tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2003/11/21 11:57:03 

[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
This commit is contained in:
Damien Miller 2003-11-21 23:48:55 +11:00
parent 8c5e91c03f
commit a8e06cef35
82 changed files with 854 additions and 850 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CREDITS
View File

@ -1,6 +1,6 @@
Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt, and Dug Song - Creators of OpenSSH
Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
@ -94,5 +94,5 @@ Apologies to anyone I have missed.
Damien Miller <djm@mindrot.org>
$Id: CREDITS,v 1.74 2003/09/07 02:34:54 dtucker Exp $
$Id: CREDITS,v 1.75 2003/11/21 12:48:55 djm Exp $

6
ChangeLog
View File

@ -3,6 +3,10 @@
- markus@cvs.openbsd.org 2003/11/20 11:39:28
[progressmeter.c]
fix rounding errors; from andreas@
- djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
20031118
- (djm) Fix early exit for root auth success when UsePAM=yes and
@ -1494,4 +1498,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.3118 2003/11/21 12:09:10 djm Exp $
$Id: ChangeLog,v 1.3119 2003/11/21 12:48:55 djm Exp $

52
INSTALL
View File

@ -4,21 +4,21 @@
You will need working installations of Zlib and OpenSSL.
Zlib 1.1.4 or greater:
http://www.gzip.org/zlib/
http://www.gzip.org/zlib/
OpenSSL 0.9.6 or greater:
http://www.openssl.org/
(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
Blowfish) do not work correctly.)
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
supports it. PAM is standard on Redhat and Debian Linux, Solaris and
HP-UX 11.
NB. If you operating system supports /dev/random, you should configure
OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
/dev/random. If you don't you will have to rely on ssh-rand-helper, which
NB. If you operating system supports /dev/random, you should configure
OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
/dev/random. If you don't you will have to rely on ssh-rand-helper, which
is inferior to a good kernel-based solution.
PAM:
@ -37,7 +37,7 @@ http://www.jmknoble.net/software/x11-ssh-askpass/
PRNGD:
If your system lacks Kernel based random collection, the use of Lutz
If your system lacks Kernel based random collection, the use of Lutz
Jaenicke's PRNGd is recommended.
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
@ -54,7 +54,7 @@ http://www.sparc.spb.su/solaris/skey/
If you wish to use --with-skey then you will need the above library
installed. No other current S/Key library is currently known to be
supported.
supported.
2. Building / Installation
--------------------------
@ -73,7 +73,7 @@ installation prefix, use the --prefix option to configure:
make
make install
Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override
Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override
specific paths, for example:
./configure --prefix=/opt --sysconfdir=/etc/ssh
@ -104,26 +104,26 @@ There are a few other options to the configure script:
--with-pam enables PAM support. If PAM support is compiled in, it must
also be enabled in sshd_config (refer to the UsePAM directive).
--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
support and to specify a PRNGd socket. Use this if your Unix lacks
/dev/random and you don't want to use OpenSSH's builtin entropy
--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
support and to specify a PRNGd socket. Use this if your Unix lacks
/dev/random and you don't want to use OpenSSH's builtin entropy
collection support.
--with-prngd-port=portnum allows you to enable EGD or PRNGD support
and to specify a EGD localhost TCP port. Use this if your Unix lacks
/dev/random and you don't want to use OpenSSH's builtin entropy
--with-prngd-port=portnum allows you to enable EGD or PRNGD support
and to specify a EGD localhost TCP port. Use this if your Unix lacks
/dev/random and you don't want to use OpenSSH's builtin entropy
collection support.
--with-lastlog=FILE will specify the location of the lastlog file.
--with-lastlog=FILE will specify the location of the lastlog file.
./configure searches a few locations for lastlog, but may not find
it if lastlog is installed in a different place.
--without-lastlog will disable lastlog support entirely.
--with-osfsia, --without-osfsia will enable or disable OSF1's Security
--with-osfsia, --without-osfsia will enable or disable OSF1's Security
Integration Architecture. The default for OSF1 machines is enable.
--with-skey=PATH will enable S/Key one time password support. You will
--with-skey=PATH will enable S/Key one time password support. You will
need the S/Key libraries and header files installed for this to work.
--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
@ -134,12 +134,12 @@ if your operating system uses MD5 passwords and the system crypt() does
not support them directly (see the crypt(3/3c) man page). If enabled, the
resulting binary will support both MD5 and traditional crypt passwords.
--with-utmpx enables utmpx support. utmpx support is automatic for
--with-utmpx enables utmpx support. utmpx support is automatic for
some platforms.
--without-shadow disables shadow password support.
--with-ipaddr-display forces the use of a numeric IP address in the
--with-ipaddr-display forces the use of a numeric IP address in the
$DISPLAY environment variable. Some broken systems need this.
--with-default-path=PATH allows you to specify a default $PATH for sessions
@ -169,35 +169,35 @@ CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
3. Configuration
----------------
The runtime configuration files are installed by in ${prefix}/etc or
The runtime configuration files are installed by in ${prefix}/etc or
whatever you specified as your --sysconfdir (/usr/local/etc by default).
The default configuration should be instantly usable, though you should
The default configuration should be instantly usable, though you should
review it to ensure that it matches your security requirements.
To generate a host key, run "make host-key". Alternately you can do so
manually using the following commands:
manually using the following commands:
ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ""
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""
Replacing /etc/ssh with the correct path to the configuration directory.
(${prefix}/etc or whatever you specified with --sysconfdir during
(${prefix}/etc or whatever you specified with --sysconfdir during
configuration)
If you have configured OpenSSH with EGD support, ensure that EGD is
running and has collected some Entropy.
For more information on configuration, please refer to the manual pages
For more information on configuration, please refer to the manual pages
for sshd, ssh and ssh-agent.
4. Problems?
------------
If you experience problems compiling, installing or running OpenSSH.
If you experience problems compiling, installing or running OpenSSH.
Please refer to the "reporting bugs" section of the webpage at
http://www.openssh.com/
$Id: INSTALL,v 1.62 2003/10/21 02:41:14 dtucker Exp $
$Id: INSTALL,v 1.63 2003/11/21 12:48:55 djm Exp $

42
LICENCE
View File

@ -45,16 +45,16 @@ OpenSSH contains no GPL code.
software are publicly available on the Internet and at any major
bookstore, scientific library, and patent office worldwide. More
information can be found e.g. at "http://www.cs.hut.fi/crypto".
The legal status of this program is some combination of all these
permissions and restrictions. Use only at your own responsibility.
You will be responsible for any legal consequences yourself; I am not
making any claims whether possessing or using this is legal or not in
your country, and I am not taking any responsibility on your behalf.
NO WARRANTY
NO WARRANTY
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
@ -64,7 +64,7 @@ OpenSSH contains no GPL code.
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
@ -112,15 +112,15 @@ OpenSSH contains no GPL code.
with the following license:
* @version 3.0 (December 2000)
*
*
* Optimised ANSI C code for the Rijndael cipher (now AES)
*
*
* @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
* @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
* @author Paulo Barreto <paulo.barreto@terra.com.br>
*
*
* This code is hereby placed in the public domain.
*
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -183,7 +183,7 @@ OpenSSH contains no GPL code.
Nils Nordman
Simon Wilkinson
Portable OpenSSH additionally includes code from the following copyright
Portable OpenSSH additionally includes code from the following copyright
holders, also under the 2-term BSD license:
Ben Lindstrom
@ -229,24 +229,24 @@ OpenSSH contains no GPL code.
a) md5crypt.c, md5crypt.h
* "THE BEER-WARE LICENSE" (Revision 42):
* <phk@login.dknet.dk> wrote this file. As long as you retain this
* notice you can do whatever you want with this stuff. If we meet
* some day, and you think this stuff is worth it, you can buy me a
* <phk@login.dknet.dk> wrote this file. As long as you retain this
* notice you can do whatever you want with this stuff. If we meet
* some day, and you think this stuff is worth it, you can buy me a
* beer in return. Poul-Henning Kamp
b) snprintf replacement
* Copyright Patrick Powell 1995
* This code is based on code written by Patrick Powell
* (papowell@astart.com) It may be used for any purpose as long as this
* This code is based on code written by Patrick Powell
* (papowell@astart.com) It may be used for any purpose as long as this
* notice remains intact on all source code distributions
c) Compatibility code (openbsd-compat)
Apart from the previously mentioned licenses, various pieces of code
Apart from the previously mentioned licenses, various pieces of code
in the openbsd-compat/ subdirectory are licensed as follows:
Some code is licensed under a 3-term BSD license, to the following
Some code is licensed under a 3-term BSD license, to the following
copyright holders:
Todd C. Miller
@ -279,7 +279,7 @@ OpenSSH contains no GPL code.
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
Some code is licensed under an ISC-style license, to the following
Some code is licensed under an ISC-style license, to the following
copyright holders:
Internet Software Consortium.
@ -297,7 +297,7 @@ OpenSSH contains no GPL code.
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Some code is licensed under a MIT-style license to the following
Some code is licensed under a MIT-style license to the following
copyright holders:
Free Software Foundation, Inc.
@ -329,4 +329,4 @@ OpenSSH contains no GPL code.
------
$OpenBSD: LICENCE,v 1.17 2003/08/22 20:55:06 markus Exp $
$OpenBSD: LICENCE,v 1.18 2003/11/21 11:57:02 djm Exp $

22
Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.252 2003/10/07 00:18:22 djm Exp $
# $Id: Makefile.in,v 1.253 2003/11/21 12:48:55 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -140,22 +140,22 @@ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o
$(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o
$(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
$(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -193,12 +193,12 @@ moduli:
echo
clean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core
(cd openbsd-compat && $(MAKE) clean)
distclean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core
rm -f Makefile config.h config.status ssh_prng_cmds *~
rm -rf autom4te.cache
@ -343,7 +343,7 @@ uninstallall: uninstall
-rmdir $(DESTDIR)$(mandir)
-rmdir $(DESTDIR)$(libexecdir)
uninstall:
uninstall:
-rm -f $(DESTDIR)$(bindir)/slogin
-rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT)
-rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT)

18
OVERVIEW
View File

@ -5,7 +5,7 @@ to developers.]
This document is intended for those who wish to read the ssh source
code. This tries to give an overview of the structure of the code.
Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>
Updated 17 Nov 1995.
Updated 19 Oct 1999 for OpenSSH-1.2
@ -20,7 +20,7 @@ There are some subsystems/abstractions that are used by a number of
these programs.
Buffer manipulation routines
- These provide an arbitrary size buffer, where data can be appended.
Data can be consumed from either end. The code is used heavily
throughout ssh. The basic buffer manipulation functions are in
@ -28,7 +28,7 @@ these programs.
data types is in bufaux.c.
Compression Library
- Ssh uses the GNU GZIP compression library (ZLIB).
Encryption/Decryption
@ -89,7 +89,7 @@ these programs.
code is linked into the server. The routines also manipulate
known hosts files using code in hostfile.c. Code in canohost.c
is used to retrieve the canonical host name of the remote host.
Code in match.c is used to match host names.
Code in match.c is used to match host names.
- In the client end, authentication code is in sshconnect.c. It
reads Passwords/passphrases using code in readpass.c. It reads
@ -147,10 +147,10 @@ these programs.
operations, and finally the server enters the normal session
mode by calling server_loop in serverloop.c. This does the real
work, calling functions in other modules.
- The code for the server is in sshd.c. It contains a lot of
stuff, including:
- server main program
- server main program
- waiting for connections
- processing new connection
- authentication
@ -162,9 +162,9 @@ these programs.
- There are several other files in the distribution that contain
various auxiliary routines:
ssh.h the main header file for ssh (various definitions)
getput.h byte-order independent storage of integers
includes.h includes most system headers. Lots of #ifdefs.
ssh.h the main header file for ssh (various definitions)
getput.h byte-order independent storage of integers
includes.h includes most system headers. Lots of #ifdefs.
tildexpand.c expand tilde in file names
uidswap.c uid-swapping
xmalloc.c "safe" malloc routines

20
README
View File

@ -1,4 +1,4 @@
- A Japanese translation of this document and of the OpenSSH FAQ is
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>
@ -13,10 +13,10 @@ Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at http://www.openssh.com/
This port consists of the re-introduction of autoconf support, PAM
support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
for OpenBSD library functions that are (regrettably) absent from other
unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD,
Irix and AIX. Support for SCO, NeXT and other Unices is underway.
support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
for OpenBSD library functions that are (regrettably) absent from other
unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD,
Irix and AIX. Support for SCO, NeXT and other Unices is underway.
This version actively tracks changes in the OpenBSD CVS repository.
The PAM support is now more functional than the popular packages of
@ -32,20 +32,20 @@ Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by
unsubscribed users.
If you are a citizen of an USA-embargoed country to which export of
cryptographic products is restricted, then please refrain from sending
If you are a citizen of an USA-embargoed country to which export of
cryptographic products is restricted, then please refrain from sending
crypto-related code or patches to the list. We cannot accept them.
Other code contribution are accepted, but please follow the OpenBSD
style guidelines[6].
Please refer to the INSTALL document for information on how to install
OpenSSH on your system. There are a number of differences between this
OpenSSH on your system. There are a number of differences between this
port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
for details and general tips.
Damien Miller <djm@mindrot.org>
Miscellania -
Miscellania -
This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
@ -63,4 +63,4 @@ References -
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.51 2003/01/08 12:28:40 djm Exp $
$Id: README,v 1.52 2003/11/21 12:48:55 djm Exp $

12
README.privsep
View File

@ -1,15 +1,15 @@
Privilege separation, or privsep, is method in OpenSSH by which
operations that require root privilege are performed by a separate
privileged monitor process. Its purpose is to prevent privilege
escalation by containing corruption to an unprivileged process.
escalation by containing corruption to an unprivileged process.
More information is available at:
http://www.citi.umich.edu/u/provos/ssh/privsep.html
Privilege separation is now enabled by default; see the
UsePrivilegeSeparation option in sshd_config(5).
On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
compression must be disabled in order for privilege separation to
On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
compression must be disabled in order for privilege separation to
function.
When privsep is enabled, during the pre-authentication phase sshd will
@ -38,9 +38,9 @@ privsep user and chroot directory:
Privsep requires operating system support for file descriptor passing.
Compression will be disabled on systems without a working mmap MAP_ANON.
PAM-enabled OpenSSH is known to function with privsep on Linux.
PAM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system
configuration.
configuration.
On Compaq Tru64 Unix, only the pre-authentication part of privsep is
supported. Post-authentication privsep is disabled automatically (so
@ -61,4 +61,4 @@ process 1005 is the sshd process listening for new connections.
process 6917 is the privileged monitor process, 6919 is the user owned
sshd process and 6921 is the shell process.
$Id: README.privsep,v 1.12 2003/08/26 00:48:15 djm Exp $
$Id: README.privsep,v 1.13 2003/11/21 12:48:55 djm Exp $

14
README.smartcard
View File

@ -1,7 +1,7 @@
How to use smartcards with OpenSSH?
OpenSSH contains experimental support for authentication using
Cyberflex smartcards and TODOS card readers, in addition to the cards
Cyberflex smartcards and TODOS card readers, in addition to the cards
with PKCS#15 structure supported by OpenSC. To enable this you
need to:
@ -27,8 +27,8 @@ Using libsectok:
sectok> login -d
sectok> jload /usr/libdata/ssh/Ssh.bin
sectok> setpass
Enter new AUT0 passphrase:
Re-enter passphrase:
Enter new AUT0 passphrase:
Re-enter passphrase:
sectok> quit
Do not forget the passphrase. There is no way to
@ -51,9 +51,9 @@ Using libsectok:
$ sectok
sectok> login -d
sectok> acl 0012 world: w
world: w
AUT0: w inval
sectok> acl 0012 world: w
world: w
AUT0: w inval
sectok> quit
If you do this, anyone who has access to your card
@ -90,4 +90,4 @@ Common operations:
-markus,
Tue Jul 17 23:54:51 CEST 2001
$OpenBSD: README.smartcard,v 1.8 2002/03/26 18:56:23 rees Exp $
$OpenBSD: README.smartcard,v 1.9 2003/11/21 11:57:02 djm Exp $

4
RFC.nroff
View File

@ -137,7 +137,7 @@ pseudo tty, starting X11 [X11] or TCP/IP port forwarding, starting
authentication agent forwarding, and executing the shell or a command.
When a shell or command is executed, the connection enters interactive
session mode. In this mode, data is passed in both directions,
session mode. In this mode, data is passed in both directions,
new forwarded connections may be opened, etc. The interactive session
normally terminates when the server sends the exit status of the
program to the client.
@ -372,7 +372,7 @@ previous versions keep the same major protocol version; changes that
are not compatible increment the major version (which will hopefully
never happen). The version described in this document is 1.3.
The client will
The client will
.ti 0
Key Exchange and Server Host Authentication

12
TODO
View File

@ -8,7 +8,7 @@ Documentation:
- Install FAQ?
- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
would be best to use them.
would be best to use them.
- Create a Documentation/ directory?
@ -17,7 +17,7 @@ Programming:
- Grep for 'XXX' comments and fix
- Link order is incorrect for some systems using Kerberos 4 and AFS. Result
is multiple inclusion of DES symbols. Holger Trapp
is multiple inclusion of DES symbols. Holger Trapp
<holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure
generated link order from:
-lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto
@ -26,7 +26,7 @@ Programming:
fixing the problem.
- Write a test program that calls stat() to search for EGD/PRNGd socket
rather than use the (non-portable) "test -S".
rather than use the (non-portable) "test -S".
- More platforms for for setproctitle() emulation (testing needed)
@ -70,7 +70,7 @@ Clean up configure/makefiles:
to allow people to (right/wrongfully) link against Bind directly.
- Consider splitting configure.ac into seperate files which do logically
similar tests. E.g move all the type detection stuff into one file,
similar tests. E.g move all the type detection stuff into one file,
entropy related stuff into another.
Packaging:
@ -86,7 +86,7 @@ PrivSep Issues:
+ /dev/zero solution (Solaris)
+ No/broken MAP_ANON (Irix)
+ broken /dev/zero parse (Linux)
- PAM
- PAM
+ See above PAM notes
- AIX
+ usrinfo() does not set TTY, but only required for legacy systems. Works
@ -96,4 +96,4 @@ PrivSep Issues:
- Cygwin
+ Privsep for Pre-auth only (no fd passing)
$Id: TODO,v 1.55 2003/06/11 13:56:41 dtucker Exp $
$Id: TODO,v 1.56 2003/11/21 12:48:55 djm Exp $

10
WARNING.RNG
View File

@ -44,16 +44,16 @@ the specified program.
The random number code will also read and save a seed file to
~/.ssh/prng_seed. This contents of this file are added to the random
number generator at startup. The goal here is to maintain as much
number generator at startup. The goal here is to maintain as much
randomness between sessions as possible.
The default entropy collection code has two main problems:
1. It is slow.
Executing each program in the list can take a large amount of time,
especially on slower machines. Additionally some program can take a
disproportionate time to execute.
Executing each program in the list can take a large amount of time,
especially on slower machines. Additionally some program can take a
disproportionate time to execute.
Tuning the default entropy collection code is difficult at this point.
It requires doing 'times ./ssh-rand-helper' and modifying the
@ -93,4 +93,4 @@ If you are forced to use ssh-rand-helper consider still downloading
prngd/egd and configure OpenSSH using --with-prngd-port=xx or
--with-prngd-socket=xx (refer to INSTALL for more information).
$Id: WARNING.RNG,v 1.5 2002/04/14 13:16:05 djm Exp $
$Id: WARNING.RNG,v 1.6 2003/11/21 12:48:55 djm Exp $

2
auth-chall.c
View File

@ -84,7 +84,7 @@ verify_response(Authctxt *authctxt, const char *response)
if ((device->query(authctxt->kbdintctxt, &name, &info,
&numprompts, &prompts, &echo_on)) != 0)
break;
if (numprompts == 0 &&
if (numprompts == 0 &&
device->respond(authctxt->kbdintctxt, 0, resp) == 0)
authenticated = 1;

6
auth-krb5.c
View File

@ -28,7 +28,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-krb5.c,v 1.14 2003/11/04 08:54:09 djm Exp $");
RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -136,11 +136,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
if (problem)
goto out;
if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
authctxt->pw->pw_name)) {
problem = -1;
goto out;
}
}
snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());

44
auth-pam.c
View File

@ -31,7 +31,7 @@
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
RCSID("$Id: auth-pam.c,v 1.82 2003/11/18 01:45:36 dtucker Exp $");
RCSID("$Id: auth-pam.c,v 1.83 2003/11/21 12:48:55 djm Exp $");
#ifdef USE_PAM
#include <security/pam_appl.h>
@ -59,11 +59,11 @@ extern Buffer loginmsg;
#ifdef USE_POSIX_THREADS
#include <pthread.h>
/*
* Avoid namespace clash when *not* using pthreads for systems *with*
* pthreads, which unconditionally define pthread_t via sys/types.h
* Avoid namespace clash when *not* using pthreads for systems *with*
* pthreads, which unconditionally define pthread_t via sys/types.h
* (e.g. Linux)
*/
typedef pthread_t sp_pthread_t;
typedef pthread_t sp_pthread_t;
#else
/*
* Simulate threads with processes.
@ -136,7 +136,7 @@ static char **
pam_getenvlist(pam_handle_t *pamh)
{
/*
* XXX - If necessary, we can still support envrionment passing
* XXX - If necessary, we can still support envrionment passing
* for platforms without pam_getenvlist by searching for known
* env vars (e.g. KRB5CCNAME) from the PAM environment.
*/
@ -203,21 +203,21 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
for (i = 0; i < n; ++i) {
switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer,
buffer_put_cstring(&buffer,
PAM_MSG_MEMBER(msg, i, msg));
if (ssh_msg_send(ctxt->pam_csock,
if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
goto fail;
if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
goto fail;
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
reply[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer,
buffer_put_cstring(&buffer,
PAM_MSG_MEMBER(msg, i, msg));
if (ssh_msg_send(ctxt->pam_csock,
if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
goto fail;
if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
@ -227,16 +227,16 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
reply[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_ERROR_MSG:
buffer_put_cstring(&buffer,
buffer_put_cstring(&buffer,
PAM_MSG_MEMBER(msg, i, msg));
if (ssh_msg_send(ctxt->pam_csock,
if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
goto fail;
break;
case PAM_TEXT_INFO:
buffer_put_cstring(&buffer,
buffer_put_cstring(&buffer,
PAM_MSG_MEMBER(msg, i, msg));
if (ssh_msg_send(ctxt->pam_csock,
if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
goto fail;
break;
@ -402,11 +402,11 @@ sshpam_init(const char *user)
return (-1);
}
#ifdef PAM_TTY_KLUDGE
/*
* Some silly PAM modules (e.g. pam_time) require a TTY to operate.
* sshd doesn't set the tty until too late in the auth process and
/*
* Some silly PAM modules (e.g. pam_time) require a TTY to operate.
* sshd doesn't set the tty until too late in the auth process and
* may not even set one (for tty-less connections)
*/
*/
debug("PAM: setting PAM_TTY to \"ssh\"");
sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
if (sshpam_err != PAM_SUCCESS) {
@ -695,7 +695,7 @@ pam_tty_conv(int n, const struct pam_message **msg,
switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
case PAM_PROMPT_ECHO_OFF:
reply[i].resp =
read_passphrase(PAM_MSG_MEMBER(msg, i, msg),
read_passphrase(PAM_MSG_MEMBER(msg, i, msg),
RP_ALLOW_STDIN);
reply[i].resp_retcode = PAM_SUCCESS;
break;
@ -752,7 +752,7 @@ do_pam_chauthtok(void)
void
do_pam_session(void)
{
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&tty_conv);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
@ -764,13 +764,13 @@ do_pam_session(void)
sshpam_session_open = 1;
}
/*
/*
* Set a PAM environment string. We need to do this so that the session
* modules can handle things like Kerberos/GSI credentials that appear
* during the ssh authentication process.
*/
int
do_pam_putenv(char *name, char *value)
do_pam_putenv(char *name, char *value)
{
int ret = 1;
#ifdef HAVE_PAM_PUTENV

8
auth-passwd.c
View File

@ -97,7 +97,7 @@ auth_password(Authctxt *authctxt, const char *password)
if (authenticate(pw->pw_name, password, &reenter,
&authmsg) == 0 && ok) {
char *msg;
char *host =
char *host =
(char *)get_canonical_hostname(options.use_dns);
authsuccess = 1;
@ -106,13 +106,13 @@ auth_password(Authctxt *authctxt, const char *password)
debug3("AIX/authenticate succeeded for user %s: %.100s",
pw->pw_name, authmsg);
/* No pty yet, so just label the line as "ssh" */
/* No pty yet, so just label the line as "ssh" */
aix_setauthdb(authctxt->user);
if (loginsuccess(authctxt->user, host, "ssh",
if (loginsuccess(authctxt->user, host, "ssh",
&msg) == 0) {
if (msg != NULL) {
debug("%s: msg %s", __func__, msg);
buffer_append(&loginmsg, msg,
buffer_append(&loginmsg, msg,
strlen(msg));
xfree(msg);
}

2
auth-sia.c
View File

@ -83,7 +83,7 @@ session_setup_sia(struct passwd *pw, char *tty)
host = get_canonical_hostname(options.use_dns);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name,
if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name,
tty, 0, NULL) != SIASUCCESS)
fatal("sia_ses_init failed");

10
auth.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth.c,v 1.50 2003/09/23 20:17:11 markus Exp $");
RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
@ -129,7 +129,7 @@ allowed_user(struct passwd * pw)
#endif /* HAS_SHADOW_EXPIRE */
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
/* grab passwd field for locked account check */
/* grab passwd field for locked account check */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
if (spw != NULL)
passwd = spw->sp_pwdp;
@ -137,7 +137,7 @@ allowed_user(struct passwd * pw)
passwd = pw->pw_passwd;
#endif
/* check for locked account */
/* check for locked account */
if (!options.use_pam && passwd && *passwd) {
int locked = 0;
@ -249,7 +249,7 @@ allowed_user(struct passwd * pw)
if ((pw->pw_uid != 0) && (geteuid() == 0)) {
char *msg;
if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
int loginrestrict_errno = errno;
if (msg && *msg) {
@ -259,7 +259,7 @@ allowed_user(struct passwd * pw)
pw->pw_name, msg);
}
/* Don't fail if /etc/nologin set */
if (!(loginrestrict_errno == EPERM &&
if (!(loginrestrict_errno == EPERM &&
stat(_PATH_NOLOGIN, &st) == 0))
return 0;
}

2
auth1.c
View File

@ -246,7 +246,7 @@ do_authloop(Authctxt *authctxt)
#endif
#ifdef USE_PAM
if (options.use_pam && authenticated &&
if (options.use_pam && authenticated &&
!PRIVSEP(do_pam_account()))
authenticated = 0;
#endif

8
auth2-gss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2-gss.c,v 1.6 2003/11/17 11:06:07 markus Exp $ */
/* $OpenBSD: auth2-gss.c,v 1.7 2003/11/21 11:57:03 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -82,11 +82,11 @@ userauth_gssapi(Authctxt *authctxt)
present = 0;
doid = packet_get_string(&len);
if (len > 2 &&
if (len > 2 &&
doid[0] == SSH_GSS_OIDTYPE &&
doid[1] == len - 2) {
oid.elements = doid + 2;
oid.length = len - 2;
oid.elements = doid + 2;
oid.length = len - 2;
gss_test_oid_set_member(&ms, &oid, supported,
&present);
} else {

4
authfd.c
View File

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: authfd.c,v 1.62 2003/09/18 13:02:21 miod Exp $");
RCSID("$OpenBSD: authfd.c,v 1.63 2003/11/21 11:57:03 djm Exp $");
#include <openssl/evp.h>
@ -590,7 +590,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
}
int
ssh_update_card(AuthenticationConnection *auth, int add,
ssh_update_card(AuthenticationConnection *auth, int add,
const char *reader_id, const char *pin, u_int life, u_int confirm)
{
Buffer msg;

4
authfd.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.h,v 1.33 2003/06/11 11:18:38 djm Exp $ */
/* $OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -83,7 +83,7 @@ int ssh_add_identity_constrained(AuthenticationConnection *, Key *,
int ssh_remove_identity(AuthenticationConnection *, Key *);
int ssh_remove_all_identities(AuthenticationConnection *, int);
int ssh_lock_agent(AuthenticationConnection *, int, const char *);
int ssh_update_card(AuthenticationConnection *, int, const char *,
int ssh_update_card(AuthenticationConnection *, int, const char *,
const char *, u_int, u_int);
int

2
buffer.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: buffer.c,v 1.20 2003/09/19 09:03:00 markus Exp $");
RCSID("$OpenBSD: buffer.c,v 1.21 2003/11/21 11:57:03 djm Exp $");
#include "xmalloc.h"
#include "buffer.h"

6
channels.c
View File

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.197 2003/09/23 20:41:11 markus Exp $");
RCSID("$OpenBSD: channels.c,v 1.198 2003/11/21 11:57:03 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -970,7 +970,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
have = buffer_len(&c->input);
if (!(c->flags & SSH_SOCKS5_AUTHDONE)) {
/* format: ver | nmethods | methods */
if (have < 2)
if (have < 2)
return 0;
nmethods = p[1];
if (have < nmethods + 2)
@ -1397,7 +1397,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
data = buffer_ptr(&c->output);
dlen = buffer_len(&c->output);
#ifdef _AIX
/* XXX: Later AIX versions can't push as much data to tty */
/* XXX: Later AIX versions can't push as much data to tty */
if (compat20 && c->wfd_isatty && dlen > 8*1024)
dlen = 8*1024;
#endif

4
cipher-ctr.c
View File

@ -14,7 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
RCSID("$OpenBSD: cipher-ctr.c,v 1.2 2003/06/17 18:14:23 markus Exp $");
RCSID("$OpenBSD: cipher-ctr.c,v 1.3 2003/11/21 11:57:03 djm Exp $");
#include <openssl/evp.h>
@ -94,7 +94,7 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
EVP_CIPHER_CTX_set_app_data(ctx, c);
}
if (key != NULL)
AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
if (iv != NULL)
memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
return (1);

158
config.guess vendored
View File

@ -174,7 +174,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
fi
;;
*)
os=netbsd
os=netbsd
;;
esac
# The OS release
@ -382,23 +382,23 @@ EOF
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
exit 0 ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
echo m68k-atari-mint${UNAME_RELEASE}
exit 0 ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
echo m68k-milan-mint${UNAME_RELEASE}
exit 0 ;;
echo m68k-milan-mint${UNAME_RELEASE}
exit 0 ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
echo m68k-hades-mint${UNAME_RELEASE}
exit 0 ;;
echo m68k-hades-mint${UNAME_RELEASE}
exit 0 ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
echo m68k-unknown-mint${UNAME_RELEASE}
exit 0 ;;
echo m68k-unknown-mint${UNAME_RELEASE}
exit 0 ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
exit 0 ;;
@ -462,8 +462,8 @@ EOF
echo m88k-motorola-sysv3
exit 0 ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
@ -476,7 +476,7 @@ EOF
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
exit 0 ;;
exit 0 ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit 0 ;;
@ -573,52 +573,52 @@ EOF
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
esac ;;
esac
esac ;;
esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#define _HPUX_SOURCE
#include <stdlib.h>
#include <unistd.h>
#define _HPUX_SOURCE
#include <stdlib.h>
#include <unistd.h>
int main ()
{
#if defined(_SC_KERNEL_BITS)
long bits = sysconf(_SC_KERNEL_BITS);
#endif
long cpu = sysconf (_SC_CPU_VERSION);
int main ()
{
#if defined(_SC_KERNEL_BITS)
long bits = sysconf(_SC_KERNEL_BITS);
#endif
long cpu = sysconf (_SC_CPU_VERSION);
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
case CPU_PA_RISC2_0:
#if defined(_SC_KERNEL_BITS)
switch (bits)
{
case 64: puts ("hppa2.0w"); break;
case 32: puts ("hppa2.0n"); break;
default: puts ("hppa2.0"); break;
} break;
#else /* !defined(_SC_KERNEL_BITS) */
puts ("hppa2.0"); break;
#endif
default: puts ("hppa1.0"); break;
}
exit (0);
}
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
case CPU_PA_RISC2_0:
#if defined(_SC_KERNEL_BITS)
switch (bits)
{
case 64: puts ("hppa2.0w"); break;
case 32: puts ("hppa2.0n"); break;
default: puts ("hppa2.0"); break;
} break;
#else /* !defined(_SC_KERNEL_BITS) */
puts ("hppa2.0"); break;
#endif
default: puts ("hppa1.0"); break;
}
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`$dummy`
if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
@ -689,22 +689,22 @@ EOF
exit 0 ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
exit 0 ;;
exit 0 ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit 0 ;;
exit 0 ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
exit 0 ;;
exit 0 ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
exit 0 ;;
exit 0 ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
exit 0 ;;
exit 0 ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
@ -731,10 +731,10 @@ EOF
exit 0 ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit 0 ;;
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit 0 ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
exit 0 ;;
@ -836,7 +836,7 @@ EOF
EV6) UNAME_MACHINE=alphaev6 ;;
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
esac
objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
@ -875,7 +875,7 @@ EOF
s/.*supported targets: *//
s/ .*//
p'`
case "$ld_supported_targets" in
case "$ld_supported_targets" in
elf32-i386)
TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
;;
@ -925,11 +925,11 @@ EOF
echo i386-sequent-sysv4
exit 0 ;;
i*86:UNIX_SV:4.2MP:2.*)
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
# I am not positive that other SVR4 systems won't match this,
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
# I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
# Use sysv4.2uw... so that sysv4* matches it.
# Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
exit 0 ;;
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
@ -971,10 +971,10 @@ EOF
exit 0 ;;
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i386.
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i386.
echo i386-pc-msdosdjgpp
exit 0 ;;
exit 0 ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit 0 ;;
@ -1003,8 +1003,8 @@ EOF
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4 && exit 0 ;;
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& echo i486-ncr-sysv4 && exit 0 ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit 0 ;;
@ -1041,9 +1041,9 @@ EOF
fi
exit 0 ;;
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
# says <Richard.M.Bartel@ccMail.Census.GOV>
echo i586-unisys-sysv4
exit 0 ;;
# says <Richard.M.Bartel@ccMail.Census.GOV>
echo i586-unisys-sysv4
exit 0 ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
@ -1065,11 +1065,11 @@ EOF
exit 0 ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
echo mips-nec-sysv${UNAME_RELEASE}
echo mips-nec-sysv${UNAME_RELEASE}
else
echo mips-unknown-sysv${UNAME_RELEASE}
echo mips-unknown-sysv${UNAME_RELEASE}
fi
exit 0 ;;
exit 0 ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
exit 0 ;;
@ -1179,11 +1179,11 @@ main ()
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
"4"
"4"
#else
""
#endif
); exit (0);
); exit (0);
#endif
#endif

48
config.sub vendored
View File

@ -162,10 +162,10 @@ case $os in
os=-chorusos
basic_machine=$1
;;
-chorusrdb)
os=-chorusrdb
-chorusrdb)
os=-chorusrdb
basic_machine=$1
;;
;;
-hiux*)
os=-hiuxwe2
;;
@ -748,7 +748,7 @@ case $basic_machine in
pbb)
basic_machine=m68k-tti
;;
pc532 | pc532-*)
pc532 | pc532-*)
basic_machine=ns32k-pc532
;;
pentium | p5 | k5 | k6 | nexgen | viac3)
@ -775,22 +775,22 @@ case $basic_machine in
power) basic_machine=power-ibm
;;
ppc) basic_machine=powerpc-unknown
;;
;;
ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
;;
;;
ppcle-* | powerpclittle-*)
basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64) basic_machine=powerpc64-unknown
;;
;;
ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
basic_machine=powerpc64le-unknown
;;
;;
ppc64le-* | powerpc64little-*)
basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
@ -886,11 +886,11 @@ case $basic_machine in
sun386 | sun386i | roadrunner)
basic_machine=i386-sun
;;
sv1)
sv1)
basic_machine=sv1-cray
os=-unicos
;;
sx*-nec)
sx*-nec)
basic_machine=sx6-nec
os=-sysv
;;
@ -948,8 +948,8 @@ case $basic_machine in
os=-vms
;;
vpp*|vx|vx-*)
basic_machine=f301-fujitsu
;;
basic_machine=f301-fujitsu
;;
vxworks960)
basic_machine=i960-wrs
os=-vxworks
@ -974,7 +974,7 @@ case $basic_machine in
basic_machine=i386-pc
os=-windows32-msvcrt
;;
xps | xps100)
xps | xps100)
basic_machine=xps100-honeywell
;;
ymp)
@ -1029,7 +1029,7 @@ case $basic_machine in
sparc | sparcv9 | sparcv9b)
basic_machine=sparc-sun
;;
cydra)
cydra)
basic_machine=cydra-cydrome
;;
orion)
@ -1074,8 +1074,8 @@ esac
if [ x"$os" != x"" ]
then
case $os in
# First match some system type aliases
# that might get confused with valid system types.
# First match some system type aliases
# that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
@ -1179,7 +1179,7 @@ case $os in
os=-rtmk-nova
;;
-ns2 )
os=-nextstep2
os=-nextstep2
;;
-nsk*)
os=-nsk
@ -1218,8 +1218,8 @@ case $os in
-xenix)
os=-xenix
;;
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
os=-mint
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
os=-mint
;;
-none)
;;
@ -1256,7 +1256,7 @@ case $basic_machine in
pdp10-*)
os=-tops20
;;
pdp11-*)
pdp11-*)
os=-none
;;
*-dec | vax-*)
@ -1349,19 +1349,19 @@ case $basic_machine in
*-next)
os=-nextstep3
;;
*-gould)
*-gould)
os=-sysv
;;
*-highlevel)
*-highlevel)
os=-bsd
;;
*-encore)
os=-bsd
;;
*-sgi)
*-sgi)
os=-irix
;;
*-siemens)
*-siemens)
os=-sysv4
;;
*-masscomp)

266
configure.ac
View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.173 2003/10/15 06:57:57 dtucker Exp $
# $Id: configure.ac,v 1.174 2003/11/21 12:48:55 djm Exp $
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
@ -48,7 +48,7 @@ fi
AC_SUBST(LD)
AC_C_INLINE
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
fi
@ -57,7 +57,7 @@ case "$host" in
*-*-aix*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
if (test -z "$blibpath"); then
blibpath="/usr/lib:/lib:/usr/local/lib"
fi
@ -252,7 +252,7 @@ mips-sony-bsd|mips-sony-newsos4)
;;
*-*-solaris*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
need_dash_r=1
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
@ -581,10 +581,10 @@ AC_ARG_WITH(zlib,
AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
dnl UnixWare 2.x
AC_CHECK_FUNC(strcasecmp,
AC_CHECK_FUNC(strcasecmp,
[], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
)
AC_CHECK_FUNC(utimes,
AC_CHECK_FUNC(utimes,
[], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
LIBS="$LIBS -lc89"]) ]
)
@ -604,7 +604,7 @@ AC_EGREP_CPP(FOUNDIT,
#ifdef GLOB_ALTDIRFUNC
FOUNDIT
#endif
],
],
[
AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
AC_MSG_RESULT(yes)
@ -617,17 +617,17 @@ AC_EGREP_CPP(FOUNDIT,
# Check for g.gl_matchc glob() extension
AC_MSG_CHECKING(for gl_matchc field in glob_t)
AC_EGREP_CPP(FOUNDIT,
[
#include <glob.h>
[
#include <glob.h>
int main(void){glob_t g; g.gl_matchc = 1;}
],
[
AC_DEFINE(GLOB_HAS_GL_MATCHC)
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
]
],
[
AC_DEFINE(GLOB_HAS_GL_MATCHC)
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
]
)
AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
@ -637,7 +637,7 @@ AC_TRY_RUN(
#include <dirent.h>
int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
@ -645,10 +645,10 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
)
# Check whether user wants S/Key support
SKEY_MSG="no"
SKEY_MSG="no"
AC_ARG_WITH(skey,
[ --with-skey[[=PATH]] Enable S/Key support
(optionally in PATH)],
(optionally in PATH)],
[
if test "x$withval" != "xno" ; then
@ -659,7 +659,7 @@ AC_ARG_WITH(skey,
AC_DEFINE(SKEY)
LIBS="-lskey $LIBS"
SKEY_MSG="yes"
SKEY_MSG="yes"
AC_MSG_CHECKING([for s/key support])
AC_TRY_RUN(
@ -681,7 +681,7 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
TCPW_MSG="no"
AC_ARG_WITH(tcp-wrappers,
[ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
(optionally in PATH)],
(optionally in PATH)],
[
if test "x$withval" != "xno" ; then
saved_LIBS="$LIBS"
@ -771,7 +771,7 @@ AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
dnl tcsendbreak might be a macro
AC_CHECK_DECL(tcsendbreak,
[AC_DEFINE(HAVE_TCSENDBREAK)],
[AC_CHECK_FUNCS(tcsendbreak)],
[AC_CHECK_FUNCS(tcsendbreak)],
[#include <termios.h>]
)
@ -784,12 +784,12 @@ dnl Checks for utmpx functions
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
AC_CHECK_FUNC(daemon,
AC_CHECK_FUNC(daemon,
[AC_DEFINE(HAVE_DAEMON)],
[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
)
AC_CHECK_FUNC(getpagesize,
AC_CHECK_FUNC(getpagesize,
[AC_DEFINE(HAVE_GETPAGESIZE)],
[AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
)
@ -802,7 +802,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then
#include <stdio.h>
int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_SNPRINTF)
@ -826,14 +826,14 @@ unlink(template); exit(0);
[
AC_MSG_RESULT(no)
],
[
[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_STRICT_MKSTEMP)
],
[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_STRICT_MKSTEMP)
]
]
)
fi
@ -858,7 +858,7 @@ main()
exit(1);
} else if (pid > 0) { /* parent */
waitpid(pid, &status, 0);
if (WIFEXITED(status))
if (WIFEXITED(status))
exit(WEXITSTATUS(status));
else
exit(2);
@ -922,8 +922,8 @@ if test "x$PAM_MSG" = "xyes" ; then
[
#include <stdlib.h>
#include <security/pam_appl.h>
],
[(void)pam_strerror((pam_handle_t *)NULL, -1);],
],
[(void)pam_strerror((pam_handle_t *)NULL, -1);],
[AC_MSG_RESULT(no)],
[
AC_DEFINE(HAVE_OLD_PAM)
@ -994,12 +994,12 @@ AC_TRY_RUN(
#include <openssl/opensslv.h>
#define DATA "conftest.sslincver"
int main(void) {
FILE *fd;
int rc;
FILE *fd;
int rc;
fd = fopen(DATA,"w");
if(fd == NULL)
exit(1);
fd = fopen(DATA,"w");
if(fd == NULL)
exit(1);
if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
exit(1);
@ -1027,12 +1027,12 @@ AC_TRY_RUN(
#include <openssl/crypto.h>
#define DATA "conftest.ssllibver"
int main(void) {
FILE *fd;
int rc;
FILE *fd;
int rc;
fd = fopen(DATA,"w");
if(fd == NULL)
exit(1);
fd = fopen(DATA,"w");
if(fd == NULL)
exit(1);
if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
exit(1);
@ -1069,7 +1069,7 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.])
]
)
# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
# version in OpenSSL. Skip this for PAM
if test "x$check_for_libcrypt_later" = "x1"; then
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
@ -1104,7 +1104,7 @@ AC_ARG_WITH(rand-helper,
[ --with-rand-helper Use subprocess to gather strong randomness ],
[
if test "x$withval" = "xno" ; then
# Force use of OpenSSL's internal RNG, even if
# Force use of OpenSSL's internal RNG, even if
# the previous test showed it to be unseeded.
if test -z "$OPENSSL_SEEDS_ITSELF" ; then
AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
@ -1241,7 +1241,7 @@ test -d /sbin && PATH=$PATH:/sbin
test -d /usr/sbin && PATH=$PATH:/usr/sbin
PATH=$PATH:/etc:$OPATH
# These programs are used by the command hashing source to gather entropy
# These programs are used by the command hashing source to gather entropy
OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
@ -1297,8 +1297,8 @@ fi
# More checks for data types
AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
AC_TRY_COMPILE(
[ #include <sys/types.h> ],
[ u_int a; a = 1;],
[ #include <sys/types.h> ],
[ u_int a; a = 1;],
[ ac_cv_have_u_int="yes" ],
[ ac_cv_have_u_int="no" ]
)
@ -1310,8 +1310,8 @@ fi
AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
AC_TRY_COMPILE(
[ #include <sys/types.h> ],
[ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
[ #include <sys/types.h> ],
[ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
[ ac_cv_have_intxx_t="yes" ],
[ ac_cv_have_intxx_t="no" ]
)
@ -1322,12 +1322,12 @@ if test "x$ac_cv_have_intxx_t" = "xyes" ; then
fi
if (test -z "$have_intxx_t" && \
test "x$ac_cv_header_stdint_h" = "xyes")
test "x$ac_cv_header_stdint_h" = "xyes")
then
AC_MSG_CHECKING([for intXX_t types in stdint.h])
AC_TRY_COMPILE(
[ #include <stdint.h> ],
[ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
[ #include <stdint.h> ],
[ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
[
AC_DEFINE(HAVE_INTXX_T)
AC_MSG_RESULT(yes)
@ -1347,8 +1347,8 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
#ifdef HAVE_SYS_BITYPES_H
# include <sys/bitypes.h>
#endif
],
[ int64_t a; a = 1;],
],
[ int64_t a; a = 1;],
[ ac_cv_have_int64_t="yes" ],
[ ac_cv_have_int64_t="no" ]
)
@ -1359,8 +1359,8 @@ fi
AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
AC_TRY_COMPILE(
[ #include <sys/types.h> ],
[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
[ #include <sys/types.h> ],
[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
[ ac_cv_have_u_intxx_t="yes" ],
[ ac_cv_have_u_intxx_t="no" ]
)
@ -1373,8 +1373,8 @@ fi
if test -z "$have_u_intxx_t" ; then
AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
AC_TRY_COMPILE(
[ #include <sys/socket.h> ],
[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
[ #include <sys/socket.h> ],
[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
[
AC_DEFINE(HAVE_U_INTXX_T)
AC_MSG_RESULT(yes)
@ -1385,8 +1385,8 @@ fi
AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
AC_TRY_COMPILE(
[ #include <sys/types.h> ],
[ u_int64_t a; a = 1;],
[ #include <sys/types.h> ],
[ u_int64_t a; a = 1;],
[ ac_cv_have_u_int64_t="yes" ],
[ ac_cv_have_u_int64_t="no" ]
)
@ -1399,7 +1399,7 @@ fi
if test -z "$have_u_int64_t" ; then
AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
AC_TRY_COMPILE(
[ #include <sys/bitypes.h> ],
[ #include <sys/bitypes.h> ],
[ u_int64_t a; a = 1],
[
AC_DEFINE(HAVE_U_INT64_T)
@ -1414,8 +1414,8 @@ if test -z "$have_u_intxx_t" ; then
AC_TRY_COMPILE(
[
#include <sys/types.h>
],
[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
],
[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
[ ac_cv_have_uintxx_t="yes" ],
[ ac_cv_have_uintxx_t="no" ]
)
@ -1428,8 +1428,8 @@ fi
if test -z "$have_uintxx_t" ; then
AC_MSG_CHECKING([for uintXX_t types in stdint.h])
AC_TRY_COMPILE(
[ #include <stdint.h> ],
[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
[ #include <stdint.h> ],
[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
[
AC_DEFINE(HAVE_UINTXX_T)
AC_MSG_RESULT(yes)
@ -1439,25 +1439,25 @@ if test -z "$have_uintxx_t" ; then
fi
if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
test "x$ac_cv_header_sys_bitypes_h" = "xyes")
test "x$ac_cv_header_sys_bitypes_h" = "xyes")
then
AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
AC_TRY_COMPILE(
[
#include <sys/bitypes.h>
],
],
[
int8_t a; int16_t b; int32_t c;
u_int8_t e; u_int16_t f; u_int32_t g;
a = b = c = e = f = g = 1;
],
],
[
AC_DEFINE(HAVE_U_INTXX_T)
AC_DEFINE(HAVE_INTXX_T)
AC_MSG_RESULT(yes)
],
[AC_MSG_RESULT(no)]
)
)
fi
@ -1638,8 +1638,8 @@ fi
AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
AC_TRY_COMPILE(
[ #include <sys/time.h> ],
[ struct timeval tv; tv.tv_sec = 1;],
[ #include <sys/time.h> ],
[ struct timeval tv; tv.tv_sec = 1;],
[ ac_cv_have_struct_timeval="yes" ],
[ ac_cv_have_struct_timeval="no" ]
)
@ -1679,7 +1679,7 @@ main()
strcpy(expected_out, "9223372036854775807");
snprintf(buf, mazsize, "%lld", num);
if(strcmp(buf, expected_out) != 0)
exit(1);
exit(1);
exit(0);
}
#else
@ -1837,8 +1837,8 @@ if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
fi
AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
AC_TRY_LINK([],
[ extern char *__progname; printf("%s", __progname); ],
AC_TRY_LINK([],
[ extern char *__progname; printf("%s", __progname); ],
[ ac_cv_libc_defines___progname="yes" ],
[ ac_cv_libc_defines___progname="no" ]
)
@ -1850,8 +1850,8 @@ fi
AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
AC_TRY_LINK([
#include <stdio.h>
],
[ printf("%s", __FUNCTION__); ],
],
[ printf("%s", __FUNCTION__); ],
[ ac_cv_cc_implements___FUNCTION__="yes" ],
[ ac_cv_cc_implements___FUNCTION__="no" ]
)
@ -1863,8 +1863,8 @@ fi
AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
AC_TRY_LINK([
#include <stdio.h>
],
[ printf("%s", __func__); ],
],
[ printf("%s", __func__); ],
[ ac_cv_cc_implements___func__="yes" ],
[ ac_cv_cc_implements___func__="no" ]
)
@ -1889,8 +1889,8 @@ if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
fi
AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
AC_TRY_LINK([],
[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
AC_TRY_LINK([],
[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
[ ac_cv_libc_defines_sys_errlist="yes" ],
[ ac_cv_libc_defines_sys_errlist="no" ]
)
@ -1901,8 +1901,8 @@ fi
AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
AC_TRY_LINK([],
[ extern int sys_nerr; printf("%i", sys_nerr);],
AC_TRY_LINK([],
[ extern int sys_nerr; printf("%i", sys_nerr);],
[ ac_cv_libc_defines_sys_nerr="yes" ],
[ ac_cv_libc_defines_sys_nerr="no" ]
)
@ -1911,7 +1911,7 @@ if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
AC_DEFINE(HAVE_SYS_NERR)
fi
SCARD_MSG="no"
SCARD_MSG="no"
# Check whether user wants sectok support
AC_ARG_WITH(sectok,
[ --with-sectok Enable smartcard support using libsectok],
@ -1937,7 +1937,7 @@ AC_ARG_WITH(sectok,
fi
AC_DEFINE(SMARTCARD)
AC_DEFINE(USE_SECTOK)
SCARD_MSG="yes, using sectok"
SCARD_MSG="yes, using sectok"
fi
]
)
@ -1957,12 +1957,12 @@ if test x$opensc_config_prefix != x ; then
LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
AC_DEFINE(SMARTCARD)
AC_DEFINE(USE_OPENSC)
SCARD_MSG="yes, using OpenSC"
SCARD_MSG="yes, using OpenSC"
fi
fi
# Check libraries needed by DNS fingerprint support
AC_SEARCH_LIBS(getrrsetbyname, resolv,
AC_SEARCH_LIBS(getrrsetbyname, resolv,
[AC_DEFINE(HAVE_GETRRSETBYNAME)],
[
# Needed by our getrrsetbyname()
@ -1975,37 +1975,37 @@ AC_SEARCH_LIBS(getrrsetbyname, resolv,
])
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
[ --with-kerberos5=PATH Enable Kerberos 5 support],
[
if test "x$withval" != "xno" ; then
if test "x$withval" = "xyes" ; then
KRB5ROOT="/usr/local"
else
KRB5ROOT=${withval}
fi
[ --with-kerberos5=PATH Enable Kerberos 5 support],
[
if test "x$withval" != "xno" ; then
if test "x$withval" = "xyes" ; then
KRB5ROOT="/usr/local"
else
KRB5ROOT=${withval}
fi
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
AC_DEFINE(KRB5)
LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
AC_DEFINE(KRB5)
KRB5_MSG="yes"
AC_MSG_CHECKING(whether we are using Heimdal)
AC_TRY_COMPILE([ #include <krb5.h> ],
[ char *tmp = heimdal_version; ],
[ AC_MSG_RESULT(yes)
AC_DEFINE(HEIMDAL)
K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
],
[ AC_MSG_RESULT(no)
K5LIBS="-lkrb5 -lk5crypto -lcom_err"
]
)
if test ! -z "$need_dash_r" ; then
LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
fi
if test ! -z "$blibpath" ; then
blibpath="$blibpath:${KRB5ROOT}/lib"
fi
AC_MSG_CHECKING(whether we are using Heimdal)
AC_TRY_COMPILE([ #include <krb5.h> ],
[ char *tmp = heimdal_version; ],
[ AC_MSG_RESULT(yes)
AC_DEFINE(HEIMDAL)
K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
],
[ AC_MSG_RESULT(no)
K5LIBS="-lkrb5 -lk5crypto -lcom_err"
]
)
if test ! -z "$need_dash_r" ; then
LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
fi
if test ! -z "$blibpath" ; then
blibpath="$blibpath:${KRB5ROOT}/lib"
fi
AC_SEARCH_LIBS(dn_expand, resolv)
AC_CHECK_LIB(gssapi,gss_init_sec_context,
@ -2013,7 +2013,7 @@ AC_ARG_WITH(kerberos5,
K5LIBS="-lgssapi $K5LIBS" ],
[ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
K5LIBS="-lgssapi_krb5 $K5LIBS" ],
K5LIBS="-lgssapi_krb5 $K5LIBS" ],
AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
$K5LIBS)
],
@ -2021,10 +2021,10 @@ AC_ARG_WITH(kerberos5,
AC_CHECK_HEADER(gssapi.h, ,
[ unset ac_cv_header_gssapi_h
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
AC_CHECK_HEADERS(gssapi.h, ,
AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
)
)
]
)
@ -2033,9 +2033,9 @@ AC_ARG_WITH(kerberos5,
AC_CHECK_HEADER(gssapi_krb5.h, ,
[ CPPFLAGS="$oldCPP" ])
KRB5=yes
fi
]
KRB5=yes
fi
]
)
LIBS="$LIBS $K5LIBS"
@ -2100,7 +2100,7 @@ fi
if test -z "$no_dev_ptmx" ; then
if test "x$disable_ptmx_check" != "xyes" ; then
AC_CHECK_FILE("/dev/ptmx",
AC_CHECK_FILE("/dev/ptmx",
[
AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
have_dev_ptmx=1
@ -2108,7 +2108,7 @@ if test -z "$no_dev_ptmx" ; then
)
fi
fi
AC_CHECK_FILE("/dev/ptc",
AC_CHECK_FILE("/dev/ptc",
[
AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
have_dev_ptc=1
@ -2149,13 +2149,13 @@ fi
AC_SUBST(mansubdir)
# Check whether to enable MD5 passwords
MD5_MSG="no"
MD5_MSG="no"
AC_ARG_WITH(md5-passwords,
[ --with-md5-passwords Enable use of MD5 passwords],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(HAVE_MD5_PASSWORDS)
MD5_MSG="yes"
MD5_MSG="yes"
fi
]
)
@ -2195,13 +2195,13 @@ if test ! -z "$IPADDR_IN_DISPLAY" ; then
DISPLAY_HACK_MSG="yes"
AC_DEFINE(IPADDR_IN_DISPLAY)
else
DISPLAY_HACK_MSG="no"
DISPLAY_HACK_MSG="no"
AC_ARG_WITH(ipaddr-display,
[ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(IPADDR_IN_DISPLAY)
DISPLAY_HACK_MSG="yes"
DISPLAY_HACK_MSG="yes"
fi
]
)
@ -2225,7 +2225,7 @@ if test $ac_cv_func_login_getcapbool = "yes" -a \
fi
# Whether to mess with the default path
SERVER_PATH_MSG="(default)"
SERVER_PATH_MSG="(default)"
AC_ARG_WITH(default-path,
[ --with-default-path= Specify default \$PATH environment for server],
[
@ -2240,7 +2240,7 @@ Edit /etc/login.conf instead.])
$external_path_file .])
fi
user_path="$withval"
SERVER_PATH_MSG="$withval"
SERVER_PATH_MSG="$withval"
fi
],
[ if test "x$external_path_file" = "x/etc/login.conf" ; then
@ -2324,14 +2324,14 @@ AC_ARG_WITH(superuser-path,
AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
IPV4_IN6_HACK_MSG="no"
IPV4_IN6_HACK_MSG="no"
AC_ARG_WITH(4in6,
[ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
[
if test "x$withval" != "xno" ; then
AC_MSG_RESULT(yes)
AC_DEFINE(IPV4_IN_IPV6)
IPV4_IN6_HACK_MSG="yes"
IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT(no)
fi
@ -2339,7 +2339,7 @@ AC_ARG_WITH(4in6,
if test "x$inet6_default_4in6" = "xyes"; then
AC_MSG_RESULT([yes (default)])
AC_DEFINE(IPV4_IN_IPV6)
IPV4_IN6_HACK_MSG="yes"
IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT([no (default)])
fi
@ -2364,7 +2364,7 @@ piddir=/var/run
if test ! -d $piddir ; then
piddir=`eval echo ${sysconfdir}`
case $piddir in
NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
esac
fi
@ -2436,7 +2436,7 @@ AC_ARG_ENABLE(pututline,
[ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
[
if test "x$enableval" = "xno" ; then
AC_DEFINE(DISABLE_PUTUTLINE)
AC_DEFINE(DISABLE_PUTUTLINE)
fi
]
)
@ -2719,7 +2719,7 @@ echo ""
if test "x$PAM_MSG" = "xyes" ; then
echo "PAM is enabled. You may need to install a PAM control file "
echo "for sshd, otherwise password authentication may fail. "
echo "Example PAM control files can be found in the contrib/ "
echo "Example PAM control files can be found in the contrib/ "
echo "subdirectory"
echo ""
fi

6
contrib/README
View File

@ -1,4 +1,4 @@
Other patches and addons for OpenSSH. Please send submissions to
Other patches and addons for OpenSSH. Please send submissions to
djm@mindrot.org
Externally maintained
@ -7,7 +7,7 @@ Externally maintained
SSH Proxy Command -- connect.c
Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand
which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
https CONNECT style proxy server. His page for connect.c has extensive
documentation on its use as well as compiled versions for Win32.
@ -47,7 +47,7 @@ Dominik Brettnacher <domi@saargate.de>
mdoc2man.pl:
Converts mdoc formated manpages into normal manpages. This can be used
on Solaris machines to provide manpages that are not preformated.
on Solaris machines to provide manpages that are not preformated.
Contributed by Mark D. Roth <roth@feep.net>
redhat:

50
contrib/aix/buildbff.sh
View File

@ -1,12 +1,12 @@
#!/bin/sh
#
# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
# $Id: buildbff.sh,v 1.6 2003/08/25 05:01:04 dtucker Exp $
# $Id: buildbff.sh,v 1.7 2003/11/21 12:48:56 djm Exp $
#
# Author: Darren Tucker (dtucker at zip dot com dot au)
# This file is placed in the public domain and comes with absolutely
# no warranty.
#
#
# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
#
@ -45,7 +45,7 @@ fi
if [ ! -f Makefile ]
then
echo "Makefile not found (did you run configure?)"
exit 1
exit 1
fi
#
@ -96,12 +96,12 @@ then
PRIVSEP_PATH=/var/empty
fi
# Clean package build directory
# Clean package build directory
rm -rf $objdir/$PKGDIR
FAKE_ROOT=$objdir/$PKGDIR/root
mkdir -p $FAKE_ROOT
# Start by faking root install
# Start by faking root install
echo "Faking root install..."
cd $objdir
make install-nokeys DESTDIR=$FAKE_ROOT
@ -136,15 +136,15 @@ echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
#
# Set ssh and sshd parameters as per config.local
#
if [ "${PERMIT_ROOT_LOGIN}" = no ]
if [ "${PERMIT_ROOT_LOGIN}" = no ]
then
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
$FAKE_ROOT/${sysconfdir}/sshd_config
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
$FAKE_ROOT/${sysconfdir}/sshd_config
fi
if [ "${X11_FORWARDING}" = yes ]
then
perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
$FAKE_ROOT/${sysconfdir}/sshd_config
perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
$FAKE_ROOT/${sysconfdir}/sshd_config
fi
@ -190,13 +190,13 @@ cat <<EOF >>../openssh.post_i
echo Creating configs from defaults if necessary.
for cfgfile in ssh_config sshd_config ssh_prng_cmds
do
if [ ! -f $sysconfdir/\$cfgfile ]
then
echo "Creating \$cfgfile from default"
cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
else
echo "\$cfgfile already exists."
fi
if [ ! -f $sysconfdir/\$cfgfile ]
then
echo "Creating \$cfgfile from default"
cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
else
echo "\$cfgfile already exists."
fi
done
echo
@ -244,19 +244,19 @@ echo
# Generate keys unless they already exist
echo Creating host keys if required.
if [ -f "$sysconfdir/ssh_host_key" ] ; then
echo "$sysconfdir/ssh_host_key already exists, skipping."
echo "$sysconfdir/ssh_host_key already exists, skipping."
else
$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
fi
if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
else
$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
fi
if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
else
$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
else
$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
fi
echo
@ -369,7 +369,7 @@ echo Creating $PKGNAME-$VERSION.bff with backup...
rm -f $PKGNAME-$VERSION.bff
(
echo "./lpp_name"
find . ! -name lpp_name -a ! -name . -print
find . ! -name lpp_name -a ! -name . -print
) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
#

4
contrib/aix/inventory.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
#
# inventory.sh
# $Id: inventory.sh,v 1.5 2003/08/26 03:43:13 dtucker Exp $
# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $
#
# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
# This file is placed into the public domain.
@ -59,5 +59,5 @@ find . ! -name . -print | perl -ne '{
} elsif ( -d $_ ) {
# Entry is Directory
print "\ttype=DIRECTORY\n";
}
}
}'

8
contrib/caldera/ssh-host-keygen
View File

@ -1,6 +1,6 @@
#! /bin/sh
#
# $Id: ssh-host-keygen,v 1.1 2001/04/27 05:50:50 tim Exp $
# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $
#
# This script is normally run only *once* for a given host
# (in a given period of time) -- on updates/upgrades/recovery
@ -12,7 +12,7 @@ keydir=@sysconfdir@
keygen=@sshkeygen@
if [ -f $keydir/ssh_host_key -o \
-f $keydir/ssh_host_key.pub ]; then
-f $keydir/ssh_host_key.pub ]; then
echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
else
echo "Generating 1024 bit SSH1 RSA host key."
@ -20,7 +20,7 @@ else
fi
if [ -f $keydir/ssh_host_rsa_key -o \
-f $keydir/ssh_host_rsa_key.pub ]; then
-f $keydir/ssh_host_rsa_key.pub ]; then
echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
else
echo "Generating 1024 bit SSH2 RSA host key."
@ -28,7 +28,7 @@ else
fi
if [ -f $keydir/ssh_host_dsa_key -o \
-f $keydir/ssh_host_dsa_key.pub ]; then
-f $keydir/ssh_host_dsa_key.pub ]; then
echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key."
else
echo "Generating SSH2 DSA host key."

8
contrib/caldera/sshd.init
View File

@ -1,6 +1,6 @@
#! /bin/bash
#
# $Id: sshd.init,v 1.3 2001/11/03 19:09:33 tim Exp $
# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $
#
### BEGIN INIT INFO
# Provides:
@ -64,11 +64,11 @@ case "$1" in
SVIemptyConfig @sysconfdir@/sshd_config && exit 6
if [ ! \( -f @sysconfdir@/ssh_host_key -a \
-f @sysconfdir@/ssh_host_key.pub \) -a \
-f @sysconfdir@/ssh_host_key.pub \) -a \
! \( -f @sysconfdir@/ssh_host_rsa_key -a \
-f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
-f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
! \( -f @sysconfdir@/ssh_host_dsa_key -a \
-f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
-f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
echo "$SVIsubsys: host key not initialized: skipped!"
echo "$SVIsubsys: use ssh-host-keygen to generate one!"

4
contrib/cygwin/README
View File

@ -25,7 +25,7 @@ Important note for Windows 2003 Server users:
---------------------------------------------
2003 Server has a funny new feature. When starting services under SYSTEM
account, these services have nearly all user rights which SYSTEM holds...
account, these services have nearly all user rights which SYSTEM holds...
except for the "Create a token object" right, which is needed to allow
public key authentication :-(
@ -103,7 +103,7 @@ features of the FAT/FAT32 filesystems.
If you are installing OpenSSH the first time, you can generate global config
files and server keys by running
/usr/bin/ssh-host-config
Note that this binary archive doesn't contain default config files in /etc.

18
contrib/cygwin/ssh-host-config
View File

@ -263,7 +263,7 @@ then
net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
if [ "${sshd_in_passwd}" != "yes" ]
then
if [ "${sshd_in_sam}" != "yes" ]
if [ "${sshd_in_sam}" != "yes" ]
then
echo "Warning: The following function requires administrator privileges!"
if request "Should this script create a local user 'sshd' on this machine?"
@ -339,13 +339,13 @@ if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
then
grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
if [ -f "${_serv_tmp}" ]
then
then
if mv "${_serv_tmp}" "${_services}"
then
echo "Removing sshd from ${_wservices}"
else
echo "Removing sshd from ${_wservices} failed!"
fi
fi
rm -f "${_serv_tmp}"
else
echo "Removing sshd from ${_wservices} failed!"
@ -388,9 +388,9 @@ then
then
if mv "${_inetcnf_tmp}" "${_inetcnf}"
then
echo "Removed sshd from ${_inetcnf}"
echo "Removed sshd from ${_inetcnf}"
else
echo "Removing sshd from ${_inetcnf} failed!"
echo "Removing sshd from ${_inetcnf} failed!"
fi
rm -f "${_inetcnf_tmp}"
else
@ -462,7 +462,7 @@ then
do
if [ -n "${password_value}" ]
then
_password="${password_value}"
_password="${password_value}"
# Allow to ask for password if first try fails
password_value=""
else
@ -541,7 +541,7 @@ then
fi
if [ -n "${cygwin_value}" ]
then
_cygwin="${cygwin_value}"
_cygwin="${cygwin_value}"
else
echo
echo "Which value should the environment variable CYGWIN have when"
@ -574,9 +574,9 @@ then
then
if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
then
_user="sshd_server"
_user="sshd_server"
else
_user="system"
_user="system"
fi
chown "${_user}" ${SYSCONFDIR}/ssh*
chown "${_user}".544 ${LOCALSTATEDIR}/empty

16
contrib/findssl.sh
View File

@ -9,24 +9,24 @@
# Written by Darren Tucker (dtucker at zip dot com dot au)
# This file is placed in the public domain.
#
# $Id: findssl.sh,v 1.1 2003/06/24 10:22:10 dtucker Exp $
# $Id: findssl.sh,v 1.2 2003/11/21 12:48:56 djm Exp $
# 2002-07-27: Initial release.
# 2002-08-04: Added public domain notice.
# 2003-06-24: Incorporated readme, set library paths. First cvs version.
#
# "OpenSSL headers do not match your library" are usually caused by
# "OpenSSL headers do not match your library" are usually caused by
# OpenSSH's configure picking up an older version of OpenSSL headers
# or libraries. You can use the following # procedure to help identify
# the cause.
#
#
# The output of configure will tell you the versions of the OpenSSL
# headers and libraries that were picked up, for example:
#
#
# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001)
# checking whether OpenSSL's headers match the library... no
# configure: error: Your OpenSSL headers do not match your library
#
#
# Now run findssl.sh. This should identify the headers and libraries
# present and their versions. You should be able to identify the
# libraries and headers used and adjust your CFLAGS or remove incorrect
@ -37,7 +37,7 @@
# Searching for OpenSSL header files.
# 0x0090604fL /usr/include/openssl/opensslv.h
# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
#
#
# Searching for OpenSSL shared library files.
# 0x0090602fL /lib/libcrypto.so.0.9.6b
# 0x0090602fL /lib/libcrypto.so.2
@ -46,11 +46,11 @@
# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
# 0x0090600fL /usr/lib/libcrypto.so.0.9.6
# 0x0090600fL /usr/lib/libcrypto.so.1
#
#
# Searching for OpenSSL static library files.
# 0x0090602fL /usr/lib/libcrypto.a
# 0x0090604fL /usr/local/ssl/lib/libcrypto.a
#
#
# In this example, I gave configure no extra flags, so it's picking up
# the OpenSSL header from /usr/include/openssl (90604f) and the library
# from /usr/lib/ (90602f).

14
contrib/gnome-ssh-askpass1.c
View File

@ -23,14 +23,14 @@
*/
/*
* This is a simple GNOME SSH passphrase grabber. To use it, set the
* environment variable SSH_ASKPASS to point to the location of
* gnome-ssh-askpass before calling "ssh-add < /dev/null".
* This is a simple GNOME SSH passphrase grabber. To use it, set the
* environment variable SSH_ASKPASS to point to the location of
* gnome-ssh-askpass before calling "ssh-add < /dev/null".
*
* There is only two run-time options: if you set the environment variable
* "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
* pointer will be grabbed too. These may have some benefit to security if
* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
* pointer will be grabbed too. These may have some benefit to security if
* you don't trust your X server. We grab the keyboard always.
*/
@ -87,7 +87,7 @@ passphrase_dialog(char *message)
}
entry = gtk_entry_new();
gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE,
gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE,
FALSE, 0);
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
gtk_widget_grab_focus(entry);
@ -105,7 +105,7 @@ passphrase_dialog(char *message)
/* Grab focus */
if (grab_server)
XGrabServer(GDK_DISPLAY());
if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0,
if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0,
NULL, NULL, GDK_CURRENT_TIME))
goto nograb;
if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))

14
contrib/gnome-ssh-askpass2.c
View File

@ -25,14 +25,14 @@
/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
/*
* This is a simple GNOME SSH passphrase grabber. To use it, set the
* environment variable SSH_ASKPASS to point to the location of
* gnome-ssh-askpass before calling "ssh-add < /dev/null".
* This is a simple GNOME SSH passphrase grabber. To use it, set the
* environment variable SSH_ASKPASS to point to the location of
* gnome-ssh-askpass before calling "ssh-add < /dev/null".
*
* There is only two run-time options: if you set the environment variable
* "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
* pointer will be grabbed too. These may have some benefit to security if
* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
* pointer will be grabbed too. These may have some benefit to security if
* you don't trust your X server. We grab the keyboard always.
*/
@ -103,7 +103,7 @@ passphrase_dialog(char *message)
message);
entry = gtk_entry_new();
gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
FALSE, 0);
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
gtk_widget_grab_focus(entry);
@ -124,7 +124,7 @@ passphrase_dialog(char *message)
if (grab_pointer) {
for(;;) {
status = gdk_pointer_grab(
(GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
(GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
NULL, GDK_CURRENT_TIME);
if (status == GDK_GRAB_SUCCESS)
break;

6
contrib/redhat/openssh.spec
View File

@ -200,7 +200,7 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
--with-pam \
%endif
%if %{kerberos5}
--with-kerberos5=/usr/kerberos \
--with-kerberos5=/usr/kerberos \
%endif
@ -398,7 +398,7 @@ fi
%changelog
* Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
- Remove noip6 option. This may be controlled at run-time in client config
- Remove noip6 option. This may be controlled at run-time in client config
file using new AddressFamily directive
* Mon May 12 2003 Damien Miller <djm@mindrot.org>
@ -558,7 +558,7 @@ fi
* Sun Apr 8 2001 Preston Brown <pbrown@redhat.com>
- remove explicit openssl requirement, fixes builddistro issue
- make initscript stop() function wait until sshd really dead to avoid
- make initscript stop() function wait until sshd really dead to avoid
races in condrestart
* Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com>

2
contrib/solaris/README
View File

@ -17,7 +17,7 @@ Directions:
If all goes well you should have a solaris package ready to be installed.
If you have any problems with this script please post them to
If you have any problems with this script please post them to
openssh-unix-dev@mindrot.org and I will try to assist you as best as I can.
- Ben Lindstrom

56
contrib/solaris/buildpkg.sh
View File

@ -5,7 +5,7 @@
# The following code has been provide under Public Domain License. I really
# don't care what you use it for. Just as long as you don't complain to me
# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
#
#
umask 022
#
# Options for building the package
@ -13,7 +13,7 @@ umask 022
#
# uncommenting TEST_DIR and using
# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
# and
# and
# PKGNAME=tOpenSSH should allow testing a package without interfering
# with a real OpenSSH package on a system. This is not needed on systems
# that support the -R option to pkgadd.
@ -81,7 +81,7 @@ export PATH
# we will look for config.local to override the above options
[ -s ./config.local ] && . ./config.local
## Start by faking root install
## Start by faking root install
echo "Faking root install..."
START=`pwd`
OPENSSHD_IN=`dirname $0`/opensshd.in
@ -98,20 +98,20 @@ fi
## Fill in some details, like prefix and sysconfdir
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
do
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
done
## Collect value of privsep user
for confvar in SSH_PRIVSEP_USER
do
eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
done
## Set privsep defaults if not defined
if [ -z "$SSH_PRIVSEP_USER" ]
then
SSH_PRIVSEP_USER=sshd
SSH_PRIVSEP_USER=sshd
fi
## Extract common info requires for the 'info' part of the package.
@ -243,16 +243,16 @@ fi
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
then
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
echo "or group."
echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
echo "or group."
else
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
# create group if required
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep group $SSH_PRIVSEP_USER already exists."
else
# create group if required
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep group $SSH_PRIVSEP_USER already exists."
else
# Use gid of 67 if possible
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
then
@ -260,15 +260,15 @@ else
else
sshdgid="-g $SSHDGID"
fi
echo "Creating PrivSep group $SSH_PRIVSEP_USER."
\$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
fi
echo "Creating PrivSep group $SSH_PRIVSEP_USER."
\$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
fi
# Create user if required
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
else
# Create user if required
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
else
# Use uid of 67 if possible
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
then
@ -276,10 +276,10 @@ else
else
sshduid="-u $SSHDUID"
fi
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
\$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
\$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
fi
fi
fi
[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
@ -358,12 +358,12 @@ cat >mk-proto.awk << _EOF
BEGIN { print "i pkginfo"; print "i preinstall"; \\
print "i postinstall"; print "i preremove"; \\
print "i request"; print "i space"; \\
split("$SYSTEM_DIR",sys_files); }
split("$SYSTEM_DIR",sys_files); }
{
for (dir in sys_files) { if ( \$3 != sys_files[dir] )
{ \$5="root"; \$6="sys"; }
else
{ \$4="?"; \$5="?"; \$6="?"; break;}
{ \$5="root"; \$6="sys"; }
else
{ \$4="?"; \$5="?"; \$6="?"; break;}
} }
{ print; }
_EOF

16
contrib/solaris/opensshd.in
View File

@ -22,24 +22,24 @@ HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
checkkeys() {
if [ ! -f $HOST_KEY_RSA1 ]; then
${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
fi
if [ ! -f $HOST_KEY_DSA ]; then
${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
fi
if [ ! -f $HOST_KEY_RSA ]; then
${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
fi
}
stop_service() {
if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
PID=`${CAT} ${PIDFILE}`
PID=`${CAT} ${PIDFILE}`
fi
if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
${KILL} ${PID}
${KILL} ${PID}
else
echo "Unable to read PID file"
echo "Unable to read PID file"
fi
}
@ -55,8 +55,8 @@ start_service() {
sshd_rc=$?
if [ $sshd_rc -ne 0 ]; then
echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
exit $sshd_rc
echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
exit $sshd_rc
fi
echo done.
}

24
contrib/suse/openssh.spec
View File

@ -30,7 +30,7 @@ two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
up to date in terms of security and features, as well as removing all
patented algorithms to seperate libraries (OpenSSL).
This package includes all files necessary for both the OpenSSH
@ -100,8 +100,8 @@ make
cd contrib
gcc -O -g `gnome-config --cflags gnome gnomeui` \
gnome-ssh-askpass.c -o gnome-ssh-askpass \
`gnome-config --libs gnome gnomeui`
gnome-ssh-askpass.c -o gnome-ssh-askpass \
`gnome-config --libs gnome gnomeui`
cd ..
%install
@ -140,34 +140,34 @@ else
echo " /var/adm/fillup-templates/rc.config.sshd"
fi
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
echo "Generating SSH host key..."
echo "Generating SSH host key..."
/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
echo "Generating SSH DSA host key..."
echo "Generating SSH DSA host key..."
/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2
fi
if test -r /var/run/sshd.pid
then
echo "Restarting the running SSH daemon..."
echo "Restarting the running SSH daemon..."
/usr/sbin/rcsshd restart >&2
fi
%preun
if [ "$1" = 0 ]
then
echo "Stopping the SSH daemon..."
echo "Stopping the SSH daemon..."
/usr/sbin/rcsshd stop >&2
echo "Removing SSH stop/start scripts from the rc directories..."
rm /sbin/init.d/rc2.d/K20sshd
rm /sbin/init.d/rc2.d/S20sshd
rm /sbin/init.d/rc3.d/K20sshd
rm /sbin/init.d/rc3.d/S20sshd
rm /sbin/init.d/rc2.d/K20sshd
rm /sbin/init.d/rc2.d/S20sshd
rm /sbin/init.d/rc3.d/K20sshd
rm /sbin/init.d/rc3.d/S20sshd
fi
%files
%defattr(-,root,root)
%doc ChangeLog OVERVIEW README*
%doc ChangeLog OVERVIEW README*
%doc RFC.nroff TODO CREDITS LICENCE
%attr(0755,root,root) %dir /etc/ssh
%attr(0644,root,root) %config /etc/ssh/ssh_config

4
defines.h
View File

@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.103 2003/09/16 01:52:19 dtucker Exp $ */
/* $Id: defines.h,v 1.104 2003/11/21 12:48:55 djm Exp $ */
/* Constants */
@ -84,7 +84,7 @@ enum
# define S_ISDIR(mode) (((mode) & (_S_IFMT)) == (_S_IFDIR))
#endif /* S_ISDIR */
#ifndef S_ISREG
#ifndef S_ISREG
# define S_ISREG(mode) (((mode) & (_S_IFMT)) == (_S_IFREG))
#endif /* S_ISREG */

6
dns.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dns.c,v 1.8 2003/11/12 16:39:58 jakob Exp $ */
/* $OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@ -43,7 +43,7 @@
#include "uuencode.h"
extern char *__progname;
RCSID("$OpenBSD: dns.c,v 1.8 2003/11/12 16:39:58 jakob Exp $");
RCSID("$OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $");
#ifndef LWRES
static const char *errset_text[] = {
@ -145,7 +145,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
/*
* Verify the given hostname, address and host key using DNS.
* Returns 0 if lookup succeeds, -1 otherwise
* Returns 0 if lookup succeeds, -1 otherwise
*/
int
verify_host_key_dns(const char *hostname, struct sockaddr *address,

22
entropy.c
View File

@ -36,16 +36,16 @@
/*
* Portable OpenSSH PRNG seeding:
* If OpenSSL has not "internally seeded" itself (e.g. pulled data from
* /dev/random), then we execute a "ssh-rand-helper" program which
* collects entropy and writes it to stdout. The child program must
* If OpenSSL has not "internally seeded" itself (e.g. pulled data from
* /dev/random), then we execute a "ssh-rand-helper" program which
* collects entropy and writes it to stdout. The child program must
* write at least RANDOM_SEED_SIZE bytes. The child is run with stderr
* attached, so error/debugging output should be visible.
*
* XXX: we should tell the child how many bytes we need.
*/
RCSID("$Id: entropy.c,v 1.46 2003/08/25 01:16:21 mouring Exp $");
RCSID("$Id: entropy.c,v 1.47 2003/11/21 12:48:55 djm Exp $");
#ifndef OPENSSL_PRNG_ONLY
#define RANDOM_SEED_SIZE 48
@ -86,16 +86,16 @@ seed_rng(void)
close(p[1]);
close(devnull);
if (original_uid != original_euid &&
( seteuid(getuid()) == -1 ||
if (original_uid != original_euid &&
( seteuid(getuid()) == -1 ||
setuid(original_uid) == -1) ) {
fprintf(stderr, "(rand child) setuid(%li): %s\n",
fprintf(stderr, "(rand child) setuid(%li): %s\n",
(long int)original_uid, strerror(errno));
_exit(1);
}
execl(SSH_RAND_HELPER, "ssh-rand-helper", NULL);
fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n",
fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n",
SSH_RAND_HELPER, strerror(errno));
_exit(1);
}
@ -114,12 +114,12 @@ seed_rng(void)
close(p[0]);
if (waitpid(pid, &ret, 0) == -1)
fatal("Couldn't wait for ssh-rand-helper completion: %s",
fatal("Couldn't wait for ssh-rand-helper completion: %s",
strerror(errno));
signal(SIGCHLD, old_sigchld);
/* We don't mind if the child exits upon a SIGPIPE */
if (!WIFEXITED(ret) &&
if (!WIFEXITED(ret) &&
(!WIFSIGNALED(ret) || WTERMSIG(ret) != SIGPIPE))
fatal("ssh-rand-helper terminated abnormally");
if (WEXITSTATUS(ret) != 0)
@ -134,7 +134,7 @@ seed_rng(void)
}
void
init_rng(void)
init_rng(void)
{
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status

2
fixprogs
View File

@ -65,7 +65,7 @@ foreach (@infile) {
($null, $null, $rate) = split(/,/, $ent[0]);
$est = $rate / $entscale; # scale the estimate back
}
}
}
print OUT "\"$cmd\" $path $est\n";
}

6
gss-genr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-genr.c,v 1.2 2003/11/17 11:06:07 markus Exp $ */
/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -258,8 +258,8 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
}
void
ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
const char *context)
ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
const char *context)
{
buffer_init(b);
buffer_put_string(b, session_id2, session_id2_len);

14
gss-serv-krb5.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gss-serv-krb5.c,v 1.1 2003/08/22 10:56:09 markus Exp $ */
/* $OpenBSD: gss-serv-krb5.c,v 1.2 2003/11/21 11:57:03 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -48,7 +48,7 @@ static krb5_context krb_context = NULL;
/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
static int
static int
ssh_gssapi_krb5_init()
{
krb5_error_code problem;
@ -127,10 +127,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
{
int tmpfd;
char ccname[40];
snprintf(ccname, sizeof(ccname),
snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
logit("mkstemp(): %.100s", strerror(errno));
problem = errno;
@ -151,7 +151,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
}
#endif /* #ifdef HEIMDAL */
if ((problem = krb5_parse_name(krb_context,
if ((problem = krb5_parse_name(krb_context,
client->exportedname.value, &princ))) {
logit("krb5_parse_name(): %.100s",
krb5_get_err_text(krb_context, problem));
@ -169,7 +169,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
krb5_free_principal(krb_context, princ);
if ((maj_status = gss_krb5_copy_ccache(&min_status,
if ((maj_status = gss_krb5_copy_ccache(&min_status,
client->creds, ccache))) {
logit("gss_krb5_copy_ccache() failed");
krb5_cc_destroy(krb_context, ccache);

12
install-sh
View File

@ -125,7 +125,7 @@ if [ x"$dir_arg" != x ]; then
else
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if [ -f $src -o -d $src ]
@ -180,7 +180,7 @@ while [ $# -ne 0 ] ; do
shift
if [ ! -d "${pathcomp}" ] ;
then
then
$mkdirprog "${pathcomp}"
else
true
@ -202,17 +202,17 @@ else
# If we're going to rename the final executable, determine the name now.
if [ x"$transformarg" = x ]
if [ x"$transformarg" = x ]
then
dstfile=`basename $dst`
else
dstfile=`basename $dst $transformbasename |
dstfile=`basename $dst $transformbasename |
sed $transformarg`$transformbasename
fi
# don't allow the sed command to completely eliminate the filename
if [ x"$dstfile" = x ]
if [ x"$dstfile" = x ]
then
dstfile=`basename $dst`
else
@ -243,7 +243,7 @@ else
# Now rename the file to the real destination.
$doit $rmcmd -f $dstdir/$dstfile &&
$doit $mvcmd $dsttmp $dstdir/$dstfile
$doit $mvcmd $dsttmp $dstdir/$dstfile
fi &&

6
kex.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $");
#include <openssl/crypto.h>
@ -310,7 +310,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
xfree(hostkeyalg);
}
static int
static int
proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
{
static int check[] = {
@ -392,7 +392,7 @@ kex_choose_conf(Kex *kex)
kex->we_need = need;
/* ignore the next message if the proposals do not match */
if (first_kex_follows && !proposals_match(my, peer) &&
if (first_kex_follows && !proposals_match(my, peer) &&
!(datafellows & SSH_BUG_FIRSTKEX)) {
type = packet_read();
debug2("skipping next packet (type %u)", type);

6
loginrec.c
View File

@ -158,7 +158,7 @@
#include "log.h"
#include "atomicio.h"
RCSID("$Id: loginrec.c,v 1.52 2003/07/06 05:20:46 dtucker Exp $");
RCSID("$Id: loginrec.c,v 1.53 2003/11/21 12:48:55 djm Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
@ -442,7 +442,7 @@ login_write (struct logininfo *li)
int
login_utmp_only(struct logininfo *li)
{
li->type = LTYPE_LOGIN;
li->type = LTYPE_LOGIN;
login_set_current_time(li);
# ifdef USE_UTMP
utmp_write_entry(li);
@ -1534,7 +1534,7 @@ lastlog_get_entry(struct logininfo *li)
lastlog_populate_entry(li, &last);
return (1);
case -1:
error("%s: Error reading from %s: %s", __func__,
error("%s: Error reading from %s: %s", __func__,
LASTLOG_FILE, strerror(errno));
return (0);
default:

8
md5crypt.c
View File

@ -1,9 +1,9 @@
/*
* ----------------------------------------------------------------------------
* "THE BEER-WARE LICENSE" (Revision 42):
* <phk@login.dknet.dk> wrote this file. As long as you retain this
* notice you can do whatever you want with this stuff. If we meet some
* day, and you think this stuff is worth it, you can buy me a beer in
* <phk@login.dknet.dk> wrote this file. As long as you retain this
* notice you can do whatever you want with this stuff. If we meet some
* day, and you think this stuff is worth it, you can buy me a beer in
* return. Poul-Henning Kamp
* ----------------------------------------------------------------------------
*/
@ -13,7 +13,7 @@
#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
#include <openssl/md5.h>
RCSID("$Id: md5crypt.c,v 1.7 2003/05/30 06:58:23 dtucker Exp $");
RCSID("$Id: md5crypt.c,v 1.8 2003/11/21 12:48:55 djm Exp $");
/* 0 ... 63 => ascii - 64 */
static unsigned char itoa64[] =

158
mdoc2man.awk
View File

@ -76,19 +76,19 @@ function add(str) {
skip=1
ext=1
if(length(line)&&!(match(line," $")||prenl))
add(OFS)
add(OFS)
} else if(match(words[w],"^Xc$")) {
skip=1
ext=0
if(!extopt)
prenl++
prenl++
w=nwords
} else if(match(words[w],"^Bd$")) {
skip=1
if(match(words[w+1],"-literal")) {
literal=1
prenl++
w=nwords
literal=1
prenl++
w=nwords
}
} else if(match(words[w],"^Ed$")) {
skip=1
@ -96,7 +96,7 @@ function add(str) {
} else if(match(words[w],"^Ns$")) {
skip=1
if(!nospace)
nospace=1
nospace=1
sub(" $","",line)
} else if(match(words[w],"^No$")) {
skip=1
@ -107,20 +107,20 @@ function add(str) {
add("``")
add(words[++w])
while(w<nwords&&!match(words[w+1],"^[\\.,]"))
add(OFS words[++w])
add(OFS words[++w])
add("''")
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
nospace=1
} else if(match(words[w],"^Sq|Ql$")) {
skip=1
add("`" words[++w] "'")
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
nospace=1
} else if(match(words[w],"^Oo$")) {
skip=1
extopt=1
if(!nospace)
nospace=1
nospace=1
add("[")
} else if(match(words[w],"^Oc$")) {
skip=1
@ -129,9 +129,9 @@ function add(str) {
}
if(!skip) {
if(!nospace&&length(line)&&!(match(line," $")||prenl))
add(OFS)
add(OFS)
if(nospace==1)
nospace=0
nospace=0
}
if(match(words[w],"^Dd$")) {
date=wtail()
@ -158,69 +158,69 @@ function add(str) {
} else if(match(words[w],"^Re$")) {
prenl++
for(i=nrefauthors-1;i>0;i--) {
add(refauthors[i])
if(i>1)
add(", ")
add(refauthors[i])
if(i>1)
add(", ")
}
if(nrefauthors>1)
add(" and ")
add(" and ")
add(refauthors[0] ", \\fI" reftitle "\\fP")
if(length(refissue))
add(", " refissue)
add(", " refissue)
if(length(refdate))
add(", " refdate)
add(", " refdate)
if(length(refopt))
add(", " refopt)
add(", " refopt)
add(".")
reference=0
} else if(reference) {
if(match(words[w],"^%A$")) { refauthors[nrefauthors++]=wtail() }
if(match(words[w],"^%T$")) {
reftitle=wtail()
sub("^\"","",reftitle)
sub("\"$","",reftitle)
reftitle=wtail()
sub("^\"","",reftitle)
sub("\"$","",reftitle)
}
if(match(words[w],"^%N$")) { refissue=wtail() }
if(match(words[w],"^%D$")) { refdate=wtail() }
if(match(words[w],"^%O$")) { refopt=wtail() }
} else if(match(words[w],"^Nm$")) {
if(synopsis) {
add(".br")
prenl++
add(".br")
prenl++
}
n=words[++w]
if(!length(name))
name=n
name=n
if(!length(n))
n=name
n=name
add("\\fB" n "\\fP")
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
nospace=1
} else if(match(words[w],"^Nd$")) {
add("\\- " wtail())
} else if(match(words[w],"^Fl$")) {
add("\\fB\\-" words[++w] "\\fP")
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
nospace=1
} else if(match(words[w],"^Ar$")) {
add("\\fI")
if(w==nwords)
add("file ...\\fP")
add("file ...\\fP")
else {
add(words[++w] "\\fP")
while(match(words[w+1],"^\\|$"))
add(OFS words[++w] " \\fI" words[++w] "\\fP")
add(words[++w] "\\fP")
while(match(words[w+1],"^\\|$"))
add(OFS words[++w] " \\fI" words[++w] "\\fP")
}
if(!nospace&&match(words[w+1],"^[\\.,]"))
nospace=1
nospace=1
} else if(match(words[w],"^Cm$")) {
add("\\fB" words[++w] "\\fP")
while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
add(words[++w])
add(words[++w])
} else if(match(words[w],"^Op$")) {
option=1
if(!nospace)
nospace=1
nospace=1
add("[")
} else if(match(words[w],"^Pp$")) {
prenl++
@ -232,10 +232,10 @@ function add(str) {
add("\\fI")
w++
if(match(words[w],"^\\."))
add("\\&")
add("\\&")
add(words[w] "\\fP")
while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
add(words[++w])
add(words[++w])
} else if(match(words[w],"^Dv$")) {
add(".BR")
} else if(match(words[w],"^Em|Ev$")) {
@ -254,69 +254,69 @@ function add(str) {
plain=1
add("\\fB")
while(w<nwords) {
w++
if(match(words[w],"^Op$")) {
w++
add("[")
words[nwords]=words[nwords] "]"
}
if(match(words[w],"^Ar$")) {
add("\\fI" words[++w] "\\fP")
} else if(match(words[w],"^[\\.,]")) {
sub(" $","",line)
if(plain) {
add("\\fP")
plain=0
}
add(words[w])
} else {
if(!plain) {
add("\\fB")
plain=1
}
add(words[w])
}
if(!nospace)
add(OFS)
w++
if(match(words[w],"^Op$")) {
w++
add("[")
words[nwords]=words[nwords] "]"
}
if(match(words[w],"^Ar$")) {
add("\\fI" words[++w] "\\fP")
} else if(match(words[w],"^[\\.,]")) {
sub(" $","",line)
if(plain) {
add("\\fP")
plain=0
}
add(words[w])
} else {
if(!plain) {
add("\\fB")
plain=1
}
add(words[w])
}
if(!nospace)
add(OFS)
}
sub(" $","",line)
if(plain)
add("\\fP")
add("\\fP")
} else if(match(words[w],"^Bl$")) {
oldoptlist=optlist
if(match(words[w+1],"-bullet"))
optlist=1
optlist=1
else if(match(words[w+1],"-enum")) {
optlist=2
enum=0
optlist=2
enum=0
} else if(match(words[w+1],"-tag"))
optlist=3
optlist=3
else if(match(words[w+1],"-item"))
optlist=4
optlist=4
else if(match(words[w+1],"-bullet"))
optlist=1
optlist=1
w=nwords
} else if(match(words[w],"^El$")) {
optlist=oldoptlist
} else if(match(words[w],"^It$")&&optlist) {
if(optlist==1)
add(".IP \\(bu")
add(".IP \\(bu")
else if(optlist==2)
add(".IP " ++enum ".")
add(".IP " ++enum ".")
else if(optlist==3) {
add(".TP")
prenl++
if(match(words[w+1],"^Pa|Ev$")) {
add(".B")
w++
}
add(".TP")
prenl++
if(match(words[w+1],"^Pa|Ev$")) {
add(".B")
w++
}
} else if(optlist==4)
add(".IP")
add(".IP")
} else if(match(words[w],"^Sm$")) {
if(match(words[w+1],"off"))
nospace=2
nospace=2
else if(match(words[w+1],"on"))
nospace=0
nospace=0
w++
} else if(!skip) {
add(words[w])

12
mkinstalldirs
View File

@ -4,7 +4,7 @@
# Created: 1993-05-16
# Public domain
# $Id: mkinstalldirs,v 1.1 2000/05/20 05:33:45 damien Exp $
# $Id: mkinstalldirs,v 1.2 2003/11/21 12:48:55 djm Exp $
errstatus=0
@ -22,13 +22,13 @@ do
esac
if test ! -d "$pathcomp"; then
echo "mkdir $pathcomp"
echo "mkdir $pathcomp"
mkdir "$pathcomp" || lasterr=$?
mkdir "$pathcomp" || lasterr=$?
if test ! -d "$pathcomp"; then
errstatus=$lasterr
fi
if test ! -d "$pathcomp"; then
errstatus=$lasterr
fi
fi
pathcomp="$pathcomp/"

62
moduli.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: moduli.c,v 1.1 2003/07/28 09:49:56 djm Exp $ */
/* $OpenBSD: moduli.c,v 1.2 2003/11/21 11:57:03 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@ -46,7 +46,7 @@
/*
* Debugging defines
* Debugging defines
*/
/* define DEBUG_LARGE 1 */
@ -244,9 +244,9 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
largememory = memory;
/*
* Set power to the length in bits of the prime to be generated.
* This is changed to 1 less than the desired safe prime moduli p.
*/
* Set power to the length in bits of the prime to be generated.
* This is changed to 1 less than the desired safe prime moduli p.
*/
if (power > TEST_MAXIMUM) {
error("Too many bits: %u > %lu", power, TEST_MAXIMUM);
return (-1);
@ -257,16 +257,16 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
power--; /* decrement before squaring */
/*
* The density of ordinary primes is on the order of 1/bits, so the
* density of safe primes should be about (1/bits)**2. Set test range
* to something well above bits**2 to be reasonably sure (but not
* guaranteed) of catching at least one safe prime.
* The density of ordinary primes is on the order of 1/bits, so the
* density of safe primes should be about (1/bits)**2. Set test range
* to something well above bits**2 to be reasonably sure (but not
* guaranteed) of catching at least one safe prime.
*/
largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER));
/*
* Need idea of how much memory is available. We don't have to use all
* of it.
* Need idea of how much memory is available. We don't have to use all
* of it.
*/
if (largememory > LARGE_MAXIMUM) {
logit("Limited memory: %u MB; limit %lu MB",
@ -315,8 +315,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
q = BN_new();
/*
* Generate random starting point for subprime search, or use
* specified parameter.
* Generate random starting point for subprime search, or use
* specified parameter.
*/
largebase = BN_new();
if (start == NULL)
@ -329,13 +329,13 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
time(&time_start);
logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start),
logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start),
largenumbers, power);
debug2("start point: 0x%s", BN_bn2hex(largebase));
/*
* TinySieve
*/
* TinySieve
*/
for (i = 0; i < tinybits; i++) {
if (BIT_TEST(TinySieve, i))
continue; /* 2*i+3 is composite */
@ -351,9 +351,9 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
}
/*
* Start the small block search at the next possible prime. To avoid
* fencepost errors, the last pass is skipped.
*/
* Start the small block search at the next possible prime. To avoid
* fencepost errors, the last pass is skipped.
*/
for (smallbase = TINY_NUMBER + 3;
smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
smallbase += TINY_NUMBER) {
@ -386,8 +386,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
}
/*
* SmallSieve
*/
* SmallSieve
*/
for (i = 0; i < smallbits; i++) {
if (BIT_TEST(SmallSieve, i))
continue; /* 2*i+smallbase is composite */
@ -438,7 +438,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
* The result is a list of so-call "safe" primes
*/
int
prime_test(FILE *in, FILE *out, u_int32_t trials,
prime_test(FILE *in, FILE *out, u_int32_t trials,
u_int32_t generator_wanted)
{
BIGNUM *q, *p, *a;
@ -562,10 +562,10 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
count_possible++;
/*
* The (1/4)^N performance bound on Miller-Rabin is
* extremely pessimistic, so don't spend a lot of time
* really verifying that q is prime until after we know
* that p is also prime. A single pass will weed out the
* The (1/4)^N performance bound on Miller-Rabin is
* extremely pessimistic, so don't spend a lot of time
* really verifying that q is prime until after we know
* that p is also prime. A single pass will weed out the
* vast majority of composite q's.
*/
if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
@ -575,9 +575,9 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
}
/*
* q is possibly prime, so go ahead and really make sure
* that p is prime. If it is, then we can go back and do
* the same for q. If p is composite, chances are that
* q is possibly prime, so go ahead and really make sure
* that p is prime. If it is, then we can go back and do
* the same for q. If p is composite, chances are that
* will show up on the first Rabin-Miller iteration so it
* doesn't hurt to specify a high iteration count.
*/
@ -594,7 +594,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
}
debug("%10u: q is almost certainly prime", count_in);
if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN),
if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN),
in_tries, in_size, generator_known, p)) {
res = -1;
break;
@ -610,7 +610,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
BN_CTX_free(ctx);
logit("%.24s Found %u safe primes of %u candidates in %ld seconds",
ctime(&time_stop), count_out, count_possible,
ctime(&time_stop), count_out, count_possible,
(long) (time_stop - time_start));
return (res);

4
monitor.c
View File

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.53 2003/11/18 10:53:07 djm Exp $");
RCSID("$OpenBSD: monitor.c,v 1.54 2003/11/21 11:57:03 djm Exp $");
#include <openssl/dh.h>
@ -313,7 +313,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
Buffer m;
buffer_init(&m);
mm_request_receive_expect(pmonitor->m_sendfd,
mm_request_receive_expect(pmonitor->m_sendfd,
MONITOR_REQ_PAM_ACCOUNT, &m);
authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m);
buffer_free(&m);

2
monitor_wrap.c
View File

@ -715,7 +715,7 @@ mm_do_pam_account(void)
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
mm_request_receive_expect(pmonitor->m_recvfd,
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_PAM_ACCOUNT, &m);
ret = buffer_get_int(&m);

8
nchan.ms
View File

@ -1,8 +1,8 @@
.\" $OpenBSD: nchan.ms,v 1.7 2001/01/29 01:58:17 niklas Exp $
.\" $OpenBSD: nchan.ms,v 1.8 2003/11/21 11:57:03 djm Exp $
.\"
.\"
.\"
.\" Copyright (c) 1999 Markus Friedl. All rights reserved.
.\"
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
@ -11,7 +11,7 @@
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

8
nchan2.ms
View File

@ -1,7 +1,7 @@
.\" $OpenBSD: nchan2.ms,v 1.2 2001/10/03 10:05:57 markus Exp $
.\"
.\" $OpenBSD: nchan2.ms,v 1.3 2003/11/21 11:57:03 djm Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
@ -10,7 +10,7 @@
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

2
packet.c
View File

@ -304,7 +304,7 @@ packet_connection_is_ipv4(void)
if (to.ss_family == AF_INET)
return 1;
#ifdef IPV4_IN_IPV6
if (to.ss_family == AF_INET6 &&
if (to.ss_family == AF_INET6 &&
IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
return 1;
#endif

4
readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.56 2003/10/11 08:24:08 markus Exp $ */
/* $OpenBSD: readconf.h,v 1.57 2003/11/21 11:57:03 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -61,7 +61,7 @@ typedef struct {
int connection_attempts; /* Max attempts (seconds) before
* giving up */
int connection_timeout; /* Max time (seconds) before
* aborting connection attempt */
* aborting connection attempt */
int number_of_password_prompts; /* Max number of password
* prompts. */
int cipher; /* Cipher to use. */

134
rijndael.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rijndael.c,v 1.14 2002/07/10 17:53:54 deraadt Exp $ */
/* $OpenBSD: rijndael.c,v 1.15 2003/11/21 11:57:03 djm Exp $ */
/**
* rijndael-alg-fst.c
@ -725,7 +725,7 @@ static const u32 rcon[] = {
* @return the number of rounds for the given cipher key size.
*/
static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) {
int i = 0;
int i = 0;
u32 temp;
rk[0] = GETU32(cipherKey );
@ -797,7 +797,7 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int
(Te4[(temp ) & 0xff] & 0x000000ff);
rk[13] = rk[ 5] ^ rk[12];
rk[14] = rk[ 6] ^ rk[13];
rk[15] = rk[ 7] ^ rk[14];
rk[15] = rk[ 7] ^ rk[14];
rk += 8;
}
}
@ -871,50 +871,50 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
s3 = GETU32(pt + 12) ^ rk[3];
#ifdef FULL_UNROLL
/* round 1: */
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
/* round 2: */
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
/* round 2: */
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
/* round 3: */
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
/* round 4: */
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
/* round 4: */
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
/* round 5: */
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
/* round 6: */
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
/* round 6: */
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
/* round 7: */
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
/* round 8: */
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
/* round 8: */
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
/* round 9: */
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
if (Nr > 10) {
/* round 10: */
s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
@ -1187,33 +1187,33 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16
* apply last round and
* map cipher state to byte array block:
*/
s0 =
(Td4[(t0 >> 24) ] & 0xff000000) ^
(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
(Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
(Td4[(t1 ) & 0xff] & 0x000000ff) ^
rk[0];
s0 =
(Td4[(t0 >> 24) ] & 0xff000000) ^
(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
(Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^
(Td4[(t1 ) & 0xff] & 0x000000ff) ^
rk[0];
PUTU32(pt , s0);
s1 =
(Td4[(t1 >> 24) ] & 0xff000000) ^
(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
(Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
(Td4[(t2 ) & 0xff] & 0x000000ff) ^
rk[1];
s1 =
(Td4[(t1 >> 24) ] & 0xff000000) ^
(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
(Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^
(Td4[(t2 ) & 0xff] & 0x000000ff) ^
rk[1];
PUTU32(pt + 4, s1);
s2 =
(Td4[(t2 >> 24) ] & 0xff000000) ^
(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
(Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
(Td4[(t3 ) & 0xff] & 0x000000ff) ^
rk[2];
s2 =
(Td4[(t2 >> 24) ] & 0xff000000) ^
(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
(Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^
(Td4[(t3 ) & 0xff] & 0x000000ff) ^
rk[2];
PUTU32(pt + 8, s2);
s3 =
(Td4[(t3 >> 24) ] & 0xff000000) ^
(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
(Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
(Td4[(t0 ) & 0xff] & 0x000000ff) ^
rk[3];
s3 =
(Td4[(t3 >> 24) ] & 0xff000000) ^
(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
(Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^
(Td4[(t0 ) & 0xff] & 0x000000ff) ^
rk[3];
PUTU32(pt + 12, s3);
}

16
scard-opensc.c
View File

@ -1,7 +1,7 @@
/*
* Copyright (c) 2002 Juha Yrjölä. All rights reserved.
* Copyright (c) 2001 Markus Friedl.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@ -81,7 +81,7 @@ sc_close(void)
}
}
static int
static int
sc_init(void)
{
int r;
@ -91,7 +91,7 @@ sc_init(void)
goto err;
if (sc_reader_id >= ctx->reader_count) {
r = SC_ERROR_NO_READERS_FOUND;
error("Illegal reader number %d (max %d)", sc_reader_id,
error("Illegal reader number %d (max %d)", sc_reader_id,
ctx->reader_count -1);
goto err;
}
@ -131,7 +131,7 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out,
goto err;
}
}
r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id,
r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id,
usage, &key_obj);
if (r) {
error("Unable to find private key from SmartCard: %s",
@ -193,7 +193,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT);
if (r)
return -1;
r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1,
r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1,
from, flen, to, flen);
sc_unlock(card);
if (r < 0) {
@ -223,7 +223,7 @@ sc_sign(int type, u_char *m, unsigned int m_len,
* the key will be rejected as using a non-repudiation key
* for authentication is not recommended. Note: This does not
* prevent the use of a non-repudiation key for authentication
* if the sign or signrecover flag is set as well.
* if the sign or signrecover flag is set as well.
*/
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN);
if (r)
@ -337,7 +337,7 @@ convert_rsa_to_rsa1(Key * in, Key * out)
return;
}
static int
static int
sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj)
{
int r;
@ -358,7 +358,7 @@ sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj)
}
x509 = X509_new();
if (x509 == NULL) {
r = -1;
r = -1;
goto err;
}
p = cert->data;

2
scp.c
View File

@ -71,7 +71,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: scp.c,v 1.111 2003/11/12 10:12:15 dtucker Exp $");
RCSID("$OpenBSD: scp.c,v 1.112 2003/11/21 11:57:03 djm Exp $");
#include "xmalloc.h"
#include "atomicio.h"

8
session.c
View File

@ -33,7 +33,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: session.c,v 1.167 2003/11/04 08:54:09 djm Exp $");
RCSID("$OpenBSD: session.c,v 1.168 2003/11/21 11:57:03 djm Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -980,7 +980,7 @@ do_setup_env(Session *s, const char *shell)
#endif
#ifdef GSSAPI
/* Allow any GSSAPI methods that we've used to alter
/* Allow any GSSAPI methods that we've used to alter
* the childs environment as they see fit
*/
ssh_gssapi_do_child(&env, &envsize);
@ -1012,7 +1012,7 @@ do_setup_env(Session *s, const char *shell)
path = child_get_env(env, "PATH");
# endif /* HAVE_ETC_DEFAULT_LOGIN */
if (path == NULL || *path == '\0') {
child_set_env(&env, &envsize, "PATH",
child_set_env(&env, &envsize, "PATH",
s->pw->pw_uid == 0 ?
SUPERUSER_PATH : _PATH_STDPATH);
}
@ -1266,7 +1266,7 @@ do_setusercontext(struct passwd *pw)
endgrent();
# ifdef USE_PAM
/*
* PAM credentials may take the form of supplementary groups.
* PAM credentials may take the form of supplementary groups.
* These will have been wiped by the above initgroups() call.
* Reestablish them here.
*/

6
sftp-client.c
View File

@ -28,7 +28,7 @@
/* XXX: copy between two remote sites */
#include "includes.h"
RCSID("$OpenBSD: sftp-client.c,v 1.44 2003/06/28 16:23:06 deraadt Exp $");
RCSID("$OpenBSD: sftp-client.c,v 1.45 2003/11/21 11:57:03 djm Exp $");
#include "openbsd-compat/sys-queue.h"
@ -798,7 +798,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
return(-1);
}
local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC,
local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC,
mode | S_IWRITE);
if (local_fd == -1) {
error("Couldn't open local file \"%s\" for writing: %s",
@ -946,7 +946,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
/* Override umask and utimes if asked */
#ifdef HAVE_FCHMOD
if (pflag && fchmod(local_fd, mode) == -1)
#else
#else
if (pflag && chmod(local_path, mode) == -1)
#endif /* HAVE_FCHMOD */
error("Couldn't set mode on \"%s\": %s", local_path,

2
sftp-glob.c
View File

@ -89,7 +89,7 @@ fudge_readdir(struct SFTP_OPENDIR *od)
#ifdef __GNU_LIBRARY__
/*
* Idiot glibc uses extensions to struct dirent for readdir with
* ALTDIRFUNCs. Not that this is documented anywhere but the
* ALTDIRFUNCs. Not that this is documented anywhere but the
* source... Fake an inode number to appease it.
*/
ret->d_ino = inum++;

14
sftp-int.c
View File

@ -25,7 +25,7 @@
/* XXX: recursive operations */
#include "includes.h"
RCSID("$OpenBSD: sftp-int.c,v 1.64 2003/11/08 19:17:29 jmc Exp $");
RCSID("$OpenBSD: sftp-int.c,v 1.65 2003/11/21 11:57:03 djm Exp $");
#include "buffer.h"
#include "xmalloc.h"
@ -361,7 +361,7 @@ get_pathname(const char **cpp, char **path)
}
if (cp[i] == '\\') { /* Escaped characters */
i++;
if (cp[i] != '\'' && cp[i] != '\"' &&
if (cp[i] != '\'' && cp[i] != '\"' &&
cp[i] != '\\') {
error("Bad escaped character '\%c'",
cp[i]);
@ -389,7 +389,7 @@ get_pathname(const char **cpp, char **path)
return (0);
fail:
xfree(*path);
xfree(*path);
*path = NULL;
return (-1);
}
@ -530,7 +530,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
for (i = 0; g.gl_pathv[i]; i++) {
if (!is_reg(g.gl_pathv[i])) {
error("skipping non-regular file %s",
error("skipping non-regular file %s",
g.gl_pathv[i]);
continue;
}
@ -598,7 +598,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
for (n = 0; d[n] != NULL; n++)
m = MAX(m, strlen(d[n]->filename));
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)
width = ws.ws_col;
columns = width / (m + 2);
@ -668,7 +668,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) {
if ((a = do_lstat(conn, path, 1)) == NULL) {
globfree(&g);
return (-1);
return (-1);
}
if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
S_ISDIR(a->perm)) {
@ -682,7 +682,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
struct winsize ws;
/* Count entries for sort and find longest filename */
for (i = 0; g.gl_pathv[i]; i++)
for (i = 0; g.gl_pathv[i]; i++)
m = MAX(m, strlen(g.gl_pathv[i]));
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)

8
ssh-add.c
View File

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-add.c,v 1.68 2003/06/16 10:22:45 markus Exp $");
RCSID("$OpenBSD: ssh-add.c,v 1.69 2003/11/21 11:57:03 djm Exp $");
#include <openssl/evp.h>
@ -169,14 +169,14 @@ add_file(AuthenticationConnection *ac, const char *filename)
}
}
if (ssh_add_identity_constrained(ac, private, comment, lifetime,
confirm)) {
if (ssh_add_identity_constrained(ac, private, comment, lifetime,
confirm)) {
fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
ret = 0;
if (lifetime != 0)
fprintf(stderr,
"Lifetime set to %d seconds\n", lifetime);
if (confirm != 0)
if (confirm != 0)
fprintf(stderr,
"The user has to confirm each use of the key\n");
} else if (ssh_add_identity(ac, private, comment)) {

4
ssh-agent.c
View File

@ -35,7 +35,7 @@
#include "includes.h"
#include "openbsd-compat/sys-queue.h"
RCSID("$OpenBSD: ssh-agent.c,v 1.115 2003/10/14 19:54:39 markus Exp $");
RCSID("$OpenBSD: ssh-agent.c,v 1.116 2003/11/21 11:57:03 djm Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
@ -179,7 +179,7 @@ confirm_key(Identity *id)
p = read_passphrase(prompt, RP_ALLOW_EOF);
if (p != NULL) {
/*
* Accept empty responses and responses consisting
* Accept empty responses and responses consisting
* of the word "yes" as affirmative.
*/
if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)

8
ssh-keygen.c
View File

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh-keygen.c,v 1.110 2003/10/14 19:42:10 jakob Exp $");
RCSID("$OpenBSD: ssh-keygen.c,v 1.111 2003/11/21 11:57:03 djm Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -902,13 +902,13 @@ main(int ac, char **av)
case 'a':
trials = atoi(optarg);
if (trials < TRIAL_MINIMUM) {
fatal("Minimum primality trials is %d",
fatal("Minimum primality trials is %d",
TRIAL_MINIMUM);
}
break;
case 'M':
memory = atoi(optarg);
if (memory != 0 &&
if (memory != 0 &&
(memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
fatal("Invalid memory amount (min %ld, max %ld)",
LARGE_MINIMUM, LARGE_MAXIMUM);
@ -987,7 +987,7 @@ main(int ac, char **av)
if (have_identity && strcmp(identity_file, "-") != 0) {
if ((in = fopen(identity_file, "r")) == NULL) {
fatal("Couldn't open modulus candidate "
"file \"%s\": %s", identity_file,
"file \"%s\": %s", identity_file,
strerror(errno));
}
} else

24
ssh-rand-helper.8
View File

@ -1,4 +1,4 @@
.\" $Id: ssh-rand-helper.8,v 1.1 2002/04/14 09:27:13 djm Exp $
.\" $Id: ssh-rand-helper.8,v 1.2 2003/11/21 12:48:56 djm Exp $
.\"
.\" Copyright (c) 2002 Damien Miller. All rights reserved.
.\"
@ -34,22 +34,22 @@
.Op Fl b Ar bytes
.Sh DESCRIPTION
.Nm
is a small helper program used by
is a small helper program used by
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1
.Xr ssh-keyscan 1
and
.Xr sshd 8
to gather random numbers of cryptographic quality if the
to gather random numbers of cryptographic quality if the
.Xr openssl 4
library has not been configured to provide them itself.
.Pp
Normally
Normally
.Nm
will generate a strong random seed and provide it to the calling
program via standard output. If standard output is a tty,
program via standard output. If standard output is a tty,
.Nm
will instead print the seed in hexidecimal format unless told otherwise.
.Pp
@ -57,19 +57,19 @@ will instead print the seed in hexidecimal format unless told otherwise.
will by default gather random numbers from the system commands listed
in
.Pa /etc/ssh/ssh_prng_cmds .
The output of each of the commands listed will be hashed and used to
generate a random seed for the calling program.
The output of each of the commands listed will be hashed and used to
generate a random seed for the calling program.
.Nm
will also store seed files in
will also store seed files in
.Pa ~/.ssh/prng_seed
between executions.
.Pp
Alternately,
Alternately,
.Nm
may be configured at build time to collect random numbers from a
may be configured at build time to collect random numbers from a
EGD/PRNGd server via a unix domain or localhost tcp socket.
.Pp
This program is not intended to be run by the end-user, so the few
This program is not intended to be run by the end-user, so the few
commandline options are for debugging purposes only.
.Bl -tag -width Ds
.It Fl b Ar bytes

38
ssh-rand-helper.c
View File

@ -39,7 +39,7 @@
#include "pathnames.h"
#include "log.h"
RCSID("$Id: ssh-rand-helper.c,v 1.14 2003/09/22 15:36:15 mouring Exp $");
RCSID("$Id: ssh-rand-helper.c,v 1.15 2003/11/21 12:48:56 djm Exp $");
/* Number of bytes we write out */
#define OUTPUT_SEED_SIZE 48
@ -115,19 +115,19 @@ double stir_gettimeofday(double entropy_estimate);
double stir_clock(double entropy_estimate);
double stir_rusage(int who, double entropy_estimate);
double hash_command_output(entropy_cmd_t *src, unsigned char *hash);
int get_random_bytes_prngd(unsigned char *buf, int len,
int get_random_bytes_prngd(unsigned char *buf, int len,
unsigned short tcp_port, char *socket_path);
/*
* Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
* listening either on 'tcp_port', or via Unix domain socket at *
* 'socket_path'.
* Either a non-zero tcp_port or a non-null socket_path must be
* Either a non-zero tcp_port or a non-null socket_path must be
* supplied.
* Returns 0 on success, -1 on error
*/
int
get_random_bytes_prngd(unsigned char *buf, int len,
get_random_bytes_prngd(unsigned char *buf, int len,
unsigned short tcp_port, char *socket_path)
{
int fd, addr_len, rval, errors;
@ -289,7 +289,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
if (devnull == -1) {
devnull = open("/dev/null", O_RDWR);
if (devnull == -1)
fatal("Couldn't open /dev/null: %s",
fatal("Couldn't open /dev/null: %s",
strerror(errno));
}
@ -314,7 +314,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
execv(src->path, (char**)(src->args));
debug("(child) Couldn't exec '%s': %s",
debug("(child) Couldn't exec '%s': %s",
src->cmdstring, strerror(errno));
_exit(-1);
default: /* Parent */
@ -376,7 +376,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
case -1:
default:
/* error */
debug("Command '%s': select() failed: %s",
debug("Command '%s': select() failed: %s",
src->cmdstring, strerror(errno));
error_abort = 1;
break;
@ -400,8 +400,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
if (error_abort) {
/*
* Closing p[0] on timeout causes the entropy command to
* SIGPIPE. Take whatever output we got, and mark this
* command as slow
* SIGPIPE. Take whatever output we got, and mark this
* command as slow
*/
debug2("Command '%s' timed out", src->cmdstring);
src->sticky_badness *= 2;
@ -479,7 +479,7 @@ stir_from_programs(void)
/* Stir it in */
RAND_add(hash, sizeof(hash), entropy);
debug3("Got %0.2f bytes of entropy from '%s'",
debug3("Got %0.2f bytes of entropy from '%s'",
entropy, entropy_cmds[c].cmdstring);
total_entropy += entropy;
@ -491,7 +491,7 @@ stir_from_programs(void)
total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1);
} else {
debug2("Command '%s' disabled (badness %d)",
entropy_cmds[c].cmdstring,
entropy_cmds[c].cmdstring,
entropy_cmds[c].badness);
if (entropy_cmds[c].badness > 0)
@ -511,8 +511,8 @@ prng_check_seedfile(char *filename)
struct stat st;
/*
* XXX raceable: eg replace seed between this stat and subsequent
* open. Not such a problem because we don't really trust the
* XXX raceable: eg replace seed between this stat and subsequent
* open. Not such a problem because we don't really trust the
* seed file anyway.
* XXX: use secure path checking as elsewhere in OpenSSH
*/
@ -651,7 +651,7 @@ prng_read_commands(char *cmdfilename)
continue; /* done with this line */
/*
* The first non-whitespace char should be a double quote
* The first non-whitespace char should be a double quote
* delimiting the commandline
*/
if (*cp != '"') {
@ -726,7 +726,7 @@ prng_read_commands(char *cmdfilename)
/*
* If we've filled the array, reallocate it twice the size
* Do this now because even if this we're on the last
* Do this now because even if this we're on the last
* command we need another slot to mark the last entry
*/
if (cur_cmd == num_cmds) {
@ -761,7 +761,7 @@ usage(void)
OUTPUT_SEED_SIZE);
}
int
int
main(int argc, char **argv)
{
unsigned char *buf;
@ -816,11 +816,11 @@ main(int argc, char **argv)
/*
* Seed the RNG from wherever we can
*/
/* Take whatever is on the stack, but don't credit it */
RAND_add(buf, bytes, 0);
debug("Seeded RNG with %i bytes from system calls",
debug("Seeded RNG with %i bytes from system calls",
(int)stir_from_system());
#ifdef PRNGD_PORT
@ -835,7 +835,7 @@ main(int argc, char **argv)
/* Read in collection commands */
if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
fatal("PRNG initialisation failed -- exiting.");
debug("Seeded RNG with %i bytes from programs",
debug("Seeded RNG with %i bytes from programs",
(int)stir_from_programs());
#endif

6
ssh.c
View File

@ -40,7 +40,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.202 2003/10/11 08:24:08 markus Exp $");
RCSID("$OpenBSD: ssh.c,v 1.203 2003/11/21 11:57:03 djm Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@ -221,7 +221,7 @@ main(int ac, char **av)
*/
original_real_uid = getuid();
original_effective_uid = geteuid();
/*
* Use uid-swapping to give up root privileges for the duration of
* option processing. We will re-instantiate the rights when we are
@ -717,7 +717,7 @@ again:
packet_close();
/*
* Send SIGHUP to proxy command if used. We don't wait() in
* Send SIGHUP to proxy command if used. We don't wait() in
* case it hangs and instead rely on init to reap the child
*/
if (proxy_command_pid > 1)

4
ssh_prng_cmds.in
View File

@ -2,10 +2,10 @@
# Format is: "program-name args" path rate
# The "rate" represents the number of bits of usuable entropy per
# The "rate" represents the number of bits of usuable entropy per
# byte of command output. Be conservative.
#
# $Id: ssh_prng_cmds.in,v 1.8 2002/07/14 21:43:58 tim Exp $
# $Id: ssh_prng_cmds.in,v 1.9 2003/11/21 12:48:56 djm Exp $
"ls -alni /var/log" @PROG_LS@ 0.02
"ls -alni /var/adm" @PROG_LS@ 0.02

10
sshconnect.c
View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect.c,v 1.153 2003/11/12 16:39:58 jakob Exp $");
RCSID("$OpenBSD: sshconnect.c,v 1.154 2003/11/21 11:57:03 djm Exp $");
#include <openssl/bn.h>
@ -74,7 +74,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
* Build the final command string in the buffer by making the
* appropriate substitutions to the given proxy command.
*
* Use "exec" to avoid "sh -c" processes on some platforms
* Use "exec" to avoid "sh -c" processes on some platforms
* (e.g. Solaris)
*/
buffer_init(&command);
@ -261,15 +261,15 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
break;
case -1:
/* Select error */
debug("select: %s", strerror(errno));
debug("select: %s", strerror(errno));
break;
case 1:
/* Completed or failed */
optval = 0;
optlen = sizeof(optval);
if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval,
if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval,
&optlen) == -1) {
debug("getsockopt: %s", strerror(errno));
debug("getsockopt: %s", strerror(errno));
break;
}
if (optval != 0) {

8
sshconnect2.c
View File

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect2.c,v 1.132 2003/11/17 11:06:07 markus Exp $");
RCSID("$OpenBSD: sshconnect2.c,v 1.133 2003/11/21 11:57:03 djm Exp $");
#include "openbsd-compat/sys-queue.h"
@ -476,7 +476,7 @@ done:
}
#ifdef GSSAPI
int
int
userauth_gssapi(Authctxt *authctxt)
{
Gssctxt *gssctxt = NULL;
@ -584,7 +584,7 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
buffer_free(&b);
gss_release_buffer(&ms, &mic);
}
}
}
return status;
@ -1033,7 +1033,7 @@ pubkey_prepare(Authctxt *authctxt)
key = ssh_get_next_identity(ac, &comment, 2)) {
found = 0;
TAILQ_FOREACH(id, &files, next) {
/* agent keys from the config file are preferred */
/* agent keys from the config file are preferred */
if (key_equal(key, id->key)) {
key_free(key);
xfree(comment);

6
sshd.c
View File

@ -1055,8 +1055,8 @@ main(int ac, char **av)
/*
* Clear out any supplemental groups we may have inherited. This
* prevents inadvertent creation of files with bad modes (in the
* portable version at least, it's certainly possible for PAM
* to create a file, and we can't control the code in every
* portable version at least, it's certainly possible for PAM
* to create a file, and we can't control the code in every
* module which might be used).
*/
if (setgroups(0, NULL) < 0)
@ -1446,7 +1446,7 @@ main(int ac, char **av)
packet_set_nonblocking();
/* prepare buffers to collect authentication messages */
/* prepare buffers to collect authentication messages */
buffer_init(&loginmsg);
/* allocate authentication context */

10
sshd_config.5
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.25 2003/09/01 09:50:04 markus Exp $
.\" $OpenBSD: sshd_config.5,v 1.26 2003/11/21 11:57:03 djm Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
@ -227,7 +227,7 @@ The default is
.Dq no .
.It Cm GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI is allowed.
The default is
The default is
.Dq no .
Note that this option applies to protocol version 2 only.
.It Cm GSSAPICleanupCredentials
@ -608,10 +608,10 @@ If
.Cm UsePrivilegeSeparation
is specified, it will be disabled after authentication.
.It Cm UsePAM
Enables PAM authentication (via challenge-response) and session set up.
If you enable this, you should probably disable
Enables PAM authentication (via challenge-response) and session set up.
If you enable this, you should probably disable
.Cm PasswordAuthentication .
If you enable
If you enable
.CM UsePAM
then you will not be able to run sshd as a non-root user. The default is
.Dq no .

2
sshpty.c
View File

@ -343,7 +343,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
if (fd < 0)
error("open /dev/tty failed - could not set controlling tty: %.100s",
strerror(errno));
else
else
close(fd);
#endif /* _UNICOS */
}

12
uidswap.c
View File

@ -180,28 +180,28 @@ permanently_set_uid(struct passwd *pw)
#endif
/* Try restoration of GID if changed (test clearing of saved gid) */
if (old_gid != pw->pw_gid &&
if (old_gid != pw->pw_gid &&
(setgid(old_gid) != -1 || setegid(old_gid) != -1))
fatal("%s: was able to restore old [e]gid", __func__);
/* Verify GID drop was successful */
if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) {
fatal("%s: egid incorrect gid:%u egid:%u (should be %u)",
__func__, (u_int)getgid(), (u_int)getegid(),
fatal("%s: egid incorrect gid:%u egid:%u (should be %u)",
__func__, (u_int)getgid(), (u_int)getegid(),
(u_int)pw->pw_gid);
}
#ifndef HAVE_CYGWIN
/* Try restoration of UID if changed (test clearing of saved uid) */
if (old_uid != pw->pw_uid &&
if (old_uid != pw->pw_uid &&
(setuid(old_uid) != -1 || seteuid(old_uid) != -1))
fatal("%s: was able to restore old [e]uid", __func__);
#endif
/* Verify UID drop was successful */
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) {
fatal("%s: euid incorrect uid:%u euid:%u (should be %u)",
__func__, (u_int)getuid(), (u_int)geteuid(),
fatal("%s: euid incorrect uid:%u euid:%u (should be %u)",
__func__, (u_int)getuid(), (u_int)geteuid(),
(u_int)pw->pw_uid);
}
}