openssh-8.5
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmA+KckACgkQKj9BTnNg YLoCExAAqxi83JFNUj+D0HdfM/eKas8dGtCXFzxtOA0yomKeeDUVoz1D96CdNLF8 07mL78KAMErN2SfXEyzpS/2yoGa8wPflne/ADWJVIGKZK9cj8/fwvMrCUWp9PJOa CVQm2W8u3yBoEAxoi81S7WJjR5BY4Sv0LtQJW43VfD4bwYjBz8N72ecnr7LknFNL qJXYUu/OWtMLNsSrh2VigXJQgTA9cmJUrItRFamSsfWZGwilL0MpXLrkwcJa5DhO 25PG3aeJSTX5txI/hl25EY5cyeJPQGX+6Nz9kJag50a7C9ZOCJHIbnle7dFcLsDP lCy3VoQnPxEOHe8kmNGLf1tGvv8AIqpJu1a31SlSnbqHEgHFC0XCPXZF0QWDGAaO kDt8j6XSCHYDyml5+nkZJBCP6xcx7eXyLJ2CxnNZBabbRGLb/Rj+jeCk9s+jWo/i UDgmlibbfjreYVgwuZhQV9QI9GB0Mlv+UjeeK55b2S7WnhuLsMLVrxDVQ1Zl4oR1 ckOvXBMGrjMaLQTW9Q1xSV6C3PR1oAbVa09YUP0KSAthOu8L/tGY13kT4DwWm1W/ JBOKzCk/JIfRuOpCrKSftwuj19JKOPYojW8kk10i/48RUq4TiCsCnTtBZI7VvFcB B28s/ZGRq/nETqHSRX63/WLr57lU54pq/+7THQA5iUyFhORPYk4= =npgJ -----END PGP SIGNATURE----- pull V8.5 changes
This commit is contained in:
commit
e2287c5cfa
344
.depend
344
.depend
|
@ -1,171 +1,183 @@
|
|||
# DO NOT DELETE
|
||||
# Automatically generated by makedepend.
|
||||
# Run "make depend" to rebuild.
|
||||
|
||||
addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h
|
||||
atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
|
||||
audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
|
||||
auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
|
||||
auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-skey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h dispatch.h authfile.h
|
||||
auth.o: monitor_wrap.h ssherr.h compat.h channels.h
|
||||
auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
|
||||
auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h pathnames.h
|
||||
auth2-hostbased.o: ssherr.h match.h
|
||||
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h
|
||||
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h
|
||||
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
|
||||
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h auth-options.h
|
||||
auth2-pubkey.o: canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h
|
||||
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h monitor_wrap.h
|
||||
# DO NOT DELETE
|
||||
addr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h
|
||||
addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h match.h log.h ./ssherr.h
|
||||
atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
|
||||
audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ./ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
|
||||
auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ./ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
|
||||
auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ./ssherr.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth.o: authfile.h monitor_wrap.h compat.h channels.h
|
||||
auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ./ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h
|
||||
auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ./ssherr.h log.h misc.h servconf.h
|
||||
auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth2-hostbased.o: canohost.h monitor_wrap.h pathnames.h match.h
|
||||
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ./ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ./ssherr.h misc.h servconf.h
|
||||
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h misc.h servconf.h compat.h ssh2.h monitor_wrap.h
|
||||
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ./ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
|
||||
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ./ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth2-pubkey.o: pathnames.h uidswap.h auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h
|
||||
auth2.o: digest.h
|
||||
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h
|
||||
authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h
|
||||
bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
|
||||
canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h canohost.h misc.h
|
||||
chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
|
||||
channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
|
||||
cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
|
||||
cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
|
||||
cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
|
||||
cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
|
||||
clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h
|
||||
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h match.h kex.h mac.h crypto_api.h
|
||||
dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
|
||||
digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h ssherr.h
|
||||
dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
|
||||
ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
|
||||
entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
|
||||
ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
|
||||
groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h
|
||||
gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h log.h ssherr.h
|
||||
hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
|
||||
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h
|
||||
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h match.h
|
||||
kex.o: misc.h monitor.h ssherr.h sshbuf.h digest.h
|
||||
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
|
||||
kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
|
||||
kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h
|
||||
kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexsntrup4591761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h
|
||||
krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h
|
||||
log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h
|
||||
logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
|
||||
mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
|
||||
md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h
|
||||
moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
|
||||
monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h
|
||||
monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h
|
||||
monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
monitor_wrap.o: auth-options.h packet.h dispatch.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h
|
||||
msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
|
||||
mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h
|
||||
nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
|
||||
packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h canohost.h misc.h channels.h ssh.h
|
||||
packet.o: packet.h dispatch.h ssherr.h sshbuf.h
|
||||
platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
|
||||
progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
|
||||
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
|
||||
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h
|
||||
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h ./ssherr.h atomicio.h misc.h
|
||||
authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ./ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h
|
||||
bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
|
||||
canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h canohost.h misc.h
|
||||
chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
|
||||
channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ./ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
|
||||
cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
|
||||
cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
|
||||
cipher-chachapoly-libcrypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h sshbuf.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ./ssherr.h digest.h openbsd-compat/openssl-compat.h
|
||||
cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h
|
||||
clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
|
||||
clientloop.o: myproposal.h log.h ./ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h
|
||||
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ./ssherr.h match.h kex.h mac.h crypto_api.h
|
||||
dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h digest.h
|
||||
digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ./ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h
|
||||
dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ./ssherr.h dns.h log.h digest.h
|
||||
ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
|
||||
entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h
|
||||
fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
|
||||
ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
|
||||
groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h ./ssherr.h
|
||||
gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
|
||||
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ./ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h
|
||||
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ./ssherr.h
|
||||
kex.o: match.h misc.h monitor.h sshbuf.h digest.h
|
||||
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ./ssherr.h ssh2.h
|
||||
kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h
|
||||
kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h ./ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h
|
||||
kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexsntrup761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h
|
||||
krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ./ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h
|
||||
log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h match.h
|
||||
loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h ./ssherr.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h
|
||||
logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
|
||||
mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ./ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
|
||||
md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ./ssherr.h ssh.h sshbuf.h
|
||||
moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ./ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h
|
||||
monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
|
||||
monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h monitor_fdpass.h
|
||||
monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h
|
||||
monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ./ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h
|
||||
msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ./ssherr.h log.h atomicio.h msg.h misc.h
|
||||
mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ./ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h
|
||||
nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ./ssherr.h packet.h dispatch.h channels.h compat.h log.h
|
||||
packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h
|
||||
packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ./ssherr.h canohost.h misc.h
|
||||
platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h
|
||||
platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
|
||||
progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
|
||||
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ./ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
|
||||
readconf.o: uidswap.h myproposal.h digest.h
|
||||
readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h
|
||||
rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
|
||||
sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
|
||||
scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h
|
||||
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
|
||||
servconf.o: match.h channels.h groupaccess.h canohost.h packet.h dispatch.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
|
||||
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
|
||||
serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h
|
||||
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
|
||||
readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ./ssherr.h ssh.h uidswap.h
|
||||
rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
|
||||
sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
|
||||
scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ./ssherr.h misc.h progressmeter.h utf8.h
|
||||
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ./ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
|
||||
servconf.o: sshkey.h kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
|
||||
serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h
|
||||
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ./ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ./ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
|
||||
session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
|
||||
sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
|
||||
sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h
|
||||
sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
|
||||
sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sntrup4591761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h
|
||||
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h
|
||||
ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h
|
||||
ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h
|
||||
ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
|
||||
ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h
|
||||
ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h
|
||||
ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h
|
||||
ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshkey.h
|
||||
ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h sshbuf.h
|
||||
ssh.o: channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h
|
||||
ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc.h
|
||||
ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
|
||||
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h ssherr.h
|
||||
sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ./ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ./ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
|
||||
sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h sftp.h misc.h xmalloc.h
|
||||
sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ./ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
|
||||
sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ./ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ./ssherr.h misc.h srclimit.h xmalloc.h
|
||||
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ./ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h
|
||||
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ./ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h
|
||||
ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ./ssherr.h digest.h sshkey.h
|
||||
ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ./ssherr.h sshbuf.h sshkey.h ssh.h digest.h
|
||||
ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ./ssherr.h sshbuf.h sshkey.h ssh.h
|
||||
ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
|
||||
ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ./ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h
|
||||
ssh-keyscan.o: ./ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h
|
||||
ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
|
||||
ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ./ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h
|
||||
ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ./ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h
|
||||
ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h sshkey.h
|
||||
ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-sk-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h sshbuf.h sshkey.h msg.h digest.h pathnames.h ssh-sk.h misc.h
|
||||
ssh-sk-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ./ssherr.h sshkey.h authfd.h misc.h sshbuf.h msg.h uidswap.h ssh-sk.h
|
||||
ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels.h
|
||||
ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ./ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h
|
||||
ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ./ssherr.h
|
||||
sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h
|
||||
sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h atomicio.h
|
||||
sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h
|
||||
sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./ssherr.h sshbuf.h misc.h
|
||||
sshconnect.o: authfd.h kex.h mac.h crypto_api.h
|
||||
sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h myproposal.h
|
||||
sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h
|
||||
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h
|
||||
ssherr.o: ssherr.h
|
||||
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h openbsd-compat/openssl-compat.h
|
||||
sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h
|
||||
sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h
|
||||
sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h misc.h sshbuf.h sshsig.h ssherr.h sshkey.h match.h digest.h
|
||||
sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
|
||||
ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h compat.h sshbuf.h ssherr.h ttymodes.h
|
||||
uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h
|
||||
umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
|
||||
verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h
|
||||
xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h ./ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
|
||||
sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
|
||||
sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h ./ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
|
||||
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ./ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
|
||||
sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h
|
||||
ssherr.o: ./ssherr.h
|
||||
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ./ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
|
||||
sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ./ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h
|
||||
sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h ./ssherr.h misc.h
|
||||
sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h ./ssherr.h misc.h sshbuf.h sshsig.h sshkey.h match.h digest.h
|
||||
sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
|
||||
ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ./ssherr.h compat.h sshbuf.h ttymodes.h
|
||||
uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ./ssherr.h uidswap.h xmalloc.h
|
||||
umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
|
||||
verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ./ssherr.h
|
||||
xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
|
|
|
@ -0,0 +1,110 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# usage: configs vmname test_config (or '' for default)
|
||||
#
|
||||
# Sets the following variables:
|
||||
# CONFIGFLAGS options to ./configure
|
||||
# SSHD_CONFOPTS sshd_config options
|
||||
# TEST_TARGET make target used when testing. defaults to "tests".
|
||||
# LTESTS
|
||||
|
||||
config=$1
|
||||
|
||||
TEST_TARGET="tests"
|
||||
LTESTS=""
|
||||
SKIP_LTESTS=""
|
||||
SUDO=sudo # run with sudo by default
|
||||
TEST_SSH_UNSAFE_PERMISSIONS=1
|
||||
|
||||
CONFIGFLAGS=""
|
||||
LIBCRYPTOFLAGS=""
|
||||
|
||||
case "$config" in
|
||||
default|sol64)
|
||||
;;
|
||||
kitchensink)
|
||||
CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
|
||||
CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
|
||||
CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
|
||||
;;
|
||||
hardenedmalloc)
|
||||
CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
|
||||
;;
|
||||
kerberos5)
|
||||
CONFIGFLAGS="--with-kerberos5"
|
||||
;;
|
||||
libedit)
|
||||
CONFIGFLAGS="--with-libedit"
|
||||
;;
|
||||
*pam)
|
||||
CONFIGFLAGS="--with-pam"
|
||||
SSHD_CONFOPTS="UsePam yes"
|
||||
;;
|
||||
libressl-head)
|
||||
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl/head --with-rpath=-Wl,-rpath,"
|
||||
;;
|
||||
openssl-head)
|
||||
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl/head --with-rpath=-Wl,-rpath,"
|
||||
;;
|
||||
selinux)
|
||||
CONFIGFLAGS="--with-selinux"
|
||||
;;
|
||||
sk)
|
||||
CONFIGFLAGS="--with-security-key-builtin"
|
||||
;;
|
||||
without-openssl)
|
||||
LIBCRYPTOFLAGS="--without-openssl"
|
||||
TEST_TARGET=t-exec
|
||||
;;
|
||||
valgrind-1)
|
||||
# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
|
||||
CONFIGFLAGS="--without-sandbox --without-hardening"
|
||||
CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
|
||||
# Valgrind slows things down enough that the agent timeout test
|
||||
# won't reliably pass, and the unit tests run longer than allowed
|
||||
# by github.
|
||||
TEST_TARGET="t-exec USE_VALGRIND=1"
|
||||
SKIP_LTESTS="agent-timeout rekey try-ciphers cert-userkey integrity"
|
||||
;;
|
||||
valgrind-2)
|
||||
CONFIGFLAGS="--without-sandbox --without-hardening"
|
||||
CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
|
||||
# The rekey test takes >30 min so run separately.
|
||||
TEST_TARGET="t-exec USE_VALGRIND=1"
|
||||
LTESTS="rekey try-ciphers cert-userkey integrity"
|
||||
;;
|
||||
*)
|
||||
echo "Unknown configuration $config"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# The Solaris 64bit targets are special since they need a non-flag arg.
|
||||
case "$config" in
|
||||
sol64*)
|
||||
CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
|
||||
LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
|
||||
;;
|
||||
esac
|
||||
|
||||
case "${TARGET_HOST}" in
|
||||
sol10|sol11)
|
||||
# sol10 VM is 32bit and the unit tests are slow.
|
||||
# sol11 has 4 test configs so skip unit tests to speed up.
|
||||
TEST_TARGET="tests SKIP_UNIT=1"
|
||||
;;
|
||||
esac
|
||||
|
||||
# If we have a local openssl/libressl, use that.
|
||||
if [ -z "${LIBCRYPTOFLAGS}" ]; then
|
||||
# last-match
|
||||
for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
|
||||
if [ -x ${i}/bin/openssl ]; then
|
||||
LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"
|
||||
|
||||
export LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
. .github/configs $1
|
||||
|
||||
set -x
|
||||
./configure ${CONFIGFLAGS}
|
|
@ -0,0 +1,33 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
. .github/configs $1 $2
|
||||
|
||||
[ -z "${SUDO}" ] || ${SUDO} mkdir -p /var/empty
|
||||
|
||||
set -ex
|
||||
|
||||
if [ -z "${LTESTS}" ]; then
|
||||
make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}"
|
||||
result=$?
|
||||
else
|
||||
make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}"
|
||||
result=$?
|
||||
fi
|
||||
|
||||
if [ ! -z "${SSHD_CONFOPTS}" ]; then
|
||||
echo "rerunning tests with TEST_SSH_SSHD_CONFOPTS='${SSHD_CONFOPTS}'"
|
||||
make t-exec TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}"
|
||||
result2=$?
|
||||
if [ "${result2}" -ne 0 ]; then
|
||||
result="${result2}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$result" -ne "0" ]; then
|
||||
for i in regress/failed*; do
|
||||
echo -------------------------------------------------------------------------
|
||||
echo LOGFILE $i
|
||||
cat $i
|
||||
echo -------------------------------------------------------------------------
|
||||
done
|
||||
fi
|
|
@ -0,0 +1,97 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
case $(./config.guess) in
|
||||
*-darwin*)
|
||||
brew install automake
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
TARGETS=$@
|
||||
|
||||
PACKAGES=""
|
||||
INSTALL_FIDO_PPA="no"
|
||||
|
||||
#echo "Setting up for '$TARGETS'"
|
||||
|
||||
set -ex
|
||||
|
||||
lsb_release -a
|
||||
|
||||
if [ "${TARGETS}" = "kitchensink" ]; then
|
||||
TARGETS="kerberos5 libedit pam sk selinux"
|
||||
fi
|
||||
|
||||
for TARGET in $TARGETS; do
|
||||
case $TARGET in
|
||||
default|without-openssl|without-zlib)
|
||||
# nothing to do
|
||||
;;
|
||||
kerberos5)
|
||||
PACKAGES="$PACKAGES heimdal-dev"
|
||||
#PACKAGES="$PACKAGES libkrb5-dev"
|
||||
;;
|
||||
libedit)
|
||||
PACKAGES="$PACKAGES libedit-dev"
|
||||
;;
|
||||
*pam)
|
||||
PACKAGES="$PACKAGES libpam0g-dev"
|
||||
;;
|
||||
sk)
|
||||
INSTALL_FIDO_PPA="yes"
|
||||
PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev"
|
||||
;;
|
||||
selinux)
|
||||
PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
|
||||
;;
|
||||
hardenedmalloc)
|
||||
INSTALL_HARDENED_MALLOC=yes
|
||||
;;
|
||||
openssl-head)
|
||||
INSTALL_OPENSSL_HEAD=yes
|
||||
;;
|
||||
libressl-head)
|
||||
INSTALL_LIBRESSL_HEAD=yes
|
||||
;;
|
||||
valgrind*)
|
||||
PACKAGES="$PACKAGES valgrind"
|
||||
;;
|
||||
*) echo "Invalid option '${TARGET}'"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ "yes" == "$INSTALL_FIDO_PPA" ]; then
|
||||
sudo apt update -qq
|
||||
sudo apt install software-properties-common
|
||||
sudo apt-add-repository ppa:yubico/stable
|
||||
fi
|
||||
|
||||
if [ "x" != "x$PACKAGES" ]; then
|
||||
sudo apt update -qq
|
||||
sudo apt install -qy $PACKAGES
|
||||
fi
|
||||
|
||||
if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
|
||||
(cd ${HOME} &&
|
||||
git clone https://github.com/GrapheneOS/hardened_malloc.git &&
|
||||
cd ${HOME}/hardened_malloc &&
|
||||
make -j2 && sudo cp libhardened_malloc.so /usr/lib/)
|
||||
fi
|
||||
|
||||
if [ "${INSTALL_OPENSSL_HEAD}" = "yes" ];then
|
||||
(cd ${HOME} &&
|
||||
git clone https://github.com/openssl/openssl.git &&
|
||||
cd ${HOME}/openssl &&
|
||||
./config no-threads no-engine no-fips no-shared --prefix=/opt/openssl/head &&
|
||||
make -j2 && sudo make install_sw)
|
||||
fi
|
||||
|
||||
if [ "${INSTALL_LIBRESSL_HEAD}" = "yes" ];then
|
||||
(mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
|
||||
git clone https://github.com/libressl-portable/portable.git &&
|
||||
cd ${HOME}/libressl/portable && sh update.sh && sh autogen.sh &&
|
||||
./configure --prefix=/opt/libressl/head &&
|
||||
make -j2 && sudo make install_sw)
|
||||
fi
|
|
@ -0,0 +1,63 @@
|
|||
name: C/C++ CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ master, ci ]
|
||||
pull_request:
|
||||
branches: [ master ]
|
||||
|
||||
jobs:
|
||||
ci:
|
||||
if: github.repository != 'openssh/openssh-portable-selfhosted'
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
# First we test all OSes in the default configuration.
|
||||
os: [ubuntu-20.04, ubuntu-18.04, ubuntu-16.04, macos-10.15]
|
||||
configs: [default]
|
||||
# Then we include any extra configs we want to test for specific VMs.
|
||||
# Valgrind slows things down quite a bit, so start them first.
|
||||
include:
|
||||
- { os: ubuntu-20.04, configs: valgrind-1 }
|
||||
- { os: ubuntu-20.04, configs: valgrind-2 }
|
||||
- { os: ubuntu-20.04, configs: pam }
|
||||
- { os: ubuntu-20.04, configs: kitchensink }
|
||||
- { os: ubuntu-20.04, configs: hardenedmalloc }
|
||||
- { os: ubuntu-20.04, configs: libressl-head }
|
||||
- { os: ubuntu-20.04, configs: openssl-head }
|
||||
- { os: ubuntu-18.04, configs: pam }
|
||||
- { os: ubuntu-18.04, configs: kerberos5 }
|
||||
- { os: ubuntu-18.04, configs: libedit }
|
||||
- { os: ubuntu-18.04, configs: sk }
|
||||
- { os: ubuntu-18.04, configs: selinux }
|
||||
- { os: ubuntu-18.04, configs: kitchensink }
|
||||
- { os: ubuntu-18.04, configs: without-openssl }
|
||||
- { os: ubuntu-16.04, configs: pam }
|
||||
- { os: ubuntu-16.04, configs: kitchensink }
|
||||
- { os: macos-10.15, configs: pam }
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: setup CI system
|
||||
run: ./.github/setup_ci.sh ${{ matrix.configs }}
|
||||
- name: autoreconf
|
||||
run: autoreconf
|
||||
- name: configure
|
||||
run: ./.github/configure.sh ${{ matrix.configs }}
|
||||
- name: make
|
||||
run: make -j2
|
||||
- name: install moduli
|
||||
run: sudo sh -c "mkdir -p /usr/local/etc/; cp moduli /usr/local/etc/"
|
||||
- name: make tests
|
||||
run: ./.github/run_test.sh ${{ matrix.configs }}
|
||||
env:
|
||||
SUDO: sudo
|
||||
TEST_SSH_UNSAFE_PERMISSIONS: 1
|
||||
- name: save regress logs
|
||||
if: failure()
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: ${{ matrix.os }}-${{ matrix.configs }}-regress-logs
|
||||
path: |
|
||||
regress/*.log
|
||||
regress/valgrind-out/
|
|
@ -0,0 +1,68 @@
|
|||
name: C/C++ CI self-hosted
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ master, ci ]
|
||||
|
||||
jobs:
|
||||
selfhosted:
|
||||
if: github.repository == 'openssh/openssh-portable-selfhosted'
|
||||
runs-on: ${{ matrix.os }}
|
||||
env:
|
||||
TARGET_HOST: ${{ matrix.os }}
|
||||
SUDO: sudo
|
||||
strategy:
|
||||
fail-fast: false
|
||||
# We use a matrix in two parts: firstly all of the VMs are tested with the
|
||||
# default config. "vm" corresponds to a label associated with the worker.
|
||||
matrix:
|
||||
os: [bbone, dfly30, dfly48, dfly58, fbsd6, fbsd7, fbsd12, sol10, sol11]
|
||||
configs:
|
||||
- default
|
||||
# Then we include any extra configs we want to test for specific VMs.
|
||||
include:
|
||||
- { os: dfly30, configs: without-openssl}
|
||||
- { os: dfly48, configs: pam }
|
||||
- { os: dfly58, configs: pam }
|
||||
- { os: fbsd6, configs: pam }
|
||||
- { os: fbsd7, configs: pam }
|
||||
- { os: fbsd12, configs: pam }
|
||||
- { os: sol10, configs: pam }
|
||||
- { os: sol11, configs: pam }
|
||||
- { os: sol11, configs: sol64 }
|
||||
# - { os: sol11, configs: sol64-pam }
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: autoreconf
|
||||
run: autoreconf
|
||||
- name: shutdown VM if running
|
||||
run: vmshutdown
|
||||
- name: startup VM
|
||||
run: vmstartup
|
||||
- name: configure
|
||||
run: vmrun ./.github/configure.sh ${{ matrix.configs }}
|
||||
- name: save config files
|
||||
if: failure()
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: ${{ matrix.os }}-${{ matrix.configs }}-config-files
|
||||
path: |
|
||||
config.h
|
||||
config.log
|
||||
- name: make
|
||||
run: vmrun make
|
||||
- name: install moduli
|
||||
run: vmrun "sudo mkdir -p /usr/local/etc/; sudo cp moduli /usr/local/etc/"
|
||||
- name: make tests
|
||||
run: vmrun ./.github/run_test.sh ${{ matrix.configs }}
|
||||
- name: save regress logs
|
||||
if: failure()
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: ${{ matrix.os }}-${{ matrix.configs }}-regress-logs
|
||||
path: |
|
||||
regress/*.log
|
||||
regress/valgrind-out/
|
||||
- name: shutdown VM
|
||||
if: always()
|
||||
run: vmshutdown
|
|
@ -3,8 +3,11 @@ Makefile
|
|||
buildpkg.sh
|
||||
config.h
|
||||
config.h.in
|
||||
config.h.in~
|
||||
config.log
|
||||
config.status
|
||||
configure
|
||||
aclocal.m4
|
||||
openbsd-compat/Makefile
|
||||
openbsd-compat/regress/Makefile
|
||||
openssh.xml
|
||||
|
@ -12,6 +15,8 @@ opensshd.init
|
|||
survey.sh
|
||||
**/*.0
|
||||
**/*.o
|
||||
**/*.lo
|
||||
**/*.so
|
||||
**/*.out
|
||||
**/*.a
|
||||
autom4te.cache/
|
||||
|
@ -25,8 +30,10 @@ ssh-keygen
|
|||
ssh-keyscan
|
||||
ssh-keysign
|
||||
ssh-pkcs11-helper
|
||||
ssh-sk-helper
|
||||
sshd
|
||||
!regress/misc/fuzz-harness/Makefile
|
||||
!regress/unittests/sshsig/Makefile
|
||||
tags
|
||||
|
||||
# Ignores in Windows fork
|
||||
|
|
|
@ -11,6 +11,17 @@ db6375fc302e3bdf07d96430c63c991b2c2bd3ff moduli update
|
|||
99dd10e72c04e93849981d43d64c946619efa474 include sshbuf-misc.c
|
||||
9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 sshbuf-misc.c in regress
|
||||
569f08445c27124ec7c7f6c0268d844ec56ac061 Makefile tweaks for !openssl
|
||||
58ec755be4e51978ecfee73539090eb68652a987 moduli update
|
||||
4bd5551b306df55379afe17d841207990eb773bf Makefile.inc
|
||||
14806a59353152f843eb349e618abbf6f4dd3ada Makefile.inc
|
||||
8ea4455a2d9364a0a04f9e4a2cbfa4c9fcefe77e Makefile.inc
|
||||
d9b910e412d139141b072a905e66714870c38ac0 Makefile.inc
|
||||
7b7b619c1452a459310b0cf4391c5757c6bdbc0f moduli update
|
||||
5010ff08f7ad92082e87dde098b20f5c24921a8f moduli regen script update
|
||||
3bcae7a754db3fc5ad3cab63dd46774edb35b8ae moduli regen script update
|
||||
52ff0e3205036147b2499889353ac082e505ea54 moduli update
|
||||
07b5031e9f49f2b69ac5e85b8da4fc9e393992a0 Makefile.inc
|
||||
cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile
|
||||
|
||||
Old upstream tree:
|
||||
|
||||
|
|
73
INSTALL
73
INSTALL
|
@ -7,29 +7,36 @@ options. Some notes about specific compilers:
|
|||
- clang: -ftrapv and -sanitize=integer require the compiler-rt runtime
|
||||
(CC=clang LDFLAGS=--rtlib=compiler-rt ./configure)
|
||||
|
||||
You will need working installations of Zlib and libcrypto (LibreSSL /
|
||||
OpenSSL)
|
||||
|
||||
Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
|
||||
http://www.gzip.org/zlib/
|
||||
|
||||
libcrypto from either of:
|
||||
- LibreSSL (https://www.libressl.org/)
|
||||
- OpenSSL (https://www.openssl.org) with any of the following versions:
|
||||
- 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
|
||||
|
||||
LibreSSL/OpenSSL should be compiled as a position-independent library
|
||||
(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
|
||||
If you must use a non-position-independent libcrypto, then you may need
|
||||
to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit
|
||||
OpenSSL 1.1 versions prior to 1.1.0g can't be used.
|
||||
|
||||
To support Privilege Separation (which is now required) you will need
|
||||
to create the user, group and directory used by sshd for privilege
|
||||
separation. See README.privsep for details.
|
||||
|
||||
|
||||
The remaining items are optional.
|
||||
|
||||
A working installation of zlib:
|
||||
Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
|
||||
http://www.gzip.org/zlib/
|
||||
|
||||
libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
|
||||
is supported but severely restricts the available ciphers and algorithms.
|
||||
- LibreSSL (https://www.libressl.org/)
|
||||
- OpenSSL (https://www.openssl.org) with any of the following versions:
|
||||
- 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
|
||||
|
||||
Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
|
||||
1.1.0g can't be used.
|
||||
|
||||
LibreSSL/OpenSSL should be compiled as a position-independent library
|
||||
(i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
|
||||
or LibreSSL as "CFLAGS=-fPIC ./configure") otherwise OpenSSH will not
|
||||
be able to link with it. If you must use a non-position-independent
|
||||
libcrypto, then you may need to configure OpenSSH --without-pie.
|
||||
|
||||
If you build either from source, running the OpenSSL self-test ("make
|
||||
tests") or the LibreSSL equivalent ("make check") and ensuring that all
|
||||
tests pass is strongly recommended.
|
||||
|
||||
NB. If you operating system supports /dev/random, you should configure
|
||||
libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
|
||||
direct support of /dev/random, or failing that, either prngd or egd.
|
||||
|
@ -44,7 +51,7 @@ http://prngd.sourceforge.net/
|
|||
|
||||
EGD:
|
||||
|
||||
The Entropy Gathering Daemon (EGD) suppports the same interface as prngd.
|
||||
The Entropy Gathering Daemon (EGD) supports the same interface as prngd.
|
||||
It also supported only if libcrypto is configured to support it.
|
||||
|
||||
http://egd.sourceforge.net/
|
||||
|
@ -53,7 +60,7 @@ PAM:
|
|||
|
||||
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
|
||||
system supports it. PAM is standard most Linux distributions, Solaris,
|
||||
HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD.
|
||||
HP-UX 11, AIX >= 5.2, FreeBSD, NetBSD and Mac OS X.
|
||||
|
||||
Information about the various PAM implementations are available:
|
||||
|
||||
|
@ -90,11 +97,12 @@ http://nlnetlabs.nl/projects/ldns/
|
|||
Autoconf:
|
||||
|
||||
If you modify configure.ac or configure doesn't exist (eg if you checked
|
||||
the code out of git yourself) then you will need autoconf-2.69 to rebuild
|
||||
the automatically generated files by running "autoreconf". Earlier
|
||||
versions may also work but this is not guaranteed.
|
||||
the code out of git yourself) then you will need autoconf-2.69 and
|
||||
automake-1.16.1 to rebuild the automatically generated files by running
|
||||
"autoreconf". Earlier versions may also work but this is not guaranteed.
|
||||
|
||||
http://www.gnu.org/software/autoconf/
|
||||
http://www.gnu.org/software/automake/
|
||||
|
||||
Basic Security Module (BSM):
|
||||
|
||||
|
@ -110,6 +118,16 @@ If you are making significant changes to the code you may need to rebuild
|
|||
the dependency (.depend) file using "make depend", which requires the
|
||||
"makedepend" tool from the X11 distribution.
|
||||
|
||||
libfido2:
|
||||
|
||||
libfido2 allows the use of hardware security keys over USB. libfido2
|
||||
in turn depends on libcbor. libfido2 >= 1.5.0 is strongly recommended.
|
||||
Limited functionality is possible with earlier libfido2 versions.
|
||||
|
||||
https://github.com/Yubico/libfido2
|
||||
https://github.com/pjk/libcbor
|
||||
|
||||
|
||||
2. Building / Installation
|
||||
--------------------------
|
||||
|
||||
|
@ -205,6 +223,11 @@ libraries are installed.
|
|||
|
||||
--with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support
|
||||
|
||||
--without-openssl builds without using OpenSSL. Only a subset of ciphers
|
||||
and algorithms are supported in this configuration.
|
||||
|
||||
--without-zlib builds without zlib. This disables the Compression option.
|
||||
|
||||
--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
|
||||
real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
|
||||
|
||||
|
@ -236,7 +259,7 @@ to generate keys for all supported types.
|
|||
|
||||
Replacing /etc/ssh with the correct path to the configuration directory.
|
||||
(${prefix}/etc or whatever you specified with --sysconfdir during
|
||||
configuration)
|
||||
configuration).
|
||||
|
||||
If you have configured OpenSSH with EGD support, ensure that EGD is
|
||||
running and has collected some Entropy.
|
||||
|
@ -261,6 +284,6 @@ summary data may be published.
|
|||
5. Problems?
|
||||
------------
|
||||
|
||||
If you experience problems compiling, installing or running OpenSSH.
|
||||
Please refer to the "reporting bugs" section of the webpage at
|
||||
If you experience problems compiling, installing or running OpenSSH,
|
||||
please refer to the "reporting bugs" section of the webpage at
|
||||
https://www.openssh.com/
|
||||
|
|
62
LICENCE
62
LICENCE
|
@ -314,6 +314,68 @@ OpenSSH contains no GPL code.
|
|||
* authorization. *
|
||||
****************************************************************************/
|
||||
|
||||
The Blowfish cipher implementation is licensed by Niels Provis under
|
||||
a 4-clause BSD license:
|
||||
|
||||
* Blowfish - a fast block cipher designed by Bruce Schneier
|
||||
*
|
||||
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Niels Provos.
|
||||
* 4. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
Some replacement code is licensed by the NetBSD foundation under a
|
||||
2-clause BSD license:
|
||||
|
||||
* Copyright (c) 2001 The NetBSD Foundation, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This code is derived from software contributed to The NetBSD Foundation
|
||||
* by Todd Vierling.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
||||
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
||||
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
------
|
||||
$OpenBSD: LICENCE,v 1.20 2017/04/30 23:26:16 djm Exp $
|
||||
|
|
227
Makefile.in
227
Makefile.in
|
@ -24,6 +24,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
|
|||
SFTP_SERVER=$(libexecdir)/sftp-server
|
||||
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
||||
SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
|
||||
PRIVSEP_PATH=@PRIVSEP_PATH@
|
||||
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
||||
STRIP_OPT=@STRIP_OPT@
|
||||
|
@ -35,32 +36,37 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
|
|||
-D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
|
||||
-D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
|
||||
-D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
|
||||
-D_PATH_SSH_SK_HELPER=\"$(SSH_SK_HELPER)\" \
|
||||
-D_PATH_SSH_PIDDIR=\"$(piddir)\" \
|
||||
-D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
|
||||
|
||||
CC=@CC@
|
||||
LD=@LD@
|
||||
CFLAGS=@CFLAGS@
|
||||
CFLAGS_NOPIE=@CFLAGS_NOPIE@
|
||||
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
||||
PICFLAG=@PICFLAG@
|
||||
LIBS=@LIBS@
|
||||
K5LIBS=@K5LIBS@
|
||||
GSSLIBS=@GSSLIBS@
|
||||
SSHLIBS=@SSHLIBS@
|
||||
SSHDLIBS=@SSHDLIBS@
|
||||
LIBEDIT=@LIBEDIT@
|
||||
LIBFIDO2=@LIBFIDO2@
|
||||
AR=@AR@
|
||||
AWK=@AWK@
|
||||
RANLIB=@RANLIB@
|
||||
INSTALL=@INSTALL@
|
||||
SED=@SED@
|
||||
ENT=@ENT@
|
||||
XAUTH_PATH=@XAUTH_PATH@
|
||||
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
|
||||
LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDFLAGS_NOPIE@
|
||||
EXEEXT=@EXEEXT@
|
||||
MANFMT=@MANFMT@
|
||||
MKDIR_P=@MKDIR_P@
|
||||
|
||||
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
|
||||
.SUFFIXES: .lo
|
||||
|
||||
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
|
||||
|
||||
XMSS_OBJS=\
|
||||
ssh-xmss.o \
|
||||
|
@ -89,22 +95,25 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
|
|||
cipher-ctr.o cleanup.o \
|
||||
compat.o fatal.o hostfile.o \
|
||||
log.o match.o moduli.o nchan.o packet.o \
|
||||
readpass.o ttymodes.o xmalloc.o addrmatch.o \
|
||||
readpass.o ttymodes.o xmalloc.o addr.o addrmatch.o \
|
||||
atomicio.o dispatch.o mac.o misc.o utf8.o \
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-ecdsa-sk.o \
|
||||
ssh-ed25519-sk.o ssh-rsa.o dh.o \
|
||||
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
|
||||
ssh-pkcs11.o smult_curve25519_ref.o \
|
||||
poly1305.o chacha.o cipher-chachapoly.o \
|
||||
ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
|
||||
sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
|
||||
poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \
|
||||
ssh-ed25519.o digest-openssl.o digest-libc.o \
|
||||
hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
|
||||
kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
|
||||
kexgexc.o kexgexs.o \
|
||||
sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
|
||||
platform-pledge.o platform-tracing.o platform-misc.o
|
||||
kexsntrup761x25519.o sntrup761.o kexgen.o \
|
||||
sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
|
||||
sshbuf-io.o
|
||||
|
||||
SKOBJS= ssh-sk-client.o
|
||||
|
||||
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
||||
sshconnect.o sshconnect2.o mux.o
|
||||
sshconnect.o sshconnect2.o mux.o $(SKOBJS)
|
||||
|
||||
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
|
||||
audit.o audit-bsm.o audit-linux.o platform.o \
|
||||
|
@ -116,13 +125,33 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
|
|||
monitor.o monitor_wrap.o auth-krb5.o \
|
||||
auth2-gss.o gss-serv.o gss-serv-krb5.o \
|
||||
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
|
||||
sftp-server.o sftp-common.o sftp-realpath.o \
|
||||
srclimit.o sftp-server.o sftp-common.o \
|
||||
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
|
||||
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
|
||||
sandbox-solaris.o uidswap.o
|
||||
sandbox-solaris.o uidswap.o $(SKOBJS)
|
||||
|
||||
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
|
||||
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
|
||||
SCP_OBJS= scp.o progressmeter.o
|
||||
|
||||
SSHADD_OBJS= ssh-add.o $(SKOBJS)
|
||||
|
||||
SSHAGENT_OBJS= ssh-agent.o ssh-pkcs11-client.o $(SKOBJS)
|
||||
|
||||
SSHKEYGEN_OBJS= ssh-keygen.o sshsig.o $(SKOBJS)
|
||||
|
||||
SSHKEYSIGN_OBJS=ssh-keysign.o readconf.o uidswap.o $(SKOBJS)
|
||||
|
||||
P11HELPER_OBJS= ssh-pkcs11-helper.o ssh-pkcs11.o $(SKOBJS)
|
||||
|
||||
SKHELPER_OBJS= ssh-sk-helper.o ssh-sk.o sk-usbhid.o
|
||||
|
||||
SSHKEYSCAN_OBJS=ssh-keyscan.o $(SKOBJS)
|
||||
|
||||
SFTPSERVER_OBJS=sftp-common.o sftp-server.o sftp-server-main.o
|
||||
|
||||
SFTP_OBJS= sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
|
||||
|
||||
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out
|
||||
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5
|
||||
MANTYPE = @MANTYPE@
|
||||
|
||||
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
|
||||
|
@ -158,7 +187,7 @@ $(SSHOBJS): Makefile.in config.h
|
|||
$(SSHDOBJS): Makefile.in config.h
|
||||
configure-check: $(srcdir)/configure
|
||||
|
||||
$(srcdir)/configure: configure.ac aclocal.m4
|
||||
$(srcdir)/configure: configure.ac $(srcdir)/m4/*.m4
|
||||
@echo "ERROR: configure is out of date; please run ${AUTORECONF} (and configure)" 1>&2
|
||||
@exit 1
|
||||
|
||||
|
@ -175,37 +204,40 @@ libssh.a: $(LIBSSH_OBJS)
|
|||
$(RANLIB) $@
|
||||
|
||||
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
|
||||
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS)
|
||||
|
||||
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
||||
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
|
||||
|
||||
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
|
||||
$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
|
||||
$(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
|
||||
$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHADD_OBJS)
|
||||
$(LD) -o $@ $(SSHADD_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
|
||||
$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHAGENT_OBJS)
|
||||
$(LD) -o $@ $(SSHAGENT_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o sshsig.o
|
||||
$(LD) -o $@ ssh-keygen.o sshsig.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYGEN_OBJS)
|
||||
$(LD) -o $@ $(SSHKEYGEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
|
||||
$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSIGN_OBJS)
|
||||
$(LD) -o $@ $(SSHKEYSIGN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(P11HELPER_OBJS)
|
||||
$(LD) -o $@ $(P11HELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
|
||||
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||
ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
|
||||
$(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2)
|
||||
|
||||
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-realpath.o sftp-server-main.o
|
||||
$(LD) -o $@ sftp-server.o sftp-common.o sftp-realpath.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
|
||||
$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||
|
||||
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
|
||||
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
|
||||
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS)
|
||||
$(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
|
||||
$(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
|
||||
|
||||
# test driver for the loginrec code - not built by default
|
||||
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
|
||||
|
@ -233,7 +265,7 @@ moduli:
|
|||
echo
|
||||
|
||||
clean: regressclean
|
||||
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
|
||||
rm -f *.o *.lo *.a $(TARGETS) logintest config.cache config.log
|
||||
rm -f *.out core survey
|
||||
rm -f regress/check-perm$(EXEEXT)
|
||||
rm -f regress/mkdtemp$(EXEEXT)
|
||||
|
@ -243,6 +275,8 @@ clean: regressclean
|
|||
rm -f regress/unittests/sshbuf/test_sshbuf$(EXEEXT)
|
||||
rm -f regress/unittests/sshkey/*.o
|
||||
rm -f regress/unittests/sshkey/test_sshkey$(EXEEXT)
|
||||
rm -f regress/unittests/sshsig/*.o
|
||||
rm -f regress/unittests/sshsig/test_sshsig$(EXEEXT)
|
||||
rm -f regress/unittests/bitmap/*.o
|
||||
rm -f regress/unittests/bitmap/test_bitmap$(EXEEXT)
|
||||
rm -f regress/unittests/conversion/*.o
|
||||
|
@ -255,8 +289,9 @@ clean: regressclean
|
|||
rm -f regress/unittests/match/test_match$(EXEEXT)
|
||||
rm -f regress/unittests/utf8/*.o
|
||||
rm -f regress/unittests/utf8/test_utf8$(EXEEXT)
|
||||
rm -f regress/misc/kexfuzz/*.o
|
||||
rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT)
|
||||
rm -f regress/misc/sk-dummy/*.o
|
||||
rm -f regress/misc/sk-dummy/*.lo
|
||||
rm -f regress/misc/sk-dummy/sk-dummy.so
|
||||
(cd openbsd-compat && $(MAKE) clean)
|
||||
|
||||
distclean: regressclean
|
||||
|
@ -273,6 +308,8 @@ distclean: regressclean
|
|||
rm -f regress/unittests/sshbuf/test_sshbuf
|
||||
rm -f regress/unittests/sshkey/*.o
|
||||
rm -f regress/unittests/sshkey/test_sshkey
|
||||
rm -f regress/unittests/sshsig/*.o
|
||||
rm -f regress/unittests/sshsig/test_sshsig
|
||||
rm -f regress/unittests/bitmap/*.o
|
||||
rm -f regress/unittests/bitmap/test_bitmap
|
||||
rm -f regress/unittests/conversion/*.o
|
||||
|
@ -285,8 +322,6 @@ distclean: regressclean
|
|||
rm -f regress/unittests/match/test_match
|
||||
rm -f regress/unittests/utf8/*.o
|
||||
rm -f regress/unittests/utf8/test_utf8
|
||||
rm -f regress/misc/kexfuzz/*.o
|
||||
rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT)
|
||||
(cd openbsd-compat && $(MAKE) distclean)
|
||||
if test -d pkg ; then \
|
||||
rm -fr pkg ; \
|
||||
|
@ -313,9 +348,15 @@ depend: depend-rebuild
|
|||
rm -f .depend.bak
|
||||
|
||||
depend-rebuild:
|
||||
rm -f config.h
|
||||
touch config.h
|
||||
mv .depend .depend.old
|
||||
rm -f config.h .depend
|
||||
touch config.h .depend
|
||||
makedepend -w1000 -Y. -f .depend *.c 2>/dev/null
|
||||
(echo '# Automatically generated by makedepend.'; \
|
||||
echo '# Run "make depend" to rebuild.'; sort .depend ) >.depend.tmp
|
||||
mv .depend.tmp .depend
|
||||
rm -f .depend.bak
|
||||
mv .depend.old .depend.bak
|
||||
rm -f config.h
|
||||
|
||||
depend-check: depend-rebuild
|
||||
|
@ -349,6 +390,7 @@ install-files:
|
|||
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
|
||||
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||
|
@ -365,6 +407,7 @@ install-files:
|
|||
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
||||
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
||||
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
||||
$(INSTALL) -m 644 ssh-sk-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
|
||||
|
||||
install-sysconf:
|
||||
$(MKDIR_P) $(DESTDIR)$(sysconfdir)
|
||||
|
@ -425,6 +468,7 @@ uninstall:
|
|||
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
||||
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||
-rm -f $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
||||
|
@ -436,18 +480,20 @@ uninstall:
|
|||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
|
||||
|
||||
regress-prep:
|
||||
$(MKDIR_P) `pwd`/regress/unittests/test_helper
|
||||
$(MKDIR_P) `pwd`/regress/unittests/sshbuf
|
||||
$(MKDIR_P) `pwd`/regress/unittests/sshkey
|
||||
$(MKDIR_P) `pwd`/regress/unittests/sshsig
|
||||
$(MKDIR_P) `pwd`/regress/unittests/bitmap
|
||||
$(MKDIR_P) `pwd`/regress/unittests/conversion
|
||||
$(MKDIR_P) `pwd`/regress/unittests/hostkeys
|
||||
$(MKDIR_P) `pwd`/regress/unittests/kex
|
||||
$(MKDIR_P) `pwd`/regress/unittests/match
|
||||
$(MKDIR_P) `pwd`/regress/unittests/utf8
|
||||
$(MKDIR_P) `pwd`/regress/misc/kexfuzz
|
||||
$(MKDIR_P) `pwd`/regress/misc/sk-dummy
|
||||
[ -f `pwd`/regress/Makefile ] || \
|
||||
ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
|
||||
|
||||
|
@ -502,7 +548,8 @@ UNITTESTS_TEST_SSHKEY_OBJS=\
|
|||
regress/unittests/sshkey/tests.o \
|
||||
regress/unittests/sshkey/common.o \
|
||||
regress/unittests/sshkey/test_file.o \
|
||||
regress/unittests/sshkey/test_sshkey.o
|
||||
regress/unittests/sshkey/test_sshkey.o \
|
||||
$(SKOBJS)
|
||||
|
||||
regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \
|
||||
regress/unittests/test_helper/libtest_helper.a libssh.a
|
||||
|
@ -510,6 +557,17 @@ regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \
|
|||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
UNITTESTS_TEST_SSHSIG_OBJS=\
|
||||
sshsig.o \
|
||||
regress/unittests/sshsig/tests.o \
|
||||
$(SKOBJS)
|
||||
|
||||
regress/unittests/sshsig/test_sshsig$(EXEEXT): ${UNITTESTS_TEST_SSHSIG_OBJS} \
|
||||
regress/unittests/test_helper/libtest_helper.a libssh.a
|
||||
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHSIG_OBJS) \
|
||||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
UNITTESTS_TEST_BITMAP_OBJS=\
|
||||
regress/unittests/bitmap/tests.o
|
||||
|
||||
|
@ -531,7 +589,8 @@ regress/unittests/conversion/test_conversion$(EXEEXT): \
|
|||
|
||||
UNITTESTS_TEST_KEX_OBJS=\
|
||||
regress/unittests/kex/tests.o \
|
||||
regress/unittests/kex/test_kex.o
|
||||
regress/unittests/kex/test_kex.o \
|
||||
$(SKOBJS)
|
||||
|
||||
regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
|
||||
regress/unittests/test_helper/libtest_helper.a libssh.a
|
||||
|
@ -541,7 +600,8 @@ regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
|
|||
|
||||
UNITTESTS_TEST_HOSTKEYS_OBJS=\
|
||||
regress/unittests/hostkeys/tests.o \
|
||||
regress/unittests/hostkeys/test_iterate.o
|
||||
regress/unittests/hostkeys/test_iterate.o \
|
||||
$(SKOBJS)
|
||||
|
||||
regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
|
||||
${UNITTESTS_TEST_HOSTKEYS_OBJS} \
|
||||
|
@ -570,30 +630,39 @@ regress/unittests/utf8/test_utf8$(EXEEXT): \
|
|||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
MISC_KEX_FUZZ_OBJS=\
|
||||
regress/misc/kexfuzz/kexfuzz.o
|
||||
# These all need to be compiled -fPIC, so they are treated differently.
|
||||
SK_DUMMY_OBJS=\
|
||||
regress/misc/sk-dummy/sk-dummy.lo \
|
||||
regress/misc/sk-dummy/fatal.lo \
|
||||
ed25519.lo hash.lo ge25519.lo fe25519.lo sc25519.lo verify.lo
|
||||
|
||||
regress/misc/kexfuzz/kexfuzz$(EXEEXT): ${MISC_KEX_FUZZ_OBJS} libssh.a
|
||||
$(LD) -o $@ $(LDFLAGS) $(MISC_KEX_FUZZ_OBJS) \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
SK_DUMMY_LIBRARY=@SK_DUMMY_LIBRARY@
|
||||
|
||||
.c.lo: Makefile.in config.h
|
||||
$(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $< -o $@
|
||||
|
||||
regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS)
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -fPIC -shared -o $@ $(SK_DUMMY_OBJS) \
|
||||
-L. -Lopenbsd-compat -lopenbsd-compat $(LDFLAGS_NOPIE) $(LIBS)
|
||||
|
||||
regress-binaries: regress-prep $(LIBCOMPAT) \
|
||||
regress/modpipe$(EXEEXT) \
|
||||
regress/setuid-allowed$(EXEEXT) \
|
||||
regress/netcat$(EXEEXT) \
|
||||
regress/check-perm$(EXEEXT) \
|
||||
regress/mkdtemp$(EXEEXT)
|
||||
regress/mkdtemp$(EXEEXT) \
|
||||
$(SK_DUMMY_LIBRARY)
|
||||
|
||||
regress-unit-binaries: regress-prep $(REGRESSLIBS) \
|
||||
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
|
||||
regress/unittests/sshkey/test_sshkey$(EXEEXT) \
|
||||
regress/unittests/sshsig/test_sshsig$(EXEEXT) \
|
||||
regress/unittests/bitmap/test_bitmap$(EXEEXT) \
|
||||
regress/unittests/conversion/test_conversion$(EXEEXT) \
|
||||
regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
|
||||
regress/unittests/kex/test_kex$(EXEEXT) \
|
||||
regress/unittests/match/test_match$(EXEEXT) \
|
||||
regress/unittests/utf8/test_utf8$(EXEEXT) \
|
||||
regress/misc/kexfuzz/kexfuzz$(EXEEXT)
|
||||
|
||||
tests: file-tests t-exec interop-tests unit
|
||||
echo all tests passed
|
||||
|
@ -608,24 +677,8 @@ unit: regress-unit-binaries
|
|||
|
||||
interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
|
||||
BUILDDIR=`pwd`; \
|
||||
TEST_SSH_SCP="$${BUILDDIR}/scp"; \
|
||||
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
|
||||
TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
|
||||
TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
|
||||
TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \
|
||||
TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \
|
||||
TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \
|
||||
TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
|
||||
TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
|
||||
TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
|
||||
TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \
|
||||
TEST_SSH_PLINK="plink"; \
|
||||
TEST_SSH_PUTTYGEN="puttygen"; \
|
||||
TEST_SSH_CONCH="conch"; \
|
||||
TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
|
||||
TEST_SSH_UTF8="@TEST_SSH_UTF8@" ; \
|
||||
TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
|
||||
cd $(srcdir)/regress || exit $$?; \
|
||||
EGREP='@EGREP@' \
|
||||
$(MAKE) \
|
||||
.OBJDIR="$${BUILDDIR}/regress" \
|
||||
.CURDIR="`pwd`" \
|
||||
|
@ -634,22 +687,24 @@ interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
|
|||
PATH="$${BUILDDIR}:$${PATH}" \
|
||||
TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
|
||||
TEST_MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
|
||||
TEST_SSH_SCP="$${TEST_SSH_SCP}" \
|
||||
TEST_SSH_SSH="$${TEST_SSH_SSH}" \
|
||||
TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
|
||||
TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
|
||||
TEST_SSH_SSHADD="$${TEST_SSH_SSHADD}" \
|
||||
TEST_SSH_SSHKEYGEN="$${TEST_SSH_SSHKEYGEN}" \
|
||||
TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \
|
||||
TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
|
||||
TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
|
||||
TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
|
||||
TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \
|
||||
TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \
|
||||
TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
|
||||
TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
|
||||
TEST_SSH_UTF8="$${TEST_SSH_UTF8}" \
|
||||
TEST_SSH_ECC="$${TEST_SSH_ECC}" \
|
||||
TEST_SSH_SCP="$${BUILDDIR}/scp" \
|
||||
TEST_SSH_SSH="$${BUILDDIR}/ssh" \
|
||||
TEST_SSH_SSHD="$${BUILDDIR}/sshd" \
|
||||
TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent" \
|
||||
TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add" \
|
||||
TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen" \
|
||||
TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper" \
|
||||
TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan" \
|
||||
TEST_SSH_SFTP="$${BUILDDIR}/sftp" \
|
||||
TEST_SSH_PKCS11_HELPER="$${BUILDDIR}/ssh-pkcs11-helper" \
|
||||
TEST_SSH_SK_HELPER="$${BUILDDIR}/ssh-sk-helper" \
|
||||
TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server" \
|
||||
TEST_SSH_PLINK="plink" \
|
||||
TEST_SSH_PUTTYGEN="puttygen" \
|
||||
TEST_SSH_CONCH="conch" \
|
||||
TEST_SSH_IPV6="@TEST_SSH_IPV6@" \
|
||||
TEST_SSH_UTF8="@TEST_SSH_UTF8@" \
|
||||
TEST_SSH_ECC="@TEST_SSH_ECC@" \
|
||||
TEST_SHELL="${TEST_SHELL}" \
|
||||
EXEEXT="$(EXEEXT)" \
|
||||
$@ && echo all $@ passed
|
||||
|
|
70
PROTOCOL
70
PROTOCOL
|
@ -140,7 +140,7 @@ window space and may be sent even if no window space is available.
|
|||
NB. due to certain broken SSH implementations aborting upon receipt
|
||||
of this message (in contravention of RFC4254 section 5.4), this
|
||||
message is only sent to OpenSSH peers (identified by banner).
|
||||
Other SSH implementations may be whitelisted to receive this message
|
||||
Other SSH implementations may be listed to receive this message
|
||||
upon request.
|
||||
|
||||
2.2. connection: disallow additional sessions extension
|
||||
|
@ -169,7 +169,7 @@ Note that this is not a general defence against compromised clients
|
|||
NB. due to certain broken SSH implementations aborting upon receipt
|
||||
of this message, the no-more-sessions request is only sent to OpenSSH
|
||||
servers (identified by banner). Other SSH implementations may be
|
||||
whitelisted to receive this message upon request.
|
||||
listed to receive this message upon request.
|
||||
|
||||
2.3. connection: Tunnel forward extension "tun@openssh.com"
|
||||
|
||||
|
@ -194,7 +194,7 @@ layer 2 frames or layer 3 packets. It may take one of the following values:
|
|||
SSH_TUNMODE_ETHERNET 2 /* layer 2 frames */
|
||||
|
||||
The "tunnel unit number" specifies the remote interface number, or may
|
||||
be 0x7fffffff to allow the server to automatically chose an interface. A
|
||||
be 0x7fffffff to allow the server to automatically choose an interface. A
|
||||
server that is not willing to open a client-specified unit should refuse
|
||||
the request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful
|
||||
open, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
|
||||
|
@ -292,13 +292,14 @@ has completed.
|
|||
|
||||
byte SSH_MSG_GLOBAL_REQUEST
|
||||
string "hostkeys-00@openssh.com"
|
||||
char 0 /* want-reply */
|
||||
string[] hostkeys
|
||||
|
||||
Upon receiving this message, a client should check which of the
|
||||
supplied host keys are present in known_hosts.
|
||||
|
||||
Note that the server may send key types that the client does not
|
||||
support. The client should disgregard such keys if they are received.
|
||||
support. The client should disregard such keys if they are received.
|
||||
|
||||
If the client identifies any keys that are not present for the host,
|
||||
it should send a "hostkeys-prove@openssh.com" message to request the
|
||||
|
@ -465,6 +466,65 @@ respond with a SSH_FXP_STATUS message.
|
|||
This extension is advertised in the SSH_FXP_VERSION hello with version
|
||||
"1".
|
||||
|
||||
3.7. sftp: Extension request "lsetstat@openssh.com"
|
||||
|
||||
This request is like the "setstat" command, but sets file attributes on
|
||||
symlinks. It is implemented as a SSH_FXP_EXTENDED request with the
|
||||
following format:
|
||||
|
||||
uint32 id
|
||||
string "lsetstat@openssh.com"
|
||||
string path
|
||||
ATTRS attrs
|
||||
|
||||
See the "setstat" command for more details.
|
||||
|
||||
This extension is advertised in the SSH_FXP_VERSION hello with version
|
||||
"1".
|
||||
|
||||
3.8. sftp: Extension request "limits@openssh.com"
|
||||
|
||||
This request is used to determine various limits the server might impose.
|
||||
Clients should not attempt to exceed these limits as the server might sever
|
||||
the connection immediately.
|
||||
|
||||
uint32 id
|
||||
string "limits@openssh.com"
|
||||
|
||||
The server will respond with a SSH_FXP_EXTENDED_REPLY reply:
|
||||
|
||||
uint32 id
|
||||
uint64 max-packet-length
|
||||
uint64 max-read-length
|
||||
uint64 max-write-length
|
||||
uint64 max-open-handles
|
||||
|
||||
The 'max-packet-length' applies to the total number of bytes in a
|
||||
single SFTP packet. Servers SHOULD set this at least to 34000.
|
||||
|
||||
The 'max-read-length' is the largest length in a SSH_FXP_READ packet.
|
||||
Even if the client requests a larger size, servers will usually respond
|
||||
with a shorter SSH_FXP_DATA packet. Servers SHOULD set this at least to
|
||||
32768.
|
||||
|
||||
The 'max-write-length' is the largest length in a SSH_FXP_WRITE packet
|
||||
the server will accept. Servers SHOULD set this at least to 32768.
|
||||
|
||||
The 'max-open-handles' is the maximum number of active handles that the
|
||||
server allows (e.g. handles created by SSH_FXP_OPEN and SSH_FXP_OPENDIR
|
||||
packets). Servers MAY count internal file handles against this limit
|
||||
(e.g. system logging or stdout/stderr), so clients SHOULD NOT expect to
|
||||
open this many handles in practice.
|
||||
|
||||
If the server doesn't enforce a specific limit, then the field may be
|
||||
set to 0. This implies the server relies on the OS to enforce limits
|
||||
(e.g. available memory or file handles), and such limits might be
|
||||
dynamic. The client SHOULD take care to not try to exceed reasonable
|
||||
limits.
|
||||
|
||||
This extension is advertised in the SSH_FXP_VERSION hello with version
|
||||
"1".
|
||||
|
||||
4. Miscellaneous changes
|
||||
|
||||
4.1 Public key format
|
||||
|
@ -496,4 +556,4 @@ OpenSSH's connection multiplexing uses messages as described in
|
|||
PROTOCOL.mux over a Unix domain socket for communications between a
|
||||
master instance and later clients.
|
||||
|
||||
$OpenBSD: PROTOCOL,v 1.36 2018/10/02 12:51:58 djm Exp $
|
||||
$OpenBSD: PROTOCOL,v 1.41 2021/02/18 02:49:35 djm Exp $
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
This file used to contain a description of the SSH agent protocol
|
||||
implemented by OpenSSH. It has since been superseded by an Internet-
|
||||
draft that is available from:
|
||||
implemented by OpenSSH. It has since been superseded by
|
||||
https://tools.ietf.org/html/draft-miller-ssh-agent-04
|
||||
|
||||
https://tools.ietf.org/html/draft-miller-ssh-agent-02
|
||||
$OpenBSD: PROTOCOL.agent,v 1.14 2020/10/06 07:12:04 dtucker Exp $
|
||||
|
|
|
@ -280,6 +280,13 @@ their data fields are:
|
|||
|
||||
Name Format Description
|
||||
-----------------------------------------------------------------------------
|
||||
no-presence-required empty Flag indicating that signatures made
|
||||
with this certificate need not assert
|
||||
user presence. This option only make
|
||||
sense for the U2F/FIDO security key
|
||||
types that support this feature in
|
||||
their signature formats.
|
||||
|
||||
permit-X11-forwarding empty Flag indicating that X11 forwarding
|
||||
should be permitted. X11 forwarding will
|
||||
be refused if this option is absent.
|
||||
|
@ -304,4 +311,4 @@ permit-user-rc empty Flag indicating that execution of
|
|||
of this script will not be permitted if
|
||||
this option is not present.
|
||||
|
||||
$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $
|
||||
$OpenBSD: PROTOCOL.certkeys,v 1.17 2019/11/25 00:57:51 djm Exp $
|
||||
|
|
|
@ -34,7 +34,7 @@ Detailed Construction
|
|||
The chacha20-poly1305@openssh.com cipher requires 512 bits of key
|
||||
material as output from the SSH key exchange. This forms two 256 bit
|
||||
keys (K_1 and K_2), used by two separate instances of chacha20.
|
||||
The first 256 bits consitute K_2 and the second 256 bits become
|
||||
The first 256 bits constitute K_2 and the second 256 bits become
|
||||
K_1.
|
||||
|
||||
The instance keyed by K_1 is a stream cipher that is used only
|
||||
|
@ -103,5 +103,5 @@ References
|
|||
[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
|
||||
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
|
||||
|
||||
$OpenBSD: PROTOCOL.chacha20poly1305,v 1.4 2018/04/10 00:10:49 djm Exp $
|
||||
$OpenBSD: PROTOCOL.chacha20poly1305,v 1.5 2020/02/21 00:04:43 dtucker Exp $
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ messages between the client and server. The client therefore must
|
|||
speak a significant subset of the SSH protocol, but in return is able
|
||||
to access basically the full suite of connection protocol features.
|
||||
Moreover, as no file descriptor passing is required, the connection
|
||||
supporting a proxy client may iteself be forwarded or relayed to another
|
||||
supporting a proxy client may itself be forwarded or relayed to another
|
||||
host if necessary.
|
||||
|
||||
1. Connection setup
|
||||
|
@ -295,4 +295,4 @@ XXX session inspection via master
|
|||
XXX signals via mux request
|
||||
XXX list active connections via mux
|
||||
|
||||
$OpenBSD: PROTOCOL.mux,v 1.11 2018/09/26 07:30:05 djm Exp $
|
||||
$OpenBSD: PROTOCOL.mux,v 1.12 2020/03/13 03:17:07 djm Exp $
|
||||
|
|
|
@ -71,7 +71,7 @@ encoding rules for the chosen key type. For RSA signatures, the
|
|||
signature algorithm must be "rsa-sha2-512" or "rsa-sha2-256" (i.e.
|
||||
not the legacy RSA-SHA1 "ssh-rsa").
|
||||
|
||||
This blob is encoded as a string using the RFC4243 encoding
|
||||
This blob is encoded as a string using the RFC4253 encoding
|
||||
rules and base64 encoded to form the middle part of the
|
||||
armored signature.
|
||||
|
||||
|
@ -97,3 +97,4 @@ the reserved field if it is not empty.
|
|||
The data is concatenated and passed to the SSH signing
|
||||
function.
|
||||
|
||||
$OpenBSD: PROTOCOL.sshsig,v 1.4 2020/08/31 00:17:41 djm Exp $
|
||||
|
|
|
@ -0,0 +1,309 @@
|
|||
This document describes OpenSSH's support for U2F/FIDO security keys.
|
||||
|
||||
Background
|
||||
----------
|
||||
|
||||
U2F is an open standard for two-factor authentication hardware, widely
|
||||
used for user authentication to websites. U2F tokens are ubiquitous,
|
||||
available from a number of manufacturers and are currently by far the
|
||||
cheapest way for users to achieve hardware-backed credential storage.
|
||||
|
||||
The U2F protocol however cannot be trivially used as an SSH protocol key
|
||||
type as both the inputs to the signature operation and the resultant
|
||||
signature differ from those specified for SSH. For similar reasons,
|
||||
integration of U2F devices cannot be achieved via the PKCS#11 API.
|
||||
|
||||
U2F also offers a number of features that are attractive in the context
|
||||
of SSH authentication. They can be configured to require indication
|
||||
of "user presence" for each signature operation (typically achieved
|
||||
by requiring the user touch the key). They also offer an attestation
|
||||
mechanism at key enrollment time that can be used to prove that a
|
||||
given key is backed by hardware. Finally the signature format includes
|
||||
a monotonic signature counter that can be used (at scale) to detect
|
||||
concurrent use of a private key, should it be extracted from hardware.
|
||||
|
||||
U2F private keys are generated through an enrollment operation,
|
||||
which takes an application ID - a URL-like string, typically "ssh:"
|
||||
in this case, but a HTTP origin for the case of web authentication,
|
||||
and a challenge string (typically randomly generated). The enrollment
|
||||
operation returns a public key, a key handle that must be used to invoke
|
||||
the hardware-backed private key, some flags and signed attestation
|
||||
information that may be used to verify that a private key is hosted on a
|
||||
particular hardware instance.
|
||||
|
||||
It is common for U2F hardware to derive private keys from the key handle
|
||||
in conjunction with a small per-device secret that is unique to the
|
||||
hardware, thus requiring little on-device storage for an effectively
|
||||
unlimited number of supported keys. This drives the requirement that
|
||||
the key handle be supplied for each signature operation. U2F tokens
|
||||
primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
|
||||
standard specifies additional key types, including one based on Ed25519.
|
||||
|
||||
Use of U2F security keys does not automatically imply multi-factor
|
||||
authentication. From sshd's perspective, a security key constitutes a
|
||||
single factor of authentication, even if protected by a PIN or biometric
|
||||
authentication. To enable multi-factor authentication in ssh, please
|
||||
refer to the AuthenticationMethods option in sshd_config(5).
|
||||
|
||||
|
||||
SSH U2F Key formats
|
||||
-------------------
|
||||
|
||||
OpenSSH integrates U2F as new key and corresponding certificate types:
|
||||
|
||||
sk-ecdsa-sha2-nistp256@openssh.com
|
||||
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
|
||||
sk-ssh-ed25519@openssh.com
|
||||
sk-ssh-ed25519-cert-v01@openssh.com
|
||||
|
||||
While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,
|
||||
keys require extra information in the public and private keys, and in
|
||||
the signature object itself. As such they cannot be made compatible with
|
||||
the existing ecdsa-sha2-nistp* key types.
|
||||
|
||||
The format of a sk-ecdsa-sha2-nistp256@openssh.com public key is:
|
||||
|
||||
string "sk-ecdsa-sha2-nistp256@openssh.com"
|
||||
string curve name
|
||||
ec_point Q
|
||||
string application (user-specified, but typically "ssh:")
|
||||
|
||||
The corresponding private key contains:
|
||||
|
||||
string "sk-ecdsa-sha2-nistp256@openssh.com"
|
||||
string curve name
|
||||
ec_point Q
|
||||
string application (user-specified, but typically "ssh:")
|
||||
uint8 flags
|
||||
string key_handle
|
||||
string reserved
|
||||
|
||||
The format of a sk-ssh-ed25519@openssh.com public key is:
|
||||
|
||||
string "sk-ssh-ed25519@openssh.com"
|
||||
string public key
|
||||
string application (user-specified, but typically "ssh:")
|
||||
|
||||
With a private half consisting of:
|
||||
|
||||
string "sk-ssh-ed25519@openssh.com"
|
||||
string public key
|
||||
string application (user-specified, but typically "ssh:")
|
||||
uint8 flags
|
||||
string key_handle
|
||||
string reserved
|
||||
|
||||
The certificate form for SSH U2F keys appends the usual certificate
|
||||
information to the public key:
|
||||
|
||||
string "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
|
||||
string nonce
|
||||
string curve name
|
||||
ec_point Q
|
||||
string application
|
||||
uint64 serial
|
||||
uint32 type
|
||||
string key id
|
||||
string valid principals
|
||||
uint64 valid after
|
||||
uint64 valid before
|
||||
string critical options
|
||||
string extensions
|
||||
string reserved
|
||||
string signature key
|
||||
string signature
|
||||
|
||||
and for security key ed25519 certificates:
|
||||
|
||||
string "sk-ssh-ed25519-cert-v01@openssh.com"
|
||||
string nonce
|
||||
string public key
|
||||
string application
|
||||
uint64 serial
|
||||
uint32 type
|
||||
string key id
|
||||
string valid principals
|
||||
uint64 valid after
|
||||
uint64 valid before
|
||||
string critical options
|
||||
string extensions
|
||||
string reserved
|
||||
string signature key
|
||||
string signature
|
||||
|
||||
Both security key certificates use the following encoding for private keys:
|
||||
|
||||
string type (e.g. "sk-ssh-ed25519-cert-v01@openssh.com")
|
||||
string pubkey (the above key/cert structure)
|
||||
string application
|
||||
uint8 flags
|
||||
string key_handle
|
||||
string reserved
|
||||
|
||||
During key generation, the hardware also returns attestation information
|
||||
that may be used to cryptographically prove that a given key is
|
||||
hardware-backed. Unfortunately, the protocol required for this proof is
|
||||
not privacy-preserving and may be used to identify U2F tokens with at
|
||||
least manufacturer and batch number granularity. For this reason, we
|
||||
choose not to include this information in the public key or save it by
|
||||
default.
|
||||
|
||||
Attestation information is useful for out-of-band key and certificate
|
||||
registration workflows, e.g. proving to a CA that a key is backed
|
||||
by trusted hardware before it will issue a certificate. To support this
|
||||
case, OpenSSH optionally allows retaining the attestation information
|
||||
at the time of key generation. It will take the following format:
|
||||
|
||||
string "ssh-sk-attest-v01"
|
||||
string attestation certificate
|
||||
string enrollment signature
|
||||
string authenticator data (CBOR encoded)
|
||||
uint32 reserved flags
|
||||
string reserved string
|
||||
|
||||
A previous version of this format, emitted prior to OpenSSH 8.4 omitted
|
||||
the authenticator data.
|
||||
|
||||
string "ssh-sk-attest-v00"
|
||||
string attestation certificate
|
||||
string enrollment signature
|
||||
uint32 reserved flags
|
||||
string reserved string
|
||||
|
||||
OpenSSH treats the attestation certificate and enrollment signatures as
|
||||
opaque objects and does no interpretation of them itself.
|
||||
|
||||
SSH U2F signatures
|
||||
------------------
|
||||
|
||||
In addition to the message to be signed, the U2F signature operation
|
||||
requires the key handle and a few additional parameters. The signature
|
||||
is signed over a blob that consists of:
|
||||
|
||||
byte[32] SHA256(application)
|
||||
byte flags (including "user present", extensions present)
|
||||
uint32 counter
|
||||
byte[] extensions
|
||||
byte[32] SHA256(message)
|
||||
|
||||
No extensions are yet defined for SSH use. If any are defined in the future,
|
||||
it will be possible to infer their presence from the contents of the "flags"
|
||||
value.
|
||||
|
||||
The signature returned from U2F hardware takes the following format:
|
||||
|
||||
byte flags (including "user present")
|
||||
uint32 counter
|
||||
byte[] ecdsa_signature (in X9.62 format).
|
||||
|
||||
For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
|
||||
format data in the pre-authentication attack surface. Therefore, the
|
||||
signature format used on the wire in SSH2_USERAUTH_REQUEST packets will
|
||||
be reformatted to better match the existing signature encoding:
|
||||
|
||||
string "sk-ecdsa-sha2-nistp256@openssh.com"
|
||||
string ecdsa_signature
|
||||
byte flags
|
||||
uint32 counter
|
||||
|
||||
Where the "ecdsa_signature" field follows the RFC5656 ECDSA signature
|
||||
encoding:
|
||||
|
||||
mpint r
|
||||
mpint s
|
||||
|
||||
For Ed25519 keys the signature is encoded as:
|
||||
|
||||
string "sk-ssh-ed25519@openssh.com"
|
||||
string signature
|
||||
byte flags
|
||||
uint32 counter
|
||||
|
||||
webauthn signatures
|
||||
-------------------
|
||||
|
||||
The W3C/FIDO webauthn[1] standard defines a mechanism for a web browser to
|
||||
interact with FIDO authentication tokens. This standard builds upon the
|
||||
FIDO standards, but requires different signature contents to raw FIDO
|
||||
messages. OpenSSH supports ECDSA/p256 webauthn signatures through the
|
||||
"webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature algorithm.
|
||||
|
||||
The wire encoding for a webauthn-sk-ecdsa-sha2-nistp256@openssh.com
|
||||
signature is similar to the sk-ecdsa-sha2-nistp256@openssh.com format:
|
||||
|
||||
string "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
|
||||
string ecdsa_signature
|
||||
byte flags
|
||||
uint32 counter
|
||||
string origin
|
||||
string clientData
|
||||
string extensions
|
||||
|
||||
Where "origin" is the HTTP origin making the signature, "clientData" is
|
||||
the JSON-like structure signed by the browser and "extensions" are any
|
||||
extensions used in making the signature.
|
||||
|
||||
[1] https://www.w3.org/TR/webauthn-2/
|
||||
|
||||
ssh-agent protocol extensions
|
||||
-----------------------------
|
||||
|
||||
ssh-agent requires a protocol extension to support U2F keys. At
|
||||
present the closest analogue to Security Keys in ssh-agent are PKCS#11
|
||||
tokens, insofar as they require a middleware library to communicate with
|
||||
the device that holds the keys. Unfortunately, the protocol message used
|
||||
to add PKCS#11 keys to ssh-agent does not include any way to send the
|
||||
key handle to the agent as U2F keys require.
|
||||
|
||||
To avoid this, without having to add wholly new messages to the agent
|
||||
protocol, we will use the existing SSH2_AGENTC_ADD_ID_CONSTRAINED message
|
||||
with a new key constraint extension to encode a path to the middleware
|
||||
library for the key. The format of this constraint extension would be:
|
||||
|
||||
byte SSH_AGENT_CONSTRAIN_EXTENSION
|
||||
string sk-provider@openssh.com
|
||||
string middleware path
|
||||
|
||||
This constraint-based approach does not present any compatibility
|
||||
problems.
|
||||
|
||||
OpenSSH integration
|
||||
-------------------
|
||||
|
||||
U2F tokens may be attached via a number of means, including USB and NFC.
|
||||
The USB interface is standardised around a HID protocol, but we want to
|
||||
be able to support other transports as well as dummy implementations for
|
||||
regress testing. For this reason, OpenSSH shall support a dynamically-
|
||||
loaded middleware libraries to communicate with security keys, but offer
|
||||
support for the common case of USB HID security keys internally.
|
||||
|
||||
The middleware library need only expose a handful of functions and
|
||||
numbers listed in sk-api.h. Included in the defined numbers is a
|
||||
SSH_SK_VERSION_MAJOR that should be incremented for each incompatible
|
||||
API change.
|
||||
|
||||
miscellaneous options may be passed to the middleware as a NULL-
|
||||
terminated array of pointers to struct sk_option. The middleware may
|
||||
ignore unsupported or unknown options unless the "required" flag is set,
|
||||
in which case it should return failure if an unsupported option is
|
||||
requested.
|
||||
|
||||
At present the following options names are supported:
|
||||
|
||||
"device"
|
||||
|
||||
Specifies a specific FIDO device on which to perform the
|
||||
operation. The value in this field is interpreted by the
|
||||
middleware but it would be typical to specify a path to
|
||||
a /dev node for the device in question.
|
||||
|
||||
"user"
|
||||
|
||||
Specifies the FIDO2 username used when enrolling a key,
|
||||
overriding OpenSSH's default of using an all-zero username.
|
||||
|
||||
In OpenSSH, the middleware will be invoked by using a similar mechanism to
|
||||
ssh-pkcs11-helper to provide address-space containment of the
|
||||
middleware from ssh-agent.
|
||||
|
||||
$OpenBSD: PROTOCOL.u2f,v 1.26 2020/09/09 03:08:01 djm Exp $
|
36
README
36
README
|
@ -1,4 +1,4 @@
|
|||
See https://www.openssh.com/releasenotes.html#8.1p1 for the release notes.
|
||||
See https://www.openssh.com/releasenotes.html#8.5p1 for the release notes.
|
||||
|
||||
Please read https://www.openssh.com/report.html for bug reporting
|
||||
instructions and note that we do not use Github for bug reporting or
|
||||
|
@ -15,7 +15,7 @@ Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
|
|||
and Dug Song. It has a homepage at https://www.openssh.com/
|
||||
|
||||
This port consists of the re-introduction of autoconf support, PAM
|
||||
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
|
||||
support, EGD/PRNGD support and replacements for OpenBSD library
|
||||
functions that are (regrettably) absent from other unices. This port
|
||||
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
|
||||
FreeBSD, NetBSD, OpenBSD, OpenServer, Solaris and UnixWare.
|
||||
|
@ -26,37 +26,27 @@ The PAM support is now more functional than the popular packages of
|
|||
commercial ssh-1.2.x. It checks "account" and "session" modules for
|
||||
all logins, not just when using password authentication.
|
||||
|
||||
OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and
|
||||
libedit[6]
|
||||
|
||||
There is now several mailing lists for this port of OpenSSH. Please
|
||||
refer to https://www.openssh.com/list.html for details on how to join.
|
||||
|
||||
Please send bug reports and patches to the mailing list
|
||||
openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed
|
||||
users. Code contribution are welcomed, but please follow the OpenBSD
|
||||
style guidelines[7].
|
||||
Please send bug reports and patches to https://bugzilla.mindrot.org or
|
||||
the mailing list openssh-unix-dev@mindrot.org. To mitigate spam, the
|
||||
list only allows posting from subscribed addresses. Code contribution
|
||||
are welcomed, but please follow the OpenBSD style guidelines[1].
|
||||
|
||||
Please refer to the INSTALL document for information on how to install
|
||||
OpenSSH on your system.
|
||||
Please refer to the INSTALL document for information on dependencies and
|
||||
how to install OpenSSH on your system.
|
||||
|
||||
Damien Miller <djm@mindrot.org>
|
||||
|
||||
Miscellania -
|
||||
|
||||
This version of OpenSSH is based upon code retrieved from the OpenBSD
|
||||
CVS repository which in turn was based on the last free sample
|
||||
implementation released by Tatu Ylonen.
|
||||
This version of OpenSSH is based upon code retrieved from the OpenBSD CVS
|
||||
repository which in turn was based on the last free sample implementation
|
||||
released by Tatu Ylonen.
|
||||
|
||||
References -
|
||||
|
||||
[0] https://www.openssh.com/
|
||||
[1] http://www.lothar.com/tech/crypto/
|
||||
[2] http://prngd.sourceforge.net/
|
||||
[3] https://www.zlib.net/
|
||||
[4] https://www.openssl.org/
|
||||
[5] https://www.openpam.org
|
||||
https://www.kernel.org/pub/linux/libs/pam/
|
||||
(PAM also is standard on Solaris and HP-UX 11)
|
||||
[6] https://thrysoee.dk/editline/ (portable version)
|
||||
[7] https://man.openbsd.org/style.9
|
||||
[1] https://man.openbsd.org/style.9
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
How to verify host keys using OpenSSH and DNS
|
||||
---------------------------------------------
|
||||
|
||||
OpenSSH contains support for verifying host keys using DNS as described in
|
||||
draft-ietf-secsh-dns-05.txt. The document contains very brief instructions
|
||||
on how to use this feature. Configuring DNS is out of the scope of this
|
||||
document.
|
||||
OpenSSH contains support for verifying host keys using DNS as described
|
||||
in https://tools.ietf.org/html/rfc4255. The document contains very brief
|
||||
instructions on how to use this feature. Configuring DNS is out of the
|
||||
scope of this document.
|
||||
|
||||
|
||||
(1) Server: Generate and publish the DNS RR
|
||||
|
|
15
README.md
15
README.md
|
@ -1,5 +1,7 @@
|
|||
# Portable OpenSSH
|
||||
|
||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
|
||||
|
||||
OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
|
||||
|
||||
This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).
|
||||
|
@ -25,21 +27,27 @@ Stable release tarballs are available from a number of [download mirrors](https:
|
|||
|
||||
### Dependencies
|
||||
|
||||
Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies.
|
||||
Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers.
|
||||
|
||||
``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms.
|
||||
|
||||
[zlib](https://www.zlib.net/) is optional; without it transport compression is not supported.
|
||||
|
||||
FIDO security token support needs [libfido2](https://github.com/Yubico/libfido2) and its dependencies. Also, certain platforms and build-time options may require additional dependencies; see README.platform for details.
|
||||
|
||||
### Building a release
|
||||
|
||||
Releases include a pre-built copy of the ``configure`` script and may be built using:
|
||||
|
||||
```
|
||||
tar zxvf openssh-X.Y.tar.gz
|
||||
tar zxvf openssh-X.YpZ.tar.gz
|
||||
cd openssh
|
||||
./configure # [options]
|
||||
make && make tests
|
||||
```
|
||||
|
||||
See the [Build-time Customisation](#build-time-customisation) section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths.
|
||||
|
||||
|
||||
### Building from git
|
||||
|
||||
If building from git, you'll need [autoconf](https://www.gnu.org/software/autoconf/) installed to build the ``configure`` script. The following commands will check out and build portable OpenSSH from git:
|
||||
|
@ -64,6 +72,7 @@ Flag | Meaning
|
|||
``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
|
||||
``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
|
||||
``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
|
||||
``--with-security-key-builtin`` | Include built-in support for U2F/FIDO2 security keys. This requires [libfido2](https://github.com/Yubico/libfido2) be installed.
|
||||
|
||||
## Development
|
||||
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
This file contains notes about OpenSSH on specific platforms.
|
||||
|
||||
AIX
|
||||
---
|
||||
As of OpenSSH 3.8p1, sshd will now honour an accounts password expiry
|
||||
settings, where previously it did not. Because of this, it's possible for
|
||||
sites that have used OpenSSH's sshd exclusively to have accounts which
|
||||
have passwords expired longer than the inactive time (ie the "Weeks between
|
||||
password EXPIRATION and LOCKOUT" setting in SMIT or the maxexpired
|
||||
chuser attribute).
|
||||
|
||||
Beginning with OpenSSH 3.8p1, sshd will honour an account's password
|
||||
expiry settings, where prior to that it did not. Because of this,
|
||||
it's possible for sites that have used OpenSSH's sshd exclusively to
|
||||
have accounts which have passwords expired longer than the inactive time
|
||||
(ie the "Weeks between password EXPIRATION and LOCKOUT" setting in SMIT
|
||||
or the maxexpired chuser attribute).
|
||||
|
||||
Accounts in this state must have their passwords reset manually by the
|
||||
administrator. As a precaution, it is recommended that the administrative
|
||||
passwords be reset before upgrading from OpenSSH <3.8.
|
||||
|
||||
As of OpenSSH 4.0, configure will attempt to detect if your version
|
||||
As of OpenSSH 4.0p1, configure will attempt to detect if your version
|
||||
and maintenance level of AIX has a working getaddrinfo, and will use it
|
||||
if found. This will enable IPv6 support. If for some reason configure
|
||||
gets it wrong, or if you want to build binaries to work on earlier MLs
|
||||
|
|
|
@ -0,0 +1,423 @@
|
|||
/* $OpenBSD: addr.c,v 1.1 2021/01/09 11:58:50 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <netdb.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include "addr.h"
|
||||
|
||||
#define _SA(x) ((struct sockaddr *)(x))
|
||||
|
||||
int
|
||||
addr_unicast_masklen(int af)
|
||||
{
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return 32;
|
||||
case AF_INET6:
|
||||
return 128;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
static inline int
|
||||
masklen_valid(int af, u_int masklen)
|
||||
{
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return masklen <= 32 ? 0 : -1;
|
||||
case AF_INET6:
|
||||
return masklen <= 128 ? 0 : -1;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
addr_xaddr_to_sa(const struct xaddr *xa, struct sockaddr *sa, socklen_t *len,
|
||||
u_int16_t port)
|
||||
{
|
||||
struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
|
||||
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
|
||||
|
||||
if (xa == NULL || sa == NULL || len == NULL)
|
||||
return -1;
|
||||
|
||||
switch (xa->af) {
|
||||
case AF_INET:
|
||||
if (*len < sizeof(*in4))
|
||||
return -1;
|
||||
memset(sa, '\0', sizeof(*in4));
|
||||
*len = sizeof(*in4);
|
||||
#ifdef SOCK_HAS_LEN
|
||||
in4->sin_len = sizeof(*in4);
|
||||
#endif
|
||||
in4->sin_family = AF_INET;
|
||||
in4->sin_port = htons(port);
|
||||
memcpy(&in4->sin_addr, &xa->v4, sizeof(in4->sin_addr));
|
||||
break;
|
||||
case AF_INET6:
|
||||
if (*len < sizeof(*in6))
|
||||
return -1;
|
||||
memset(sa, '\0', sizeof(*in6));
|
||||
*len = sizeof(*in6);
|
||||
#ifdef SOCK_HAS_LEN
|
||||
in6->sin6_len = sizeof(*in6);
|
||||
#endif
|
||||
in6->sin6_family = AF_INET6;
|
||||
in6->sin6_port = htons(port);
|
||||
memcpy(&in6->sin6_addr, &xa->v6, sizeof(in6->sin6_addr));
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
|
||||
in6->sin6_scope_id = xa->scope_id;
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert struct sockaddr to struct xaddr
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
|
||||
{
|
||||
struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
|
||||
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
|
||||
|
||||
memset(xa, '\0', sizeof(*xa));
|
||||
|
||||
switch (sa->sa_family) {
|
||||
case AF_INET:
|
||||
if (slen < (socklen_t)sizeof(*in4))
|
||||
return -1;
|
||||
xa->af = AF_INET;
|
||||
memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
|
||||
break;
|
||||
case AF_INET6:
|
||||
if (slen < (socklen_t)sizeof(*in6))
|
||||
return -1;
|
||||
xa->af = AF_INET6;
|
||||
memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
|
||||
xa->scope_id = in6->sin6_scope_id;
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
addr_invert(struct xaddr *n)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (n == NULL)
|
||||
return -1;
|
||||
|
||||
switch (n->af) {
|
||||
case AF_INET:
|
||||
n->v4.s_addr = ~n->v4.s_addr;
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
for (i = 0; i < 4; i++)
|
||||
n->addr32[i] = ~n->addr32[i];
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate a netmask of length 'l' for address family 'af' and
|
||||
* store it in 'n'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
addr_netmask(int af, u_int l, struct xaddr *n)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (masklen_valid(af, l) != 0 || n == NULL)
|
||||
return -1;
|
||||
|
||||
memset(n, '\0', sizeof(*n));
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
n->af = AF_INET;
|
||||
if (l == 0)
|
||||
return 0;
|
||||
n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
n->af = AF_INET6;
|
||||
for (i = 0; i < 4 && l >= 32; i++, l -= 32)
|
||||
n->addr32[i] = 0xffffffffU;
|
||||
if (i < 4 && l != 0)
|
||||
n->addr32[i] = htonl((0xffffffff << (32 - l)) &
|
||||
0xffffffff);
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
addr_hostmask(int af, u_int l, struct xaddr *n)
|
||||
{
|
||||
if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
|
||||
return -1;
|
||||
|
||||
memcpy(dst, a, sizeof(*dst));
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
dst->v4.s_addr &= b->v4.s_addr;
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
dst->scope_id = a->scope_id;
|
||||
for (i = 0; i < 4; i++)
|
||||
dst->addr32[i] &= b->addr32[i];
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
addr_cmp(const struct xaddr *a, const struct xaddr *b)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (a->af != b->af)
|
||||
return (a->af == AF_INET6 ? 1 : -1);
|
||||
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
/*
|
||||
* Can't just subtract here as 255.255.255.255 - 0.0.0.0 is
|
||||
* too big to fit into a signed int
|
||||
*/
|
||||
if (a->v4.s_addr == b->v4.s_addr)
|
||||
return 0;
|
||||
return (ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1);
|
||||
case AF_INET6:;
|
||||
/*
|
||||
* Do this a byte at a time to avoid the above issue and
|
||||
* any endian problems
|
||||
*/
|
||||
for (i = 0; i < 16; i++)
|
||||
if (a->addr8[i] - b->addr8[i] != 0)
|
||||
return (a->addr8[i] - b->addr8[i]);
|
||||
if (a->scope_id == b->scope_id)
|
||||
return (0);
|
||||
return (a->scope_id > b->scope_id ? 1 : -1);
|
||||
default:
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
addr_is_all0s(const struct xaddr *a)
|
||||
{
|
||||
int i;
|
||||
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
return (a->v4.s_addr == 0 ? 0 : -1);
|
||||
case AF_INET6:;
|
||||
for (i = 0; i < 4; i++)
|
||||
if (a->addr32[i] != 0)
|
||||
return -1;
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test whether host portion of address 'a', as determined by 'masklen'
|
||||
* is all zeros.
|
||||
* Returns 0 on if host portion of address is all-zeros,
|
||||
* -1 if not all zeros or on failure.
|
||||
*/
|
||||
int
|
||||
addr_host_is_all0s(const struct xaddr *a, u_int masklen)
|
||||
{
|
||||
struct xaddr tmp_addr, tmp_mask, tmp_result;
|
||||
|
||||
memcpy(&tmp_addr, a, sizeof(tmp_addr));
|
||||
if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
|
||||
return -1;
|
||||
if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1)
|
||||
return -1;
|
||||
return addr_is_all0s(&tmp_result);
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse string address 'p' into 'n'
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
addr_pton(const char *p, struct xaddr *n)
|
||||
{
|
||||
struct addrinfo hints, *ai;
|
||||
|
||||
memset(&hints, '\0', sizeof(hints));
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
|
||||
if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
|
||||
return -1;
|
||||
|
||||
if (ai == NULL || ai->ai_addr == NULL)
|
||||
return -1;
|
||||
|
||||
if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen,
|
||||
n) == -1) {
|
||||
freeaddrinfo(ai);
|
||||
return -1;
|
||||
}
|
||||
|
||||
freeaddrinfo(ai);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
addr_sa_pton(const char *h, const char *s, struct sockaddr *sa, socklen_t slen)
|
||||
{
|
||||
struct addrinfo hints, *ai;
|
||||
|
||||
memset(&hints, '\0', sizeof(hints));
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
|
||||
if (h == NULL || getaddrinfo(h, s, &hints, &ai) != 0)
|
||||
return -1;
|
||||
|
||||
if (ai == NULL || ai->ai_addr == NULL)
|
||||
return -1;
|
||||
|
||||
if (sa != NULL) {
|
||||
if (slen < ai->ai_addrlen)
|
||||
return -1;
|
||||
memcpy(sa, &ai->ai_addr, ai->ai_addrlen);
|
||||
}
|
||||
|
||||
freeaddrinfo(ai);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
addr_ntop(const struct xaddr *n, char *p, size_t len)
|
||||
{
|
||||
struct sockaddr_storage ss;
|
||||
socklen_t slen = sizeof(ss);
|
||||
|
||||
if (addr_xaddr_to_sa(n, _SA(&ss), &slen, 0) == -1)
|
||||
return -1;
|
||||
if (n == NULL || p == NULL || len == 0)
|
||||
return -1;
|
||||
if (getnameinfo(_SA(&ss), slen, p, len, NULL, 0,
|
||||
NI_NUMERICHOST) == -1)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z).
|
||||
* Return -1 on parse error, -2 on inconsistency or 0 on success.
|
||||
*/
|
||||
int
|
||||
addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
|
||||
{
|
||||
struct xaddr tmp;
|
||||
long unsigned int masklen = 999;
|
||||
char addrbuf[64], *mp, *cp;
|
||||
|
||||
/* Don't modify argument */
|
||||
if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
|
||||
return -1;
|
||||
|
||||
if ((mp = strchr(addrbuf, '/')) != NULL) {
|
||||
*mp = '\0';
|
||||
mp++;
|
||||
masklen = strtoul(mp, &cp, 10);
|
||||
if (*mp == '\0' || *cp != '\0' || masklen > 128)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (addr_pton(addrbuf, &tmp) == -1)
|
||||
return -1;
|
||||
|
||||
if (mp == NULL)
|
||||
masklen = addr_unicast_masklen(tmp.af);
|
||||
if (masklen_valid(tmp.af, masklen) == -1)
|
||||
return -2;
|
||||
if (addr_host_is_all0s(&tmp, masklen) != 0)
|
||||
return -2;
|
||||
|
||||
if (n != NULL)
|
||||
memcpy(n, &tmp, sizeof(*n));
|
||||
if (l != NULL)
|
||||
*l = masklen;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen)
|
||||
{
|
||||
struct xaddr tmp_mask, tmp_result;
|
||||
|
||||
if (host->af != net->af)
|
||||
return -1;
|
||||
|
||||
if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
|
||||
return -1;
|
||||
if (addr_and(&tmp_result, host, &tmp_mask) == -1)
|
||||
return -1;
|
||||
return addr_cmp(&tmp_result, net);
|
||||
}
|
|
@ -0,0 +1,60 @@
|
|||
/*
|
||||
* Copyright (c) 2004,2005 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* Address handling routines */
|
||||
|
||||
#ifndef _ADDR_H
|
||||
#define _ADDR_H
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
struct xaddr {
|
||||
sa_family_t af;
|
||||
union {
|
||||
struct in_addr v4;
|
||||
struct in6_addr v6;
|
||||
u_int8_t addr8[16];
|
||||
u_int16_t addr16[8];
|
||||
u_int32_t addr32[4];
|
||||
} xa; /* 128-bit address */
|
||||
u_int32_t scope_id; /* iface scope id for v6 */
|
||||
#define v4 xa.v4
|
||||
#define v6 xa.v6
|
||||
#define addr8 xa.addr8
|
||||
#define addr16 xa.addr16
|
||||
#define addr32 xa.addr32
|
||||
};
|
||||
|
||||
int addr_unicast_masklen(int af);
|
||||
int addr_xaddr_to_sa(const struct xaddr *xa, struct sockaddr *sa,
|
||||
socklen_t *len, u_int16_t port);
|
||||
int addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa);
|
||||
int addr_netmask(int af, u_int l, struct xaddr *n);
|
||||
int addr_hostmask(int af, u_int l, struct xaddr *n);
|
||||
int addr_invert(struct xaddr *n);
|
||||
int addr_pton(const char *p, struct xaddr *n);
|
||||
int addr_sa_pton(const char *h, const char *s, struct sockaddr *sa,
|
||||
socklen_t slen);
|
||||
int addr_pton_cidr(const char *p, struct xaddr *n, u_int *l);
|
||||
int addr_ntop(const struct xaddr *n, char *p, size_t len);
|
||||
int addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b);
|
||||
int addr_cmp(const struct xaddr *a, const struct xaddr *b);
|
||||
int addr_is_all0s(const struct xaddr *n);
|
||||
int addr_host_is_all0s(const struct xaddr *n, u_int masklen);
|
||||
int addr_netmatch(const struct xaddr *host, const struct xaddr *net,
|
||||
u_int masklen);
|
||||
#endif /* _ADDR_H */
|
349
addrmatch.c
349
addrmatch.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */
|
||||
/* $OpenBSD: addrmatch.c,v 1.16 2021/01/09 11:58:50 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
|
||||
|
@ -29,337 +29,10 @@
|
|||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "addr.h"
|
||||
#include "match.h"
|
||||
#include "log.h"
|
||||
|
||||
struct xaddr {
|
||||
sa_family_t af;
|
||||
union {
|
||||
struct in_addr v4;
|
||||
struct in6_addr v6;
|
||||
u_int8_t addr8[16];
|
||||
u_int32_t addr32[4];
|
||||
} xa; /* 128-bit address */
|
||||
u_int32_t scope_id; /* iface scope id for v6 */
|
||||
#define v4 xa.v4
|
||||
#define v6 xa.v6
|
||||
#define addr8 xa.addr8
|
||||
#define addr32 xa.addr32
|
||||
};
|
||||
|
||||
static int
|
||||
addr_unicast_masklen(int af)
|
||||
{
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return 32;
|
||||
case AF_INET6:
|
||||
return 128;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
static inline int
|
||||
masklen_valid(int af, u_int masklen)
|
||||
{
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return masklen <= 32 ? 0 : -1;
|
||||
case AF_INET6:
|
||||
return masklen <= 128 ? 0 : -1;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert struct sockaddr to struct xaddr
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
|
||||
{
|
||||
struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
|
||||
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
|
||||
|
||||
memset(xa, '\0', sizeof(*xa));
|
||||
|
||||
switch (sa->sa_family) {
|
||||
case AF_INET:
|
||||
if (slen < (socklen_t)sizeof(*in4))
|
||||
return -1;
|
||||
xa->af = AF_INET;
|
||||
memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
|
||||
break;
|
||||
case AF_INET6:
|
||||
if (slen < (socklen_t)sizeof(*in6))
|
||||
return -1;
|
||||
xa->af = AF_INET6;
|
||||
memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
|
||||
xa->scope_id = in6->sin6_scope_id;
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate a netmask of length 'l' for address family 'af' and
|
||||
* store it in 'n'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_netmask(int af, u_int l, struct xaddr *n)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (masklen_valid(af, l) != 0 || n == NULL)
|
||||
return -1;
|
||||
|
||||
memset(n, '\0', sizeof(*n));
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
n->af = AF_INET;
|
||||
if (l == 0)
|
||||
return 0;
|
||||
n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
n->af = AF_INET6;
|
||||
for (i = 0; i < 4 && l >= 32; i++, l -= 32)
|
||||
n->addr32[i] = 0xffffffffU;
|
||||
if (i < 4 && l != 0)
|
||||
n->addr32[i] = htonl((0xffffffff << (32 - l)) &
|
||||
0xffffffff);
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
|
||||
return -1;
|
||||
|
||||
memcpy(dst, a, sizeof(*dst));
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
dst->v4.s_addr &= b->v4.s_addr;
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
dst->scope_id = a->scope_id;
|
||||
for (i = 0; i < 4; i++)
|
||||
dst->addr32[i] &= b->addr32[i];
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Compare addresses 'a' and 'b'
|
||||
* Return 0 if addresses are identical, -1 if (a < b) or 1 if (a > b)
|
||||
*/
|
||||
static int
|
||||
addr_cmp(const struct xaddr *a, const struct xaddr *b)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (a->af != b->af)
|
||||
return a->af == AF_INET6 ? 1 : -1;
|
||||
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
if (a->v4.s_addr == b->v4.s_addr)
|
||||
return 0;
|
||||
return ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1;
|
||||
case AF_INET6:
|
||||
for (i = 0; i < 16; i++)
|
||||
if (a->addr8[i] - b->addr8[i] != 0)
|
||||
return a->addr8[i] > b->addr8[i] ? 1 : -1;
|
||||
if (a->scope_id == b->scope_id)
|
||||
return 0;
|
||||
return a->scope_id > b->scope_id ? 1 : -1;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse string address 'p' into 'n'
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_pton(const char *p, struct xaddr *n)
|
||||
{
|
||||
struct addrinfo hints, *ai = NULL;
|
||||
int ret = -1;
|
||||
|
||||
memset(&hints, '\0', sizeof(hints));
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
|
||||
if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
|
||||
goto out;
|
||||
if (ai == NULL || ai->ai_addr == NULL)
|
||||
goto out;
|
||||
if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1)
|
||||
goto out;
|
||||
/* success */
|
||||
ret = 0;
|
||||
out:
|
||||
if (ai != NULL)
|
||||
freeaddrinfo(ai);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Perform bitwise negation of address
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_invert(struct xaddr *n)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (n == NULL)
|
||||
return (-1);
|
||||
|
||||
switch (n->af) {
|
||||
case AF_INET:
|
||||
n->v4.s_addr = ~n->v4.s_addr;
|
||||
return (0);
|
||||
case AF_INET6:
|
||||
for (i = 0; i < 4; i++)
|
||||
n->addr32[i] = ~n->addr32[i];
|
||||
return (0);
|
||||
default:
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate a netmask of length 'l' for address family 'af' and
|
||||
* store it in 'n'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_hostmask(int af, u_int l, struct xaddr *n)
|
||||
{
|
||||
if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1)
|
||||
return (-1);
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Test whether address 'a' is all zeros (i.e. 0.0.0.0 or ::)
|
||||
* Returns 0 on if address is all-zeros, -1 if not all zeros or on failure.
|
||||
*/
|
||||
static int
|
||||
addr_is_all0s(const struct xaddr *a)
|
||||
{
|
||||
int i;
|
||||
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
return (a->v4.s_addr == 0 ? 0 : -1);
|
||||
case AF_INET6:;
|
||||
for (i = 0; i < 4; i++)
|
||||
if (a->addr32[i] != 0)
|
||||
return (-1);
|
||||
return (0);
|
||||
default:
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test whether host portion of address 'a', as determined by 'masklen'
|
||||
* is all zeros.
|
||||
* Returns 0 on if host portion of address is all-zeros,
|
||||
* -1 if not all zeros or on failure.
|
||||
*/
|
||||
static int
|
||||
addr_host_is_all0s(const struct xaddr *a, u_int masklen)
|
||||
{
|
||||
struct xaddr tmp_addr, tmp_mask, tmp_result;
|
||||
|
||||
memcpy(&tmp_addr, a, sizeof(tmp_addr));
|
||||
if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
|
||||
return (-1);
|
||||
if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1)
|
||||
return (-1);
|
||||
return (addr_is_all0s(&tmp_result));
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z).
|
||||
* Return -1 on parse error, -2 on inconsistency or 0 on success.
|
||||
*/
|
||||
static int
|
||||
addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
|
||||
{
|
||||
struct xaddr tmp;
|
||||
long unsigned int masklen = 999;
|
||||
char addrbuf[64], *mp, *cp;
|
||||
|
||||
/* Don't modify argument */
|
||||
if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
|
||||
return -1;
|
||||
|
||||
if ((mp = strchr(addrbuf, '/')) != NULL) {
|
||||
*mp = '\0';
|
||||
mp++;
|
||||
masklen = strtoul(mp, &cp, 10);
|
||||
if (*mp == '\0' || *cp != '\0' || masklen > 128)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (addr_pton(addrbuf, &tmp) == -1)
|
||||
return -1;
|
||||
|
||||
if (mp == NULL)
|
||||
masklen = addr_unicast_masklen(tmp.af);
|
||||
if (masklen_valid(tmp.af, masklen) == -1)
|
||||
return -2;
|
||||
if (addr_host_is_all0s(&tmp, masklen) != 0)
|
||||
return -2;
|
||||
|
||||
if (n != NULL)
|
||||
memcpy(n, &tmp, sizeof(*n));
|
||||
if (l != NULL)
|
||||
*l = masklen;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen)
|
||||
{
|
||||
struct xaddr tmp_mask, tmp_result;
|
||||
|
||||
if (host->af != net->af)
|
||||
return -1;
|
||||
|
||||
if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
|
||||
return -1;
|
||||
if (addr_and(&tmp_result, host, &tmp_mask) == -1)
|
||||
return -1;
|
||||
return addr_cmp(&tmp_result, net);
|
||||
}
|
||||
|
||||
/*
|
||||
* Match "addr" against list pattern list "_list", which may contain a
|
||||
* mix of CIDR addresses and old-school wildcards.
|
||||
|
@ -381,7 +54,7 @@ addr_match_list(const char *addr, const char *_list)
|
|||
int ret = 0, r;
|
||||
|
||||
if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
|
||||
debug2("%s: couldn't parse address %.100s", __func__, addr);
|
||||
debug2_f("couldn't parse address %.100s", addr);
|
||||
return 0;
|
||||
}
|
||||
if ((o = list = strdup(_list)) == NULL)
|
||||
|
@ -397,8 +70,8 @@ addr_match_list(const char *addr, const char *_list)
|
|||
/* Prefer CIDR address matching */
|
||||
r = addr_pton_cidr(cp, &match_addr, &masklen);
|
||||
if (r == -2) {
|
||||
debug2("%s: inconsistent mask length for "
|
||||
"match network \"%.100s\"", __func__, cp);
|
||||
debug2_f("inconsistent mask length for "
|
||||
"match network \"%.100s\"", cp);
|
||||
ret = -2;
|
||||
break;
|
||||
} else if (r == 0) {
|
||||
|
@ -441,15 +114,14 @@ addr_match_cidr_list(const char *addr, const char *_list)
|
|||
int ret = 0, r;
|
||||
|
||||
if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
|
||||
debug2("%s: couldn't parse address %.100s", __func__, addr);
|
||||
debug2_f("couldn't parse address %.100s", addr);
|
||||
return 0;
|
||||
}
|
||||
if ((o = list = strdup(_list)) == NULL)
|
||||
return -1;
|
||||
while ((cp = strsep(&list, ",")) != NULL) {
|
||||
if (*cp == '\0') {
|
||||
error("%s: empty entry in list \"%.100s\"",
|
||||
__func__, o);
|
||||
error_f("empty entry in list \"%.100s\"", o);
|
||||
ret = -1;
|
||||
break;
|
||||
}
|
||||
|
@ -462,15 +134,14 @@ addr_match_cidr_list(const char *addr, const char *_list)
|
|||
|
||||
/* Stop junk from reaching getaddrinfo. +3 is for masklen */
|
||||
if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
|
||||
error("%s: list entry \"%.100s\" too long",
|
||||
__func__, cp);
|
||||
error_f("list entry \"%.100s\" too long", cp);
|
||||
ret = -1;
|
||||
break;
|
||||
}
|
||||
#define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/"
|
||||
if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
|
||||
error("%s: list entry \"%.100s\" contains invalid "
|
||||
"characters", __func__, cp);
|
||||
error_f("list entry \"%.100s\" contains invalid "
|
||||
"characters", cp);
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-options.c,v 1.89 2019/09/13 04:36:43 dtucker Exp $ */
|
||||
/* $OpenBSD: auth-options.c,v 1.94 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
|
@ -79,7 +79,7 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
int r, ret = -1, found;
|
||||
|
||||
if ((c = sshbuf_fromb(oblob)) == NULL) {
|
||||
error("%s: sshbuf_fromb failed", __func__);
|
||||
error_f("sshbuf_fromb failed");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -88,15 +88,17 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
data = NULL;
|
||||
if ((r = sshbuf_get_cstring(c, &name, NULL)) != 0 ||
|
||||
(r = sshbuf_froms(c, &data)) != 0) {
|
||||
error("Unable to parse certificate options: %s",
|
||||
ssh_err(r));
|
||||
error_r(r, "Unable to parse certificate options");
|
||||
goto out;
|
||||
}
|
||||
debug3("found certificate option \"%.100s\" len %zu",
|
||||
name, sshbuf_len(data));
|
||||
found = 0;
|
||||
if ((which & OPTIONS_EXTENSIONS) != 0) {
|
||||
if (strcmp(name, "permit-X11-forwarding") == 0) {
|
||||
if (strcmp(name, "no-touch-required") == 0) {
|
||||
opts->no_require_user_presence = 1;
|
||||
found = 1;
|
||||
} else if (strcmp(name, "permit-X11-forwarding") == 0) {
|
||||
opts->permit_x11_forwarding_flag = 1;
|
||||
found = 1;
|
||||
} else if (strcmp(name,
|
||||
|
@ -116,11 +118,14 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
}
|
||||
}
|
||||
if (!found && (which & OPTIONS_CRITICAL) != 0) {
|
||||
if (strcmp(name, "force-command") == 0) {
|
||||
if (strcmp(name, "verify-required") == 0) {
|
||||
opts->require_verify = 1;
|
||||
found = 1;
|
||||
} else if (strcmp(name, "force-command") == 0) {
|
||||
if ((r = sshbuf_get_cstring(data, &command,
|
||||
NULL)) != 0) {
|
||||
error("Unable to parse \"%s\" "
|
||||
"section: %s", name, ssh_err(r));
|
||||
error_r(r, "Unable to parse \"%s\" "
|
||||
"section", name);
|
||||
goto out;
|
||||
}
|
||||
if (opts->force_command != NULL) {
|
||||
|
@ -131,12 +136,11 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
}
|
||||
opts->force_command = command;
|
||||
found = 1;
|
||||
}
|
||||
if (strcmp(name, "source-address") == 0) {
|
||||
} else if (strcmp(name, "source-address") == 0) {
|
||||
if ((r = sshbuf_get_cstring(data, &allowed,
|
||||
NULL)) != 0) {
|
||||
error("Unable to parse \"%s\" "
|
||||
"section: %s", name, ssh_err(r));
|
||||
error_r(r, "Unable to parse \"%s\" "
|
||||
"section", name);
|
||||
goto out;
|
||||
}
|
||||
if (opts->required_from_host_cert != NULL) {
|
||||
|
@ -219,8 +223,7 @@ sshauthopt_free(struct sshauthopt *opts)
|
|||
free(opts->permitlisten[i]);
|
||||
free(opts->permitlisten);
|
||||
|
||||
explicit_bzero(opts, sizeof(*opts));
|
||||
free(opts);
|
||||
freezero(opts, sizeof(*opts));
|
||||
}
|
||||
|
||||
struct sshauthopt *
|
||||
|
@ -347,6 +350,10 @@ sshauthopt_parse(const char *opts, const char **errstrp)
|
|||
ret->permit_agent_forwarding_flag = r == 1;
|
||||
} else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) {
|
||||
ret->permit_x11_forwarding_flag = r == 1;
|
||||
} else if ((r = opt_flag("touch-required", 1, &opts)) != -1) {
|
||||
ret->no_require_user_presence = r != 1; /* NB. flip */
|
||||
} else if ((r = opt_flag("verify-required", 1, &opts)) != -1) {
|
||||
ret->require_verify = r == 1;
|
||||
} else if ((r = opt_flag("pty", 1, &opts)) != -1) {
|
||||
ret->permit_pty_flag = r == 1;
|
||||
} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) {
|
||||
|
@ -567,14 +574,18 @@ sshauthopt_merge(const struct sshauthopt *primary,
|
|||
goto alloc_fail;
|
||||
}
|
||||
|
||||
/* Flags are logical-AND (i.e. must be set in both for permission) */
|
||||
#define OPTFLAG(x) ret->x = (primary->x == 1) && (additional->x == 1)
|
||||
OPTFLAG(permit_port_forwarding_flag);
|
||||
OPTFLAG(permit_agent_forwarding_flag);
|
||||
OPTFLAG(permit_x11_forwarding_flag);
|
||||
OPTFLAG(permit_pty_flag);
|
||||
OPTFLAG(permit_user_rc);
|
||||
#undef OPTFLAG
|
||||
#define OPTFLAG_AND(x) ret->x = (primary->x == 1) && (additional->x == 1)
|
||||
#define OPTFLAG_OR(x) ret->x = (primary->x == 1) || (additional->x == 1)
|
||||
/* Permissive flags are logical-AND (i.e. must be set in both) */
|
||||
OPTFLAG_AND(permit_port_forwarding_flag);
|
||||
OPTFLAG_AND(permit_agent_forwarding_flag);
|
||||
OPTFLAG_AND(permit_x11_forwarding_flag);
|
||||
OPTFLAG_AND(permit_pty_flag);
|
||||
OPTFLAG_AND(permit_user_rc);
|
||||
OPTFLAG_AND(no_require_user_presence);
|
||||
/* Restrictive flags are logical-OR (i.e. must be set in either) */
|
||||
OPTFLAG_OR(require_verify);
|
||||
#undef OPTFLAG_AND
|
||||
|
||||
/* Earliest expiry time should win */
|
||||
if (primary->valid_before != 0)
|
||||
|
@ -643,6 +654,8 @@ sshauthopt_copy(const struct sshauthopt *orig)
|
|||
OPTSCALAR(cert_authority);
|
||||
OPTSCALAR(force_tun_device);
|
||||
OPTSCALAR(valid_before);
|
||||
OPTSCALAR(no_require_user_presence);
|
||||
OPTSCALAR(require_verify);
|
||||
#undef OPTSCALAR
|
||||
#define OPTSTRING(x) \
|
||||
do { \
|
||||
|
@ -728,9 +741,11 @@ deserialise_array(struct sshbuf *m, char ***ap, size_t *np)
|
|||
*np = n;
|
||||
n = 0;
|
||||
out:
|
||||
for (i = 0; i < n; i++)
|
||||
free(a[i]);
|
||||
free(a);
|
||||
if (a != NULL) {
|
||||
for (i = 0; i < n; i++)
|
||||
free(a[i]);
|
||||
free(a);
|
||||
}
|
||||
sshbuf_free(b);
|
||||
return r;
|
||||
}
|
||||
|
@ -765,7 +780,7 @@ sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m,
|
|||
{
|
||||
int r = SSH_ERR_INTERNAL_ERROR;
|
||||
|
||||
/* Flag and simple integer options */
|
||||
/* Flag options */
|
||||
if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 ||
|
||||
|
@ -773,7 +788,12 @@ sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m,
|
|||
(r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->restricted)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->cert_authority)) != 0 ||
|
||||
(r = sshbuf_put_u64(m, opts->valid_before)) != 0)
|
||||
(r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->require_verify)) != 0)
|
||||
return r;
|
||||
|
||||
/* Simple integer options */
|
||||
if ((r = sshbuf_put_u64(m, opts->valid_before)) != 0)
|
||||
return r;
|
||||
|
||||
/* tunnel number can be negative to indicate "unset" */
|
||||
|
@ -817,6 +837,7 @@ sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp)
|
|||
if ((opts = calloc(1, sizeof(*opts))) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
|
||||
/* Flag options */
|
||||
#define OPT_FLAG(x) \
|
||||
do { \
|
||||
if ((r = sshbuf_get_u8(m, &f)) != 0) \
|
||||
|
@ -830,8 +851,11 @@ sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp)
|
|||
OPT_FLAG(permit_user_rc);
|
||||
OPT_FLAG(restricted);
|
||||
OPT_FLAG(cert_authority);
|
||||
OPT_FLAG(no_require_user_presence);
|
||||
OPT_FLAG(require_verify);
|
||||
#undef OPT_FLAG
|
||||
|
||||
/* Simple integer options */
|
||||
if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0)
|
||||
goto out;
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-options.h,v 1.28 2019/07/09 04:15:00 djm Exp $ */
|
||||
/* $OpenBSD: auth-options.h,v 1.30 2020/08/27 01:07:09 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
|
||||
|
@ -68,6 +68,11 @@ struct sshauthopt {
|
|||
*/
|
||||
char *required_from_host_cert;
|
||||
char *required_from_host_keys;
|
||||
|
||||
/* Key requires user presence asserted */
|
||||
int no_require_user_presence;
|
||||
/* Key requires user verification (e.g. PIN) */
|
||||
int require_verify;
|
||||
};
|
||||
|
||||
struct sshauthopt *sshauthopt_new(void);
|
||||
|
|
26
auth-pam.c
26
auth-pam.c
|
@ -56,6 +56,7 @@
|
|||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
|
@ -99,6 +100,7 @@ extern char *__progname;
|
|||
#include "servconf.h"
|
||||
#include "ssh2.h"
|
||||
#include "auth-options.h"
|
||||
#include "misc.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
|
@ -150,12 +152,12 @@ static struct pam_ctxt *cleanup_ctxt;
|
|||
*/
|
||||
|
||||
static int sshpam_thread_status = -1;
|
||||
static mysig_t sshpam_oldsig;
|
||||
static sshsig_t sshpam_oldsig;
|
||||
|
||||
static void
|
||||
sshpam_sigchld_handler(int sig)
|
||||
{
|
||||
signal(SIGCHLD, SIG_DFL);
|
||||
ssh_signal(SIGCHLD, SIG_DFL);
|
||||
if (cleanup_ctxt == NULL)
|
||||
return; /* handler called after PAM cleanup, shouldn't happen */
|
||||
if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
|
||||
|
@ -207,7 +209,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
|
|||
*thread = pid;
|
||||
close(ctx->pam_csock);
|
||||
ctx->pam_csock = -1;
|
||||
sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
|
||||
sshpam_oldsig = ssh_signal(SIGCHLD, sshpam_sigchld_handler);
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
|
@ -215,7 +217,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
|
|||
static int
|
||||
pthread_cancel(sp_pthread_t thread)
|
||||
{
|
||||
signal(SIGCHLD, sshpam_oldsig);
|
||||
ssh_signal(SIGCHLD, sshpam_oldsig);
|
||||
return (kill(thread, SIGTERM));
|
||||
}
|
||||
|
||||
|
@ -227,7 +229,7 @@ pthread_join(sp_pthread_t thread, void **value)
|
|||
|
||||
if (sshpam_thread_status != -1)
|
||||
return (sshpam_thread_status);
|
||||
signal(SIGCHLD, sshpam_oldsig);
|
||||
ssh_signal(SIGCHLD, sshpam_oldsig);
|
||||
while (waitpid(thread, &status, 0) == -1) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
|
@ -299,7 +301,7 @@ sshpam_chauthtok_ruid(pam_handle_t *pamh, int flags)
|
|||
# define pam_chauthtok(a,b) (sshpam_chauthtok_ruid((a), (b)))
|
||||
#endif
|
||||
|
||||
void
|
||||
static void
|
||||
sshpam_password_change_required(int reqd)
|
||||
{
|
||||
extern struct sshauthopt *auth_opts;
|
||||
|
@ -373,7 +375,11 @@ import_environments(struct sshbuf *b)
|
|||
error("PAM: pam_putenv: %s",
|
||||
pam_strerror(sshpam_handle, r));
|
||||
}
|
||||
/* XXX leak env? */
|
||||
/*
|
||||
* XXX this possibly leaks env because it is not documented
|
||||
* what pam_putenv() does with it. Does it copy it? Does it
|
||||
* take ownweship? We don't know, so it's safest just to leak.
|
||||
*/
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
@ -683,6 +689,12 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
|
|||
const char *pam_user, *user = authctxt->user;
|
||||
const char **ptr_pam_user = &pam_user;
|
||||
|
||||
#if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE)
|
||||
/* Protect buggy PAM implementations from excessively long usernames */
|
||||
if (strlen(user) >= PAM_MAX_RESP_SIZE)
|
||||
fatal("Username too long from %s port %d",
|
||||
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
|
||||
#endif
|
||||
if (sshpam_handle == NULL) {
|
||||
if (ssh == NULL) {
|
||||
fatal("%s: called initially with no "
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */
|
||||
/* $OpenBSD: auth-passwd.c,v 1.48 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -161,14 +161,14 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as)
|
|||
if ((r = sshbuf_putf(loginmsg,
|
||||
"Your password will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
if (actimeleft != 0 && actimeleft < acwarntime) {
|
||||
daysleft = actimeleft / DAY + 1;
|
||||
if ((r = sshbuf_putf(loginmsg,
|
||||
"Your account will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-rhosts.c,v 1.51 2019/10/02 00:42:30 djm Exp $ */
|
||||
/* $OpenBSD: auth-rhosts.c,v 1.53 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -223,7 +223,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
if (!rhosts_files[rhosts_file_index] &&
|
||||
stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
|
||||
stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
|
||||
debug3("%s: no hosts access files exist", __func__);
|
||||
debug3_f("no hosts access files exist");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -232,7 +232,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
* shosts.equiv.
|
||||
*/
|
||||
if (pw->pw_uid == 0)
|
||||
debug3("%s: root user, ignoring system hosts files", __func__);
|
||||
debug3_f("root user, ignoring system hosts files");
|
||||
else {
|
||||
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
|
||||
client_user, pw->pw_name)) {
|
||||
|
@ -298,7 +298,9 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
* Check if we have been configured to ignore .rhosts
|
||||
* and .shosts files.
|
||||
*/
|
||||
if (options.ignore_rhosts) {
|
||||
if (options.ignore_rhosts == IGNORE_RHOSTS_YES ||
|
||||
(options.ignore_rhosts == IGNORE_RHOSTS_SHOSTS &&
|
||||
strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) {
|
||||
auth_debug_add("Server has been configured to "
|
||||
"ignore %.100s.", rhosts_files[rhosts_file_index]);
|
||||
continue;
|
||||
|
|
107
auth-skey.c
107
auth-skey.c
|
@ -1,107 +0,0 @@
|
|||
/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef SKEY
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include <skey.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "ssh-gss.h"
|
||||
#include "log.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
static void *
|
||||
skey_init_ctx(Authctxt *authctxt)
|
||||
{
|
||||
return authctxt;
|
||||
}
|
||||
|
||||
int
|
||||
skey_query(void *ctx, char **name, char **infotxt,
|
||||
u_int* numprompts, char ***prompts, u_int **echo_on)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
char challenge[1024];
|
||||
struct skey skey;
|
||||
|
||||
if (_compat_skeychallenge(&skey, authctxt->user, challenge,
|
||||
sizeof(challenge)) == -1)
|
||||
return -1;
|
||||
|
||||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xcalloc(*numprompts, sizeof(char *));
|
||||
*echo_on = xcalloc(*numprompts, sizeof(u_int));
|
||||
|
||||
xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
skey_respond(void *ctx, u_int numresponses, char **responses)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
|
||||
if (authctxt->valid &&
|
||||
numresponses == 1 &&
|
||||
skey_haskey(authctxt->pw->pw_name) == 0 &&
|
||||
skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1)
|
||||
return 0;
|
||||
return -1;
|
||||
}
|
||||
|
||||
static void
|
||||
skey_free_ctx(void *ctx)
|
||||
{
|
||||
/* we don't have a special context */
|
||||
}
|
||||
|
||||
KbdintDevice skey_device = {
|
||||
"skey",
|
||||
skey_init_ctx,
|
||||
skey_query,
|
||||
skey_respond,
|
||||
skey_free_ctx
|
||||
};
|
||||
|
||||
KbdintDevice mm_skey_device = {
|
||||
"skey",
|
||||
skey_init_ctx,
|
||||
mm_skey_query,
|
||||
mm_skey_respond,
|
||||
skey_free_ctx
|
||||
};
|
||||
#endif /* SKEY */
|
251
auth.c
251
auth.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */
|
||||
/* $OpenBSD: auth.c,v 1.151 2020/12/22 00:12:22 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -84,6 +84,7 @@
|
|||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
extern struct include_list includes;
|
||||
extern int use_privsep;
|
||||
extern struct sshbuf *loginmsg;
|
||||
extern struct passwd *privsep_pw;
|
||||
|
@ -481,7 +482,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
|
|||
const struct hostkey_entry *found;
|
||||
|
||||
hostkeys = init_hostkeys();
|
||||
load_hostkeys(hostkeys, host, sysfile);
|
||||
load_hostkeys(hostkeys, host, sysfile, 0);
|
||||
if (userfile != NULL) {
|
||||
user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
|
||||
if (options.strict_modes &&
|
||||
|
@ -495,7 +496,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
|
|||
user_hostfile);
|
||||
} else {
|
||||
temporarily_use_uid(pw);
|
||||
load_hostkeys(hostkeys, host, user_hostfile);
|
||||
load_hostkeys(hostkeys, host, user_hostfile, 0);
|
||||
restore_uid();
|
||||
}
|
||||
free(user_hostfile);
|
||||
|
@ -503,12 +504,12 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
|
|||
host_status = check_key_in_hostkeys(hostkeys, key, &found);
|
||||
if (host_status == HOST_REVOKED)
|
||||
error("WARNING: revoked key for %s attempted authentication",
|
||||
found->host);
|
||||
host);
|
||||
else if (host_status == HOST_OK)
|
||||
debug("%s: key for %s found at %s:%ld", __func__,
|
||||
debug_f("key for %s found at %s:%ld",
|
||||
found->host, found->file, found->line);
|
||||
else
|
||||
debug("%s: key for host %s not found", __func__, host);
|
||||
debug_f("key for host %s not found", host);
|
||||
|
||||
free_hostkeys(hostkeys);
|
||||
|
||||
|
@ -600,6 +601,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
|
|||
#endif
|
||||
struct passwd *pw;
|
||||
struct connection_info *ci;
|
||||
u_int i;
|
||||
|
||||
ci = get_connection_info(ssh, 1, options.use_dns);
|
||||
#ifdef WINDOWS
|
||||
|
@ -611,9 +613,11 @@ getpwnamallow(struct ssh *ssh, const char *user)
|
|||
ci->user = pw? xstrdup(pw->pw_name): user;
|
||||
#else
|
||||
ci->user = user;
|
||||
#endif // WINDOWS
|
||||
parse_server_match_config(&options, ci);
|
||||
parse_server_match_config(&options, &includes, ci);
|
||||
log_change_level(options.log_level);
|
||||
log_verbose_reset();
|
||||
for (i = 0; i < options.num_log_verbose; i++)
|
||||
log_verbose_add(options.log_verbose[i]);
|
||||
process_permitopen(ssh, &options);
|
||||
|
||||
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
|
||||
|
@ -641,7 +645,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
|
|||
if (!allowed_user(ssh, pw))
|
||||
return (NULL);
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
if ((lc = login_getclass(pw->pw_class)) == NULL) {
|
||||
if ((lc = login_getpwclass(pw)) == NULL) {
|
||||
debug("unable to get login class: %s", user);
|
||||
return (NULL);
|
||||
}
|
||||
|
@ -672,7 +676,7 @@ auth_key_is_revoked(struct sshkey *key)
|
|||
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
error("%s: fingerprint key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "fingerprint key");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -685,9 +689,9 @@ auth_key_is_revoked(struct sshkey *key)
|
|||
sshkey_type(key), fp, options.revoked_keys_file);
|
||||
goto out;
|
||||
default:
|
||||
error("Error checking authentication key %s %s in "
|
||||
"revoked keys file %s: %s", sshkey_type(key), fp,
|
||||
options.revoked_keys_file, ssh_err(r));
|
||||
error_r(r, "Error checking authentication key %s %s in "
|
||||
"revoked keys file %s", sshkey_type(key), fp,
|
||||
options.revoked_keys_file);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -713,7 +717,7 @@ auth_debug_add(const char *fmt,...)
|
|||
vsnprintf(buf, sizeof(buf), fmt, args);
|
||||
va_end(args);
|
||||
if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
|
||||
fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_cstring");
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -726,8 +730,7 @@ auth_debug_send(struct ssh *ssh)
|
|||
return;
|
||||
while (sshbuf_len(auth_debug) != 0) {
|
||||
if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0)
|
||||
fatal("%s: sshbuf_get_cstring: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_get_cstring");
|
||||
ssh_packet_send_debug(ssh, "%s", msg);
|
||||
free(msg);
|
||||
}
|
||||
|
@ -739,7 +742,7 @@ auth_debug_reset(void)
|
|||
if (auth_debug != NULL)
|
||||
sshbuf_reset(auth_debug);
|
||||
else if ((auth_debug = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
}
|
||||
|
||||
struct passwd *
|
||||
|
@ -790,7 +793,7 @@ remote_hostname(struct ssh *ssh)
|
|||
if (getpeername(ssh_packet_get_connection_in(ssh),
|
||||
(struct sockaddr *)&from, &fromlen) == -1) {
|
||||
debug("getpeername failed: %.100s", strerror(errno));
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
|
||||
ipv64_normalise_mapped(&from, &fromlen);
|
||||
|
@ -802,7 +805,7 @@ remote_hostname(struct ssh *ssh)
|
|||
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
|
||||
NULL, 0, NI_NAMEREQD) != 0) {
|
||||
/* Host name not found. Use ip address. */
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -817,7 +820,7 @@ remote_hostname(struct ssh *ssh)
|
|||
logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
|
||||
name, ntop);
|
||||
freeaddrinfo(ai);
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
|
||||
/* Names are stored in lowercase. */
|
||||
|
@ -838,7 +841,7 @@ remote_hostname(struct ssh *ssh)
|
|||
if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
|
||||
logit("reverse mapping checking getaddrinfo for %.700s "
|
||||
"[%s] failed.", name, ntop);
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
/* Look for the address from the list of addresses. */
|
||||
for (ai = aitop; ai; ai = ai->ai_next) {
|
||||
|
@ -853,9 +856,9 @@ remote_hostname(struct ssh *ssh)
|
|||
/* Address not found for the host name. */
|
||||
logit("Address %.100s maps to %.600s, but this does not "
|
||||
"map back to the address.", ntop, name);
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
return strdup(name);
|
||||
return xstrdup(name);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -879,195 +882,6 @@ auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Runs command in a subprocess with a minimal environment.
|
||||
* Returns pid on success, 0 on failure.
|
||||
* The child stdout and stderr maybe captured, left attached or sent to
|
||||
* /dev/null depending on the contents of flags.
|
||||
* "tag" is prepended to log messages.
|
||||
* NB. "command" is only used for logging; the actual command executed is
|
||||
* av[0].
|
||||
*/
|
||||
pid_t
|
||||
subprocess(const char *tag, struct passwd *pw, const char *command,
|
||||
int ac, char **av, FILE **child, u_int flags)
|
||||
{
|
||||
FILE *f = NULL;
|
||||
struct stat st;
|
||||
int fd, devnull, p[2], i;
|
||||
pid_t pid;
|
||||
char *cp, errmsg[512];
|
||||
u_int envsize;
|
||||
char **child_env;
|
||||
|
||||
if (child != NULL)
|
||||
*child = NULL;
|
||||
|
||||
debug3("%s: %s command \"%s\" running as %s (flags 0x%x)", __func__,
|
||||
tag, command, pw->pw_name, flags);
|
||||
|
||||
/* Check consistency */
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
|
||||
(flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) {
|
||||
error("%s: inconsistent flags", __func__);
|
||||
return 0;
|
||||
}
|
||||
if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) {
|
||||
error("%s: inconsistent flags/output", __func__);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* If executing an explicit binary, then verify the it exists
|
||||
* and appears safe-ish to execute
|
||||
*/
|
||||
if (!path_absolute(av[0])) {
|
||||
error("%s path is not absolute", tag);
|
||||
return 0;
|
||||
}
|
||||
temporarily_use_uid(pw);
|
||||
if (stat(av[0], &st) == -1) {
|
||||
error("Could not stat %s \"%s\": %s", tag,
|
||||
av[0], strerror(errno));
|
||||
restore_uid();
|
||||
return 0;
|
||||
}
|
||||
#ifdef WINDOWS
|
||||
if (check_secure_file_permission(av[0], pw, 1) != 0) {
|
||||
error("Permissions on %s:\"%s\" are too open", tag, av[0]);
|
||||
restore_uid();
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
if (safe_path(av[0], &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) {
|
||||
error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);
|
||||
restore_uid();
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Prepare to keep the child's stdout if requested */
|
||||
if (pipe(p) == -1) {
|
||||
error("%s: pipe: %s", tag, strerror(errno));
|
||||
restore_uid();
|
||||
return 0;
|
||||
}
|
||||
restore_uid();
|
||||
|
||||
#ifdef FORK_NOT_SUPPORTED
|
||||
{
|
||||
posix_spawn_file_actions_t actions;
|
||||
pid = -1;
|
||||
|
||||
if (posix_spawn_file_actions_init(&actions) != 0 ||
|
||||
posix_spawn_file_actions_adddup2(&actions, p[1], STDOUT_FILENO) != 0)
|
||||
fatal("posix_spawn initialization failed");
|
||||
else {
|
||||
/* If the user's SID is the System SID and sshd is running as system,
|
||||
* launch as a child process.
|
||||
*/
|
||||
if (IsWellKnownSid(get_sid(pw->pw_name), WinLocalSystemSid) && am_system()) {
|
||||
debug("starting subprocess using posix_spawnp");
|
||||
if (posix_spawnp((pid_t*)&pid, av[0], &actions, NULL, av, NULL) != 0)
|
||||
fatal("posix_spawnp: %s", strerror(errno));
|
||||
}
|
||||
else {
|
||||
debug("starting subprocess as user using __posix_spawn_asuser");
|
||||
if (__posix_spawn_asuser((pid_t*)&pid, av[0], &actions, NULL, av, NULL, pw->pw_name) != 0)
|
||||
fatal("posix_spawn_user: %s", strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
posix_spawn_file_actions_destroy(&actions);
|
||||
}
|
||||
#else
|
||||
switch ((pid = fork())) {
|
||||
case -1: /* error */
|
||||
error("%s: fork: %s", tag, strerror(errno));
|
||||
close(p[0]);
|
||||
close(p[1]);
|
||||
return 0;
|
||||
case 0: /* child */
|
||||
/* Prepare a minimal environment for the child. */
|
||||
envsize = 5;
|
||||
child_env = xcalloc(sizeof(*child_env), envsize);
|
||||
child_set_env(&child_env, &envsize, "PATH", _PATH_STDPATH);
|
||||
child_set_env(&child_env, &envsize, "USER", pw->pw_name);
|
||||
child_set_env(&child_env, &envsize, "LOGNAME", pw->pw_name);
|
||||
child_set_env(&child_env, &envsize, "HOME", pw->pw_dir);
|
||||
if ((cp = getenv("LANG")) != NULL)
|
||||
child_set_env(&child_env, &envsize, "LANG", cp);
|
||||
|
||||
for (i = 0; i < NSIG; i++)
|
||||
signal(i, SIG_DFL);
|
||||
|
||||
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
|
||||
error("%s: open %s: %s", tag, _PATH_DEVNULL,
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
if (dup2(devnull, STDIN_FILENO) == -1) {
|
||||
error("%s: dup2: %s", tag, strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
/* Set up stdout as requested; leave stderr in place for now. */
|
||||
fd = -1;
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
|
||||
fd = p[1];
|
||||
else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
|
||||
fd = devnull;
|
||||
if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
|
||||
error("%s: dup2: %s", tag, strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
|
||||
/* Don't use permanently_set_uid() here to avoid fatal() */
|
||||
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
|
||||
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
|
||||
error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
/* stdin is pointed to /dev/null at this point */
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
|
||||
dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
|
||||
error("%s: dup2: %s", tag, strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
execve(av[0], av, child_env);
|
||||
error("%s exec \"%s\": %s", tag, command, strerror(errno));
|
||||
_exit(127);
|
||||
default: /* parent */
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
|
||||
close(p[1]);
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
|
||||
close(p[0]);
|
||||
else if ((f = fdopen(p[0], "r")) == NULL) {
|
||||
error("%s: fdopen: %s", tag, strerror(errno));
|
||||
close(p[0]);
|
||||
/* Don't leave zombie child */
|
||||
kill(pid, SIGTERM);
|
||||
while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
/* Success */
|
||||
debug3("%s: %s pid %ld", __func__, tag, (long)pid);
|
||||
if (child != NULL)
|
||||
*child = f;
|
||||
return pid;
|
||||
}
|
||||
|
||||
/* These functions link key/cert options to the auth framework */
|
||||
|
||||
/* Log sshauthopt options locally and (optionally) for remote transmission */
|
||||
|
@ -1084,16 +898,18 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
|
|||
|
||||
snprintf(buf, sizeof(buf), "%d", opts->force_tun_device);
|
||||
/* Try to keep this alphabetically sorted */
|
||||
snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s",
|
||||
snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
|
||||
opts->permit_agent_forwarding_flag ? " agent-forwarding" : "",
|
||||
opts->force_command == NULL ? "" : " command",
|
||||
do_env ? " environment" : "",
|
||||
opts->valid_before == 0 ? "" : "expires",
|
||||
opts->no_require_user_presence ? " no-touch-required" : "",
|
||||
do_permitopen ? " permitopen" : "",
|
||||
do_permitlisten ? " permitlisten" : "",
|
||||
opts->permit_port_forwarding_flag ? " port-forwarding" : "",
|
||||
opts->cert_principals == NULL ? "" : " principals",
|
||||
opts->permit_pty_flag ? " pty" : "",
|
||||
opts->require_verify ? " uv" : "",
|
||||
opts->force_tun_device == -1 ? "" : " tun=",
|
||||
opts->force_tun_device == -1 ? "" : buf,
|
||||
opts->permit_user_rc ? " user-rc" : "",
|
||||
|
@ -1145,7 +961,7 @@ auth_activate_options(struct ssh *ssh, struct sshauthopt *opts)
|
|||
struct sshauthopt *old = auth_opts;
|
||||
const char *emsg = NULL;
|
||||
|
||||
debug("%s: setting new authentication options", __func__);
|
||||
debug_f("setting new authentication options");
|
||||
if ((auth_opts = sshauthopt_merge(old, opts, &emsg)) == NULL) {
|
||||
error("Inconsistent authentication options: %s", emsg);
|
||||
return -1;
|
||||
|
@ -1159,7 +975,7 @@ auth_restrict_session(struct ssh *ssh)
|
|||
{
|
||||
struct sshauthopt *restricted;
|
||||
|
||||
debug("%s: restricting session", __func__);
|
||||
debug_f("restricting session");
|
||||
|
||||
/* A blank sshauthopt defaults to permitting nothing */
|
||||
restricted = sshauthopt_new();
|
||||
|
@ -1167,7 +983,7 @@ auth_restrict_session(struct ssh *ssh)
|
|||
restricted->restricted = 1;
|
||||
|
||||
if (auth_activate_options(ssh, restricted) != 0)
|
||||
fatal("%s: failed to restrict session", __func__);
|
||||
fatal_f("failed to restrict session");
|
||||
sshauthopt_free(restricted);
|
||||
}
|
||||
|
||||
|
@ -1242,8 +1058,7 @@ auth_authorise_keyopts(struct ssh *ssh, struct passwd *pw,
|
|||
case -1:
|
||||
default:
|
||||
/* invalid */
|
||||
error("%s: Certificate source-address invalid",
|
||||
loc);
|
||||
error("%s: Certificate source-address invalid", loc);
|
||||
/* FALLTHROUGH */
|
||||
case 0:
|
||||
logit("%s: Authentication tried for %.100s with valid "
|
||||
|
|
8
auth.h
8
auth.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth.h,v 1.100 2019/09/06 05:23:55 djm Exp $ */
|
||||
/* $OpenBSD: auth.h,v 1.101 2020/12/22 00:12:22 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -225,12 +225,6 @@ void auth_debug_reset(void);
|
|||
|
||||
struct passwd *fakepw(void);
|
||||
|
||||
#define SSH_SUBPROCESS_STDOUT_DISCARD (1) /* Discard stdout */
|
||||
#define SSH_SUBPROCESS_STDOUT_CAPTURE (1<<1) /* Redirect stdout */
|
||||
#define SSH_SUBPROCESS_STDERR_DISCARD (1<<2) /* Discard stderr */
|
||||
pid_t subprocess(const char *, struct passwd *,
|
||||
const char *, int, char **, FILE **, u_int flags);
|
||||
|
||||
int sys_auth_passwd(struct ssh *, const char *);
|
||||
|
||||
#if defined(KRB5) && !defined(HEIMDAL)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-chall.c,v 1.51 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2-chall.c,v 1.54 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2001 Per Allansson. All rights reserved.
|
||||
|
@ -29,9 +29,9 @@
|
|||
#include <sys/types.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
|
@ -112,15 +112,14 @@ kbdint_alloc(const char *devs)
|
|||
kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
|
||||
if (strcmp(devs, "") == 0) {
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
for (i = 0; devices[i]; i++) {
|
||||
if ((r = sshbuf_putf(b, "%s%s",
|
||||
sshbuf_len(b) ? "," : "", devices[i]->name)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
sshbuf_free(b);
|
||||
} else {
|
||||
kbdintctxt->devices = xstrdup(devs);
|
||||
|
@ -147,8 +146,7 @@ kbdint_free(KbdintAuthctxt *kbdintctxt)
|
|||
if (kbdintctxt->device)
|
||||
kbdint_reset_device(kbdintctxt);
|
||||
free(kbdintctxt->devices);
|
||||
explicit_bzero(kbdintctxt, sizeof(*kbdintctxt));
|
||||
free(kbdintctxt);
|
||||
freezero(kbdintctxt, sizeof(*kbdintctxt));
|
||||
}
|
||||
/* get next device */
|
||||
static int
|
||||
|
@ -269,15 +267,15 @@ send_userauth_info_request(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, instr)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, "")) != 0 || /* language not used */
|
||||
(r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "start packet");
|
||||
for (i = 0; i < kbdintctxt->nreq; i++) {
|
||||
if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, echo_on[i])) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble packet");
|
||||
}
|
||||
if ((r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
for (i = 0; i < kbdintctxt->nreq; i++)
|
||||
free(prompts[i]);
|
||||
|
@ -300,29 +298,29 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
|
|||
char **response = NULL;
|
||||
|
||||
if (authctxt == NULL)
|
||||
fatal("input_userauth_info_response: no authctxt");
|
||||
fatal_f("no authctxt");
|
||||
kbdintctxt = authctxt->kbdintctxt;
|
||||
if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
|
||||
fatal("input_userauth_info_response: no kbdintctxt");
|
||||
fatal_f("no kbdintctxt");
|
||||
if (kbdintctxt->device == NULL)
|
||||
fatal("input_userauth_info_response: no device");
|
||||
fatal_f("no device");
|
||||
|
||||
authctxt->postponed = 0; /* reset */
|
||||
if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if (nresp != kbdintctxt->nreq)
|
||||
fatal("input_userauth_info_response: wrong number of replies");
|
||||
fatal_f("wrong number of replies");
|
||||
if (nresp > 100)
|
||||
fatal("input_userauth_info_response: too many replies");
|
||||
fatal_f("too many replies");
|
||||
if (nresp > 0) {
|
||||
response = xcalloc(nresp, sizeof(char *));
|
||||
for (i = 0; i < nresp; i++)
|
||||
if ((r = sshpkt_get_cstring(ssh, &response[i],
|
||||
NULL)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
for (i = 0; i < nresp; i++) {
|
||||
if ((r = sshpkt_get_cstring(ssh, &response[i], NULL)) != 0)
|
||||
fatal_fr(r, "parse response");
|
||||
}
|
||||
}
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
|
||||
|
||||
|
|
29
auth2-gss.c
29
auth2-gss.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.32 2021/01/27 10:15:08 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -44,6 +44,7 @@
|
|||
#include "misc.h"
|
||||
#include "servconf.h"
|
||||
#include "packet.h"
|
||||
#include "kex.h"
|
||||
#include "ssh-gss.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
|
@ -71,7 +72,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
u_char *doid = NULL;
|
||||
|
||||
if ((r = sshpkt_get_u32(ssh, &mechs)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (mechs == 0) {
|
||||
debug("Mechanism negotiation is not supported");
|
||||
|
@ -85,7 +86,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
|
||||
present = 0;
|
||||
if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse oid");
|
||||
|
||||
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
|
||||
doid[1] == len - 2) {
|
||||
|
@ -104,7 +105,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
}
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
free(doid);
|
||||
return (0);
|
||||
}
|
||||
|
@ -123,7 +124,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 ||
|
||||
(r = sshpkt_put_string(ssh, doid, len)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
free(doid);
|
||||
|
||||
|
@ -152,7 +153,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
|||
gssctxt = authctxt->methoddata;
|
||||
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
recv_tok.value = p;
|
||||
recv_tok.length = len;
|
||||
|
@ -168,7 +169,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
|||
(r = sshpkt_put_string(ssh, send_tok.value,
|
||||
send_tok.length)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send ERRTOK packet");
|
||||
}
|
||||
authctxt->postponed = 0;
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
|
||||
|
@ -180,7 +181,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
|||
(r = sshpkt_put_string(ssh, send_tok.value,
|
||||
send_tok.length)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send TOKEN packet");
|
||||
}
|
||||
if (maj_status == GSS_S_COMPLETE) {
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
|
||||
|
@ -216,7 +217,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
|
|||
gssctxt = authctxt->methoddata;
|
||||
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
recv_tok.value = p;
|
||||
recv_tok.length = len;
|
||||
|
||||
|
@ -258,7 +259,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
|
|||
*/
|
||||
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
|
||||
|
||||
|
@ -293,16 +294,16 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
|
|||
gssctxt = authctxt->methoddata;
|
||||
|
||||
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
mic.value = p;
|
||||
mic.length = len;
|
||||
ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
|
||||
"gssapi-with-mic");
|
||||
"gssapi-with-mic", ssh->kex->session_id);
|
||||
|
||||
if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
|
||||
fatal("%s: sshbuf_mutable_ptr failed", __func__);
|
||||
fatal_f("sshbuf_mutable_ptr failed");
|
||||
gssbuf.length = sshbuf_len(b);
|
||||
|
||||
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-hostbased.c,v 1.41 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2-hostbased.c,v 1.46 2021/01/27 10:05:28 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -35,6 +35,7 @@
|
|||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
#include "packet.h"
|
||||
#include "kex.h"
|
||||
#include "sshbuf.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
|
@ -54,8 +55,6 @@
|
|||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
extern u_char *session_id2;
|
||||
extern u_int session_id2_len;
|
||||
|
||||
static int
|
||||
userauth_hostbased(struct ssh *ssh)
|
||||
|
@ -74,9 +73,9 @@ userauth_hostbased(struct ssh *ssh)
|
|||
(r = sshpkt_get_cstring(ssh, &chost, NULL)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &cuser, NULL)) != 0 ||
|
||||
(r = sshpkt_get_string(ssh, &sig, &slen)) != 0)
|
||||
fatal("%s: packet parsing: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
debug("%s: cuser %s chost %s pkalg %s slen %zu", __func__,
|
||||
debug_f("cuser %s chost %s pkalg %s slen %zu",
|
||||
cuser, chost, pkalg, slen);
|
||||
#ifdef DEBUG_PK
|
||||
debug("signature:");
|
||||
|
@ -85,21 +84,21 @@ userauth_hostbased(struct ssh *ssh)
|
|||
pktype = sshkey_type_from_name(pkalg);
|
||||
if (pktype == KEY_UNSPEC) {
|
||||
/* this is perfectly legal */
|
||||
logit("%s: unsupported public key algorithm: %s",
|
||||
__func__, pkalg);
|
||||
logit_f("unsupported public key algorithm: %s",
|
||||
pkalg);
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
|
||||
error("%s: key_from_blob: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "key_from_blob");
|
||||
goto done;
|
||||
}
|
||||
if (key == NULL) {
|
||||
error("%s: cannot decode key: %s", __func__, pkalg);
|
||||
error_f("cannot decode key: %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if (key->type != pktype) {
|
||||
error("%s: type mismatch for decoded key "
|
||||
"(received %d, expected %d)", __func__, key->type, pktype);
|
||||
error_f("type mismatch for decoded key "
|
||||
"(received %d, expected %d)", key->type, pktype);
|
||||
goto done;
|
||||
}
|
||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
||||
|
@ -108,28 +107,28 @@ userauth_hostbased(struct ssh *ssh)
|
|||
"signature format");
|
||||
goto done;
|
||||
}
|
||||
if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1) {
|
||||
logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
|
||||
__func__, sshkey_type(key));
|
||||
if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
|
||||
logit_f("key type %s not in HostbasedAcceptedAlgorithms",
|
||||
sshkey_type(key));
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_check_cert_sigtype(key,
|
||||
options.ca_sign_algorithms)) != 0) {
|
||||
logit("%s: certificate signature algorithm %s: %s", __func__,
|
||||
logit_fr(r, "certificate signature algorithm %s",
|
||||
(key->cert == NULL || key->cert->signature_type == NULL) ?
|
||||
"(null)" : key->cert->signature_type, ssh_err(r));
|
||||
"(null)" : key->cert->signature_type);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
/* reconstruct packet */
|
||||
if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
|
||||
if ((r = sshbuf_put_stringb(b, ssh->kex->session_id)) != 0 ||
|
||||
(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
|
||||
|
@ -138,7 +137,7 @@ userauth_hostbased(struct ssh *ssh)
|
|||
(r = sshbuf_put_string(b, pkblob, blen)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, chost)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, cuser)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reconstruct packet");
|
||||
#ifdef DEBUG_PK
|
||||
sshbuf_dump(b, stderr);
|
||||
#endif
|
||||
|
@ -151,13 +150,13 @@ userauth_hostbased(struct ssh *ssh)
|
|||
if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser,
|
||||
chost, key)) &&
|
||||
PRIVSEP(sshkey_verify(key, sig, slen,
|
||||
sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0)
|
||||
sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL)) == 0)
|
||||
authenticated = 1;
|
||||
|
||||
auth2_record_key(authctxt, authenticated, key);
|
||||
sshbuf_free(b);
|
||||
done:
|
||||
debug2("%s: authenticated %d", __func__, authenticated);
|
||||
debug2_f("authenticated %d", authenticated);
|
||||
sshkey_free(key);
|
||||
free(pkalg);
|
||||
free(pkblob);
|
||||
|
@ -183,7 +182,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
resolvedname = auth_get_canonical_hostname(ssh, options.use_dns);
|
||||
ipaddr = ssh_remote_ipaddr(ssh);
|
||||
|
||||
debug2("%s: chost %s resolvedname %s ipaddr %s", __func__,
|
||||
debug2_f("chost %s resolvedname %s ipaddr %s",
|
||||
chost, resolvedname, ipaddr);
|
||||
|
||||
if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
|
||||
|
@ -193,9 +192,8 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
|
||||
if (options.hostbased_uses_name_from_packet_only) {
|
||||
if (auth_rhosts2(pw, cuser, chost, chost) == 0) {
|
||||
debug2("%s: auth_rhosts2 refused "
|
||||
"user \"%.100s\" host \"%.100s\" (from packet)",
|
||||
__func__, cuser, chost);
|
||||
debug2_f("auth_rhosts2 refused user \"%.100s\" "
|
||||
"host \"%.100s\" (from packet)", cuser, chost);
|
||||
return 0;
|
||||
}
|
||||
lookup = chost;
|
||||
|
@ -205,17 +203,17 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
"client sends %s, but we resolve %s to %s",
|
||||
chost, ipaddr, resolvedname);
|
||||
if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) {
|
||||
debug2("%s: auth_rhosts2 refused "
|
||||
debug2_f("auth_rhosts2 refused "
|
||||
"user \"%.100s\" host \"%.100s\" addr \"%.100s\"",
|
||||
__func__, cuser, resolvedname, ipaddr);
|
||||
cuser, resolvedname, ipaddr);
|
||||
return 0;
|
||||
}
|
||||
lookup = resolvedname;
|
||||
}
|
||||
debug2("%s: access allowed by auth_rhosts2", __func__);
|
||||
debug2_f("access allowed by auth_rhosts2");
|
||||
|
||||
if (sshkey_is_cert(key) &&
|
||||
sshkey_cert_check_authority(key, 1, 0, lookup, &reason)) {
|
||||
sshkey_cert_check_authority(key, 1, 0, 0, lookup, &reason)) {
|
||||
error("%s", reason);
|
||||
auth_debug_add("%s", reason);
|
||||
return 0;
|
||||
|
@ -237,7 +235,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
if (sshkey_is_cert(key)) {
|
||||
if ((fp = sshkey_fingerprint(key->cert->signature_key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
verbose("Accepted certificate ID \"%s\" signed by "
|
||||
"%s CA %s from %s@%s", key->cert->key_id,
|
||||
sshkey_type(key->cert->signature_key), fp,
|
||||
|
@ -245,7 +243,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
|||
} else {
|
||||
if ((fp = sshkey_fingerprint(key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
verbose("Accepted %s public key %s from %s@%s",
|
||||
sshkey_type(key), fp, cuser, lookup);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-kbdint.c,v 1.10 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2-kbdint.c,v 1.12 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -27,10 +27,9 @@
|
|||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
|
@ -53,7 +52,7 @@ userauth_kbdint(struct ssh *ssh)
|
|||
if ((r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &devs, NULL)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
debug("keyboard-interactive devs %s", devs);
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-none.c,v 1.22 2018/07/09 21:35:50 markus Exp $ */
|
||||
/* $OpenBSD: auth2-none.c,v 1.23 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -65,7 +65,7 @@ userauth_none(struct ssh *ssh)
|
|||
|
||||
none_enabled = 0;
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if (options.permit_empty_passwd && options.password_authentication)
|
||||
return (PRIVSEP(auth_password(ssh, "")));
|
||||
return (0);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-passwd.c,v 1.17 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2-passwd.c,v 1.19 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -60,14 +60,13 @@ userauth_passwd(struct ssh *ssh)
|
|||
(r = sshpkt_get_cstring(ssh, &password, &len)) != 0 ||
|
||||
(change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (change)
|
||||
logit("password change not supported");
|
||||
else if (PRIVSEP(auth_password(ssh, password)) == 1)
|
||||
authenticated = 1;
|
||||
explicit_bzero(password, len);
|
||||
free(password);
|
||||
freezero(password, len);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
|
180
auth2-pubkey.c
180
auth2-pubkey.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-pubkey.c,v 1.94 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.106 2021/01/27 10:05:28 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -47,6 +47,7 @@
|
|||
#include "ssh.h"
|
||||
#include "ssh2.h"
|
||||
#include "packet.h"
|
||||
#include "kex.h"
|
||||
#include "sshbuf.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
|
@ -68,11 +69,10 @@
|
|||
#include "ssherr.h"
|
||||
#include "channels.h" /* XXX for session.h */
|
||||
#include "session.h" /* XXX for child_set_env(); refactor? */
|
||||
#include "sk-api.h"
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
extern u_char *session_id2;
|
||||
extern u_int session_id2_len;
|
||||
|
||||
static char *
|
||||
format_key(const struct sshkey *key)
|
||||
|
@ -96,23 +96,24 @@ userauth_pubkey(struct ssh *ssh)
|
|||
u_char *pkblob = NULL, *sig = NULL, have_sig;
|
||||
size_t blen, slen;
|
||||
int r, pktype;
|
||||
int authenticated = 0;
|
||||
int req_presence = 0, req_verify = 0, authenticated = 0;
|
||||
struct sshauthopt *authopts = NULL;
|
||||
struct sshkey_sig_details *sig_details = NULL;
|
||||
|
||||
if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
|
||||
(r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
|
||||
fatal("%s: parse request failed: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) {
|
||||
char *keystring;
|
||||
struct sshbuf *pkbuf;
|
||||
|
||||
if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL)
|
||||
fatal("%s: sshbuf_from failed", __func__);
|
||||
fatal_f("sshbuf_from failed");
|
||||
if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL)
|
||||
fatal("%s: sshbuf_dtob64 failed", __func__);
|
||||
debug2("%s: %s user %s %s public key %s %s", __func__,
|
||||
fatal_f("sshbuf_dtob64 failed");
|
||||
debug2_f("%s user %s %s public key %s %s",
|
||||
authctxt->valid ? "valid" : "invalid", authctxt->user,
|
||||
have_sig ? "attempting" : "querying", pkalg, keystring);
|
||||
sshbuf_free(pkbuf);
|
||||
|
@ -122,21 +123,20 @@ userauth_pubkey(struct ssh *ssh)
|
|||
pktype = sshkey_type_from_name(pkalg);
|
||||
if (pktype == KEY_UNSPEC) {
|
||||
/* this is perfectly legal */
|
||||
verbose("%s: unsupported public key algorithm: %s",
|
||||
__func__, pkalg);
|
||||
verbose_f("unsupported public key algorithm: %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
|
||||
error("%s: could not parse key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse key");
|
||||
goto done;
|
||||
}
|
||||
if (key == NULL) {
|
||||
error("%s: cannot decode key: %s", __func__, pkalg);
|
||||
error_f("cannot decode key: %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if (key->type != pktype) {
|
||||
error("%s: type mismatch for decoded key "
|
||||
"(received %d, expected %d)", __func__, key->type, pktype);
|
||||
error_f("type mismatch for decoded key "
|
||||
"(received %d, expected %d)", key->type, pktype);
|
||||
goto done;
|
||||
}
|
||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
||||
|
@ -149,16 +149,16 @@ userauth_pubkey(struct ssh *ssh)
|
|||
logit("refusing previously-used %s key", sshkey_type(key));
|
||||
goto done;
|
||||
}
|
||||
if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) {
|
||||
logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
|
||||
__func__, sshkey_ssh_name(key));
|
||||
if (match_pattern_list(pkalg, options.pubkey_accepted_algos, 0) != 1) {
|
||||
logit_f("key type %s not in PubkeyAcceptedAlgorithms",
|
||||
sshkey_ssh_name(key));
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_check_cert_sigtype(key,
|
||||
options.ca_sign_algorithms)) != 0) {
|
||||
logit("%s: certificate signature algorithm %s: %s", __func__,
|
||||
logit_fr(r, "certificate signature algorithm %s",
|
||||
(key->cert == NULL || key->cert->signature_type == NULL) ?
|
||||
"(null)" : key->cert->signature_type, ssh_err(r));
|
||||
"(null)" : key->cert->signature_type);
|
||||
goto done;
|
||||
}
|
||||
key_s = format_key(key);
|
||||
|
@ -166,30 +166,24 @@ userauth_pubkey(struct ssh *ssh)
|
|||
ca_s = format_key(key->cert->signature_key);
|
||||
|
||||
if (have_sig) {
|
||||
debug3("%s: have %s signature for %s%s%s",
|
||||
__func__, pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ",
|
||||
ca_s == NULL ? "" : ca_s);
|
||||
debug3_f("have %s signature for %s%s%s", pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
|
||||
if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse signature packet");
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (ssh->compat & SSH_OLD_SESSIONID) {
|
||||
if ((r = sshbuf_put(b, session_id2,
|
||||
session_id2_len)) != 0)
|
||||
fatal("%s: sshbuf_put session id: %s",
|
||||
__func__, ssh_err(r));
|
||||
if ((r = sshbuf_putb(b, ssh->kex->session_id)) != 0)
|
||||
fatal_fr(r, "put old session id");
|
||||
} else {
|
||||
if ((r = sshbuf_put_string(b, session_id2,
|
||||
session_id2_len)) != 0)
|
||||
fatal("%s: sshbuf_put_string session id: %s",
|
||||
__func__, ssh_err(r));
|
||||
if ((r = sshbuf_put_stringb(b,
|
||||
ssh->kex->session_id)) != 0)
|
||||
fatal_fr(r, "put session id");
|
||||
}
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user",
|
||||
__func__);
|
||||
goto done;
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2_f("disabled because of invalid user");
|
||||
goto done;
|
||||
}
|
||||
/* reconstruct packet */
|
||||
xasprintf(&userstyle, "%s%s%s", authctxt->user,
|
||||
|
@ -202,8 +196,7 @@ userauth_pubkey(struct ssh *ssh)
|
|||
(r = sshbuf_put_u8(b, have_sig)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, pkalg)) != 0 ||
|
||||
(r = sshbuf_put_string(b, pkblob, blen)) != 0)
|
||||
fatal("%s: build packet failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "reconstruct packet");
|
||||
#ifdef DEBUG_PK
|
||||
sshbuf_dump(b, stderr);
|
||||
#endif
|
||||
|
@ -213,22 +206,54 @@ userauth_pubkey(struct ssh *ssh)
|
|||
PRIVSEP(sshkey_verify(key, sig, slen,
|
||||
sshbuf_ptr(b), sshbuf_len(b),
|
||||
(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
|
||||
ssh->compat)) == 0) {
|
||||
ssh->compat, &sig_details)) == 0) {
|
||||
authenticated = 1;
|
||||
}
|
||||
if (authenticated == 1 && sig_details != NULL) {
|
||||
auth2_record_info(authctxt, "signature count = %u",
|
||||
sig_details->sk_counter);
|
||||
debug_f("sk_counter = %u, sk_flags = 0x%02x",
|
||||
sig_details->sk_counter, sig_details->sk_flags);
|
||||
req_presence = (options.pubkey_auth_options &
|
||||
PUBKEYAUTH_TOUCH_REQUIRED) ||
|
||||
!authopts->no_require_user_presence;
|
||||
if (req_presence && (sig_details->sk_flags &
|
||||
SSH_SK_USER_PRESENCE_REQD) == 0) {
|
||||
error("public key %s signature for %s%s from "
|
||||
"%.128s port %d rejected: user presence "
|
||||
"(authenticator touch) requirement "
|
||||
"not met ", key_s,
|
||||
authctxt->valid ? "" : "invalid user ",
|
||||
authctxt->user, ssh_remote_ipaddr(ssh),
|
||||
ssh_remote_port(ssh));
|
||||
authenticated = 0;
|
||||
goto done;
|
||||
}
|
||||
req_verify = (options.pubkey_auth_options &
|
||||
PUBKEYAUTH_VERIFY_REQUIRED) ||
|
||||
authopts->require_verify;
|
||||
if (req_verify && (sig_details->sk_flags &
|
||||
SSH_SK_USER_VERIFICATION_REQD) == 0) {
|
||||
error("public key %s signature for %s%s from "
|
||||
"%.128s port %d rejected: user "
|
||||
"verification requirement not met ", key_s,
|
||||
authctxt->valid ? "" : "invalid user ",
|
||||
authctxt->user, ssh_remote_ipaddr(ssh),
|
||||
ssh_remote_port(ssh));
|
||||
authenticated = 0;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
auth2_record_key(authctxt, authenticated, key);
|
||||
} else {
|
||||
debug("%s: test pkalg %s pkblob %s%s%s",
|
||||
__func__, pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ",
|
||||
ca_s == NULL ? "" : ca_s);
|
||||
debug_f("test pkalg %s pkblob %s%s%s", pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
|
||||
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user",
|
||||
__func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
goto done;
|
||||
}
|
||||
/* XXX fake reply and always send PK_OK ? */
|
||||
|
@ -246,16 +271,16 @@ userauth_pubkey(struct ssh *ssh)
|
|||
(r = sshpkt_put_string(ssh, pkblob, blen)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
authctxt->postponed = 1;
|
||||
}
|
||||
}
|
||||
done:
|
||||
if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) {
|
||||
debug("%s: key options inconsistent with existing", __func__);
|
||||
debug_f("key options inconsistent with existing");
|
||||
authenticated = 0;
|
||||
}
|
||||
debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
|
||||
debug2_f("authenticated %d pkalg %s", authenticated, pkalg);
|
||||
|
||||
sshbuf_free(b);
|
||||
sshauthopt_free(authopts);
|
||||
|
@ -266,6 +291,7 @@ done:
|
|||
free(key_s);
|
||||
free(ca_s);
|
||||
free(sig);
|
||||
sshkey_sig_details_free(sig_details);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
@ -442,7 +468,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
* NB. all returns later this function should go via "out" to
|
||||
* ensure the original SIGCHLD handler is restored properly.
|
||||
*/
|
||||
osigchld = signal(SIGCHLD, SIG_DFL);
|
||||
osigchld = ssh_signal(SIGCHLD, SIG_DFL);
|
||||
|
||||
/* Prepare and verify the user for the command */
|
||||
username = percent_expand(options.authorized_principals_command_user,
|
||||
|
@ -467,20 +493,20 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
}
|
||||
if ((ca_fp = sshkey_fingerprint(cert->signature_key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
if ((key_fp = sshkey_fingerprint(key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) {
|
||||
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_base64 failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_base64(key, &keytext)) != 0) {
|
||||
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_base64 failed");
|
||||
goto out;
|
||||
}
|
||||
snprintf(serial_s, sizeof(serial_s), "%llu",
|
||||
|
@ -502,16 +528,17 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
"s", serial_s,
|
||||
(char *)NULL);
|
||||
if (tmp == NULL)
|
||||
fatal("%s: percent_expand failed", __func__);
|
||||
fatal_f("percent_expand failed");
|
||||
free(av[i]);
|
||||
av[i] = tmp;
|
||||
}
|
||||
/* Prepare a printable command for logs, etc. */
|
||||
command = argv_assemble(ac, av);
|
||||
|
||||
if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,
|
||||
if ((pid = subprocess("AuthorizedPrincipalsCommand", command,
|
||||
ac, av, &f,
|
||||
SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
|
||||
SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
|
||||
runas_pw, temporarily_use_uid, restore_uid)) == 0)
|
||||
goto out;
|
||||
|
||||
uid_swapped = 1;
|
||||
|
@ -530,7 +557,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
out:
|
||||
if (f != NULL)
|
||||
fclose(f);
|
||||
signal(SIGCHLD, osigchld);
|
||||
ssh_signal(SIGCHLD, osigchld);
|
||||
for (i = 0; i < ac; i++)
|
||||
free(av[i]);
|
||||
free(av);
|
||||
|
@ -565,7 +592,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
*authoptsp = NULL;
|
||||
|
||||
if ((found = sshkey_new(want_keytype)) == NULL) {
|
||||
debug3("%s: keytype %d failed", __func__, want_keytype);
|
||||
debug3_f("keytype %d failed", want_keytype);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -607,7 +634,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
/* We have a candidate key, perform authorisation checks */
|
||||
if ((fp = sshkey_fingerprint(found,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: fingerprint failed", __func__);
|
||||
fatal_f("fingerprint failed");
|
||||
|
||||
debug("%s: matching %s found: %s %s", loc,
|
||||
sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp);
|
||||
|
@ -652,7 +679,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
reason = "Certificate does not contain an authorized principal";
|
||||
goto fail_reason;
|
||||
}
|
||||
if (sshkey_cert_check_authority(key, 0, 0,
|
||||
if (sshkey_cert_check_authority(key, 0, 0, 0,
|
||||
keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0)
|
||||
goto fail_reason;
|
||||
|
||||
|
@ -664,7 +691,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
|
||||
success:
|
||||
if (finalopts == NULL)
|
||||
fatal("%s: internal error: missing options", __func__);
|
||||
fatal_f("internal error: missing options");
|
||||
if (authoptsp != NULL) {
|
||||
*authoptsp = finalopts;
|
||||
finalopts = NULL;
|
||||
|
@ -743,9 +770,9 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
|
||||
if ((r = sshkey_in_file(key->cert->signature_key,
|
||||
options.trusted_user_ca_keys, 1, 0)) != 0) {
|
||||
debug2("%s: CA %s %s is not listed in %s: %s", __func__,
|
||||
debug2_fr(r, "CA %s %s is not listed in %s",
|
||||
sshkey_type(key->cert->signature_key), ca_fp,
|
||||
options.trusted_user_ca_keys, ssh_err(r));
|
||||
options.trusted_user_ca_keys);
|
||||
goto out;
|
||||
}
|
||||
/*
|
||||
|
@ -770,8 +797,8 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
goto fail_reason;
|
||||
}
|
||||
if (use_authorized_principals && principals_opts == NULL)
|
||||
fatal("%s: internal error: missing principals_opts", __func__);
|
||||
if (sshkey_cert_check_authority(key, 0, 1,
|
||||
fatal_f("internal error: missing principals_opts");
|
||||
if (sshkey_cert_check_authority(key, 0, 1, 0,
|
||||
use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
|
||||
goto fail_reason;
|
||||
|
||||
|
@ -880,7 +907,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
* NB. all returns later this function should go via "out" to
|
||||
* ensure the original SIGCHLD handler is restored properly.
|
||||
*/
|
||||
osigchld = signal(SIGCHLD, SIG_DFL);
|
||||
osigchld = ssh_signal(SIGCHLD, SIG_DFL);
|
||||
|
||||
/* Prepare and verify the user for the command */
|
||||
username = percent_expand(options.authorized_keys_command_user,
|
||||
|
@ -895,23 +922,23 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
/* Prepare AuthorizedKeysCommand */
|
||||
if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_base64(key, &keytext)) != 0) {
|
||||
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_base64 failed");
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Turn the command into an argument vector */
|
||||
if (argv_split(options.authorized_keys_command, &ac, &av) != 0) {
|
||||
error("AuthorizedKeysCommand \"%s\" contains invalid quotes",
|
||||
command);
|
||||
options.authorized_keys_command);
|
||||
goto out;
|
||||
}
|
||||
if (ac == 0) {
|
||||
error("AuthorizedKeysCommand \"%s\" yielded no arguments",
|
||||
command);
|
||||
options.authorized_keys_command);
|
||||
goto out;
|
||||
}
|
||||
snprintf(uidstr, sizeof(uidstr), "%llu",
|
||||
|
@ -926,7 +953,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
"k", keytext,
|
||||
(char *)NULL);
|
||||
if (tmp == NULL)
|
||||
fatal("%s: percent_expand failed", __func__);
|
||||
fatal_f("percent_expand failed");
|
||||
free(av[i]);
|
||||
av[i] = tmp;
|
||||
}
|
||||
|
@ -947,9 +974,10 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
xasprintf(&command, "%s %s", av[0], av[1]);
|
||||
}
|
||||
|
||||
if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command,
|
||||
if ((pid = subprocess("AuthorizedKeysCommand", command,
|
||||
ac, av, &f,
|
||||
SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
|
||||
SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
|
||||
runas_pw, temporarily_use_uid, restore_uid)) == 0)
|
||||
goto out;
|
||||
|
||||
uid_swapped = 1;
|
||||
|
@ -969,7 +997,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
out:
|
||||
if (f != NULL)
|
||||
fclose(f);
|
||||
signal(SIGCHLD, osigchld);
|
||||
ssh_signal(SIGCHLD, osigchld);
|
||||
for (i = 0; i < ac; i++)
|
||||
free(av[i]);
|
||||
free(av);
|
||||
|
|
84
auth2.c
84
auth2.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2.c,v 1.157 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2.c,v 1.160 2021/01/27 10:05:28 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -61,8 +61,6 @@
|
|||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
extern u_char *session_id2;
|
||||
extern u_int session_id2_len;
|
||||
extern struct sshbuf *loginmsg;
|
||||
|
||||
/* methods */
|
||||
|
@ -145,7 +143,7 @@ userauth_send_banner(struct ssh *ssh, const char *msg)
|
|||
(r = sshpkt_put_cstring(ssh, msg)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, "")) != 0 || /* language, unused */
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
debug("%s: sent", __func__);
|
||||
}
|
||||
|
||||
|
@ -217,7 +215,7 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
r = 0;
|
||||
out:
|
||||
free(service);
|
||||
return 0;
|
||||
return r;
|
||||
}
|
||||
|
||||
#define MIN_FAIL_DELAY_SECONDS 0.005
|
||||
|
@ -232,11 +230,11 @@ user_specific_delay(const char *user)
|
|||
(void)snprintf(b, sizeof b, "%llu%s",
|
||||
(unsigned long long)options.timing_secret, user);
|
||||
if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
|
||||
fatal("%s: ssh_digest_memory", __func__);
|
||||
fatal_f("ssh_digest_memory");
|
||||
/* 0-4.2 ms of delay */
|
||||
delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
|
||||
freezero(hash, len);
|
||||
debug3("%s: user specific delay %0.3lfms", __func__, delay/1000);
|
||||
debug3_f("user specific delay %0.3lfms", delay/1000);
|
||||
return MIN_FAIL_DELAY_SECONDS + delay;
|
||||
}
|
||||
|
||||
|
@ -252,8 +250,8 @@ ensure_minimum_time_since(double start, double seconds)
|
|||
|
||||
ts.tv_sec = remain;
|
||||
ts.tv_nsec = (remain - ts.tv_sec) * 1000000000;
|
||||
debug3("%s: elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)",
|
||||
__func__, elapsed*1000, remain*1000, req*1000);
|
||||
debug3_f("elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)",
|
||||
elapsed*1000, remain*1000, req*1000);
|
||||
nanosleep(&ts, NULL);
|
||||
}
|
||||
|
||||
|
@ -286,8 +284,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
authctxt->user = xstrdup(user);
|
||||
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
|
||||
authctxt->valid = 1;
|
||||
debug2("%s: setting up authctxt for %s",
|
||||
__func__, user);
|
||||
debug2_f("setting up authctxt for %s", user);
|
||||
} else {
|
||||
/* Invalid user, fake password information */
|
||||
authctxt->pw = fakepw();
|
||||
|
@ -390,20 +387,20 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
|
||||
#ifdef USE_PAM
|
||||
if (options.use_pam && authenticated) {
|
||||
int r;
|
||||
int r, success = PRIVSEP(do_pam_account());
|
||||
|
||||
if (!PRIVSEP(do_pam_account())) {
|
||||
/* if PAM returned a message, send it to the user */
|
||||
if (sshbuf_len(loginmsg) > 0) {
|
||||
if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
userauth_send_banner(ssh, sshbuf_ptr(loginmsg));
|
||||
if ((r = ssh_packet_write_wait(ssh)) != 0) {
|
||||
sshpkt_fatal(ssh, r,
|
||||
"%s: send PAM banner", __func__);
|
||||
}
|
||||
/* If PAM returned a message, send it to the user. */
|
||||
if (sshbuf_len(loginmsg) > 0) {
|
||||
if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
userauth_send_banner(ssh, sshbuf_ptr(loginmsg));
|
||||
if ((r = ssh_packet_write_wait(ssh)) != 0) {
|
||||
sshpkt_fatal(ssh, r,
|
||||
"%s: send PAM banner", __func__);
|
||||
}
|
||||
}
|
||||
if (!success) {
|
||||
fatal("Access denied for user %s by PAM account "
|
||||
"configuration", authctxt->user);
|
||||
}
|
||||
|
@ -417,7 +414,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send success packet");
|
||||
/* now we can break out */
|
||||
authctxt->success = 1;
|
||||
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
|
||||
|
@ -433,14 +430,14 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
auth_maxtries_exceeded(ssh);
|
||||
}
|
||||
methods = authmethods_get(authctxt);
|
||||
debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
|
||||
debug3_f("failure partial=%d next methods=\"%s\"",
|
||||
partial, methods);
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, methods)) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, partial)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send failure packet");
|
||||
free(methods);
|
||||
}
|
||||
}
|
||||
|
@ -478,7 +475,7 @@ authmethods_get(Authctxt *authctxt)
|
|||
int i, r;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
for (i = 0; authmethods[i] != NULL; i++) {
|
||||
if (strcmp(authmethods[i]->name, "none") == 0)
|
||||
continue;
|
||||
|
@ -490,10 +487,10 @@ authmethods_get(Authctxt *authctxt)
|
|||
continue;
|
||||
if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
|
||||
authmethods[i]->name)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
if ((list = sshbuf_dup_string(b)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
sshbuf_free(b);
|
||||
return list;
|
||||
}
|
||||
|
@ -585,7 +582,7 @@ auth2_setup_methods_lists(Authctxt *authctxt)
|
|||
|
||||
if (options.num_auth_methods == 0)
|
||||
return 0;
|
||||
debug3("%s: checking methods", __func__);
|
||||
debug3_f("checking methods");
|
||||
authctxt->auth_methods = xcalloc(options.num_auth_methods,
|
||||
sizeof(*authctxt->auth_methods));
|
||||
authctxt->num_auth_methods = 0;
|
||||
|
@ -673,7 +670,7 @@ auth2_update_methods_lists(Authctxt *authctxt, const char *method,
|
|||
{
|
||||
u_int i, found = 0;
|
||||
|
||||
debug3("%s: updating methods list after \"%s\"", __func__, method);
|
||||
debug3_f("updating methods list after \"%s\"", method);
|
||||
for (i = 0; i < authctxt->num_auth_methods; i++) {
|
||||
if (!remove_method(&(authctxt->auth_methods[i]), method,
|
||||
submethod))
|
||||
|
@ -688,7 +685,7 @@ auth2_update_methods_lists(Authctxt *authctxt, const char *method,
|
|||
}
|
||||
/* This should not happen, but would be bad if it did */
|
||||
if (!found)
|
||||
fatal("%s: method not in AuthenticationMethods", __func__);
|
||||
fatal_f("method not in AuthenticationMethods");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -716,7 +713,7 @@ auth2_record_info(Authctxt *authctxt, const char *fmt, ...)
|
|||
va_end(ap);
|
||||
|
||||
if (i == -1)
|
||||
fatal("%s: vasprintf failed", __func__);
|
||||
fatal_f("vasprintf failed");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -732,7 +729,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
|
|||
int r;
|
||||
|
||||
if ((r = sshkey_from_private(key, &dup)) != 0)
|
||||
fatal("%s: copy key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "copy key");
|
||||
sshkey_free(authctxt->auth_method_key);
|
||||
authctxt->auth_method_key = dup;
|
||||
|
||||
|
@ -741,11 +738,11 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
|
|||
|
||||
/* If authenticated, make sure we don't accept this key again */
|
||||
if ((r = sshkey_from_private(key, &dup)) != 0)
|
||||
fatal("%s: copy key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "copy key");
|
||||
if (authctxt->nprev_keys >= INT_MAX ||
|
||||
(tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys,
|
||||
authctxt->nprev_keys + 1, sizeof(*authctxt->prev_keys))) == NULL)
|
||||
fatal("%s: reallocarray failed", __func__);
|
||||
fatal_f("reallocarray failed");
|
||||
authctxt->prev_keys = tmp;
|
||||
authctxt->prev_keys[authctxt->nprev_keys] = dup;
|
||||
authctxt->nprev_keys++;
|
||||
|
@ -763,7 +760,7 @@ auth2_key_already_used(Authctxt *authctxt, const struct sshkey *key)
|
|||
if (sshkey_equal_public(key, authctxt->prev_keys[i])) {
|
||||
fp = sshkey_fingerprint(authctxt->prev_keys[i],
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT);
|
||||
debug3("%s: key already used: %s %s", __func__,
|
||||
debug3_f("key already used: %s %s",
|
||||
sshkey_type(authctxt->prev_keys[i]),
|
||||
fp == NULL ? "UNKNOWN" : fp);
|
||||
free(fp);
|
||||
|
@ -785,35 +782,34 @@ auth2_update_session_info(Authctxt *authctxt, const char *method,
|
|||
|
||||
if (authctxt->session_info == NULL) {
|
||||
if ((authctxt->session_info = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
}
|
||||
|
||||
/* Append method[/submethod] */
|
||||
if ((r = sshbuf_putf(authctxt->session_info, "%s%s%s",
|
||||
method, submethod == NULL ? "" : "/",
|
||||
submethod == NULL ? "" : submethod)) != 0)
|
||||
fatal("%s: append method: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append method");
|
||||
|
||||
/* Append key if present */
|
||||
if (authctxt->auth_method_key != NULL) {
|
||||
if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
|
||||
(r = sshkey_format_text(authctxt->auth_method_key,
|
||||
authctxt->session_info)) != 0)
|
||||
fatal("%s: append key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append key");
|
||||
}
|
||||
|
||||
if (authctxt->auth_method_info != NULL) {
|
||||
/* Ensure no ambiguity here */
|
||||
if (strchr(authctxt->auth_method_info, '\n') != NULL)
|
||||
fatal("%s: auth_method_info contains \\n", __func__);
|
||||
fatal_f("auth_method_info contains \\n");
|
||||
if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
|
||||
(r = sshbuf_putf(authctxt->session_info, "%s",
|
||||
authctxt->auth_method_info)) != 0) {
|
||||
fatal("%s: append method info: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "append method info");
|
||||
}
|
||||
}
|
||||
if ((r = sshbuf_put_u8(authctxt->session_info, '\n')) != 0)
|
||||
fatal("%s: append: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append");
|
||||
}
|
||||
|
||||
|
|
140
authfd.c
140
authfd.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfd.c,v 1.117 2019/09/03 08:29:15 djm Exp $ */
|
||||
/* $OpenBSD: authfd.c,v 1.127 2021/01/26 00:46:17 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -44,8 +44,8 @@
|
|||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
|
||||
|
@ -62,7 +62,7 @@
|
|||
#include "ssherr.h"
|
||||
|
||||
#define MAX_AGENT_IDENTITIES 2048 /* Max keys in agent reply */
|
||||
#define MAX_AGENT_REPLY_LEN (256 * 1024) /* Max bytes in agent reply */
|
||||
#define MAX_AGENT_REPLY_LEN (256 * 1024) /* Max bytes in agent reply */
|
||||
|
||||
/* macro to check for "agent failure" message */
|
||||
#define agent_failed(x) \
|
||||
|
@ -82,21 +82,16 @@ decode_reply(u_char type)
|
|||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
|
||||
/* Returns the number of the authentication fd, or -1 if there is none. */
|
||||
/*
|
||||
* Opens an authentication socket at the provided path and stores the file
|
||||
* descriptor in fdp. Returns 0 on success and an error on failure.
|
||||
*/
|
||||
int
|
||||
ssh_get_authentication_socket(int *fdp)
|
||||
ssh_get_authentication_socket_path(const char *authsocket, int *fdp)
|
||||
{
|
||||
const char *authsocket;
|
||||
int sock, oerrno;
|
||||
struct sockaddr_un sunaddr;
|
||||
|
||||
if (fdp != NULL)
|
||||
*fdp = -1;
|
||||
|
||||
authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
|
||||
if (authsocket == NULL || *authsocket == '\0')
|
||||
return SSH_ERR_AGENT_NOT_PRESENT;
|
||||
|
||||
memset(&sunaddr, 0, sizeof(sunaddr));
|
||||
sunaddr.sun_family = AF_UNIX;
|
||||
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
|
||||
|
@ -119,6 +114,25 @@ ssh_get_authentication_socket(int *fdp)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Opens the default authentication socket and stores the file descriptor in
|
||||
* fdp. Returns 0 on success and an error on failure.
|
||||
*/
|
||||
int
|
||||
ssh_get_authentication_socket(int *fdp)
|
||||
{
|
||||
const char *authsocket;
|
||||
|
||||
if (fdp != NULL)
|
||||
*fdp = -1;
|
||||
|
||||
authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
|
||||
if (authsocket == NULL || *authsocket == '\0')
|
||||
return SSH_ERR_AGENT_NOT_PRESENT;
|
||||
|
||||
return ssh_get_authentication_socket_path(authsocket, fdp);
|
||||
}
|
||||
|
||||
/* Communicate with agent: send request and read reply */
|
||||
static int
|
||||
ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply)
|
||||
|
@ -163,6 +177,27 @@ ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* Communicate with agent: sent request, read and decode status reply */
|
||||
static int
|
||||
ssh_request_reply_decode(int sock, struct sshbuf *request)
|
||||
{
|
||||
struct sshbuf *reply;
|
||||
int r;
|
||||
u_char type;
|
||||
|
||||
if ((reply = sshbuf_new()) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = ssh_request_reply(sock, request, reply)) != 0 ||
|
||||
(r = sshbuf_get_u8(reply, &type)) != 0 ||
|
||||
(r = decode_reply(type)) != 0)
|
||||
goto out;
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(reply);
|
||||
return r;
|
||||
}
|
||||
|
||||
/*
|
||||
* Closes the agent socket if it should be closed (depends on how it was
|
||||
* obtained). The argument must have been returned by
|
||||
|
@ -186,13 +221,11 @@ ssh_lock_agent(int sock, int lock, const char *password)
|
|||
if ((msg = sshbuf_new()) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = sshbuf_put_u8(msg, type)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, password)) != 0)
|
||||
(r = sshbuf_put_cstring(msg, password)) != 0 ||
|
||||
(r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
|
@ -322,13 +355,13 @@ ssh_free_identitylist(struct ssh_identitylist *idl)
|
|||
* Returns 0 if found, or a negative SSH_ERR_* error code on failure.
|
||||
*/
|
||||
int
|
||||
ssh_agent_has_key(int sock, struct sshkey *key)
|
||||
ssh_agent_has_key(int sock, const struct sshkey *key)
|
||||
{
|
||||
int r, ret = SSH_ERR_KEY_NOT_FOUND;
|
||||
size_t i;
|
||||
struct ssh_identitylist *idlist = NULL;
|
||||
|
||||
if ((r = ssh_fetch_identitylist(sock, &idlist)) < 0) {
|
||||
if ((r = ssh_fetch_identitylist(sock, &idlist)) != 0) {
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -423,7 +456,8 @@ ssh_agent_sign(int sock, const struct sshkey *key,
|
|||
|
||||
|
||||
static int
|
||||
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
|
||||
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign,
|
||||
const char *provider)
|
||||
{
|
||||
int r;
|
||||
|
||||
|
@ -441,6 +475,14 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
|
|||
(r = sshbuf_put_u32(m, maxsign)) != 0)
|
||||
goto out;
|
||||
}
|
||||
if (provider != NULL) {
|
||||
if ((r = sshbuf_put_u8(m,
|
||||
SSH_AGENT_CONSTRAIN_EXTENSION)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m,
|
||||
"sk-provider@openssh.com")) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, provider)) != 0)
|
||||
goto out;
|
||||
}
|
||||
r = 0;
|
||||
out:
|
||||
return r;
|
||||
|
@ -452,10 +494,11 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
|
|||
*/
|
||||
int
|
||||
ssh_add_identity_constrained(int sock, struct sshkey *key,
|
||||
const char *comment, u_int life, u_int confirm, u_int maxsign)
|
||||
const char *comment, u_int life, u_int confirm, u_int maxsign,
|
||||
const char *provider)
|
||||
{
|
||||
struct sshbuf *msg;
|
||||
int r, constrained = (life || confirm || maxsign);
|
||||
int r, constrained = (life || confirm || maxsign || provider);
|
||||
u_char type;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
|
@ -469,9 +512,13 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
|
|||
case KEY_DSA_CERT:
|
||||
case KEY_ECDSA:
|
||||
case KEY_ECDSA_CERT:
|
||||
case KEY_ECDSA_SK:
|
||||
case KEY_ECDSA_SK_CERT:
|
||||
#endif
|
||||
case KEY_ED25519:
|
||||
case KEY_ED25519_CERT:
|
||||
case KEY_ED25519_SK:
|
||||
case KEY_ED25519_SK_CERT:
|
||||
case KEY_XMSS:
|
||||
case KEY_XMSS_CERT:
|
||||
type = constrained ?
|
||||
|
@ -479,7 +526,7 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
|
|||
SSH2_AGENTC_ADD_IDENTITY;
|
||||
if ((r = sshbuf_put_u8(msg, type)) != 0 ||
|
||||
(r = sshkey_private_serialize_maxsign(key, msg, maxsign,
|
||||
NULL)) != 0 ||
|
||||
0)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, comment)) != 0)
|
||||
goto out;
|
||||
break;
|
||||
|
@ -488,13 +535,13 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
|
|||
goto out;
|
||||
}
|
||||
if (constrained &&
|
||||
(r = encode_constraints(msg, life, confirm, maxsign)) != 0)
|
||||
(r = encode_constraints(msg, life, confirm, maxsign,
|
||||
provider)) != 0)
|
||||
goto out;
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
|
@ -505,11 +552,11 @@ ssh_add_identity_constrained(int sock, struct sshkey *key,
|
|||
* This call is intended only for use by ssh-add(1) and like applications.
|
||||
*/
|
||||
int
|
||||
ssh_remove_identity(int sock, struct sshkey *key)
|
||||
ssh_remove_identity(int sock, const struct sshkey *key)
|
||||
{
|
||||
struct sshbuf *msg;
|
||||
int r;
|
||||
u_char type, *blob = NULL;
|
||||
u_char *blob = NULL;
|
||||
size_t blen;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
|
@ -526,16 +573,13 @@ ssh_remove_identity(int sock, struct sshkey *key)
|
|||
r = SSH_ERR_INVALID_ARGUMENT;
|
||||
goto out;
|
||||
}
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
if (blob != NULL) {
|
||||
explicit_bzero(blob, blen);
|
||||
free(blob);
|
||||
}
|
||||
if (blob != NULL)
|
||||
freezero(blob, blen);
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
}
|
||||
|
@ -566,13 +610,12 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
|
|||
(r = sshbuf_put_cstring(msg, pin)) != 0)
|
||||
goto out;
|
||||
if (constrained &&
|
||||
(r = encode_constraints(msg, life, confirm, 0)) != 0)
|
||||
(r = encode_constraints(msg, life, confirm, 0, NULL)) != 0)
|
||||
goto out;
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
|
@ -599,11 +642,10 @@ ssh_remove_all_identities(int sock, int version)
|
|||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = sshbuf_put_u8(msg, type)) != 0)
|
||||
goto out;
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
|
|
11
authfd.h
11
authfd.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfd.h,v 1.46 2019/09/03 08:29:15 djm Exp $ */
|
||||
/* $OpenBSD: authfd.h,v 1.49 2020/06/26 05:03:36 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -24,15 +24,17 @@ struct ssh_identitylist {
|
|||
};
|
||||
|
||||
int ssh_get_authentication_socket(int *fdp);
|
||||
int ssh_get_authentication_socket_path(const char *authsocket, int *fdp);
|
||||
void ssh_close_authentication_socket(int sock);
|
||||
|
||||
int ssh_lock_agent(int sock, int lock, const char *password);
|
||||
int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp);
|
||||
void ssh_free_identitylist(struct ssh_identitylist *idl);
|
||||
int ssh_add_identity_constrained(int sock, struct sshkey *key,
|
||||
const char *comment, u_int life, u_int confirm, u_int maxsign);
|
||||
int ssh_agent_has_key(int sock, struct sshkey *key);
|
||||
int ssh_remove_identity(int sock, struct sshkey *key);
|
||||
const char *comment, u_int life, u_int confirm, u_int maxsign,
|
||||
const char *provider);
|
||||
int ssh_agent_has_key(int sock, const struct sshkey *key);
|
||||
int ssh_remove_identity(int sock, const struct sshkey *key);
|
||||
int ssh_update_card(int sock, int add, const char *reader_id,
|
||||
const char *pin, u_int life, u_int confirm);
|
||||
int ssh_remove_all_identities(int sock, int version);
|
||||
|
@ -77,6 +79,7 @@ int ssh_agent_sign(int sock, const struct sshkey *key,
|
|||
#define SSH_AGENT_CONSTRAIN_LIFETIME 1
|
||||
#define SSH_AGENT_CONSTRAIN_CONFIRM 2
|
||||
#define SSH_AGENT_CONSTRAIN_MAXSIGN 3
|
||||
#define SSH_AGENT_CONSTRAIN_EXTENSION 255
|
||||
|
||||
/* extended failure messages */
|
||||
#define SSH2_AGENT_FAILURE 30
|
||||
|
|
215
authfile.c
215
authfile.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */
|
||||
/* $OpenBSD: authfile.c,v 1.141 2020/06/18 23:33:38 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -56,20 +56,13 @@
|
|||
static int
|
||||
sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
|
||||
{
|
||||
int fd, oerrno;
|
||||
int r;
|
||||
mode_t omask;
|
||||
|
||||
if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),
|
||||
sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
|
||||
oerrno = errno;
|
||||
close(fd);
|
||||
unlink(filename);
|
||||
errno = oerrno;
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
}
|
||||
close(fd);
|
||||
return 0;
|
||||
omask = umask(077);
|
||||
r = sshbuf_write_file(filename, keybuf);
|
||||
umask(omask);
|
||||
return r;
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -93,49 +86,6 @@ sshkey_save_private(struct sshkey *key, const char *filename,
|
|||
return r;
|
||||
}
|
||||
|
||||
/* Load a key from a fd into a buffer */
|
||||
int
|
||||
sshkey_load_file(int fd, struct sshbuf *blob)
|
||||
{
|
||||
u_char buf[1024];
|
||||
size_t len;
|
||||
struct stat st;
|
||||
int r;
|
||||
|
||||
if (fstat(fd, &st) == -1)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
|
||||
st.st_size > MAX_KEY_FILE_SIZE)
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
for (;;) {
|
||||
if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
|
||||
if (errno == EPIPE)
|
||||
break;
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put(blob, buf, len)) != 0)
|
||||
goto out;
|
||||
if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
|
||||
st.st_size != (off_t)sshbuf_len(blob)) {
|
||||
r = SSH_ERR_FILE_CHANGED;
|
||||
goto out;
|
||||
}
|
||||
r = 0;
|
||||
|
||||
out:
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
if (r != 0)
|
||||
sshbuf_reset(blob);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
||||
/* XXX remove error() calls from here? */
|
||||
int
|
||||
sshkey_perm_ok(int fd, const char *filename)
|
||||
|
@ -200,6 +150,14 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
|
|||
return r;
|
||||
}
|
||||
|
||||
int
|
||||
sshkey_load_private(const char *filename, const char *passphrase,
|
||||
struct sshkey **keyp, char **commentp)
|
||||
{
|
||||
return sshkey_load_private_type(KEY_UNSPEC, filename, passphrase,
|
||||
keyp, commentp);
|
||||
}
|
||||
|
||||
int
|
||||
sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
|
||||
struct sshkey **keyp, char **commentp)
|
||||
|
@ -209,11 +167,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
|
|||
|
||||
if (keyp != NULL)
|
||||
*keyp = NULL;
|
||||
if ((buffer = sshbuf_new()) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_load_file(fd, buffer)) != 0 ||
|
||||
if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
|
||||
(r = sshkey_parse_private_fileblob_type(buffer, type,
|
||||
passphrase, keyp, commentp)) != 0)
|
||||
goto out;
|
||||
|
@ -225,56 +179,57 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
|
|||
return r;
|
||||
}
|
||||
|
||||
/* XXX this is almost identical to sshkey_load_private_type() */
|
||||
int
|
||||
sshkey_load_private(const char *filename, const char *passphrase,
|
||||
struct sshkey **keyp, char **commentp)
|
||||
/* Load a pubkey from the unencrypted envelope of a new-format private key */
|
||||
static int
|
||||
sshkey_load_pubkey_from_private(const char *filename, struct sshkey **pubkeyp)
|
||||
{
|
||||
struct sshbuf *buffer = NULL;
|
||||
struct sshkey *pubkey = NULL;
|
||||
int r, fd;
|
||||
|
||||
if (keyp != NULL)
|
||||
*keyp = NULL;
|
||||
if (commentp != NULL)
|
||||
*commentp = NULL;
|
||||
if (pubkeyp != NULL)
|
||||
*pubkeyp = NULL;
|
||||
|
||||
if ((fd = open(filename, O_RDONLY)) == -1)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if (sshkey_perm_ok(fd, filename) != 0) {
|
||||
r = SSH_ERR_KEY_BAD_PERMISSIONS;
|
||||
if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
|
||||
(r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
|
||||
KEY_UNSPEC, &pubkey)) != 0)
|
||||
goto out;
|
||||
if ((r = sshkey_set_filename(pubkey, filename)) != 0)
|
||||
goto out;
|
||||
/* success */
|
||||
if (pubkeyp != NULL) {
|
||||
*pubkeyp = pubkey;
|
||||
pubkey = NULL;
|
||||
}
|
||||
|
||||
if ((buffer = sshbuf_new()) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_load_file(fd, buffer)) != 0 ||
|
||||
(r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
|
||||
commentp)) != 0)
|
||||
goto out;
|
||||
if (keyp && *keyp &&
|
||||
(r = sshkey_set_filename(*keyp, filename)) != 0)
|
||||
goto out;
|
||||
r = 0;
|
||||
out:
|
||||
close(fd);
|
||||
sshbuf_free(buffer);
|
||||
sshkey_free(pubkey);
|
||||
return r;
|
||||
}
|
||||
|
||||
static int
|
||||
sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
|
||||
sshkey_try_load_public(struct sshkey **kp, const char *filename,
|
||||
char **commentp)
|
||||
{
|
||||
FILE *f;
|
||||
char *line = NULL, *cp;
|
||||
size_t linesize = 0;
|
||||
int r;
|
||||
struct sshkey *k = NULL;
|
||||
|
||||
*kp = NULL;
|
||||
if (commentp != NULL)
|
||||
*commentp = NULL;
|
||||
if ((f = fopen(filename, "r")) == NULL)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if ((k = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||
fclose(f);
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
}
|
||||
while (getline(&line, &linesize, f) != -1) {
|
||||
cp = line;
|
||||
switch (*cp) {
|
||||
|
@ -299,12 +254,15 @@ sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
|
|||
if (*commentp == NULL)
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
}
|
||||
/* success */
|
||||
*kp = k;
|
||||
free(line);
|
||||
fclose(f);
|
||||
return r;
|
||||
}
|
||||
}
|
||||
}
|
||||
free(k);
|
||||
free(line);
|
||||
fclose(f);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
|
@ -314,44 +272,35 @@ sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
|
|||
int
|
||||
sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
|
||||
{
|
||||
struct sshkey *pub = NULL;
|
||||
char *file = NULL;
|
||||
int r;
|
||||
char *pubfile = NULL;
|
||||
int r, oerrno;
|
||||
|
||||
if (keyp != NULL)
|
||||
*keyp = NULL;
|
||||
if (commentp != NULL)
|
||||
*commentp = NULL;
|
||||
|
||||
if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
|
||||
if (keyp != NULL) {
|
||||
*keyp = pub;
|
||||
pub = NULL;
|
||||
}
|
||||
r = 0;
|
||||
if ((r = sshkey_try_load_public(keyp, filename, commentp)) == 0)
|
||||
goto out;
|
||||
}
|
||||
sshkey_free(pub);
|
||||
|
||||
/* try .pub suffix */
|
||||
if (asprintf(&file, "%s.pub", filename) == -1)
|
||||
if (asprintf(&pubfile, "%s.pub", filename) == -1)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_try_load_public(pub, file, commentp)) == 0) {
|
||||
if (keyp != NULL) {
|
||||
*keyp = pub;
|
||||
pub = NULL;
|
||||
}
|
||||
r = 0;
|
||||
}
|
||||
|
||||
/* finally, try to extract public key from private key file */
|
||||
if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
|
||||
goto out;
|
||||
|
||||
/* Pretend we couldn't find the key */
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
errno = ENOENT;
|
||||
|
||||
out:
|
||||
free(file);
|
||||
sshkey_free(pub);
|
||||
oerrno = errno;
|
||||
free(pubfile);
|
||||
errno = oerrno;
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -369,18 +318,7 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp)
|
|||
if (asprintf(&file, "%s-cert.pub", filename) == -1)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
|
||||
if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
|
||||
goto out;
|
||||
/* success */
|
||||
if (keyp != NULL) {
|
||||
*keyp = pub;
|
||||
pub = NULL;
|
||||
}
|
||||
r = 0;
|
||||
out:
|
||||
r = sshkey_try_load_public(keyp, file, NULL);
|
||||
free(file);
|
||||
sshkey_free(pub);
|
||||
return r;
|
||||
|
@ -560,3 +498,34 @@ sshkey_advance_past_options(char **cpp)
|
|||
return (*cp == '\0' && quoted) ? -1 : 0;
|
||||
}
|
||||
|
||||
/* Save a public key */
|
||||
int
|
||||
sshkey_save_public(const struct sshkey *key, const char *path,
|
||||
const char *comment)
|
||||
{
|
||||
int fd, oerrno;
|
||||
FILE *f = NULL;
|
||||
int r = SSH_ERR_INTERNAL_ERROR;
|
||||
|
||||
if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if ((f = fdopen(fd, "w")) == NULL) {
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
if ((r = sshkey_write(key, f)) != 0)
|
||||
goto fail;
|
||||
fprintf(f, " %s\n", comment);
|
||||
if (ferror(f) || fclose(f) != 0) {
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
fail:
|
||||
oerrno = errno;
|
||||
if (f != NULL)
|
||||
fclose(f);
|
||||
else
|
||||
close(fd);
|
||||
errno = oerrno;
|
||||
return r;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfile.h,v 1.23 2019/09/03 08:30:47 djm Exp $ */
|
||||
/* $OpenBSD: authfile.h,v 1.25 2020/01/25 23:02:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
||||
|
@ -35,7 +35,6 @@ struct sshkey;
|
|||
|
||||
int sshkey_save_private(struct sshkey *, const char *,
|
||||
const char *, const char *, int, const char *, int);
|
||||
int sshkey_load_file(int, struct sshbuf *);
|
||||
int sshkey_load_cert(const char *, struct sshkey **);
|
||||
int sshkey_load_public(const char *, struct sshkey **, char **);
|
||||
int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
|
||||
|
@ -49,5 +48,7 @@ int sshkey_perm_ok(int, const char *);
|
|||
int sshkey_in_file(struct sshkey *, const char *, int, int);
|
||||
int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file);
|
||||
int sshkey_advance_past_options(char **cpp);
|
||||
int sshkey_save_public(const struct sshkey *key, const char *path,
|
||||
const char *comment);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -268,7 +268,7 @@ then
|
|||
touch space
|
||||
else
|
||||
cat > space << _EOF
|
||||
# extra space required by start/stop links added by installf
|
||||
# extra space required by start/stop links added by installf
|
||||
# in postinstall
|
||||
$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
|
||||
$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
|
||||
|
@ -293,7 +293,7 @@ cat >> preinstall << _EOF
|
|||
#
|
||||
if [ "\${PRE_INS_STOP}" = "yes" ]
|
||||
then
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
svcadm disable $OPENSSH_FMRI
|
||||
else
|
||||
|
@ -326,7 +326,7 @@ cat > postinstall << _EOF
|
|||
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
# Delete the existing service, if it exists, then import the
|
||||
# Delete the existing service, if it exists, then import the
|
||||
# new one.
|
||||
if svcs $OPENSSH_FMRI > /dev/null 2>&1
|
||||
then
|
||||
|
@ -438,7 +438,7 @@ echo "Building preremove file..."
|
|||
cat > preremove << _EOF
|
||||
#! ${SCRIPT_SHELL}
|
||||
#
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
svcadm disable $OPENSSH_FMRI
|
||||
else
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: canohost.c,v 1.74 2019/06/28 13:35:04 deraadt Exp $ */
|
||||
/* $OpenBSD: canohost.c,v 1.75 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -96,7 +96,7 @@ get_socket_address(int sock, int remote, int flags)
|
|||
/* Get the address in ascii. */
|
||||
if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
|
||||
sizeof(ntop), NULL, 0, flags)) != 0) {
|
||||
error("%s: getnameinfo %d failed: %s", __func__,
|
||||
error_f("getnameinfo %d failed: %s",
|
||||
flags, ssh_gai_strerror(r));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -141,7 +141,7 @@ get_local_name(int fd)
|
|||
|
||||
/* Handle the case where we were passed a pipe */
|
||||
if (gethostname(myname, sizeof(myname)) == -1) {
|
||||
verbose("%s: gethostname: %s", __func__, strerror(errno));
|
||||
verbose_f("gethostname: %s", strerror(errno));
|
||||
host = xstrdup("UNKNOWN");
|
||||
} else {
|
||||
host = xstrdup(myname);
|
||||
|
@ -186,7 +186,7 @@ get_sock_port(int sock, int local)
|
|||
/* Return port number. */
|
||||
if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
|
||||
strport, sizeof(strport), NI_NUMERICSERV)) != 0)
|
||||
fatal("%s: getnameinfo NI_NUMERICSERV failed: %s", __func__,
|
||||
fatal_f("getnameinfo NI_NUMERICSERV failed: %s",
|
||||
ssh_gai_strerror(r));
|
||||
return atoi(strport);
|
||||
}
|
||||
|
|
517
channels.c
517
channels.c
File diff suppressed because it is too large
Load Diff
17
channels.h
17
channels.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: channels.h,v 1.132 2018/10/04 00:10:11 djm Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.135 2020/09/20 05:47:25 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -52,11 +52,11 @@
|
|||
#define SSH_CHANNEL_DYNAMIC 13
|
||||
#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */
|
||||
#define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */
|
||||
#define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */
|
||||
#define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux client */
|
||||
#define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */
|
||||
#define SSH_CHANNEL_UNIX_LISTENER 18 /* Listening on a domain socket. */
|
||||
#define SSH_CHANNEL_RUNIX_LISTENER 19 /* Listening to a R-style domain socket. */
|
||||
#define SSH_CHANNEL_MUX_PROXY 20 /* proxy channel for mux-slave */
|
||||
#define SSH_CHANNEL_MUX_PROXY 20 /* proxy channel for mux-client */
|
||||
#define SSH_CHANNEL_RDYNAMIC_OPEN 21 /* reverse SOCKS, parsing request */
|
||||
#define SSH_CHANNEL_RDYNAMIC_FINISH 22 /* reverse SOCKS, finishing connect */
|
||||
#define SSH_CHANNEL_MAX_TYPE 23
|
||||
|
@ -105,8 +105,16 @@ struct channel_connect {
|
|||
/* Callbacks for mux channels back into client-specific code */
|
||||
typedef int mux_callback_fn(struct ssh *, struct Channel *);
|
||||
|
||||
/*
|
||||
* NB. channel IDs on the wire and in c->remote_id are uint32, but local
|
||||
* channel IDs (e.g. c->self) only ever use the int32 subset of this range,
|
||||
* because we use local channel ID -1 for housekeeping. Remote channels have
|
||||
* a dedicated "have_remote_id" flag to indicate their validity.
|
||||
*/
|
||||
|
||||
struct Channel {
|
||||
int type; /* channel type/state */
|
||||
|
||||
int self; /* my own channel identifier */
|
||||
uint32_t remote_id; /* channel identifier for remote peer */
|
||||
int have_remote_id; /* non-zero if remote_id is valid */
|
||||
|
@ -215,6 +223,9 @@ struct Channel {
|
|||
/* Read buffer size */
|
||||
#define CHAN_RBUF (16*1024)
|
||||
|
||||
/* Maximum channel input buffer size */
|
||||
#define CHAN_INPUT_MAX (16*1024*1024)
|
||||
|
||||
/* Hard limit on number of channels */
|
||||
#define CHANNELS_MAX_CHANNELS (16*1024)
|
||||
|
||||
|
|
|
@ -0,0 +1,166 @@
|
|||
/*
|
||||
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: cipher-chachapoly-libcrypto.c,v 1.1 2020/04/03 04:32:21 djm Exp $ */
|
||||
|
||||
#include "includes.h"
|
||||
#ifdef WITH_OPENSSL
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_EVP_CHACHA20) && !defined(HAVE_BROKEN_CHACHA20)
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <stdarg.h> /* needed for log.h */
|
||||
#include <string.h>
|
||||
#include <stdio.h> /* needed for misc.h */
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "sshbuf.h"
|
||||
#include "ssherr.h"
|
||||
#include "cipher-chachapoly.h"
|
||||
|
||||
struct chachapoly_ctx {
|
||||
EVP_CIPHER_CTX *main_evp, *header_evp;
|
||||
};
|
||||
|
||||
struct chachapoly_ctx *
|
||||
chachapoly_new(const u_char *key, u_int keylen)
|
||||
{
|
||||
struct chachapoly_ctx *ctx;
|
||||
|
||||
if (keylen != (32 + 32)) /* 2 x 256 bit keys */
|
||||
return NULL;
|
||||
if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
|
||||
return NULL;
|
||||
if ((ctx->main_evp = EVP_CIPHER_CTX_new()) == NULL ||
|
||||
(ctx->header_evp = EVP_CIPHER_CTX_new()) == NULL)
|
||||
goto fail;
|
||||
if (!EVP_CipherInit(ctx->main_evp, EVP_chacha20(), key, NULL, 1))
|
||||
goto fail;
|
||||
if (!EVP_CipherInit(ctx->header_evp, EVP_chacha20(), key + 32, NULL, 1))
|
||||
goto fail;
|
||||
if (EVP_CIPHER_CTX_iv_length(ctx->header_evp) != 16)
|
||||
goto fail;
|
||||
return ctx;
|
||||
fail:
|
||||
chachapoly_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void
|
||||
chachapoly_free(struct chachapoly_ctx *cpctx)
|
||||
{
|
||||
if (cpctx == NULL)
|
||||
return;
|
||||
EVP_CIPHER_CTX_free(cpctx->main_evp);
|
||||
EVP_CIPHER_CTX_free(cpctx->header_evp);
|
||||
freezero(cpctx, sizeof(*cpctx));
|
||||
}
|
||||
|
||||
/*
|
||||
* chachapoly_crypt() operates as following:
|
||||
* En/decrypt with header key 'aadlen' bytes from 'src', storing result
|
||||
* to 'dest'. The ciphertext here is treated as additional authenticated
|
||||
* data for MAC calculation.
|
||||
* En/decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. Use
|
||||
* POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the authentication
|
||||
* tag. This tag is written on encryption and verified on decryption.
|
||||
*/
|
||||
int
|
||||
chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest,
|
||||
const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt)
|
||||
{
|
||||
u_char seqbuf[16]; /* layout: u64 counter || u64 seqno */
|
||||
int r = SSH_ERR_INTERNAL_ERROR;
|
||||
u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN];
|
||||
|
||||
/*
|
||||
* Run ChaCha20 once to generate the Poly1305 key. The IV is the
|
||||
* packet sequence number.
|
||||
*/
|
||||
memset(seqbuf, 0, sizeof(seqbuf));
|
||||
POKE_U64(seqbuf + 8, seqnr);
|
||||
memset(poly_key, 0, sizeof(poly_key));
|
||||
if (!EVP_CipherInit(ctx->main_evp, NULL, NULL, seqbuf, 1) ||
|
||||
EVP_Cipher(ctx->main_evp, poly_key,
|
||||
poly_key, sizeof(poly_key)) < 0) {
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* If decrypting, check tag before anything else */
|
||||
if (!do_encrypt) {
|
||||
const u_char *tag = src + aadlen + len;
|
||||
|
||||
poly1305_auth(expected_tag, src, aadlen + len, poly_key);
|
||||
if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) {
|
||||
r = SSH_ERR_MAC_INVALID;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
/* Crypt additional data */
|
||||
if (aadlen) {
|
||||
if (!EVP_CipherInit(ctx->header_evp, NULL, NULL, seqbuf, 1) ||
|
||||
EVP_Cipher(ctx->header_evp, dest, src, aadlen) < 0) {
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
/* Set Chacha's block counter to 1 */
|
||||
seqbuf[0] = 1;
|
||||
if (!EVP_CipherInit(ctx->main_evp, NULL, NULL, seqbuf, 1) ||
|
||||
EVP_Cipher(ctx->main_evp, dest + aadlen, src + aadlen, len) < 0) {
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* If encrypting, calculate and append tag */
|
||||
if (do_encrypt) {
|
||||
poly1305_auth(dest + aadlen + len, dest, aadlen + len,
|
||||
poly_key);
|
||||
}
|
||||
r = 0;
|
||||
out:
|
||||
explicit_bzero(expected_tag, sizeof(expected_tag));
|
||||
explicit_bzero(seqbuf, sizeof(seqbuf));
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
return r;
|
||||
}
|
||||
|
||||
/* Decrypt and extract the encrypted packet length */
|
||||
int
|
||||
chachapoly_get_length(struct chachapoly_ctx *ctx,
|
||||
u_int *plenp, u_int seqnr, const u_char *cp, u_int len)
|
||||
{
|
||||
u_char buf[4], seqbuf[16];
|
||||
|
||||
if (len < 4)
|
||||
return SSH_ERR_MESSAGE_INCOMPLETE;
|
||||
memset(seqbuf, 0, sizeof(seqbuf));
|
||||
POKE_U64(seqbuf + 8, seqnr);
|
||||
if (!EVP_CipherInit(ctx->header_evp, NULL, NULL, seqbuf, 0))
|
||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||
if (EVP_Cipher(ctx->header_evp, buf, (u_char *)cp, sizeof(buf)) < 0)
|
||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||
*plenp = PEEK_U32(buf);
|
||||
return 0;
|
||||
}
|
||||
#endif /* defined(HAVE_EVP_CHACHA20) && !defined(HAVE_BROKEN_CHACHA20) */
|
|
@ -14,9 +14,14 @@
|
|||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: cipher-chachapoly.c,v 1.8 2016/08/03 05:41:57 djm Exp $ */
|
||||
/* $OpenBSD: cipher-chachapoly.c,v 1.9 2020/04/03 04:27:03 djm Exp $ */
|
||||
|
||||
#include "includes.h"
|
||||
#ifdef WITH_OPENSSL
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_EVP_CHACHA20) || defined(HAVE_BROKEN_CHACHA20)
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <stdarg.h> /* needed for log.h */
|
||||
|
@ -28,15 +33,28 @@
|
|||
#include "ssherr.h"
|
||||
#include "cipher-chachapoly.h"
|
||||
|
||||
int
|
||||
chachapoly_init(struct chachapoly_ctx *ctx,
|
||||
const u_char *key, u_int keylen)
|
||||
struct chachapoly_ctx {
|
||||
struct chacha_ctx main_ctx, header_ctx;
|
||||
};
|
||||
|
||||
struct chachapoly_ctx *
|
||||
chachapoly_new(const u_char *key, u_int keylen)
|
||||
{
|
||||
struct chachapoly_ctx *ctx;
|
||||
|
||||
if (keylen != (32 + 32)) /* 2 x 256 bit keys */
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
return NULL;
|
||||
if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
|
||||
return NULL;
|
||||
chacha_keysetup(&ctx->main_ctx, key, 256);
|
||||
chacha_keysetup(&ctx->header_ctx, key + 32, 256);
|
||||
return 0;
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void
|
||||
chachapoly_free(struct chachapoly_ctx *cpctx)
|
||||
{
|
||||
freezero(cpctx, sizeof(*cpctx));
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -117,3 +135,5 @@ chachapoly_get_length(struct chachapoly_ctx *ctx,
|
|||
*plenp = PEEK_U32(buf);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* !defined(HAVE_EVP_CHACHA20) || defined(HAVE_BROKEN_CHACHA20) */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: cipher-chachapoly.h,v 1.4 2014/06/24 01:13:21 djm Exp $ */
|
||||
/* $OpenBSD: cipher-chachapoly.h,v 1.5 2020/04/03 04:27:03 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) Damien Miller 2013 <djm@mindrot.org>
|
||||
|
@ -24,13 +24,12 @@
|
|||
|
||||
#define CHACHA_KEYLEN 32 /* Only 256 bit keys used here */
|
||||
|
||||
struct chachapoly_ctx {
|
||||
struct chacha_ctx main_ctx, header_ctx;
|
||||
};
|
||||
struct chachapoly_ctx;
|
||||
|
||||
struct chachapoly_ctx *chachapoly_new(const u_char *key, u_int keylen)
|
||||
__attribute__((__bounded__(__buffer__, 1, 2)));
|
||||
void chachapoly_free(struct chachapoly_ctx *cpctx);
|
||||
|
||||
int chachapoly_init(struct chachapoly_ctx *cpctx,
|
||||
const u_char *key, u_int keylen)
|
||||
__attribute__((__bounded__(__buffer__, 2, 3)));
|
||||
int chachapoly_crypt(struct chachapoly_ctx *cpctx, u_int seqnr,
|
||||
u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen,
|
||||
int do_encrypt);
|
||||
|
|
39
cipher.c
39
cipher.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: cipher.c,v 1.113 2019/09/06 05:23:55 djm Exp $ */
|
||||
/* $OpenBSD: cipher.c,v 1.118 2020/12/21 11:09:32 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -59,7 +59,7 @@ struct sshcipher_ctx {
|
|||
int plaintext;
|
||||
int encrypt;
|
||||
EVP_CIPHER_CTX *evp;
|
||||
struct chachapoly_ctx cp_ctx; /* XXX union with evp? */
|
||||
struct chachapoly_ctx *cp_ctx;
|
||||
struct aesctr_ctx ac_ctx; /* XXX union with evp? */
|
||||
const struct sshcipher *cipher;
|
||||
};
|
||||
|
@ -91,8 +91,6 @@ static const struct sshcipher ciphers[] = {
|
|||
{ "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
|
||||
{ "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
|
||||
{ "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
|
||||
{ "rijndael-cbc@lysator.liu.se",
|
||||
16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
|
||||
{ "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr },
|
||||
{ "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr },
|
||||
{ "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr },
|
||||
|
@ -143,6 +141,17 @@ cipher_alg_list(char sep, int auth_only)
|
|||
return ret;
|
||||
}
|
||||
|
||||
const char *
|
||||
compression_alg_list(int compression)
|
||||
{
|
||||
#ifdef WITH_ZLIB
|
||||
return compression ? "zlib@openssh.com,zlib,none" :
|
||||
"none,zlib@openssh.com,zlib";
|
||||
#else
|
||||
return "none";
|
||||
#endif
|
||||
}
|
||||
|
||||
u_int
|
||||
cipher_blocksize(const struct sshcipher *c)
|
||||
{
|
||||
|
@ -262,7 +271,8 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
|
|||
|
||||
cc->cipher = cipher;
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
|
||||
ret = chachapoly_init(&cc->cp_ctx, key, keylen);
|
||||
cc->cp_ctx = chachapoly_new(key, keylen);
|
||||
ret = cc->cp_ctx != NULL ? 0 : SSH_ERR_INVALID_ARGUMENT;
|
||||
goto out;
|
||||
}
|
||||
if ((cc->cipher->flags & CFLAG_NONE) != 0) {
|
||||
|
@ -317,8 +327,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
|
|||
#ifdef WITH_OPENSSL
|
||||
EVP_CIPHER_CTX_free(cc->evp);
|
||||
#endif /* WITH_OPENSSL */
|
||||
explicit_bzero(cc, sizeof(*cc));
|
||||
free(cc);
|
||||
freezero(cc, sizeof(*cc));
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
|
@ -327,7 +336,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
|
|||
/*
|
||||
* cipher_crypt() operates as following:
|
||||
* Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'.
|
||||
* Theses bytes are treated as additional authenticated data for
|
||||
* These bytes are treated as additional authenticated data for
|
||||
* authenticated encryption modes.
|
||||
* En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'.
|
||||
* Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag.
|
||||
|
@ -339,7 +348,7 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
|
|||
const u_char *src, u_int len, u_int aadlen, u_int authlen)
|
||||
{
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
|
||||
return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src,
|
||||
return chachapoly_crypt(cc->cp_ctx, seqnr, dest, src,
|
||||
len, aadlen, authlen, cc->encrypt);
|
||||
}
|
||||
if ((cc->cipher->flags & CFLAG_NONE) != 0) {
|
||||
|
@ -402,7 +411,7 @@ cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr,
|
|||
const u_char *cp, u_int len)
|
||||
{
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
|
||||
return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr,
|
||||
return chachapoly_get_length(cc->cp_ctx, plenp, seqnr,
|
||||
cp, len);
|
||||
if (len < 4)
|
||||
return SSH_ERR_MESSAGE_INCOMPLETE;
|
||||
|
@ -415,16 +424,16 @@ cipher_free(struct sshcipher_ctx *cc)
|
|||
{
|
||||
if (cc == NULL)
|
||||
return;
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
|
||||
explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
|
||||
else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
|
||||
chachapoly_free(cc->cp_ctx);
|
||||
cc->cp_ctx = NULL;
|
||||
} else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
|
||||
explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
|
||||
#ifdef WITH_OPENSSL
|
||||
EVP_CIPHER_CTX_free(cc->evp);
|
||||
cc->evp = NULL;
|
||||
#endif
|
||||
explicit_bzero(cc, sizeof(*cc));
|
||||
free(cc);
|
||||
freezero(cc, sizeof(*cc));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
3
cipher.h
3
cipher.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: cipher.h,v 1.54 2019/09/06 05:23:55 djm Exp $ */
|
||||
/* $OpenBSD: cipher.h,v 1.55 2020/01/23 10:24:29 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -54,6 +54,7 @@ const struct sshcipher *cipher_by_name(const char *);
|
|||
const char *cipher_warning_message(const struct sshcipher_ctx *);
|
||||
int ciphers_valid(const char *);
|
||||
char *cipher_alg_list(char, int);
|
||||
const char *compression_alg_list(int);
|
||||
int cipher_init(struct sshcipher_ctx **, const struct sshcipher *,
|
||||
const u_char *, u_int, const u_char *, u_int, int);
|
||||
int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *,
|
||||
|
|
734
clientloop.c
734
clientloop.c
File diff suppressed because it is too large
Load Diff
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: clientloop.h,v 1.36 2018/07/09 21:03:30 markus Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.37 2020/04/03 02:40:32 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -46,7 +46,8 @@ int client_x11_get_proto(struct ssh *, const char *, const char *,
|
|||
void client_global_request_reply_fwd(int, u_int32_t, void *);
|
||||
void client_session2_setup(struct ssh *, int, int, int,
|
||||
const char *, struct termios *, int, struct sshbuf *, char **);
|
||||
char *client_request_tun_fwd(struct ssh *, int, int, int);
|
||||
char *client_request_tun_fwd(struct ssh *, int, int, int,
|
||||
channel_open_fn *, void *);
|
||||
void client_stop_mux(void);
|
||||
|
||||
/* Escape filter for protocol 2 sessions */
|
||||
|
|
90
compat.c
90
compat.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */
|
||||
/* $OpenBSD: compat.c,v 1.117 2021/01/27 09:26:54 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -38,11 +38,9 @@
|
|||
#include "match.h"
|
||||
#include "kex.h"
|
||||
|
||||
int datafellows = 0;
|
||||
|
||||
/* datafellows bug compatibility */
|
||||
u_int
|
||||
compat_datafellows(const char *version)
|
||||
/* determine bug flags from SSH protocol banner */
|
||||
void
|
||||
compat_banner(struct ssh *ssh, const char *version)
|
||||
{
|
||||
int i;
|
||||
static struct {
|
||||
|
@ -145,89 +143,63 @@ compat_datafellows(const char *version)
|
|||
};
|
||||
|
||||
/* process table, return first match */
|
||||
ssh->compat = 0;
|
||||
for (i = 0; check[i].pat; i++) {
|
||||
if (match_pattern_list(version, check[i].pat, 0) == 1) {
|
||||
debug("match: %s pat %s compat 0x%08x",
|
||||
debug_f("match: %s pat %s compat 0x%08x",
|
||||
version, check[i].pat, check[i].bugs);
|
||||
datafellows = check[i].bugs; /* XXX for now */
|
||||
return check[i].bugs;
|
||||
ssh->compat = check[i].bugs;
|
||||
return;
|
||||
}
|
||||
}
|
||||
debug("no match: %s", version);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#define SEP ","
|
||||
int
|
||||
proto_spec(const char *spec)
|
||||
{
|
||||
char *s, *p, *q;
|
||||
int ret = SSH_PROTO_UNKNOWN;
|
||||
|
||||
if (spec == NULL)
|
||||
return ret;
|
||||
q = s = strdup(spec);
|
||||
if (s == NULL)
|
||||
return ret;
|
||||
for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
|
||||
switch (atoi(p)) {
|
||||
case 2:
|
||||
ret |= SSH_PROTO_2;
|
||||
break;
|
||||
default:
|
||||
logit("ignoring bad proto spec: '%s'.", p);
|
||||
break;
|
||||
}
|
||||
}
|
||||
free(s);
|
||||
return ret;
|
||||
debug_f("no match: %s", version);
|
||||
}
|
||||
|
||||
char *
|
||||
compat_cipher_proposal(char *cipher_prop)
|
||||
compat_cipher_proposal(struct ssh *ssh, char *cipher_prop)
|
||||
{
|
||||
if (!(datafellows & SSH_BUG_BIGENDIANAES))
|
||||
if (!(ssh->compat & SSH_BUG_BIGENDIANAES))
|
||||
return cipher_prop;
|
||||
debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
|
||||
if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
|
||||
fatal("match_filter_blacklist failed");
|
||||
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
|
||||
debug2_f("original cipher proposal: %s", cipher_prop);
|
||||
if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
|
||||
fatal("match_filter_denylist failed");
|
||||
debug2_f("compat cipher proposal: %s", cipher_prop);
|
||||
if (*cipher_prop == '\0')
|
||||
fatal("No supported ciphers found");
|
||||
return cipher_prop;
|
||||
}
|
||||
|
||||
char *
|
||||
compat_pkalg_proposal(char *pkalg_prop)
|
||||
compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
|
||||
{
|
||||
if (!(datafellows & SSH_BUG_RSASIGMD5))
|
||||
if (!(ssh->compat & SSH_BUG_RSASIGMD5))
|
||||
return pkalg_prop;
|
||||
debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
|
||||
if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)
|
||||
fatal("match_filter_blacklist failed");
|
||||
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
|
||||
debug2_f("original public key proposal: %s", pkalg_prop);
|
||||
if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
|
||||
fatal("match_filter_denylist failed");
|
||||
debug2_f("compat public key proposal: %s", pkalg_prop);
|
||||
if (*pkalg_prop == '\0')
|
||||
fatal("No supported PK algorithms found");
|
||||
return pkalg_prop;
|
||||
}
|
||||
|
||||
char *
|
||||
compat_kex_proposal(char *p)
|
||||
compat_kex_proposal(struct ssh *ssh, char *p)
|
||||
{
|
||||
if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
|
||||
if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
|
||||
return p;
|
||||
debug2("%s: original KEX proposal: %s", __func__, p);
|
||||
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
|
||||
if ((p = match_filter_blacklist(p,
|
||||
debug2_f("original KEX proposal: %s", p);
|
||||
if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
|
||||
if ((p = match_filter_denylist(p,
|
||||
"curve25519-sha256@libssh.org")) == NULL)
|
||||
fatal("match_filter_blacklist failed");
|
||||
if ((datafellows & SSH_OLD_DHGEX) != 0) {
|
||||
if ((p = match_filter_blacklist(p,
|
||||
fatal("match_filter_denylist failed");
|
||||
if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
|
||||
if ((p = match_filter_denylist(p,
|
||||
"diffie-hellman-group-exchange-sha256,"
|
||||
"diffie-hellman-group-exchange-sha1")) == NULL)
|
||||
fatal("match_filter_blacklist failed");
|
||||
fatal("match_filter_denylist failed");
|
||||
}
|
||||
debug2("%s: compat KEX proposal: %s", __func__, p);
|
||||
debug2_f("compat KEX proposal: %s", p);
|
||||
if (*p == '\0')
|
||||
fatal("No supported key exchange algorithms found");
|
||||
return p;
|
||||
|
|
18
compat.h
18
compat.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: compat.h,v 1.54 2018/08/13 02:41:05 djm Exp $ */
|
||||
/* $OpenBSD: compat.h,v 1.56 2021/01/27 09:26:54 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -27,11 +27,6 @@
|
|||
#ifndef COMPAT_H
|
||||
#define COMPAT_H
|
||||
|
||||
#define SSH_PROTO_UNKNOWN 0x00
|
||||
#define SSH_PROTO_1 0x01
|
||||
#define SSH_PROTO_1_PREFERRED 0x02
|
||||
#define SSH_PROTO_2 0x04
|
||||
|
||||
#define SSH_BUG_UTF8TTYMODE 0x00000001
|
||||
#define SSH_BUG_SIGTYPE 0x00000002
|
||||
/* #define unused 0x00000004 */
|
||||
|
@ -63,11 +58,10 @@
|
|||
#define SSH_BUG_HOSTKEYS 0x20000000
|
||||
#define SSH_BUG_DHGEX_LARGE 0x40000000
|
||||
|
||||
u_int compat_datafellows(const char *);
|
||||
int proto_spec(const char *);
|
||||
char *compat_cipher_proposal(char *);
|
||||
char *compat_pkalg_proposal(char *);
|
||||
char *compat_kex_proposal(char *);
|
||||
struct ssh;
|
||||
|
||||
extern int datafellows;
|
||||
void compat_banner(struct ssh *, const char *);
|
||||
char *compat_cipher_proposal(struct ssh *, char *);
|
||||
char *compat_pkalg_proposal(struct ssh *, char *);
|
||||
char *compat_kex_proposal(struct ssh *, char *);
|
||||
#endif
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
463
configure.ac
463
configure.ac
|
@ -14,12 +14,23 @@
|
|||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
|
||||
AC_REVISION($Revision: 1.583 $)
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
AC_CONFIG_SRCDIR([ssh.c])
|
||||
AC_LANG([C])
|
||||
|
||||
AC_CONFIG_HEADER([config.h])
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
AC_PROG_CC([cc gcc])
|
||||
|
||||
# XXX relax this after reimplementing logit() etc.
|
||||
AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
||||
int f(int a, int b, int c) { return a + b + c; }
|
||||
#define F(a, ...) f(a, __VA_ARGS__)
|
||||
]], [[return F(1, 2, -3);]])],
|
||||
[ AC_MSG_RESULT([yes]) ],
|
||||
[ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
|
||||
)
|
||||
|
||||
AC_CANONICAL_HOST
|
||||
AC_C_BIGENDIAN
|
||||
|
||||
|
@ -34,8 +45,6 @@ AC_CHECK_TOOLS([AR], [ar])
|
|||
AC_PATH_PROG([CAT], [cat])
|
||||
AC_PATH_PROG([KILL], [kill])
|
||||
AC_PATH_PROG([SED], [sed])
|
||||
AC_PATH_PROG([ENT], [ent])
|
||||
AC_SUBST([ENT])
|
||||
AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
|
||||
AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
|
||||
AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
|
||||
|
@ -93,6 +102,7 @@ AC_SUBST([LD])
|
|||
AC_C_INLINE
|
||||
|
||||
AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
|
||||
AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
|
||||
AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
|
@ -163,7 +173,9 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
|
|||
OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
|
||||
OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
|
||||
if test "x$use_toolchain_hardening" = "x1"; then
|
||||
OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
|
||||
|
@ -213,20 +225,26 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
|
|||
CFLAGS="$CFLAGS $t -Werror"
|
||||
LDFLAGS="$LDFLAGS $t -Werror"
|
||||
AC_LINK_IFELSE(
|
||||
[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
|
||||
]],
|
||||
[[
|
||||
char x[256];
|
||||
snprintf(x, sizeof(x), "XXX");
|
||||
snprintf(x, sizeof(x), "XXX%d", func(1));
|
||||
]])],
|
||||
[ AC_MSG_RESULT([yes])
|
||||
CFLAGS="$saved_CFLAGS $t"
|
||||
LDFLAGS="$saved_LDFLAGS $t"
|
||||
AC_MSG_CHECKING([if $t works])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
|
||||
]],
|
||||
[[
|
||||
char x[256];
|
||||
snprintf(x, sizeof(x), "XXX");
|
||||
snprintf(x, sizeof(x), "XXX%d", func(1));
|
||||
]])],
|
||||
[ AC_MSG_RESULT([yes])
|
||||
break ],
|
||||
|
@ -279,6 +297,16 @@ typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
|
|||
[compiler does not accept __attribute__ on prototype args]) ]
|
||||
)
|
||||
|
||||
AC_MSG_CHECKING([if compiler supports variable length arrays])
|
||||
AC_COMPILE_IFELSE(
|
||||
[AC_LANG_PROGRAM([[#include <stdlib.h>]],
|
||||
[[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
|
||||
[ AC_MSG_RESULT([yes])
|
||||
AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
|
||||
[compiler supports variable length arrays]) ],
|
||||
[ AC_MSG_RESULT([no]) ]
|
||||
)
|
||||
|
||||
if test "x$no_attrib_nonnull" != "x1" ; then
|
||||
AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
|
||||
fi
|
||||
|
@ -376,6 +404,7 @@ AC_CHECK_HEADERS([ \
|
|||
features.h \
|
||||
fcntl.h \
|
||||
floatingpoint.h \
|
||||
fnmatch.h \
|
||||
getopt.h \
|
||||
glob.h \
|
||||
ia.h \
|
||||
|
@ -405,6 +434,7 @@ AC_CHECK_HEADERS([ \
|
|||
string.h \
|
||||
strings.h \
|
||||
sys/bitypes.h \
|
||||
sys/byteorder.h \
|
||||
sys/bsdtty.h \
|
||||
sys/cdefs.h \
|
||||
sys/dir.h \
|
||||
|
@ -642,7 +672,9 @@ case "$host" in
|
|||
*-*-darwin*)
|
||||
use_pie=auto
|
||||
AC_MSG_CHECKING([if we have working getaddrinfo])
|
||||
AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
|
||||
AC_RUN_IFELSE([AC_LANG_SOURCE([[
|
||||
#include <mach-o/dyld.h>
|
||||
#include <stdlib.h>
|
||||
main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
||||
exit(0);
|
||||
else
|
||||
|
@ -691,8 +723,10 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
|||
;;
|
||||
*-*-haiku*)
|
||||
LIBS="$LIBS -lbsd "
|
||||
CFLAGS="$CFLAGS -D_BSD_SOURCE"
|
||||
AC_CHECK_LIB([network], [socket])
|
||||
AC_DEFINE([HAVE_U_INT64_T])
|
||||
AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
|
||||
MANTYPE=man
|
||||
;;
|
||||
*-*-hpux*)
|
||||
|
@ -900,6 +934,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
|||
;;
|
||||
esac
|
||||
;;
|
||||
riscv64-*)
|
||||
seccomp_audit_arch=AUDIT_ARCH_RISCV64
|
||||
;;
|
||||
esac
|
||||
if test "x$seccomp_audit_arch" != "x" ; then
|
||||
AC_MSG_RESULT(["$seccomp_audit_arch"])
|
||||
|
@ -1192,8 +1229,25 @@ mips-sony-bsd|mips-sony-newsos4)
|
|||
|
||||
*-*-ultrix*)
|
||||
AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
|
||||
AC_DEFINE([NEED_SETPGRP])
|
||||
AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
|
||||
AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
|
||||
AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
|
||||
# DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
|
||||
# don't get a controlling tty.
|
||||
AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
|
||||
# On Ultrix some headers are not protected against multiple includes,
|
||||
# so we create wrappers and put it where the compiler will find it.
|
||||
AC_MSG_WARN([creating compat wrappers for headers])
|
||||
mkdir -p netinet
|
||||
for header in netinet/ip.h netdb.h resolv.h; do
|
||||
name=`echo $header | tr 'a-z/.' 'A-Z__'`
|
||||
cat >$header <<EOD
|
||||
#ifndef _SSH_COMPAT_${name}
|
||||
#define _SSH_COMPAT_${name}
|
||||
#include "/usr/include/${header}"
|
||||
#endif
|
||||
EOD
|
||||
done
|
||||
;;
|
||||
|
||||
*-*-lynxos)
|
||||
|
@ -1204,7 +1258,7 @@ mips-sony-bsd|mips-sony-newsos4)
|
|||
esac
|
||||
|
||||
AC_MSG_CHECKING([compiler and flags for sanity])
|
||||
AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
|
||||
AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
|
||||
[ AC_MSG_RESULT([yes]) ],
|
||||
[
|
||||
AC_MSG_RESULT([no])
|
||||
|
@ -1228,6 +1282,7 @@ AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
|
|||
[AC_LANG_SOURCE([[
|
||||
#include <libgen.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
char *s, buf[32];
|
||||
|
@ -1260,11 +1315,12 @@ AC_CHECK_FUNC([getspnam], ,
|
|||
AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
|
||||
[Define if you have the basename function.])])
|
||||
|
||||
dnl zlib is required
|
||||
dnl zlib defaults to enabled
|
||||
zlib=yes
|
||||
AC_ARG_WITH([zlib],
|
||||
[ --with-zlib=PATH Use zlib in PATH],
|
||||
[ if test "x$withval" = "xno" ; then
|
||||
AC_MSG_ERROR([*** zlib is required ***])
|
||||
zlib=no
|
||||
elif test "x$withval" != "xyes"; then
|
||||
if test -d "$withval/lib"; then
|
||||
if test -n "${rpath_opt}"; then
|
||||
|
@ -1287,8 +1343,14 @@ AC_ARG_WITH([zlib],
|
|||
fi ]
|
||||
)
|
||||
|
||||
AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
|
||||
AC_CHECK_LIB([z], [deflate], ,
|
||||
AC_MSG_CHECKING([for zlib])
|
||||
if test "x${zlib}" = "xno"; then
|
||||
AC_MSG_RESULT([no])
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
|
||||
AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
|
||||
AC_CHECK_LIB([z], [deflate], ,
|
||||
[
|
||||
saved_CPPFLAGS="$CPPFLAGS"
|
||||
saved_LDFLAGS="$LDFLAGS"
|
||||
|
@ -1307,18 +1369,18 @@ AC_CHECK_LIB([z], [deflate], ,
|
|||
]
|
||||
)
|
||||
]
|
||||
)
|
||||
)
|
||||
|
||||
AC_ARG_WITH([zlib-version-check],
|
||||
AC_ARG_WITH([zlib-version-check],
|
||||
[ --without-zlib-version-check Disable zlib version check],
|
||||
[ if test "x$withval" = "xno" ; then
|
||||
zlib_check_nonfatal=1
|
||||
fi
|
||||
]
|
||||
)
|
||||
)
|
||||
|
||||
AC_MSG_CHECKING([for possibly buggy zlib])
|
||||
AC_RUN_IFELSE([AC_LANG_PROGRAM([[
|
||||
AC_MSG_CHECKING([for possibly buggy zlib])
|
||||
AC_RUN_IFELSE([AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <zlib.h>
|
||||
|
@ -1356,7 +1418,8 @@ See http://www.gzip.org/zlib/ for details.])
|
|||
fi
|
||||
],
|
||||
[ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
|
||||
)
|
||||
)
|
||||
fi
|
||||
|
||||
dnl UnixWare 2.x
|
||||
AC_CHECK_FUNC([strcasecmp],
|
||||
|
@ -1383,6 +1446,10 @@ AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
|
|||
AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
|
||||
AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
|
||||
|
||||
# Some Linux distribtions ship the BSD libc hashing functions in
|
||||
# separate libraries.
|
||||
AC_SEARCH_LIBS([SHA256Update], [md bsd])
|
||||
|
||||
# "Particular Function Checks"
|
||||
# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
|
||||
AC_FUNC_STRFTIME
|
||||
|
@ -1471,7 +1538,9 @@ AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
|
|||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <sys/types.h>
|
||||
#include <dirent.h>]],
|
||||
#include <dirent.h>
|
||||
#include <stdlib.h>
|
||||
]],
|
||||
[[
|
||||
struct dirent d;
|
||||
exit(sizeof(d.d_name)<=sizeof(char));
|
||||
|
@ -1506,8 +1575,6 @@ AC_ARG_WITH(ldns,
|
|||
if test "x$withval" = "xyes" ; then
|
||||
AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
|
||||
if test "x$LDNSCONFIG" = "xno"; then
|
||||
CPPFLAGS="$CPPFLAGS -I${withval}/include"
|
||||
LDFLAGS="$LDFLAGS -L${withval}/lib"
|
||||
LIBS="-lldns $LIBS"
|
||||
ldns=yes
|
||||
else
|
||||
|
@ -1531,7 +1598,9 @@ AC_ARG_WITH(ldns,
|
|||
[AC_LANG_SOURCE([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
#ifdef HAVE_STDINT_H
|
||||
# include <stdint.h>
|
||||
#endif
|
||||
#include <ldns/ldns.h>
|
||||
int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
|
||||
]])
|
||||
|
@ -1585,7 +1654,10 @@ AC_ARG_WITH([libedit],
|
|||
)
|
||||
AC_MSG_CHECKING([if libedit version is compatible])
|
||||
AC_COMPILE_IFELSE(
|
||||
[AC_LANG_PROGRAM([[ #include <histedit.h> ]],
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <histedit.h>
|
||||
#include <stdlib.h>
|
||||
]],
|
||||
[[
|
||||
int i = H_SETSIZE;
|
||||
el_init("", NULL, NULL, NULL);
|
||||
|
@ -1698,6 +1770,18 @@ if test "x$use_pie" != "xno"; then
|
|||
fi
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING([whether -fPIC is accepted])
|
||||
SAVED_CFLAGS="$CFLAGS"
|
||||
CFLAGS="$CFLAGS -fPIC"
|
||||
AC_COMPILE_IFELSE(
|
||||
[AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
|
||||
[AC_MSG_RESULT([yes])
|
||||
PICFLAG="-fPIC"; ],
|
||||
[AC_MSG_RESULT([no])
|
||||
PICFLAG=""; ])
|
||||
CFLAGS="$SAVED_CFLAGS"
|
||||
AC_SUBST([PICFLAG])
|
||||
|
||||
dnl Checks for library functions. Please keep in alphabetical order
|
||||
AC_CHECK_FUNCS([ \
|
||||
Blowfish_initstate \
|
||||
|
@ -1725,11 +1809,13 @@ AC_CHECK_FUNCS([ \
|
|||
err \
|
||||
errx \
|
||||
explicit_bzero \
|
||||
explicit_memset \
|
||||
fchmod \
|
||||
fchmodat \
|
||||
fchown \
|
||||
fchownat \
|
||||
flock \
|
||||
fnmatch \
|
||||
freeaddrinfo \
|
||||
freezero \
|
||||
fstatfs \
|
||||
|
@ -1757,7 +1843,9 @@ AC_CHECK_FUNCS([ \
|
|||
inet_ntop \
|
||||
innetgr \
|
||||
llabs \
|
||||
localtime_r \
|
||||
login_getcapbool \
|
||||
login_getpwclass \
|
||||
md5_crypt \
|
||||
memmem \
|
||||
memmove \
|
||||
|
@ -1774,6 +1862,7 @@ AC_CHECK_FUNCS([ \
|
|||
raise \
|
||||
readpassphrase \
|
||||
reallocarray \
|
||||
realpath \
|
||||
recvmsg \
|
||||
recallocarray \
|
||||
rresvport_af \
|
||||
|
@ -1831,7 +1920,7 @@ AC_CHECK_FUNCS([ \
|
|||
warn \
|
||||
])
|
||||
|
||||
AC_CHECK_DECLS([bzero])
|
||||
AC_CHECK_DECLS([bzero, memmem])
|
||||
|
||||
dnl Wide character support.
|
||||
AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
|
||||
|
@ -1871,16 +1960,29 @@ AC_ARG_ENABLE([pkcs11],
|
|||
]
|
||||
)
|
||||
|
||||
# PKCS11 depends on OpenSSL.
|
||||
if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
|
||||
# PKCS#11 support requires dlopen() and co
|
||||
AC_SEARCH_LIBS([dlopen], [dl],
|
||||
AC_CHECK_DECL([RTLD_NOW],
|
||||
AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]),
|
||||
[], [#include <dlfcn.h>]
|
||||
)
|
||||
)
|
||||
fi
|
||||
disable_sk=
|
||||
AC_ARG_ENABLE([security-key],
|
||||
[ --disable-security-key disable U2F/FIDO support code [no]],
|
||||
[
|
||||
if test "x$enableval" = "xno" ; then
|
||||
disable_sk=1
|
||||
fi
|
||||
]
|
||||
)
|
||||
enable_sk_internal=
|
||||
AC_ARG_WITH([security-key-builtin],
|
||||
[ --with-security-key-builtin include builtin U2F/FIDO support],
|
||||
[
|
||||
if test "x$withval" != "xno" ; then
|
||||
enable_sk_internal=yes
|
||||
fi
|
||||
]
|
||||
)
|
||||
test "x$disable_sk" != "x" && enable_sk_internal=""
|
||||
|
||||
AC_SEARCH_LIBS([dlopen], [dl])
|
||||
AC_CHECK_FUNCS([dlopen])
|
||||
AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
|
||||
|
||||
# IRIX has a const char return value for gai_strerror()
|
||||
AC_CHECK_FUNCS([gai_strerror], [
|
||||
|
@ -1904,6 +2006,19 @@ AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
|
|||
AC_SEARCH_LIBS([clock_gettime], [rt],
|
||||
[AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
|
||||
|
||||
dnl check if we need -D_REENTRANT for localtime_r declaration.
|
||||
AC_CHECK_DECL([localtime_r], [],
|
||||
[ saved_CPPFLAGS="$CPPFLAGS"
|
||||
CPPFLAGS="$CPPFLAGS -D_REENTRANT"
|
||||
unset ac_cv_have_decl_localtime_r
|
||||
AC_CHECK_DECL([localtime_r], [],
|
||||
[ CPPFLAGS="$saved_CPPFLAGS" ],
|
||||
[ #include <time.h> ]
|
||||
)
|
||||
],
|
||||
[ #include <time.h> ]
|
||||
)
|
||||
|
||||
dnl Make sure prototypes are defined for these before using them.
|
||||
AC_CHECK_DECL([strsep],
|
||||
[AC_CHECK_FUNCS([strsep])],
|
||||
|
@ -1923,10 +2038,11 @@ AC_CHECK_DECL([tcsendbreak],
|
|||
|
||||
AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
|
||||
|
||||
AC_CHECK_DECLS([SHUT_RD], , ,
|
||||
AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
|
||||
[
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <unistd.h>
|
||||
])
|
||||
|
||||
AC_CHECK_DECLS([O_NONBLOCK], , ,
|
||||
|
@ -2033,7 +2149,11 @@ AC_CHECK_FUNCS([setresgid], [
|
|||
|
||||
AC_MSG_CHECKING([for working fflush(NULL)])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])],
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
]],
|
||||
[[fflush(NULL); exit(0);]])],
|
||||
AC_MSG_RESULT([yes]),
|
||||
[AC_MSG_RESULT([no])
|
||||
AC_DEFINE([FFLUSH_NULL_BUG], [1],
|
||||
|
@ -2069,7 +2189,10 @@ AC_CHECK_FUNC([getpagesize],
|
|||
if test "x$ac_cv_func_snprintf" = "xyes" ; then
|
||||
AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
]],
|
||||
[[
|
||||
char b[5];
|
||||
snprintf(b,5,"123456789");
|
||||
|
@ -2092,6 +2215,8 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then
|
|||
[AC_LANG_PROGRAM([[
|
||||
#include <sys/types.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
]],
|
||||
[[
|
||||
size_t a = 1, b = 2;
|
||||
|
@ -2178,39 +2303,14 @@ if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "x
|
|||
])
|
||||
fi
|
||||
|
||||
dnl see whether mkstemp() requires XXXXXX
|
||||
if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
|
||||
AC_MSG_CHECKING([for (overly) strict mkstemp])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdlib.h>
|
||||
]], [[
|
||||
char template[]="conftest.mkstemp-test";
|
||||
if (mkstemp(template) == -1)
|
||||
exit(1);
|
||||
unlink(template);
|
||||
exit(0);
|
||||
]])],
|
||||
[
|
||||
AC_MSG_RESULT([no])
|
||||
],
|
||||
[
|
||||
AC_MSG_RESULT([yes])
|
||||
AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
|
||||
],
|
||||
[
|
||||
AC_MSG_RESULT([yes])
|
||||
AC_DEFINE([HAVE_STRICT_MKSTEMP])
|
||||
]
|
||||
)
|
||||
fi
|
||||
|
||||
dnl make sure that openpty does not reacquire controlling terminal
|
||||
if test ! -z "$check_for_openpty_ctty_bug"; then
|
||||
AC_MSG_CHECKING([if openpty correctly handles controlling tty])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/fcntl.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
|
@ -2257,6 +2357,7 @@ if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
|
|||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netdb.h>
|
||||
#include <errno.h>
|
||||
|
@ -2325,6 +2426,7 @@ if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
|
|||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netdb.h>
|
||||
#include <errno.h>
|
||||
|
@ -2387,7 +2489,10 @@ fi
|
|||
|
||||
if test "x$check_for_conflicting_getspnam" = "x1"; then
|
||||
AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
||||
#include <shadow.h>
|
||||
#include <stdlib.h>
|
||||
]],
|
||||
[[ exit(0); ]])],
|
||||
[
|
||||
AC_MSG_RESULT([no])
|
||||
|
@ -2417,6 +2522,7 @@ if test "x$ac_cv_func_strnvis" = "xyes"; then
|
|||
#include <signal.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <vis.h>
|
||||
static void sighandler(int sig) { _exit(1); }
|
||||
]], [[
|
||||
|
@ -2435,6 +2541,46 @@ static void sighandler(int sig) { _exit(1); }
|
|||
)
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#ifdef HAVE_SYS_SELECT
|
||||
# include <sys/select.h>
|
||||
#endif
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#include <stdlib.h>
|
||||
#include <signal.h>
|
||||
#include <unistd.h>
|
||||
static void sighandler(int sig) { }
|
||||
]], [[
|
||||
int r;
|
||||
pid_t pid;
|
||||
struct sigaction sa;
|
||||
|
||||
sa.sa_handler = sighandler;
|
||||
sa.sa_flags = SA_RESTART;
|
||||
(void)sigaction(SIGTERM, &sa, NULL);
|
||||
if ((pid = fork()) == 0) { /* child */
|
||||
pid = getppid();
|
||||
sleep(1);
|
||||
kill(pid, SIGTERM);
|
||||
sleep(1);
|
||||
if (getppid() == pid) /* if parent did not exit, shoot it */
|
||||
kill(pid, SIGKILL);
|
||||
exit(0);
|
||||
} else { /* parent */
|
||||
r = select(0, NULL, NULL, NULL, NULL);
|
||||
}
|
||||
exit(r == -1 ? 0 : 1);
|
||||
]])],
|
||||
[AC_MSG_RESULT([yes])],
|
||||
[AC_MSG_RESULT([no])
|
||||
AC_DEFINE([NO_SA_RESTART], [1],
|
||||
[SA_RESTARTed signals do no interrupt select])],
|
||||
[AC_MSG_WARN([cross compiling: assuming yes])]
|
||||
)
|
||||
|
||||
AC_CHECK_FUNCS([getpgrp],[
|
||||
AC_MSG_CHECKING([if getpgrp accepts zero args])
|
||||
AC_COMPILE_IFELSE(
|
||||
|
@ -2562,6 +2708,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/crypto.h>
|
||||
|
@ -2623,6 +2770,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/crypto.h>
|
||||
|
@ -2723,6 +2871,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
EVP_CIPHER_CTX_iv \
|
||||
EVP_CIPHER_CTX_iv_noconst \
|
||||
EVP_CIPHER_CTX_get_iv \
|
||||
EVP_CIPHER_CTX_get_updated_iv \
|
||||
EVP_CIPHER_CTX_set_iv \
|
||||
RSA_get0_crt_params \
|
||||
RSA_get0_factors \
|
||||
|
@ -2740,6 +2889,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
EVP_PKEY_get0_RSA \
|
||||
EVP_MD_CTX_new \
|
||||
EVP_MD_CTX_free \
|
||||
EVP_chacha20 \
|
||||
])
|
||||
|
||||
if test "x$openssl_engine" = "xyes" ; then
|
||||
|
@ -2761,6 +2911,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
|
||||
AC_LINK_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
]], [[
|
||||
|
@ -2780,6 +2931,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
|
||||
AC_LINK_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
]], [[
|
||||
|
@ -2801,6 +2953,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
|
||||
AC_LINK_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
]], [[
|
||||
|
@ -2828,6 +2981,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
|
||||
AC_LINK_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
]], [[
|
||||
|
@ -2860,15 +3014,6 @@ if test "x$openssl" = "xyes" ; then
|
|||
# Check for SHA256, SHA384 and SHA512 support in OpenSSL
|
||||
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
|
||||
|
||||
# Search for RIPE-MD support in OpenSSL
|
||||
AC_CHECK_FUNCS([EVP_ripemd160], ,
|
||||
[unsupported_algorithms="$unsupported_algorithms \
|
||||
hmac-ripemd160 \
|
||||
hmac-ripemd160@openssh.com \
|
||||
hmac-ripemd160-etm@openssh.com"
|
||||
]
|
||||
)
|
||||
|
||||
# Check complete ECC support in OpenSSL
|
||||
AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
|
||||
AC_LINK_IFELSE(
|
||||
|
@ -2923,6 +3068,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdlib.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/ecdh.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
|
@ -2950,6 +3096,9 @@ if test "x$openssl" = "xyes" ; then
|
|||
test x$enable_nistp521 = x1; then
|
||||
AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
|
||||
AC_CHECK_FUNCS([EC_KEY_METHOD_new])
|
||||
openssl_ecc=yes
|
||||
else
|
||||
openssl_ecc=no
|
||||
fi
|
||||
if test x$enable_nistp256 = x1; then
|
||||
AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
|
||||
|
@ -2990,6 +3139,94 @@ else
|
|||
AC_CHECK_FUNCS([crypt])
|
||||
fi
|
||||
|
||||
# PKCS11/U2F depend on OpenSSL and dlopen().
|
||||
enable_pkcs11=yes
|
||||
enable_sk=yes
|
||||
if test "x$openssl" != "xyes" ; then
|
||||
enable_pkcs11="disabled; missing libcrypto"
|
||||
enable_sk="disabled; missing libcrypto"
|
||||
fi
|
||||
if test "x$openssl_ecc" != "xyes" ; then
|
||||
enable_sk="disabled; OpenSSL has no ECC support"
|
||||
fi
|
||||
if test "x$ac_cv_func_dlopen" != "xyes" ; then
|
||||
enable_pkcs11="disabled; missing dlopen(3)"
|
||||
enable_sk="disabled; missing dlopen(3)"
|
||||
fi
|
||||
if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
|
||||
enable_pkcs11="disabled; missing RTLD_NOW"
|
||||
enable_sk="disabled; missing RTLD_NOW"
|
||||
fi
|
||||
if test ! -z "$disable_pkcs11" ; then
|
||||
enable_pkcs11="disabled by user"
|
||||
fi
|
||||
if test ! -z "$disable_sk" ; then
|
||||
enable_sk="disabled by user"
|
||||
fi
|
||||
|
||||
AC_MSG_CHECKING([whether to enable PKCS11])
|
||||
if test "x$enable_pkcs11" = "xyes" ; then
|
||||
AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
|
||||
fi
|
||||
AC_MSG_RESULT([$enable_pkcs11])
|
||||
|
||||
AC_MSG_CHECKING([whether to enable U2F])
|
||||
if test "x$enable_sk" = "xyes" ; then
|
||||
AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
|
||||
AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
|
||||
else
|
||||
# Do not try to build sk-dummy library.
|
||||
AC_SUBST(SK_DUMMY_LIBRARY, [""])
|
||||
fi
|
||||
AC_MSG_RESULT([$enable_sk])
|
||||
|
||||
# Now check for built-in security key support.
|
||||
if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
|
||||
AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
|
||||
use_pkgconfig_for_libfido2=
|
||||
if test "x$PKGCONFIG" != "xno"; then
|
||||
AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
|
||||
if "$PKGCONFIG" libfido2; then
|
||||
AC_MSG_RESULT([yes])
|
||||
use_pkgconfig_for_libfido2=yes
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
fi
|
||||
if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
|
||||
LIBFIDO2=`$PKGCONFIG --libs libfido2`
|
||||
CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
|
||||
else
|
||||
LIBFIDO2="-lfido2 -lcbor"
|
||||
fi
|
||||
OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
|
||||
AC_CHECK_LIB([fido2], [fido_init],
|
||||
[
|
||||
AC_SUBST([LIBFIDO2])
|
||||
AC_DEFINE([ENABLE_SK_INTERNAL], [],
|
||||
[Enable for built-in U2F/FIDO support])
|
||||
enable_sk="built-in"
|
||||
], [ AC_MSG_ERROR([no usable libfido2 found]) ],
|
||||
[ $OTHERLIBS ]
|
||||
)
|
||||
saved_LIBS="$LIBS"
|
||||
LIBS="$LIBS $LIBFIDO2"
|
||||
AC_CHECK_FUNCS([ \
|
||||
fido_cred_prot \
|
||||
fido_cred_set_prot \
|
||||
fido_dev_get_touch_begin \
|
||||
fido_dev_get_touch_status \
|
||||
fido_dev_supports_cred_prot \
|
||||
])
|
||||
LIBS="$saved_LIBS"
|
||||
AC_CHECK_HEADER([fido.h], [],
|
||||
AC_MSG_ERROR([missing fido.h from libfido2]))
|
||||
AC_CHECK_HEADER([fido/credman.h], [],
|
||||
AC_MSG_ERROR([missing fido/credman.h from libfido2]),
|
||||
[#include <fido.h>]
|
||||
)
|
||||
fi
|
||||
|
||||
AC_CHECK_FUNCS([ \
|
||||
arc4random \
|
||||
arc4random_buf \
|
||||
|
@ -3014,6 +3251,7 @@ if test "x$openssl" = "xyes" ; then
|
|||
AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/rand.h>
|
||||
]], [[
|
||||
|
@ -3440,11 +3678,12 @@ if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
|
|||
fi
|
||||
|
||||
# compute LLONG_MIN and LLONG_MAX if we don't know them.
|
||||
if test -z "$have_llong_max"; then
|
||||
if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
|
||||
AC_MSG_CHECKING([for max value of long long])
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
/* Why is this so damn hard? */
|
||||
#ifdef __GNUC__
|
||||
# undef __GNUC__
|
||||
|
@ -3535,6 +3774,17 @@ fprint_ll(FILE *f, long long n)
|
|||
)
|
||||
fi
|
||||
|
||||
AC_CHECK_DECLS([UINT32_MAX], , , [[
|
||||
#ifdef HAVE_SYS_LIMITS_H
|
||||
# include <sys/limits.h>
|
||||
#endif
|
||||
#ifdef HAVE_LIMITS_H
|
||||
# include <limits.h>
|
||||
#endif
|
||||
#ifdef HAVE_STDINT_H
|
||||
# include <stdint.h>
|
||||
#endif
|
||||
]])
|
||||
|
||||
# More checks for data types
|
||||
AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
|
||||
|
@ -3715,7 +3965,9 @@ fi
|
|||
|
||||
AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
|
||||
#include <sys/types.h>
|
||||
#include <stdint.h>
|
||||
#ifdef HAVE_STDINT_H
|
||||
# include <stdint.h>
|
||||
#endif
|
||||
])
|
||||
|
||||
TYPE_SOCKLEN_T
|
||||
|
@ -3734,7 +3986,8 @@ AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
|
|||
#endif
|
||||
])
|
||||
|
||||
AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[
|
||||
AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
|
||||
#include <sys/param.h>
|
||||
#include <sys/types.h>
|
||||
#ifdef HAVE_SYS_BITYPES_H
|
||||
#include <sys/bitypes.h>
|
||||
|
@ -3748,6 +4001,9 @@ AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[
|
|||
#ifdef HAVE_SYS_VFS_H
|
||||
#include <sys/vfs.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_MOUNT_H
|
||||
#include <sys/mount.h>
|
||||
#endif
|
||||
]])
|
||||
|
||||
|
||||
|
@ -3905,7 +4161,24 @@ if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
|
|||
have_struct_timeval=1
|
||||
fi
|
||||
|
||||
AC_CHECK_TYPES([struct timespec])
|
||||
AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
||||
#ifdef HAVE_SYS_TIME_H
|
||||
# include <sys/time.h>
|
||||
#endif
|
||||
#ifdef HAVE_TIME_H
|
||||
# include <time.h>
|
||||
#endif
|
||||
]],
|
||||
[[ struct timespec ts; ts.tv_sec = 1;]])],
|
||||
[ ac_cv_have_struct_timespec="yes" ],
|
||||
[ ac_cv_have_struct_timespec="no"
|
||||
])
|
||||
])
|
||||
if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
|
||||
AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
|
||||
have_struct_timespec=1
|
||||
fi
|
||||
|
||||
# We need int64_t or else certain parts of the compile will fail.
|
||||
if test "x$ac_cv_have_int64_t" = "xno" && \
|
||||
|
@ -3920,6 +4193,7 @@ dnl test snprintf (broken on SCO w/gcc)
|
|||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef HAVE_SNPRINTF
|
||||
main()
|
||||
|
@ -3964,6 +4238,7 @@ OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
|
|||
OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
|
||||
OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
|
||||
OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
|
||||
OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
|
||||
|
||||
AC_CHECK_MEMBERS([struct stat.st_blksize])
|
||||
AC_CHECK_MEMBERS([struct stat.st_mtim])
|
||||
|
@ -4022,6 +4297,7 @@ AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
|
|||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/uio.h>
|
||||
#include <stdlib.h>
|
||||
]], [[
|
||||
#ifdef msg_accrights
|
||||
#error "msg_accrights is a macro"
|
||||
|
@ -4083,6 +4359,7 @@ AC_CACHE_CHECK([for msg_control field in struct msghdr],
|
|||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/uio.h>
|
||||
#include <stdlib.h>
|
||||
]], [[
|
||||
#ifdef msg_control
|
||||
#error "msg_control is a macro"
|
||||
|
@ -4103,7 +4380,7 @@ if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
|
|||
fi
|
||||
|
||||
AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
|
||||
[[ extern char *__progname; printf("%s", __progname); ]])],
|
||||
[ ac_cv_libc_defines___progname="yes" ],
|
||||
[ ac_cv_libc_defines___progname="no"
|
||||
|
@ -4175,7 +4452,7 @@ if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
|
|||
fi
|
||||
|
||||
AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
|
||||
[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
|
||||
[ ac_cv_libc_defines_sys_errlist="yes" ],
|
||||
[ ac_cv_libc_defines_sys_errlist="no"
|
||||
|
@ -4188,7 +4465,7 @@ fi
|
|||
|
||||
|
||||
AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
|
||||
[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
|
||||
[ ac_cv_libc_defines_sys_nerr="yes" ],
|
||||
[ ac_cv_libc_defines_sys_nerr="no"
|
||||
|
@ -4282,13 +4559,10 @@ AC_ARG_WITH([selinux],
|
|||
LIBS="$LIBS -lselinux"
|
||||
],
|
||||
AC_MSG_ERROR([SELinux support requires libselinux library]))
|
||||
SSHLIBS="$SSHLIBS $LIBSELINUX"
|
||||
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
|
||||
AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
|
||||
LIBS="$save_LIBS"
|
||||
LIBS="$save_LIBS $LIBSELINUX"
|
||||
fi ]
|
||||
)
|
||||
AC_SUBST([SSHLIBS])
|
||||
AC_SUBST([SSHDLIBS])
|
||||
|
||||
# Check whether user wants Kerberos 5 support
|
||||
|
@ -4500,6 +4774,7 @@ AC_ARG_WITH([maildir],
|
|||
AC_RUN_IFELSE(
|
||||
[AC_LANG_PROGRAM([[
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
#include <paths.h>
|
||||
|
@ -4744,6 +5019,7 @@ otherwise scp will not work.])
|
|||
[AC_LANG_PROGRAM([[
|
||||
/* find out what STDPATH is */
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
# include <paths.h>
|
||||
#endif
|
||||
|
@ -5171,6 +5447,12 @@ AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
|
|||
CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
|
||||
LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
|
||||
|
||||
# Make a copy of CFLAGS/LDFLAGS without PIE options.
|
||||
LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
|
||||
CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
|
||||
AC_SUBST([LDFLAGS_NOPIE])
|
||||
AC_SUBST([CFLAGS_NOPIE])
|
||||
|
||||
AC_EXEEXT
|
||||
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
|
||||
openbsd-compat/Makefile openbsd-compat/regress/Makefile \
|
||||
|
@ -5229,6 +5511,8 @@ echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
|
|||
echo " BSD Auth support: $BSD_AUTH_MSG"
|
||||
echo " Random number source: $RAND_MSG"
|
||||
echo " Privsep sandbox style: $SANDBOX_STYLE"
|
||||
echo " PKCS#11 support: $enable_pkcs11"
|
||||
echo " U2F/FIDO support: $enable_sk"
|
||||
|
||||
echo ""
|
||||
|
||||
|
@ -5241,9 +5525,6 @@ echo " Libraries: ${LIBS}"
|
|||
if test ! -z "${SSHDLIBS}"; then
|
||||
echo " +for sshd: ${SSHDLIBS}"
|
||||
fi
|
||||
if test ! -z "${SSHLIBS}"; then
|
||||
echo " +for ssh: ${SSHLIBS}"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ Options:
|
|||
Please note that OpenSSH does never use the value of $HOME to
|
||||
search for the users configuration files! It always uses the
|
||||
value of the pw_dir field in /etc/passwd as the home directory.
|
||||
If no home diretory is set in /etc/passwd, the root directory
|
||||
If no home directory is set in /etc/passwd, the root directory
|
||||
is used instead!
|
||||
|
||||
================
|
||||
|
|
|
@ -39,6 +39,10 @@
|
|||
#define GRAB_TRIES 16
|
||||
#define GRAB_WAIT 250 /* milliseconds */
|
||||
|
||||
#define PROMPT_ENTRY 0
|
||||
#define PROMPT_CONFIRM 1
|
||||
#define PROMPT_NONE 2
|
||||
|
||||
/*
|
||||
* Compile with:
|
||||
*
|
||||
|
@ -52,9 +56,11 @@
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <X11/Xlib.h>
|
||||
#include <gtk/gtk.h>
|
||||
#include <gdk/gdkx.h>
|
||||
#include <gdk/gdkkeysyms.h>
|
||||
|
||||
static void
|
||||
report_failed_grab (GtkWidget *parent_window, const char *what)
|
||||
|
@ -81,48 +87,148 @@ ok_dialog(GtkWidget *entry, gpointer dialog)
|
|||
gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
check_none(GtkWidget *widget, GdkEventKey *event, gpointer dialog)
|
||||
{
|
||||
switch (event->keyval) {
|
||||
case GDK_KEY_Escape:
|
||||
/* esc -> close dialog */
|
||||
gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_CLOSE);
|
||||
return TRUE;
|
||||
case GDK_KEY_Tab:
|
||||
/* tab -> focus close button */
|
||||
gtk_widget_grab_focus(gtk_dialog_get_widget_for_response(
|
||||
dialog, GTK_RESPONSE_CLOSE));
|
||||
return TRUE;
|
||||
default:
|
||||
/* eat all other key events */
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
static int
|
||||
passphrase_dialog(char *message)
|
||||
parse_env_hex_color(const char *env, GdkColor *c)
|
||||
{
|
||||
const char *s;
|
||||
unsigned long ul;
|
||||
char *ep;
|
||||
size_t n;
|
||||
|
||||
if ((s = getenv(env)) == NULL)
|
||||
return 0;
|
||||
|
||||
memset(c, 0, sizeof(*c));
|
||||
|
||||
/* Permit hex rgb or rrggbb optionally prefixed by '#' or '0x' */
|
||||
if (*s == '#')
|
||||
s++;
|
||||
else if (strncmp(s, "0x", 2) == 0)
|
||||
s += 2;
|
||||
n = strlen(s);
|
||||
if (n != 3 && n != 6)
|
||||
goto bad;
|
||||
ul = strtoul(s, &ep, 16);
|
||||
if (*ep != '\0' || ul > 0xffffff) {
|
||||
bad:
|
||||
fprintf(stderr, "Invalid $%s - invalid hex color code\n", env);
|
||||
return 0;
|
||||
}
|
||||
/* Valid hex sequence; expand into a GdkColor */
|
||||
if (n == 3) {
|
||||
/* 4-bit RGB */
|
||||
c->red = ((ul >> 8) & 0xf) << 12;
|
||||
c->green = ((ul >> 4) & 0xf) << 12;
|
||||
c->blue = (ul & 0xf) << 12;
|
||||
} else {
|
||||
/* 8-bit RGB */
|
||||
c->red = ((ul >> 16) & 0xff) << 8;
|
||||
c->green = ((ul >> 8) & 0xff) << 8;
|
||||
c->blue = (ul & 0xff) << 8;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
passphrase_dialog(char *message, int prompt_type)
|
||||
{
|
||||
const char *failed;
|
||||
char *passphrase, *local;
|
||||
int result, grab_tries, grab_server, grab_pointer;
|
||||
int buttons, default_response;
|
||||
GtkWidget *parent_window, *dialog, *entry;
|
||||
GdkGrabStatus status;
|
||||
GdkColor fg, bg;
|
||||
int fg_set = 0, bg_set = 0;
|
||||
|
||||
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
|
||||
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
|
||||
grab_tries = 0;
|
||||
|
||||
fg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_FG_COLOR", &fg);
|
||||
bg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_BG_COLOR", &bg);
|
||||
|
||||
/* Create an invisible parent window so that GtkDialog doesn't
|
||||
* complain. */
|
||||
parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
|
||||
|
||||
dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
|
||||
GTK_MESSAGE_QUESTION,
|
||||
GTK_BUTTONS_OK_CANCEL,
|
||||
"%s",
|
||||
message);
|
||||
switch (prompt_type) {
|
||||
case PROMPT_CONFIRM:
|
||||
buttons = GTK_BUTTONS_YES_NO;
|
||||
default_response = GTK_RESPONSE_YES;
|
||||
break;
|
||||
case PROMPT_NONE:
|
||||
buttons = GTK_BUTTONS_CLOSE;
|
||||
default_response = GTK_RESPONSE_CLOSE;
|
||||
break;
|
||||
default:
|
||||
buttons = GTK_BUTTONS_OK_CANCEL;
|
||||
default_response = GTK_RESPONSE_OK;
|
||||
break;
|
||||
}
|
||||
|
||||
entry = gtk_entry_new();
|
||||
gtk_box_pack_start(
|
||||
GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry,
|
||||
FALSE, FALSE, 0);
|
||||
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
|
||||
gtk_widget_grab_focus(entry);
|
||||
gtk_widget_show(entry);
|
||||
dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
|
||||
GTK_MESSAGE_QUESTION, buttons, "%s", message);
|
||||
|
||||
gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
|
||||
gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
|
||||
gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
|
||||
|
||||
/* Make <enter> close dialog */
|
||||
gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
|
||||
g_signal_connect(G_OBJECT(entry), "activate",
|
||||
G_CALLBACK(ok_dialog), dialog);
|
||||
|
||||
gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response);
|
||||
gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
|
||||
|
||||
if (fg_set)
|
||||
gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
|
||||
if (bg_set)
|
||||
gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
|
||||
|
||||
if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {
|
||||
entry = gtk_entry_new();
|
||||
if (fg_set)
|
||||
gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
|
||||
if (bg_set)
|
||||
gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
|
||||
gtk_box_pack_start(
|
||||
GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
|
||||
entry, FALSE, FALSE, 0);
|
||||
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
|
||||
gtk_widget_grab_focus(entry);
|
||||
if (prompt_type == PROMPT_ENTRY) {
|
||||
gtk_widget_show(entry);
|
||||
/* Make <enter> close dialog */
|
||||
g_signal_connect(G_OBJECT(entry), "activate",
|
||||
G_CALLBACK(ok_dialog), dialog);
|
||||
} else {
|
||||
/*
|
||||
* Ensure the 'close' button is not focused by default
|
||||
* but is still reachable via tab. This is a bit of a
|
||||
* hack - it uses a hidden entry that responds to a
|
||||
* couple of keypress events (escape and tab only).
|
||||
*/
|
||||
gtk_widget_realize(entry);
|
||||
g_signal_connect(G_OBJECT(entry), "key_press_event",
|
||||
G_CALLBACK(check_none), dialog);
|
||||
}
|
||||
}
|
||||
|
||||
/* Grab focus */
|
||||
gtk_widget_show_now(dialog);
|
||||
if (grab_pointer) {
|
||||
|
@ -166,32 +272,37 @@ passphrase_dialog(char *message)
|
|||
gdk_flush();
|
||||
|
||||
/* Report passphrase if user selected OK */
|
||||
passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
|
||||
if (result == GTK_RESPONSE_OK) {
|
||||
local = g_locale_from_utf8(passphrase, strlen(passphrase),
|
||||
NULL, NULL, NULL);
|
||||
if (local != NULL) {
|
||||
puts(local);
|
||||
memset(local, '\0', strlen(local));
|
||||
g_free(local);
|
||||
} else {
|
||||
puts(passphrase);
|
||||
if (prompt_type == PROMPT_ENTRY) {
|
||||
passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
|
||||
if (result == GTK_RESPONSE_OK) {
|
||||
local = g_locale_from_utf8(passphrase,
|
||||
strlen(passphrase), NULL, NULL, NULL);
|
||||
if (local != NULL) {
|
||||
puts(local);
|
||||
memset(local, '\0', strlen(local));
|
||||
g_free(local);
|
||||
} else {
|
||||
puts(passphrase);
|
||||
}
|
||||
}
|
||||
/* Zero passphrase in memory */
|
||||
memset(passphrase, '\b', strlen(passphrase));
|
||||
gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
|
||||
memset(passphrase, '\0', strlen(passphrase));
|
||||
g_free(passphrase);
|
||||
}
|
||||
|
||||
/* Zero passphrase in memory */
|
||||
memset(passphrase, '\b', strlen(passphrase));
|
||||
gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
|
||||
memset(passphrase, '\0', strlen(passphrase));
|
||||
g_free(passphrase);
|
||||
|
||||
gtk_widget_destroy(dialog);
|
||||
return (result == GTK_RESPONSE_OK ? 0 : -1);
|
||||
|
||||
/* At least one grab failed - ungrab what we got, and report
|
||||
the failure to the user. Note that XGrabServer() cannot
|
||||
fail. */
|
||||
gtk_widget_destroy(dialog);
|
||||
if (result != GTK_RESPONSE_OK && result != GTK_RESPONSE_YES)
|
||||
return -1;
|
||||
return 0;
|
||||
|
||||
nograbkb:
|
||||
/*
|
||||
* At least one grab failed - ungrab what we got, and report
|
||||
* the failure to the user. Note that XGrabServer() cannot
|
||||
* fail.
|
||||
*/
|
||||
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||
nograb:
|
||||
if (grab_server)
|
||||
|
@ -206,8 +317,8 @@ passphrase_dialog(char *message)
|
|||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
char *message;
|
||||
int result;
|
||||
char *message, *prompt_mode;
|
||||
int result, prompt_type = PROMPT_ENTRY;
|
||||
|
||||
gtk_init(&argc, &argv);
|
||||
|
||||
|
@ -217,8 +328,15 @@ main(int argc, char **argv)
|
|||
message = g_strdup("Enter your OpenSSH passphrase:");
|
||||
}
|
||||
|
||||
if ((prompt_mode = getenv("SSH_ASKPASS_PROMPT")) != NULL) {
|
||||
if (strcasecmp(prompt_mode, "confirm") == 0)
|
||||
prompt_type = PROMPT_CONFIRM;
|
||||
else if (strcasecmp(prompt_mode, "none") == 0)
|
||||
prompt_type = PROMPT_NONE;
|
||||
}
|
||||
|
||||
setvbuf(stdout, 0, _IONBF, 0);
|
||||
result = passphrase_dialog(message);
|
||||
result = passphrase_dialog(message, prompt_type);
|
||||
g_free(message);
|
||||
|
||||
return (result);
|
||||
|
|
|
@ -1,78 +1,78 @@
|
|||
%define ver 8.1p1
|
||||
%define rel 1%{?dist}
|
||||
%global ver 8.5p1
|
||||
%global rel 1%{?dist}
|
||||
|
||||
# OpenSSH privilege separation requires a user & group ID
|
||||
%define sshd_uid 74
|
||||
%define sshd_gid 74
|
||||
%global sshd_uid 74
|
||||
%global sshd_gid 74
|
||||
|
||||
# Version of ssh-askpass
|
||||
%define aversion 1.2.4.1
|
||||
%global aversion 1.2.4.1
|
||||
|
||||
# Do we want to disable building of x11-askpass? (1=yes 0=no)
|
||||
%define no_x11_askpass 0
|
||||
%global no_x11_askpass 0
|
||||
|
||||
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
|
||||
%define no_gnome_askpass 0
|
||||
%global no_gnome_askpass 0
|
||||
|
||||
# Do we want to link against a static libcrypto? (1=yes 0=no)
|
||||
%define static_libcrypto 0
|
||||
%global static_libcrypto 0
|
||||
|
||||
# Do we want smartcard support (1=yes 0=no)
|
||||
%define scard 0
|
||||
%global scard 0
|
||||
|
||||
# Use GTK2 instead of GNOME in gnome-ssh-askpass
|
||||
%define gtk2 1
|
||||
%global gtk2 1
|
||||
|
||||
# Use build6x options for older RHEL builds
|
||||
# RHEL 7 not yet supported
|
||||
%if 0%{?rhel} > 6
|
||||
%define build6x 0
|
||||
%global build6x 0
|
||||
%else
|
||||
%define build6x 1
|
||||
%global build6x 1
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} >= 26
|
||||
%define compat_openssl 1
|
||||
%global compat_openssl 1
|
||||
%else
|
||||
%define compat_openssl 0
|
||||
%global compat_openssl 0
|
||||
%endif
|
||||
|
||||
# Do we want kerberos5 support (1=yes 0=no)
|
||||
%define kerberos5 1
|
||||
%global kerberos5 1
|
||||
|
||||
# Reserve options to override askpass settings with:
|
||||
# rpm -ba|--rebuild --define 'skip_xxx 1'
|
||||
%{?skip_x11_askpass:%define no_x11_askpass 1}
|
||||
%{?skip_gnome_askpass:%define no_gnome_askpass 1}
|
||||
%{?skip_x11_askpass:%global no_x11_askpass 1}
|
||||
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
|
||||
|
||||
# Add option to build without GTK2 for older platforms with only GTK+.
|
||||
# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
|
||||
# rpm -ba|--rebuild --define 'no_gtk2 1'
|
||||
%{?no_gtk2:%define gtk2 0}
|
||||
%{?no_gtk2:%global gtk2 0}
|
||||
|
||||
# Is this a build for RHL 6.x or earlier?
|
||||
%{?build_6x:%define build6x 1}
|
||||
%{?build_6x:%global build6x 1}
|
||||
|
||||
# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
|
||||
%if %{build6x}
|
||||
%define _sysconfdir /etc
|
||||
%global _sysconfdir /etc
|
||||
%endif
|
||||
|
||||
# Options for static OpenSSL link:
|
||||
# rpm -ba|--rebuild --define "static_openssl 1"
|
||||
%{?static_openssl:%define static_libcrypto 1}
|
||||
%{?static_openssl:%global static_libcrypto 1}
|
||||
|
||||
# Options for Smartcard support: (needs libsectok and openssl-engine)
|
||||
# rpm -ba|--rebuild --define "smartcard 1"
|
||||
%{?smartcard:%define scard 1}
|
||||
%{?smartcard:%global scard 1}
|
||||
|
||||
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
|
||||
%define rescue 0
|
||||
%{?build_rescue:%define rescue 1}
|
||||
%global rescue 0
|
||||
%{?build_rescue:%global rescue 1}
|
||||
|
||||
# Turn off some stuff for resuce builds
|
||||
%if %{rescue}
|
||||
%define kerberos5 0
|
||||
%global kerberos5 0
|
||||
%endif
|
||||
|
||||
Summary: The OpenSSH implementation of SSH protocol version 2.
|
||||
|
@ -363,8 +363,10 @@ fi
|
|||
%attr(0755,root,root) %dir %{_libexecdir}/openssh
|
||||
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
|
||||
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
|
||||
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
|
||||
%attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
|
||||
%endif
|
||||
%if %{scard}
|
||||
%attr(0755,root,root) %dir %{_datadir}/openssh
|
||||
|
@ -422,6 +424,9 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jul 20 2020 Damien Miller <djm@mindrto.org>
|
||||
- Add ssh-sk-helper and corresponding manual page.
|
||||
|
||||
* Sat Feb 10 2018 Darren Tucker <dtucker@dtucker.net>
|
||||
- Update openssl-devel dependency to match current requirements.
|
||||
- Handle Fedora >=6 openssl 1.0 compat libs.
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Copyright (c) 1999-2016 Philip Hands <phil@hands.com>
|
||||
# Copyright (c) 1999-2020 Philip Hands <phil@hands.com>
|
||||
# 2020 Matthias Blümel <blaimi@blaimi.de>
|
||||
# 2017 Sebastien Boyron <seb@boyron.eu>
|
||||
# 2013 Martin Kletzander <mkletzan@redhat.com>
|
||||
# 2010 Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es>
|
||||
# 2010 Eric Moret <eric.moret@gmail.com>
|
||||
|
@ -33,13 +35,15 @@
|
|||
# Shell script to install your public key(s) on a remote machine
|
||||
# See the ssh-copy-id(1) man page for details
|
||||
|
||||
# shellcheck shell=dash
|
||||
|
||||
# check that we have something mildly sane as our shell, or try to find something better
|
||||
if false ^ printf "%s: WARNING: ancient shell, hunting for a more modern one... " "$0"
|
||||
then
|
||||
SANE_SH=${SANE_SH:-/usr/bin/ksh}
|
||||
if printf 'true ^ false\n' | "$SANE_SH"
|
||||
then
|
||||
printf "'%s' seems viable.\n" "$SANE_SH"
|
||||
printf "'%s' seems viable.\\n" "$SANE_SH"
|
||||
exec "$SANE_SH" "$0" "$@"
|
||||
else
|
||||
cat <<-EOF
|
||||
|
@ -51,36 +55,39 @@ then
|
|||
a bug describing your setup, and the shell you used to make it work.
|
||||
|
||||
EOF
|
||||
printf "%s: ERROR: Less dimwitted shell required.\n" "$0"
|
||||
printf '%s: ERROR: Less dimwitted shell required.\n' "$0"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
most_recent_id="$(cd "$HOME" ; ls -t .ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)"
|
||||
DEFAULT_PUB_ID_FILE="${most_recent_id:+$HOME/}$most_recent_id"
|
||||
# shellcheck disable=SC2010
|
||||
DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
|
||||
SSH="ssh -a -x"
|
||||
umask 0177
|
||||
|
||||
usage () {
|
||||
printf 'Usage: %s [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
|
||||
printf 'Usage: %s [-h|-?|-f|-n|-s] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
|
||||
printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2
|
||||
printf '\t-n: dry run -- no keys are actually copied\n' >&2
|
||||
printf '\t-s: use sftp -- use sftp instead of executing remote-commands. Can be useful if the remote only allows sftp\n' >&2
|
||||
printf '\t-h|-?: print this help\n' >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# escape any single quotes in an argument
|
||||
quote() {
|
||||
printf "%s\n" "$1" | sed -e "s/'/'\\\\''/g"
|
||||
printf '%s\n' "$1" | sed -e "s/'/'\\\\''/g"
|
||||
}
|
||||
|
||||
use_id_file() {
|
||||
local L_ID_FILE="$1"
|
||||
L_ID_FILE="$1"
|
||||
|
||||
if [ -z "$L_ID_FILE" ] ; then
|
||||
printf "%s: ERROR: no ID file found\n" "$0"
|
||||
printf '%s: ERROR: no ID file found\n' "$0"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if expr "$L_ID_FILE" : ".*\.pub$" >/dev/null ; then
|
||||
if expr "$L_ID_FILE" : '.*\.pub$' >/dev/null ; then
|
||||
PUB_ID_FILE="$L_ID_FILE"
|
||||
else
|
||||
PUB_ID_FILE="$L_ID_FILE.pub"
|
||||
|
@ -91,9 +98,9 @@ use_id_file() {
|
|||
# check that the files are readable
|
||||
for f in "$PUB_ID_FILE" ${PRIV_ID_FILE:+"$PRIV_ID_FILE"} ; do
|
||||
ErrMSG=$( { : < "$f" ; } 2>&1 ) || {
|
||||
local L_PRIVMSG=""
|
||||
L_PRIVMSG=""
|
||||
[ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG=" (to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)"
|
||||
printf "\n%s: ERROR: failed to open ID file '%s': %s\n" "$0" "$f" "$(printf "%s\n%s\n" "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')"
|
||||
printf "\\n%s: ERROR: failed to open ID file '%s': %s\\n" "$0" "$f" "$(printf '%s\n%s\n' "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')"
|
||||
exit 1
|
||||
}
|
||||
done
|
||||
|
@ -105,80 +112,36 @@ if [ -n "$SSH_AUTH_SOCK" ] && ssh-add -L >/dev/null 2>&1 ; then
|
|||
GET_ID="ssh-add -L"
|
||||
fi
|
||||
|
||||
while test "$#" -gt 0
|
||||
while getopts "i:o:p:F:fnsh?" OPT
|
||||
do
|
||||
[ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && {
|
||||
printf "\n%s: ERROR: -i option must not be specified more than once\n\n" "$0"
|
||||
usage
|
||||
}
|
||||
|
||||
OPT= OPTARG=
|
||||
# implement something like getopt to avoid Solaris pain
|
||||
case "$1" in
|
||||
-i?*|-o?*|-p?*)
|
||||
OPT="$(printf -- "$1"|cut -c1-2)"
|
||||
OPTARG="$(printf -- "$1"|cut -c3-)"
|
||||
shift
|
||||
;;
|
||||
-o|-p)
|
||||
OPT="$1"
|
||||
OPTARG="$2"
|
||||
shift 2
|
||||
;;
|
||||
-i)
|
||||
OPT="$1"
|
||||
test "$#" -le 2 || expr "$2" : "[-]" >/dev/null || {
|
||||
OPTARG="$2"
|
||||
shift
|
||||
}
|
||||
shift
|
||||
;;
|
||||
-f|-n|-h|-\?)
|
||||
OPT="$1"
|
||||
OPTARG=
|
||||
shift
|
||||
;;
|
||||
--)
|
||||
shift
|
||||
while test "$#" -gt 0
|
||||
do
|
||||
SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
|
||||
shift
|
||||
done
|
||||
break
|
||||
;;
|
||||
-*)
|
||||
printf "\n%s: ERROR: invalid option (%s)\n\n" "$0" "$1"
|
||||
usage
|
||||
;;
|
||||
*)
|
||||
SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
|
||||
shift
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
|
||||
case "$OPT" in
|
||||
-i)
|
||||
i)
|
||||
[ "${SEEN_OPT_I}" ] && {
|
||||
printf '\n%s: ERROR: -i option must not be specified more than once\n\n' "$0"
|
||||
usage
|
||||
}
|
||||
SEEN_OPT_I="yes"
|
||||
use_id_file "${OPTARG:-$DEFAULT_PUB_ID_FILE}"
|
||||
;;
|
||||
-o|-p)
|
||||
SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'"
|
||||
o|p|F)
|
||||
SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }-$OPT '$(quote "${OPTARG}")'"
|
||||
;;
|
||||
-f)
|
||||
f)
|
||||
FORCED=1
|
||||
;;
|
||||
-n)
|
||||
n)
|
||||
DRY_RUN=1
|
||||
;;
|
||||
-h|-\?)
|
||||
s)
|
||||
SFTP=sftp
|
||||
;;
|
||||
h|\?)
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
eval set -- "$SAVEARGS"
|
||||
#shift all args to keep only USER_HOST
|
||||
shift $((OPTIND-1))
|
||||
|
||||
if [ $# = 0 ] ; then
|
||||
usage
|
||||
|
@ -189,71 +152,74 @@ if [ $# != 1 ] ; then
|
|||
fi
|
||||
|
||||
# drop trailing colon
|
||||
USER_HOST=$(printf "%s\n" "$1" | sed 's/:$//')
|
||||
USER_HOST="$*"
|
||||
# tack the hostname onto SSH_OPTS
|
||||
SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'"
|
||||
# and populate "$@" for later use (only way to get proper quoting of options)
|
||||
eval set -- "$SSH_OPTS"
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
if [ -z "$(eval $GET_ID)" ] && [ -r "${PUB_ID_FILE:=$DEFAULT_PUB_ID_FILE}" ] ; then
|
||||
use_id_file "$PUB_ID_FILE"
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
if [ -z "$(eval $GET_ID)" ] ; then
|
||||
printf '%s: ERROR: No identities found\n' "$0" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# filter_ids()
|
||||
# tries to log in using the keys piped to it, and filters out any that work
|
||||
filter_ids() {
|
||||
L_SUCCESS="$1"
|
||||
L_TMP_ID_FILE="$SCRATCH_DIR"/popids_tmp_id
|
||||
L_OUTPUT_FILE="$SCRATCH_DIR"/popids_output
|
||||
|
||||
# repopulate "$@" inside this function
|
||||
eval set -- "$SSH_OPTS"
|
||||
|
||||
while read -r ID || [ "$ID" ] ; do
|
||||
printf '%s\n' "$ID" > "$L_TMP_ID_FILE"
|
||||
|
||||
# the next line assumes $PRIV_ID_FILE only set if using a single id file - this
|
||||
# assumption will break if we implement the possibility of multiple -i options.
|
||||
# The point being that if file based, ssh needs the private key, which it cannot
|
||||
# find if only given the contents of the .pub file in an unrelated tmpfile
|
||||
$SSH -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
|
||||
-o ControlPath=none \
|
||||
-o LogLevel=INFO \
|
||||
-o PreferredAuthentications=publickey \
|
||||
-o IdentitiesOnly=yes "$@" exit >"$L_OUTPUT_FILE" 2>&1 </dev/null
|
||||
if [ "$?" = "$L_SUCCESS" ] || {
|
||||
[ "$SFTP" ] && grep 'allows sftp connections only' "$L_OUTPUT_FILE" >/dev/null
|
||||
# this error counts as a success if we're setting up an sftp connection
|
||||
}
|
||||
then
|
||||
: > "$L_TMP_ID_FILE"
|
||||
else
|
||||
grep 'Permission denied' "$L_OUTPUT_FILE" >/dev/null || {
|
||||
sed -e 's/^/ERROR: /' <"$L_OUTPUT_FILE" >"$L_TMP_ID_FILE"
|
||||
cat >/dev/null #consume the other keys, causing loop to end
|
||||
}
|
||||
fi
|
||||
|
||||
cat "$L_TMP_ID_FILE"
|
||||
done
|
||||
}
|
||||
|
||||
# populate_new_ids() uses several global variables ($USER_HOST, $SSH_OPTS ...)
|
||||
# and has the side effect of setting $NEW_IDS
|
||||
populate_new_ids() {
|
||||
local L_SUCCESS="$1"
|
||||
|
||||
if [ "$FORCED" ] ; then
|
||||
# shellcheck disable=SC2086
|
||||
NEW_IDS=$(eval $GET_ID)
|
||||
return
|
||||
fi
|
||||
|
||||
# repopulate "$@" inside this function
|
||||
eval set -- "$SSH_OPTS"
|
||||
|
||||
umask 0177
|
||||
local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX)
|
||||
if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then
|
||||
printf '%s: ERROR: mktemp failed\n' "$0" >&2
|
||||
exit 1
|
||||
fi
|
||||
local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\""
|
||||
trap "$L_CLEANUP" EXIT TERM INT QUIT
|
||||
printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
|
||||
NEW_IDS=$(
|
||||
eval $GET_ID | {
|
||||
while read ID || [ "$ID" ] ; do
|
||||
printf '%s\n' "$ID" > "$L_TMP_ID_FILE"
|
||||
|
||||
# the next line assumes $PRIV_ID_FILE only set if using a single id file - this
|
||||
# assumption will break if we implement the possibility of multiple -i options.
|
||||
# The point being that if file based, ssh needs the private key, which it cannot
|
||||
# find if only given the contents of the .pub file in an unrelated tmpfile
|
||||
ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
|
||||
-o ControlPath=none \
|
||||
-o LogLevel=INFO \
|
||||
-o PreferredAuthentications=publickey \
|
||||
-o IdentitiesOnly=yes "$@" exit 2>"$L_TMP_ID_FILE.stderr" </dev/null
|
||||
if [ "$?" = "$L_SUCCESS" ] ; then
|
||||
: > "$L_TMP_ID_FILE"
|
||||
else
|
||||
grep 'Permission denied' "$L_TMP_ID_FILE.stderr" >/dev/null || {
|
||||
sed -e 's/^/ERROR: /' <"$L_TMP_ID_FILE.stderr" >"$L_TMP_ID_FILE"
|
||||
cat >/dev/null #consume the other keys, causing loop to end
|
||||
}
|
||||
fi
|
||||
|
||||
cat "$L_TMP_ID_FILE"
|
||||
done
|
||||
}
|
||||
)
|
||||
eval "$L_CLEANUP" && trap - EXIT TERM INT QUIT
|
||||
# shellcheck disable=SC2086
|
||||
NEW_IDS=$(eval $GET_ID | filter_ids $1)
|
||||
|
||||
if expr "$NEW_IDS" : "^ERROR: " >/dev/null ; then
|
||||
printf '\n%s: %s\n\n' "$0" "$NEW_IDS" >&2
|
||||
|
@ -261,43 +227,130 @@ populate_new_ids() {
|
|||
fi
|
||||
if [ -z "$NEW_IDS" ] ; then
|
||||
printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2
|
||||
printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' "$0" >&2
|
||||
printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' >&2
|
||||
exit 0
|
||||
fi
|
||||
printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
|
||||
}
|
||||
|
||||
REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 |
|
||||
# installkey_sh [target_path]
|
||||
# produce a one-liner to add the keys to remote authorized_keys file
|
||||
# optionally takes an alternative path for authorized_keys
|
||||
installkeys_sh() {
|
||||
AUTH_KEY_FILE=${1:-.ssh/authorized_keys}
|
||||
AUTH_KEY_DIR=$(dirname "${AUTH_KEY_FILE}")
|
||||
|
||||
# In setting INSTALLKEYS_SH:
|
||||
# the tr puts it all on one line (to placate tcsh)
|
||||
# (hence the excessive use of semi-colons (;) )
|
||||
# then in the command:
|
||||
# cd to be at $HOME, just in case;
|
||||
# the -z `tail ...` checks for a trailing newline. The echo adds one if was missing
|
||||
# the cat adds the keys we're getting via STDIN
|
||||
# and if available restorecon is used to restore the SELinux context
|
||||
INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
|
||||
cd;
|
||||
umask 077;
|
||||
mkdir -p "${AUTH_KEY_DIR}" &&
|
||||
{ [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] ||
|
||||
echo >> "${AUTH_KEY_FILE}" || exit 1; } &&
|
||||
cat >> "${AUTH_KEY_FILE}" || exit 1;
|
||||
if type restorecon >/dev/null 2>&1; then
|
||||
restorecon -F "${AUTH_KEY_DIR}" "${AUTH_KEY_FILE}";
|
||||
fi
|
||||
EOF
|
||||
)
|
||||
|
||||
# to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
|
||||
printf "exec sh -c '%s'" "${INSTALLKEYS_SH}"
|
||||
}
|
||||
|
||||
#shellcheck disable=SC2120 # the 'eval set' confuses this
|
||||
installkeys_via_sftp() {
|
||||
|
||||
# repopulate "$@" inside this function
|
||||
eval set -- "$SSH_OPTS"
|
||||
|
||||
L_KEYS=$SCRATCH_DIR/authorized_keys
|
||||
L_SHARED_CON=$SCRATCH_DIR/master-conn
|
||||
$SSH -f -N -M -S "$L_SHARED_CON" "$@"
|
||||
L_CLEANUP="$SSH -S $L_SHARED_CON -O exit 'ignored' >/dev/null 2>&1 ; $SCRATCH_CLEANUP"
|
||||
#shellcheck disable=SC2064
|
||||
trap "$L_CLEANUP" EXIT TERM INT QUIT
|
||||
sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
|
||||
-get .ssh/authorized_keys $L_KEYS
|
||||
EOF
|
||||
# add a newline or create file if it's missing, same like above
|
||||
[ -z "$(tail -1c "$L_KEYS" 2>/dev/null)" ] || echo >> "$L_KEYS"
|
||||
# append the keys being piped in here
|
||||
cat >> "$L_KEYS"
|
||||
sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
|
||||
-mkdir .ssh
|
||||
chmod 700 .ssh
|
||||
put $L_KEYS .ssh/authorized_keys
|
||||
chmod 600 .ssh/authorized_keys
|
||||
EOF
|
||||
#shellcheck disable=SC2064
|
||||
eval "$L_CLEANUP" && trap "$SCRATCH_CLEANUP" EXIT TERM INT QUIT
|
||||
}
|
||||
|
||||
|
||||
# create a scratch dir for any temporary files needed
|
||||
if SCRATCH_DIR=$(mktemp -d ~/.ssh/ssh-copy-id.XXXXXXXXXX) &&
|
||||
[ "$SCRATCH_DIR" ] && [ -d "$SCRATCH_DIR" ]
|
||||
then
|
||||
chmod 0700 "$SCRATCH_DIR"
|
||||
SCRATCH_CLEANUP="rm -rf \"$SCRATCH_DIR\""
|
||||
#shellcheck disable=SC2064
|
||||
trap "$SCRATCH_CLEANUP" EXIT TERM INT QUIT
|
||||
else
|
||||
printf '%s: ERROR: failed to create required temporary directory under ~/.ssh\n' "$0" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
REMOTE_VERSION=$($SSH -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 |
|
||||
sed -ne 's/.*remote software version //p')
|
||||
|
||||
# shellcheck disable=SC2029
|
||||
case "$REMOTE_VERSION" in
|
||||
NetScreen*)
|
||||
populate_new_ids 1
|
||||
for KEY in $(printf "%s" "$NEW_IDS" | cut -d' ' -f2) ; do
|
||||
KEY_NO=$(($KEY_NO + 1))
|
||||
printf "%s\n" "$KEY" | grep ssh-dss >/dev/null || {
|
||||
KEY_NO=$((KEY_NO + 1))
|
||||
printf '%s\n' "$KEY" | grep ssh-dss >/dev/null || {
|
||||
printf '%s: WARNING: Non-dsa key (#%d) skipped (NetScreen only supports DSA keys)\n' "$0" "$KEY_NO" >&2
|
||||
continue
|
||||
}
|
||||
[ "$DRY_RUN" ] || printf 'set ssh pka-dsa key %s\nsave\nexit\n' "$KEY" | ssh -T "$@" >/dev/null 2>&1
|
||||
[ "$DRY_RUN" ] || printf 'set ssh pka-dsa key %s\nsave\nexit\n' "$KEY" | $SSH -T "$@" >/dev/null 2>&1
|
||||
if [ $? = 255 ] ; then
|
||||
printf '%s: ERROR: installation of key #%d failed (please report a bug describing what caused this, so that we can make this message useful)\n' "$0" "$KEY_NO" >&2
|
||||
else
|
||||
ADDED=$(($ADDED + 1))
|
||||
ADDED=$((ADDED + 1))
|
||||
fi
|
||||
done
|
||||
if [ -z "$ADDED" ] ; then
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
dropbear*)
|
||||
populate_new_ids 0
|
||||
[ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
|
||||
$SSH "$@" "$(installkeys_sh /etc/dropbear/authorized_keys)" \
|
||||
|| exit 1
|
||||
ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
|
||||
;;
|
||||
*)
|
||||
# Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
|
||||
populate_new_ids 0
|
||||
# in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
|
||||
# 'cd' to be at $HOME; add a newline if it's missing; and all on one line, because tcsh.
|
||||
[ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
|
||||
ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] || echo >> .ssh/authorized_keys ; } && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
|
||||
|| exit 1
|
||||
if ! [ "$DRY_RUN" ] ; then
|
||||
printf '%s\n' "$NEW_IDS" | \
|
||||
if [ "$SFTP" ] ; then
|
||||
#shellcheck disable=SC2119
|
||||
installkeys_via_sftp
|
||||
else
|
||||
$SSH "$@" "$(installkeys_sh)"
|
||||
fi || exit 1
|
||||
fi
|
||||
ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
|
||||
;;
|
||||
esac
|
||||
|
@ -315,7 +368,7 @@ else
|
|||
|
||||
Number of key(s) added: $ADDED
|
||||
|
||||
Now try logging into the machine, with: "ssh $SSH_OPTS"
|
||||
Now try logging into the machine, with: "${SFTP:-ssh} $SSH_OPTS"
|
||||
and check to make sure that only the key(s) you wanted were added.
|
||||
|
||||
EOF
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.ig \" -*- nroff -*-
|
||||
Copyright (c) 1999-2013 hands.com Ltd. <http://hands.com/>
|
||||
Copyright (c) 1999-2020 hands.com Ltd. <http://hands.com/>
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
|
@ -31,6 +31,7 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|||
.Nm
|
||||
.Op Fl f
|
||||
.Op Fl n
|
||||
.Op Fl s
|
||||
.Op Fl i Op Ar identity_file
|
||||
.Op Fl p Ar port
|
||||
.Op Fl o Ar ssh_option
|
||||
|
@ -84,6 +85,12 @@ in more than one copy of the key being installed on the remote system.
|
|||
.It Fl n
|
||||
do a dry-run. Instead of installing keys on the remote system simply
|
||||
prints the key(s) that would have been installed.
|
||||
.It Fl s
|
||||
SFTP mode: usually the public keys are installed by executing commands on the remote side.
|
||||
With this option the user's
|
||||
.Pa ~/.ssh/authorized_keys
|
||||
file will be downloaded, modified locally and uploaded with sftp.
|
||||
This option is useful if the server has restrictions on commands which can be used on the remote side.
|
||||
.It Fl h , Fl ?
|
||||
Print Usage summary
|
||||
.It Fl p Ar port , Fl o Ar ssh_option
|
||||
|
@ -158,7 +165,7 @@ asked for confirmation, which is your cue to log back out and run
|
|||
The reason you might want to specify the -i option in this case is to
|
||||
ensure that the comment on the installed key is the one from the
|
||||
.Pa .pub
|
||||
file, rather than just the filename that was loaded into you agent.
|
||||
file, rather than just the filename that was loaded into your agent.
|
||||
It also ensures that only the id you intended is installed, rather than
|
||||
all the keys that you have in your
|
||||
.Xr ssh-agent 1 .
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
||||
Name: openssh
|
||||
Version: 8.1p1
|
||||
Version: 8.5p1
|
||||
URL: https://www.openssh.com/
|
||||
Release: 1
|
||||
Source0: openssh-%{version}.tar.gz
|
||||
|
@ -75,6 +75,8 @@ patented algorithms to separate libraries (OpenSSL).
|
|||
This package contains an X Window System passphrase dialog for OpenSSH.
|
||||
|
||||
%changelog
|
||||
* Mon Jul 20 2020 Damien Miller <djm@mindrto.org>
|
||||
- Add ssh-sk-helper and corresponding manual page.
|
||||
* Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov>
|
||||
- Removed accidental inclusion of --without-zlib-version-check
|
||||
* Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov>
|
||||
|
@ -211,6 +213,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%attr(0755,root,root) %{_libdir}/ssh/sftp-server
|
||||
%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
|
||||
%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
|
||||
%attr(0755,root,root) %{_libdir}/ssh/ssh-sk-helper
|
||||
%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
|
||||
|
@ -224,6 +227,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man8/ssh-pkcs11-helper.8*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man8/ssh-sk-helper.8*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
|
||||
%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh
|
||||
|
||||
|
|
18
crypto_api.h
18
crypto_api.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: crypto_api.h,v 1.5 2019/01/21 10:20:12 djm Exp $ */
|
||||
/* $OpenBSD: crypto_api.h,v 1.7 2021/01/08 02:33:13 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Assembled from generated headers and source files by Markus Friedl.
|
||||
|
@ -21,6 +21,8 @@ typedef int16_t crypto_int16;
|
|||
typedef uint16_t crypto_uint16;
|
||||
typedef int32_t crypto_int32;
|
||||
typedef uint32_t crypto_uint32;
|
||||
typedef int64_t crypto_int64;
|
||||
typedef uint64_t crypto_uint64;
|
||||
|
||||
#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len))
|
||||
#define small_random32() arc4random()
|
||||
|
@ -42,15 +44,15 @@ int crypto_sign_ed25519_open(unsigned char *, unsigned long long *,
|
|||
const unsigned char *, unsigned long long, const unsigned char *);
|
||||
int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *);
|
||||
|
||||
#define crypto_kem_sntrup4591761_PUBLICKEYBYTES 1218
|
||||
#define crypto_kem_sntrup4591761_SECRETKEYBYTES 1600
|
||||
#define crypto_kem_sntrup4591761_CIPHERTEXTBYTES 1047
|
||||
#define crypto_kem_sntrup4591761_BYTES 32
|
||||
#define crypto_kem_sntrup761_PUBLICKEYBYTES 1158
|
||||
#define crypto_kem_sntrup761_SECRETKEYBYTES 1763
|
||||
#define crypto_kem_sntrup761_CIPHERTEXTBYTES 1039
|
||||
#define crypto_kem_sntrup761_BYTES 32
|
||||
|
||||
int crypto_kem_sntrup4591761_enc(unsigned char *cstr, unsigned char *k,
|
||||
int crypto_kem_sntrup761_enc(unsigned char *cstr, unsigned char *k,
|
||||
const unsigned char *pk);
|
||||
int crypto_kem_sntrup4591761_dec(unsigned char *k,
|
||||
int crypto_kem_sntrup761_dec(unsigned char *k,
|
||||
const unsigned char *cstr, const unsigned char *sk);
|
||||
int crypto_kem_sntrup4591761_keypair(unsigned char *pk, unsigned char *sk);
|
||||
int crypto_kem_sntrup761_keypair(unsigned char *pk, unsigned char *sk);
|
||||
|
||||
#endif /* crypto_api_h */
|
||||
|
|
30
defines.h
30
defines.h
|
@ -96,6 +96,9 @@ enum
|
|||
#ifndef IPTOS_DSCP_EF
|
||||
# define IPTOS_DSCP_EF 0xb8
|
||||
#endif /* IPTOS_DSCP_EF */
|
||||
#ifndef IPTOS_DSCP_LE
|
||||
# define IPTOS_DSCP_LE 0x01
|
||||
#endif /* IPTOS_DSCP_LE */
|
||||
#ifndef IPTOS_PREC_CRITIC_ECP
|
||||
# define IPTOS_PREC_CRITIC_ECP 0xa0
|
||||
#endif
|
||||
|
@ -251,6 +254,21 @@ typedef unsigned int u_int32_t;
|
|||
#define __BIT_TYPES_DEFINED__
|
||||
#endif
|
||||
|
||||
#if !defined(LLONG_MIN) && defined(LONG_LONG_MIN)
|
||||
#define LLONG_MIN LONG_LONG_MIN
|
||||
#endif
|
||||
#if !defined(LLONG_MAX) && defined(LONG_LONG_MAX)
|
||||
#define LLONG_MAX LONG_LONG_MAX
|
||||
#endif
|
||||
|
||||
#ifndef UINT32_MAX
|
||||
# if defined(HAVE_DECL_UINT32_MAX) && (HAVE_DECL_UINT32_MAX == 0)
|
||||
# if (SIZEOF_INT == 4)
|
||||
# define UINT32_MAX UINT_MAX
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* 64-bit types */
|
||||
#ifndef HAVE_INT64_T
|
||||
# if (SIZEOF_LONG_INT == 8)
|
||||
|
@ -333,6 +351,7 @@ typedef unsigned int size_t;
|
|||
|
||||
#ifndef HAVE_SSIZE_T
|
||||
typedef int ssize_t;
|
||||
#define SSIZE_MAX INT_MAX
|
||||
# define HAVE_SSIZE_T
|
||||
#endif /* HAVE_SSIZE_T */
|
||||
|
||||
|
@ -810,10 +829,6 @@ struct winsize {
|
|||
# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b)))
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_MMAP) && defined(BROKEN_MMAP)
|
||||
# undef HAVE_MMAP
|
||||
#endif
|
||||
|
||||
#ifndef IOV_MAX
|
||||
# if defined(_XOPEN_IOV_MAX)
|
||||
# define IOV_MAX _XOPEN_IOV_MAX
|
||||
|
@ -879,4 +894,11 @@ struct winsize {
|
|||
# define USE_SYSTEM_GLOB
|
||||
#endif
|
||||
|
||||
/*
|
||||
* sntrup761 uses variable length arrays, only enable if the compiler
|
||||
* supports them.
|
||||
*/
|
||||
#ifdef VARIABLE_LENGTH_ARRAYS
|
||||
# define USE_SNTRUP761X25519 1
|
||||
#endif
|
||||
#endif /* _DEFINES_H */
|
||||
|
|
6
dh.c
6
dh.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: dh.c,v 1.71 2019/09/06 06:08:11 djm Exp $ */
|
||||
/* $OpenBSD: dh.c,v 1.72 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
*
|
||||
|
@ -284,7 +284,7 @@ dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
|
|||
}
|
||||
|
||||
if ((tmp = BN_new()) == NULL) {
|
||||
error("%s: BN_new failed", __func__);
|
||||
error_f("BN_new failed");
|
||||
return 0;
|
||||
}
|
||||
if (!BN_sub(tmp, dh_p, BN_value_one()) ||
|
||||
|
@ -502,7 +502,7 @@ dh_new_group18(void)
|
|||
DH *
|
||||
dh_new_group_fallback(int max)
|
||||
{
|
||||
debug3("%s: requested max size %d", __func__, max);
|
||||
debug3_f("requested max size %d", max);
|
||||
if (max < 3072) {
|
||||
debug3("using 2k bit group 14");
|
||||
return dh_new_group14();
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: digest-libc.c,v 1.6 2017/05/08 22:57:38 djm Exp $ */
|
||||
/* $OpenBSD: digest-libc.c,v 1.7 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
|
||||
* Copyright (c) 2014 Markus Friedl. All rights reserved.
|
||||
|
@ -230,8 +230,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx)
|
|||
if (digest) {
|
||||
explicit_bzero(ctx->mdctx, digest->ctx_len);
|
||||
free(ctx->mdctx);
|
||||
explicit_bzero(ctx, sizeof(*ctx));
|
||||
free(ctx);
|
||||
freezero(ctx, sizeof(*ctx));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: digest-openssl.c,v 1.7 2017/05/08 22:57:38 djm Exp $ */
|
||||
/* $OpenBSD: digest-openssl.c,v 1.9 2020/10/29 02:52:43 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
|
@ -32,9 +32,6 @@
|
|||
#include "digest.h"
|
||||
#include "ssherr.h"
|
||||
|
||||
#ifndef HAVE_EVP_RIPEMD160
|
||||
# define EVP_ripemd160 NULL
|
||||
#endif
|
||||
#ifndef HAVE_EVP_SHA256
|
||||
# define EVP_sha256 NULL
|
||||
#endif
|
||||
|
@ -59,11 +56,11 @@ struct ssh_digest {
|
|||
|
||||
/* NB. Indexed directly by algorithm number */
|
||||
const struct ssh_digest digests[] = {
|
||||
{ SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
|
||||
{ SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
|
||||
{ SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
|
||||
{ SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
|
||||
{ SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
|
||||
{ SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
|
||||
{ SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },
|
||||
{ SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
|
||||
{ SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
|
||||
{ -1, NULL, 0, NULL },
|
||||
};
|
||||
|
||||
|
|
7
dns.c
7
dns.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: dns.c,v 1.38 2018/02/23 15:58:37 markus Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.39 2020/10/18 11:32:01 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
|
@ -128,8 +128,7 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
|
|||
if (*algorithm && *digest_type) {
|
||||
if ((r = sshkey_fingerprint_raw(key, fp_alg, digest,
|
||||
digest_len)) != 0)
|
||||
fatal("%s: sshkey_fingerprint_raw: %s", __func__,
|
||||
ssh_err(r));
|
||||
fatal_fr(r, "sshkey_fingerprint_raw");
|
||||
success = 1;
|
||||
} else {
|
||||
*digest = NULL;
|
||||
|
@ -348,7 +347,7 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
|
|||
|
||||
/* No SSHFP record was generated at all */
|
||||
if (success == 0) {
|
||||
error("%s: unsupported algorithm and/or digest_type", __func__);
|
||||
error_f("unsupported algorithm and/or digest_type");
|
||||
}
|
||||
|
||||
return success;
|
||||
|
|
|
@ -84,7 +84,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
|
|||
struct sockaddr_storage addr;
|
||||
struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
|
||||
struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
|
||||
mysig_t old_sigpipe;
|
||||
sshsig_t old_sigpipe;
|
||||
|
||||
/* Sanity checks */
|
||||
if (socket_path == NULL && tcp_port == 0)
|
||||
|
@ -110,7 +110,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
|
|||
strlen(socket_path) + 1;
|
||||
}
|
||||
|
||||
old_sigpipe = signal(SIGPIPE, SIG_IGN);
|
||||
old_sigpipe = ssh_signal(SIGPIPE, SIG_IGN);
|
||||
|
||||
errors = 0;
|
||||
rval = -1;
|
||||
|
@ -160,7 +160,7 @@ reopen:
|
|||
|
||||
rval = 0;
|
||||
done:
|
||||
signal(SIGPIPE, old_sigpipe);
|
||||
ssh_signal(SIGPIPE, old_sigpipe);
|
||||
if (fd != -1)
|
||||
close(fd);
|
||||
return rval;
|
||||
|
|
7
fatal.c
7
fatal.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/* $OpenBSD: fatal.c,v 1.11 2020/10/19 08:07:08 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -34,12 +34,13 @@
|
|||
/* Fatal messages. This function never returns. */
|
||||
|
||||
void
|
||||
fatal(const char *fmt,...)
|
||||
sshfatal(const char *file, const char *func, int line, int showfunc,
|
||||
LogLevel level, const char *suffix, const char *fmt, ...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_FATAL, fmt, args);
|
||||
sshlogv(file, func, line, showfunc, level, suffix, fmt, args);
|
||||
va_end(args);
|
||||
cleanup_exit(255);
|
||||
}
|
||||
|
|
19
gss-genr.c
19
gss-genr.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.28 2021/01/27 10:05:28 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
|
||||
|
@ -44,9 +44,6 @@
|
|||
|
||||
#include "ssh-gss.h"
|
||||
|
||||
extern u_char *session_id2;
|
||||
extern u_int session_id2_len;
|
||||
|
||||
/* sshbuf_get for gss_buffer_desc */
|
||||
int
|
||||
ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
|
||||
|
@ -115,7 +112,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
int r;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
if (major_status != NULL)
|
||||
*major_status = ctxt->major;
|
||||
|
@ -130,7 +127,7 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
|
||||
if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 ||
|
||||
(r = sshbuf_put_u8(b, '\n')) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble GSS_CODE");
|
||||
|
||||
gss_release_buffer(&lmin, &msg);
|
||||
} while (ctx != 0);
|
||||
|
@ -142,13 +139,13 @@ ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
|||
|
||||
if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 ||
|
||||
(r = sshbuf_put_u8(b, '\n')) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble MECH_CODE");
|
||||
|
||||
gss_release_buffer(&lmin, &msg);
|
||||
} while (ctx != 0);
|
||||
|
||||
if ((r = sshbuf_put_u8(b, '\n')) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble newline");
|
||||
ret = xstrdup((const char *)sshbuf_ptr(b));
|
||||
sshbuf_free(b);
|
||||
return (ret);
|
||||
|
@ -259,17 +256,17 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
|
|||
|
||||
void
|
||||
ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
|
||||
const char *context)
|
||||
const char *context, const struct sshbuf *session_id)
|
||||
{
|
||||
int r;
|
||||
|
||||
sshbuf_reset(b);
|
||||
if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
|
||||
if ((r = sshbuf_put_stringb(b, session_id)) != 0 ||
|
||||
(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, user)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, service)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, context)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble buildmic");
|
||||
}
|
||||
|
||||
int
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */
|
||||
/* $OpenBSD: gss-serv.c,v 1.32 2020/03/13 03:17:07 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -337,7 +337,7 @@ ssh_gssapi_storecreds(void)
|
|||
debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism");
|
||||
}
|
||||
|
||||
/* This allows GSSAPI methods to do things to the childs environment based
|
||||
/* This allows GSSAPI methods to do things to the child's environment based
|
||||
* on the passed authentication process and credentials.
|
||||
*/
|
||||
/* As user */
|
||||
|
|
34
hash.c
34
hash.c
|
@ -1,27 +1,45 @@
|
|||
/* $OpenBSD: hash.c,v 1.4 2017/12/14 21:07:39 naddy Exp $ */
|
||||
|
||||
/* $OpenBSD: hash.c,v 1.5 2018/01/13 00:24:09 naddy Exp $ */
|
||||
/* $OpenBSD: hash.c,v 1.6 2019/11/29 00:11:21 djm Exp $ */
|
||||
/*
|
||||
* Public domain. Author: Christian Weisgerber <naddy@openbsd.org>
|
||||
* API compatible reimplementation of function from nacl
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include "crypto_api.h"
|
||||
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "digest.h"
|
||||
#include "log.h"
|
||||
#include "ssherr.h"
|
||||
#ifdef WITH_OPENSSL
|
||||
#include <openssl/evp.h>
|
||||
|
||||
int
|
||||
crypto_hash_sha512(unsigned char *out, const unsigned char *in,
|
||||
unsigned long long inlen)
|
||||
{
|
||||
int r;
|
||||
|
||||
if ((r = ssh_digest_memory(SSH_DIGEST_SHA512, in, inlen, out,
|
||||
crypto_hash_sha512_BYTES)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
if (!EVP_Digest(in, inlen, out, NULL, EVP_sha512(), NULL))
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else
|
||||
# ifdef HAVE_SHA2_H
|
||||
# include <sha2.h>
|
||||
# endif
|
||||
|
||||
int
|
||||
crypto_hash_sha512(unsigned char *out, const unsigned char *in,
|
||||
unsigned long long inlen)
|
||||
{
|
||||
|
||||
SHA2_CTX ctx;
|
||||
|
||||
SHA512Init(&ctx);
|
||||
SHA512Update(&ctx, in, inlen);
|
||||
SHA512Final(out, &ctx);
|
||||
return 0;
|
||||
}
|
||||
#endif /* WITH_OPENSSL */
|
||||
|
|
5
hmac.c
5
hmac.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: hmac.c,v 1.13 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: hmac.c,v 1.14 2020/02/26 13:40:09 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2014 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -131,8 +131,7 @@ ssh_hmac_free(struct ssh_hmac_ctx *ctx)
|
|||
explicit_bzero(ctx->buf, ctx->buf_len);
|
||||
free(ctx->buf);
|
||||
}
|
||||
explicit_bzero(ctx, sizeof(*ctx));
|
||||
free(ctx);
|
||||
freezero(ctx, sizeof(*ctx));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
261
hostfile.c
261
hostfile.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: hostfile.c,v 1.76 2019/07/07 01:05:00 dtucker Exp $ */
|
||||
/* $OpenBSD: hostfile.c,v 1.89 2021/01/26 00:51:30 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -57,14 +57,11 @@
|
|||
#include "hostfile.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
#include "pathnames.h"
|
||||
#include "ssherr.h"
|
||||
#include "digest.h"
|
||||
#include "hmac.h"
|
||||
|
||||
struct hostkeys {
|
||||
struct hostkey_entry *entries;
|
||||
u_int num_entries;
|
||||
};
|
||||
#include "sshbuf.h"
|
||||
|
||||
/* XXX hmac is too easy to dictionary attack; use bcrypt? */
|
||||
|
||||
|
@ -140,12 +137,12 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
|
|||
ssh_hmac_init(ctx, salt, len) < 0 ||
|
||||
ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
|
||||
ssh_hmac_final(ctx, result, sizeof(result)))
|
||||
fatal("%s: ssh_hmac failed", __func__);
|
||||
fatal_f("ssh_hmac failed");
|
||||
ssh_hmac_free(ctx);
|
||||
|
||||
if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
|
||||
__b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
|
||||
fatal("%s: __b64_ntop failed", __func__);
|
||||
fatal_f("__b64_ntop failed");
|
||||
|
||||
snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt,
|
||||
HASH_DELIM, uu_result);
|
||||
|
@ -245,7 +242,7 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx)
|
|||
return 0;
|
||||
}
|
||||
|
||||
debug3("%s: found %skey type %s in file %s:%lu", __func__,
|
||||
debug3_f("found %skey type %s in file %s:%lu",
|
||||
l->marker == MRK_NONE ? "" :
|
||||
(l->marker == MRK_CA ? "ca " : "revoked "),
|
||||
sshkey_type(l->key), l->path, l->linenum);
|
||||
|
@ -259,6 +256,7 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx)
|
|||
hostkeys->entries[hostkeys->num_entries].key = l->key;
|
||||
l->key = NULL; /* steal it */
|
||||
hostkeys->entries[hostkeys->num_entries].marker = l->marker;
|
||||
hostkeys->entries[hostkeys->num_entries].note = l->note;
|
||||
hostkeys->num_entries++;
|
||||
ctx->num_loaded++;
|
||||
|
||||
|
@ -266,7 +264,8 @@ record_hostkey(struct hostkey_foreach_line *l, void *_ctx)
|
|||
}
|
||||
|
||||
void
|
||||
load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
|
||||
load_hostkeys_file(struct hostkeys *hostkeys, const char *host,
|
||||
const char *path, FILE *f, u_int note)
|
||||
{
|
||||
int r;
|
||||
struct load_callback_ctx ctx;
|
||||
|
@ -275,15 +274,28 @@ load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
|
|||
ctx.num_loaded = 0;
|
||||
ctx.hostkeys = hostkeys;
|
||||
|
||||
if ((r = hostkeys_foreach(path, record_hostkey, &ctx, host, NULL,
|
||||
HKF_WANT_MATCH|HKF_WANT_PARSE_KEY)) != 0) {
|
||||
if ((r = hostkeys_foreach_file(path, f, record_hostkey, &ctx, host,
|
||||
NULL, HKF_WANT_MATCH|HKF_WANT_PARSE_KEY, note)) != 0) {
|
||||
if (r != SSH_ERR_SYSTEM_ERROR && errno != ENOENT)
|
||||
debug("%s: hostkeys_foreach failed for %s: %s",
|
||||
__func__, path, ssh_err(r));
|
||||
debug_fr(r, "hostkeys_foreach failed for %s", path);
|
||||
}
|
||||
if (ctx.num_loaded != 0)
|
||||
debug3("%s: loaded %lu keys from %s", __func__,
|
||||
ctx.num_loaded, host);
|
||||
debug3_f("loaded %lu keys from %s", ctx.num_loaded, host);
|
||||
}
|
||||
|
||||
void
|
||||
load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path,
|
||||
u_int note)
|
||||
{
|
||||
FILE *f;
|
||||
|
||||
if ((f = fopen(path, "r")) == NULL) {
|
||||
debug_f("fopen %s: %s", path, strerror(errno));
|
||||
return;
|
||||
}
|
||||
|
||||
load_hostkeys_file(hostkeys, host, path, f, note);
|
||||
fclose(f);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -298,8 +310,7 @@ free_hostkeys(struct hostkeys *hostkeys)
|
|||
explicit_bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
|
||||
}
|
||||
free(hostkeys->entries);
|
||||
explicit_bzero(hostkeys, sizeof(*hostkeys));
|
||||
free(hostkeys);
|
||||
freezero(hostkeys, sizeof(*hostkeys));
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -313,7 +324,7 @@ check_key_not_revoked(struct hostkeys *hostkeys, struct sshkey *k)
|
|||
continue;
|
||||
if (sshkey_equal_public(k, hostkeys->entries[i].key))
|
||||
return -1;
|
||||
if (is_cert &&
|
||||
if (is_cert && k != NULL &&
|
||||
sshkey_equal_public(k->cert->signature_key,
|
||||
hostkeys->entries[i].key))
|
||||
return -1;
|
||||
|
@ -338,7 +349,7 @@ check_key_not_revoked(struct hostkeys *hostkeys, struct sshkey *k)
|
|||
*/
|
||||
static HostStatus
|
||||
check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
|
||||
struct sshkey *k, int keytype, const struct hostkey_entry **found)
|
||||
struct sshkey *k, int keytype, int nid, const struct hostkey_entry **found)
|
||||
{
|
||||
u_int i;
|
||||
HostStatus end_return = HOST_NEW;
|
||||
|
@ -354,6 +365,10 @@ check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
|
|||
if (k == NULL) {
|
||||
if (hostkeys->entries[i].key->type != keytype)
|
||||
continue;
|
||||
if (nid != -1 &&
|
||||
sshkey_type_plain(keytype) == KEY_ECDSA &&
|
||||
hostkeys->entries[i].key->ecdsa_nid != nid)
|
||||
continue;
|
||||
end_return = HOST_FOUND;
|
||||
if (found != NULL)
|
||||
*found = hostkeys->entries + i;
|
||||
|
@ -396,17 +411,29 @@ check_key_in_hostkeys(struct hostkeys *hostkeys, struct sshkey *key,
|
|||
{
|
||||
if (key == NULL)
|
||||
fatal("no key to look up");
|
||||
return check_hostkeys_by_key_or_type(hostkeys, key, 0, found);
|
||||
return check_hostkeys_by_key_or_type(hostkeys, key, 0, -1, found);
|
||||
}
|
||||
|
||||
int
|
||||
lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype,
|
||||
lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype, int nid,
|
||||
const struct hostkey_entry **found)
|
||||
{
|
||||
return (check_hostkeys_by_key_or_type(hostkeys, NULL, keytype,
|
||||
return (check_hostkeys_by_key_or_type(hostkeys, NULL, keytype, nid,
|
||||
found) == HOST_FOUND);
|
||||
}
|
||||
|
||||
int
|
||||
lookup_marker_in_hostkeys(struct hostkeys *hostkeys, int want_marker)
|
||||
{
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < hostkeys->num_entries; i++) {
|
||||
if (hostkeys->entries[i].marker == (HostkeyMarker)want_marker)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
write_host_entry(FILE *f, const char *host, const char *ip,
|
||||
const struct sshkey *key, int store_hash)
|
||||
|
@ -419,7 +446,7 @@ write_host_entry(FILE *f, const char *host, const char *ip,
|
|||
|
||||
if (store_hash) {
|
||||
if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) {
|
||||
error("%s: host_hash failed", __func__);
|
||||
error_f("host_hash failed");
|
||||
free(lhost);
|
||||
return 0;
|
||||
}
|
||||
|
@ -433,11 +460,52 @@ write_host_entry(FILE *f, const char *host, const char *ip,
|
|||
if ((r = sshkey_write(key, f)) == 0)
|
||||
success = 1;
|
||||
else
|
||||
error("%s: sshkey_write failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_write");
|
||||
fputc('\n', f);
|
||||
/* If hashing is enabled, the IP address needs to go on its own line */
|
||||
if (success && store_hash && ip != NULL)
|
||||
success = write_host_entry(f, ip, NULL, key, 1);
|
||||
return success;
|
||||
}
|
||||
|
||||
/*
|
||||
* Create user ~/.ssh directory if it doesn't exist and we want to write to it.
|
||||
* If notify is set, a message will be emitted if the directory is created.
|
||||
*/
|
||||
void
|
||||
hostfile_create_user_ssh_dir(const char *filename, int notify)
|
||||
{
|
||||
char *dotsshdir = NULL, *p;
|
||||
size_t len;
|
||||
struct stat st;
|
||||
|
||||
if ((p = strrchr(filename, '/')) == NULL)
|
||||
return;
|
||||
len = p - filename;
|
||||
dotsshdir = tilde_expand_filename("~/" _PATH_SSH_USER_DIR, getuid());
|
||||
if (strlen(dotsshdir) > len || strncmp(filename, dotsshdir, len) != 0)
|
||||
goto out; /* not ~/.ssh prefixed */
|
||||
if (stat(dotsshdir, &st) == 0)
|
||||
goto out; /* dir already exists */
|
||||
else if (errno != ENOENT)
|
||||
error("Could not stat %s: %s", dotsshdir, strerror(errno));
|
||||
else {
|
||||
#ifdef WITH_SELINUX
|
||||
ssh_selinux_setfscreatecon(dotsshdir);
|
||||
#endif
|
||||
if (mkdir(dotsshdir, 0700) == -1)
|
||||
error("Could not create directory '%.200s' (%s).",
|
||||
dotsshdir, strerror(errno));
|
||||
else if (notify)
|
||||
logit("Created directory '%s'.", dotsshdir);
|
||||
#ifdef WITH_SELINUX
|
||||
ssh_selinux_setfscreatecon(NULL);
|
||||
#endif
|
||||
}
|
||||
out:
|
||||
free(dotsshdir);
|
||||
}
|
||||
|
||||
/*
|
||||
* Appends an entry to the host file. Returns false if the entry could not
|
||||
* be appended.
|
||||
|
@ -451,6 +519,7 @@ add_host_to_hostfile(const char *filename, const char *host,
|
|||
|
||||
if (key == NULL)
|
||||
return 1; /* XXX ? */
|
||||
hostfile_create_user_ssh_dir(filename, 0);
|
||||
f = fopen(filename, "a");
|
||||
if (!f)
|
||||
return 0;
|
||||
|
@ -462,8 +531,8 @@ add_host_to_hostfile(const char *filename, const char *host,
|
|||
struct host_delete_ctx {
|
||||
FILE *out;
|
||||
int quiet;
|
||||
const char *host;
|
||||
int *skip_keys; /* XXX split for host/ip? might want to ensure both */
|
||||
const char *host, *ip;
|
||||
u_int *match_keys; /* mask of HKF_MATCH_* for this key */
|
||||
struct sshkey * const *keys;
|
||||
size_t nkeys;
|
||||
int modified;
|
||||
|
@ -476,26 +545,21 @@ host_delete(struct hostkey_foreach_line *l, void *_ctx)
|
|||
int loglevel = ctx->quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_VERBOSE;
|
||||
size_t i;
|
||||
|
||||
if (l->status == HKF_STATUS_MATCHED) {
|
||||
if (l->marker != MRK_NONE) {
|
||||
/* Don't remove CA and revocation lines */
|
||||
fprintf(ctx->out, "%s\n", l->line);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Don't remove CA and revocation lines */
|
||||
if (l->status == HKF_STATUS_MATCHED && l->marker == MRK_NONE) {
|
||||
/*
|
||||
* If this line contains one of the keys that we will be
|
||||
* adding later, then don't change it and mark the key for
|
||||
* skipping.
|
||||
*/
|
||||
for (i = 0; i < ctx->nkeys; i++) {
|
||||
if (sshkey_equal(ctx->keys[i], l->key)) {
|
||||
ctx->skip_keys[i] = 1;
|
||||
fprintf(ctx->out, "%s\n", l->line);
|
||||
debug3("%s: %s key already at %s:%ld", __func__,
|
||||
sshkey_type(l->key), l->path, l->linenum);
|
||||
return 0;
|
||||
}
|
||||
if (!sshkey_equal(ctx->keys[i], l->key))
|
||||
continue;
|
||||
ctx->match_keys[i] |= l->match;
|
||||
fprintf(ctx->out, "%s\n", l->line);
|
||||
debug3_f("%s key already at %s:%ld",
|
||||
sshkey_type(l->key), l->path, l->linenum);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -526,15 +590,19 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
|
|||
int loglevel = quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_VERBOSE;
|
||||
struct host_delete_ctx ctx;
|
||||
char *fp, *temp = NULL, *back = NULL;
|
||||
const char *what;
|
||||
mode_t omask;
|
||||
size_t i;
|
||||
u_int want;
|
||||
|
||||
omask = umask(077);
|
||||
|
||||
memset(&ctx, 0, sizeof(ctx));
|
||||
ctx.host = host;
|
||||
ctx.ip = ip;
|
||||
ctx.quiet = quiet;
|
||||
if ((ctx.skip_keys = calloc(nkeys, sizeof(*ctx.skip_keys))) == NULL)
|
||||
|
||||
if ((ctx.match_keys = calloc(nkeys, sizeof(*ctx.match_keys))) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
ctx.keys = keys;
|
||||
ctx.nkeys = nkeys;
|
||||
|
@ -551,42 +619,65 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
|
|||
|
||||
if ((fd = mkstemp(temp)) == -1) {
|
||||
oerrno = errno;
|
||||
error("%s: mkstemp: %s", __func__, strerror(oerrno));
|
||||
error_f("mkstemp: %s", strerror(oerrno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
if ((ctx.out = fdopen(fd, "w")) == NULL) {
|
||||
oerrno = errno;
|
||||
close(fd);
|
||||
error("%s: fdopen: %s", __func__, strerror(oerrno));
|
||||
error_f("fdopen: %s", strerror(oerrno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
/* Remove all entries for the specified host from the file */
|
||||
/* Remove stale/mismatching entries for the specified host */
|
||||
if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip,
|
||||
HKF_WANT_PARSE_KEY)) != 0) {
|
||||
error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
|
||||
HKF_WANT_PARSE_KEY, 0)) != 0) {
|
||||
oerrno = errno;
|
||||
error_fr(r, "hostkeys_foreach");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
/* Add the requested keys */
|
||||
/* Re-add the requested keys */
|
||||
want = HKF_MATCH_HOST | (ip == NULL ? 0 : HKF_MATCH_IP);
|
||||
for (i = 0; i < nkeys; i++) {
|
||||
if (ctx.skip_keys[i])
|
||||
if ((want & ctx.match_keys[i]) == want)
|
||||
continue;
|
||||
if ((fp = sshkey_fingerprint(keys[i], hash_alg,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto fail;
|
||||
}
|
||||
do_log2(loglevel, "%s%sAdding new key for %s to %s: %s %s",
|
||||
quiet ? __func__ : "", quiet ? ": " : "", host, filename,
|
||||
/* write host/ip */
|
||||
what = "";
|
||||
if (ctx.match_keys[i] == 0) {
|
||||
what = "Adding new key";
|
||||
if (!write_host_entry(ctx.out, host, ip,
|
||||
keys[i], store_hash)) {
|
||||
r = SSH_ERR_INTERNAL_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
} else if ((want & ~ctx.match_keys[i]) == HKF_MATCH_HOST) {
|
||||
what = "Fixing match (hostname)";
|
||||
if (!write_host_entry(ctx.out, host, NULL,
|
||||
keys[i], store_hash)) {
|
||||
r = SSH_ERR_INTERNAL_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
} else if ((want & ~ctx.match_keys[i]) == HKF_MATCH_IP) {
|
||||
what = "Fixing match (address)";
|
||||
if (!write_host_entry(ctx.out, ip, NULL,
|
||||
keys[i], store_hash)) {
|
||||
r = SSH_ERR_INTERNAL_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
do_log2(loglevel, "%s%s%s for %s%s%s to %s: %s %s",
|
||||
quiet ? __func__ : "", quiet ? ": " : "", what,
|
||||
host, ip == NULL ? "" : ",", ip == NULL ? "" : ip, filename,
|
||||
sshkey_ssh_name(keys[i]), fp);
|
||||
free(fp);
|
||||
if (!write_host_entry(ctx.out, host, ip, keys[i], store_hash)) {
|
||||
r = SSH_ERR_INTERNAL_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
ctx.modified = 1;
|
||||
}
|
||||
fclose(ctx.out);
|
||||
|
@ -596,30 +687,28 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
|
|||
/* Backup the original file and replace it with the temporary */
|
||||
if (unlink(back) == -1 && errno != ENOENT) {
|
||||
oerrno = errno;
|
||||
error("%s: unlink %.100s: %s", __func__,
|
||||
back, strerror(errno));
|
||||
error_f("unlink %.100s: %s", back, strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
if (link(filename, back) == -1) {
|
||||
oerrno = errno;
|
||||
error("%s: link %.100s to %.100s: %s", __func__,
|
||||
filename, back, strerror(errno));
|
||||
error_f("link %.100s to %.100s: %s", filename,
|
||||
back, strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
if (rename(temp, filename) == -1) {
|
||||
oerrno = errno;
|
||||
error("%s: rename \"%s\" to \"%s\": %s", __func__,
|
||||
temp, filename, strerror(errno));
|
||||
error_f("rename \"%s\" to \"%s\": %s", temp,
|
||||
filename, strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
} else {
|
||||
/* No changes made; just delete the temporary file */
|
||||
if (unlink(temp) != 0)
|
||||
error("%s: unlink \"%s\": %s", __func__,
|
||||
temp, strerror(errno));
|
||||
error_f("unlink \"%s\": %s", temp, strerror(errno));
|
||||
}
|
||||
|
||||
/* success */
|
||||
|
@ -631,7 +720,7 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
|
|||
free(back);
|
||||
if (ctx.out != NULL)
|
||||
fclose(ctx.out);
|
||||
free(ctx.skip_keys);
|
||||
free(ctx.match_keys);
|
||||
umask(omask);
|
||||
if (r == SSH_ERR_SYSTEM_ERROR)
|
||||
errno = oerrno;
|
||||
|
@ -657,10 +746,9 @@ match_maybe_hashed(const char *host, const char *names, int *was_hashed)
|
|||
}
|
||||
|
||||
int
|
||||
hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
||||
const char *host, const char *ip, u_int options)
|
||||
hostkeys_foreach_file(const char *path, FILE *f, hostkeys_foreach_fn *callback,
|
||||
void *ctx, const char *host, const char *ip, u_int options, u_int note)
|
||||
{
|
||||
FILE *f;
|
||||
char *line = NULL, ktype[128];
|
||||
u_long linenum = 0;
|
||||
char *cp, *cp2;
|
||||
|
@ -673,10 +761,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
memset(&lineinfo, 0, sizeof(lineinfo));
|
||||
if (host == NULL && (options & HKF_WANT_MATCH) != 0)
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
if ((f = fopen(path, "r")) == NULL)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
|
||||
debug3("%s: reading file \"%s\"", __func__, path);
|
||||
while (getline(&line, &linesize, f) != -1) {
|
||||
linenum++;
|
||||
line[strcspn(line, "\n")] = '\0';
|
||||
|
@ -690,6 +775,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
lineinfo.marker = MRK_NONE;
|
||||
lineinfo.status = HKF_STATUS_OK;
|
||||
lineinfo.keytype = KEY_UNSPEC;
|
||||
lineinfo.note = note;
|
||||
|
||||
/* Skip any leading whitespace, comments and empty lines. */
|
||||
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
|
||||
|
@ -704,8 +790,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
}
|
||||
|
||||
if ((lineinfo.marker = check_markers(&cp)) == MRK_ERROR) {
|
||||
verbose("%s: invalid marker at %s:%lu",
|
||||
__func__, path, linenum);
|
||||
verbose_f("invalid marker at %s:%lu", path, linenum);
|
||||
if ((options & HKF_WANT_MATCH) == 0)
|
||||
goto bad;
|
||||
continue;
|
||||
|
@ -721,8 +806,8 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
if (host != NULL) {
|
||||
if ((s = match_maybe_hashed(host, lineinfo.hosts,
|
||||
&hashed)) == -1) {
|
||||
debug2("%s: %s:%ld: bad host hash \"%.32s\"",
|
||||
__func__, path, linenum, lineinfo.hosts);
|
||||
debug2_f("%s:%ld: bad host hash \"%.32s\"",
|
||||
path, linenum, lineinfo.hosts);
|
||||
goto bad;
|
||||
}
|
||||
if (s == 1) {
|
||||
|
@ -734,9 +819,9 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
if (ip != NULL) {
|
||||
if ((s = match_maybe_hashed(ip, lineinfo.hosts,
|
||||
&hashed)) == -1) {
|
||||
debug2("%s: %s:%ld: bad ip hash "
|
||||
"\"%.32s\"", __func__, path,
|
||||
linenum, lineinfo.hosts);
|
||||
debug2_f("%s:%ld: bad ip hash "
|
||||
"\"%.32s\"", path, linenum,
|
||||
lineinfo.hosts);
|
||||
goto bad;
|
||||
}
|
||||
if (s == 1) {
|
||||
|
@ -771,7 +856,7 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
* lines.
|
||||
*/
|
||||
if ((lineinfo.key = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||
error("%s: sshkey_new failed", __func__);
|
||||
error_f("sshkey_new failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
break;
|
||||
}
|
||||
|
@ -827,6 +912,24 @@ hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
|||
sshkey_free(lineinfo.key);
|
||||
free(lineinfo.line);
|
||||
free(line);
|
||||
fclose(f);
|
||||
return r;
|
||||
}
|
||||
|
||||
int
|
||||
hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
||||
const char *host, const char *ip, u_int options, u_int note)
|
||||
{
|
||||
FILE *f;
|
||||
int r, oerrno;
|
||||
|
||||
if ((f = fopen(path, "r")) == NULL)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
|
||||
debug3_f("reading file \"%s\"", path);
|
||||
r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
|
||||
options, note);
|
||||
oerrno = errno;
|
||||
fclose(f);
|
||||
errno = oerrno;
|
||||
return r;
|
||||
}
|
||||
|
|
27
hostfile.h
27
hostfile.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: hostfile.h,v 1.24 2015/02/16 22:08:57 djm Exp $ */
|
||||
/* $OpenBSD: hostfile.h,v 1.29 2021/01/26 00:51:30 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -28,17 +28,25 @@ struct hostkey_entry {
|
|||
u_long line;
|
||||
struct sshkey *key;
|
||||
HostkeyMarker marker;
|
||||
u_int note; /* caller-specific note/flag */
|
||||
};
|
||||
struct hostkeys {
|
||||
struct hostkey_entry *entries;
|
||||
u_int num_entries;
|
||||
};
|
||||
struct hostkeys;
|
||||
|
||||
struct hostkeys *init_hostkeys(void);
|
||||
void load_hostkeys(struct hostkeys *, const char *, const char *);
|
||||
void load_hostkeys(struct hostkeys *, const char *,
|
||||
const char *, u_int);
|
||||
void load_hostkeys_file(struct hostkeys *, const char *,
|
||||
const char *, FILE *, u_int note);
|
||||
void free_hostkeys(struct hostkeys *);
|
||||
|
||||
HostStatus check_key_in_hostkeys(struct hostkeys *, struct sshkey *,
|
||||
const struct hostkey_entry **);
|
||||
int lookup_key_in_hostkeys_by_type(struct hostkeys *, int,
|
||||
int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, int,
|
||||
const struct hostkey_entry **);
|
||||
int lookup_marker_in_hostkeys(struct hostkeys *, int);
|
||||
|
||||
int hostfile_read_key(char **, u_int *, struct sshkey *);
|
||||
int add_host_to_hostfile(const char *, const char *,
|
||||
|
@ -92,6 +100,7 @@ struct hostkey_foreach_line {
|
|||
int keytype; /* Type of key; KEY_UNSPEC for invalid/comment lines */
|
||||
struct sshkey *key; /* Key, if parsed ok and HKF_WANT_MATCH_HOST set */
|
||||
const char *comment; /* Any comment following the key */
|
||||
u_int note; /* caller-specified note copied from arguments */
|
||||
};
|
||||
|
||||
/*
|
||||
|
@ -102,7 +111,13 @@ struct hostkey_foreach_line {
|
|||
typedef int hostkeys_foreach_fn(struct hostkey_foreach_line *l, void *ctx);
|
||||
|
||||
/* Iterate over a hostkeys file */
|
||||
int hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
|
||||
const char *host, const char *ip, u_int options);
|
||||
int hostkeys_foreach(const char *path,
|
||||
hostkeys_foreach_fn *callback, void *ctx,
|
||||
const char *host, const char *ip, u_int options, u_int note);
|
||||
int hostkeys_foreach_file(const char *path, FILE *f,
|
||||
hostkeys_foreach_fn *callback, void *ctx,
|
||||
const char *host, const char *ip, u_int options, u_int note);
|
||||
|
||||
void hostfile_create_user_ssh_dir(const char *, int);
|
||||
|
||||
#endif
|
||||
|
|
157
kex.c
157
kex.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kex.c,v 1.155 2019/10/08 22:40:39 dtucker Exp $ */
|
||||
/* $OpenBSD: kex.c,v 1.167 2021/01/31 22:55:29 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -33,7 +33,9 @@
|
|||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#ifdef HAVE_POLL_H
|
||||
#include <poll.h>
|
||||
#endif
|
||||
|
||||
#ifdef WITH_OPENSSL
|
||||
#include <openssl/crypto.h>
|
||||
|
@ -108,8 +110,10 @@ static const struct kexalg kexalgs[] = {
|
|||
#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
|
||||
{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
|
||||
{ KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
|
||||
{ KEX_SNTRUP4591761X25519_SHA512, KEX_KEM_SNTRUP4591761X25519_SHA512, 0,
|
||||
#ifdef USE_SNTRUP761X25519
|
||||
{ KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0,
|
||||
SSH_DIGEST_SHA512 },
|
||||
#endif
|
||||
#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
|
||||
{ NULL, 0, -1, -1},
|
||||
};
|
||||
|
@ -245,7 +249,7 @@ kex_assemble_names(char **listp, const char *def, const char *all)
|
|||
list = tmp;
|
||||
} else if (*list == '-') {
|
||||
/* Remove names from default list */
|
||||
if ((*listp = match_filter_blacklist(def, list + 1)) == NULL) {
|
||||
if ((*listp = match_filter_denylist(def, list + 1)) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto fail;
|
||||
}
|
||||
|
@ -282,7 +286,7 @@ kex_assemble_names(char **listp, const char *def, const char *all)
|
|||
goto fail;
|
||||
}
|
||||
free(matching);
|
||||
if ((matching = match_filter_whitelist(all, cp)) == NULL) {
|
||||
if ((matching = match_filter_allowlist(all, cp)) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto fail;
|
||||
}
|
||||
|
@ -358,14 +362,13 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp)
|
|||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) { /* skip cookie */
|
||||
error("%s: consume cookie: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "consume cookie");
|
||||
goto out;
|
||||
}
|
||||
/* extract kex init proposal strings */
|
||||
for (i = 0; i < PROPOSAL_MAX; i++) {
|
||||
if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) {
|
||||
error("%s: parse proposal %u: %s", __func__,
|
||||
i, ssh_err(r));
|
||||
error_fr(r, "parse proposal %u", i);
|
||||
goto out;
|
||||
}
|
||||
debug2("%s: %s", proposal_names[i], proposal[i]);
|
||||
|
@ -373,7 +376,7 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp)
|
|||
/* first kex follows / reserved */
|
||||
if ((r = sshbuf_get_u8(b, &v)) != 0 || /* first_kex_follows */
|
||||
(r = sshbuf_get_u32(b, &i)) != 0) { /* reserved */
|
||||
error("%s: parse: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse");
|
||||
goto out;
|
||||
}
|
||||
if (first_kex_follows != NULL)
|
||||
|
@ -402,7 +405,7 @@ kex_prop_free(char **proposal)
|
|||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
static int
|
||||
int
|
||||
kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
|
||||
{
|
||||
int r;
|
||||
|
@ -437,7 +440,7 @@ kex_send_ext_info(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, algs)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0) {
|
||||
error("%s: compose: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose");
|
||||
goto out;
|
||||
}
|
||||
/* success */
|
||||
|
@ -489,14 +492,14 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh)
|
|||
if (strcmp(name, "server-sig-algs") == 0) {
|
||||
/* Ensure no \0 lurking in value */
|
||||
if (memchr(val, '\0', vlen) != NULL) {
|
||||
error("%s: nul byte in %s", __func__, name);
|
||||
error_f("nul byte in %s", name);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
debug("%s: %s=<%s>", __func__, name, val);
|
||||
debug_f("%s=<%s>", name, val);
|
||||
kex->server_sig_algs = val;
|
||||
val = NULL;
|
||||
} else
|
||||
debug("%s: %s (unrecognised)", __func__, name);
|
||||
debug_f("%s (unrecognised)", name);
|
||||
free(name);
|
||||
free(val);
|
||||
}
|
||||
|
@ -534,7 +537,7 @@ kex_send_kexinit(struct ssh *ssh)
|
|||
int r;
|
||||
|
||||
if (kex == NULL) {
|
||||
error("%s: no hex", __func__);
|
||||
error_f("no kex");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
if (kex->flags & KEX_INIT_SENT)
|
||||
|
@ -543,12 +546,12 @@ kex_send_kexinit(struct ssh *ssh)
|
|||
|
||||
/* generate a random cookie */
|
||||
if (sshbuf_len(kex->my) < KEX_COOKIE_LEN) {
|
||||
error("%s: bad kex length: %zu < %d", __func__,
|
||||
error_f("bad kex length: %zu < %d",
|
||||
sshbuf_len(kex->my), KEX_COOKIE_LEN);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL) {
|
||||
error("%s: buffer error", __func__);
|
||||
error_f("buffer error");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
arc4random_buf(cookie, KEX_COOKIE_LEN);
|
||||
|
@ -556,7 +559,7 @@ kex_send_kexinit(struct ssh *ssh)
|
|||
if ((r = sshpkt_start(ssh, SSH2_MSG_KEXINIT)) != 0 ||
|
||||
(r = sshpkt_putb(ssh, kex->my)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0) {
|
||||
error("%s: compose reply: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "compose reply");
|
||||
return r;
|
||||
}
|
||||
debug("SSH2_MSG_KEXINIT sent");
|
||||
|
@ -576,7 +579,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
|
|||
|
||||
debug("SSH2_MSG_KEXINIT received");
|
||||
if (kex == NULL) {
|
||||
error("%s: no hex", __func__);
|
||||
error_f("no kex");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
|
||||
|
@ -587,13 +590,13 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
|
|||
/* discard packet */
|
||||
for (i = 0; i < KEX_COOKIE_LEN; i++) {
|
||||
if ((r = sshpkt_get_u8(ssh, NULL)) != 0) {
|
||||
error("%s: discard cookie: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "discard cookie");
|
||||
return r;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < PROPOSAL_MAX; i++) {
|
||||
if ((r = sshpkt_get_string(ssh, NULL, NULL)) != 0) {
|
||||
error("%s: discard proposal: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "discard proposal");
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
@ -621,7 +624,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
|
|||
if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
|
||||
return (kex->kex[kex->kex_type])(ssh);
|
||||
|
||||
error("%s: unknown kex type %u", __func__, kex->kex_type);
|
||||
error_f("unknown kex type %u", kex->kex_type);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
|
@ -634,7 +637,8 @@ kex_new(void)
|
|||
(kex->peer = sshbuf_new()) == NULL ||
|
||||
(kex->my = sshbuf_new()) == NULL ||
|
||||
(kex->client_version = sshbuf_new()) == NULL ||
|
||||
(kex->server_version = sshbuf_new()) == NULL) {
|
||||
(kex->server_version = sshbuf_new()) == NULL ||
|
||||
(kex->session_id = sshbuf_new()) == NULL) {
|
||||
kex_free(kex);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -668,8 +672,7 @@ kex_free_newkeys(struct newkeys *newkeys)
|
|||
}
|
||||
free(newkeys->mac.name);
|
||||
explicit_bzero(&newkeys->mac, sizeof(newkeys->mac));
|
||||
explicit_bzero(newkeys, sizeof(*newkeys));
|
||||
free(newkeys);
|
||||
freezero(newkeys, sizeof(*newkeys));
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -695,7 +698,7 @@ kex_free(struct kex *kex)
|
|||
sshbuf_free(kex->client_version);
|
||||
sshbuf_free(kex->server_version);
|
||||
sshbuf_free(kex->client_pub);
|
||||
free(kex->session_id);
|
||||
sshbuf_free(kex->session_id);
|
||||
free(kex->failed_choice);
|
||||
free(kex->hostkey_alg);
|
||||
free(kex->name);
|
||||
|
@ -738,11 +741,11 @@ int
|
|||
kex_start_rekex(struct ssh *ssh)
|
||||
{
|
||||
if (ssh->kex == NULL) {
|
||||
error("%s: no kex", __func__);
|
||||
error_f("no kex");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
if (ssh->kex->done == 0) {
|
||||
error("%s: requested twice", __func__);
|
||||
error_f("requested twice");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
ssh->kex->done = 0;
|
||||
|
@ -757,7 +760,7 @@ choose_enc(struct sshenc *enc, char *client, char *server)
|
|||
if (name == NULL)
|
||||
return SSH_ERR_NO_CIPHER_ALG_MATCH;
|
||||
if ((enc->cipher = cipher_by_name(name)) == NULL) {
|
||||
error("%s: unsupported cipher %s", __func__, name);
|
||||
error_f("unsupported cipher %s", name);
|
||||
free(name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
@ -779,7 +782,7 @@ choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
|
|||
if (name == NULL)
|
||||
return SSH_ERR_NO_MAC_ALG_MATCH;
|
||||
if (mac_setup(mac, name) < 0) {
|
||||
error("%s: unsupported MAC %s", __func__, name);
|
||||
error_f("unsupported MAC %s", name);
|
||||
free(name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
@ -796,14 +799,17 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
|
|||
|
||||
if (name == NULL)
|
||||
return SSH_ERR_NO_COMPRESS_ALG_MATCH;
|
||||
#ifdef WITH_ZLIB
|
||||
if (strcmp(name, "zlib@openssh.com") == 0) {
|
||||
comp->type = COMP_DELAYED;
|
||||
} else if (strcmp(name, "zlib") == 0) {
|
||||
comp->type = COMP_ZLIB;
|
||||
} else if (strcmp(name, "none") == 0) {
|
||||
} else
|
||||
#endif /* WITH_ZLIB */
|
||||
if (strcmp(name, "none") == 0) {
|
||||
comp->type = COMP_NONE;
|
||||
} else {
|
||||
error("%s: unsupported compression scheme %s", __func__, name);
|
||||
error_f("unsupported compression scheme %s", name);
|
||||
free(name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
|
@ -822,7 +828,7 @@ choose_kex(struct kex *k, char *client, char *server)
|
|||
if (k->name == NULL)
|
||||
return SSH_ERR_NO_KEX_ALG_MATCH;
|
||||
if ((kexalg = kex_alg_by_name(k->name)) == NULL) {
|
||||
error("%s: unsupported KEX method %s", __func__, k->name);
|
||||
error_f("unsupported KEX method %s", k->name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
k->kex_type = kexalg->type;
|
||||
|
@ -834,6 +840,7 @@ choose_kex(struct kex *k, char *client, char *server)
|
|||
static int
|
||||
choose_hostkeyalg(struct kex *k, char *client, char *server)
|
||||
{
|
||||
free(k->hostkey_alg);
|
||||
k->hostkey_alg = match_list(client, server, NULL);
|
||||
|
||||
debug("kex: host key algorithm: %s",
|
||||
|
@ -842,8 +849,7 @@ choose_hostkeyalg(struct kex *k, char *client, char *server)
|
|||
return SSH_ERR_NO_HOSTKEY_ALG_MATCH;
|
||||
k->hostkey_type = sshkey_type_from_name(k->hostkey_alg);
|
||||
if (k->hostkey_type == KEY_UNSPEC) {
|
||||
error("%s: unsupported hostkey algorithm %s", __func__,
|
||||
k->hostkey_alg);
|
||||
error_f("unsupported hostkey algorithm %s", k->hostkey_alg);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg);
|
||||
|
@ -1010,11 +1016,10 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
|
|||
ssh_digest_update_buffer(hashctx, shared_secret) != 0 ||
|
||||
ssh_digest_update(hashctx, hash, hashlen) != 0 ||
|
||||
ssh_digest_update(hashctx, &c, 1) != 0 ||
|
||||
ssh_digest_update(hashctx, kex->session_id,
|
||||
kex->session_id_len) != 0 ||
|
||||
ssh_digest_update_buffer(hashctx, kex->session_id) != 0 ||
|
||||
ssh_digest_final(hashctx, digest, mdsz) != 0) {
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
error("%s: KEX hash failed", __func__);
|
||||
error_f("KEX hash failed");
|
||||
goto out;
|
||||
}
|
||||
ssh_digest_free(hashctx);
|
||||
|
@ -1031,7 +1036,7 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen,
|
|||
ssh_digest_update(hashctx, hash, hashlen) != 0 ||
|
||||
ssh_digest_update(hashctx, digest, have) != 0 ||
|
||||
ssh_digest_final(hashctx, digest + have, mdsz) != 0) {
|
||||
error("%s: KDF failed", __func__);
|
||||
error_f("KDF failed");
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1062,12 +1067,16 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen,
|
|||
int r;
|
||||
|
||||
/* save initial hash as session id */
|
||||
if (kex->session_id == NULL) {
|
||||
kex->session_id_len = hashlen;
|
||||
kex->session_id = malloc(kex->session_id_len);
|
||||
if (kex->session_id == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
memcpy(kex->session_id, hash, kex->session_id_len);
|
||||
if ((kex->flags & KEX_INITIAL) != 0) {
|
||||
if (sshbuf_len(kex->session_id) != 0) {
|
||||
error_f("already have session ID at kex");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
if ((r = sshbuf_put(kex->session_id, hash, hashlen)) != 0)
|
||||
return r;
|
||||
} else if (sshbuf_len(kex->session_id) == 0) {
|
||||
error_f("no session ID in rekex");
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
for (i = 0; i < NKEYS; i++) {
|
||||
if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,
|
||||
|
@ -1096,7 +1105,7 @@ kex_load_hostkey(struct ssh *ssh, struct sshkey **prvp, struct sshkey **pubp)
|
|||
*prvp = NULL;
|
||||
if (kex->load_host_public_key == NULL ||
|
||||
kex->load_host_private_key == NULL) {
|
||||
error("%s: missing hostkey loader", __func__);
|
||||
error_f("missing hostkey loader");
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
}
|
||||
*pubp = kex->load_host_public_key(kex->hostkey_type,
|
||||
|
@ -1114,7 +1123,7 @@ kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key)
|
|||
struct kex *kex = ssh->kex;
|
||||
|
||||
if (kex->verify_host_key == NULL) {
|
||||
error("%s: missing hostkey verifier", __func__);
|
||||
error_f("missing hostkey verifier");
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
}
|
||||
if (server_host_key->type != kex->hostkey_type ||
|
||||
|
@ -1151,7 +1160,7 @@ send_error(struct ssh *ssh, char *msg)
|
|||
msg, strlen(msg)) != strlen(msg) ||
|
||||
atomicio(vwrite, ssh_packet_get_connection_out(ssh),
|
||||
crnl, strlen(crnl)) != strlen(crnl))
|
||||
error("%s: write: %.100s", __func__, strerror(errno));
|
||||
error_f("write: %.100s", strerror(errno));
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1163,7 +1172,7 @@ int
|
|||
kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
||||
const char *version_addendum)
|
||||
{
|
||||
int remote_major, remote_minor, mismatch;
|
||||
int remote_major, remote_minor, mismatch, oerrno = 0;
|
||||
size_t len, i, n;
|
||||
int r, expect_nl;
|
||||
u_char c;
|
||||
|
@ -1182,24 +1191,27 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
|
||||
version_addendum == NULL ? "" : " ",
|
||||
version_addendum == NULL ? "" : version_addendum)) != 0) {
|
||||
error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
|
||||
oerrno = errno;
|
||||
error_fr(r, "sshbuf_putf");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (atomicio(vwrite, ssh_packet_get_connection_out(ssh),
|
||||
sshbuf_mutable_ptr(our_version),
|
||||
sshbuf_len(our_version)) != sshbuf_len(our_version)) {
|
||||
error("%s: write: %.100s", __func__, strerror(errno));
|
||||
oerrno = errno;
|
||||
debug_f("write: %.100s", strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */
|
||||
error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r));
|
||||
oerrno = errno;
|
||||
error_fr(r, "sshbuf_consume_end");
|
||||
goto out;
|
||||
}
|
||||
our_version_string = sshbuf_dup_string(our_version);
|
||||
if (our_version_string == NULL) {
|
||||
error("%s: sshbuf_dup_string failed", __func__);
|
||||
error_f("sshbuf_dup_string failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1210,8 +1222,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
if (n >= SSH_MAX_PRE_BANNER_LINES) {
|
||||
send_error(ssh, "No SSH identification string "
|
||||
"received.");
|
||||
error("%s: No SSH version received in first %u lines "
|
||||
"from server", __func__, SSH_MAX_PRE_BANNER_LINES);
|
||||
error_f("No SSH version received in first %u lines "
|
||||
"from server", SSH_MAX_PRE_BANNER_LINES);
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1229,8 +1241,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
r = SSH_ERR_CONN_TIMEOUT;
|
||||
goto out;
|
||||
} else if (r == -1) {
|
||||
error("%s: %s",
|
||||
__func__, strerror(errno));
|
||||
oerrno = errno;
|
||||
error_f("%s", strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1239,13 +1251,12 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
len = atomicio(read, ssh_packet_get_connection_in(ssh),
|
||||
&c, 1);
|
||||
if (len != 1 && errno == EPIPE) {
|
||||
error("%s: Connection closed by remote host",
|
||||
__func__);
|
||||
error_f("Connection closed by remote host");
|
||||
r = SSH_ERR_CONN_CLOSED;
|
||||
goto out;
|
||||
} else if (len != 1) {
|
||||
error("%s: read: %.100s",
|
||||
__func__, strerror(errno));
|
||||
oerrno = errno;
|
||||
error_f("read: %.100s", strerror(errno));
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1256,17 +1267,17 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
if (c == '\n')
|
||||
break;
|
||||
if (c == '\0' || expect_nl) {
|
||||
error("%s: banner line contains invalid "
|
||||
"characters", __func__);
|
||||
error_f("banner line contains invalid "
|
||||
"characters");
|
||||
goto invalid;
|
||||
}
|
||||
if ((r = sshbuf_put_u8(peer_version, c)) != 0) {
|
||||
error("%s: sshbuf_put: %s",
|
||||
__func__, ssh_err(r));
|
||||
oerrno = errno;
|
||||
error_fr(r, "sshbuf_put");
|
||||
goto out;
|
||||
}
|
||||
if (sshbuf_len(peer_version) > SSH_MAX_BANNER_LEN) {
|
||||
error("%s: banner line too long", __func__);
|
||||
error_f("banner line too long");
|
||||
goto invalid;
|
||||
}
|
||||
}
|
||||
|
@ -1276,26 +1287,26 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
break;
|
||||
/* If not, then just log the line and continue */
|
||||
if ((cp = sshbuf_dup_string(peer_version)) == NULL) {
|
||||
error("%s: sshbuf_dup_string failed", __func__);
|
||||
error_f("sshbuf_dup_string failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
/* Do not accept lines before the SSH ident from a client */
|
||||
if (ssh->kex->server) {
|
||||
error("%s: client sent invalid protocol identifier "
|
||||
"\"%.256s\"", __func__, cp);
|
||||
error_f("client sent invalid protocol identifier "
|
||||
"\"%.256s\"", cp);
|
||||
free(cp);
|
||||
goto invalid;
|
||||
}
|
||||
debug("%s: banner line %zu: %s", __func__, n, cp);
|
||||
debug_f("banner line %zu: %s", n, cp);
|
||||
free(cp);
|
||||
}
|
||||
peer_version_string = sshbuf_dup_string(peer_version);
|
||||
if (peer_version_string == NULL)
|
||||
error("%s: sshbuf_dup_string failed", __func__);
|
||||
error_f("sshbuf_dup_string failed");
|
||||
/* XXX must be same size for sscanf */
|
||||
if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) {
|
||||
error("%s: calloc failed", __func__);
|
||||
error_f("calloc failed");
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
|
@ -1315,7 +1326,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
}
|
||||
debug("Remote protocol version %d.%d, remote software version %.100s",
|
||||
remote_major, remote_minor, remote_version);
|
||||
ssh->compat = compat_datafellows(remote_version);
|
||||
compat_banner(ssh, remote_version);
|
||||
|
||||
mismatch = 0;
|
||||
switch (remote_major) {
|
||||
|
@ -1361,6 +1372,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
|
|||
free(our_version_string);
|
||||
free(peer_version_string);
|
||||
free(remote_version);
|
||||
if (r == SSH_ERR_SYSTEM_ERROR)
|
||||
errno = oerrno;
|
||||
return r;
|
||||
}
|
||||
|
||||
|
|
18
kex.h
18
kex.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kex.h,v 1.109 2019/09/06 05:23:55 djm Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.114 2021/01/31 22:55:29 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -62,7 +62,7 @@
|
|||
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
|
||||
#define KEX_CURVE25519_SHA256 "curve25519-sha256"
|
||||
#define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org"
|
||||
#define KEX_SNTRUP4591761X25519_SHA512 "sntrup4591761x25519-sha512@tinyssh.org"
|
||||
#define KEX_SNTRUP761X25519_SHA512 "sntrup761x25519-sha512@openssh.com"
|
||||
|
||||
#define COMP_NONE 0
|
||||
/* pre-auth compression (COMP_ZLIB) is only supported in the client */
|
||||
|
@ -101,7 +101,7 @@ enum kex_exchange {
|
|||
KEX_DH_GEX_SHA256,
|
||||
KEX_ECDH_SHA2,
|
||||
KEX_C25519_SHA256,
|
||||
KEX_KEM_SNTRUP4591761X25519_SHA512,
|
||||
KEX_KEM_SNTRUP761X25519_SHA512,
|
||||
KEX_MAX
|
||||
};
|
||||
|
||||
|
@ -132,8 +132,6 @@ struct newkeys {
|
|||
struct ssh;
|
||||
|
||||
struct kex {
|
||||
u_char *session_id;
|
||||
size_t session_id_len;
|
||||
struct newkeys *newkeys[MODE_MAX];
|
||||
u_int we_need;
|
||||
u_int dh_need;
|
||||
|
@ -149,6 +147,7 @@ struct kex {
|
|||
struct sshbuf *peer;
|
||||
struct sshbuf *client_version;
|
||||
struct sshbuf *server_version;
|
||||
struct sshbuf *session_id;
|
||||
sig_atomic_t done;
|
||||
u_int flags;
|
||||
int hash_alg;
|
||||
|
@ -168,7 +167,7 @@ struct kex {
|
|||
const EC_GROUP *ec_group; /* ECDH */
|
||||
u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
|
||||
u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
|
||||
u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */
|
||||
u_char sntrup761_client_key[crypto_kem_sntrup761_SECRETKEYBYTES]; /* KEM */
|
||||
struct sshbuf *client_pub;
|
||||
};
|
||||
|
||||
|
@ -194,6 +193,7 @@ int kex_verify_host_key(struct ssh *, struct sshkey *);
|
|||
int kex_send_kexinit(struct ssh *);
|
||||
int kex_input_kexinit(int, u_int32_t, struct ssh *);
|
||||
int kex_input_ext_info(int, u_int32_t, struct ssh *);
|
||||
int kex_protocol_error(int, u_int32_t, struct ssh *);
|
||||
int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
|
||||
int kex_send_newkeys(struct ssh *);
|
||||
int kex_start_rekex(struct ssh *);
|
||||
|
@ -218,10 +218,10 @@ int kex_c25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
|
|||
struct sshbuf **);
|
||||
int kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
|
||||
|
||||
int kex_kem_sntrup4591761x25519_keypair(struct kex *);
|
||||
int kex_kem_sntrup4591761x25519_enc(struct kex *, const struct sshbuf *,
|
||||
int kex_kem_sntrup761x25519_keypair(struct kex *);
|
||||
int kex_kem_sntrup761x25519_enc(struct kex *, const struct sshbuf *,
|
||||
struct sshbuf **, struct sshbuf **);
|
||||
int kex_kem_sntrup4591761x25519_dec(struct kex *, const struct sshbuf *,
|
||||
int kex_kem_sntrup761x25519_dec(struct kex *, const struct sshbuf *,
|
||||
struct sshbuf **);
|
||||
|
||||
int kex_dh_keygen(struct kex *);
|
||||
|
|
4
kexdh.c
4
kexdh.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kexdh.c,v 1.32 2019/01/21 10:40:11 djm Exp $ */
|
||||
/* $OpenBSD: kexdh.c,v 1.34 2020/12/04 02:29:25 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -42,6 +42,7 @@
|
|||
#include "digest.h"
|
||||
#include "ssherr.h"
|
||||
#include "dh.h"
|
||||
#include "log.h"
|
||||
|
||||
int
|
||||
kex_dh_keygen(struct kex *kex)
|
||||
|
@ -193,6 +194,7 @@ kex_dh_dec(struct kex *kex, const struct sshbuf *dh_blob,
|
|||
*shared_secretp = buf;
|
||||
buf = NULL;
|
||||
out:
|
||||
BN_free(dh_pub);
|
||||
DH_free(kex->dh);
|
||||
kex->dh = NULL;
|
||||
sshbuf_free(buf);
|
||||
|
|
26
kexgen.c
26
kexgen.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kexgen.c,v 1.3 2019/09/06 05:23:55 djm Exp $ */
|
||||
/* $OpenBSD: kexgen.c,v 1.6 2021/01/31 22:55:29 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -117,8 +117,8 @@ kex_gen_client(struct ssh *ssh)
|
|||
case KEX_C25519_SHA256:
|
||||
r = kex_c25519_keypair(kex);
|
||||
break;
|
||||
case KEX_KEM_SNTRUP4591761X25519_SHA512:
|
||||
r = kex_kem_sntrup4591761x25519_keypair(kex);
|
||||
case KEX_KEM_SNTRUP761X25519_SHA512:
|
||||
r = kex_kem_sntrup761x25519_keypair(kex);
|
||||
break;
|
||||
default:
|
||||
r = SSH_ERR_INVALID_ARGUMENT;
|
||||
|
@ -148,6 +148,9 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
|
|||
size_t slen, hashlen;
|
||||
int r;
|
||||
|
||||
debug("SSH2_MSG_KEX_ECDH_REPLY received");
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &kex_protocol_error);
|
||||
|
||||
/* hostkey */
|
||||
if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
|
||||
goto out;
|
||||
|
@ -185,8 +188,8 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
|
|||
case KEX_C25519_SHA256:
|
||||
r = kex_c25519_dec(kex, server_blob, &shared_secret);
|
||||
break;
|
||||
case KEX_KEM_SNTRUP4591761X25519_SHA512:
|
||||
r = kex_kem_sntrup4591761x25519_dec(kex, server_blob,
|
||||
case KEX_KEM_SNTRUP761X25519_SHA512:
|
||||
r = kex_kem_sntrup761x25519_dec(kex, server_blob,
|
||||
&shared_secret);
|
||||
break;
|
||||
default:
|
||||
|
@ -212,7 +215,7 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
|
|||
goto out;
|
||||
|
||||
if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
|
||||
kex->hostkey_alg, ssh->compat)) != 0)
|
||||
kex->hostkey_alg, ssh->compat, NULL)) != 0)
|
||||
goto out;
|
||||
|
||||
if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
|
||||
|
@ -220,8 +223,8 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
|
|||
out:
|
||||
explicit_bzero(hash, sizeof(hash));
|
||||
explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key));
|
||||
explicit_bzero(kex->sntrup4591761_client_key,
|
||||
sizeof(kex->sntrup4591761_client_key));
|
||||
explicit_bzero(kex->sntrup761_client_key,
|
||||
sizeof(kex->sntrup761_client_key));
|
||||
sshbuf_free(server_host_key_blob);
|
||||
free(signature);
|
||||
sshbuf_free(tmp);
|
||||
|
@ -254,6 +257,9 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh)
|
|||
size_t slen, hashlen;
|
||||
int r;
|
||||
|
||||
debug("SSH2_MSG_KEX_ECDH_INIT received");
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &kex_protocol_error);
|
||||
|
||||
if ((r = kex_load_hostkey(ssh, &server_host_private,
|
||||
&server_host_public)) != 0)
|
||||
goto out;
|
||||
|
@ -282,8 +288,8 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh)
|
|||
r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
|
||||
&shared_secret);
|
||||
break;
|
||||
case KEX_KEM_SNTRUP4591761X25519_SHA512:
|
||||
r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey,
|
||||
case KEX_KEM_SNTRUP761X25519_SHA512:
|
||||
r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
|
||||
&server_pubkey, &shared_secret);
|
||||
break;
|
||||
default:
|
||||
|
|
16
kexgexc.c
16
kexgexc.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kexgexc.c,v 1.34 2019/01/23 00:30:41 djm Exp $ */
|
||||
/* $OpenBSD: kexgexc.c,v 1.37 2021/01/31 22:55:29 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -68,7 +68,7 @@ kexgex_client(struct ssh *ssh)
|
|||
kex->min = DH_GRP_MIN;
|
||||
kex->max = DH_GRP_MAX;
|
||||
kex->nbits = nbits;
|
||||
if (datafellows & SSH_BUG_DHGEX_LARGE)
|
||||
if (ssh->compat & SSH_BUG_DHGEX_LARGE)
|
||||
kex->nbits = MINIMUM(kex->nbits, 4096);
|
||||
/* New GEX request */
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||
|
||||
|
@ -83,6 +83,7 @@ kexgex_client(struct ssh *ssh)
|
|||
fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
|
||||
kex->min, kex->nbits, kex->max);
|
||||
#endif
|
||||
debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP,
|
||||
&input_kex_dh_gex_group);
|
||||
r = 0;
|
||||
|
@ -98,7 +99,8 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
|
|||
const BIGNUM *pub_key;
|
||||
int r, bits;
|
||||
|
||||
debug("got SSH2_MSG_KEX_DH_GEX_GROUP");
|
||||
debug("SSH2_MSG_KEX_DH_GEX_GROUP received");
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, &kex_protocol_error);
|
||||
|
||||
if ((r = sshpkt_get_bignum2(ssh, &p)) != 0 ||
|
||||
(r = sshpkt_get_bignum2(ssh, &g)) != 0 ||
|
||||
|
@ -130,7 +132,7 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
|
|||
BN_print_fp(stderr, pub_key);
|
||||
fprintf(stderr, "\n");
|
||||
#endif
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL);
|
||||
debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply);
|
||||
r = 0;
|
||||
out:
|
||||
|
@ -153,7 +155,9 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
|
|||
size_t slen, hashlen;
|
||||
int r;
|
||||
|
||||
debug("got SSH2_MSG_KEX_DH_GEX_REPLY");
|
||||
debug("SSH2_MSG_KEX_DH_GEX_REPLY received");
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &kex_protocol_error);
|
||||
|
||||
/* key, cert */
|
||||
if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
|
||||
goto out;
|
||||
|
@ -199,7 +203,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
|
|||
goto out;
|
||||
|
||||
if ((r = sshkey_verify(server_host_key, signature, slen, hash,
|
||||
hashlen, kex->hostkey_alg, ssh->compat)) != 0)
|
||||
hashlen, kex->hostkey_alg, ssh->compat, NULL)) != 0)
|
||||
goto out;
|
||||
|
||||
if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kexgexs.c,v 1.42 2019/01/23 00:30:41 djm Exp $ */
|
||||
/* $OpenBSD: kexgexs.c,v 1.43 2021/01/31 22:55:29 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -77,6 +77,8 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
const BIGNUM *dh_p, *dh_g;
|
||||
|
||||
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST, &kex_protocol_error);
|
||||
|
||||
if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
|
||||
(r = sshpkt_get_u32(ssh, &nbits)) != 0 ||
|
||||
(r = sshpkt_get_u32(ssh, &max)) != 0 ||
|
||||
|
@ -136,6 +138,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
|
|||
size_t slen, hashlen;
|
||||
int r;
|
||||
|
||||
debug("SSH2_MSG_KEX_DH_GEX_INIT received");
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &kex_protocol_error);
|
||||
|
||||
if ((r = kex_load_hostkey(ssh, &server_host_private,
|
||||
&server_host_public)) != 0)
|
||||
goto out;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kexsntrup4591761x25519.c,v 1.3 2019/01/21 10:40:11 djm Exp $ */
|
||||
/* $OpenBSD: kexsntrup761x25519.c,v 1.1 2020/12/29 00:59:15 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -25,6 +25,8 @@
|
|||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef USE_SNTRUP761X25519
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdio.h>
|
||||
|
@ -38,7 +40,7 @@
|
|||
#include "ssherr.h"
|
||||
|
||||
int
|
||||
kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
|
||||
kex_kem_sntrup761x25519_keypair(struct kex *kex)
|
||||
{
|
||||
struct sshbuf *buf = NULL;
|
||||
u_char *cp = NULL;
|
||||
|
@ -47,15 +49,15 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
|
|||
|
||||
if ((buf = sshbuf_new()) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
|
||||
need = crypto_kem_sntrup761_PUBLICKEYBYTES + CURVE25519_SIZE;
|
||||
if ((r = sshbuf_reserve(buf, need, &cp)) != 0)
|
||||
goto out;
|
||||
crypto_kem_sntrup4591761_keypair(cp, kex->sntrup4591761_client_key);
|
||||
crypto_kem_sntrup761_keypair(cp, kex->sntrup761_client_key);
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("client public key sntrup4591761:", cp,
|
||||
crypto_kem_sntrup4591761_PUBLICKEYBYTES);
|
||||
dump_digest("client public key sntrup761:", cp,
|
||||
crypto_kem_sntrup761_PUBLICKEYBYTES);
|
||||
#endif
|
||||
cp += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
|
||||
cp += crypto_kem_sntrup761_PUBLICKEYBYTES;
|
||||
kexc25519_keygen(kex->c25519_client_key, cp);
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("client public key c25519:", cp, CURVE25519_SIZE);
|
||||
|
@ -68,7 +70,7 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
|
|||
}
|
||||
|
||||
int
|
||||
kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
||||
kex_kem_sntrup761x25519_enc(struct kex *kex,
|
||||
const struct sshbuf *client_blob, struct sshbuf **server_blobp,
|
||||
struct sshbuf **shared_secretp)
|
||||
{
|
||||
|
@ -85,17 +87,17 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
*shared_secretp = NULL;
|
||||
|
||||
/* client_blob contains both KEM and ECDH client pubkeys */
|
||||
need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
|
||||
need = crypto_kem_sntrup761_PUBLICKEYBYTES + CURVE25519_SIZE;
|
||||
if (sshbuf_len(client_blob) != need) {
|
||||
r = SSH_ERR_SIGNATURE_INVALID;
|
||||
goto out;
|
||||
}
|
||||
client_pub = sshbuf_ptr(client_blob);
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("client public key sntrup4591761:", client_pub,
|
||||
crypto_kem_sntrup4591761_PUBLICKEYBYTES);
|
||||
dump_digest("client public key sntrup761:", client_pub,
|
||||
crypto_kem_sntrup761_PUBLICKEYBYTES);
|
||||
dump_digest("client public key 25519:",
|
||||
client_pub + crypto_kem_sntrup4591761_PUBLICKEYBYTES,
|
||||
client_pub + crypto_kem_sntrup761_PUBLICKEYBYTES,
|
||||
CURVE25519_SIZE);
|
||||
#endif
|
||||
/* allocate buffer for concatenation of KEM key and ECDH shared key */
|
||||
|
@ -104,7 +106,7 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
|
||||
if ((r = sshbuf_reserve(buf, crypto_kem_sntrup761_BYTES,
|
||||
&kem_key)) != 0)
|
||||
goto out;
|
||||
/* allocate space for encrypted KEM key and ECDH pub key */
|
||||
|
@ -112,16 +114,16 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
|
||||
need = crypto_kem_sntrup761_CIPHERTEXTBYTES + CURVE25519_SIZE;
|
||||
if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0)
|
||||
goto out;
|
||||
/* generate and encrypt KEM key with client key */
|
||||
crypto_kem_sntrup4591761_enc(ciphertext, kem_key, client_pub);
|
||||
crypto_kem_sntrup761_enc(ciphertext, kem_key, client_pub);
|
||||
/* generate ECDH key pair, store server pubkey after ciphertext */
|
||||
server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
|
||||
server_pub = ciphertext + crypto_kem_sntrup761_CIPHERTEXTBYTES;
|
||||
kexc25519_keygen(server_key, server_pub);
|
||||
/* append ECDH shared key */
|
||||
client_pub += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
|
||||
client_pub += crypto_kem_sntrup761_PUBLICKEYBYTES;
|
||||
if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0)
|
||||
goto out;
|
||||
if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
|
||||
|
@ -129,7 +131,7 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE);
|
||||
dump_digest("server cipher text:", ciphertext,
|
||||
crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
|
||||
crypto_kem_sntrup761_CIPHERTEXTBYTES);
|
||||
dump_digest("server kem key:", kem_key, sizeof(kem_key));
|
||||
dump_digest("concatenation of KEM key and ECDH shared key:",
|
||||
sshbuf_ptr(buf), sshbuf_len(buf));
|
||||
|
@ -155,7 +157,7 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
}
|
||||
|
||||
int
|
||||
kex_kem_sntrup4591761x25519_dec(struct kex *kex,
|
||||
kex_kem_sntrup761x25519_dec(struct kex *kex,
|
||||
const struct sshbuf *server_blob, struct sshbuf **shared_secretp)
|
||||
{
|
||||
struct sshbuf *buf = NULL;
|
||||
|
@ -167,16 +169,16 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex,
|
|||
|
||||
*shared_secretp = NULL;
|
||||
|
||||
need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
|
||||
need = crypto_kem_sntrup761_CIPHERTEXTBYTES + CURVE25519_SIZE;
|
||||
if (sshbuf_len(server_blob) != need) {
|
||||
r = SSH_ERR_SIGNATURE_INVALID;
|
||||
goto out;
|
||||
}
|
||||
ciphertext = sshbuf_ptr(server_blob);
|
||||
server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
|
||||
server_pub = ciphertext + crypto_kem_sntrup761_CIPHERTEXTBYTES;
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("server cipher text:", ciphertext,
|
||||
crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
|
||||
crypto_kem_sntrup761_CIPHERTEXTBYTES);
|
||||
dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE);
|
||||
#endif
|
||||
/* hash concatenation of KEM key and ECDH shared key */
|
||||
|
@ -184,18 +186,18 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex,
|
|||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
|
||||
if ((r = sshbuf_reserve(buf, crypto_kem_sntrup761_BYTES,
|
||||
&kem_key)) != 0)
|
||||
goto out;
|
||||
decoded = crypto_kem_sntrup4591761_dec(kem_key, ciphertext,
|
||||
kex->sntrup4591761_client_key);
|
||||
decoded = crypto_kem_sntrup761_dec(kem_key, ciphertext,
|
||||
kex->sntrup761_client_key);
|
||||
if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub,
|
||||
buf, 1)) < 0)
|
||||
goto out;
|
||||
if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
|
||||
goto out;
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("client kem key:", kem_key, sizeof(kem_key));
|
||||
dump_digest("client kem key:", kem_key, crypto_kem_sntrup761_BYTES);
|
||||
dump_digest("concatenation of KEM key and ECDH shared key:",
|
||||
sshbuf_ptr(buf), sshbuf_len(buf));
|
||||
#endif
|
||||
|
@ -217,3 +219,33 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex,
|
|||
sshbuf_free(buf);
|
||||
return r;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
#include "ssherr.h"
|
||||
|
||||
struct kex;
|
||||
struct sshbuf;
|
||||
struct sshkey;
|
||||
|
||||
int
|
||||
kex_kem_sntrup761x25519_keypair(struct kex *kex)
|
||||
{
|
||||
return SSH_ERR_SIGN_ALG_UNSUPPORTED;
|
||||
}
|
||||
|
||||
int
|
||||
kex_kem_sntrup761x25519_enc(struct kex *kex,
|
||||
const struct sshbuf *client_blob, struct sshbuf **server_blobp,
|
||||
struct sshbuf **shared_secretp)
|
||||
{
|
||||
return SSH_ERR_SIGN_ALG_UNSUPPORTED;
|
||||
}
|
||||
|
||||
int
|
||||
kex_kem_sntrup761x25519_dec(struct kex *kex,
|
||||
const struct sshbuf *server_blob, struct sshbuf **shared_secretp)
|
||||
{
|
||||
return SSH_ERR_SIGN_ALG_UNSUPPORTED;
|
||||
}
|
||||
#endif /* USE_SNTRUP761X25519 */
|
214
krl.c
214
krl.c
|
@ -14,7 +14,7 @@
|
|||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: krl.c,v 1.44 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: krl.c,v 1.52 2020/10/18 11:32:01 djm Exp $ */
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
|
@ -38,12 +38,13 @@
|
|||
#include "log.h"
|
||||
#include "digest.h"
|
||||
#include "bitmap.h"
|
||||
#include "utf8.h"
|
||||
|
||||
#include "krl.h"
|
||||
|
||||
/* #define DEBUG_KRL */
|
||||
#ifdef DEBUG_KRL
|
||||
# define KRL_DBG(x) debug3 x
|
||||
# define KRL_DBG(x) debug3_f x
|
||||
#else
|
||||
# define KRL_DBG(x)
|
||||
#endif
|
||||
|
@ -240,8 +241,7 @@ revoked_certs_for_ca_key(struct ssh_krl *krl, const struct sshkey *ca_key,
|
|||
RB_INIT(&rc->revoked_serials);
|
||||
RB_INIT(&rc->revoked_key_ids);
|
||||
TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry);
|
||||
KRL_DBG(("%s: new CA %s", __func__,
|
||||
ca_key == NULL ? "*" : sshkey_type(ca_key)));
|
||||
KRL_DBG(("new CA %s", ca_key == NULL ? "*" : sshkey_type(ca_key)));
|
||||
*rcp = rc;
|
||||
return 0;
|
||||
}
|
||||
|
@ -251,7 +251,7 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
|
|||
{
|
||||
struct revoked_serial rs, *ers, *crs, *irs;
|
||||
|
||||
KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi));
|
||||
KRL_DBG(("insert %llu:%llu", lo, hi));
|
||||
memset(&rs, 0, sizeof(rs));
|
||||
rs.lo = lo;
|
||||
rs.hi = hi;
|
||||
|
@ -263,15 +263,14 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
|
|||
memcpy(irs, &rs, sizeof(*irs));
|
||||
ers = RB_INSERT(revoked_serial_tree, rt, irs);
|
||||
if (ers != NULL) {
|
||||
KRL_DBG(("%s: bad: ers != NULL", __func__));
|
||||
KRL_DBG(("bad: ers != NULL"));
|
||||
/* Shouldn't happen */
|
||||
free(irs);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
}
|
||||
ers = irs;
|
||||
} else {
|
||||
KRL_DBG(("%s: overlap found %llu:%llu", __func__,
|
||||
ers->lo, ers->hi));
|
||||
KRL_DBG(("overlap found %llu:%llu", ers->lo, ers->hi));
|
||||
/*
|
||||
* The inserted entry overlaps an existing one. Grow the
|
||||
* existing entry.
|
||||
|
@ -289,33 +288,31 @@ insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
|
|||
|
||||
/* Check predecessors */
|
||||
while ((crs = RB_PREV(revoked_serial_tree, rt, ers)) != NULL) {
|
||||
KRL_DBG(("%s: pred %llu:%llu", __func__, crs->lo, crs->hi));
|
||||
KRL_DBG(("pred %llu:%llu", crs->lo, crs->hi));
|
||||
if (ers->lo != 0 && crs->hi < ers->lo - 1)
|
||||
break;
|
||||
/* This entry overlaps. */
|
||||
if (crs->lo < ers->lo) {
|
||||
ers->lo = crs->lo;
|
||||
KRL_DBG(("%s: pred extend %llu:%llu", __func__,
|
||||
ers->lo, ers->hi));
|
||||
KRL_DBG(("pred extend %llu:%llu", ers->lo, ers->hi));
|
||||
}
|
||||
RB_REMOVE(revoked_serial_tree, rt, crs);
|
||||
free(crs);
|
||||
}
|
||||
/* Check successors */
|
||||
while ((crs = RB_NEXT(revoked_serial_tree, rt, ers)) != NULL) {
|
||||
KRL_DBG(("%s: succ %llu:%llu", __func__, crs->lo, crs->hi));
|
||||
KRL_DBG(("succ %llu:%llu", crs->lo, crs->hi));
|
||||
if (ers->hi != (u_int64_t)-1 && crs->lo > ers->hi + 1)
|
||||
break;
|
||||
/* This entry overlaps. */
|
||||
if (crs->hi > ers->hi) {
|
||||
ers->hi = crs->hi;
|
||||
KRL_DBG(("%s: succ extend %llu:%llu", __func__,
|
||||
ers->lo, ers->hi));
|
||||
KRL_DBG(("succ extend %llu:%llu", ers->lo, ers->hi));
|
||||
}
|
||||
RB_REMOVE(revoked_serial_tree, rt, crs);
|
||||
free(crs);
|
||||
}
|
||||
KRL_DBG(("%s: done, final %llu:%llu", __func__, ers->lo, ers->hi));
|
||||
KRL_DBG(("done, final %llu:%llu", ers->lo, ers->hi));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -351,7 +348,7 @@ ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key,
|
|||
if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)
|
||||
return r;
|
||||
|
||||
KRL_DBG(("%s: revoke %s", __func__, key_id));
|
||||
KRL_DBG(("revoke %s", key_id));
|
||||
if ((rki = calloc(1, sizeof(*rki))) == NULL ||
|
||||
(rki->key_id = strdup(key_id)) == NULL) {
|
||||
free(rki);
|
||||
|
@ -410,7 +407,7 @@ ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key)
|
|||
size_t len;
|
||||
int r;
|
||||
|
||||
debug3("%s: revoke type %s", __func__, sshkey_type(key));
|
||||
debug3_f("revoke type %s", sshkey_type(key));
|
||||
if ((r = plain_key_blob(key, &blob, &len)) != 0)
|
||||
return r;
|
||||
return revoke_blob(&krl->revoked_keys, blob, len);
|
||||
|
@ -436,7 +433,7 @@ revoke_by_hash(struct revoked_blob_tree *target, const u_char *p, size_t len)
|
|||
int
|
||||
ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len)
|
||||
{
|
||||
debug3("%s: revoke by sha1", __func__);
|
||||
debug3_f("revoke by sha1");
|
||||
if (len != 20)
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
return revoke_by_hash(&krl->revoked_sha1s, p, len);
|
||||
|
@ -445,7 +442,7 @@ ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len)
|
|||
int
|
||||
ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len)
|
||||
{
|
||||
debug3("%s: revoke by sha256", __func__);
|
||||
debug3_f("revoke by sha256");
|
||||
if (len != 32)
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
return revoke_by_hash(&krl->revoked_sha256s, p, len);
|
||||
|
@ -541,9 +538,9 @@ choose_next_state(int current_state, u_int64_t contig, int final,
|
|||
*force_new_section = 1;
|
||||
cost = cost_bitmap_restart;
|
||||
}
|
||||
KRL_DBG(("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
|
||||
KRL_DBG(("contig %llu last_gap %llu next_gap %llu final %d, costs:"
|
||||
"list %llu range %llu bitmap %llu new bitmap %llu, "
|
||||
"selected 0x%02x%s", __func__, (long long unsigned)contig,
|
||||
"selected 0x%02x%s", (long long unsigned)contig,
|
||||
(long long unsigned)last_gap, (long long unsigned)next_gap, final,
|
||||
(long long unsigned)cost_list, (long long unsigned)cost_range,
|
||||
(long long unsigned)cost_bitmap,
|
||||
|
@ -601,7 +598,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials);
|
||||
rs != NULL;
|
||||
rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
|
||||
KRL_DBG(("%s: serial %llu:%llu state 0x%02x", __func__,
|
||||
KRL_DBG(("serial %llu:%llu state 0x%02x",
|
||||
(long long unsigned)rs->lo, (long long unsigned)rs->hi,
|
||||
state));
|
||||
|
||||
|
@ -621,7 +618,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
*/
|
||||
if (state != 0 && (force_new_sect || next_state != state ||
|
||||
state == KRL_SECTION_CERT_SERIAL_RANGE)) {
|
||||
KRL_DBG(("%s: finish state 0x%02x", __func__, state));
|
||||
KRL_DBG(("finish state 0x%02x", state));
|
||||
switch (state) {
|
||||
case KRL_SECTION_CERT_SERIAL_LIST:
|
||||
case KRL_SECTION_CERT_SERIAL_RANGE:
|
||||
|
@ -641,7 +638,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
|
||||
/* If we are starting a new section then prepare it now */
|
||||
if (next_state != state || force_new_sect) {
|
||||
KRL_DBG(("%s: start state 0x%02x", __func__,
|
||||
KRL_DBG(("start state 0x%02x",
|
||||
next_state));
|
||||
state = next_state;
|
||||
sshbuf_reset(sect);
|
||||
|
@ -677,7 +674,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
break;
|
||||
case KRL_SECTION_CERT_SERIAL_BITMAP:
|
||||
if (rs->lo - bitmap_start > INT_MAX) {
|
||||
error("%s: insane bitmap gap", __func__);
|
||||
error_f("insane bitmap gap");
|
||||
goto out;
|
||||
}
|
||||
for (i = 0; i < contig; i++) {
|
||||
|
@ -693,8 +690,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
}
|
||||
/* Flush the remaining section, if any */
|
||||
if (state != 0) {
|
||||
KRL_DBG(("%s: serial final flush for state 0x%02x",
|
||||
__func__, state));
|
||||
KRL_DBG(("serial final flush for state 0x%02x", state));
|
||||
switch (state) {
|
||||
case KRL_SECTION_CERT_SERIAL_LIST:
|
||||
case KRL_SECTION_CERT_SERIAL_RANGE:
|
||||
|
@ -710,12 +706,12 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
|||
(r = sshbuf_put_stringb(buf, sect)) != 0)
|
||||
goto out;
|
||||
}
|
||||
KRL_DBG(("%s: serial done ", __func__));
|
||||
KRL_DBG(("serial done "));
|
||||
|
||||
/* Now output a section for any revocations by key ID */
|
||||
sshbuf_reset(sect);
|
||||
RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {
|
||||
KRL_DBG(("%s: key ID %s", __func__, rki->key_id));
|
||||
KRL_DBG(("key ID %s", rki->key_id));
|
||||
if ((r = sshbuf_put_cstring(sect, rki->key_id)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -771,7 +767,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
|
|||
/* Finally, output sections for revocations by public key/hash */
|
||||
sshbuf_reset(sect);
|
||||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
|
||||
KRL_DBG(("%s: key len %zu ", __func__, rb->len));
|
||||
KRL_DBG(("key len %zu ", rb->len));
|
||||
if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -782,7 +778,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
|
|||
}
|
||||
sshbuf_reset(sect);
|
||||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) {
|
||||
KRL_DBG(("%s: hash len %zu ", __func__, rb->len));
|
||||
KRL_DBG(("hash len %zu ", rb->len));
|
||||
if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -794,7 +790,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
|
|||
}
|
||||
sshbuf_reset(sect);
|
||||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha256s) {
|
||||
KRL_DBG(("%s: hash len %zu ", __func__, rb->len));
|
||||
KRL_DBG(("hash len %zu ", rb->len));
|
||||
if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -806,16 +802,16 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
|
|||
}
|
||||
|
||||
for (i = 0; i < nsign_keys; i++) {
|
||||
KRL_DBG(("%s: signature key %s", __func__,
|
||||
sshkey_ssh_name(sign_keys[i])));
|
||||
KRL_DBG(("sig key %s", sshkey_ssh_name(sign_keys[i])));
|
||||
if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 ||
|
||||
(r = sshkey_puts(sign_keys[i], buf)) != 0)
|
||||
goto out;
|
||||
|
||||
/* XXX support sk-* keys */
|
||||
if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
|
||||
sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0)
|
||||
sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL,
|
||||
NULL, 0)) != 0)
|
||||
goto out;
|
||||
KRL_DBG(("%s: signature sig len %zu", __func__, slen));
|
||||
KRL_DBG(("signature sig len %zu", slen));
|
||||
if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
|
||||
goto out;
|
||||
}
|
||||
|
@ -872,7 +868,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
|
|||
if ((r = sshbuf_get_u8(buf, &type)) != 0 ||
|
||||
(r = sshbuf_froms(buf, &subsect)) != 0)
|
||||
goto out;
|
||||
KRL_DBG(("%s: subsection type 0x%02x", __func__, type));
|
||||
KRL_DBG(("subsection type 0x%02x", type));
|
||||
/* sshbuf_dump(subsect, stderr); */
|
||||
|
||||
switch (type) {
|
||||
|
@ -909,7 +905,7 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
|
|||
nbits = bitmap_nbits(bitmap);
|
||||
for (serial = 0; serial < (u_int64_t)nbits; serial++) {
|
||||
if (serial > 0 && serial_lo + serial == 0) {
|
||||
error("%s: bitmap wraps u64", __func__);
|
||||
error_f("bitmap wraps u64");
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
|
@ -968,7 +964,7 @@ blob_section(struct sshbuf *sect, struct revoked_blob_tree *target_tree,
|
|||
if ((r = sshbuf_get_string(sect, &rdata, &rlen)) != 0)
|
||||
return r;
|
||||
if (expected_len != 0 && rlen != expected_len) {
|
||||
error("%s: bad length", __func__);
|
||||
error_f("bad length");
|
||||
free(rdata);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
|
@ -999,7 +995,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
*krlp = NULL;
|
||||
if (sshbuf_len(buf) < sizeof(KRL_MAGIC) - 1 ||
|
||||
memcmp(sshbuf_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) {
|
||||
debug3("%s: not a KRL", __func__);
|
||||
debug3_f("not a KRL");
|
||||
return SSH_ERR_KRL_BAD_MAGIC;
|
||||
}
|
||||
|
||||
|
@ -1012,7 +1008,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
goto out;
|
||||
|
||||
if ((krl = ssh_krl_init()) == NULL) {
|
||||
error("%s: alloc failed", __func__);
|
||||
error_f("alloc failed");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -1049,7 +1045,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
|
||||
(r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0)
|
||||
goto out;
|
||||
KRL_DBG(("%s: first pass, section 0x%02x", __func__, type));
|
||||
KRL_DBG(("first pass, section 0x%02x", type));
|
||||
if (type != KRL_SECTION_SIGNATURE) {
|
||||
if (sig_seen) {
|
||||
error("KRL contains non-signature section "
|
||||
|
@ -1079,7 +1075,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
}
|
||||
/* Check signature over entire KRL up to this point */
|
||||
if ((r = sshkey_verify(key, blob, blen,
|
||||
sshbuf_ptr(buf), sig_off, NULL, 0)) != 0)
|
||||
sshbuf_ptr(buf), sig_off, NULL, 0, NULL)) != 0)
|
||||
goto out;
|
||||
/* Check if this key has already signed this KRL */
|
||||
for (i = 0; i < nca_used; i++) {
|
||||
|
@ -1125,7 +1121,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
|
||||
(r = sshbuf_froms(copy, §)) != 0)
|
||||
goto out;
|
||||
KRL_DBG(("%s: second pass, section 0x%02x", __func__, type));
|
||||
KRL_DBG(("second pass, section 0x%02x", type));
|
||||
|
||||
switch (type) {
|
||||
case KRL_SECTION_CERTIFICATES:
|
||||
|
@ -1228,7 +1224,7 @@ is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc)
|
|||
rki.key_id = key->cert->key_id;
|
||||
erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
|
||||
if (erki != NULL) {
|
||||
KRL_DBG(("%s: revoked by key ID", __func__));
|
||||
KRL_DBG(("revoked by key ID"));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
|
||||
|
@ -1243,7 +1239,7 @@ is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc)
|
|||
rs.lo = rs.hi = key->cert->serial;
|
||||
ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
|
||||
if (ers != NULL) {
|
||||
KRL_DBG(("%s: revoked serial %llu matched %llu:%llu", __func__,
|
||||
KRL_DBG(("revoked serial %llu matched %llu:%llu",
|
||||
key->cert->serial, ers->lo, ers->hi));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
|
@ -1266,7 +1262,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
|
|||
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
|
||||
free(rb.blob);
|
||||
if (erb != NULL) {
|
||||
KRL_DBG(("%s: revoked by key SHA1", __func__));
|
||||
KRL_DBG(("revoked by key SHA1"));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
memset(&rb, 0, sizeof(rb));
|
||||
|
@ -1276,7 +1272,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
|
|||
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha256s, &rb);
|
||||
free(rb.blob);
|
||||
if (erb != NULL) {
|
||||
KRL_DBG(("%s: revoked by key SHA256", __func__));
|
||||
KRL_DBG(("revoked by key SHA256"));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
|
||||
|
@ -1287,7 +1283,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
|
|||
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
|
||||
free(rb.blob);
|
||||
if (erb != NULL) {
|
||||
KRL_DBG(("%s: revoked by explicit key", __func__));
|
||||
KRL_DBG(("revoked by explicit key"));
|
||||
return SSH_ERR_KEY_REVOKED;
|
||||
}
|
||||
|
||||
|
@ -1310,7 +1306,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
|
|||
return r;
|
||||
}
|
||||
|
||||
KRL_DBG(("%s: %llu no match", __func__, key->cert->serial));
|
||||
KRL_DBG(("%llu no match", key->cert->serial));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1319,15 +1315,15 @@ ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key)
|
|||
{
|
||||
int r;
|
||||
|
||||
KRL_DBG(("%s: checking key", __func__));
|
||||
KRL_DBG(("checking key"));
|
||||
if ((r = is_key_revoked(krl, key)) != 0)
|
||||
return r;
|
||||
if (sshkey_is_cert(key)) {
|
||||
debug2("%s: checking CA key", __func__);
|
||||
debug2_f("checking CA key");
|
||||
if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0)
|
||||
return r;
|
||||
}
|
||||
KRL_DBG(("%s: key okay", __func__));
|
||||
KRL_DBG(("key okay"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -1336,32 +1332,116 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
|
|||
{
|
||||
struct sshbuf *krlbuf = NULL;
|
||||
struct ssh_krl *krl = NULL;
|
||||
int oerrno = 0, r, fd;
|
||||
int oerrno = 0, r;
|
||||
|
||||
if (path == NULL)
|
||||
return 0;
|
||||
|
||||
if ((krlbuf = sshbuf_new()) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((fd = open(path, O_RDONLY)) == -1) {
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
oerrno = errno;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_load_file(fd, krlbuf)) != 0) {
|
||||
if ((r = sshbuf_load_file(path, &krlbuf)) != 0) {
|
||||
oerrno = errno;
|
||||
goto out;
|
||||
}
|
||||
if ((r = ssh_krl_from_blob(krlbuf, &krl, NULL, 0)) != 0)
|
||||
goto out;
|
||||
debug2("%s: checking KRL %s", __func__, path);
|
||||
debug2_f("checking KRL %s", path);
|
||||
r = ssh_krl_check_key(krl, key);
|
||||
out:
|
||||
if (fd != -1)
|
||||
close(fd);
|
||||
sshbuf_free(krlbuf);
|
||||
ssh_krl_free(krl);
|
||||
if (r != 0)
|
||||
errno = oerrno;
|
||||
return r;
|
||||
}
|
||||
|
||||
int
|
||||
krl_dump(struct ssh_krl *krl, FILE *f)
|
||||
{
|
||||
struct sshkey *key = NULL;
|
||||
struct revoked_blob *rb;
|
||||
struct revoked_certs *rc;
|
||||
struct revoked_serial *rs;
|
||||
struct revoked_key_id *rki;
|
||||
int r, ret = 0;
|
||||
char *fp, timestamp[64];
|
||||
|
||||
/* Try to print in a KRL spec-compatible format */
|
||||
format_timestamp(krl->generated_date, timestamp, sizeof(timestamp));
|
||||
fprintf(f, "# KRL version %llu\n",
|
||||
(unsigned long long)krl->krl_version);
|
||||
fprintf(f, "# Generated at %s\n", timestamp);
|
||||
if (krl->comment != NULL && *krl->comment != '\0') {
|
||||
r = INT_MAX;
|
||||
asmprintf(&fp, INT_MAX, &r, "%s", krl->comment);
|
||||
fprintf(f, "# Comment: %s\n", fp);
|
||||
free(fp);
|
||||
}
|
||||
fputc('\n', f);
|
||||
|
||||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
|
||||
if ((r = sshkey_from_blob(rb->blob, rb->len, &key)) != 0) {
|
||||
ret = SSH_ERR_INVALID_FORMAT;
|
||||
error_r(r, "parse KRL key");
|
||||
continue;
|
||||
}
|
||||
if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
ret = SSH_ERR_INVALID_FORMAT;
|
||||
error("sshkey_fingerprint failed");
|
||||
continue;
|
||||
}
|
||||
fprintf(f, "hash: SHA256:%s # %s\n", fp, sshkey_ssh_name(key));
|
||||
free(fp);
|
||||
free(key);
|
||||
}
|
||||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha256s) {
|
||||
fp = tohex(rb->blob, rb->len);
|
||||
fprintf(f, "hash: SHA256:%s\n", fp);
|
||||
free(fp);
|
||||
}
|
||||
RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) {
|
||||
/*
|
||||
* There is not KRL spec keyword for raw SHA1 hashes, so
|
||||
* print them as comments.
|
||||
*/
|
||||
fp = tohex(rb->blob, rb->len);
|
||||
fprintf(f, "# hash SHA1:%s\n", fp);
|
||||
free(fp);
|
||||
}
|
||||
|
||||
TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
|
||||
fputc('\n', f);
|
||||
if (rc->ca_key == NULL)
|
||||
fprintf(f, "# Wildcard CA\n");
|
||||
else {
|
||||
if ((fp = sshkey_fingerprint(rc->ca_key,
|
||||
SSH_FP_HASH_DEFAULT, SSH_FP_DEFAULT)) == NULL) {
|
||||
ret = SSH_ERR_INVALID_FORMAT;
|
||||
error("sshkey_fingerprint failed");
|
||||
continue;
|
||||
}
|
||||
fprintf(f, "# CA key %s %s\n",
|
||||
sshkey_ssh_name(rc->ca_key), fp);
|
||||
free(fp);
|
||||
}
|
||||
RB_FOREACH(rs, revoked_serial_tree, &rc->revoked_serials) {
|
||||
if (rs->lo == rs->hi) {
|
||||
fprintf(f, "serial: %llu\n",
|
||||
(unsigned long long)rs->lo);
|
||||
} else {
|
||||
fprintf(f, "serial: %llu-%llu\n",
|
||||
(unsigned long long)rs->lo,
|
||||
(unsigned long long)rs->hi);
|
||||
}
|
||||
}
|
||||
RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {
|
||||
/*
|
||||
* We don't want key IDs with embedded newlines to
|
||||
* mess up the display.
|
||||
*/
|
||||
r = INT_MAX;
|
||||
asmprintf(&fp, INT_MAX, &r, "%s", rki->key_id);
|
||||
fprintf(f, "id: %s\n", fp);
|
||||
free(fp);
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
|
3
krl.h
3
krl.h
|
@ -14,7 +14,7 @@
|
|||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: krl.h,v 1.7 2019/06/21 04:21:04 djm Exp $ */
|
||||
/* $OpenBSD: krl.h,v 1.8 2020/04/03 02:26:56 djm Exp $ */
|
||||
|
||||
#ifndef _KRL_H
|
||||
#define _KRL_H
|
||||
|
@ -61,6 +61,7 @@ int ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
|||
const struct sshkey **sign_ca_keys, size_t nsign_ca_keys);
|
||||
int ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key);
|
||||
int ssh_krl_file_contains_key(const char *path, const struct sshkey *key);
|
||||
int krl_dump(struct ssh_krl *krl, FILE *f);
|
||||
|
||||
#endif /* _KRL_H */
|
||||
|
||||
|
|
204
log.c
204
log.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: log.c,v 1.51 2018/07/27 12:03:17 markus Exp $ */
|
||||
/* $OpenBSD: log.c,v 1.56 2020/12/04 02:25:13 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -51,14 +51,17 @@
|
|||
#endif
|
||||
|
||||
#include "log.h"
|
||||
#include "match.h"
|
||||
|
||||
static LogLevel log_level = SYSLOG_LEVEL_INFO;
|
||||
static int log_on_stderr = 1;
|
||||
static int log_stderr_fd = STDERR_FILENO;
|
||||
static int log_facility = LOG_AUTH;
|
||||
static char *argv0;
|
||||
static const char *argv0;
|
||||
static log_handler_fn *log_handler;
|
||||
static void *log_handler_ctx;
|
||||
static char **log_verbose;
|
||||
static size_t nlog_verbose;
|
||||
|
||||
extern char *__progname;
|
||||
|
||||
|
@ -157,96 +160,30 @@ log_level_name(LogLevel level)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
/* Error messages that should be logged. */
|
||||
|
||||
void
|
||||
error(const char *fmt,...)
|
||||
log_verbose_add(const char *s)
|
||||
{
|
||||
va_list args;
|
||||
char **tmp;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_ERROR, fmt, args);
|
||||
va_end(args);
|
||||
/* Ignore failures here */
|
||||
if ((tmp = recallocarray(log_verbose, nlog_verbose, nlog_verbose + 1,
|
||||
sizeof(*log_verbose))) != NULL) {
|
||||
log_verbose = tmp;
|
||||
if ((log_verbose[nlog_verbose] = strdup(s)) != NULL)
|
||||
nlog_verbose++;
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
sigdie(const char *fmt,...)
|
||||
log_verbose_reset(void)
|
||||
{
|
||||
#ifdef DO_LOG_SAFE_IN_SIGHAND
|
||||
va_list args;
|
||||
size_t i;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_FATAL, fmt, args);
|
||||
va_end(args);
|
||||
#endif
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
void
|
||||
logdie(const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_INFO, fmt, args);
|
||||
va_end(args);
|
||||
cleanup_exit(255);
|
||||
}
|
||||
|
||||
/* Log this message (information that usually should go to the log). */
|
||||
|
||||
void
|
||||
logit(const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_INFO, fmt, args);
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
/* More detailed messages (information that does not need to go to the log). */
|
||||
|
||||
void
|
||||
verbose(const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_VERBOSE, fmt, args);
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
/* Debugging messages that should not be logged during normal operation. */
|
||||
|
||||
void
|
||||
debug(const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_DEBUG1, fmt, args);
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
void
|
||||
debug2(const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_DEBUG2, fmt, args);
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
void
|
||||
debug3(const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(SYSLOG_LEVEL_DEBUG3, fmt, args);
|
||||
va_end(args);
|
||||
for (i = 0; i < nlog_verbose; i++)
|
||||
free(log_verbose[i]);
|
||||
free(log_verbose);
|
||||
log_verbose = NULL;
|
||||
nlog_verbose = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -254,7 +191,8 @@ debug3(const char *fmt,...)
|
|||
*/
|
||||
|
||||
void
|
||||
log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
|
||||
log_init(const char *av0, LogLevel level, SyslogFacility facility,
|
||||
int on_stderr)
|
||||
{
|
||||
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
|
||||
struct syslog_data sdata = SYSLOG_DATA_INIT;
|
||||
|
@ -370,6 +308,14 @@ log_redirect_stderr_to(const char *logfile)
|
|||
{
|
||||
int fd;
|
||||
|
||||
if (logfile == NULL) {
|
||||
if (log_stderr_fd != STDERR_FILENO) {
|
||||
close(log_stderr_fd);
|
||||
log_stderr_fd = STDERR_FILENO;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) {
|
||||
fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile,
|
||||
strerror(errno));
|
||||
|
@ -387,18 +333,9 @@ set_log_handler(log_handler_fn *handler, void *ctx)
|
|||
log_handler_ctx = ctx;
|
||||
}
|
||||
|
||||
void
|
||||
do_log2(LogLevel level, const char *fmt,...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
do_log(level, fmt, args);
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
void
|
||||
do_log(LogLevel level, const char *fmt, va_list args)
|
||||
static void
|
||||
do_log(const char *file, const char *func, int line, LogLevel level,
|
||||
int force, const char *suffix, const char *fmt, va_list args)
|
||||
{
|
||||
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
|
||||
struct syslog_data sdata = SYSLOG_DATA_INIT;
|
||||
|
@ -410,7 +347,7 @@ do_log(LogLevel level, const char *fmt, va_list args)
|
|||
int saved_errno = errno;
|
||||
log_handler_fn *tmp_handler;
|
||||
|
||||
if (level > log_level)
|
||||
if (!force && level > log_level)
|
||||
return;
|
||||
|
||||
switch (level) {
|
||||
|
@ -453,13 +390,17 @@ do_log(LogLevel level, const char *fmt, va_list args)
|
|||
} else {
|
||||
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
|
||||
}
|
||||
if (suffix != NULL) {
|
||||
snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
|
||||
strlcpy(msgbuf, fmtbuf, sizeof(msgbuf));
|
||||
}
|
||||
strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
|
||||
log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS);
|
||||
if (log_handler != NULL) {
|
||||
/* Avoid recursion */
|
||||
tmp_handler = log_handler;
|
||||
log_handler = NULL;
|
||||
tmp_handler(level, fmtbuf, log_handler_ctx);
|
||||
tmp_handler(file, func, line, level, fmtbuf, log_handler_ctx);
|
||||
log_handler = tmp_handler;
|
||||
} else if (log_on_stderr) {
|
||||
snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n",
|
||||
|
@ -478,3 +419,68 @@ do_log(LogLevel level, const char *fmt, va_list args)
|
|||
}
|
||||
errno = saved_errno;
|
||||
}
|
||||
|
||||
void
|
||||
sshlog(const char *file, const char *func, int line, int showfunc,
|
||||
LogLevel level, const char *suffix, const char *fmt, ...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
sshlogv(file, func, line, showfunc, level, suffix, fmt, args);
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
void
|
||||
sshlogdie(const char *file, const char *func, int line, int showfunc,
|
||||
LogLevel level, const char *suffix, const char *fmt, ...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_INFO,
|
||||
suffix, fmt, args);
|
||||
va_end(args);
|
||||
cleanup_exit(255);
|
||||
}
|
||||
|
||||
void
|
||||
sshsigdie(const char *file, const char *func, int line, int showfunc,
|
||||
LogLevel level, const char *suffix, const char *fmt, ...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
|
||||
suffix, fmt, args);
|
||||
va_end(args);
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
void
|
||||
sshlogv(const char *file, const char *func, int line, int showfunc,
|
||||
LogLevel level, const char *suffix, const char *fmt, va_list args)
|
||||
{
|
||||
char tag[128], fmt2[MSGBUFSIZ + 128];
|
||||
int forced = 0;
|
||||
const char *cp;
|
||||
size_t i;
|
||||
|
||||
snprintf(tag, sizeof(tag), "%.48s:%.48s():%d",
|
||||
(cp = strrchr(file, '/')) == NULL ? file : cp + 1, func, line);
|
||||
for (i = 0; i < nlog_verbose; i++) {
|
||||
if (match_pattern_list(tag, log_verbose[i], 0) == 1) {
|
||||
forced = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (log_handler == NULL && forced)
|
||||
snprintf(fmt2, sizeof(fmt2), "%s: %s", tag, fmt);
|
||||
else if (showfunc)
|
||||
snprintf(fmt2, sizeof(fmt2), "%s: %s", func, fmt);
|
||||
else
|
||||
strlcpy(fmt2, fmt, sizeof(fmt2));
|
||||
|
||||
do_log(file, func, line, level, forced, suffix, fmt2, args);
|
||||
}
|
||||
|
|
88
log.h
88
log.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: log.h,v 1.24 2019/09/06 04:53:27 djm Exp $ */
|
||||
/* $OpenBSD: log.h,v 1.30 2020/12/04 02:25:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -16,6 +16,7 @@
|
|||
#define SSH_LOG_H
|
||||
|
||||
#include <stdarg.h> /* va_list */
|
||||
#include <ssherr.h> /* ssh_err() */
|
||||
|
||||
/* Supported syslog facilities and levels. */
|
||||
typedef enum {
|
||||
|
@ -48,36 +49,83 @@ typedef enum {
|
|||
SYSLOG_LEVEL_NOT_SET = -1
|
||||
} LogLevel;
|
||||
|
||||
typedef void (log_handler_fn)(LogLevel, const char *, void *);
|
||||
typedef void (log_handler_fn)(const char *, const char *, int, LogLevel,
|
||||
const char *, void *);
|
||||
|
||||
void log_init(char *, LogLevel, SyslogFacility, int);
|
||||
void log_init(const char *, LogLevel, SyslogFacility, int);
|
||||
LogLevel log_level_get(void);
|
||||
int log_change_level(LogLevel);
|
||||
int log_is_on_stderr(void);
|
||||
void log_redirect_stderr_to(const char *);
|
||||
void log_verbose_add(const char *);
|
||||
void log_verbose_reset(void);
|
||||
|
||||
SyslogFacility log_facility_number(char *);
|
||||
const char * log_facility_name(SyslogFacility);
|
||||
LogLevel log_level_number(char *);
|
||||
const char * log_level_name(LogLevel);
|
||||
|
||||
void fatal(const char *, ...) __attribute__((noreturn))
|
||||
__attribute__((format(printf, 1, 2)));
|
||||
void error(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void sigdie(const char *, ...) __attribute__((noreturn))
|
||||
__attribute__((format(printf, 1, 2)));
|
||||
void logdie(const char *, ...) __attribute__((noreturn))
|
||||
__attribute__((format(printf, 1, 2)));
|
||||
void logit(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
|
||||
|
||||
void set_log_handler(log_handler_fn *, void *);
|
||||
void do_log2(LogLevel, const char *, ...)
|
||||
__attribute__((format(printf, 2, 3)));
|
||||
void do_log(LogLevel, const char *, va_list);
|
||||
void cleanup_exit(int) __attribute__((noreturn));
|
||||
|
||||
void sshlog(const char *, const char *, int, int,
|
||||
LogLevel, const char *, const char *, ...)
|
||||
__attribute__((format(printf, 7, 8)));
|
||||
void sshlogv(const char *, const char *, int, int,
|
||||
LogLevel, const char *, const char *, va_list);
|
||||
void sshsigdie(const char *, const char *, int, int,
|
||||
LogLevel, const char *, const char *, ...) __attribute__((noreturn))
|
||||
__attribute__((format(printf, 7, 8)));
|
||||
void sshlogdie(const char *, const char *, int, int,
|
||||
LogLevel, const char *, const char *, ...) __attribute__((noreturn))
|
||||
__attribute__((format(printf, 7, 8)));
|
||||
void sshfatal(const char *, const char *, int, int,
|
||||
LogLevel, const char *, const char *, ...) __attribute__((noreturn))
|
||||
__attribute__((format(printf, 7, 8)));
|
||||
|
||||
#define do_log2(level, ...) sshlog(__FILE__, __func__, __LINE__, 0, level, NULL, __VA_ARGS__)
|
||||
#define debug3(...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG3, NULL, __VA_ARGS__)
|
||||
#define debug2(...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG2, NULL, __VA_ARGS__)
|
||||
#define debug(...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG1, NULL, __VA_ARGS__)
|
||||
#define verbose(...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_VERBOSE, NULL, __VA_ARGS__)
|
||||
#define logit(...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_INFO, NULL, __VA_ARGS__)
|
||||
#define error(...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
|
||||
#define fatal(...) sshfatal(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_FATAL, NULL, __VA_ARGS__)
|
||||
#define logdie(...) sshlogdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
|
||||
#define sigdie(...) sshsigdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
|
||||
|
||||
/* Variants that prepend the caller's function */
|
||||
#define do_log2_f(level, ...) sshlog(__FILE__, __func__, __LINE__, 1, level, NULL, __VA_ARGS__)
|
||||
#define debug3_f(...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG3, NULL, __VA_ARGS__)
|
||||
#define debug2_f(...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG2, NULL, __VA_ARGS__)
|
||||
#define debug_f(...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG1, NULL, __VA_ARGS__)
|
||||
#define verbose_f(...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_VERBOSE, NULL, __VA_ARGS__)
|
||||
#define logit_f(...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_INFO, NULL, __VA_ARGS__)
|
||||
#define error_f(...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
|
||||
#define fatal_f(...) sshfatal(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_FATAL, NULL, __VA_ARGS__)
|
||||
#define logdie_f(...) sshlogdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
|
||||
#define sigdie_f(...) sshsigdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
|
||||
|
||||
/* Variants that appends a ssh_err message */
|
||||
#define do_log2_r(r, level, ...) sshlog(__FILE__, __func__, __LINE__, 0, level, ssh_err(r), __VA_ARGS__)
|
||||
#define debug3_r(r, ...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG3, ssh_err(r), __VA_ARGS__)
|
||||
#define debug2_r(r, ...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG2, ssh_err(r), __VA_ARGS__)
|
||||
#define debug_r(r, ...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG1, ssh_err(r), __VA_ARGS__)
|
||||
#define verbose_r(r, ...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_VERBOSE, ssh_err(r), __VA_ARGS__)
|
||||
#define logit_r(r, ...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_INFO, ssh_err(r), __VA_ARGS__)
|
||||
#define error_r(r, ...) sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
|
||||
#define fatal_r(r, ...) sshfatal(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_FATAL, ssh_err(r), __VA_ARGS__)
|
||||
#define logdie_r(r, ...) sshlogdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
|
||||
#define sigdie_r(r, ...) sshsigdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
|
||||
#define do_log2_fr(r, level, ...) sshlog(__FILE__, __func__, __LINE__, 1, level, ssh_err(r), __VA_ARGS__)
|
||||
#define debug3_fr(r, ...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG3, ssh_err(r), __VA_ARGS__)
|
||||
#define debug2_fr(r, ...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG2, ssh_err(r), __VA_ARGS__)
|
||||
#define debug_fr(r, ...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG1, ssh_err(r), __VA_ARGS__)
|
||||
#define verbose_fr(r, ...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_VERBOSE, ssh_err(r), __VA_ARGS__)
|
||||
#define logit_fr(r, ...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_INFO, ssh_err(r), __VA_ARGS__)
|
||||
#define error_fr(r, ...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
|
||||
#define fatal_fr(r, ...) sshfatal(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), __VA_ARGS__)
|
||||
#define logdie_fr(r, ...) sshlogdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
|
||||
#define sigdie_fr(r, ...) sshsigdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
|
||||
|
||||
#endif
|
||||
|
|
|
@ -778,6 +778,9 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
|
|||
strncpy(utx->ut_host, li->hostname,
|
||||
MIN_SIZEOF(utx->ut_host, li->hostname));
|
||||
# endif
|
||||
# ifdef HAVE_SS_IN_UTMPX
|
||||
utx->ut_ss = li->hostaddr.sa_storage;
|
||||
# endif
|
||||
# ifdef HAVE_ADDR_IN_UTMPX
|
||||
/* this is just a 32-bit IP address */
|
||||
if (li->hostaddr.sa.sa_family == AF_INET)
|
||||
|
|
|
@ -15,12 +15,23 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
|
|||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
int main(int argc, char **argv) {
|
||||
(void)argv;
|
||||
/* Some math to catch -ftrapv problems in the toolchain */
|
||||
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
||||
float l = i * 2.1;
|
||||
double m = l / 0.5;
|
||||
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
|
||||
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
|
||||
/*
|
||||
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
|
||||
* not understand comments and we don't use the "fallthrough" attribute
|
||||
* that it's looking for.
|
||||
*/
|
||||
switch(i){
|
||||
case 0: j += i;
|
||||
/* FALLTHROUGH */
|
||||
default: j += k;
|
||||
}
|
||||
exit(0);
|
||||
}
|
||||
]])],
|
||||
|
@ -52,6 +63,7 @@ AC_DEFUN([OSSH_CHECK_CFLAG_LINK], [{
|
|||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
int main(int argc, char **argv) {
|
||||
(void)argv;
|
||||
/* Some math to catch -ftrapv problems in the toolchain */
|
||||
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
||||
float l = i * 2.1;
|
||||
|
@ -90,6 +102,7 @@ AC_DEFUN([OSSH_CHECK_LDFLAG_LINK], [{
|
|||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
int main(int argc, char **argv) {
|
||||
(void)argv;
|
||||
/* Some math to catch -ftrapv problems in the toolchain */
|
||||
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
||||
float l = i * 2.1;
|
||||
|
@ -118,7 +131,7 @@ dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol)
|
|||
dnl Does AC_EGREP_HEADER on 'header' for the string 'field'
|
||||
dnl If found, set 'symbol' to be defined. Cache the result.
|
||||
dnl TODO: This is not foolproof, better to compile and read from there
|
||||
AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [
|
||||
AC_DEFUN([OSSH_CHECK_HEADER_FOR_FIELD], [
|
||||
# look for field '$1' in header '$2'
|
||||
dnl This strips characters illegal to m4 from the header filename
|
||||
ossh_safe=`echo "$2" | sed 'y%./+-%__p_%'`
|
||||
|
@ -158,14 +171,15 @@ AC_DEFUN([TYPE_SOCKLEN_T],
|
|||
curl_cv_socklen_t_equiv=
|
||||
for arg2 in "struct sockaddr" void; do
|
||||
for t in int size_t unsigned long "unsigned long"; do
|
||||
AC_TRY_COMPILE([
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
int getpeername (int, $arg2 *, $t *);
|
||||
],[
|
||||
$t len;
|
||||
getpeername(0,0,&len);
|
||||
AC_COMPILE_IFELSE([
|
||||
AC_LANG_PROGRAM([[
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
int getpeername (int, $arg2 *, $t *);
|
||||
]], [[
|
||||
$t len;
|
||||
getpeername(0,0,&len);
|
||||
]])
|
||||
],[
|
||||
curl_cv_socklen_t_equiv="$t"
|
||||
break
|
21
match.c
21
match.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: match.c,v 1.40 2019/10/04 04:13:39 djm Exp $ */
|
||||
/* $OpenBSD: match.c,v 1.43 2020/11/03 22:53:12 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -42,6 +42,7 @@
|
|||
#include <ctype.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
|
@ -52,7 +53,6 @@
|
|||
* Returns true if the given string matches the pattern (which may contain ?
|
||||
* and * as wildcards), and zero if it does not match.
|
||||
*/
|
||||
|
||||
int
|
||||
match_pattern(const char *s, const char *pattern)
|
||||
{
|
||||
|
@ -62,8 +62,9 @@ match_pattern(const char *s, const char *pattern)
|
|||
return !*s;
|
||||
|
||||
if (*pattern == '*') {
|
||||
/* Skip the asterisk. */
|
||||
pattern++;
|
||||
/* Skip this and any consecutive asterisks. */
|
||||
while (*pattern == '*')
|
||||
pattern++;
|
||||
|
||||
/* If at end of pattern, accept immediately. */
|
||||
if (!*pattern)
|
||||
|
@ -186,7 +187,7 @@ match_usergroup_pattern_list(const char *string, const char *pattern)
|
|||
/* Windows usernames are case insensitive */
|
||||
return match_pattern_list(string, pattern, 1);
|
||||
#else
|
||||
/* Case insensitive match */
|
||||
/* Case sensitive match */
|
||||
return match_pattern_list(string, pattern, 0);
|
||||
#endif
|
||||
}
|
||||
|
@ -316,13 +317,13 @@ match_list(const char *client, const char *server, u_int *next)
|
|||
|
||||
/*
|
||||
* Filter proposal using pattern-list filter.
|
||||
* "blacklist" determines sense of filter:
|
||||
* "denylist" determines sense of filter:
|
||||
* non-zero indicates that items matching filter should be excluded.
|
||||
* zero indicates that only items matching filter should be included.
|
||||
* returns NULL on allocation error, otherwise caller must free result.
|
||||
*/
|
||||
static char *
|
||||
filter_list(const char *proposal, const char *filter, int blacklist)
|
||||
filter_list(const char *proposal, const char *filter, int denylist)
|
||||
{
|
||||
size_t len = strlen(proposal) + 1;
|
||||
char *fix_prop = malloc(len);
|
||||
|
@ -340,7 +341,7 @@ filter_list(const char *proposal, const char *filter, int blacklist)
|
|||
*fix_prop = '\0';
|
||||
while ((cp = strsep(&tmp, ",")) != NULL) {
|
||||
r = match_pattern_list(cp, filter, 0);
|
||||
if ((blacklist && r != 1) || (!blacklist && r == 1)) {
|
||||
if ((denylist && r != 1) || (!denylist && r == 1)) {
|
||||
if (*fix_prop != '\0')
|
||||
strlcat(fix_prop, ",", len);
|
||||
strlcat(fix_prop, cp, len);
|
||||
|
@ -355,7 +356,7 @@ filter_list(const char *proposal, const char *filter, int blacklist)
|
|||
* the 'filter' pattern list. Caller must free returned string.
|
||||
*/
|
||||
char *
|
||||
match_filter_blacklist(const char *proposal, const char *filter)
|
||||
match_filter_denylist(const char *proposal, const char *filter)
|
||||
{
|
||||
return filter_list(proposal, filter, 1);
|
||||
}
|
||||
|
@ -365,7 +366,7 @@ match_filter_blacklist(const char *proposal, const char *filter)
|
|||
* the 'filter' pattern list. Caller must free returned string.
|
||||
*/
|
||||
char *
|
||||
match_filter_whitelist(const char *proposal, const char *filter)
|
||||
match_filter_allowlist(const char *proposal, const char *filter)
|
||||
{
|
||||
return filter_list(proposal, filter, 0);
|
||||
}
|
||||
|
|
6
match.h
6
match.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: match.h,v 1.19 2019/03/06 22:14:23 dtucker Exp $ */
|
||||
/* $OpenBSD: match.h,v 1.20 2020/07/05 23:59:45 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -21,8 +21,8 @@ int match_hostname(const char *, const char *);
|
|||
int match_host_and_ip(const char *, const char *, const char *);
|
||||
int match_user(const char *, const char *, const char *, const char *);
|
||||
char *match_list(const char *, const char *, u_int *);
|
||||
char *match_filter_blacklist(const char *, const char *);
|
||||
char *match_filter_whitelist(const char *, const char *);
|
||||
char *match_filter_denylist(const char *, const char *);
|
||||
char *match_filter_allowlist(const char *, const char *);
|
||||
|
||||
/* addrmatch.c */
|
||||
int addr_match_list(const char *, const char *);
|
||||
|
|
698
misc.c
698
misc.c
|
@ -1,29 +1,23 @@
|
|||
/* $OpenBSD: misc.c,v 1.142 2019/09/03 08:32:11 djm Exp $ */
|
||||
/* $OpenBSD: misc.c,v 1.162 2021/02/28 01:50:47 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 2004 Henning Brauer <henning@openbsd.org>
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
|
@ -38,7 +32,9 @@
|
|||
#ifdef HAVE_LIBGEN_H
|
||||
# include <libgen.h>
|
||||
#endif
|
||||
#ifdef HAVE_POLL_H
|
||||
#include <poll.h>
|
||||
#endif
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
|
@ -235,29 +231,83 @@ set_rdomain(int fd, const char *name)
|
|||
#endif
|
||||
}
|
||||
|
||||
int
|
||||
get_sock_af(int fd)
|
||||
{
|
||||
struct sockaddr_storage to;
|
||||
socklen_t tolen = sizeof(to);
|
||||
|
||||
memset(&to, 0, sizeof(to));
|
||||
if (getsockname(fd, (struct sockaddr *)&to, &tolen) == -1)
|
||||
return -1;
|
||||
#ifdef IPV4_IN_IPV6
|
||||
if (to.ss_family == AF_INET6 &&
|
||||
IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
|
||||
return AF_INET;
|
||||
#endif
|
||||
return to.ss_family;
|
||||
}
|
||||
|
||||
void
|
||||
set_sock_tos(int fd, int tos)
|
||||
{
|
||||
#ifndef IP_TOS_IS_BROKEN
|
||||
int af;
|
||||
|
||||
switch ((af = get_sock_af(fd))) {
|
||||
case -1:
|
||||
/* assume not a socket */
|
||||
break;
|
||||
case AF_INET:
|
||||
# ifdef IP_TOS
|
||||
debug3_f("set socket %d IP_TOS 0x%02x", fd, tos);
|
||||
if (setsockopt(fd, IPPROTO_IP, IP_TOS,
|
||||
&tos, sizeof(tos)) == -1) {
|
||||
error("setsockopt socket %d IP_TOS %d: %s:",
|
||||
fd, tos, strerror(errno));
|
||||
}
|
||||
# endif /* IP_TOS */
|
||||
break;
|
||||
case AF_INET6:
|
||||
# ifdef IPV6_TCLASS
|
||||
debug3_f("set socket %d IPV6_TCLASS 0x%02x", fd, tos);
|
||||
if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS,
|
||||
&tos, sizeof(tos)) == -1) {
|
||||
error("setsockopt socket %d IPV6_TCLASS %d: %.100s:",
|
||||
fd, tos, strerror(errno));
|
||||
}
|
||||
# endif /* IPV6_TCLASS */
|
||||
break;
|
||||
default:
|
||||
debug2_f("unsupported socket family %d", af);
|
||||
break;
|
||||
}
|
||||
#endif /* IP_TOS_IS_BROKEN */
|
||||
}
|
||||
|
||||
/*
|
||||
* Wait up to *timeoutp milliseconds for fd to be readable. Updates
|
||||
* Wait up to *timeoutp milliseconds for events on fd. Updates
|
||||
* *timeoutp with time remaining.
|
||||
* Returns 0 if fd ready or -1 on timeout or error (see errno).
|
||||
*/
|
||||
int
|
||||
waitrfd(int fd, int *timeoutp)
|
||||
static int
|
||||
waitfd(int fd, int *timeoutp, short events)
|
||||
{
|
||||
struct pollfd pfd;
|
||||
struct timeval t_start;
|
||||
int oerrno, r;
|
||||
|
||||
monotime_tv(&t_start);
|
||||
pfd.fd = fd;
|
||||
pfd.events = POLLIN;
|
||||
pfd.events = events;
|
||||
for (; *timeoutp >= 0;) {
|
||||
monotime_tv(&t_start);
|
||||
r = poll(&pfd, 1, *timeoutp);
|
||||
oerrno = errno;
|
||||
ms_subtract_diff(&t_start, timeoutp);
|
||||
errno = oerrno;
|
||||
if (r > 0)
|
||||
return 0;
|
||||
else if (r == -1 && errno != EAGAIN)
|
||||
else if (r == -1 && errno != EAGAIN && errno != EINTR)
|
||||
return -1;
|
||||
else if (r == 0)
|
||||
break;
|
||||
|
@ -267,6 +317,16 @@ waitrfd(int fd, int *timeoutp)
|
|||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Wait up to *timeoutp milliseconds for fd to be readable. Updates
|
||||
* *timeoutp with time remaining.
|
||||
* Returns 0 if fd ready or -1 on timeout or error (see errno).
|
||||
*/
|
||||
int
|
||||
waitrfd(int fd, int *timeoutp) {
|
||||
return waitfd(fd, timeoutp, POLLIN);
|
||||
}
|
||||
|
||||
/*
|
||||
* Attempt a non-blocking connect(2) to the specified address, waiting up to
|
||||
* *timeoutp milliseconds for the connection to complete. If the timeout is
|
||||
|
@ -286,14 +346,19 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
|
|||
return connect(sockfd, serv_addr, addrlen);
|
||||
|
||||
set_nonblock(sockfd);
|
||||
if (connect(sockfd, serv_addr, addrlen) == 0) {
|
||||
/* Succeeded already? */
|
||||
unset_nonblock(sockfd);
|
||||
return 0;
|
||||
} else if (errno != EINPROGRESS)
|
||||
return -1;
|
||||
for (;;) {
|
||||
if (connect(sockfd, serv_addr, addrlen) == 0) {
|
||||
/* Succeeded already? */
|
||||
unset_nonblock(sockfd);
|
||||
return 0;
|
||||
} else if (errno == EINTR)
|
||||
continue;
|
||||
else if (errno != EINPROGRESS)
|
||||
return -1;
|
||||
break;
|
||||
}
|
||||
|
||||
if (waitrfd(sockfd, timeoutp) == -1)
|
||||
if (waitfd(sockfd, timeoutp, POLLIN | POLLOUT) == -1)
|
||||
return -1;
|
||||
|
||||
/* Completed or failed */
|
||||
|
@ -479,10 +544,10 @@ a2tun(const char *s, int *remote)
|
|||
*
|
||||
* Return -1 if time string is invalid.
|
||||
*/
|
||||
long
|
||||
int
|
||||
convtime(const char *s)
|
||||
{
|
||||
long total, secs, multiplier = 1;
|
||||
long total, secs, multiplier;
|
||||
const char *p;
|
||||
char *endp;
|
||||
|
||||
|
@ -496,10 +561,11 @@ convtime(const char *s)
|
|||
while (*p) {
|
||||
secs = strtol(p, &endp, 10);
|
||||
if (p == endp ||
|
||||
(errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) ||
|
||||
(errno == ERANGE && (secs == INT_MIN || secs == INT_MAX)) ||
|
||||
secs < 0)
|
||||
return -1;
|
||||
|
||||
multiplier = 1;
|
||||
switch (*endp++) {
|
||||
case '\0':
|
||||
endp--;
|
||||
|
@ -526,10 +592,10 @@ convtime(const char *s)
|
|||
default:
|
||||
return -1;
|
||||
}
|
||||
if (secs >= LONG_MAX / multiplier)
|
||||
if (secs > INT_MAX / multiplier)
|
||||
return -1;
|
||||
secs *= multiplier;
|
||||
if (total >= LONG_MAX - secs)
|
||||
if (total > INT_MAX - secs)
|
||||
return -1;
|
||||
total += secs;
|
||||
if (total < 0)
|
||||
|
@ -540,6 +606,43 @@ convtime(const char *s)
|
|||
return total;
|
||||
}
|
||||
|
||||
#define TF_BUFS 8
|
||||
#define TF_LEN 9
|
||||
|
||||
const char *
|
||||
fmt_timeframe(time_t t)
|
||||
{
|
||||
char *buf;
|
||||
static char tfbuf[TF_BUFS][TF_LEN]; /* ring buffer */
|
||||
static int idx = 0;
|
||||
unsigned int sec, min, hrs, day;
|
||||
unsigned long long week;
|
||||
|
||||
buf = tfbuf[idx++];
|
||||
if (idx == TF_BUFS)
|
||||
idx = 0;
|
||||
|
||||
week = t;
|
||||
|
||||
sec = week % 60;
|
||||
week /= 60;
|
||||
min = week % 60;
|
||||
week /= 60;
|
||||
hrs = week % 24;
|
||||
week /= 24;
|
||||
day = week % 7;
|
||||
week /= 7;
|
||||
|
||||
if (week > 0)
|
||||
snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
|
||||
else if (day > 0)
|
||||
snprintf(buf, TF_LEN, "%01ud%02uh%02um", day, hrs, min);
|
||||
else
|
||||
snprintf(buf, TF_LEN, "%02u:%02u:%02u", hrs, min, sec);
|
||||
|
||||
return (buf);
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns a standardized host+port identifier string.
|
||||
* Caller must free returned string.
|
||||
|
@ -1062,78 +1165,181 @@ tilde_expand_filename(const char *filename, uid_t uid)
|
|||
}
|
||||
|
||||
/*
|
||||
* Expand a string with a set of %[char] escapes. A number of escapes may be
|
||||
* specified as (char *escape_chars, char *replacement) pairs. The list must
|
||||
* be terminated by a NULL escape_char. Returns replaced string in memory
|
||||
* allocated by xmalloc.
|
||||
* Expand a string with a set of %[char] escapes and/or ${ENVIRONMENT}
|
||||
* substitutions. A number of escapes may be specified as
|
||||
* (char *escape_chars, char *replacement) pairs. The list must be terminated
|
||||
* by a NULL escape_char. Returns replaced string in memory allocated by
|
||||
* xmalloc which the caller must free.
|
||||
*/
|
||||
char *
|
||||
percent_expand(const char *string, ...)
|
||||
static char *
|
||||
vdollar_percent_expand(int *parseerror, int dollar, int percent,
|
||||
const char *string, va_list ap)
|
||||
{
|
||||
#define EXPAND_MAX_KEYS 16
|
||||
u_int num_keys, i;
|
||||
u_int num_keys = 0, i;
|
||||
struct {
|
||||
const char *key;
|
||||
const char *repl;
|
||||
} keys[EXPAND_MAX_KEYS];
|
||||
struct sshbuf *buf;
|
||||
va_list ap;
|
||||
int r;
|
||||
char *ret;
|
||||
int r, missingvar = 0;
|
||||
char *ret = NULL, *var, *varend, *val;
|
||||
size_t len;
|
||||
|
||||
if ((buf = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (parseerror == NULL)
|
||||
fatal_f("null parseerror arg");
|
||||
*parseerror = 1;
|
||||
|
||||
/* Gather keys */
|
||||
va_start(ap, string);
|
||||
for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
|
||||
keys[num_keys].key = va_arg(ap, char *);
|
||||
if (keys[num_keys].key == NULL)
|
||||
break;
|
||||
keys[num_keys].repl = va_arg(ap, char *);
|
||||
if (keys[num_keys].repl == NULL)
|
||||
fatal("%s: NULL replacement", __func__);
|
||||
/* Gather keys if we're doing percent expansion. */
|
||||
if (percent) {
|
||||
for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
|
||||
keys[num_keys].key = va_arg(ap, char *);
|
||||
if (keys[num_keys].key == NULL)
|
||||
break;
|
||||
keys[num_keys].repl = va_arg(ap, char *);
|
||||
if (keys[num_keys].repl == NULL) {
|
||||
fatal_f("NULL replacement for token %s",
|
||||
keys[num_keys].key);
|
||||
}
|
||||
}
|
||||
if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL)
|
||||
fatal_f("too many keys");
|
||||
if (num_keys == 0)
|
||||
fatal_f("percent expansion without token list");
|
||||
}
|
||||
if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL)
|
||||
fatal("%s: too many keys", __func__);
|
||||
va_end(ap);
|
||||
|
||||
/* Expand string */
|
||||
for (i = 0; *string != '\0'; string++) {
|
||||
if (*string != '%') {
|
||||
append:
|
||||
if ((r = sshbuf_put_u8(buf, *string)) != 0) {
|
||||
fatal("%s: sshbuf_put_u8: %s",
|
||||
__func__, ssh_err(r));
|
||||
/* Optionally process ${ENVIRONMENT} expansions. */
|
||||
if (dollar && string[0] == '$' && string[1] == '{') {
|
||||
string += 2; /* skip over '${' */
|
||||
if ((varend = strchr(string, '}')) == NULL) {
|
||||
error_f("environment variable '%s' missing "
|
||||
"closing '}'", string);
|
||||
goto out;
|
||||
}
|
||||
len = varend - string;
|
||||
if (len == 0) {
|
||||
error_f("zero-length environment variable");
|
||||
goto out;
|
||||
}
|
||||
var = xmalloc(len + 1);
|
||||
(void)strlcpy(var, string, len + 1);
|
||||
if ((val = getenv(var)) == NULL) {
|
||||
error_f("env var ${%s} has no value", var);
|
||||
missingvar = 1;
|
||||
} else {
|
||||
debug3_f("expand ${%s} -> '%s'", var, val);
|
||||
if ((r = sshbuf_put(buf, val, strlen(val))) !=0)
|
||||
fatal_fr(r, "sshbuf_put ${}");
|
||||
}
|
||||
free(var);
|
||||
string += len;
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Process percent expansions if we have a list of TOKENs.
|
||||
* If we're not doing percent expansion everything just gets
|
||||
* appended here.
|
||||
*/
|
||||
if (*string != '%' || !percent) {
|
||||
append:
|
||||
if ((r = sshbuf_put_u8(buf, *string)) != 0)
|
||||
fatal_fr(r, "sshbuf_put_u8 %%");
|
||||
continue;
|
||||
}
|
||||
string++;
|
||||
/* %% case */
|
||||
if (*string == '%')
|
||||
goto append;
|
||||
if (*string == '\0')
|
||||
fatal("%s: invalid format", __func__);
|
||||
if (*string == '\0') {
|
||||
error_f("invalid format");
|
||||
goto out;
|
||||
}
|
||||
for (i = 0; i < num_keys; i++) {
|
||||
if (strchr(keys[i].key, *string) != NULL) {
|
||||
if ((r = sshbuf_put(buf, keys[i].repl,
|
||||
strlen(keys[i].repl))) != 0) {
|
||||
fatal("%s: sshbuf_put: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
strlen(keys[i].repl))) != 0)
|
||||
fatal_fr(r, "sshbuf_put %%-repl");
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (i >= num_keys)
|
||||
fatal("%s: unknown key %%%c", __func__, *string);
|
||||
if (i >= num_keys) {
|
||||
error_f("unknown key %%%c", *string);
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
if ((ret = sshbuf_dup_string(buf)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
if (!missingvar && (ret = sshbuf_dup_string(buf)) == NULL)
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
*parseerror = 0;
|
||||
out:
|
||||
sshbuf_free(buf);
|
||||
return ret;
|
||||
return *parseerror ? NULL : ret;
|
||||
#undef EXPAND_MAX_KEYS
|
||||
}
|
||||
|
||||
/*
|
||||
* Expand only environment variables.
|
||||
* Note that although this function is variadic like the other similar
|
||||
* functions, any such arguments will be unused.
|
||||
*/
|
||||
|
||||
char *
|
||||
dollar_expand(int *parseerr, const char *string, ...)
|
||||
{
|
||||
char *ret;
|
||||
int err;
|
||||
va_list ap;
|
||||
|
||||
va_start(ap, string);
|
||||
ret = vdollar_percent_expand(&err, 1, 0, string, ap);
|
||||
va_end(ap);
|
||||
if (parseerr != NULL)
|
||||
*parseerr = err;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns expanded string or NULL if a specified environment variable is
|
||||
* not defined, or calls fatal if the string is invalid.
|
||||
*/
|
||||
char *
|
||||
percent_expand(const char *string, ...)
|
||||
{
|
||||
char *ret;
|
||||
int err;
|
||||
va_list ap;
|
||||
|
||||
va_start(ap, string);
|
||||
ret = vdollar_percent_expand(&err, 0, 1, string, ap);
|
||||
va_end(ap);
|
||||
if (err)
|
||||
fatal_f("failed");
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns expanded string or NULL if a specified environment variable is
|
||||
* not defined, or calls fatal if the string is invalid.
|
||||
*/
|
||||
char *
|
||||
percent_dollar_expand(const char *string, ...)
|
||||
{
|
||||
char *ret;
|
||||
int err;
|
||||
va_list ap;
|
||||
|
||||
va_start(ap, string);
|
||||
ret = vdollar_percent_expand(&err, 1, 1, string, ap);
|
||||
va_end(ap);
|
||||
if (err)
|
||||
fatal_f("failed");
|
||||
return ret;
|
||||
}
|
||||
|
||||
int
|
||||
tun_open(int tun, int mode, char **ifname)
|
||||
{
|
||||
|
@ -1163,16 +1369,16 @@ tun_open(int tun, int mode, char **ifname)
|
|||
break;
|
||||
}
|
||||
} else {
|
||||
debug("%s: invalid tunnel %u", __func__, tun);
|
||||
debug_f("invalid tunnel %u", tun);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (fd == -1) {
|
||||
debug("%s: %s open: %s", __func__, name, strerror(errno));
|
||||
debug_f("%s open: %s", name, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
|
||||
debug_f("%s mode %d fd %d", name, mode, fd);
|
||||
|
||||
/* Bring interface up if it is not already */
|
||||
snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
|
||||
|
@ -1180,16 +1386,16 @@ tun_open(int tun, int mode, char **ifname)
|
|||
goto failed;
|
||||
|
||||
if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) {
|
||||
debug("%s: get interface %s flags: %s", __func__,
|
||||
ifr.ifr_name, strerror(errno));
|
||||
debug_f("get interface %s flags: %s", ifr.ifr_name,
|
||||
strerror(errno));
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (!(ifr.ifr_flags & IFF_UP)) {
|
||||
ifr.ifr_flags |= IFF_UP;
|
||||
if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) {
|
||||
debug("%s: activate interface %s: %s", __func__,
|
||||
ifr.ifr_name, strerror(errno));
|
||||
debug_f("activate interface %s: %s", ifr.ifr_name,
|
||||
strerror(errno));
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
|
@ -1254,6 +1460,33 @@ tohex(const void *vp, size_t l)
|
|||
return (r);
|
||||
}
|
||||
|
||||
/*
|
||||
* Extend string *sp by the specified format. If *sp is not NULL (or empty),
|
||||
* then the separator 'sep' will be prepended before the formatted arguments.
|
||||
* Extended strings are heap allocated.
|
||||
*/
|
||||
void
|
||||
xextendf(char **sp, const char *sep, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
char *tmp1, *tmp2;
|
||||
|
||||
va_start(ap, fmt);
|
||||
xvasprintf(&tmp1, fmt, ap);
|
||||
va_end(ap);
|
||||
|
||||
if (*sp == NULL || **sp == '\0') {
|
||||
free(*sp);
|
||||
*sp = tmp1;
|
||||
return;
|
||||
}
|
||||
xasprintf(&tmp2, "%s%s%s", *sp, sep == NULL ? "" : sep, tmp1);
|
||||
free(tmp1);
|
||||
free(*sp);
|
||||
*sp = tmp2;
|
||||
}
|
||||
|
||||
|
||||
u_int64_t
|
||||
get_u64(const void *vp)
|
||||
{
|
||||
|
@ -1513,7 +1746,7 @@ mktemp_proto(char *s, size_t len)
|
|||
}
|
||||
r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX");
|
||||
if (r < 0 || (size_t)r >= len)
|
||||
fatal("%s: template string too short", __func__);
|
||||
fatal_f("template string too short");
|
||||
}
|
||||
|
||||
static const struct {
|
||||
|
@ -1542,6 +1775,7 @@ static const struct {
|
|||
{ "cs6", IPTOS_DSCP_CS6 },
|
||||
{ "cs7", IPTOS_DSCP_CS7 },
|
||||
{ "ef", IPTOS_DSCP_EF },
|
||||
{ "le", IPTOS_DSCP_LE },
|
||||
{ "lowdelay", IPTOS_LOWDELAY },
|
||||
{ "throughput", IPTOS_THROUGHPUT },
|
||||
{ "reliability", IPTOS_RELIABILITY },
|
||||
|
@ -1599,8 +1833,7 @@ unix_listener(const char *path, int backlog, int unlink_first)
|
|||
sunaddr.sun_family = AF_UNIX;
|
||||
if (strlcpy(sunaddr.sun_path, path,
|
||||
sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) {
|
||||
error("%s: path \"%s\" too long for Unix domain socket",
|
||||
__func__, path);
|
||||
error_f("path \"%s\" too long for Unix domain socket", path);
|
||||
errno = ENAMETOOLONG;
|
||||
return -1;
|
||||
}
|
||||
|
@ -1608,7 +1841,7 @@ unix_listener(const char *path, int backlog, int unlink_first)
|
|||
sock = socket(PF_UNIX, SOCK_STREAM, 0);
|
||||
if (sock == -1) {
|
||||
saved_errno = errno;
|
||||
error("%s: socket: %.100s", __func__, strerror(errno));
|
||||
error_f("socket: %.100s", strerror(errno));
|
||||
errno = saved_errno;
|
||||
return -1;
|
||||
}
|
||||
|
@ -1618,16 +1851,14 @@ unix_listener(const char *path, int backlog, int unlink_first)
|
|||
}
|
||||
if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
|
||||
saved_errno = errno;
|
||||
error("%s: cannot bind to path %s: %s",
|
||||
__func__, path, strerror(errno));
|
||||
error_f("cannot bind to path %s: %s", path, strerror(errno));
|
||||
close(sock);
|
||||
errno = saved_errno;
|
||||
return -1;
|
||||
}
|
||||
if (listen(sock, backlog) == -1) {
|
||||
saved_errno = errno;
|
||||
error("%s: cannot listen on path %s: %s",
|
||||
__func__, path, strerror(errno));
|
||||
error_f("cannot listen on path %s: %s", path, strerror(errno));
|
||||
close(sock);
|
||||
unlink(path);
|
||||
errno = saved_errno;
|
||||
|
@ -1799,7 +2030,7 @@ argv_assemble(int argc, char **argv)
|
|||
struct sshbuf *buf, *arg;
|
||||
|
||||
if ((buf = sshbuf_new()) == NULL || (arg = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
|
||||
for (i = 0; i < argc; i++) {
|
||||
ws = 0;
|
||||
|
@ -1824,17 +2055,16 @@ argv_assemble(int argc, char **argv)
|
|||
break;
|
||||
}
|
||||
if (r != 0)
|
||||
fatal("%s: sshbuf_put_u8: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_u8");
|
||||
}
|
||||
if ((i != 0 && (r = sshbuf_put_u8(buf, ' ')) != 0) ||
|
||||
(ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0) ||
|
||||
(r = sshbuf_putb(buf, arg)) != 0 ||
|
||||
(ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0))
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble");
|
||||
}
|
||||
if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL)
|
||||
fatal("%s: malloc failed", __func__);
|
||||
fatal_f("malloc failed");
|
||||
memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
|
||||
ret[sshbuf_len(buf)] = '\0';
|
||||
sshbuf_free(buf);
|
||||
|
@ -1850,7 +2080,7 @@ exited_cleanly(pid_t pid, const char *tag, const char *cmd, int quiet)
|
|||
|
||||
while (waitpid(pid, &status, 0) == -1) {
|
||||
if (errno != EINTR) {
|
||||
error("%s: waitpid: %s", tag, strerror(errno));
|
||||
error("%s waitpid: %s", tag, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
@ -2243,3 +2473,275 @@ opt_match(const char **opts, const char *term)
|
|||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
opt_array_append2(const char *file, const int line, const char *directive,
|
||||
char ***array, int **iarray, u_int *lp, const char *s, int i)
|
||||
{
|
||||
|
||||
if (*lp >= INT_MAX)
|
||||
fatal("%s line %d: Too many %s entries", file, line, directive);
|
||||
|
||||
if (iarray != NULL) {
|
||||
*iarray = xrecallocarray(*iarray, *lp, *lp + 1,
|
||||
sizeof(**iarray));
|
||||
(*iarray)[*lp] = i;
|
||||
}
|
||||
|
||||
*array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
|
||||
(*array)[*lp] = xstrdup(s);
|
||||
(*lp)++;
|
||||
}
|
||||
|
||||
void
|
||||
opt_array_append(const char *file, const int line, const char *directive,
|
||||
char ***array, u_int *lp, const char *s)
|
||||
{
|
||||
opt_array_append2(file, line, directive, array, NULL, lp, s, 0);
|
||||
}
|
||||
|
||||
sshsig_t
|
||||
ssh_signal(int signum, sshsig_t handler)
|
||||
{
|
||||
struct sigaction sa, osa;
|
||||
|
||||
/* mask all other signals while in handler */
|
||||
memset(&sa, 0, sizeof(sa));
|
||||
sa.sa_handler = handler;
|
||||
sigfillset(&sa.sa_mask);
|
||||
#if defined(SA_RESTART) && !defined(NO_SA_RESTART)
|
||||
if (signum != SIGALRM)
|
||||
sa.sa_flags = SA_RESTART;
|
||||
#endif
|
||||
if (sigaction(signum, &sa, &osa) == -1) {
|
||||
debug3("sigaction(%s): %s", strsignal(signum), strerror(errno));
|
||||
return SIG_ERR;
|
||||
}
|
||||
return osa.sa_handler;
|
||||
}
|
||||
|
||||
int
|
||||
stdfd_devnull(int do_stdin, int do_stdout, int do_stderr)
|
||||
{
|
||||
int devnull, ret = 0;
|
||||
|
||||
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
|
||||
error_f("open %s: %s", _PATH_DEVNULL,
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
|
||||
(do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
|
||||
(do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
|
||||
error_f("dup2: %s", strerror(errno));
|
||||
ret = -1;
|
||||
}
|
||||
if (devnull > STDERR_FILENO)
|
||||
close(devnull);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Runs command in a subprocess with a minimal environment.
|
||||
* Returns pid on success, 0 on failure.
|
||||
* The child stdout and stderr maybe captured, left attached or sent to
|
||||
* /dev/null depending on the contents of flags.
|
||||
* "tag" is prepended to log messages.
|
||||
* NB. "command" is only used for logging; the actual command executed is
|
||||
* av[0].
|
||||
*/
|
||||
pid_t
|
||||
subprocess(const char *tag, const char *command,
|
||||
int ac, char **av, FILE **child, u_int flags,
|
||||
struct passwd *pw, privdrop_fn *drop_privs, privrestore_fn *restore_privs)
|
||||
{
|
||||
FILE *f = NULL;
|
||||
struct stat st;
|
||||
int fd, devnull, p[2], i;
|
||||
pid_t pid;
|
||||
char *cp, errmsg[512];
|
||||
u_int nenv = 0;
|
||||
char **env = NULL;
|
||||
|
||||
/* If dropping privs, then must specify user and restore function */
|
||||
if (drop_privs != NULL && (pw == NULL || restore_privs == NULL)) {
|
||||
error("%s: inconsistent arguments", tag); /* XXX fatal? */
|
||||
return 0;
|
||||
}
|
||||
if (pw == NULL && (pw = getpwuid(getuid())) == NULL) {
|
||||
error("%s: no user for current uid", tag);
|
||||
return 0;
|
||||
}
|
||||
if (child != NULL)
|
||||
*child = NULL;
|
||||
|
||||
debug3_f("%s command \"%s\" running as %s (flags 0x%x)",
|
||||
tag, command, pw->pw_name, flags);
|
||||
|
||||
/* Check consistency */
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
|
||||
(flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) {
|
||||
error_f("inconsistent flags");
|
||||
return 0;
|
||||
}
|
||||
if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) {
|
||||
error_f("inconsistent flags/output");
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* If executing an explicit binary, then verify the it exists
|
||||
* and appears safe-ish to execute
|
||||
*/
|
||||
if (!path_absolute(av[0])) {
|
||||
error("%s path is not absolute", tag);
|
||||
return 0;
|
||||
}
|
||||
if (drop_privs != NULL)
|
||||
drop_privs(pw);
|
||||
if (stat(av[0], &st) == -1) {
|
||||
error("Could not stat %s \"%s\": %s", tag,
|
||||
av[0], strerror(errno));
|
||||
goto restore_return;
|
||||
}
|
||||
|
||||
if ((flags & SSH_SUBPROCESS_UNSAFE_PATH) == 0 &&
|
||||
#ifdef WINDOWS
|
||||
(check_secure_file_permission(av[0], pw, 1) != 0)) {
|
||||
error("Permissions on %s:\"%s\" are too open", tag, av[0]);
|
||||
#else
|
||||
safe_path(av[0], &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) {
|
||||
error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);
|
||||
#endif
|
||||
goto restore_return;
|
||||
}
|
||||
|
||||
/* Prepare to keep the child's stdout if requested */
|
||||
if (pipe(p) == -1) {
|
||||
error("%s: pipe: %s", tag, strerror(errno));
|
||||
restore_return:
|
||||
if (restore_privs != NULL)
|
||||
restore_privs();
|
||||
return 0;
|
||||
}
|
||||
if (restore_privs != NULL)
|
||||
restore_privs();
|
||||
|
||||
#ifdef FORK_NOT_SUPPORTED
|
||||
{
|
||||
posix_spawn_file_actions_t actions;
|
||||
pid = -1;
|
||||
|
||||
if (posix_spawn_file_actions_init(&actions) != 0 ||
|
||||
posix_spawn_file_actions_adddup2(&actions, p[1], STDOUT_FILENO) != 0)
|
||||
fatal("posix_spawn initialization failed");
|
||||
else {
|
||||
#ifdef WINDOWS
|
||||
/* If the user's SID is the System SID and sshd is running as system,
|
||||
* launch as a child process.
|
||||
*/
|
||||
if (IsWellKnownSid(get_sid(pw->pw_name), WinLocalSystemSid) && am_system()) {
|
||||
debug("starting subprocess using posix_spawnp");
|
||||
if (posix_spawnp((pid_t*)&pid, av[0], &actions, NULL, av, NULL) != 0)
|
||||
fatal("posix_spawnp: %s", strerror(errno));
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
debug("starting subprocess as user using __posix_spawn_asuser");
|
||||
if (__posix_spawn_asuser((pid_t*)&pid, av[0], &actions, NULL, av, NULL, pw->pw_name) != 0)
|
||||
fatal("posix_spawn_user: %s", strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
posix_spawn_file_actions_destroy(&actions);
|
||||
}
|
||||
#else
|
||||
switch ((pid = fork())) {
|
||||
case -1: /* error */
|
||||
error("%s: fork: %s", tag, strerror(errno));
|
||||
close(p[0]);
|
||||
close(p[1]);
|
||||
return 0;
|
||||
case 0: /* child */
|
||||
/* Prepare a minimal environment for the child. */
|
||||
if ((flags & SSH_SUBPROCESS_PRESERVE_ENV) == 0) {
|
||||
nenv = 5;
|
||||
env = xcalloc(sizeof(*env), nenv);
|
||||
child_set_env(&env, &nenv, "PATH", _PATH_STDPATH);
|
||||
child_set_env(&env, &nenv, "USER", pw->pw_name);
|
||||
child_set_env(&env, &nenv, "LOGNAME", pw->pw_name);
|
||||
child_set_env(&env, &nenv, "HOME", pw->pw_dir);
|
||||
if ((cp = getenv("LANG")) != NULL)
|
||||
child_set_env(&env, &nenv, "LANG", cp);
|
||||
}
|
||||
|
||||
for (i = 1; i < NSIG; i++)
|
||||
ssh_signal(i, SIG_DFL);
|
||||
|
||||
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
|
||||
error("%s: open %s: %s", tag, _PATH_DEVNULL,
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
if (dup2(devnull, STDIN_FILENO) == -1) {
|
||||
error("%s: dup2: %s", tag, strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
/* Set up stdout as requested; leave stderr in place for now. */
|
||||
fd = -1;
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
|
||||
fd = p[1];
|
||||
else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
|
||||
fd = devnull;
|
||||
if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
|
||||
error("%s: dup2: %s", tag, strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
|
||||
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
|
||||
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
|
||||
error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
/* stdin is pointed to /dev/null at this point */
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
|
||||
dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
|
||||
error("%s: dup2: %s", tag, strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
if (env != NULL)
|
||||
execve(av[0], av, env);
|
||||
else
|
||||
execv(av[0], av);
|
||||
error("%s %s \"%s\": %s", tag, env == NULL ? "execv" : "execve",
|
||||
command, strerror(errno));
|
||||
_exit(127);
|
||||
default: /* parent */
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
close(p[1]);
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
|
||||
close(p[0]);
|
||||
else if ((f = fdopen(p[0], "r")) == NULL) {
|
||||
error("%s: fdopen: %s", tag, strerror(errno));
|
||||
close(p[0]);
|
||||
/* Don't leave zombie child */
|
||||
kill(pid, SIGTERM);
|
||||
while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
/* Success */
|
||||
debug3_f("%s pid %ld", tag, (long)pid);
|
||||
if (child != NULL)
|
||||
*child = f;
|
||||
return pid;
|
||||
}
|
||||
|
|
39
misc.h
39
misc.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: misc.h,v 1.81 2019/09/03 08:32:11 djm Exp $ */
|
||||
/* $OpenBSD: misc.h,v 1.93 2021/02/15 20:36:35 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -53,6 +53,8 @@ void set_nodelay(int);
|
|||
int set_reuseaddr(int);
|
||||
char *get_rdomain(int);
|
||||
int set_rdomain(int, const char *);
|
||||
int get_sock_af(int);
|
||||
void set_sock_tos(int, int);
|
||||
int waitrfd(int, int *);
|
||||
int timeout_connect(int, const struct sockaddr *, socklen_t, int *);
|
||||
int a2port(const char *);
|
||||
|
@ -65,10 +67,16 @@ char *colon(char *);
|
|||
int parse_user_host_path(const char *, char **, char **, char **);
|
||||
int parse_user_host_port(const char *, char **, char **, int *);
|
||||
int parse_uri(const char *, const char *, char **, char **, int *, char **);
|
||||
long convtime(const char *);
|
||||
int convtime(const char *);
|
||||
const char *fmt_timeframe(time_t t);
|
||||
char *tilde_expand_filename(const char *, uid_t);
|
||||
|
||||
char *dollar_expand(int *, const char *string, ...);
|
||||
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
|
||||
char *percent_dollar_expand(const char *, ...) __attribute__((__sentinel__));
|
||||
char *tohex(const void *, size_t);
|
||||
void xextendf(char **s, const char *sep, const char *fmt, ...)
|
||||
__attribute__((__format__ (printf, 3, 4))) __attribute__((__nonnull__ (3)));
|
||||
void sanitise_stdfd(void);
|
||||
void ms_subtract_diff(struct timeval *, int *);
|
||||
void ms_to_timeval(struct timeval *, int);
|
||||
|
@ -84,12 +92,23 @@ const char *atoi_err(const char *, int *);
|
|||
int parse_absolute_time(const char *, uint64_t *);
|
||||
void format_absolute_time(uint64_t, char *, size_t);
|
||||
int path_absolute(const char *);
|
||||
int stdfd_devnull(int, int, int);
|
||||
|
||||
void sock_set_v6only(int);
|
||||
|
||||
struct passwd *pwcopy(struct passwd *);
|
||||
const char *ssh_gai_strerror(int);
|
||||
|
||||
typedef void privdrop_fn(struct passwd *);
|
||||
typedef void privrestore_fn(void);
|
||||
#define SSH_SUBPROCESS_STDOUT_DISCARD (1) /* Discard stdout */
|
||||
#define SSH_SUBPROCESS_STDOUT_CAPTURE (1<<1) /* Redirect stdout */
|
||||
#define SSH_SUBPROCESS_STDERR_DISCARD (1<<2) /* Discard stderr */
|
||||
#define SSH_SUBPROCESS_UNSAFE_PATH (1<<3) /* Don't check for safe cmd */
|
||||
#define SSH_SUBPROCESS_PRESERVE_ENV (1<<4) /* Keep parent environment */
|
||||
pid_t subprocess(const char *, const char *, int, char **, FILE **, u_int,
|
||||
struct passwd *, privdrop_fn *, privrestore_fn *);
|
||||
|
||||
typedef struct arglist arglist;
|
||||
struct arglist {
|
||||
char **list;
|
||||
|
@ -171,6 +190,13 @@ int opt_flag(const char *opt, int allow_negate, const char **optsp);
|
|||
char *opt_dequote(const char **sp, const char **errstrp);
|
||||
int opt_match(const char **opts, const char *term);
|
||||
|
||||
/* readconf/servconf option lists */
|
||||
void opt_array_append(const char *file, const int line,
|
||||
const char *directive, char ***array, u_int *lp, const char *s);
|
||||
void opt_array_append2(const char *file, const int line,
|
||||
const char *directive, char ***array, int **iarray, u_int *lp,
|
||||
const char *s, int i);
|
||||
|
||||
/* readpass.c */
|
||||
|
||||
#define RP_ECHO 0x0001
|
||||
|
@ -178,11 +204,20 @@ int opt_match(const char **opts, const char *term);
|
|||
#define RP_ALLOW_EOF 0x0004
|
||||
#define RP_USE_ASKPASS 0x0008
|
||||
|
||||
struct notifier_ctx;
|
||||
|
||||
char *read_passphrase(const char *, int);
|
||||
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||
struct notifier_ctx *notify_start(int, const char *, ...)
|
||||
__attribute__((format(printf, 2, 3)));
|
||||
void notify_complete(struct notifier_ctx *, const char *, ...)
|
||||
__attribute__((format(printf, 2, 3)));
|
||||
|
||||
#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
|
||||
#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
|
||||
#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
|
||||
|
||||
typedef void (*sshsig_t)(int);
|
||||
sshsig_t ssh_signal(int, sshsig_t);
|
||||
|
||||
#endif /* _MISC_H */
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue