creds.pname, creds.pinst) != KSUCCESS)
|
||||
goto failure;
|
||||
|
||||
|
||||
if (save_credentials(creds.service, creds.instance, creds.realm,
|
||||
creds.session, creds.lifetime, creds.kvno, &creds.ticket_st,
|
||||
creds.issue_date) != KSUCCESS) {
|
||||
|
@ -320,20 +320,20 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string)
|
|||
}
|
||||
/* Successful authentication, passed all checks. */
|
||||
chown(tkt_string(), pw->pw_uid, pw->pw_gid);
|
||||
|
||||
|
||||
debug("Kerberos v4 TGT accepted (%s%s%s@%s)",
|
||||
creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm);
|
||||
memset(&creds, 0, sizeof(creds));
|
||||
|
||||
|
||||
restore_uid();
|
||||
|
||||
|
||||
return (1);
|
||||
|
||||
|
||||
failure:
|
||||
krb4_cleanup_proc(authctxt);
|
||||
memset(&creds, 0, sizeof(creds));
|
||||
restore_uid();
|
||||
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -343,22 +343,22 @@ auth_afs_token(Authctxt *authctxt, const char *token_string)
|
|||
CREDENTIALS creds;
|
||||
struct passwd *pw;
|
||||
uid_t uid;
|
||||
|
||||
|
||||
if ((pw = authctxt->pw) == NULL)
|
||||
return (0);
|
||||
|
||||
|
||||
if (!radix_to_creds(token_string, &creds)) {
|
||||
log("Protocol error decoding AFS token");
|
||||
return (0);
|
||||
}
|
||||
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
|
||||
strlcpy(creds.service, "afs", sizeof creds.service);
|
||||
|
||||
|
||||
if (strncmp(creds.pname, "AFS ID ", 7) == 0)
|
||||
uid = atoi(creds.pname + 7);
|
||||
else
|
||||
uid = pw->pw_uid;
|
||||
|
||||
|
||||
if (kafs_settoken(creds.realm, uid, &creds)) {
|
||||
log("AFS token (%s@%s) rejected for %s",
|
||||
creds.pname, creds.realm, pw->pw_name);
|
||||
|
@ -367,7 +367,7 @@ auth_afs_token(Authctxt *authctxt, const char *token_string)
|
|||
}
|
||||
debug("AFS token accepted (%s@%s)", creds.pname, creds.realm);
|
||||
memset(&creds, 0, sizeof(creds));
|
||||
|
||||
|
||||
return (1);
|
||||
}
|
||||
#endif /* AFS */
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.24 2001/06/23 15:12:17 itojun Exp $");
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -186,7 +186,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
* servers.
|
||||
*/
|
||||
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
|
||||
rhosts_file_index++) {
|
||||
rhosts_file_index++) {
|
||||
/* Check users .rhosts or .shosts. */
|
||||
snprintf(buf, sizeof buf, "%.500s/%.100s",
|
||||
pw->pw_dir, rhosts_files[rhosts_file_index]);
|
||||
|
@ -204,16 +204,16 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
|
||||
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
|
||||
if (pw->pw_uid != 0) {
|
||||
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user,
|
||||
pw->pw_name)) {
|
||||
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
|
||||
client_user, pw->pw_name)) {
|
||||
packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
|
||||
hostname, ipaddr);
|
||||
hostname, ipaddr);
|
||||
return 1;
|
||||
}
|
||||
if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
|
||||
pw->pw_name)) {
|
||||
if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr,
|
||||
client_user, pw->pw_name)) {
|
||||
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
|
||||
hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
|
||||
hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
@ -230,7 +230,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
}
|
||||
if (options.strict_modes &&
|
||||
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
|
||||
(st.st_mode & 022) != 0)) {
|
||||
(st.st_mode & 022) != 0)) {
|
||||
log("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.",
|
||||
pw->pw_name);
|
||||
packet_send_debug("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.",
|
||||
|
@ -242,7 +242,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
|
||||
/* Check all .rhosts files (currently .shosts and .rhosts). */
|
||||
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
|
||||
rhosts_file_index++) {
|
||||
rhosts_file_index++) {
|
||||
/* Check users .rhosts or .shosts. */
|
||||
snprintf(buf, sizeof buf, "%.500s/%.100s",
|
||||
pw->pw_dir, rhosts_files[rhosts_file_index]);
|
||||
|
@ -257,7 +257,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
*/
|
||||
if (options.strict_modes &&
|
||||
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
|
||||
(st.st_mode & 022) != 0)) {
|
||||
(st.st_mode & 022) != 0)) {
|
||||
log("Rhosts authentication refused for %.100s: bad modes for %.200s",
|
||||
pw->pw_name, buf);
|
||||
packet_send_debug("Bad file modes for %.200s", buf);
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-skey.c,v 1.12 2001/05/18 14:13:28 markus Exp $");
|
||||
RCSID("$OpenBSD: auth-skey.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#ifdef SKEY
|
||||
|
||||
|
@ -40,7 +40,7 @@ skey_init_ctx(Authctxt *authctxt)
|
|||
#define PROMPT "\nS/Key Password: "
|
||||
|
||||
static int
|
||||
skey_query(void *ctx, char **name, char **infotxt,
|
||||
skey_query(void *ctx, char **name, char **infotxt,
|
||||
u_int* numprompts, char ***prompts, u_int **echo_on)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
|
@ -72,9 +72,9 @@ static int
|
|||
skey_respond(void *ctx, u_int numresponses, char **responses)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
|
||||
|
||||
if (authctxt->valid &&
|
||||
numresponses == 1 &&
|
||||
numresponses == 1 &&
|
||||
skey_haskey(authctxt->pw->pw_name) == 0 &&
|
||||
skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1)
|
||||
return 0;
|
||||
|
|
8
auth.c
8
auth.c
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth.c,v 1.30 2001/11/17 19:14:34 stevesk Exp $");
|
||||
RCSID("$OpenBSD: auth.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#ifdef HAVE_LOGIN_H
|
||||
#include <login.h>
|
||||
|
@ -272,7 +272,7 @@ expand_filename(const char *filename, struct passwd *pw)
|
|||
}
|
||||
if (cp[0] == '%' && cp[1] == 'u') {
|
||||
buffer_append(&buffer, pw->pw_name,
|
||||
strlen(pw->pw_name));
|
||||
strlen(pw->pw_name));
|
||||
cp++;
|
||||
continue;
|
||||
}
|
||||
|
@ -326,7 +326,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
|
|||
if (options.strict_modes &&
|
||||
(stat(user_hostfile, &st) == 0) &&
|
||||
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
|
||||
(st.st_mode & 022) != 0)) {
|
||||
(st.st_mode & 022) != 0)) {
|
||||
log("Authentication refused for %.100s: "
|
||||
"bad owner or modes for %.200s",
|
||||
pw->pw_name, user_hostfile);
|
||||
|
@ -399,7 +399,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
|
|||
if (stat(buf, &st) < 0 ||
|
||||
(st.st_uid != 0 && st.st_uid != uid) ||
|
||||
(st.st_mode & 022) != 0) {
|
||||
snprintf(err, errlen,
|
||||
snprintf(err, errlen,
|
||||
"bad ownership or modes for directory %s", buf);
|
||||
return -1;
|
||||
}
|
||||
|
|
6
auth.h
6
auth.h
|
@ -21,7 +21,7 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* $OpenBSD: auth.h,v 1.24 2001/12/18 10:04:21 jakob Exp $
|
||||
* $OpenBSD: auth.h,v 1.25 2001/12/19 07:18:56 deraadt Exp $
|
||||
*/
|
||||
#ifndef AUTH_H
|
||||
#define AUTH_H
|
||||
|
@ -71,8 +71,8 @@ struct Authctxt {
|
|||
|
||||
/*
|
||||
* Keyboard interactive device:
|
||||
* init_ctx returns: non NULL upon success
|
||||
* query returns: 0 - success, otherwise failure
|
||||
* init_ctx returns: non NULL upon success
|
||||
* query returns: 0 - success, otherwise failure
|
||||
* respond returns: 0 - success, 1 - need further interaction,
|
||||
* otherwise - failure
|
||||
*/
|
||||
|
|
20
auth1.c
20
auth1.c
|
@ -10,7 +10,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth1.c,v 1.26 2001/12/05 03:56:39 itojun Exp $");
|
||||
RCSID("$OpenBSD: auth1.c,v 1.27 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "rsa.h"
|
||||
|
@ -77,7 +77,7 @@ do_authloop(Authctxt *authctxt)
|
|||
struct passwd *pw = authctxt->pw;
|
||||
|
||||
debug("Attempting authentication for %s%.100s.",
|
||||
authctxt->valid ? "" : "illegal user ", authctxt->user);
|
||||
authctxt->valid ? "" : "illegal user ", authctxt->user);
|
||||
|
||||
/* If the user has no password, accept authentication immediately. */
|
||||
if (options.password_authentication &&
|
||||
|
@ -120,17 +120,17 @@ do_authloop(Authctxt *authctxt)
|
|||
verbose("Kerberos authentication disabled.");
|
||||
} else {
|
||||
char *kdata = packet_get_string(&dlen);
|
||||
|
||||
|
||||
packet_integrity_check(plen, 4 + dlen, type);
|
||||
|
||||
|
||||
if (kdata[0] == 4) { /* KRB_PROT_VERSION */
|
||||
#ifdef KRB4
|
||||
KTEXT_ST tkt;
|
||||
|
||||
|
||||
tkt.length = dlen;
|
||||
if (tkt.length < MAX_KTXT_LEN)
|
||||
memcpy(tkt.dat, kdata, tkt.length);
|
||||
|
||||
|
||||
if (auth_krb4(authctxt, &tkt, &client_user)) {
|
||||
authenticated = 1;
|
||||
snprintf(info, sizeof(info),
|
||||
|
@ -143,7 +143,7 @@ do_authloop(Authctxt *authctxt)
|
|||
krb5_data tkt;
|
||||
tkt.length = dlen;
|
||||
tkt.data = kdata;
|
||||
|
||||
|
||||
if (auth_krb5(authctxt, &tkt, &client_user)) {
|
||||
authenticated = 1;
|
||||
snprintf(info, sizeof(info),
|
||||
|
@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt)
|
|||
}
|
||||
break;
|
||||
#endif /* KRB4 || KRB5 */
|
||||
|
||||
|
||||
#if defined(AFS) || defined(KRB5)
|
||||
/* XXX - punt on backward compatibility here. */
|
||||
case SSH_CMSG_HAVE_KERBEROS_TGT:
|
||||
|
@ -168,7 +168,7 @@ do_authloop(Authctxt *authctxt)
|
|||
break;
|
||||
#endif /* AFS */
|
||||
#endif /* AFS || KRB5 */
|
||||
|
||||
|
||||
case SSH_CMSG_AUTH_RHOSTS:
|
||||
if (!options.rhosts_authentication) {
|
||||
verbose("Rhosts authentication disabled.");
|
||||
|
@ -381,7 +381,7 @@ do_authentication(void)
|
|||
/* XXX - SSH.com Kerberos v5 braindeath. */
|
||||
if ((p = strchr(user, '@')) != NULL)
|
||||
*p = '\0';
|
||||
|
||||
|
||||
authctxt = authctxt_new();
|
||||
authctxt->user = user;
|
||||
authctxt->style = style;
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-chall.c,v 1.9 2001/12/09 18:45:56 markus Exp $");
|
||||
RCSID("$OpenBSD: auth2-chall.c,v 1.10 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "ssh2.h"
|
||||
#include "auth.h"
|
||||
|
@ -151,7 +151,7 @@ auth2_challenge(Authctxt *authctxt, char *devs)
|
|||
|
||||
if (authctxt->user == NULL || !devs)
|
||||
return 0;
|
||||
if (authctxt->kbdintctxt == NULL)
|
||||
if (authctxt->kbdintctxt == NULL)
|
||||
authctxt->kbdintctxt = kbdint_alloc(devs);
|
||||
return auth2_challenge_start(authctxt);
|
||||
}
|
||||
|
|
4
auth2.c
4
auth2.c
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2.c,v 1.76 2001/12/18 10:05:15 jakob Exp $");
|
||||
RCSID("$OpenBSD: auth2.c,v 1.77 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
|
@ -721,7 +721,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
|
|||
file, linenum);
|
||||
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
|
||||
verbose("Found matching %s key: %s",
|
||||
key_type(found), fp);
|
||||
key_type(found), fp);
|
||||
xfree(fp);
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: authfile.c,v 1.40 2001/12/05 10:06:12 deraadt Exp $");
|
||||
RCSID("$OpenBSD: authfile.c,v 1.41 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
|
@ -147,7 +147,7 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
|
|||
if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
|
||||
buffer_len(&encrypted)) {
|
||||
error("write to key file %s failed: %s", filename,
|
||||
strerror(errno));
|
||||
strerror(errno));
|
||||
buffer_free(&encrypted);
|
||||
close(fd);
|
||||
unlink(filename);
|
||||
|
@ -450,7 +450,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
|
|||
debug("PEM_read_PrivateKey failed");
|
||||
(void)ERR_get_error();
|
||||
} else if (pk->type == EVP_PKEY_RSA &&
|
||||
(type == KEY_UNSPEC||type==KEY_RSA)) {
|
||||
(type == KEY_UNSPEC||type==KEY_RSA)) {
|
||||
prv = key_new(KEY_UNSPEC);
|
||||
prv->rsa = EVP_PKEY_get1_RSA(pk);
|
||||
prv->type = KEY_RSA;
|
||||
|
@ -459,7 +459,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
|
|||
RSA_print_fp(stderr, prv->rsa, 8);
|
||||
#endif
|
||||
} else if (pk->type == EVP_PKEY_DSA &&
|
||||
(type == KEY_UNSPEC||type==KEY_DSA)) {
|
||||
(type == KEY_UNSPEC||type==KEY_DSA)) {
|
||||
prv = key_new(KEY_UNSPEC);
|
||||
prv->dsa = EVP_PKEY_get1_DSA(pk);
|
||||
prv->type = KEY_DSA;
|
||||
|
|
8
bufaux.c
8
bufaux.c
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.18 2001/12/05 10:06:12 deraadt Exp $");
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include "bufaux.h"
|
||||
|
@ -62,7 +62,7 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value)
|
|||
oi = BN_bn2bin(value, buf);
|
||||
if (oi != bin_size)
|
||||
fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
|
||||
oi, bin_size);
|
||||
oi, bin_size);
|
||||
|
||||
/* Store the number of bits in the buffer in two bytes, msb first. */
|
||||
PUT_16BIT(msg, bits);
|
||||
|
@ -112,14 +112,14 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
|
|||
oi = BN_bn2bin(value, buf+1);
|
||||
if (oi != bytes-1)
|
||||
fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
|
||||
oi, bytes);
|
||||
oi, bytes);
|
||||
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
|
||||
if (value->neg) {
|
||||
/**XXX should be two's-complement */
|
||||
int i, carry;
|
||||
u_char *uc = buf;
|
||||
log("negativ!");
|
||||
for(i = bytes-1, carry = 1; i>=0; i--) {
|
||||
for (i = bytes-1, carry = 1; i>=0; i--) {
|
||||
uc[i] ^= 0xff;
|
||||
if (carry)
|
||||
carry = !++uc[i];
|
||||
|
|
10
canohost.c
10
canohost.c
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: canohost.c,v 1.28 2001/12/05 03:56:39 itojun Exp $");
|
||||
RCSID("$OpenBSD: canohost.c,v 1.29 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -68,13 +68,13 @@ get_remote_hostname(int socket, int reverse_mapping_check)
|
|||
check_ip_options(socket, ntop);
|
||||
|
||||
if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
|
||||
NULL, 0, NI_NUMERICHOST) != 0)
|
||||
NULL, 0, NI_NUMERICHOST) != 0)
|
||||
fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
|
||||
|
||||
debug3("Trying to reverse map address %.100s.", ntop);
|
||||
/* Map the IP address to a host name. */
|
||||
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
|
||||
NULL, 0, NI_NAMEREQD) != 0) {
|
||||
NULL, 0, NI_NAMEREQD) != 0) {
|
||||
/* Host name not found. Use ip address. */
|
||||
log("Could not reverse map address %.100s.", ntop);
|
||||
return xstrdup(ntop);
|
||||
|
@ -230,7 +230,7 @@ get_socket_address(int socket, int remote, int flags)
|
|||
}
|
||||
/* Get the address in ascii. */
|
||||
if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop),
|
||||
NULL, 0, flags) != 0) {
|
||||
NULL, 0, flags) != 0) {
|
||||
error("get_socket_ipaddr: getnameinfo %d failed", flags);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -316,7 +316,7 @@ get_sock_port(int sock, int local)
|
|||
}
|
||||
/* Return port number. */
|
||||
if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
|
||||
strport, sizeof(strport), NI_NUMERICSERV) != 0)
|
||||
strport, sizeof(strport), NI_NUMERICSERV) != 0)
|
||||
fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed");
|
||||
return atoi(strport);
|
||||
}
|
||||
|
|
20
channels.c
20
channels.c
|
@ -39,7 +39,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: channels.c,v 1.147 2001/12/08 17:49:28 stevesk Exp $");
|
||||
RCSID("$OpenBSD: channels.c,v 1.148 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
|
@ -794,7 +794,7 @@ x11_open_helper(Buffer *b)
|
|||
data_len = ucp[8] + 256 * ucp[9];
|
||||
} else {
|
||||
debug("Initial X11 packet contains bad byte order byte: 0x%x",
|
||||
ucp[0]);
|
||||
ucp[0]);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -884,7 +884,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
{
|
||||
u_char *p, *host;
|
||||
int len, have, i, found;
|
||||
char username[256];
|
||||
char username[256];
|
||||
struct {
|
||||
u_int8_t version;
|
||||
u_int8_t command;
|
||||
|
@ -931,7 +931,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
host = inet_ntoa(s4_req.dest_addr);
|
||||
strlcpy(c->path, host, sizeof(c->path));
|
||||
c->host_port = ntohs(s4_req.dest_port);
|
||||
|
||||
|
||||
debug("channel %d: dynamic request: socks4 host %s port %u command %u",
|
||||
c->self, host, c->host_port, s4_req.command);
|
||||
|
||||
|
@ -1373,7 +1373,7 @@ channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
FD_ISSET(c->efd, readset)) {
|
||||
len = read(c->efd, buf, sizeof(buf));
|
||||
debug2("channel %d: read %d from efd %d",
|
||||
c->self, len, c->efd);
|
||||
c->self, len, c->efd);
|
||||
if (len < 0 && (errno == EINTR || errno == EAGAIN))
|
||||
return 1;
|
||||
if (len <= 0) {
|
||||
|
@ -1509,7 +1509,7 @@ static void
|
|||
channel_handler_init(void)
|
||||
{
|
||||
int i;
|
||||
for(i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
|
||||
for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
|
||||
channel_pre[i] = NULL;
|
||||
channel_post[i] = NULL;
|
||||
}
|
||||
|
@ -2414,8 +2414,8 @@ x11_create_display_inet(int x11_display_offset, int gateway_ports)
|
|||
int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
|
||||
|
||||
for (display_number = x11_display_offset;
|
||||
display_number < MAX_DISPLAYS;
|
||||
display_number++) {
|
||||
display_number < MAX_DISPLAYS;
|
||||
display_number++) {
|
||||
port = 6000 + display_number;
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = IPv4or6;
|
||||
|
@ -2541,7 +2541,7 @@ x11_connect_display(void)
|
|||
/* Connect to the unix domain socket. */
|
||||
if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {
|
||||
error("Could not parse display number from DISPLAY: %.100s",
|
||||
display);
|
||||
display);
|
||||
return -1;
|
||||
}
|
||||
/* Create a socket. */
|
||||
|
@ -2566,7 +2566,7 @@ x11_connect_display(void)
|
|||
/* buf now contains the host name. But first we parse the display number. */
|
||||
if (sscanf(cp + 1, "%d", &display_number) != 1) {
|
||||
error("Could not parse display number from DISPLAY: %.100s",
|
||||
display);
|
||||
display);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
12
cipher.c
12
cipher.c
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher.c,v 1.47 2001/08/23 11:31:59 markus Exp $");
|
||||
RCSID("$OpenBSD: cipher.c,v 1.48 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
|
@ -184,14 +184,14 @@ blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
|
|||
}
|
||||
static void
|
||||
blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
|
||||
u_int len)
|
||||
u_int len)
|
||||
{
|
||||
BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
|
||||
BF_ENCRYPT);
|
||||
}
|
||||
static void
|
||||
blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
|
||||
u_int len)
|
||||
u_int len)
|
||||
{
|
||||
BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
|
||||
BF_DECRYPT);
|
||||
|
@ -289,7 +289,7 @@ rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen)
|
|||
static void
|
||||
rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
|
||||
{
|
||||
if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE)
|
||||
if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE)
|
||||
fatal("bad/no IV for %s.", cc->cipher->name);
|
||||
memcpy(cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
|
||||
}
|
||||
|
@ -417,7 +417,7 @@ u_int
|
|||
cipher_mask_ssh1(int client)
|
||||
{
|
||||
u_int mask = 0;
|
||||
mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
|
||||
mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
|
||||
mask |= 1 << SSH_CIPHER_BLOWFISH;
|
||||
if (client) {
|
||||
mask |= 1 << SSH_CIPHER_DES;
|
||||
|
@ -457,7 +457,7 @@ ciphers_valid(const char *names)
|
|||
return 0;
|
||||
ciphers = cp = xstrdup(names);
|
||||
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
|
||||
(p = strsep(&cp, CIPHER_SEP))) {
|
||||
(p = strsep(&cp, CIPHER_SEP))) {
|
||||
c = cipher_by_name(p);
|
||||
if (c == NULL || c->number != SSH_CIPHER_SSH2) {
|
||||
debug("bad cipher %s [%s]", p, names);
|
||||
|
|
16
clientloop.c
16
clientloop.c
|
@ -59,7 +59,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.89 2001/12/05 03:50:01 itojun Exp $");
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.90 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
|
@ -254,7 +254,7 @@ client_make_packets_from_stdin_data(void)
|
|||
|
||||
/* Send buffered stdin data to the server. */
|
||||
while (buffer_len(&stdin_buffer) > 0 &&
|
||||
packet_not_very_much_data_to_write()) {
|
||||
packet_not_very_much_data_to_write()) {
|
||||
len = buffer_len(&stdin_buffer);
|
||||
/* Keep the packets at reasonable size. */
|
||||
if (len > packet_get_maxsize())
|
||||
|
@ -417,9 +417,9 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
|
|||
/* Check if the window size has changed. */
|
||||
if (ioctl(fileno(stdin), TIOCGWINSZ, &newws) >= 0 &&
|
||||
(oldws.ws_row != newws.ws_row ||
|
||||
oldws.ws_col != newws.ws_col ||
|
||||
oldws.ws_xpixel != newws.ws_xpixel ||
|
||||
oldws.ws_ypixel != newws.ws_ypixel))
|
||||
oldws.ws_col != newws.ws_col ||
|
||||
oldws.ws_xpixel != newws.ws_xpixel ||
|
||||
oldws.ws_ypixel != newws.ws_ypixel))
|
||||
received_window_change_signal = 1;
|
||||
|
||||
/* OK, we have been continued by the user. Reinitialize buffers. */
|
||||
|
@ -994,11 +994,11 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
|
|||
/* Report bytes transferred, and transfer rates. */
|
||||
total_time = get_current_time() - start_time;
|
||||
debug("Transferred: stdin %lu, stdout %lu, stderr %lu bytes in %.1f seconds",
|
||||
stdin_bytes, stdout_bytes, stderr_bytes, total_time);
|
||||
stdin_bytes, stdout_bytes, stderr_bytes, total_time);
|
||||
if (total_time > 0)
|
||||
debug("Bytes per second: stdin %.1f, stdout %.1f, stderr %.1f",
|
||||
stdin_bytes / total_time, stdout_bytes / total_time,
|
||||
stderr_bytes / total_time);
|
||||
stdin_bytes / total_time, stdout_bytes / total_time,
|
||||
stderr_bytes / total_time);
|
||||
|
||||
/* Return the exit status of the program. */
|
||||
debug("Exit status %d", exit_status);
|
||||
|
|
18
compat.c
18
compat.c
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: compat.c,v 1.55 2001/12/05 16:54:51 markus Exp $");
|
||||
RCSID("$OpenBSD: compat.c,v 1.56 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -82,19 +82,19 @@ compat_datafellows(const char *version)
|
|||
{ "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
|
||||
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
|
||||
{ "2.0.13*,"
|
||||
"2.0.14*,"
|
||||
"2.0.15*,"
|
||||
"2.0.16*,"
|
||||
"2.0.17*,"
|
||||
"2.0.18*,"
|
||||
{ "2.0.13*,"
|
||||
"2.0.14*,"
|
||||
"2.0.15*,"
|
||||
"2.0.16*,"
|
||||
"2.0.17*,"
|
||||
"2.0.18*,"
|
||||
"2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
|
||||
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
|
||||
SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
|
||||
SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
|
||||
SSH_BUG_DUMMYCHAN },
|
||||
{ "2.0.11*,"
|
||||
{ "2.0.11*,"
|
||||
"2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
|
||||
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
|
||||
|
@ -124,7 +124,7 @@ compat_datafellows(const char *version)
|
|||
{ "1.3.2*", SSH_BUG_IGNOREMSG }, /* f-secure */
|
||||
{ "*SSH Compatible Server*", /* Netscreen */
|
||||
SSH_BUG_PASSWORDPAD },
|
||||
{ "*OSU_0*,"
|
||||
{ "*OSU_0*,"
|
||||
"OSU_1.0*,"
|
||||
"OSU_1.1*,"
|
||||
"OSU_1.2*,"
|
||||
|
|
14
compress.c
14
compress.c
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: compress.c,v 1.15 2001/09/27 11:58:16 markus Exp $");
|
||||
RCSID("$OpenBSD: compress.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "log.h"
|
||||
#include "buffer.h"
|
||||
|
@ -55,13 +55,13 @@ void
|
|||
buffer_compress_uninit(void)
|
||||
{
|
||||
debug("compress outgoing: raw data %lu, compressed %lu, factor %.2f",
|
||||
outgoing_stream.total_in, outgoing_stream.total_out,
|
||||
outgoing_stream.total_in == 0 ? 0.0 :
|
||||
(double) outgoing_stream.total_out / outgoing_stream.total_in);
|
||||
outgoing_stream.total_in, outgoing_stream.total_out,
|
||||
outgoing_stream.total_in == 0 ? 0.0 :
|
||||
(double) outgoing_stream.total_out / outgoing_stream.total_in);
|
||||
debug("compress incoming: raw data %lu, compressed %lu, factor %.2f",
|
||||
incoming_stream.total_out, incoming_stream.total_in,
|
||||
incoming_stream.total_out == 0 ? 0.0 :
|
||||
(double) incoming_stream.total_in / incoming_stream.total_out);
|
||||
incoming_stream.total_out, incoming_stream.total_in,
|
||||
incoming_stream.total_out == 0 ? 0.0 :
|
||||
(double) incoming_stream.total_in / incoming_stream.total_out);
|
||||
if (compress_init_recv_called == 1)
|
||||
inflateEnd(&incoming_stream);
|
||||
if (compress_init_send_called == 1)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: deattack.c,v 1.16 2001/12/05 03:56:39 itojun Exp $ */
|
||||
/* $OpenBSD: deattack.c,v 1.17 2001/12/19 07:18:56 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Cryptographic attack detector for ssh - source code
|
||||
|
@ -37,7 +37,7 @@
|
|||
#define HASH_FACTOR(x) ((x)*3/2)
|
||||
#define HASH_UNUSEDCHAR (0xff)
|
||||
#define HASH_UNUSED (0xffff)
|
||||
#define HASH_IV (0xfffe)
|
||||
#define HASH_IV (0xfffe)
|
||||
|
||||
#define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
|
||||
|
||||
|
@ -135,7 +135,7 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
|
|||
|
||||
for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
|
||||
for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
|
||||
i = (i + 1) & (n - 1)) {
|
||||
i = (i + 1) & (n - 1)) {
|
||||
if (h[i] == HASH_IV) {
|
||||
if (!CMP(c, IV)) {
|
||||
if (check_crc(c, buf, len, IV))
|
||||
|
|
8
key.c
8
key.c
|
@ -32,7 +32,7 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: key.c,v 1.35 2001/12/05 10:06:12 deraadt Exp $");
|
||||
RCSID("$OpenBSD: key.c,v 1.36 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
|
@ -219,7 +219,7 @@ key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
|
|||
|
||||
retval = xmalloc(dgst_raw_len * 3 + 1);
|
||||
retval[0] = '\0';
|
||||
for(i = 0; i < dgst_raw_len; i++) {
|
||||
for (i = 0; i < dgst_raw_len; i++) {
|
||||
char hex[4];
|
||||
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
|
||||
strlcat(retval, hex, dgst_raw_len * 3);
|
||||
|
@ -281,7 +281,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
|
|||
char *retval = NULL;
|
||||
u_char *dgst_raw;
|
||||
size_t dgst_raw_len;
|
||||
|
||||
|
||||
dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
|
||||
if (!dgst_raw)
|
||||
fatal("key_fingerprint: null from key_fingerprint_raw()");
|
||||
|
@ -641,7 +641,7 @@ key_names_valid2(const char *names)
|
|||
return 0;
|
||||
s = cp = xstrdup(names);
|
||||
for ((p = strsep(&cp, ",")); p && *p != '\0';
|
||||
(p = strsep(&cp, ","))) {
|
||||
(p = strsep(&cp, ","))) {
|
||||
switch (key_type_from_name(p)) {
|
||||
case KEY_RSA1:
|
||||
case KEY_UNSPEC:
|
||||
|
|
4
log.c
4
log.c
|
@ -34,7 +34,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: log.c,v 1.18 2001/06/26 17:27:23 markus Exp $");
|
||||
RCSID("$OpenBSD: log.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "log.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -242,7 +242,7 @@ fatal_cleanup(void)
|
|||
for (cu = fatal_cleanups; cu; cu = next_cu) {
|
||||
next_cu = cu->next;
|
||||
debug("Calling cleanup 0x%lx(0x%lx)",
|
||||
(u_long) cu->proc, (u_long) cu->context);
|
||||
(u_long) cu->proc, (u_long) cu->context);
|
||||
(*cu->proc) (cu->context);
|
||||
}
|
||||
exit(255);
|
||||
|
|
4
mac.c
4
mac.c
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: mac.c,v 1.2 2001/04/05 10:42:51 markus Exp $");
|
||||
RCSID("$OpenBSD: mac.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
|
@ -99,7 +99,7 @@ mac_valid(const char *names)
|
|||
return (0);
|
||||
maclist = cp = xstrdup(names);
|
||||
for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
|
||||
(p = strsep(&cp, MAC_SEP))) {
|
||||
(p = strsep(&cp, MAC_SEP))) {
|
||||
if (mac_init(NULL, p) < 0) {
|
||||
debug("bad mac %s [%s]", p, names);
|
||||
xfree(maclist);
|
||||
|
|
12
match.c
12
match.c
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: match.c,v 1.15 2001/12/05 16:54:51 markus Exp $");
|
||||
RCSID("$OpenBSD: match.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "match.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -133,10 +133,10 @@ match_pattern_list(const char *string, const char *pattern, u_int len,
|
|||
* subpattern to lowercase.
|
||||
*/
|
||||
for (subi = 0;
|
||||
i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
|
||||
subi++, i++)
|
||||
i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
|
||||
subi++, i++)
|
||||
sub[subi] = dolower && isupper(pattern[i]) ?
|
||||
tolower(pattern[i]) : pattern[i];
|
||||
tolower(pattern[i]) : pattern[i];
|
||||
/* If subpattern too long, return failure (no match). */
|
||||
if (subi >= sizeof(sub) - 1)
|
||||
return 0;
|
||||
|
@ -239,7 +239,7 @@ match_list(const char *client, const char *server, u_int *next)
|
|||
s = sp = xstrdup(server);
|
||||
|
||||
for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
|
||||
(p = strsep(&sp, SEP)), i++) {
|
||||
(p = strsep(&sp, SEP)), i++) {
|
||||
if (i < MAX_PROP)
|
||||
sproposals[i] = p;
|
||||
else
|
||||
|
@ -248,7 +248,7 @@ match_list(const char *client, const char *server, u_int *next)
|
|||
nproposals = i;
|
||||
|
||||
for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
|
||||
(p = strsep(&cp, SEP)), i++) {
|
||||
(p = strsep(&cp, SEP)), i++) {
|
||||
for (j = 0; j < nproposals; j++) {
|
||||
if (strcmp(p, sproposals[j]) == 0) {
|
||||
ret = xstrdup(p);
|
||||
|
|
6
misc.c
6
misc.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: misc.c,v 1.13 2001/12/05 10:06:12 deraadt Exp $ */
|
||||
/* $OpenBSD: misc.c,v 1.14 2001/12/19 07:18:56 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -25,7 +25,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: misc.c,v 1.13 2001/12/05 10:06:12 deraadt Exp $");
|
||||
RCSID("$OpenBSD: misc.c,v 1.14 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "misc.h"
|
||||
#include "log.h"
|
||||
|
@ -298,7 +298,7 @@ addargs(arglist *args, char *fmt, ...)
|
|||
if (args->list == NULL) {
|
||||
args->nalloc = 32;
|
||||
args->num = 0;
|
||||
} else if (args->num+2 >= args->nalloc)
|
||||
} else if (args->num+2 >= args->nalloc)
|
||||
args->nalloc *= 2;
|
||||
|
||||
args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
|
||||
|
|
10
nchan.c
10
nchan.c
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: nchan.c,v 1.32 2001/10/10 22:18:47 markus Exp $");
|
||||
RCSID("$OpenBSD: nchan.c,v 1.33 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "ssh1.h"
|
||||
#include "ssh2.h"
|
||||
|
@ -273,7 +273,7 @@ chan_send_oclose1(Channel *c)
|
|||
break;
|
||||
default:
|
||||
error("channel %d: cannot send oclose for ostate %d",
|
||||
c->self, c->ostate);
|
||||
c->self, c->ostate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -322,7 +322,7 @@ chan_ibuf_empty2(Channel *c)
|
|||
debug("channel %d: ibuf empty", c->self);
|
||||
if (buffer_len(&c->input)) {
|
||||
error("channel %d: chan_ibuf_empty for non empty buffer",
|
||||
c->self);
|
||||
c->self);
|
||||
return;
|
||||
}
|
||||
switch (c->istate) {
|
||||
|
@ -334,7 +334,7 @@ chan_ibuf_empty2(Channel *c)
|
|||
break;
|
||||
default:
|
||||
error("channel %d: chan_ibuf_empty for istate %d",
|
||||
c->self, c->istate);
|
||||
c->self, c->istate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -458,7 +458,7 @@ chan_is_dead(Channel *c, int send)
|
|||
debug2("channel %d: active efd: %d len %d type %s",
|
||||
c->self, c->efd, buffer_len(&c->extended),
|
||||
c->extended_usage==CHAN_EXTENDED_READ ?
|
||||
"read": "write");
|
||||
"read": "write");
|
||||
} else {
|
||||
if (!(c->flags & CHAN_CLOSE_SENT)) {
|
||||
if (send) {
|
||||
|
|
8
packet.c
8
packet.c
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: packet.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $");
|
||||
RCSID("$OpenBSD: packet.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
|
@ -380,7 +380,7 @@ packet_send1(void)
|
|||
buffer_compress(&outgoing_packet, &compression_buffer);
|
||||
buffer_clear(&outgoing_packet);
|
||||
buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
|
||||
buffer_len(&compression_buffer));
|
||||
buffer_len(&compression_buffer));
|
||||
}
|
||||
/* Compute packet length without padding (add checksum, remove padding). */
|
||||
len = buffer_len(&outgoing_packet) + 4 - 8;
|
||||
|
@ -414,7 +414,7 @@ packet_send1(void)
|
|||
buffer_append(&output, buf, 4);
|
||||
buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));
|
||||
cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),
|
||||
buffer_len(&outgoing_packet));
|
||||
buffer_len(&outgoing_packet));
|
||||
|
||||
#ifdef PACKET_DEBUG
|
||||
fprintf(stderr, "encrypted: ");
|
||||
|
@ -1277,7 +1277,7 @@ packet_send_ignore(int nbytes)
|
|||
|
||||
packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
|
||||
packet_put_int(nbytes);
|
||||
for(i = 0; i < nbytes; i++) {
|
||||
for (i = 0; i < nbytes; i++) {
|
||||
if (i % 4 == 0)
|
||||
rand = arc4random();
|
||||
packet_put_char(rand & 0xff);
|
||||
|
|
32
readconf.c
32
readconf.c
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: readconf.c,v 1.92 2001/11/17 19:14:34 stevesk Exp $");
|
||||
RCSID("$OpenBSD: readconf.c,v 1.93 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -115,7 +115,7 @@ typedef enum {
|
|||
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
||||
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
||||
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
|
||||
oClearAllForwardings, oNoHostAuthenticationForLocalhost
|
||||
oClearAllForwardings, oNoHostAuthenticationForLocalhost
|
||||
} OpCodes;
|
||||
|
||||
/* Textual representations of the tokens. */
|
||||
|
@ -185,8 +185,8 @@ static struct {
|
|||
{ "hostkeyalgorithms", oHostKeyAlgorithms },
|
||||
{ "bindaddress", oBindAddress },
|
||||
{ "smartcarddevice", oSmartcardDevice },
|
||||
{ "clearallforwardings", oClearAllForwardings },
|
||||
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
|
||||
{ "clearallforwardings", oClearAllForwardings },
|
||||
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
|
||||
{ NULL, oBadOption }
|
||||
};
|
||||
|
||||
|
@ -225,7 +225,7 @@ add_remote_forward(Options *options, u_short port, const char *host,
|
|||
Forward *fwd;
|
||||
if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
|
||||
fatal("Too many remote forwards (max %d).",
|
||||
SSH_MAX_FORWARDS_PER_DIRECTION);
|
||||
SSH_MAX_FORWARDS_PER_DIRECTION);
|
||||
fwd = &options->remote_forwards[options->num_remote_forwards++];
|
||||
fwd->port = port;
|
||||
fwd->host = xstrdup(host);
|
||||
|
@ -394,7 +394,7 @@ parse_flag:
|
|||
arg = strdelim(&s);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%.200s line %d: Missing yes/no/ask argument.",
|
||||
filename, linenum);
|
||||
filename, linenum);
|
||||
value = 0; /* To avoid compiler warning... */
|
||||
if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
|
||||
value = 1;
|
||||
|
@ -436,7 +436,7 @@ parse_flag:
|
|||
intptr = &options->num_identity_files;
|
||||
if (*intptr >= SSH_MAX_IDENTITY_FILES)
|
||||
fatal("%.200s line %d: Too many identity files specified (max %d).",
|
||||
filename, linenum, SSH_MAX_IDENTITY_FILES);
|
||||
filename, linenum, SSH_MAX_IDENTITY_FILES);
|
||||
charptr = &options->identity_files[*intptr];
|
||||
*charptr = xstrdup(arg);
|
||||
*intptr = *intptr + 1;
|
||||
|
@ -536,7 +536,7 @@ parse_int:
|
|||
value = cipher_number(arg);
|
||||
if (value == -1)
|
||||
fatal("%.200s line %d: Bad cipher '%s'.",
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
if (*activep && *intptr == -1)
|
||||
*intptr = value;
|
||||
break;
|
||||
|
@ -547,7 +547,7 @@ parse_int:
|
|||
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
||||
if (!ciphers_valid(arg))
|
||||
fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
if (*activep && options->ciphers == NULL)
|
||||
options->ciphers = xstrdup(arg);
|
||||
break;
|
||||
|
@ -558,7 +558,7 @@ parse_int:
|
|||
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
||||
if (!mac_valid(arg))
|
||||
fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
if (*activep && options->macs == NULL)
|
||||
options->macs = xstrdup(arg);
|
||||
break;
|
||||
|
@ -569,7 +569,7 @@ parse_int:
|
|||
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
||||
if (!key_names_valid2(arg))
|
||||
fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
if (*activep && options->hostkeyalgorithms == NULL)
|
||||
options->hostkeyalgorithms = xstrdup(arg);
|
||||
break;
|
||||
|
@ -582,7 +582,7 @@ parse_int:
|
|||
value = proto_spec(arg);
|
||||
if (value == SSH_PROTO_UNKNOWN)
|
||||
fatal("%.200s line %d: Bad protocol spec '%s'.",
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
if (*activep && *intptr == SSH_PROTO_UNKNOWN)
|
||||
*intptr = value;
|
||||
break;
|
||||
|
@ -593,7 +593,7 @@ parse_int:
|
|||
value = log_level_number(arg);
|
||||
if (value == (LogLevel) - 1)
|
||||
fatal("%.200s line %d: unsupported log level '%s'",
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
if (*activep && (LogLevel) * intptr == -1)
|
||||
*intptr = (LogLevel) value;
|
||||
break;
|
||||
|
@ -670,7 +670,7 @@ parse_int:
|
|||
value = SSH_ESCAPECHAR_NONE;
|
||||
else {
|
||||
fatal("%.200s line %d: Bad escape character.",
|
||||
filename, linenum);
|
||||
filename, linenum);
|
||||
/* NOTREACHED */
|
||||
value = 0; /* Avoid compiler warning. */
|
||||
}
|
||||
|
@ -685,7 +685,7 @@ parse_int:
|
|||
/* Check that there is no garbage at end of line. */
|
||||
if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
|
||||
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
|
||||
filename, linenum, arg);
|
||||
filename, linenum, arg);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -727,7 +727,7 @@ read_config_file(const char *filename, const char *host, Options *options)
|
|||
fclose(f);
|
||||
if (bad_options > 0)
|
||||
fatal("%s: terminating, %d bad configuration options",
|
||||
filename, bad_options);
|
||||
filename, bad_options);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
351
rijndael.c
351
rijndael.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: rijndael.c,v 1.12 2001/09/13 09:48:39 markus Exp $ */
|
||||
/* $OpenBSD: rijndael.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $ */
|
||||
|
||||
/**
|
||||
* rijndael-alg-fst.c
|
||||
|
@ -775,32 +775,31 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int
|
|||
rk[6] = GETU32(cipherKey + 24);
|
||||
rk[7] = GETU32(cipherKey + 28);
|
||||
if (keyBits == 256) {
|
||||
for (;;) {
|
||||
temp = rk[ 7];
|
||||
rk[ 8] = rk[ 0] ^
|
||||
(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
(Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
(Te4[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
(Te4[(temp >> 24) ] & 0x000000ff) ^
|
||||
rcon[i];
|
||||
rk[ 9] = rk[ 1] ^ rk[ 8];
|
||||
rk[10] = rk[ 2] ^ rk[ 9];
|
||||
rk[11] = rk[ 3] ^ rk[10];
|
||||
if (++i == 7) {
|
||||
return 14;
|
||||
}
|
||||
temp = rk[11];
|
||||
rk[12] = rk[ 4] ^
|
||||
(Te4[(temp >> 24) ] & 0xff000000) ^
|
||||
(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
|
||||
(Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
|
||||
(Te4[(temp ) & 0xff] & 0x000000ff);
|
||||
rk[13] = rk[ 5] ^ rk[12];
|
||||
rk[14] = rk[ 6] ^ rk[13];
|
||||
rk[15] = rk[ 7] ^ rk[14];
|
||||
|
||||
for (;;) {
|
||||
temp = rk[ 7];
|
||||
rk[ 8] = rk[ 0] ^
|
||||
(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
|
||||
(Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
|
||||
(Te4[(temp ) & 0xff] & 0x0000ff00) ^
|
||||
(Te4[(temp >> 24) ] & 0x000000ff) ^
|
||||
rcon[i];
|
||||
rk[ 9] = rk[ 1] ^ rk[ 8];
|
||||
rk[10] = rk[ 2] ^ rk[ 9];
|
||||
rk[11] = rk[ 3] ^ rk[10];
|
||||
if (++i == 7) {
|
||||
return 14;
|
||||
}
|
||||
temp = rk[11];
|
||||
rk[12] = rk[ 4] ^
|
||||
(Te4[(temp >> 24) ] & 0xff000000) ^
|
||||
(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
|
||||
(Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
|
||||
(Te4[(temp ) & 0xff] & 0x000000ff);
|
||||
rk[13] = rk[ 5] ^ rk[12];
|
||||
rk[14] = rk[ 6] ^ rk[13];
|
||||
rk[15] = rk[ 7] ^ rk[14];
|
||||
rk += 8;
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -917,28 +916,28 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
|
|||
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
|
||||
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
|
||||
if (Nr > 10) {
|
||||
/* round 10: */
|
||||
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
|
||||
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
|
||||
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
|
||||
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
|
||||
/* round 11: */
|
||||
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
|
||||
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
|
||||
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
|
||||
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
|
||||
if (Nr > 12) {
|
||||
/* round 12: */
|
||||
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
|
||||
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
|
||||
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
|
||||
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
|
||||
/* round 13: */
|
||||
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
|
||||
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
|
||||
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
|
||||
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
|
||||
}
|
||||
/* round 10: */
|
||||
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
|
||||
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
|
||||
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
|
||||
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
|
||||
/* round 11: */
|
||||
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
|
||||
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
|
||||
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
|
||||
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
|
||||
if (Nr > 12) {
|
||||
/* round 12: */
|
||||
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
|
||||
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
|
||||
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
|
||||
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
|
||||
/* round 13: */
|
||||
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
|
||||
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
|
||||
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
|
||||
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
|
||||
}
|
||||
}
|
||||
rk += Nr << 2;
|
||||
#else /* !FULL_UNROLL */
|
||||
|
@ -947,60 +946,60 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
|
|||
*/
|
||||
r = Nr >> 1;
|
||||
for (;;) {
|
||||
t0 =
|
||||
Te0[(s0 >> 24) ] ^
|
||||
Te1[(s1 >> 16) & 0xff] ^
|
||||
Te2[(s2 >> 8) & 0xff] ^
|
||||
Te3[(s3 ) & 0xff] ^
|
||||
rk[4];
|
||||
t1 =
|
||||
Te0[(s1 >> 24) ] ^
|
||||
Te1[(s2 >> 16) & 0xff] ^
|
||||
Te2[(s3 >> 8) & 0xff] ^
|
||||
Te3[(s0 ) & 0xff] ^
|
||||
rk[5];
|
||||
t2 =
|
||||
Te0[(s2 >> 24) ] ^
|
||||
Te1[(s3 >> 16) & 0xff] ^
|
||||
Te2[(s0 >> 8) & 0xff] ^
|
||||
Te3[(s1 ) & 0xff] ^
|
||||
rk[6];
|
||||
t3 =
|
||||
Te0[(s3 >> 24) ] ^
|
||||
Te1[(s0 >> 16) & 0xff] ^
|
||||
Te2[(s1 >> 8) & 0xff] ^
|
||||
Te3[(s2 ) & 0xff] ^
|
||||
rk[7];
|
||||
t0 =
|
||||
Te0[(s0 >> 24) ] ^
|
||||
Te1[(s1 >> 16) & 0xff] ^
|
||||
Te2[(s2 >> 8) & 0xff] ^
|
||||
Te3[(s3 ) & 0xff] ^
|
||||
rk[4];
|
||||
t1 =
|
||||
Te0[(s1 >> 24) ] ^
|
||||
Te1[(s2 >> 16) & 0xff] ^
|
||||
Te2[(s3 >> 8) & 0xff] ^
|
||||
Te3[(s0 ) & 0xff] ^
|
||||
rk[5];
|
||||
t2 =
|
||||
Te0[(s2 >> 24) ] ^
|
||||
Te1[(s3 >> 16) & 0xff] ^
|
||||
Te2[(s0 >> 8) & 0xff] ^
|
||||
Te3[(s1 ) & 0xff] ^
|
||||
rk[6];
|
||||
t3 =
|
||||
Te0[(s3 >> 24) ] ^
|
||||
Te1[(s0 >> 16) & 0xff] ^
|
||||
Te2[(s1 >> 8) & 0xff] ^
|
||||
Te3[(s2 ) & 0xff] ^
|
||||
rk[7];
|
||||
|
||||
rk += 8;
|
||||
if (--r == 0) {
|
||||
break;
|
||||
}
|
||||
rk += 8;
|
||||
if (--r == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
s0 =
|
||||
Te0[(t0 >> 24) ] ^
|
||||
Te1[(t1 >> 16) & 0xff] ^
|
||||
Te2[(t2 >> 8) & 0xff] ^
|
||||
Te3[(t3 ) & 0xff] ^
|
||||
rk[0];
|
||||
s1 =
|
||||
Te0[(t1 >> 24) ] ^
|
||||
Te1[(t2 >> 16) & 0xff] ^
|
||||
Te2[(t3 >> 8) & 0xff] ^
|
||||
Te3[(t0 ) & 0xff] ^
|
||||
rk[1];
|
||||
s2 =
|
||||
Te0[(t2 >> 24) ] ^
|
||||
Te1[(t3 >> 16) & 0xff] ^
|
||||
Te2[(t0 >> 8) & 0xff] ^
|
||||
Te3[(t1 ) & 0xff] ^
|
||||
rk[2];
|
||||
s3 =
|
||||
Te0[(t3 >> 24) ] ^
|
||||
Te1[(t0 >> 16) & 0xff] ^
|
||||
Te2[(t1 >> 8) & 0xff] ^
|
||||
Te3[(t2 ) & 0xff] ^
|
||||
rk[3];
|
||||
s0 =
|
||||
Te0[(t0 >> 24) ] ^
|
||||
Te1[(t1 >> 16) & 0xff] ^
|
||||
Te2[(t2 >> 8) & 0xff] ^
|
||||
Te3[(t3 ) & 0xff] ^
|
||||
rk[0];
|
||||
s1 =
|
||||
Te0[(t1 >> 24) ] ^
|
||||
Te1[(t2 >> 16) & 0xff] ^
|
||||
Te2[(t3 >> 8) & 0xff] ^
|
||||
Te3[(t0 ) & 0xff] ^
|
||||
rk[1];
|
||||
s2 =
|
||||
Te0[(t2 >> 24) ] ^
|
||||
Te1[(t3 >> 16) & 0xff] ^
|
||||
Te2[(t0 >> 8) & 0xff] ^
|
||||
Te3[(t1 ) & 0xff] ^
|
||||
rk[2];
|
||||
s3 =
|
||||
Te0[(t3 >> 24) ] ^
|
||||
Te1[(t0 >> 16) & 0xff] ^
|
||||
Te2[(t1 >> 8) & 0xff] ^
|
||||
Te3[(t2 ) & 0xff] ^
|
||||
rk[3];
|
||||
}
|
||||
#endif /* ?FULL_UNROLL */
|
||||
/*
|
||||
|
@ -1098,28 +1097,28 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16
|
|||
t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
|
||||
t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
|
||||
if (Nr > 10) {
|
||||
/* round 10: */
|
||||
s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
|
||||
s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
|
||||
s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
|
||||
s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
|
||||
/* round 11: */
|
||||
t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
|
||||
t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
|
||||
t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
|
||||
t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
|
||||
if (Nr > 12) {
|
||||
/* round 12: */
|
||||
s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
|
||||
s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
|
||||
s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
|
||||
s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
|
||||
/* round 13: */
|
||||
t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
|
||||
t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
|
||||
t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
|
||||
t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
|
||||
}
|
||||
/* round 10: */
|
||||
s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
|
||||
s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
|
||||
s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
|
||||
s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
|
||||
/* round 11: */
|
||||
t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
|
||||
t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
|
||||
t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
|
||||
t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
|
||||
if (Nr > 12) {
|
||||
/* round 12: */
|
||||
s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
|
||||
s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
|
||||
s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
|
||||
s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
|
||||
/* round 13: */
|
||||
t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
|
||||
t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
|
||||
t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
|
||||
t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
|
||||
}
|
||||
}
|
||||
rk += Nr << 2;
|
||||
#else /* !FULL_UNROLL */
|
||||
|
@ -1128,60 +1127,60 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16
|
|||
*/
|
||||
r = Nr >> 1;
|
||||
for (;;) {
|
||||
t0 =
|
||||
Td0[(s0 >> 24) ] ^
|
||||
Td1[(s3 >> 16) & 0xff] ^
|
||||
Td2[(s2 >> 8) & 0xff] ^
|
||||
Td3[(s1 ) & 0xff] ^
|
||||
rk[4];
|
||||
t1 =
|
||||
Td0[(s1 >> 24) ] ^
|
||||
Td1[(s0 >> 16) & 0xff] ^
|
||||
Td2[(s3 >> 8) & 0xff] ^
|
||||
Td3[(s2 ) & 0xff] ^
|
||||
rk[5];
|
||||
t2 =
|
||||
Td0[(s2 >> 24) ] ^
|
||||
Td1[(s1 >> 16) & 0xff] ^
|
||||
Td2[(s0 >> 8) & 0xff] ^
|
||||
Td3[(s3 ) & 0xff] ^
|
||||
rk[6];
|
||||
t3 =
|
||||
Td0[(s3 >> 24) ] ^
|
||||
Td1[(s2 >> 16) & 0xff] ^
|
||||
Td2[(s1 >> 8) & 0xff] ^
|
||||
Td3[(s0 ) & 0xff] ^
|
||||
rk[7];
|
||||
t0 =
|
||||
Td0[(s0 >> 24) ] ^
|
||||
Td1[(s3 >> 16) & 0xff] ^
|
||||
Td2[(s2 >> 8) & 0xff] ^
|
||||
Td3[(s1 ) & 0xff] ^
|
||||
rk[4];
|
||||
t1 =
|
||||
Td0[(s1 >> 24) ] ^
|
||||
Td1[(s0 >> 16) & 0xff] ^
|
||||
Td2[(s3 >> 8) & 0xff] ^
|
||||
Td3[(s2 ) & 0xff] ^
|
||||
rk[5];
|
||||
t2 =
|
||||
Td0[(s2 >> 24) ] ^
|
||||
Td1[(s1 >> 16) & 0xff] ^
|
||||
Td2[(s0 >> 8) & 0xff] ^
|
||||
Td3[(s3 ) & 0xff] ^
|
||||
rk[6];
|
||||
t3 =
|
||||
Td0[(s3 >> 24) ] ^
|
||||
Td1[(s2 >> 16) & 0xff] ^
|
||||
Td2[(s1 >> 8) & 0xff] ^
|
||||
Td3[(s0 ) & 0xff] ^
|
||||
rk[7];
|
||||
|
||||
rk += 8;
|
||||
if (--r == 0) {
|
||||
break;
|
||||
}
|
||||
rk += 8;
|
||||
if (--r == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
s0 =
|
||||
Td0[(t0 >> 24) ] ^
|
||||
Td1[(t3 >> 16) & 0xff] ^
|
||||
Td2[(t2 >> 8) & 0xff] ^
|
||||
Td3[(t1 ) & 0xff] ^
|
||||
rk[0];
|
||||
s1 =
|
||||
Td0[(t1 >> 24) ] ^
|
||||
Td1[(t0 >> 16) & 0xff] ^
|
||||
Td2[(t3 >> 8) & 0xff] ^
|
||||
Td3[(t2 ) & 0xff] ^
|
||||
rk[1];
|
||||
s2 =
|
||||
Td0[(t2 >> 24) ] ^
|
||||
Td1[(t1 >> 16) & 0xff] ^
|
||||
Td2[(t0 >> 8) & 0xff] ^
|
||||
Td3[(t3 ) & 0xff] ^
|
||||
rk[2];
|
||||
s3 =
|
||||
Td0[(t3 >> 24) ] ^
|
||||
Td1[(t2 >> 16) & 0xff] ^
|
||||
Td2[(t1 >> 8) & 0xff] ^
|
||||
Td3[(t0 ) & 0xff] ^
|
||||
rk[3];
|
||||
s0 =
|
||||
Td0[(t0 >> 24) ] ^
|
||||
Td1[(t3 >> 16) & 0xff] ^
|
||||
Td2[(t2 >> 8) & 0xff] ^
|
||||
Td3[(t1 ) & 0xff] ^
|
||||
rk[0];
|
||||
s1 =
|
||||
Td0[(t1 >> 24) ] ^
|
||||
Td1[(t0 >> 16) & 0xff] ^
|
||||
Td2[(t3 >> 8) & 0xff] ^
|
||||
Td3[(t2 ) & 0xff] ^
|
||||
rk[1];
|
||||
s2 =
|
||||
Td0[(t2 >> 24) ] ^
|
||||
Td1[(t1 >> 16) & 0xff] ^
|
||||
Td2[(t0 >> 8) & 0xff] ^
|
||||
Td3[(t3 ) & 0xff] ^
|
||||
rk[2];
|
||||
s3 =
|
||||
Td0[(t3 >> 24) ] ^
|
||||
Td1[(t2 >> 16) & 0xff] ^
|
||||
Td2[(t1 >> 8) & 0xff] ^
|
||||
Td3[(t0 ) & 0xff] ^
|
||||
rk[3];
|
||||
}
|
||||
#endif /* ?FULL_UNROLL */
|
||||
/*
|
||||
|
@ -1222,13 +1221,13 @@ void
|
|||
rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt)
|
||||
{
|
||||
ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
|
||||
if (encrypt) {
|
||||
if (encrypt) {
|
||||
ctx->decrypt = 0;
|
||||
memset(ctx->dk, 0, sizeof(ctx->dk));
|
||||
} else {
|
||||
ctx->decrypt = 1;
|
||||
memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek));
|
||||
rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
|
||||
rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: rijndael.h,v 1.11 2001/09/13 09:48:39 markus Exp $ */
|
||||
/* $OpenBSD: rijndael.h,v 1.12 2001/12/19 07:18:56 deraadt Exp $ */
|
||||
|
||||
/**
|
||||
* rijndael-alg-fst.h
|
||||
|
@ -32,8 +32,8 @@
|
|||
#define MAXKB (256/8)
|
||||
#define MAXNR 14
|
||||
|
||||
typedef unsigned char u8;
|
||||
typedef unsigned short u16;
|
||||
typedef unsigned char u8;
|
||||
typedef unsigned short u16;
|
||||
typedef unsigned int u32;
|
||||
|
||||
/* The structure for key information */
|
||||
|
|
16
scard.c
16
scard.c
|
@ -24,7 +24,7 @@
|
|||
|
||||
#include "includes.h"
|
||||
#ifdef SMARTCARD
|
||||
RCSID("$OpenBSD: scard.c,v 1.15 2001/09/28 09:49:31 djm Exp $");
|
||||
RCSID("$OpenBSD: scard.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/engine.h>
|
||||
#include <sectok.h>
|
||||
|
@ -48,7 +48,7 @@ static int cla = 0x00; /* class */
|
|||
|
||||
/* interface to libsectok */
|
||||
|
||||
static int
|
||||
static int
|
||||
sc_open(void)
|
||||
{
|
||||
int sw;
|
||||
|
@ -79,7 +79,7 @@ sc_open(void)
|
|||
return sc_fd;
|
||||
}
|
||||
|
||||
static int
|
||||
static int
|
||||
sc_enable_applet(void)
|
||||
{
|
||||
static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
|
||||
|
@ -95,7 +95,7 @@ sc_enable_applet(void)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
static int
|
||||
sc_init(void)
|
||||
{
|
||||
int status;
|
||||
|
@ -115,7 +115,7 @@ sc_init(void)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
static int
|
||||
sc_read_pubkey(Key * k)
|
||||
{
|
||||
u_char buf[2], *n;
|
||||
|
@ -133,7 +133,7 @@ sc_read_pubkey(Key * k)
|
|||
|
||||
/* get key size */
|
||||
sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
|
||||
sizeof(buf), buf, &sw);
|
||||
sizeof(buf), buf, &sw);
|
||||
if (!sectok_swOK(sw)) {
|
||||
error("could not obtain key length: %s", sectok_get_sw(sw));
|
||||
goto err;
|
||||
|
@ -204,7 +204,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
|
|||
goto err;
|
||||
}
|
||||
sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
|
||||
len, padded, &sw);
|
||||
len, padded, &sw);
|
||||
if (!sectok_swOK(sw)) {
|
||||
error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
|
||||
sectok_get_sw(sw));
|
||||
|
@ -249,7 +249,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
|
|||
goto err;
|
||||
}
|
||||
sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
|
||||
len, to, &sw);
|
||||
len, to, &sw);
|
||||
if (!sectok_swOK(sw)) {
|
||||
error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
|
||||
sectok_get_sw(sw));
|
||||
|
|
20
servconf.c
20
servconf.c
|
@ -10,7 +10,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: servconf.c,v 1.94 2001/12/06 13:30:05 markus Exp $");
|
||||
RCSID("$OpenBSD: servconf.c,v 1.95 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
#include <krb.h>
|
||||
|
@ -190,7 +190,7 @@ fill_default_server_options(ServerOptions *options)
|
|||
if (options->kerberos_tgt_passing == -1)
|
||||
options->kerberos_tgt_passing = 0;
|
||||
#endif
|
||||
#ifdef AFS
|
||||
#ifdef AFS
|
||||
if (options->afs_token_passing == -1)
|
||||
options->afs_token_passing = k_hasafs();
|
||||
#endif
|
||||
|
@ -217,7 +217,7 @@ fill_default_server_options(ServerOptions *options)
|
|||
if (options->reverse_mapping_check == -1)
|
||||
options->reverse_mapping_check = 0;
|
||||
if (options->client_alive_interval == -1)
|
||||
options->client_alive_interval = 0;
|
||||
options->client_alive_interval = 0;
|
||||
if (options->client_alive_count_max == -1)
|
||||
options->client_alive_count_max = 3;
|
||||
if (options->authorized_keys_file2 == NULL) {
|
||||
|
@ -259,7 +259,7 @@ typedef enum {
|
|||
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
|
||||
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
|
||||
sBanner, sReverseMappingCheck, sHostbasedAuthentication,
|
||||
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
|
||||
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
|
||||
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
|
||||
sDeprecated
|
||||
} ServerOpCodes;
|
||||
|
@ -772,7 +772,7 @@ parse_flag:
|
|||
value = proto_spec(arg);
|
||||
if (value == SSH_PROTO_UNKNOWN)
|
||||
fatal("%s line %d: Bad protocol spec '%s'.",
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
filename, linenum, arg ? arg : "<NONE>");
|
||||
if (*intptr == SSH_PROTO_UNKNOWN)
|
||||
*intptr = value;
|
||||
break;
|
||||
|
@ -780,21 +780,21 @@ parse_flag:
|
|||
case sSubsystem:
|
||||
if (options->num_subsystems >= MAX_SUBSYSTEMS) {
|
||||
fatal("%s line %d: too many subsystems defined.",
|
||||
filename, linenum);
|
||||
filename, linenum);
|
||||
}
|
||||
arg = strdelim(&cp);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%s line %d: Missing subsystem name.",
|
||||
filename, linenum);
|
||||
filename, linenum);
|
||||
for (i = 0; i < options->num_subsystems; i++)
|
||||
if (strcmp(arg, options->subsystem_name[i]) == 0)
|
||||
fatal("%s line %d: Subsystem '%s' already defined.",
|
||||
filename, linenum, arg);
|
||||
filename, linenum, arg);
|
||||
options->subsystem_name[options->num_subsystems] = xstrdup(arg);
|
||||
arg = strdelim(&cp);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%s line %d: Missing subsystem command.",
|
||||
filename, linenum);
|
||||
filename, linenum);
|
||||
options->subsystem_command[options->num_subsystems] = xstrdup(arg);
|
||||
options->num_subsystems++;
|
||||
break;
|
||||
|
@ -803,7 +803,7 @@ parse_flag:
|
|||
arg = strdelim(&cp);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%s line %d: Missing MaxStartups spec.",
|
||||
filename, linenum);
|
||||
filename, linenum);
|
||||
if ((n = sscanf(arg, "%d:%d:%d",
|
||||
&options->max_startups_begin,
|
||||
&options->max_startups_rate,
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
* called by a name other than "ssh" or "Secure Shell".
|
||||
*/
|
||||
|
||||
/* RCSID("$OpenBSD: servconf.h,v 1.50 2001/12/06 13:30:05 markus Exp $"); */
|
||||
/* RCSID("$OpenBSD: servconf.h,v 1.51 2001/12/19 07:18:56 deraadt Exp $"); */
|
||||
|
||||
#ifndef SERVCONF_H
|
||||
#define SERVCONF_H
|
||||
|
@ -117,13 +117,13 @@ typedef struct {
|
|||
char *banner; /* SSH-2 banner message */
|
||||
int reverse_mapping_check; /* cross-check ip and dns */
|
||||
int client_alive_interval; /*
|
||||
* poke the client this often to
|
||||
* see if it's still there
|
||||
* poke the client this often to
|
||||
* see if it's still there
|
||||
*/
|
||||
int client_alive_count_max; /*
|
||||
* If the client is unresponsive
|
||||
* for this many intervals above,
|
||||
* disconnect the session
|
||||
* disconnect the session
|
||||
*/
|
||||
|
||||
char *authorized_keys_file; /* File containing public keys */
|
||||
|
|
12
serverloop.c
12
serverloop.c
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.85 2001/12/05 03:50:01 itojun Exp $");
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.86 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
|
@ -195,12 +195,12 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
|
|||
int client_alive_scheduled = 0;
|
||||
|
||||
/*
|
||||
* if using client_alive, set the max timeout accordingly,
|
||||
* if using client_alive, set the max timeout accordingly,
|
||||
* and indicate that this particular timeout was for client
|
||||
* alive by setting the client_alive_scheduled flag.
|
||||
*
|
||||
* this could be randomized somewhat to make traffic
|
||||
* analysis more difficult, but we're not doing it yet.
|
||||
* analysis more difficult, but we're not doing it yet.
|
||||
*/
|
||||
if (compat20 &&
|
||||
max_time_milliseconds == 0 && options.client_alive_interval) {
|
||||
|
@ -598,7 +598,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
|
|||
drain_output();
|
||||
|
||||
debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
|
||||
stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
|
||||
stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
|
||||
|
||||
/* Free and clear the buffers. */
|
||||
buffer_free(&stdin_buffer);
|
||||
|
@ -738,12 +738,12 @@ static void
|
|||
server_input_channel_failure(int type, int plen, void *ctxt)
|
||||
{
|
||||
debug("Got CHANNEL_FAILURE for keepalive");
|
||||
/*
|
||||
/*
|
||||
* reset timeout, since we got a sane answer from the client.
|
||||
* even if this was generated by something other than
|
||||
* the bogus CHANNEL_REQUEST we send for keepalives.
|
||||
*/
|
||||
client_alive_timeouts = 0;
|
||||
client_alive_timeouts = 0;
|
||||
}
|
||||
|
||||
|
||||
|
|
46
session.c
46
session.c
|
@ -33,7 +33,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: session.c,v 1.111 2001/12/06 18:09:23 stevesk Exp $");
|
||||
RCSID("$OpenBSD: session.c,v 1.112 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
|
@ -258,7 +258,7 @@ do_authenticated1(Authctxt *authctxt)
|
|||
compression_level = packet_get_int();
|
||||
if (compression_level < 1 || compression_level > 9) {
|
||||
packet_send_debug("Received illegal compression level %d.",
|
||||
compression_level);
|
||||
compression_level);
|
||||
break;
|
||||
}
|
||||
/* Enable compression after we have responded with SUCCESS. */
|
||||
|
@ -323,7 +323,7 @@ do_authenticated1(Authctxt *authctxt)
|
|||
if (packet_set_maxsize(packet_get_int()) > 0)
|
||||
success = 1;
|
||||
break;
|
||||
|
||||
|
||||
#if defined(AFS) || defined(KRB5)
|
||||
case SSH_CMSG_HAVE_KERBEROS_TGT:
|
||||
if (!options.kerberos_tgt_passing) {
|
||||
|
@ -331,14 +331,14 @@ do_authenticated1(Authctxt *authctxt)
|
|||
} else {
|
||||
char *kdata = packet_get_string(&dlen);
|
||||
packet_integrity_check(plen, 4 + dlen, type);
|
||||
|
||||
|
||||
/* XXX - 0x41, see creds_to_radix version */
|
||||
if (kdata[0] != 0x41) {
|
||||
#ifdef KRB5
|
||||
krb5_data tgt;
|
||||
tgt.data = kdata;
|
||||
tgt.length = dlen;
|
||||
|
||||
|
||||
if (auth_krb5_tgt(s->authctxt, &tgt))
|
||||
success = 1;
|
||||
else
|
||||
|
@ -356,7 +356,7 @@ do_authenticated1(Authctxt *authctxt)
|
|||
}
|
||||
break;
|
||||
#endif /* AFS || KRB5 */
|
||||
|
||||
|
||||
#ifdef AFS
|
||||
case SSH_CMSG_HAVE_AFS_TOKEN:
|
||||
if (!options.afs_token_passing || !k_hasafs()) {
|
||||
|
@ -365,7 +365,7 @@ do_authenticated1(Authctxt *authctxt)
|
|||
/* Accept AFS token. */
|
||||
char *token = packet_get_string(&dlen);
|
||||
packet_integrity_check(plen, 4 + dlen, type);
|
||||
|
||||
|
||||
if (auth_afs_token(s->authctxt, token))
|
||||
success = 1;
|
||||
else
|
||||
|
@ -649,7 +649,7 @@ do_pre_login(Session *s)
|
|||
if (packet_connection_is_on_socket()) {
|
||||
fromlen = sizeof(from);
|
||||
if (getpeername(packet_get_connection_in(),
|
||||
(struct sockaddr *) & from, &fromlen) < 0) {
|
||||
(struct sockaddr *) & from, &fromlen) < 0) {
|
||||
debug("getpeername: %.100s", strerror(errno));
|
||||
fatal_cleanup();
|
||||
}
|
||||
|
@ -811,7 +811,7 @@ check_quietlogin(Session *s, const char *command)
|
|||
*/
|
||||
static void
|
||||
child_set_env(char ***envp, u_int *envsizep, const char *name,
|
||||
const char *value)
|
||||
const char *value)
|
||||
{
|
||||
u_int i, namelen;
|
||||
char **env;
|
||||
|
@ -852,7 +852,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
|
|||
*/
|
||||
static void
|
||||
read_environment_file(char ***env, u_int *envsize,
|
||||
const char *filename)
|
||||
const char *filename)
|
||||
{
|
||||
FILE *f;
|
||||
char buf[4096];
|
||||
|
@ -1304,7 +1304,7 @@ do_child(Session *s, const char *command)
|
|||
|
||||
if (auth_get_socket_name() != NULL)
|
||||
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
|
||||
auth_get_socket_name());
|
||||
auth_get_socket_name());
|
||||
|
||||
/* read $HOME/.ssh/environment. */
|
||||
if (!options.use_login) {
|
||||
|
@ -1367,10 +1367,10 @@ do_child(Session *s, const char *command)
|
|||
/* Try to get AFS tokens for the local cell. */
|
||||
if (k_hasafs()) {
|
||||
char cell[64];
|
||||
|
||||
|
||||
if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
|
||||
krb_afslog(cell, 0);
|
||||
|
||||
|
||||
krb_afslog(0, 0);
|
||||
}
|
||||
#endif /* AFS */
|
||||
|
@ -1487,9 +1487,9 @@ do_child(Session *s, const char *command)
|
|||
|
||||
execl(LOGIN_PROGRAM, "login", "-h", hostname,
|
||||
#ifdef LOGIN_NEEDS_TERM
|
||||
s->term? s->term : "unknown",
|
||||
s->term? s->term : "unknown",
|
||||
#endif
|
||||
"-p", "-f", "--", pw->pw_name, (char *)NULL);
|
||||
"-p", "-f", "--", pw->pw_name, (char *)NULL);
|
||||
|
||||
/* Login couldn't be executed, die. */
|
||||
|
||||
|
@ -1517,12 +1517,12 @@ session_new(void)
|
|||
static int did_init = 0;
|
||||
if (!did_init) {
|
||||
debug("session_new: init");
|
||||
for(i = 0; i < MAX_SESSIONS; i++) {
|
||||
for (i = 0; i < MAX_SESSIONS; i++) {
|
||||
sessions[i].used = 0;
|
||||
}
|
||||
did_init = 1;
|
||||
}
|
||||
for(i = 0; i < MAX_SESSIONS; i++) {
|
||||
for (i = 0; i < MAX_SESSIONS; i++) {
|
||||
Session *s = &sessions[i];
|
||||
if (! s->used) {
|
||||
memset(s, 0, sizeof(*s));
|
||||
|
@ -1542,7 +1542,7 @@ static void
|
|||
session_dump(void)
|
||||
{
|
||||
int i;
|
||||
for(i = 0; i < MAX_SESSIONS; i++) {
|
||||
for (i = 0; i < MAX_SESSIONS; i++) {
|
||||
Session *s = &sessions[i];
|
||||
debug("dump: used %d session %d %p channel %d pid %d",
|
||||
s->used,
|
||||
|
@ -1575,7 +1575,7 @@ static Session *
|
|||
session_by_channel(int id)
|
||||
{
|
||||
int i;
|
||||
for(i = 0; i < MAX_SESSIONS; i++) {
|
||||
for (i = 0; i < MAX_SESSIONS; i++) {
|
||||
Session *s = &sessions[i];
|
||||
if (s->used && s->chanid == id) {
|
||||
debug("session_by_channel: session %d channel %d", i, id);
|
||||
|
@ -1592,7 +1592,7 @@ session_by_pid(pid_t pid)
|
|||
{
|
||||
int i;
|
||||
debug("session_by_pid: pid %d", pid);
|
||||
for(i = 0; i < MAX_SESSIONS; i++) {
|
||||
for (i = 0; i < MAX_SESSIONS; i++) {
|
||||
Session *s = &sessions[i];
|
||||
if (s->used && s->pid == pid)
|
||||
return s;
|
||||
|
@ -2001,9 +2001,9 @@ void
|
|||
session_destroy_all(void)
|
||||
{
|
||||
int i;
|
||||
for(i = 0; i < MAX_SESSIONS; i++) {
|
||||
for (i = 0; i < MAX_SESSIONS; i++) {
|
||||
Session *s = &sessions[i];
|
||||
if (s->used)
|
||||
if (s->used)
|
||||
session_close(s);
|
||||
}
|
||||
}
|
||||
|
@ -2014,7 +2014,7 @@ session_tty_list(void)
|
|||
static char buf[1024];
|
||||
int i;
|
||||
buf[0] = '\0';
|
||||
for(i = 0; i < MAX_SESSIONS; i++) {
|
||||
for (i = 0; i < MAX_SESSIONS; i++) {
|
||||
Session *s = &sessions[i];
|
||||
if (s->used && s->ttyfd != -1) {
|
||||
if (buf[0] != '\0')
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
/* XXX: copy between two remote sites */
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.18 2001/07/14 15:10:16 stevesk Exp $");
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
|
@ -308,9 +308,8 @@ do_lsreaddir(int fd_in, int fd_out, char *path, int printflag,
|
|||
*dir = xmalloc(sizeof(**dir));
|
||||
(*dir)[0] = NULL;
|
||||
}
|
||||
|
||||
|
||||
for(;;) {
|
||||
for (;;) {
|
||||
int count;
|
||||
|
||||
id = expected_id = msg_id++;
|
||||
|
@ -356,7 +355,7 @@ do_lsreaddir(int fd_in, int fd_out, char *path, int printflag,
|
|||
if (count == 0)
|
||||
break;
|
||||
debug3("Received %d SSH2_FXP_NAME responses", count);
|
||||
for(i = 0; i < count; i++) {
|
||||
for (i = 0; i < count; i++) {
|
||||
char *filename, *longname;
|
||||
Attrib *a;
|
||||
|
||||
|
@ -404,8 +403,8 @@ do_readdir(int fd_in, int fd_out, char *path, SFTP_DIRENT ***dir)
|
|||
void free_sftp_dirents(SFTP_DIRENT **s)
|
||||
{
|
||||
int i;
|
||||
|
||||
for(i = 0; s[i]; i++) {
|
||||
|
||||
for (i = 0; s[i]; i++) {
|
||||
xfree(s[i]->filename);
|
||||
xfree(s[i]->longname);
|
||||
xfree(s[i]);
|
||||
|
@ -726,7 +725,7 @@ do_download(int fd_in, int fd_out, char *remote_path, char *local_path,
|
|||
|
||||
/* Read from remote and write to local */
|
||||
offset = 0;
|
||||
for(;;) {
|
||||
for (;;) {
|
||||
u_int len;
|
||||
char *data;
|
||||
|
||||
|
@ -758,7 +757,7 @@ do_download(int fd_in, int fd_out, char *remote_path, char *local_path,
|
|||
else {
|
||||
error("Couldn't read from remote "
|
||||
"file \"%s\" : %s", remote_path,
|
||||
fx2txt(status));
|
||||
fx2txt(status));
|
||||
do_close(fd_in, fd_out, handle, handle_len);
|
||||
goto done;
|
||||
}
|
||||
|
@ -868,7 +867,7 @@ do_upload(int fd_in, int fd_out, char *local_path, char *remote_path,
|
|||
|
||||
/* Read from local and write to remote */
|
||||
offset = 0;
|
||||
for(;;) {
|
||||
for (;;) {
|
||||
int len;
|
||||
char data[COPY_SIZE];
|
||||
|
||||
|
|
22
sftp-glob.c
22
sftp-glob.c
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-glob.c,v 1.8 2001/07/14 15:10:17 stevesk Exp $");
|
||||
RCSID("$OpenBSD: sftp-glob.c,v 1.9 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
|
@ -49,9 +49,9 @@ static void *
|
|||
fudge_opendir(const char *path)
|
||||
{
|
||||
struct SFTP_OPENDIR *r;
|
||||
|
||||
|
||||
r = xmalloc(sizeof(*r));
|
||||
|
||||
|
||||
if (do_readdir(cur.fd_in, cur.fd_out, (char*)path, &r->dir))
|
||||
return(NULL);
|
||||
|
||||
|
@ -110,7 +110,7 @@ static void
|
|||
attrib_to_stat(Attrib *a, struct stat *st)
|
||||
{
|
||||
memset(st, 0, sizeof(*st));
|
||||
|
||||
|
||||
if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
|
||||
st->st_size = a->size;
|
||||
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
|
||||
|
@ -129,12 +129,12 @@ static int
|
|||
fudge_lstat(const char *path, struct stat *st)
|
||||
{
|
||||
Attrib *a;
|
||||
|
||||
|
||||
if (!(a = do_lstat(cur.fd_in, cur.fd_out, (char*)path, 0)))
|
||||
return(-1);
|
||||
|
||||
|
||||
attrib_to_stat(a, st);
|
||||
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
@ -142,12 +142,12 @@ static int
|
|||
fudge_stat(const char *path, struct stat *st)
|
||||
{
|
||||
Attrib *a;
|
||||
|
||||
|
||||
if (!(a = do_stat(cur.fd_in, cur.fd_out, (char*)path, 0)))
|
||||
return(-1);
|
||||
|
||||
|
||||
attrib_to_stat(a, st);
|
||||
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
@ -160,7 +160,7 @@ remote_glob(int fd_in, int fd_out, const char *pattern, int flags,
|
|||
pglob->gl_closedir = (void (*)(void *))fudge_closedir;
|
||||
pglob->gl_lstat = fudge_lstat;
|
||||
pglob->gl_stat = fudge_stat;
|
||||
|
||||
|
||||
memset(&cur, 0, sizeof(cur));
|
||||
cur.fd_in = fd_in;
|
||||
cur.fd_out = fd_out;
|
||||
|
|
20
sftp-int.c
20
sftp-int.c
|
@ -26,7 +26,7 @@
|
|||
/* XXX: recursive operations */
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-int.c,v 1.40 2001/08/14 09:23:02 markus Exp $");
|
||||
RCSID("$OpenBSD: sftp-int.c,v 1.41 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -205,7 +205,7 @@ path_append(char *p1, char *p2)
|
|||
|
||||
ret = xmalloc(len);
|
||||
strlcpy(ret, p1, len);
|
||||
if (strcmp(p1, "/") != 0)
|
||||
if (strcmp(p1, "/") != 0)
|
||||
strlcat(ret, "/", len);
|
||||
strlcat(ret, p2, len);
|
||||
|
||||
|
@ -393,7 +393,7 @@ process_get(int in, int out, char *src, char *dst, char *pwd, int pflag)
|
|||
goto out;
|
||||
}
|
||||
|
||||
for(i = 0; g.gl_pathv[i]; i++) {
|
||||
for (i = 0; g.gl_pathv[i]; i++) {
|
||||
if (infer_path(g.gl_pathv[i], &tmp)) {
|
||||
err = -1;
|
||||
goto out;
|
||||
|
@ -475,7 +475,7 @@ process_put(int in, int out, char *src, char *dst, char *pwd, int pflag)
|
|||
goto out;
|
||||
}
|
||||
|
||||
for(i = 0; g.gl_pathv[i]; i++) {
|
||||
for (i = 0; g.gl_pathv[i]; i++) {
|
||||
if (infer_path(g.gl_pathv[i], &tmp)) {
|
||||
err = -1;
|
||||
goto out;
|
||||
|
@ -517,7 +517,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg,
|
|||
return(-1);
|
||||
|
||||
/* Figure out which command we have */
|
||||
for(i = 0; cmds[i].c; i++) {
|
||||
for (i = 0; cmds[i].c; i++) {
|
||||
int cmdlen = strlen(cmds[i].c);
|
||||
|
||||
/* Check for command followed by whitespace */
|
||||
|
@ -688,7 +688,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd)
|
|||
case I_RM:
|
||||
path1 = make_absolute(path1, *pwd);
|
||||
remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
|
||||
for(i = 0; g.gl_pathv[i]; i++) {
|
||||
for (i = 0; g.gl_pathv[i]; i++) {
|
||||
printf("Removing %s\n", g.gl_pathv[i]);
|
||||
if (do_rm(in, out, g.gl_pathv[i]) == -1)
|
||||
err = -1;
|
||||
|
@ -781,7 +781,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd)
|
|||
a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
|
||||
a.perm = n_arg;
|
||||
remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
|
||||
for(i = 0; g.gl_pathv[i]; i++) {
|
||||
for (i = 0; g.gl_pathv[i]; i++) {
|
||||
printf("Changing mode on %s\n", g.gl_pathv[i]);
|
||||
do_setstat(in, out, g.gl_pathv[i], &a);
|
||||
}
|
||||
|
@ -789,7 +789,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd)
|
|||
case I_CHOWN:
|
||||
path1 = make_absolute(path1, *pwd);
|
||||
remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
|
||||
for(i = 0; g.gl_pathv[i]; i++) {
|
||||
for (i = 0; g.gl_pathv[i]; i++) {
|
||||
if (!(aa = do_stat(in, out, g.gl_pathv[i], 0)))
|
||||
continue;
|
||||
if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
|
||||
|
@ -806,7 +806,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd)
|
|||
case I_CHGRP:
|
||||
path1 = make_absolute(path1, *pwd);
|
||||
remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
|
||||
for(i = 0; g.gl_pathv[i]; i++) {
|
||||
for (i = 0; g.gl_pathv[i]; i++) {
|
||||
if (!(aa = do_stat(in, out, g.gl_pathv[i], 0)))
|
||||
continue;
|
||||
if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
|
||||
|
@ -899,7 +899,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
|
|||
setlinebuf(infile);
|
||||
#endif
|
||||
|
||||
for(;;) {
|
||||
for (;;) {
|
||||
char *cp;
|
||||
|
||||
printf("sftp> ");
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-server.c,v 1.30 2001/07/31 12:42:50 jakob Exp $");
|
||||
RCSID("$OpenBSD: sftp-server.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
|
@ -144,7 +144,7 @@ handle_init(void)
|
|||
{
|
||||
int i;
|
||||
|
||||
for(i = 0; i < sizeof(handles)/sizeof(Handle); i++)
|
||||
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
|
||||
handles[i].use = HANDLE_UNUSED;
|
||||
}
|
||||
|
||||
|
@ -153,7 +153,7 @@ handle_new(int use, char *name, int fd, DIR *dirp)
|
|||
{
|
||||
int i;
|
||||
|
||||
for(i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
|
||||
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
|
||||
if (handles[i].use == HANDLE_UNUSED) {
|
||||
handles[i].use = use;
|
||||
handles[i].dirp = dirp;
|
||||
|
@ -771,7 +771,7 @@ process_readdir(void)
|
|||
}
|
||||
if (count > 0) {
|
||||
send_names(id, count, stats);
|
||||
for(i = 0; i < count; i++) {
|
||||
for (i = 0; i < count; i++) {
|
||||
xfree(stats[i].name);
|
||||
xfree(stats[i].long_name);
|
||||
}
|
||||
|
@ -897,7 +897,7 @@ process_readlink(void)
|
|||
send_status(id, errno_to_portable(errno));
|
||||
else {
|
||||
Stat s;
|
||||
|
||||
|
||||
link[len] = '\0';
|
||||
attrib_clear(&s.attrib);
|
||||
s.name = s.long_name = link;
|
||||
|
|
6
sftp.c
6
sftp.c
|
@ -24,7 +24,7 @@
|
|||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$OpenBSD: sftp.c,v 1.21 2001/09/19 19:24:19 stevesk Exp $");
|
||||
RCSID("$OpenBSD: sftp.c,v 1.22 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
/* XXX: commandline mode */
|
||||
/* XXX: short-form remote directory listings (like 'ls -C') */
|
||||
|
@ -114,7 +114,7 @@ main(int argc, char **argv)
|
|||
|
||||
__progname = get_progname(argv[0]);
|
||||
args.list = NULL;
|
||||
addargs(&args, "ssh"); /* overwritten with ssh_program */
|
||||
addargs(&args, "ssh"); /* overwritten with ssh_program */
|
||||
addargs(&args, "-oFallBackToRsh no");
|
||||
addargs(&args, "-oForwardX11 no");
|
||||
addargs(&args, "-oForwardAgent no");
|
||||
|
@ -195,7 +195,7 @@ main(int argc, char **argv)
|
|||
addargs(&args, "-oProtocol %d", sshver);
|
||||
|
||||
/* no subsystem if the server-spec contains a '/' */
|
||||
if (sftp_server == NULL || strchr(sftp_server, '/') == NULL)
|
||||
if (sftp_server == NULL || strchr(sftp_server, '/') == NULL)
|
||||
addargs(&args, "-s");
|
||||
|
||||
addargs(&args, "%s", host);
|
||||
|
|
18
ssh-add.c
18
ssh-add.c
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-add.c,v 1.46 2001/10/02 08:38:50 djm Exp $");
|
||||
RCSID("$OpenBSD: ssh-add.c,v 1.47 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
|
@ -90,7 +90,7 @@ delete_file(AuthenticationConnection *ac, const char *filename)
|
|||
|
||||
key_free(public);
|
||||
xfree(comment);
|
||||
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -160,7 +160,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
|
|||
|
||||
xfree(comment);
|
||||
key_free(private);
|
||||
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -169,11 +169,11 @@ update_card(AuthenticationConnection *ac, int add, const char *id)
|
|||
{
|
||||
if (ssh_update_card(ac, add, id)) {
|
||||
fprintf(stderr, "Card %s: %s\n",
|
||||
add ? "added" : "removed", id);
|
||||
add ? "added" : "removed", id);
|
||||
return 0;
|
||||
} else {
|
||||
fprintf(stderr, "Could not %s card: %s\n",
|
||||
add ? "add" : "remove", id);
|
||||
add ? "add" : "remove", id);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
@ -188,8 +188,8 @@ list_identities(AuthenticationConnection *ac, int do_fp)
|
|||
|
||||
for (version = 1; version <= 2; version++) {
|
||||
for (key = ssh_get_first_identity(ac, &comment, version);
|
||||
key != NULL;
|
||||
key = ssh_get_next_identity(ac, &comment, version)) {
|
||||
key != NULL;
|
||||
key = ssh_get_next_identity(ac, &comment, version)) {
|
||||
had_identities = 1;
|
||||
if (do_fp) {
|
||||
fp = key_fingerprint(key, SSH_FP_MD5,
|
||||
|
@ -248,7 +248,7 @@ main(int argc, char **argv)
|
|||
fprintf(stderr, "Could not open a connection to your authentication agent.\n");
|
||||
exit(1);
|
||||
}
|
||||
while ((ch = getopt(argc, argv, "lLdDe:s:")) != -1) {
|
||||
while ((ch = getopt(argc, argv, "lLdDe:s:")) != -1) {
|
||||
switch (ch) {
|
||||
case 'l':
|
||||
case 'L':
|
||||
|
@ -267,7 +267,7 @@ main(int argc, char **argv)
|
|||
sc_reader_id = optarg;
|
||||
break;
|
||||
case 'e':
|
||||
deleting = 1;
|
||||
deleting = 1;
|
||||
sc_reader_id = optarg;
|
||||
break;
|
||||
default:
|
||||
|
|
10
ssh-agent.c
10
ssh-agent.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-agent.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $ */
|
||||
/* $OpenBSD: ssh-agent.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -36,7 +36,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $");
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/md5.h>
|
||||
|
@ -457,7 +457,7 @@ process_add_smartcard_key (SocketEntry *e)
|
|||
Key *n = NULL, *k = NULL;
|
||||
char *sc_reader_id = NULL;
|
||||
int success = 0;
|
||||
|
||||
|
||||
sc_reader_id = buffer_get_string(&e->input, NULL);
|
||||
k = sc_get_key(sc_reader_id);
|
||||
xfree(sc_reader_id);
|
||||
|
@ -615,10 +615,10 @@ process_message(SocketEntry *e)
|
|||
#ifdef SMARTCARD
|
||||
case SSH_AGENTC_ADD_SMARTCARD_KEY:
|
||||
process_add_smartcard_key(e);
|
||||
break;
|
||||
break;
|
||||
case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
|
||||
process_remove_smartcard_key(e);
|
||||
break;
|
||||
break;
|
||||
#endif /* SMARTCARD */
|
||||
default:
|
||||
/* Unknown message. Respond with failure. */
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.85 2001/12/05 10:06:12 deraadt Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.86 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
|
@ -670,7 +670,7 @@ do_change_passphrase(struct passwd *pw)
|
|||
read_passphrase("Enter new passphrase (empty for no "
|
||||
"passphrase): ", RP_ALLOW_STDIN);
|
||||
passphrase2 = read_passphrase("Enter same passphrase again: ",
|
||||
RP_ALLOW_STDIN);
|
||||
RP_ALLOW_STDIN);
|
||||
|
||||
/* Verify that they are the same. */
|
||||
if (strcmp(passphrase1, passphrase2) != 0) {
|
||||
|
@ -748,7 +748,7 @@ do_change_comment(struct passwd *pw)
|
|||
fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
|
||||
key_free(private);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
printf("Key now has comment '%s'\n", comment);
|
||||
|
||||
if (identity_comment) {
|
||||
|
|
8
ssh.c
8
ssh.c
|
@ -39,7 +39,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh.c,v 1.150 2001/11/30 20:39:28 stevesk Exp $");
|
||||
RCSID("$OpenBSD: ssh.c,v 1.151 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
|
@ -485,7 +485,7 @@ again:
|
|||
fwd_host_port);
|
||||
else if (opt == 'R')
|
||||
add_remote_forward(&options, fwd_port, buf,
|
||||
fwd_host_port);
|
||||
fwd_host_port);
|
||||
break;
|
||||
|
||||
case 'D':
|
||||
|
@ -1150,8 +1150,8 @@ ssh_session2_open(void)
|
|||
channel_send_open(c->self);
|
||||
if (!no_shell_flag)
|
||||
channel_register_callback(c->self,
|
||||
SSH2_MSG_CHANNEL_OPEN_CONFIRMATION,
|
||||
ssh_session2_setup, (void *)0);
|
||||
SSH2_MSG_CHANNEL_OPEN_CONFIRMATION,
|
||||
ssh_session2_setup, (void *)0);
|
||||
|
||||
return c->self;
|
||||
}
|
||||
|
|
16
sshconnect.c
16
sshconnect.c
|
@ -13,7 +13,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.117 2001/12/06 18:02:32 stevesk Exp $");
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.118 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
|
@ -109,7 +109,7 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
|
|||
/* Create pipes for communicating with the proxy. */
|
||||
if (pipe(pin) < 0 || pipe(pout) < 0)
|
||||
fatal("Could not create pipes to communicate with the proxy: %.100s",
|
||||
strerror(errno));
|
||||
strerror(errno));
|
||||
|
||||
debug("Executing proxy command: %.500s", command_string);
|
||||
|
||||
|
@ -258,7 +258,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
|
|||
int full_failure = 1;
|
||||
|
||||
debug("ssh_connect: getuid %u geteuid %u anon %d",
|
||||
(u_int) getuid(), (u_int) geteuid(), anonymous);
|
||||
(u_int) getuid(), (u_int) geteuid(), anonymous);
|
||||
|
||||
/* Get default port if port has not been set. */
|
||||
if (port == 0) {
|
||||
|
@ -428,7 +428,7 @@ ssh_exchange_identification(void)
|
|||
&remote_major, &remote_minor, remote_version) != 3)
|
||||
fatal("Bad remote protocol version identification: '%.100s'", buf);
|
||||
debug("Remote protocol version %d.%d, remote software version %.100s",
|
||||
remote_major, remote_minor, remote_version);
|
||||
remote_major, remote_minor, remote_version);
|
||||
|
||||
compat_datafellows(remote_version);
|
||||
mismatch = 0;
|
||||
|
@ -620,7 +620,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
|||
*/
|
||||
host_file = user_hostfile;
|
||||
host_status = check_host_in_hostfile(host_file, host, host_key,
|
||||
file_key, &host_line);
|
||||
file_key, &host_line);
|
||||
if (host_status == HOST_NEW) {
|
||||
host_file = system_hostfile;
|
||||
host_status = check_host_in_hostfile(host_file, host, host_key,
|
||||
|
@ -663,7 +663,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
|||
"'%.128s' not in list of known hosts.",
|
||||
type, ip);
|
||||
else if (!add_host_to_hostfile(user_hostfile, ip,
|
||||
host_key))
|
||||
host_key))
|
||||
log("Failed to add the %s host key for IP "
|
||||
"address '%.128s' to the list of known "
|
||||
"hosts (%.30s).", type, ip, user_hostfile);
|
||||
|
@ -789,7 +789,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
|||
error("Port forwarding is disabled to avoid "
|
||||
"man-in-the-middle attacks.");
|
||||
options.num_local_forwards =
|
||||
options.num_remote_forwards = 0;
|
||||
options.num_remote_forwards = 0;
|
||||
}
|
||||
/*
|
||||
* XXX Should permit the user to change to use the new id.
|
||||
|
@ -813,7 +813,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
|||
error("Exiting, you have requested strict checking.");
|
||||
goto fail;
|
||||
} else if (options.strict_host_key_checking == 2) {
|
||||
if (!confirm("Are you sure you want "
|
||||
if (!confirm("Are you sure you want "
|
||||
"to continue connecting (yes/no)? ")) {
|
||||
goto fail;
|
||||
}
|
||||
|
|
200
sshconnect1.c
200
sshconnect1.c
|
@ -13,7 +13,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect1.c,v 1.41 2001/10/06 11:18:19 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect1.c,v 1.42 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/evp.h>
|
||||
|
@ -80,8 +80,8 @@ try_agent_authentication(void)
|
|||
|
||||
/* Loop through identities served by the agent. */
|
||||
for (key = ssh_get_first_identity(auth, &comment, 1);
|
||||
key != NULL;
|
||||
key = ssh_get_next_identity(auth, &comment, 1)) {
|
||||
key != NULL;
|
||||
key = ssh_get_next_identity(auth, &comment, 1)) {
|
||||
|
||||
/* Try this identity. */
|
||||
debug("Trying RSA authentication via agent with '%.100s'", comment);
|
||||
|
@ -400,10 +400,10 @@ try_krb4_authentication(void)
|
|||
/* Don't do anything if we don't have any tickets. */
|
||||
if (stat(tkt_string(), &st) < 0)
|
||||
return 0;
|
||||
|
||||
|
||||
strlcpy(inst, (char *)krb_get_phost(get_canonical_hostname(1)),
|
||||
INST_SZ);
|
||||
|
||||
|
||||
realm = (char *)krb_realmofhost(get_canonical_hostname(1));
|
||||
if (!realm) {
|
||||
debug("Kerberos v4: no realm for %s", get_canonical_hostname(1));
|
||||
|
@ -411,7 +411,7 @@ try_krb4_authentication(void)
|
|||
}
|
||||
/* This can really be anything. */
|
||||
checksum = (u_long)getpid();
|
||||
|
||||
|
||||
r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
|
||||
if (r != KSUCCESS) {
|
||||
debug("Kerberos v4 krb_mk_req failed: %s", krb_err_txt[r]);
|
||||
|
@ -424,22 +424,22 @@ try_krb4_authentication(void)
|
|||
return 0;
|
||||
}
|
||||
des_key_sched((des_cblock *) cred.session, schedule);
|
||||
|
||||
|
||||
/* Send authentication info to server. */
|
||||
packet_start(SSH_CMSG_AUTH_KERBEROS);
|
||||
packet_put_string((char *) auth.dat, auth.length);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
|
||||
/* Zero the buffer. */
|
||||
(void) memset(auth.dat, 0, MAX_KTXT_LEN);
|
||||
|
||||
|
||||
slen = sizeof(local);
|
||||
memset(&local, 0, sizeof(local));
|
||||
if (getsockname(packet_get_connection_in(),
|
||||
(struct sockaddr *)&local, &slen) < 0)
|
||||
debug("getsockname failed: %s", strerror(errno));
|
||||
|
||||
|
||||
slen = sizeof(foreign);
|
||||
memset(&foreign, 0, sizeof(foreign));
|
||||
if (getpeername(packet_get_connection_in(),
|
||||
|
@ -455,18 +455,18 @@ try_krb4_authentication(void)
|
|||
debug("Kerberos v4 authentication failed.");
|
||||
return 0;
|
||||
break;
|
||||
|
||||
|
||||
case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
|
||||
/* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
|
||||
debug("Kerberos v4 authentication accepted.");
|
||||
|
||||
|
||||
/* Get server's response. */
|
||||
reply = packet_get_string((u_int *) &auth.length);
|
||||
memcpy(auth.dat, reply, auth.length);
|
||||
xfree(reply);
|
||||
|
||||
|
||||
packet_integrity_check(plen, 4 + auth.length, type);
|
||||
|
||||
|
||||
/*
|
||||
* If his response isn't properly encrypted with the session
|
||||
* key, and the decrypted checksum fails to match, he's
|
||||
|
@ -483,7 +483,7 @@ try_krb4_authentication(void)
|
|||
memcpy((char *)&cksum, (char *)msg_data.app_data,
|
||||
sizeof(cksum));
|
||||
cksum = ntohl(cksum);
|
||||
|
||||
|
||||
/* If it matches, we're golden. */
|
||||
if (cksum == checksum + 1) {
|
||||
debug("Kerberos v4 challenge successful.");
|
||||
|
@ -491,7 +491,7 @@ try_krb4_authentication(void)
|
|||
} else
|
||||
packet_disconnect("Kerberos v4 challenge failed!");
|
||||
break;
|
||||
|
||||
|
||||
default:
|
||||
packet_disconnect("Protocol error on Kerberos v4 response: %d", type);
|
||||
}
|
||||
|
@ -513,26 +513,26 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
|
|||
int type, payload_len;
|
||||
krb5_ap_rep_enc_part *reply = NULL;
|
||||
int ret;
|
||||
|
||||
|
||||
memset(&ap, 0, sizeof(ap));
|
||||
|
||||
|
||||
problem = krb5_init_context(context);
|
||||
if (problem) {
|
||||
debug("Kerberos v5: krb5_init_context failed");
|
||||
ret = 0;
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
||||
tkfile = krb5_cc_default_name(*context);
|
||||
if (strncmp(tkfile, "FILE:", 5) == 0)
|
||||
tkfile += 5;
|
||||
|
||||
|
||||
if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
|
||||
debug("Kerberos v5: could not get default ccache (permission denied).");
|
||||
ret = 0;
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
||||
problem = krb5_cc_default(*context, &ccache);
|
||||
if (problem) {
|
||||
debug("Kerberos v5: krb5_cc_default failed: %s",
|
||||
|
@ -540,9 +540,9 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
|
|||
ret = 0;
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
||||
remotehost = get_canonical_hostname(1);
|
||||
|
||||
|
||||
problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
|
||||
"host", remotehost, NULL, ccache, &ap);
|
||||
if (problem) {
|
||||
|
@ -551,48 +551,48 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
|
|||
ret = 0;
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
||||
packet_start(SSH_CMSG_AUTH_KERBEROS);
|
||||
packet_put_string((char *) ap.data, ap.length);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
|
||||
xfree(ap.data);
|
||||
ap.length = 0;
|
||||
|
||||
|
||||
type = packet_read(&payload_len);
|
||||
switch (type) {
|
||||
case SSH_SMSG_FAILURE:
|
||||
/* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
|
||||
debug("Kerberos v5 authentication failed.");
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
case SSH_SMSG_FAILURE:
|
||||
/* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
|
||||
debug("Kerberos v5 authentication failed.");
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
|
||||
/* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
|
||||
debug("Kerberos v5 authentication accepted.");
|
||||
|
||||
/* Get server's response. */
|
||||
ap.data = packet_get_string((unsigned int *) &ap.length);
|
||||
|
||||
packet_integrity_check(payload_len, 4 + ap.length, type);
|
||||
/* XXX je to dobre? */
|
||||
|
||||
problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
|
||||
if (problem) {
|
||||
/* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
|
||||
debug("Kerberos v5 authentication accepted.");
|
||||
|
||||
/* Get server's response. */
|
||||
ap.data = packet_get_string((unsigned int *) &ap.length);
|
||||
|
||||
packet_integrity_check(payload_len, 4 + ap.length, type);
|
||||
/* XXX je to dobre? */
|
||||
|
||||
problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
|
||||
if (problem) {
|
||||
ret = 0;
|
||||
}
|
||||
ret = 1;
|
||||
break;
|
||||
|
||||
|
||||
default:
|
||||
packet_disconnect("Protocol error on Kerberos v5 response: %d",
|
||||
type);
|
||||
ret = 0;
|
||||
break;
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
out:
|
||||
if (ccache != NULL)
|
||||
krb5_cc_close(*context, ccache);
|
||||
|
@ -600,7 +600,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
|
|||
krb5_free_ap_rep_enc_part(*context, reply);
|
||||
if (ap.length > 0)
|
||||
krb5_data_free(&ap);
|
||||
|
||||
|
||||
return (ret);
|
||||
}
|
||||
|
||||
|
@ -614,62 +614,62 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
|
|||
krb5_creds creds;
|
||||
krb5_kdc_flags flags;
|
||||
const char *remotehost;
|
||||
|
||||
|
||||
memset(&creds, 0, sizeof(creds));
|
||||
memset(&outbuf, 0, sizeof(outbuf));
|
||||
|
||||
|
||||
fd = packet_get_connection_in();
|
||||
|
||||
|
||||
problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
|
||||
problem = krb5_cc_default(context, &ccache);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
|
||||
problem = krb5_cc_get_principal(context, ccache, &creds.client);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
|
||||
problem = krb5_build_principal(context, &creds.server,
|
||||
strlen(creds.client->realm), creds.client->realm,
|
||||
"krbtgt", creds.client->realm, NULL);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
|
||||
creds.times.endtime = 0;
|
||||
|
||||
|
||||
flags.i = 0;
|
||||
flags.b.forwarded = 1;
|
||||
flags.b.forwardable = krb5_config_get_bool(context, NULL,
|
||||
"libdefaults", "forwardable", NULL);
|
||||
|
||||
|
||||
remotehost = get_canonical_hostname(1);
|
||||
|
||||
|
||||
problem = krb5_get_forwarded_creds(context, auth_context,
|
||||
ccache, flags.i, remotehost, &creds, &outbuf);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
|
||||
packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
|
||||
packet_put_string((char *)outbuf.data, outbuf.length);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
|
||||
type = packet_read(&payload_len);
|
||||
|
||||
|
||||
if (type == SSH_SMSG_SUCCESS) {
|
||||
char *pname;
|
||||
|
||||
|
||||
krb5_unparse_name(context, creds.client, &pname);
|
||||
debug("Kerberos v5 TGT forwarded (%s).", pname);
|
||||
xfree(pname);
|
||||
} else
|
||||
debug("Kerberos v5 TGT forwarding failed.");
|
||||
|
||||
|
||||
return;
|
||||
|
||||
|
||||
out:
|
||||
if (problem)
|
||||
debug("Kerberos v5 TGT forwarding failed: %s",
|
||||
|
@ -693,44 +693,44 @@ send_krb4_tgt(void)
|
|||
struct stat st;
|
||||
char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
|
||||
int problem, type, len;
|
||||
|
||||
|
||||
/* Don't do anything if we don't have any tickets. */
|
||||
if (stat(tkt_string(), &st) < 0)
|
||||
return;
|
||||
|
||||
|
||||
creds = xmalloc(sizeof(*creds));
|
||||
|
||||
|
||||
problem = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
|
||||
problem = krb_get_cred("krbtgt", prealm, prealm, creds);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
|
||||
if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
|
||||
problem = RD_AP_EXP;
|
||||
goto out;
|
||||
}
|
||||
creds_to_radix(creds, (u_char *)buffer, sizeof(buffer));
|
||||
|
||||
|
||||
packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
|
||||
packet_put_cstring(buffer);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
|
||||
type = packet_read(&len);
|
||||
|
||||
|
||||
if (type == SSH_SMSG_SUCCESS)
|
||||
debug("Kerberos v4 TGT forwarded (%s%s%s@%s).",
|
||||
creds->pname, creds->pinst[0] ? "." : "",
|
||||
creds->pinst, creds->realm);
|
||||
else
|
||||
debug("Kerberos v4 TGT rejected.");
|
||||
|
||||
|
||||
xfree(creds);
|
||||
return;
|
||||
|
||||
|
||||
out:
|
||||
debug("Kerberos v4 TGT passing failed: %s", krb_err_txt[problem]);
|
||||
xfree(creds);
|
||||
|
@ -745,7 +745,7 @@ send_afs_tokens(void)
|
|||
int i, type, len;
|
||||
char buf[2048], *p, *server_cell;
|
||||
char buffer[8192];
|
||||
|
||||
|
||||
/* Move over ktc_GetToken, here's something leaner. */
|
||||
for (i = 0; i < 100; i++) { /* just in case */
|
||||
parms.in = (char *) &i;
|
||||
|
@ -755,7 +755,7 @@ send_afs_tokens(void)
|
|||
if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0)
|
||||
break;
|
||||
p = buf;
|
||||
|
||||
|
||||
/* Get secret token. */
|
||||
memcpy(&creds.ticket_st.length, p, sizeof(u_int));
|
||||
if (creds.ticket_st.length > MAX_KTXT_LEN)
|
||||
|
@ -763,7 +763,7 @@ send_afs_tokens(void)
|
|||
p += sizeof(u_int);
|
||||
memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
|
||||
p += creds.ticket_st.length;
|
||||
|
||||
|
||||
/* Get clear token. */
|
||||
memcpy(&len, p, sizeof(len));
|
||||
if (len != sizeof(struct ClearToken))
|
||||
|
@ -773,7 +773,7 @@ send_afs_tokens(void)
|
|||
p += len;
|
||||
p += sizeof(len); /* primary flag */
|
||||
server_cell = p;
|
||||
|
||||
|
||||
/* Flesh out our credentials. */
|
||||
strlcpy(creds.service, "afs", sizeof(creds.service));
|
||||
creds.instance[0] = '\0';
|
||||
|
@ -785,7 +785,7 @@ send_afs_tokens(void)
|
|||
creds.kvno = ct.AuthHandle;
|
||||
snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
|
||||
creds.pinst[0] = '\0';
|
||||
|
||||
|
||||
/* Encode token, ship it off. */
|
||||
if (creds_to_radix(&creds, (u_char *)buffer,
|
||||
sizeof(buffer)) <= 0)
|
||||
|
@ -798,7 +798,7 @@ send_afs_tokens(void)
|
|||
/* Roger, Roger. Clearance, Clarence. What's your vector,
|
||||
Victor? */
|
||||
type = packet_read(&len);
|
||||
|
||||
|
||||
if (type == SSH_SMSG_FAILURE)
|
||||
debug("AFS token for cell %s rejected.", server_cell);
|
||||
else if (type != SSH_SMSG_SUCCESS)
|
||||
|
@ -842,7 +842,7 @@ try_challenge_response_authentication(void)
|
|||
challenge = packet_get_string(&clen);
|
||||
packet_integrity_check(payload_len, (4 + clen), type);
|
||||
snprintf(prompt, sizeof prompt, "%s%s", challenge,
|
||||
strchr(challenge, '\n') ? "" : "\nResponse: ");
|
||||
strchr(challenge, '\n') ? "" : "\nResponse: ");
|
||||
xfree(challenge);
|
||||
if (i != 0)
|
||||
error("Permission denied, please try again.");
|
||||
|
@ -974,11 +974,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
|
|||
supported_authentications = packet_get_int();
|
||||
|
||||
debug("Received server public key (%d bits) and host key (%d bits).",
|
||||
BN_num_bits(public_key->n), BN_num_bits(host_key->n));
|
||||
BN_num_bits(public_key->n), BN_num_bits(host_key->n));
|
||||
|
||||
packet_integrity_check(payload_len,
|
||||
8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
|
||||
SSH_SMSG_PUBLIC_KEY);
|
||||
8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
|
||||
SSH_SMSG_PUBLIC_KEY);
|
||||
k.type = KEY_RSA1;
|
||||
k.rsa = host_key;
|
||||
if (verify_host_key(host, hostaddr, &k) == -1)
|
||||
|
@ -1027,10 +1027,10 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
|
|||
if (BN_num_bits(host_key->n) <
|
||||
BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
|
||||
fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
|
||||
"SSH_KEY_BITS_RESERVED %d",
|
||||
BN_num_bits(host_key->n),
|
||||
BN_num_bits(public_key->n),
|
||||
SSH_KEY_BITS_RESERVED);
|
||||
"SSH_KEY_BITS_RESERVED %d",
|
||||
BN_num_bits(host_key->n),
|
||||
BN_num_bits(public_key->n),
|
||||
SSH_KEY_BITS_RESERVED);
|
||||
}
|
||||
rsa_public_encrypt(key, key, public_key);
|
||||
rsa_public_encrypt(key, key, host_key);
|
||||
|
@ -1039,10 +1039,10 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
|
|||
if (BN_num_bits(public_key->n) <
|
||||
BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
|
||||
fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
|
||||
"SSH_KEY_BITS_RESERVED %d",
|
||||
BN_num_bits(public_key->n),
|
||||
BN_num_bits(host_key->n),
|
||||
SSH_KEY_BITS_RESERVED);
|
||||
"SSH_KEY_BITS_RESERVED %d",
|
||||
BN_num_bits(public_key->n),
|
||||
BN_num_bits(host_key->n),
|
||||
SSH_KEY_BITS_RESERVED);
|
||||
}
|
||||
rsa_public_encrypt(key, key, host_key);
|
||||
rsa_public_encrypt(key, key, public_key);
|
||||
|
@ -1064,7 +1064,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
|
|||
/* Check that the selected cipher is supported. */
|
||||
if (!(supported_ciphers & (1 << options.cipher)))
|
||||
fatal("Selected cipher type %.100s not supported by server.",
|
||||
cipher_name(options.cipher));
|
||||
cipher_name(options.cipher));
|
||||
|
||||
debug("Encryption type: %.100s", cipher_name(options.cipher));
|
||||
|
||||
|
@ -1117,7 +1117,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
|
|||
#endif
|
||||
int i, type;
|
||||
int payload_len;
|
||||
|
||||
|
||||
if (supported_authentications == 0)
|
||||
fatal("ssh_userauth1: server supports no auth methods");
|
||||
|
||||
|
@ -1139,12 +1139,12 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
|
|||
goto success;
|
||||
if (type != SSH_SMSG_FAILURE)
|
||||
packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
|
||||
|
||||
|
||||
#ifdef KRB5
|
||||
if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
|
||||
options.kerberos_authentication) {
|
||||
options.kerberos_authentication) {
|
||||
debug("Trying Kerberos v5 authentication.");
|
||||
|
||||
|
||||
if (try_krb5_authentication(&context, &auth_context)) {
|
||||
type = packet_read(&payload_len);
|
||||
if (type == SSH_SMSG_SUCCESS)
|
||||
|
@ -1154,12 +1154,12 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
|
|||
}
|
||||
}
|
||||
#endif /* KRB5 */
|
||||
|
||||
|
||||
#ifdef KRB4
|
||||
if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
|
||||
options.kerberos_authentication) {
|
||||
debug("Trying Kerberos v4 authentication.");
|
||||
|
||||
|
||||
if (try_krb4_authentication()) {
|
||||
type = packet_read(&payload_len);
|
||||
if (type == SSH_SMSG_SUCCESS)
|
||||
|
@ -1169,7 +1169,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
|
|||
}
|
||||
}
|
||||
#endif /* KRB4 */
|
||||
|
||||
|
||||
/*
|
||||
* Use rhosts authentication if running in privileged socket and we
|
||||
* do not wish to remain anonymous.
|
||||
|
@ -1254,7 +1254,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
|
|||
if (context)
|
||||
krb5_free_context(context);
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef AFS
|
||||
/* Try Kerberos v4 TGT passing if the server supports it. */
|
||||
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.87 2001/12/05 10:06:13 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.88 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/md5.h>
|
||||
|
@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
|
|||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||
}
|
||||
if (options.hostkeyalgorithms != NULL)
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
||||
options.hostkeyalgorithms;
|
||||
|
||||
/* start key exchange */
|
||||
|
@ -613,7 +613,7 @@ load_identity_file(char *filename)
|
|||
if (options.batch_mode)
|
||||
return NULL;
|
||||
snprintf(prompt, sizeof prompt,
|
||||
"Enter passphrase for key '%.100s': ", filename);
|
||||
"Enter passphrase for key '%.100s': ", filename);
|
||||
for (i = 0; i < options.number_of_password_prompts; i++) {
|
||||
passphrase = read_passphrase(prompt, 0);
|
||||
if (strcmp(passphrase, "") != 0) {
|
||||
|
@ -646,7 +646,7 @@ identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
|
|||
return -1;
|
||||
|
||||
/* private key is stored in external hardware */
|
||||
if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
|
||||
if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
|
||||
return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen);
|
||||
|
||||
private = load_identity_file(options.identity_files[idx]);
|
||||
|
|
4
sshd.8
4
sshd.8
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.156 2001/12/06 13:30:06 markus Exp $
|
||||
.\" $OpenBSD: sshd.8,v 1.157 2001/12/19 07:18:56 deraadt Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
|
@ -253,7 +253,7 @@ authentication, and termination of each connection is logged.
|
|||
.It Fl t
|
||||
Test mode.
|
||||
Only check the validity of the configuration file and sanity of the keys.
|
||||
This is useful for updating
|
||||
This is useful for updating
|
||||
.Nm
|
||||
reliably as configuration options may change.
|
||||
.It Fl u Ar len
|
||||
|
|
20
sshd.c
20
sshd.c
|
@ -40,7 +40,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshd.c,v 1.216 2001/12/10 16:45:04 stevesk Exp $");
|
||||
RCSID("$OpenBSD: sshd.c,v 1.217 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
|
@ -399,7 +399,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
|
|||
fatal_cleanup();
|
||||
}
|
||||
debug("Client protocol version %d.%d; client software version %.100s",
|
||||
remote_major, remote_minor, remote_version);
|
||||
remote_major, remote_minor, remote_version);
|
||||
|
||||
compat_datafellows(remote_version);
|
||||
|
||||
|
@ -467,7 +467,7 @@ destroy_sensitive_data(void)
|
|||
key_free(sensitive_data.server_key);
|
||||
sensitive_data.server_key = NULL;
|
||||
}
|
||||
for(i = 0; i < options.num_host_key_files; i++) {
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
if (sensitive_data.host_keys[i]) {
|
||||
key_free(sensitive_data.host_keys[i]);
|
||||
sensitive_data.host_keys[i] = NULL;
|
||||
|
@ -483,7 +483,7 @@ list_hostkey_types(void)
|
|||
static char buf[1024];
|
||||
int i;
|
||||
buf[0] = '\0';
|
||||
for(i = 0; i < options.num_host_key_files; i++) {
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
Key *key = sensitive_data.host_keys[i];
|
||||
if (key == NULL)
|
||||
continue;
|
||||
|
@ -506,7 +506,7 @@ static Key *
|
|||
get_hostkey_by_type(int type)
|
||||
{
|
||||
int i;
|
||||
for(i = 0; i < options.num_host_key_files; i++) {
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
Key *key = sensitive_data.host_keys[i];
|
||||
if (key != NULL && key->type == type)
|
||||
return key;
|
||||
|
@ -687,9 +687,9 @@ main(int ac, char **av)
|
|||
utmp_len = atoi(optarg);
|
||||
break;
|
||||
case 'o':
|
||||
if (process_server_config_line(&options, optarg,
|
||||
if (process_server_config_line(&options, optarg,
|
||||
"command-line", 0) != 0)
|
||||
exit(1);
|
||||
exit(1);
|
||||
break;
|
||||
case '?':
|
||||
default:
|
||||
|
@ -734,14 +734,14 @@ main(int ac, char **av)
|
|||
|
||||
/* load private host keys */
|
||||
sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
|
||||
for(i = 0; i < options.num_host_key_files; i++)
|
||||
for (i = 0; i < options.num_host_key_files; i++)
|
||||
sensitive_data.host_keys[i] = NULL;
|
||||
sensitive_data.server_key = NULL;
|
||||
sensitive_data.ssh1_host_key = NULL;
|
||||
sensitive_data.have_ssh1_key = 0;
|
||||
sensitive_data.have_ssh2_key = 0;
|
||||
|
||||
for(i = 0; i < options.num_host_key_files; i++) {
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
key = key_load_private(options.host_key_files[i], "", NULL);
|
||||
sensitive_data.host_keys[i] = key;
|
||||
if (key == NULL) {
|
||||
|
@ -842,7 +842,7 @@ main(int ac, char **av)
|
|||
/* Chdir to the root directory so that the current disk can be
|
||||
unmounted if desired. */
|
||||
chdir("/");
|
||||
|
||||
|
||||
/* ignore SIGPIPE */
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $
|
||||
# $OpenBSD: sshd_config,v 1.43 2001/12/19 07:18:56 deraadt Exp $
|
||||
|
||||
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
||||
|
||||
|
@ -50,7 +50,7 @@ HostbasedAuthentication no
|
|||
PasswordAuthentication yes
|
||||
PermitEmptyPasswords no
|
||||
|
||||
# Uncomment to disable s/key passwords
|
||||
# Uncomment to disable s/key passwords
|
||||
#ChallengeResponseAuthentication no
|
||||
|
||||
# Uncomment to enable PAM keyboard-interactive authentication
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshlogin.c,v 1.2 2001/03/24 16:43:27 stevesk Exp $");
|
||||
RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "loginrec.h"
|
||||
|
||||
|
@ -67,7 +67,7 @@ get_last_login_time(uid_t uid, const char *logname,
|
|||
|
||||
void
|
||||
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
|
||||
const char *host, struct sockaddr * addr)
|
||||
const char *host, struct sockaddr * addr)
|
||||
{
|
||||
struct logininfo *li;
|
||||
|
||||
|
|
22
sshpty.c
22
sshpty.c
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshpty.c,v 1.3 2001/07/22 21:32:27 markus Exp $");
|
||||
RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#ifdef HAVE_UTIL_H
|
||||
# include <util.h>
|
||||
|
@ -156,7 +156,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
|
|||
*ttyfd = open(name, O_RDWR | O_NOCTTY);
|
||||
if (*ttyfd < 0) {
|
||||
error("Could not open pty slave side %.100s: %.100s",
|
||||
name, strerror(errno));
|
||||
name, strerror(errno));
|
||||
close(*ptyfd);
|
||||
return 0;
|
||||
}
|
||||
|
@ -328,7 +328,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
|
|||
fd = open(_PATH_TTY, O_WRONLY);
|
||||
if (fd < 0)
|
||||
error("open /dev/tty failed - could not set controlling tty: %.100s",
|
||||
strerror(errno));
|
||||
strerror(errno));
|
||||
else {
|
||||
close(fd);
|
||||
}
|
||||
|
@ -339,7 +339,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
|
|||
|
||||
void
|
||||
pty_change_window_size(int ptyfd, int row, int col,
|
||||
int xpixel, int ypixel)
|
||||
int xpixel, int ypixel)
|
||||
{
|
||||
struct winsize w;
|
||||
w.ws_row = row;
|
||||
|
@ -378,15 +378,15 @@ pty_setowner(struct passwd *pw, const char *ttyname)
|
|||
|
||||
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
|
||||
if (chown(ttyname, pw->pw_uid, gid) < 0) {
|
||||
if (errno == EROFS &&
|
||||
if (errno == EROFS &&
|
||||
(st.st_uid == pw->pw_uid || st.st_uid == 0))
|
||||
error("chown(%.100s, %d, %d) failed: %.100s",
|
||||
ttyname, pw->pw_uid, gid,
|
||||
strerror(errno));
|
||||
ttyname, pw->pw_uid, gid,
|
||||
strerror(errno));
|
||||
else
|
||||
fatal("chown(%.100s, %d, %d) failed: %.100s",
|
||||
ttyname, pw->pw_uid, gid,
|
||||
strerror(errno));
|
||||
ttyname, pw->pw_uid, gid,
|
||||
strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -395,10 +395,10 @@ pty_setowner(struct passwd *pw, const char *ttyname)
|
|||
if (errno == EROFS &&
|
||||
(st.st_mode & (S_IRGRP | S_IROTH)) == 0)
|
||||
error("chmod(%.100s, 0%o) failed: %.100s",
|
||||
ttyname, mode, strerror(errno));
|
||||
ttyname, mode, strerror(errno));
|
||||
else
|
||||
fatal("chmod(%.100s, 0%o) failed: %.100s",
|
||||
ttyname, mode, strerror(errno));
|
||||
ttyname, mode, strerror(errno));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
4
sshtty.c
4
sshtty.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshtty.c,v 1.1 2001/04/14 16:33:20 stevesk Exp $ */
|
||||
/* $OpenBSD: sshtty.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -46,7 +46,7 @@ static int _in_raw_mode = 0;
|
|||
int
|
||||
in_raw_mode(void)
|
||||
{
|
||||
return _in_raw_mode;
|
||||
return _in_raw_mode;
|
||||
}
|
||||
|
||||
struct termios
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ttymodes.c,v 1.14 2001/06/24 17:18:31 markus Exp $");
|
||||
RCSID("$OpenBSD: ttymodes.c,v 1.15 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "log.h"
|
||||
|
@ -396,7 +396,7 @@ tty_parse_modes(int fd, int *n_bytes_ptr)
|
|||
|
||||
default:
|
||||
debug("Ignoring unsupported tty mode opcode %d (0x%x)",
|
||||
opcode, opcode);
|
||||
opcode, opcode);
|
||||
if (!compat20) {
|
||||
/*
|
||||
* SSH1:
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: uidswap.c,v 1.18 2001/08/08 21:34:19 markus Exp $");
|
||||
RCSID("$OpenBSD: uidswap.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
|
||||
|
||||
#include "log.h"
|
||||
#include "uidswap.h"
|
||||
|
@ -67,7 +67,7 @@ temporarily_use_uid(struct passwd *pw)
|
|||
|
||||
privileged = 1;
|
||||
temporarily_use_uid_effective = 1;
|
||||
saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
|
||||
saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
|
||||
if (saved_egroupslen < 0)
|
||||
fatal("getgroups: %.100s", strerror(errno));
|
||||
|
||||
|
@ -76,7 +76,7 @@ temporarily_use_uid(struct passwd *pw)
|
|||
if (initgroups(pw->pw_name, pw->pw_gid) < 0)
|
||||
fatal("initgroups: %s: %.100s", pw->pw_name,
|
||||
strerror(errno));
|
||||
user_groupslen = getgroups(NGROUPS_MAX, user_groups);
|
||||
user_groupslen = getgroups(NGROUPS_MAX, user_groups);
|
||||
if (user_groupslen < 0)
|
||||
fatal("getgroups: %.100s", strerror(errno));
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue