diff options
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | auth-krb4.c | 10 | ||||
| -rw-r--r-- | auth-passwd.c | 4 | ||||
| -rw-r--r-- | auth-rh-rsa.c | 14 | ||||
| -rw-r--r-- | auth-rhosts.c | 18 | ||||
| -rw-r--r-- | auth-rsa.c | 16 | ||||
| -rw-r--r-- | auth-skey.c | 18 | ||||
| -rw-r--r-- | auth.c | 62 | ||||
| -rw-r--r-- | authfd.c | 24 | ||||
| -rw-r--r-- | authfd.h | 22 | ||||
| -rw-r--r-- | authfile.c | 14 | ||||
| -rw-r--r-- | bufaux.c | 12 | ||||
| -rw-r--r-- | bufaux.h | 12 | ||||
| -rw-r--r-- | buffer.c | 34 | ||||
| -rw-r--r-- | canohost.c | 20 | ||||
| -rw-r--r-- | channels.c | 94 | ||||
| -rw-r--r-- | channels.h | 6 | ||||
| -rw-r--r-- | cipher.c | 34 | ||||
| -rw-r--r-- | cipher.h | 24 | ||||
| -rw-r--r-- | clientloop.c | 59 | ||||
| -rw-r--r-- | compat.c | 6 | ||||
| -rw-r--r-- | compress.c | 22 | ||||
| -rw-r--r-- | compress.h | 14 | ||||
| -rw-r--r-- | crc32.h | 14 | ||||
| -rw-r--r-- | dispatch.c | 78 | ||||
| -rw-r--r-- | dsa.c | 10 | ||||
| -rw-r--r-- | getput.h | 16 | ||||
| -rw-r--r-- | hostfile.c | 14 | ||||
| -rw-r--r-- | hostfile.h | 2 | ||||
| -rw-r--r-- | includes.h | 12 | ||||
| -rw-r--r-- | kex.c | 12 | ||||
| -rw-r--r-- | log-client.c | 14 | ||||
| -rw-r--r-- | log-server.c | 16 | ||||
| -rw-r--r-- | login.c | 20 | ||||
| -rw-r--r-- | match.c | 16 | ||||
| -rw-r--r-- | mpaux.c | 14 | ||||
| -rw-r--r-- | mpaux.h | 14 | ||||
| -rw-r--r-- | nchan.c | 6 | ||||
| -rw-r--r-- | packet.c | 32 | ||||
| -rw-r--r-- | packet.h | 29 | ||||
| -rw-r--r-- | pty.c | 22 | ||||
| -rw-r--r-- | pty.h | 14 | ||||
| -rw-r--r-- | radix.c | 12 | ||||
| -rw-r--r-- | readconf.c | 26 | ||||
| -rw-r--r-- | readconf.h | 22 | ||||
| -rw-r--r-- | readpass.c | 4 | ||||
| -rw-r--r-- | rsa.c | 30 | ||||
| -rw-r--r-- | rsa.h | 14 | ||||
| -rw-r--r-- | scp.c | 20 | ||||
| -rw-r--r-- | servconf.c | 24 | ||||
| -rw-r--r-- | servconf.h | 14 | ||||
| -rw-r--r-- | serverloop.c | 46 | ||||
| -rw-r--r-- | session.c | 25 | ||||
| -rw-r--r-- | ssh-agent.c | 10 | ||||
| -rw-r--r-- | ssh-keygen.c | 4 | ||||
| -rw-r--r-- | ssh.1 | 8 | ||||
| -rw-r--r-- | ssh.c | 42 | ||||
| -rw-r--r-- | ssh.h | 30 | ||||
| -rw-r--r-- | ssh2.h | 20 | ||||
| -rw-r--r-- | sshconnect.c | 56 | ||||
| -rw-r--r-- | sshd.c | 54 | ||||
| -rw-r--r-- | ttymodes.c | 10 | ||||
| -rw-r--r-- | ttymodes.h | 12 | ||||
| -rw-r--r-- | uidswap.c | 8 | ||||
| -rw-r--r-- | uidswap.h | 10 | ||||
| -rw-r--r-- | xmalloc.c | 4 | ||||
| -rw-r--r-- | xmalloc.h | 14 |
67 files changed, 779 insertions, 646 deletions
@@ -1,7 +1,17 @@ +20000415 + - OpenBSD CVS updates. + [ssh.1 ssh.c] + - ssh -2 + [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] + [session.c sshconnect.c] + - check payload for (illegal) extra data + [ALL] + whitespace cleanup + 20000413 - INSTALL doc updates - Merged OpenBSD updates to include paths. - + 20000412 - OpenBSD CVS updates: - [channels.c] diff --git a/auth-krb4.c b/auth-krb4.c index 7e30646f..a2684271 100644 --- a/auth-krb4.c +++ b/auth-krb4.c @@ -19,7 +19,7 @@ extern ServerOptions options; * return 1 on success, 0 on failure, -1 if krb4 is not available */ -int +int auth_krb4_password(struct passwd * pw, const char *password) { AUTH_DAT adata; @@ -135,7 +135,7 @@ krb4_cleanup_proc(void *ignore) } } -int +int krb4_init(uid_t uid) { static int cleanup_registered = 0; @@ -179,7 +179,7 @@ krb4_init(uid_t uid) return 0; } -int +int auth_krb4(const char *server_user, KTEXT auth, char **client) { AUTH_DAT adat = {0}; @@ -252,7 +252,7 @@ auth_krb4(const char *server_user, KTEXT auth, char **client) #endif /* KRB4 */ #ifdef AFS -int +int auth_kerberos_tgt(struct passwd *pw, const char *string) { CREDENTIALS creds; @@ -307,7 +307,7 @@ auth_kerberos_tgt_failure: return 0; } -int +int auth_afs_token(struct passwd *pw, const char *token_string) { CREDENTIALS creds; diff --git a/auth-passwd.c b/auth-passwd.c index 278212aa..d2c2ea87 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -11,7 +11,7 @@ #ifndef USE_PAM -RCSID("$Id: auth-passwd.c,v 1.16 2000/01/22 23:32:03 damien Exp $"); +RCSID("$Id: auth-passwd.c,v 1.17 2000/04/16 01:18:39 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -33,7 +33,7 @@ RCSID("$Id: auth-passwd.c,v 1.16 2000/01/22 23:32:03 damien Exp $"); * Tries to authenticate the user using password. Returns true if * authentication succeeds. */ -int +int auth_password(struct passwd * pw, const char *password) { extern ServerOptions options; diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index d3d90246..150132fb 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -1,21 +1,21 @@ /* - * + * * auth-rh-rsa.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sun May 7 03:08:06 1995 ylo - * + * * Rhosts or /etc/hosts.equiv authentication combined with RSA host * authentication. * */ #include "includes.h" -RCSID("$Id: auth-rh-rsa.c,v 1.9 2000/04/13 02:26:35 damien Exp $"); +RCSID("$Id: auth-rh-rsa.c,v 1.10 2000/04/16 01:18:39 damien Exp $"); #ifdef HAVE_OPENSSL #include <openssl/bn.h> @@ -42,7 +42,7 @@ RCSID("$Id: auth-rh-rsa.c,v 1.9 2000/04/13 02:26:35 damien Exp $"); * its host key. Returns true if authentication succeeds. */ -int +int auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key) { extern ServerOptions options; diff --git a/auth-rhosts.c b/auth-rhosts.c index 318bcfef..6a5c13e4 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,22 +1,22 @@ /* - * + * * auth-rhosts.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 17 05:12:18 1995 ylo - * + * * Rhosts authentication. This file contains code to check whether to admit * the login based on rhosts authentication. This file also processes * /etc/hosts.equiv. - * + * */ #include "includes.h" -RCSID("$Id: auth-rhosts.c,v 1.7 1999/12/27 12:54:55 damien Exp $"); +RCSID("$Id: auth-rhosts.c,v 1.8 2000/04/16 01:18:39 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -30,7 +30,7 @@ RCSID("$Id: auth-rhosts.c,v 1.7 1999/12/27 12:54:55 damien Exp $"); * based on the file, and returns zero otherwise. */ -int +int check_rhosts_file(const char *filename, const char *hostname, const char *ipaddr, const char *client_user, const char *server_user) @@ -146,7 +146,7 @@ check_rhosts_file(const char *filename, const char *hostname, * /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored). */ -int +int auth_rhosts(struct passwd *pw, const char *client_user) { extern ServerOptions options; @@ -1,22 +1,22 @@ /* - * + * * auth-rsa.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Mar 27 01:46:52 1995 ylo - * + * * RSA-based authentication. This code determines whether to admit a login * based on RSA authentication. This file also contains functions to check * validity of the host key. - * + * */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.15 2000/04/13 02:26:35 damien Exp $"); +RCSID("$Id: auth-rsa.c,v 1.16 2000/04/16 01:18:39 damien Exp $"); #include "rsa.h" #include "packet.h" @@ -244,7 +244,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) debug("%.100s, line %lu: bad key syntax", SSH_USER_PERMITTED_KEYS, linenum); packet_send_debug("%.100s, line %lu: bad key syntax", - SSH_USER_PERMITTED_KEYS, linenum); + SSH_USER_PERMITTED_KEYS, linenum); continue; } /* cp now points to the comment part. */ diff --git a/auth-skey.c b/auth-skey.c index f403a196..056efeb9 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -1,7 +1,7 @@ #include "includes.h" #ifdef SKEY -RCSID("$Id: auth-skey.c,v 1.5 1999/12/06 19:04:57 deraadt Exp $"); +RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -15,12 +15,12 @@ RCSID("$Id: auth-skey.c,v 1.5 1999/12/06 19:04:57 deraadt Exp $"); /* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */ -/* +/* * try skey authentication, - * return 1 on success, 0 on failure, -1 if skey is not available + * return 1 on success, 0 on failure, -1 if skey is not available */ -int +int auth_skey_password(struct passwd * pw, const char *password) { if (strncasecmp(password, "s/key", 5) == 0) { @@ -53,18 +53,18 @@ auth_skey_password(struct passwd * pw, const char *password) */ static u_int32_t hash_collapse(s) - u_char *s; + u_char *s; { - int len, target; + int len, target; u_int32_t i; if ((strlen(s) % sizeof(u_int32_t)) == 0) - target = strlen(s); /* Multiple of 4 */ + target = strlen(s); /* Multiple of 4 */ else target = strlen(s) - (strlen(s) % sizeof(u_int32_t)); - + for (i = 0, len = 0; len < target; len += 4) - i ^= ROUND(s + len); + i ^= ROUND(s + len); return i; } @@ -5,7 +5,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.2 2000/04/06 08:55:22 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.4 2000/04/14 10:30:29 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -36,9 +36,9 @@ extern char *forced_command; * DenyUsers or user's primary group is listed in DenyGroups, false will * be returned. If AllowUsers isn't empty and user isn't listed there, or * if AllowGroups isn't empty and user isn't listed there, false will be - * returned. + * returned. * If the user's shell is not executable, false will be returned. - * Otherwise true is returned. + * Otherwise true is returned. */ static int allowed_user(struct passwd * pw) @@ -201,10 +201,10 @@ do_fake_authloop1(char *user) packet_write_wait(); continue; } else if (type == SSH_CMSG_AUTH_PASSWORD && - options.password_authentication && - (password = packet_get_string(&dlen)) != NULL && - dlen == 5 && - strncasecmp(password, "s/key", 5) == 0 ) { + options.password_authentication && + (password = packet_get_string(&dlen)) != NULL && + dlen == 5 && + strncasecmp(password, "s/key", 5) == 0 ) { packet_send_debug(skeyinfo); } if (password != NULL) @@ -457,20 +457,20 @@ do_authloop(struct passwd * pw) break; } - /* - * Check if the user is logging in as root and root logins - * are disallowed. - * Note that root login is allowed for forced commands. - */ - if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) { - if (forced_command) { - log("Root login accepted for forced command."); - } else { - authenticated = 0; - log("ROOT LOGIN REFUSED FROM %.200s", - get_canonical_hostname()); - } - } + /* + * Check if the user is logging in as root and root logins + * are disallowed. + * Note that root login is allowed for forced commands. + */ + if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) { + if (forced_command) { + log("Root login accepted for forced command."); + } else { + authenticated = 0; + log("ROOT LOGIN REFUSED FROM %.200s", + get_canonical_hostname()); + } + } /* Raise logging level */ if (authenticated || @@ -685,6 +685,7 @@ input_service_request(int type, int plen) unsigned int len; int accept = 0; char *service = packet_get_string(&len); + packet_done(); if (strcmp(service, "ssh-userauth") == 0) { if (!userauth_success) { @@ -727,6 +728,7 @@ input_userauth_request(int type, int plen) pw = auth_set_user(user, service); if (pw && strcmp(service, "ssh-connection")==0) { if (strcmp(method, "none") == 0 && try == 1) { + packet_done(); #ifdef USE_PAM /* Do PAM auth with password */ authenticated = auth_pam_password(pw, ""); @@ -740,6 +742,7 @@ input_userauth_request(int type, int plen) if (c) debug("password change not supported"); password = packet_get_string(&len); + packet_done(); #ifdef USE_PAM /* Do PAM auth with password */ authenticated = auth_pam_password(pw, password); @@ -751,11 +754,19 @@ input_userauth_request(int type, int plen) xfree(password); } else if (strcmp(method, "publickey") == 0) { /* XXX TODO */ - char *pkalg; - char *pkblob; - c = packet_get_char(); + char *pkalg, *pkblob, *sig; + int have_sig = packet_get_char(); pkalg = packet_get_string(&len); pkblob = packet_get_string(&len); + if (have_sig) { + sig = packet_get_string(&len); + /* test for correct signature */ + packet_done(); + xfree(sig); + } else { + packet_done(); + /* test whether pkalg/pkblob are acceptable */ + } xfree(pkalg); xfree(pkblob); } @@ -764,7 +775,6 @@ input_userauth_request(int type, int plen) if (authenticated) { /* turn off userauth */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); - /* success! */ packet_start(SSH2_MSG_USERAUTH_SUCCESS); packet_send(); packet_write_wait(); @@ -782,7 +792,7 @@ input_userauth_request(int type, int plen) xfree(user); xfree(method); } -void +void do_authentication2() { dispatch_init(&protocol_error); @@ -1,20 +1,20 @@ /* - * + * * authfd.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Mar 29 01:30:28 1995 ylo - * + * * Functions for connecting the local authentication agent. - * + * */ #include "includes.h" -RCSID("$Id: authfd.c,v 1.11 2000/04/13 02:26:35 damien Exp $"); +RCSID("$Id: authfd.c,v 1.12 2000/04/16 01:18:40 damien Exp $"); #include "ssh.h" #include "rsa.h" @@ -69,7 +69,7 @@ ssh_get_authentication_socket() * ssh_get_authentication_socket(). */ -void +void ssh_close_authentication_socket(int sock) { if (getenv(SSH_AUTHSOCKET_ENV_NAME)) @@ -113,7 +113,7 @@ ssh_get_authentication_connection() * memory. */ -void +void ssh_close_authentication_connection(AuthenticationConnection *ac) { buffer_free(&ac->packet); @@ -343,7 +343,7 @@ error_cleanup: * be used by normal applications. */ -int +int ssh_add_identity(AuthenticationConnection *auth, RSA * key, const char *comment) { @@ -431,7 +431,7 @@ error_cleanup: * meant to be used by normal applications. */ -int +int ssh_remove_identity(AuthenticationConnection *auth, RSA *key) { Buffer buffer; @@ -514,7 +514,7 @@ error_cleanup: * by normal applications. */ -int +int ssh_remove_all_identities(AuthenticationConnection *auth) { Buffer buffer; @@ -1,19 +1,19 @@ /* - * + * * authfd.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Mar 29 01:17:41 1995 ylo - * + * * Functions to interface with the SSH_AUTHENTICATION_FD socket. - * + * */ -/* RCSID("$Id: authfd.h,v 1.4 1999/11/25 00:54:58 damien Exp $"); */ +/* RCSID("$Id: authfd.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */ #ifndef AUTHFD_H #define AUTHFD_H @@ -67,7 +67,7 @@ void ssh_close_authentication_connection(AuthenticationConnection * ac); * integers before the call, and free the comment after a successful call * (before calling ssh_get_next_identity). */ -int +int ssh_get_first_identity(AuthenticationConnection * connection, BIGNUM * e, BIGNUM * n, char **comment); @@ -77,13 +77,13 @@ ssh_get_first_identity(AuthenticationConnection * connection, * function. This returns 0 if there are no more identities. The caller * must free comment after a successful return. */ -int +int ssh_get_next_identity(AuthenticationConnection * connection, BIGNUM * e, BIGNUM * n, char **comment); /* Requests the agent to decrypt the given challenge. Returns true if the agent claims it was able to decrypt it. */ -int +int ssh_decrypt_challenge(AuthenticationConnection * auth, BIGNUM * e, BIGNUM * n, BIGNUM * challenge, unsigned char session_id[16], @@ -95,7 +95,7 @@ ssh_decrypt_challenge(AuthenticationConnection * auth, * be used by normal applications. This returns true if the identity was * successfully added. */ -int +int ssh_add_identity(AuthenticationConnection * connection, RSA * key, const char *comment); @@ -1,21 +1,21 @@ /* - * + * * authfile.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Mar 27 03:52:05 1995 ylo - * + * * This file contains functions for reading and writing identity files, and * for reading the passphrase from the user. - * + * */ #include "includes.h" -RCSID("$Id: authfile.c,v 1.9 2000/04/13 02:26:36 damien Exp $"); +RCSID("$Id: authfile.c,v 1.10 2000/04/16 01:18:40 damien Exp $"); #ifdef HAVE_OPENSSL #include <openssl/bn.h> @@ -1,14 +1,14 @@ /* - * + * * bufaux.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Mar 29 02:24:47 1995 ylo - * + * * Auxiliary functions for storing and retrieving various data types to/from * Buffers. * @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: bufaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $"); +RCSID("$Id: bufaux.c,v 1.11 2000/04/16 01:18:40 damien Exp $"); #include "ssh.h" @@ -1,17 +1,17 @@ /* - * + * * bufaux.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Mar 29 02:18:23 1995 ylo - * + * */ -/* RCSID("$Id: bufaux.h,v 1.4 2000/04/01 01:09:23 damien Exp $"); */ +/* RCSID("$Id: bufaux.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */ #ifndef BUFAUX_H #define BUFAUX_H @@ -1,20 +1,20 @@ /* - * + * * buffer.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sat Mar 18 04:15:33 1995 ylo - * + * * Functions for manipulating fifo buffers (that can grow if needed). - * + * */ #include "includes.h" -RCSID("$Id: buffer.c,v 1.4 2000/04/13 02:26:36 damien Exp $"); +RCSID("$Id: buffer.c,v 1.5 2000/04/16 01:18:40 damien Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -22,7 +22,7 @@ RCSID("$Id: buffer.c,v 1.4 2000/04/13 02:26:36 damien Exp $"); /* Initializes the buffer structure. */ -void +void buffer_init(Buffer *buffer) { buffer->alloc = 4096; @@ -33,7 +33,7 @@ buffer_init(Buffer *buffer) /* Frees any memory used for the buffer. */ -void +void buffer_free(Buffer *buffer) { memset(buffer->buf, 0, buffer->alloc); @@ -45,7 +45,7 @@ buffer_free(Buffer *buffer) * zero the memory. */ -void +void buffer_clear(Buffer *buffer) { buffer->offset = 0; @@ -54,7 +54,7 @@ buffer_clear(Buffer *buffer) /* Appends data to the buffer, expanding it if necessary. */ -void +void buffer_append(Buffer *buffer, const char *data, unsigned int len) { char *cp; @@ -68,7 +68,7 @@ buffer_append(Buffer *buffer, const char *data, unsigned int len) * to the allocated region. */ -void +void buffer_append_space(Buffer *buffer, char **datap, unsigned int len) { /* If the buffer is empty, start using it from the beginning. */ @@ -102,7 +102,7 @@ restart: /* Returns the number of bytes of data in the buffer. */ -unsigned int +unsigned int buffer_len(Buffer *buffer) { return buffer->end - buffer->offset; @@ -110,7 +110,7 @@ buffer_len(Buffer *buffer) /* Gets data from the beginning of the buffer. */ -void +void buffer_get(Buffer *buffer, char *buf, unsigned int len) { if (len > buffer->end - buffer->offset) @@ -121,7 +121,7 @@ buffer_get(Buffer *buffer, char *buf, unsigned int len) /* Consumes the given number of bytes from the beginning of the buffer. */ -void +void buffer_consume(Buffer *buffer, unsigned int bytes) { if (bytes > buffer->end - buffer->offset) @@ -131,7 +131,7 @@ buffer_consume(Buffer *buffer, unsigned int bytes) /* Consumes the given number of bytes from the end of the buffer. */ -void +void buffer_consume_end(Buffer *buffer, unsigned int bytes) { if (bytes > buffer->end - buffer->offset) @@ -149,7 +149,7 @@ buffer_ptr(Buffer *buffer) /* Dumps the contents of the buffer to stderr. */ -void +void buffer_dump(Buffer *buffer) { int i; @@ -1,20 +1,20 @@ /* - * + * * canohost.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sun Jul 2 17:52:22 1995 ylo - * + * * Functions for returning the canonical host name of the remote site. - * + * */ #include "includes.h" -RCSID("$Id: canohost.c,v 1.8 2000/03/11 09:45:41 damien Exp $"); +RCSID("$Id: canohost.c,v 1.9 2000/04/16 01:18:40 damien Exp $"); #include "packet.h" #include "xmalloc.h" @@ -265,7 +265,7 @@ get_sock_port(int sock, int local) /* Returns remote/local port number for the current connection. */ -int +int get_port(int local) { /* @@ -279,13 +279,13 @@ get_port(int local) return get_sock_port(packet_get_connection_in(), local); } -int +int get_peer_port(int sock) { return get_sock_port(sock, 0); } -int +int get_remote_port() { return get_port(0); @@ -1,23 +1,23 @@ /* - * + * * channels.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 24 16:35:24 1995 ylo - * + * * This file contains functions for generic socket connection forwarding. * There is also code for initiating connection forwarding for X11 connections, * arbitrary tcp/ip connections, and the authentication agent connection. - * + * * SSH2 support added by Markus Friedl. */ #include "includes.h" -RCSID("$Id: channels.c,v 1.24 2000/04/12 10:17:38 damien Exp $"); +RCSID("$Id: channels.c,v 1.25 2000/04/16 01:18:41 damien Exp $"); #include "ssh.h" #include "packet.h" @@ -109,7 +109,7 @@ static int have_hostname_in_open = 0; /* Sets specific protocol options. */ -void +void channel_set_options(int hostname_in_open) { have_hostname_in_open = hostname_in_open; @@ -121,7 +121,7 @@ channel_set_options(int hostname_in_open) * and the server has no way to know but to trust the client anyway. */ -void +void channel_permit_all_opens() { all_opens_permitted = 1; @@ -150,7 +150,7 @@ channel_lookup(int id) * remote_name to be freed. */ -int +int channel_new(char *ctype, int type, int rfd, int wfd, int efd, int window, int maxpack, int extended_usage, char *remote_name) { @@ -226,7 +226,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, debug("channel %d: new [%s]", found, remote_name); return found; } -int +int channel_allocate(int type, int sock, char *remote_name) { return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name); @@ -234,7 +234,7 @@ channel_allocate(int type, int sock, char *remote_name) /* Free the channel and close its socket. */ -void +void channel_free(int id) { Channel *c = channel_lookup(id); @@ -361,7 +361,7 @@ channel_pre_output_draining(Channel *c, fd_set * readset, fd_set * writeset) { if (buffer_len(&c->output) == 0) channel_free(c->self); - else + else FD_SET(c->sock, writeset); } @@ -540,8 +540,10 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) packet_put_int(newch); packet_put_int(c->local_window_max); packet_put_int(c->local_maxpacket); + /* target host and port */ packet_put_string(c->path, strlen(c->path)); packet_put_int(c->host_port); + /* originator host and port */ packet_put_cstring(remote_hostname); packet_put_int(remote_port); packet_send(); @@ -782,7 +784,7 @@ channel_handler_init(void) channel_handler_init_15(); } -void +void channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset) { static int did_init = 0; @@ -804,13 +806,13 @@ channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset) } } -void +void channel_prepare_select(fd_set * readset, fd_set * writeset) { channel_handler(channel_pre, readset, writeset); } -void +void channel_after_select(fd_set * readset, fd_set * writeset) { channel_handler(channel_post, readset, writeset); @@ -818,7 +820,7 @@ channel_after_select(fd_set * readset, fd_set * writeset) /* If there is data to send to the connection, send some of it now. */ -void +void channel_output_poll() { int len, i; @@ -909,7 +911,7 @@ channel_output_poll() * still there. */ -void +void channel_input_data(int type, int plen) { int id; @@ -934,6 +936,7 @@ channel_input_data(int type, int plen) /* Get the data. */ data = packet_get_string(&data_len); + packet_done(); if (compat20){ if (data_len > c->local_maxpacket) { @@ -953,7 +956,7 @@ channel_input_data(int type, int plen) buffer_append(&c->output, data, data_len); xfree(data); } -void +void channel_input_extended_data(int type, int plen) { int id; @@ -980,6 +983,7 @@ channel_input_extended_data(int type, int plen) return; } data = packet_get_string(&data_len); + packet_done(); if (data_len > c->local_window) { log("channel %d: rcvd too much extended_data %d, win %d", c->self, data_len, c->local_window); @@ -998,7 +1002,7 @@ channel_input_extended_data(int type, int plen) * more channel is overfull. */ -int +int channel_not_very_much_buffered_data() { unsigned int i; @@ -1022,7 +1026,7 @@ channel_not_very_much_buffered_data() return 1; } -void +void channel_input_ieof(int type, int plen) { int id; @@ -1037,7 +1041,7 @@ channel_input_ieof(int type, int plen) chan_rcvd_ieof(c); } -void +void channel_input_close(int type, int plen) { int id; @@ -1076,7 +1080,7 @@ channel_input_close(int type, int plen) } /* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */ -void +void channel_input_oclose(int type, int plen) { int id = packet_get_int(); @@ -1087,12 +1091,13 @@ channel_input_oclose(int type, int plen) chan_rcvd_oclose(c); } -void +void channel_input_close_confirmation(int type, int plen) { int id = packet_get_int(); Channel *c = channel_lookup(id); + packet_done(); if (c == NULL) packet_disconnect("Received close confirmation for " "out-of-range channel %d.", id); @@ -1102,7 +1107,7 @@ channel_input_close_confirmation(int type, int plen) channel_free(c->self); } -void +void channel_input_open_confirmation(int type, int plen) { int id, remote_id; @@ -1125,6 +1130,7 @@ channel_input_open_confirmation(int type, int plen) if (compat20) { c->remote_window = packet_get_int(); c->remote_maxpacket = packet_get_int(); + packet_done(); if (c->cb_fn != NULL && c->cb_event == type) { debug("callback start"); c->cb_fn(c->self, c->cb_arg); @@ -1135,7 +1141,7 @@ channel_input_open_confirmation(int type, int plen) } } -void +void channel_input_open_failure(int type, int plen) { int id; @@ -1153,8 +1159,11 @@ channel_input_open_failure(int type, int plen) if (compat20) { int reason = packet_get_int(); char *msg = packet_get_string(NULL); + char *lang = packet_get_string(NULL); log("channel_open_failure: %d: reason %d: %s", id, reason, msg); + packet_done(); xfree(msg); + xfree(lang); } /* Free the channel. This will also close the socket. */ channel_free(id); @@ -1185,7 +1194,7 @@ debug("cb_fn %p cb_event %d", c->cb_fn , c->cb_event); } } -void +void channel_input_window_adjust(int type, int plen) { Channel *c; @@ -1204,6 +1213,7 @@ channel_input_window_adjust(int type, int plen) return; } adjust = packet_get_int(); + packet_done(); debug("channel %d: rcvd adjust %d", id, adjust); c->remote_window += adjust; } @@ -1213,7 +1223,7 @@ channel_input_window_adjust(int type, int plen) * might have. */ -void +void channel_stop_listening() { int i; @@ -1240,7 +1250,7 @@ channel_stop_listening() * descriptors after a fork. */ -void +void channel_close_all() { int i; @@ -1252,7 +1262,7 @@ channel_close_all() /* Returns the maximum file descriptor number used by the channels. */ -int +int channel_max_fd() { return channel_max_fd_value; @@ -1260,7 +1270,7 @@ channel_max_fd() /* Returns true if any channel is still open. */ -int +int channel_still_open() { unsigned int i; @@ -1347,7 +1357,7 @@ channel_open_message() * channel to host:port from remote side. */ -void +void channel_request_local_forwarding(u_short port, const char *host, u_short host_port, int gateway_ports) { @@ -1435,7 +1445,7 @@ channel_request_local_forwarding(u_short port, const char *host, * the secure channel to host:port from local side. */ -void +void channel_request_remote_forwarding(u_short listen_port, const char *host_to_connect, u_short port_to_connect) { @@ -1478,7 +1488,7 @@ channel_request_remote_forwarding(u_short listen_port, const char *host_to_conne * message if there was an error). This never returns if there was an error. */ -void +void channel_input_port_forward_request(int is_root) { u_short port, host_port; @@ -1562,7 +1572,7 @@ channel_connect_to(const char *host, u_short host_port) * or CHANNEL_OPEN_FAILURE. */ -void +void channel_input_port_open(int type, int plen) { u_short host_port; @@ -1807,7 +1817,7 @@ connect_local_xsocket(unsigned int dnr) * with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. */ -void +void x11_input_open(int type, int plen) { int remote_channel, display_number, sock = 0, newch; @@ -1911,7 +1921,7 @@ x11_input_open(int type, int plen) } freeaddrinfo(aitop); if (!ai) { - error("connect %.100s port %d: %.100s", buf, 6000 + display_number, + error("connect %.100s port %d: %.100s", buf, 6000 + display_number, strerror(errno)); goto fail; } @@ -1945,7 +1955,7 @@ fail: * data, and enables authentication spoofing. */ -void +void x11_request_forwarding_with_spoofing(const char *proto, const char *data) { unsigned int data_len = (unsigned int) strlen(data) / 2; @@ -2003,7 +2013,7 @@ x11_request_forwarding_with_spoofing(const char *proto, const char *data) /* Sends a message to the server to request authentication fd forwarding. */ -void +void auth_request_forwarding() { packet_start(SSH_CMSG_AGENT_REQUEST_FORWARDING); @@ -2025,7 +2035,7 @@ auth_get_socket_name() /* removes the agent forwarding socket */ -void +void cleanup_socket(void) { remove(channel_forwarded_auth_socket_name); @@ -2037,7 +2047,7 @@ cleanup_socket(void) * This starts forwarding authentication requests. */ -void +void auth_input_request_forwarding(struct passwd * pw) { int sock, newch; @@ -2095,7 +2105,7 @@ auth_input_request_forwarding(struct passwd * pw) /* This is called to process an SSH_SMSG_AGENT_OPEN message. */ -void +void auth_input_open_request(int type, int plen) { int remch, sock, newch; @@ -1,4 +1,4 @@ -/* RCSID("$Id: channels.h,v 1.6 2000/04/04 04:39:01 damien Exp $"); */ +/* RCSID("$Id: channels.h,v 1.7 2000/04/16 01:18:41 damien Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H @@ -149,7 +149,7 @@ char *channel_open_message(void); * channel to host:port from remote side. This never returns if there was an * error. */ -void +void channel_request_local_forwarding(u_short port, const char *host, u_short remote_port, int gateway_ports); @@ -159,7 +159,7 @@ channel_request_local_forwarding(u_short port, const char *host, * there was an error. This registers that open requests for that port are * permitted. */ -void +void channel_request_remote_forwarding(u_short port, const char *host, u_short remote_port); @@ -1,18 +1,18 @@ /* - * + * * cipher.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Apr 19 17:41:39 1995 ylo - * + * */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.18 2000/04/13 02:26:36 damien Exp $"); +RCSID("$Id: cipher.c,v 1.19 2000/04/16 01:18:41 damien Exp $"); #include "ssh.h" #include "cipher.h" @@ -138,7 +138,7 @@ static char *cipher_names[] = * supported cipher. */ -unsigned int +unsigned int cipher_mask1() { unsigned int mask = 0; @@ -146,7 +146,7 @@ cipher_mask1() mask |= 1 << SSH_CIPHER_BLOWFISH; return mask; } -unsigned int +unsigned int cipher_mask2() { unsigned int mask = 0; @@ -156,7 +156,7 @@ cipher_mask2() mask |= 1 << SSH_CIPHER_CAST128_CBC; return mask; } -unsigned int +unsigned int cipher_mask() { return cipher_mask1() | cipher_mask2(); @@ -218,7 +218,7 @@ cipher_number(const char *name) * passphrase and using the resulting 16 bytes as the key. */ -void +void cipher_set_key_string(CipherContext *context, int cipher, const char *passphrase) { MD5_CTX md; @@ -236,7 +236,7 @@ cipher_set_key_string(CipherContext *context, int cipher, const char *passphrase /* Selects the cipher to use and sets the key. */ -void +void cipher_set_key(CipherContext *context, int cipher, const unsigned char *key, int keylen) { @@ -297,9 +297,9 @@ cipher_set_key(CipherContext *context, int cipher, const unsigned char *key, memset(padded, 0, sizeof(padded)); } -void +void cipher_set_key_iv(CipherContext * context, int cipher, - const unsigned char *key, int keylen, + const unsigned char *key, int keylen, const unsigned char *iv, int ivlen) { /* Set cipher type. */ @@ -357,7 +357,7 @@ cipher_set_key_iv(CipherContext * context, int cipher, /* Encrypts data using the cipher. */ -void +void cipher_encrypt(CipherContext *context, unsigned char *dest, const unsigned char *src, unsigned int len) { @@ -379,14 +379,14 @@ cipher_encrypt(CipherContext *context, unsigned char *dest, case SSH_CIPHER_BLOWFISH: swap_bytes(src, dest, len); BF_cbc_encrypt(dest, dest, len, - &context->u.bf.key, context->u.bf.iv, + &context->u.bf.key, context->u.bf.iv, BF_ENCRYPT); swap_bytes(dest, dest, len); break; case SSH_CIPHER_BLOWFISH_CBC: BF_cbc_encrypt((void *)src, dest, len, - &context->u.bf.key, context->u.bf.iv, + &context->u.bf.key, context->u.bf.iv, BF_ENCRYPT); break; @@ -412,7 +412,7 @@ cipher_encrypt(CipherContext *context, unsigned char *dest, /* Decrypts data using the cipher. */ -void +void cipher_decrypt(CipherContext *context, unsigned char *dest, const unsigned char *src, unsigned int len) { @@ -1,17 +1,17 @@ /* - * + * * cipher.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Apr 19 16:50:42 1995 ylo - * + * */ -/* RCSID("$Id: cipher.h,v 1.10 2000/04/13 02:26:36 damien Exp $"); */ +/* RCSID("$Id: cipher.h,v 1.11 2000/04/16 01:18:41 damien Exp $"); */ #ifndef CIPHER_H #define CIPHER_H @@ -95,29 +95,29 @@ int ciphers_valid(const char *names); * Selects the cipher to use and sets the key. If for_encryption is true, * the key is setup for encryption; otherwise it is setup for decryption. */ -void +void cipher_set_key(CipherContext * context, int cipher, const unsigned char *key, int keylen); -void +void cipher_set_key_iv(CipherContext * context, int cipher, - const unsigned char *key, int keylen, + const unsigned char *key, int keylen, const unsigned char *iv, int ivlen); /* * Sets key for the cipher by computing the MD5 checksum of the passphrase, * and using the resulting 16 bytes as the key. */ -void +void cipher_set_key_string(CipherContext * context, int cipher, const char *passphrase); /* Encrypts data using the cipher. */ -void +void cipher_encrypt(CipherContext * context, unsigned char *dest, const unsigned char *src, unsigned int len); /* Decrypts data using the cipher. */ -void +void cipher_decrypt(CipherContext * context, unsigned char *dest, const unsigned char *src, unsigned int len); diff --git a/clientloop.c b/clientloop.c index 91a20066..cc25ca55 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,22 +1,22 @@ /* - * + * * clientloop.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * - * + * + * * Created: Sat Sep 23 12:23:57 1995 ylo - * + * * The main loop for the interactive session (client side). - * + * * SSH2 support added by Markus Friedl. */ #include "includes.h" -RCSID("$Id: clientloop.c,v 1.10 2000/04/12 10:17:39 damien Exp $"); +RCSID("$Id: clientloop.c,v 1.11 2000/04/16 01:18:41 damien Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -83,7 +83,7 @@ int session_ident = -1; /* Returns the user\'s terminal to normal mode if it had been put in raw mode. */ -void +void leave_raw_mode() { if (!in_raw_mode) @@ -97,7 +97,7 @@ leave_raw_mode() /* Puts the user\'s terminal in raw mode. */ -void +void enter_raw_mode() { struct termios tio; @@ -123,7 +123,7 @@ enter_raw_mode() /* Restores stdin to blocking mode. */ -void +void leave_non_blocking() { if (in_non_blocking_mode) { @@ -135,7 +135,7 @@ leave_non_blocking() /* Puts stdin terminal in non-blocking mode. */ -void +void enter_non_blocking() { in_non_blocking_mode = 1; @@ -148,7 +148,7 @@ enter_non_blocking() * flag indicating that the window has changed. */ -void +void window_change_handler(int sig) { received_window_change_signal = 1; @@ -160,7 +160,7 @@ window_change_handler(int sig) * signals must be trapped to restore terminal modes. */ -void +void signal_handler(int sig) { if (in_raw_mode) @@ -177,7 +177,7 @@ signal_handler(int sig) * available resolution. */ -double +double get_current_time() { struct timeval tv; @@ -191,7 +191,7 @@ get_current_time() * not appear to wake up when redirecting from /dev/null. */ -void +void client_check_initial_eof_on_stdin() { int len; @@ -245,7 +245,7 @@ client_check_initial_eof_on_stdin() * connection. */ -void +void client_make_packets_from_stdin_data() { unsigned int len; @@ -276,7 +276,7 @@ client_make_packets_from_stdin_data() * appropriate. */ -void +void client_check_window_change() { struct winsize ws; @@ -313,7 +313,7 @@ client_check_window_change() * one of the file descriptors). */ -void +void client_wait_until_can_do_something(fd_set * readset, fd_set * writeset) { /*debug("client_wait_until_can_do_something"); */ @@ -380,7 +380,7 @@ client_wait_until_can_do_something(fd_set * readset, fd_set * writeset) } } -void +void client_suspend_self() { struct winsize oldws, newws; @@ -425,7 +425,7 @@ client_suspend_self() enter_raw_mode(); } -void +void client_process_net_input(fd_set * readset) { int len; @@ -468,7 +468,7 @@ client_process_net_input(fd_set * readset) } } -void +void client_process_input(fd_set * readset) { int len, pid; @@ -657,7 +657,7 @@ Supported escape sequences:\r\n\ } } -void +void client_process_output(fd_set * writeset) { int len; @@ -717,7 +717,7 @@ client_process_output(fd_set * writeset) * preparatory phase. */ -void +void client_process_buffered_input_packets() { dispatch_run(DISPATCH_NONBLOCK, &quit_pending); @@ -730,7 +730,7 @@ client_process_buffered_input_packets() * character for terminating or suspending the session. */ -int +int client_loop(int have_pty, int escape_char_arg) { extern Options options; @@ -953,7 +953,7 @@ client_input_exit_status(int type, int plen) quit_pending = 1; } -void +void client_init_dispatch_20() { dispatch_init(&dispatch_protocol_error); @@ -966,7 +966,7 @@ client_init_dispatch_20() dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request); dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); } -void +void client_init_dispatch_13() { dispatch_init(NULL); @@ -983,14 +983,14 @@ client_init_dispatch_13() dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open); } -void +void client_init_dispatch_15() { client_init_dispatch_13(); dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof); dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, & channel_input_oclose); } -void +void client_init_dispatch() { if (compat20) @@ -1027,6 +1027,7 @@ client_input_channel_req(int id, void *arg) } else if (strcmp(rtype, "exit-status") == 0) { success = 1; exit_status = packet_get_int(); + packet_done(); } if (reply) { packet_start(success ? @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: compat.c,v 1.7 2000/04/12 10:17:39 damien Exp $"); +RCSID("$Id: compat.c,v 1.8 2000/04/16 01:18:42 damien Exp $"); #include "ssh.h" #include "packet.h" @@ -39,14 +39,14 @@ int compat13 = 0; int compat20 = 0; int datafellows = 0; -void +void enable_compat20(void) { verbose("Enabling compatibility mode for protocol 2.0"); compat20 = 1; packet_set_ssh2_format(); } -void +void enable_compat13(void) { verbose("Enabling compatibility mode for protocol 1.3"); @@ -1,20 +1,20 @@ /* - * + * * compress.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Oct 25 22:12:46 1995 ylo - * + * * Interface to packet compression for ssh. - * + * */ #include "includes.h" -RCSID("$Id: compress.c,v 1.5 2000/04/01 01:09:24 damien Exp $"); +RCSID("$Id: compress.c,v 1.6 2000/04/16 01:18:42 damien Exp $"); #include "ssh.h" #include "buffer.h" @@ -28,7 +28,7 @@ static z_stream outgoing_stream; * (as in gzip). */ -void +void buffer_compress_init(int level) { debug("Enabling compression at level %d.", level); @@ -40,7 +40,7 @@ buffer_compress_init(int level) /* Frees any data structures allocated for compression. */ -void +void buffer_compress_uninit() { debug("compress outgoing: raw data %lu, compressed %lu, factor %.2f", @@ -64,7 +64,7 @@ buffer_compress_uninit() * receiver. This appends the compressed data to the output buffer. */ -void +void buffer_compress(Buffer * input_buffer, Buffer * output_buffer) { char buf[4096]; @@ -108,7 +108,7 @@ buffer_compress(Buffer * input_buffer, Buffer * output_buffer) * with that. This appends the uncompressed data to the output buffer. */ -void +void buffer_uncompress(Buffer * input_buffer, Buffer * output_buffer) { char buf[4096]; @@ -1,19 +1,19 @@ /* - * + * * compress.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Oct 25 22:12:46 1995 ylo - * + * * Interface to packet compression for ssh. - * + * */ -/* RCSID("$Id: compress.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */ +/* RCSID("$Id: compress.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */ #ifndef COMPRESS_H #define COMPRESS_H @@ -1,19 +1,19 @@ /* - * + * * crc32.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1992 Tatu Ylonen, Espoo, Finland * All rights reserved - * + * * Created: Tue Feb 11 14:37:27 1992 ylo - * + * * Functions for computing 32-bit CRC. - * + * */ -/* RCSID("$Id: crc32.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */ +/* RCSID("$Id: crc32.h,v 1.4 2000/04/16 01:18:42 damien Exp $"); */ #ifndef CRC32_H #define CRC32_H diff --git a/dispatch.c b/dispatch.c new file mode 100644 index 00000000..50f11f3c --- /dev/null +++ b/dispatch.c @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Markus Friedl. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "includes.h" +RCSID("$Id: dispatch.c,v 1.3 2000/04/16 01:18:42 damien Exp $"); +#include "ssh.h" +#include "dispatch.h" +#include "packet.h" + +#define DISPATCH_MIN 0 +#define DISPATCH_MAX 255 + +dispatch_fn *dispatch[DISPATCH_MAX]; + +void +dispatch_protocol_error(int type, int plen) +{ + error("Hm, dispatch protocol error: type %d plen %d", type, plen); +} +void +dispatch_init(dispatch_fn *dflt) +{ + int i; + for (i = 0; i < DISPATCH_MAX; i++) + dispatch[i] = dflt; +} +void +dispatch_set(int type, dispatch_fn *fn) +{ + dispatch[type] = fn; +} +void +dispatch_run(int mode, int *done) +{ + for (;;) { + int plen; + int type; + + if (mode == DISPATCH_BLOCK) { + type = packet_read(&plen); + } else { + type = packet_read_poll(&plen); + if (type == SSH_MSG_NONE) + return; + } + if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL) + (*dispatch[type])(type, plen); + else + packet_disconnect("protocol error: rcvd type %d", type); + if (done != NULL && *done) + return; + } +} @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: dsa.c,v 1.3 2000/04/12 09:39:10 markus Exp $"); +RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -108,7 +108,7 @@ dsa_load_private(char *filename) in = BIO_new(BIO_s_file()); if (in == NULL) fatal("BIO_new failed"); - if (BIO_read_filename(in, filename) <= 0) + if (BIO_read_filename(in, filename) <= 0) fatal("BIO_read failed %s: %s", filename, strerror(errno)); fprintf(stderr, "read DSA private key\n"); dsa = PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL); @@ -182,9 +182,9 @@ dsa_sign( sig = DSA_do_sign(digest, evp_md->md_size, key->dsa); - rlen = BN_num_bytes(sig->r); - slen = BN_num_bytes(sig->s); - if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { + rlen = BN_num_bytes(sig->r); + slen = BN_num_bytes(sig->s); + if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { error("bad sig size %d %d", rlen, slen); DSA_SIG_free(sig); return -1; @@ -1,19 +1,19 @@ /* - * + * * getput.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Wed Jun 28 22:36:30 1995 ylo - * + * * Macros for storing and retrieving data in msb first and lsb first order. - * + * */ -/* RCSID("$Id: getput.h,v 1.2 1999/11/24 13:26:22 damien Exp $"); */ +/* RCSID("$Id: getput.h,v 1.3 2000/04/16 01:18:42 damien Exp $"); */ #ifndef GETPUT_H #define GETPUT_H @@ -21,7 +21,7 @@ /*------------ macros for storing/extracting msb first words -------------*/ #define GET_32BIT(cp) (((unsigned long)(unsigned char)(cp)[0] << 24) | \ - ((unsigned long)(unsigned char)(cp)[1] << 16) | \ + ((unsigned long)(unsigned char)(cp)[1] << 16) | \ ((unsigned long)(unsigned char)(cp)[2] << 8) | \ ((unsigned long)(unsigned char)(cp)[3])) @@ -1,20 +1,20 @@ /* - * + * * hostfile.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Thu Jun 29 07:10:56 1995 ylo - * + * * Functions for manipulating the known hosts files. - * + * */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.15 2000/04/12 09:39:10 markus Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.16 2000/04/14 10:30:31 markus Exp $"); #ifdef HAVE_OPENSSL #include <openssl/bn.h> @@ -10,7 +10,7 @@ typedef enum { HOST_OK, HOST_NEW, HOST_CHANGED } HostStatus; -HostStatus +HostStatus check_host_in_hostfile(const char *filename, const char *host, Key *key, Key *found); /* @@ -1,16 +1,16 @@ /* - * + * * includes.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Thu Mar 23 16:29:37 1995 ylo - * + * * This file includes most of the needed system headers. - * + * */ #ifndef INCLUDES_H @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: kex.c,v 1.4 2000/04/13 02:26:36 damien Exp $"); +RCSID("$Id: kex.c,v 1.5 2000/04/16 01:18:43 damien Exp $"); #include "ssh.h" #include "ssh2.h" @@ -149,12 +149,12 @@ void dump_digest(unsigned char *digest, int len) { int i; - for (i = 0; i< len; i++){ - fprintf(stderr, "%02x", digest[i]); + for (i = 0; i< len; i++){ + fprintf(stderr, "%02x", digest[i]); if(i%2!=0) fprintf(stderr, " "); } - fprintf(stderr, "\n"); + fprintf(stderr, "\n"); } unsigned char * @@ -201,7 +201,7 @@ kex_hash( buffer_free(&b); #ifdef DEBUG_KEX - dump_digest(digest, evp_md->md_size); + dump_digest(digest, evp_md->md_size); #endif return digest; } @@ -345,7 +345,7 @@ choose_kex(Kex *k, char *client, char *server) k->name = get_match(client, server); if (k->name == NULL) fatal("no kex alg"); - if (strcmp(k->name, KEX_DH1) != 0) + if (strcmp(k->name, KEX_DH1) != 0) fatal("bad kex alg %s", k->name); } void diff --git a/log-client.c b/log-client.c index 11ac45d7..e86a2e33 100644 --- a/log-client.c +++ b/log-client.c @@ -1,21 +1,21 @@ /* - * + * * log-client.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Mar 20 21:13:40 1995 ylo - * + * * Client-side versions of debug(), log(), etc. These print to stderr. * This is a stripped down version of log-server.c. - * + * */ #include "includes.h" -RCSID("$Id: log-client.c,v 1.5 2000/03/09 10:27:50 damien Exp $"); +RCSID("$Id: log-client.c,v 1.6 2000/04/16 01:18:43 damien Exp $"); #include "xmalloc.h" #include "ssh.h" diff --git a/log-server.c b/log-server.c index 476e49f8..9070b653 100644 --- a/log-server.c +++ b/log-server.c @@ -1,21 +1,21 @@ /* - * + * * log-server.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Mar 20 21:19:30 1995 ylo - * + * * Server-side versions of debug(), log(), etc. These normally send the output * to the system log. - * + * */ #include "includes.h" -RCSID("$Id: log-server.c,v 1.8 2000/04/01 01:09:24 damien Exp $"); +RCSID("$Id: log-server.c,v 1.9 2000/04/16 01:18:43 damien Exp $"); #include <syslog.h> #include "packet.h" @@ -38,7 +38,7 @@ static int log_facility = LOG_AUTH; * level logging level */ -void +void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) { switch (level) { @@ -1,24 +1,24 @@ /* - * + * * login.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 24 14:51:08 1995 ylo - * + * * This file performs some of the things login(1) normally does. We cannot * easily use something like login -p -h host -f user, because there are * several different logins around, and it is hard to determined what kind of * login the current system has. Also, we want to be able to execute commands * on a tty. - * + * */ #include "includes.h" -RCSID("$Id: login.c,v 1.22 2000/02/02 08:17:41 damien Exp $"); +RCSID("$Id: login.c,v 1.23 2000/04/16 01:18:43 damien Exp $"); #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) # include <utmpx.h> @@ -49,7 +49,7 @@ RCSID("$Id: login.c,v 1.22 2000/02/02 08:17:41 damien Exp $"); * is found). The name of the host used last time is returned in buf. */ -unsigned long +unsigned long get_last_login_time(uid_t uid, const char *logname, char *buf, unsigned int bufsize) { @@ -135,7 +135,7 @@ get_last_login_time(uid_t uid, const char *logname, * were more standardized. */ -void +void record_login(int pid, const char *ttyname, const char *user, uid_t uid, const char *host, struct sockaddr * addr) { @@ -273,7 +273,7 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid, /* Records that the user has logged out. */ -void +void record_logout(int pid, const char *ttyname) { #ifdef HAVE_LIBUTIL_LOGIN @@ -1,20 +1,20 @@ /* - * + * * match.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Thu Jun 22 01:17:50 1995 ylo - * + * * Simple pattern matching, with '*' and '?' as wildcards. - * + * */ #include "includes.h" -RCSID("$Id: match.c,v 1.4 2000/03/26 03:04:53 damien Exp $"); +RCSID("$Id: match.c,v 1.5 2000/04/16 01:18:43 damien Exp $"); #include "ssh.h" @@ -23,7 +23,7 @@ RCSID("$Id: match.c,v 1.4 2000/03/26 03:04:53 damien Exp $"); * and * as wildcards), and zero if it does not match. */ -int +int match_pattern(const char *s, const char *pattern) { for (;;) { @@ -1,21 +1,21 @@ /* - * + * * mpaux.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sun Jul 16 04:29:30 1995 ylo - * + * * This file contains various auxiliary functions related to multiple * precision integers. - * + * */ #include "includes.h" -RCSID("$Id: mpaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $"); +RCSID("$Id: mpaux.c,v 1.11 2000/04/16 01:18:43 damien Exp $"); #include "getput.h" #include "xmalloc.h" @@ -1,19 +1,19 @@ /* - * + * * mpaux.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sun Jul 16 04:29:30 1995 ylo - * + * * This file contains various auxiliary functions related to multiple * precision integers. */ -/* RCSID("$Id: mpaux.h,v 1.4 1999/11/25 00:54:59 damien Exp $"); */ +/* RCSID("$Id: mpaux.h,v 1.5 2000/04/16 01:18:43 damien Exp $"); */ #ifndef MPAUX_H #define MPAUX_H @@ -23,7 +23,7 @@ * session id is computed by concatenating the linearized, msb first * representations of host_key_n, session_key_n, and the cookie. */ -void +void compute_session_id(unsigned char session_id[16], unsigned char cookie[8], BIGNUM * host_key_n, @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: nchan.c,v 1.7 2000/04/04 04:39:02 damien Exp $"); +RCSID("$Id: nchan.c,v 1.8 2000/04/16 01:18:43 damien Exp $"); #include "ssh.h" @@ -389,11 +389,11 @@ chan_delete_if_full_closed2(Channel *c) if (!(c->flags & CHAN_CLOSE_SENT)) { chan_send_close2(c); } - if ((c->flags & CHAN_CLOSE_SENT) && + if ((c->flags & CHAN_CLOSE_SENT) && (c->flags & CHAN_CLOSE_RCVD)) { debug("channel %d: full closed2", c->self); channel_free(c->self); - } + } } } @@ -1,14 +1,14 @@ /* - * + * * packet.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sat Mar 18 02:40:40 1995 ylo - * + * * This file contains code implementing the packet protocol and communication * with the other side. This same code is used both on client and server side. * @@ -17,7 +17,7 @@ */ #include "includes.h" -RCSID("$Id: packet.c,v 1.17 2000/04/13 02:26:37 damien Exp $"); +RCSID("$Id: packet.c,v 1.18 2000/04/16 01:18:43 damien Exp $"); #ifdef HAVE_OPENSSL # include <openssl/bn.h> @@ -529,7 +529,7 @@ packet_send2() unsigned int packet_length = 0; unsigned int i, padlen, len; u_int32_t rand = 0; - static unsigned int seqnr = 0; + static unsigned int seqnr = 0; int type; Enc *enc = NULL; Mac *mac = NULL; @@ -611,9 +611,9 @@ packet_send2() fprintf(stderr, "encrypted: "); buffer_dump(&output); #endif - /* increment sequence number for outgoing packets */ - if (++seqnr == 0) - log("outgoing seqnr wraps around"); + /* increment sequence number for outgoing packets */ + if (++seqnr == 0) + log("outgoing seqnr wraps around"); buffer_clear(&outgoing_packet); if (type == SSH2_MSG_NEWKEYS) { @@ -877,7 +877,7 @@ packet_read_poll2(int *payload_len_ptr) * compute MAC over seqnr and packet, * increment sequence number for incoming packet */ - if (mac && mac->enabled) { + if (mac && mac->enabled) { macbuf = hmac( mac->md, seqnr, (unsigned char *) buffer_ptr(&incoming_packet), buffer_len(&incoming_packet), @@ -888,8 +888,8 @@ packet_read_poll2(int *payload_len_ptr) DBG(debug("HMAC #%d ok", seqnr)); buffer_consume(&input, mac->mac_len); } - if (++seqnr == 0) - log("incoming seqnr wraps around"); + if (++seqnr == 0) + log("incoming seqnr wraps around"); /* get padlen */ cp = buffer_ptr(&incoming_packet) + 4; @@ -1063,6 +1063,12 @@ packet_get_raw(int *length_ptr) return buffer_ptr(&incoming_packet); } +int +packet_remaining(void) +{ + return buffer_len(&incoming_packet); +} + /* * Returns a string from the packet data. The string is allocated using * xmalloc; it is the responsibility of the calling program to free it when @@ -1,19 +1,19 @@ /* - * + * * packet.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sat Mar 18 02:02:14 1995 ylo - * + * * Interface for the packet protocol functions. - * + * */ -/* RCSID("$Id: packet.h,v 1.13 2000/04/13 02:26:37 damien Exp $"); */ +/* RCSID("$Id: packet.h,v 1.14 2000/04/16 01:18:44 damien Exp $"); */ #ifndef PACKET_H #define PACKET_H @@ -52,7 +52,7 @@ void packet_close(void); * key is used for both sending and reception. However, both directions are * encrypted independently of each other. Cipher types are defined in ssh.h. */ -void +void packet_set_encryption_key(const unsigned char *key, unsigned int keylen, int cipher_type); @@ -201,6 +201,16 @@ do { \ } \ } while (0) +#define packet_done() \ +do { \ + int _len = packet_remaining(); \ + if (_len > 0) { \ + log("Packet integrity error (%d bytes remaining) at %s:%d", \ + _len ,__FILE__, __LINE__); \ + packet_disconnect("Packet integrity error."); \ + } \ +} while (0) + /* remote host is connected via a socket/ipv4 */ int packet_connection_is_on_socket(void); int packet_connection_is_ipv4(void); @@ -208,4 +218,7 @@ int packet_connection_is_ipv4(void); /* enable SSH2 packet format */ void packet_set_ssh2_format(void); +/* returns remaining payload bytes */ +int packet_remaining(void); + #endif /* PACKET_H */ @@ -1,20 +1,20 @@ /* - * + * * pty.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 17 04:37:25 1995 ylo - * + * * Allocating a pseudo-terminal, and making it the controlling tty. - * + * */ #include "includes.h" -RCSID("$Id: pty.c,v 1.17 2000/03/17 12:58:59 damien Exp $"); +RCSID("$Id: pty.c,v 1.18 2000/04/16 01:18:44 damien Exp $"); #ifdef HAVE_UTIL_H # include <util.h> @@ -46,7 +46,7 @@ RCSID("$Id: pty.c,v 1.17 2000/03/17 12:58:59 damien Exp $"); * returned (the buffer must be able to hold at least 64 characters). */ -int +int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) { #if defined(HAVE_OPENPTY) || defined(BSD4_4) @@ -186,7 +186,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) /* Releases the tty. Its ownership is returned to root, and permissions to 0666. */ -void +void pty_release(const char *ttyname) { if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0) @@ -197,7 +197,7 @@ pty_release(const char *ttyname) /* Makes the tty the processes controlling tty and sets it to sane modes. */ -void +void pty_make_controlling_tty(int *ttyfd, const char *ttyname) { int fd; @@ -250,7 +250,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) /* Changes the window size associated with the pty. */ -void +void pty_change_window_size(int ptyfd, int row, int col, int xpixel, int ypixel) { @@ -1,19 +1,19 @@ /* - * + * * pty.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 17 05:03:28 1995 ylo - * + * * Functions for allocating a pseudo-terminal and making it the controlling * tty. */ -/* RCSID("$Id: pty.h,v 1.7 2000/04/01 01:09:25 damien Exp $"); */ +/* RCSID("$Id: pty.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */ #ifndef PTY_H #define PTY_H @@ -39,7 +39,7 @@ void pty_release(const char *ttyname); void pty_make_controlling_tty(int *ttyfd, const char *ttyname); /* Changes the window size associated with the pty. */ -void +void pty_change_window_size(int ptyfd, int row, int col, int xpixel, int ypixel); @@ -1,10 +1,10 @@ /* * radix.c - * + * * base-64 encoding pinched from lynx2-7-2, who pinched it from rpem. * Originally written by Mark Riordan 12 August 1990 and 17 Feb 1991 * and placed in the public domain. - * + * * Dug Song <dugsong@UMICH.EDU> */ @@ -23,7 +23,7 @@ char six2pr[64] = { unsigned char pr2six[256]; -int +int uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded) { /* ENC is the basic 1 character encoding function to make a char printing */ @@ -49,7 +49,7 @@ uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded) return (outptr - bufcoded); } -int +int uudecode(const char *bufcoded, unsigned char *bufplain, int outbufsize) { /* single character decode */ @@ -162,7 +162,7 @@ typedef unsigned short my_u_short; } -int +int creds_to_radix(CREDENTIALS *creds, unsigned char *buf) { char *p, *s; @@ -216,7 +216,7 @@ creds_to_radix(CREDENTIALS *creds, unsigned char *buf) return (uuencode((unsigned char *)temp, len, (char *)buf)); } -int +int radix_to_creds(const char *buf, CREDENTIALS *creds) { @@ -1,20 +1,20 @@ /* - * + * * readconf.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sat Apr 22 00:03:10 1995 ylo - * + * * Functions for reading the configuration files. - * + * */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.10 2000/04/12 10:17:40 damien Exp $"); +RCSID("$Id: readconf.c,v 1.11 2000/04/16 01:18:44 damien Exp $"); #include "ssh.h" #include "cipher.h" @@ -167,7 +167,7 @@ static struct { * error. */ -void +void add_local_forward(Options *options, u_short port, const char *host, u_short host_port) { @@ -188,7 +188,7 @@ add_local_forward(Options *options, u_short port, const char *host, * an error. */ -void +void add_remote_forward(Options *options, u_short port, const char *host, u_short host_port) { @@ -207,7 +207,7 @@ add_remote_forward(Options *options, u_short port, const char *host, * returns if the token is not known. */ -static OpCodes +static OpCodes parse_token(const char *cp, const char *filename, int linenum) { unsigned int i; @@ -567,7 +567,7 @@ parse_int: * there is an error. If the file does not exist, this returns immediately. */ -void +void read_config_file(const char *filename, const char *host, Options *options) { FILE *f; @@ -607,7 +607,7 @@ read_config_file(const char *filename, const char *host, Options *options) * system config file. Last, fill_default_options is called. */ -void +void initialize_options(Options * options) { memset(options, 'X', sizeof(*options)); @@ -658,7 +658,7 @@ initialize_options(Options * options) * options for which no value has been specified with their default values. */ -void +void fill_default_options(Options * options) { if (options->forward_agent == -1) @@ -1,19 +1,19 @@ /* - * + * * readconf.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sat Apr 22 00:25:29 1995 ylo - * + * * Functions for reading the configuration file. - * + * */ -/* RCSID("$Id: readconf.h,v 1.7 2000/04/12 10:17:40 damien Exp $"); */ +/* RCSID("$Id: readconf.h,v 1.8 2000/04/16 01:18:44 damien Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -106,7 +106,7 @@ void fill_default_options(Options * options); * only sets those values that have not already been set. Returns 0 for legal * options */ -int +int process_config_line(Options * options, const char *host, char *line, const char *filename, int linenum, int *activep); @@ -116,7 +116,7 @@ process_config_line(Options * options, const char *host, * should already be initialized before this call. This never returns if * there is an error. If the file does not exist, this returns immediately. */ -void +void read_config_file(const char *filename, const char *host, Options * options); @@ -124,7 +124,7 @@ read_config_file(const char *filename, const char *host, * Adds a local TCP/IP port forward to options. Never returns if there is an * error. */ -void +void add_local_forward(Options * options, u_short port, const char *host, u_short host_port); @@ -132,7 +132,7 @@ add_local_forward(Options * options, u_short port, const char *host, * Adds a remote TCP/IP port forward to options. Never returns if there is * an error. */ -void +void add_remote_forward(Options * options, u_short port, const char *host, u_short host_port); @@ -32,7 +32,7 @@ */ #include "includes.h" -RCSID("$Id: readpass.c,v 1.5 2000/01/22 08:47:21 damien Exp $"); +RCSID("$Id: readpass.c,v 1.6 2000/04/16 01:18:44 damien Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -58,7 +58,7 @@ read_passphrase(const char *prompt, int from_stdin) sigset_t oset, nset; struct sigaction sa, osa; int input, output, echo = 0; - + if (from_stdin) { input = STDIN_FILENO; output = STDERR_FILENO; @@ -1,41 +1,41 @@ /* - * + * * rsa.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 3 22:07:06 1995 ylo - * + * * Description of the RSA algorithm can be found e.g. from the following sources: - * + * * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994. - * + * * Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to * Computer Security. Prentice-Hall, 1989. - * + * * Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill, * 1994. - * + * * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications * System and Method. US Patent 4,405,829, 1983. - * + * * Hans Riesel: Prime Numbers and Computer Methods for Factorization. * Birkhauser, 1994. - * + * * The RSA Frequently Asked Questions document by RSA Data Security, Inc., 1995. - * + * * RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as included * below: - * + * * [gone - had to be deleted - what a pity] - * + * */ #include "includes.h" -RCSID("$Id: rsa.c,v 1.13 2000/04/04 04:57:08 damien Exp $"); +RCSID("$Id: rsa.c,v 1.14 2000/04/16 01:18:45 damien Exp $"); #include "rsa.h" #include "ssh.h" @@ -1,19 +1,19 @@ /* - * + * * rsa.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 3 22:01:06 1995 ylo - * + * * RSA key generation, encryption and decryption. - * + * */ -/* RCSID("$Id: rsa.h,v 1.7 2000/04/13 02:26:37 damien Exp $"); */ +/* RCSID("$Id: rsa.h,v 1.8 2000/04/16 01:18:45 damien Exp $"); */ #ifndef RSA_H #define RSA_H @@ -1,13 +1,13 @@ /* - * + * * scp - secure remote copy. This is basically patched BSD rcp which uses ssh * to do the data transfer (instead of using rcmd). - * + * * NOTE: This version should NOT be suid root. (This uses ssh to do the transfer * and ssh has the necessary privileges.) - * + * * 1995 Timo Rinne <tri@iki.fi>, Tatu Ylonen <ylo@cs.hut.fi> - * + * */ /* @@ -45,7 +45,7 @@ */ #include "includes.h" -RCSID("$Id: scp.c,v 1.18 2000/03/17 12:40:16 damien Exp $"); +RCSID("$Id: scp.c,v 1.19 2000/04/16 01:18:45 damien Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -109,7 +109,7 @@ char *port = NULL; * assigns the input and output file descriptors on success. */ -int +int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) { int pin[2], pout[2], reserved[2]; @@ -194,7 +194,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) return 0; } -void +void fatal(const char *fmt,...) { va_list ap; @@ -257,10 +257,10 @@ main(argc, argv) switch (ch) { /* User-visible flags. */ case '4': - IPv4 = 1; + IPv4 = 1; break; case '6': - IPv6 = 1; + IPv6 = 1; break; case 'p': pflag = 1; @@ -1008,7 +1008,7 @@ run_err(const char *fmt,...) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: scp.c,v 1.18 2000/03/17 12:40:16 damien Exp $ + * $Id: scp.c,v 1.19 2000/04/16 01:18:45 damien Exp $ */ char * @@ -1,18 +1,18 @@ /* - * + * * servconf.c - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Aug 21 15:48:58 1995 ylo - * + * */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.11 2000/04/12 10:17:40 damien Exp $"); +RCSID("$Id: servconf.c,v 1.12 2000/04/16 01:18:45 damien Exp $"); #include "ssh.h" #include "servconf.h" @@ -24,7 +24,7 @@ void add_listen_addr(ServerOptions *options, char *addr); /* Initializes the server options to their default values. */ -void +void initialize_server_options(ServerOptions *options) { memset(options, 0, sizeof(*options)); @@ -73,7 +73,7 @@ initialize_server_options(ServerOptions *options) options->protocol = SSH_PROTO_UNKNOWN; } -void +void fill_default_server_options(ServerOptions *options) { if (options->num_ports == 0) @@ -226,7 +226,7 @@ static struct { * returns if the token is not known. */ -static ServerOpCodes +static ServerOpCodes parse_token(const char *cp, const char *filename, int linenum) { @@ -244,7 +244,7 @@ parse_token(const char *cp, const char *filename, /* * add listen address */ -void +void add_listen_addr(ServerOptions *options, char *addr) { extern int IPv4or6; @@ -274,7 +274,7 @@ add_listen_addr(ServerOptions *options, char *addr) /* Reads the server configuration file. */ -void +void read_server_config(ServerOptions *options, const char *filename) { FILE *f; @@ -310,7 +310,7 @@ read_server_config(ServerOptions *options, const char *filename) "ListenAdress.\n", filename, linenum); if (options->num_ports >= MAX_PORTS) fatal("%s line %d: too many ports.\n", - filename, linenum); + filename, linenum); cp = strtok(NULL, WHITESPACE); if (!cp) fatal("%s line %d: missing port number.\n", @@ -1,19 +1,19 @@ /* - * + * * servconf.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Aug 21 15:35:03 1995 ylo - * + * * Definitions for server configuration data and for the functions reading it. - * + * */ -/* RCSID("$Id: servconf.h,v 1.8 2000/04/12 10:17:40 damien Exp $"); */ +/* RCSID("$Id: servconf.h,v 1.9 2000/04/16 01:18:45 damien Exp $"); */ #ifndef SERVCONF_H #define SERVCONF_H diff --git a/serverloop.c b/serverloop.c index 0ea57faa..a7abbe40 100644 --- a/serverloop.c +++ b/serverloop.c @@ -59,7 +59,7 @@ static volatile int child_wait_status; /* Status from wait(). */ void server_init_dispatch(void); -void +void sigchld_handler(int sig) { int save_errno = errno; @@ -78,7 +78,7 @@ sigchld_handler(int sig) signal(SIGCHLD, sigchld_handler); errno = save_errno; } -void +void sigchld_handler2(int sig) { int save_errno = errno; @@ -92,7 +92,7 @@ sigchld_handler2(int sig) * Make packets from buffered stderr data, and buffer it for sending * to the client. */ -void +void make_packets_from_stderr_data() { int len; @@ -121,7 +121,7 @@ make_packets_from_stderr_data() * Make packets from buffered stdout data, and buffer it for sending to the * client. */ -void +void make_packets_from_stdout_data() { int len; @@ -152,7 +152,7 @@ make_packets_from_stdout_data() * have data or can accept data. Optionally, a maximum time can be specified * for the duration of the wait (0 = infinite). */ -void +void wait_until_can_do_something(fd_set * readset, fd_set * writeset, unsigned int max_time_milliseconds) { @@ -246,7 +246,7 @@ retry_select: * Processes input from the client and the program. Input data is stored * in buffers and processed later. */ -void +void process_input(fd_set * readset) { int len; @@ -299,7 +299,7 @@ process_input(fd_set * readset) /* * Sends data from internal buffers to client program stdin. */ -void +void process_output(fd_set * writeset) { int len; @@ -334,7 +334,7 @@ process_output(fd_set * writeset) * Wait until all buffered output has been sent to the client. * This is used when the program terminates. */ -void +void drain_output() { /* Send any buffered stdout data to the client. */ @@ -359,7 +359,7 @@ drain_output() packet_write_wait(); } -void +void process_buffered_input_packets() { dispatch_run(DISPATCH_NONBLOCK, NULL); @@ -372,7 +372,7 @@ process_buffered_input_packets() * stdin (of the child program), and reads from stdout and stderr (of the * child program). */ -void +void server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) { int wait_status, wait_pid; /* Status and pid returned by wait(). */ @@ -604,7 +604,7 @@ server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) /* NOTREACHED */ } -void +void server_loop2(void) { fd_set readset, writeset; @@ -697,16 +697,17 @@ int input_direct_tcpip(void) { int sock; - char *host, *originator; - int host_port, originator_port; + char *target, *originator; + int target_port, originator_port; - host = packet_get_string(NULL); - host_port = packet_get_int(); + target = packet_get_string(NULL); + target_port = packet_get_int(); originator = packet_get_string(NULL); originator_port = packet_get_int(); + packet_done(); /* XXX check permission */ - sock = channel_connect_to(host, host_port); - xfree(host); + sock = channel_connect_to(target, target_port); + xfree(target); xfree(originator); if (sock < 0) return -1; @@ -714,7 +715,7 @@ input_direct_tcpip(void) sock, sock, -1, 4*1024, 32*1024, 0, xstrdup("direct-tcpip")); } -void +void server_input_channel_open(int type, int plen) { Channel *c = NULL; @@ -735,6 +736,7 @@ server_input_channel_open(int type, int plen) if (strcmp(ctype, "session") == 0) { debug("open session"); + packet_done(); /* * A server session has no fd to read or write * until a CHANNEL_REQUEST for a shell is made, @@ -783,7 +785,7 @@ server_input_channel_open(int type, int plen) xfree(ctype); } -void +void server_init_dispatch_20() { debug("server_init_dispatch_20"); @@ -798,7 +800,7 @@ server_init_dispatch_20() dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request); dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); } -void +void server_init_dispatch_13() { debug("server_init_dispatch_13"); @@ -813,7 +815,7 @@ server_init_dispatch_13() dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); } -void +void server_init_dispatch_15() { server_init_dispatch_13(); @@ -821,7 +823,7 @@ server_init_dispatch_15() dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof); dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose); } -void +void server_init_dispatch() { if (compat20) @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.2 2000/04/06 08:55:22 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.4 2000/04/14 10:30:33 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -113,7 +113,7 @@ xauthfile_cleanup_proc(void *ignore) * Function to perform cleanup if we get aborted abnormally (e.g., due to a * dropped connection). */ -void +void pty_cleanup_proc(void *session) { Session *s=session; @@ -136,7 +136,7 @@ pty_cleanup_proc(void *session) * terminals are allocated, X11, TCP/IP, and authentication agent forwardings * are requested, etc. */ -void +void do_authenticated(struct passwd * pw) { Session *s; @@ -366,7 +366,7 @@ do_authenticated(struct passwd * pw) * will call do_child from the child, and server_loop from the parent after * setting up file descriptors and such. */ -void +void do_exec_no_pty(Session *s, const char *command, struct passwd * pw) { int pid; @@ -487,7 +487,7 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw) * setting up file descriptors, controlling tty, updating wtmp, utmp, * lastlog, and other such operations. */ -void +void do_exec_pty(Session *s, const char *command, struct passwd * pw) { FILE *f; @@ -660,7 +660,7 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) * Sets the value of the given variable in the environment. If the variable * already exists, its value is overriden. */ -void +void child_set_env(char ***envp, unsigned int *envsizep, const char *name, const char *value) { @@ -701,7 +701,7 @@ child_set_env(char ***envp, unsigned int *envsizep, const char *name, * Otherwise, it must consist of empty lines, comments (line starts with '#') * and assignments of the form name=value. No other forms are allowed. */ -void +void read_environment_file(char ***env, unsigned int *envsize, const char *filename) { @@ -770,7 +770,7 @@ void do_pam_environment(char ***env, int *envsize) * environment, closing extra file descriptors, setting the user and group * ids, and executing the command or shell. */ -void +void do_child(const char *command, struct passwd * pw, const char *term, const char *display, const char *auth_proto, const char *auth_data, const char *ttyname) @@ -1202,6 +1202,7 @@ session_window_change_req(Session *s) s->row = packet_get_int(); s->xpixel = packet_get_int(); s->ypixel = packet_get_int(); + packet_done(); pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); return 1; } @@ -1210,14 +1211,17 @@ int session_pty_req(Session *s) { unsigned int len; + char *term_modes; /* encoded terminal modes */ if (s->ttyfd != -1) - return -1; + return 0; s->term = packet_get_string(&len); s->col = packet_get_int(); s->row = packet_get_int(); s->xpixel = packet_get_int(); s->ypixel = packet_get_int(); + term_modes = packet_get_string(&len); + packet_done(); if (strcmp(s->term, "") == 0) { xfree(s->term); @@ -1230,7 +1234,8 @@ session_pty_req(Session *s) s->ptyfd = -1; s->ttyfd = -1; error("session_pty_req: session %d alloc failed", s->self); - return -1; + xfree(term_modes); + return 0; } debug("session_pty_req: session %d alloc %s", s->self, s->tty); /* diff --git a/ssh-agent.c b/ssh-agent.c index ecb44a22..66439461 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -9,7 +9,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -412,7 +412,7 @@ prepare_select(fd_set *readset, fd_set *writeset) } } -void +void after_select(fd_set *readset, fd_set *writeset) { unsigned int i; @@ -646,8 +646,8 @@ main(int ac, char **av) } signal(SIGINT, SIG_IGN); signal(SIGPIPE, SIG_IGN); - signal(SIGHUP, cleanup_exit); - signal(SIGTERM, cleanup_exit); + signal(SIGHUP, cleanup_exit); + signal(SIGTERM, cleanup_exit); while (1) { FD_ZERO(&readset); FD_ZERO(&writeset); diff --git a/ssh-keygen.c b/ssh-keygen.c index 81070d2e..f2484a4b 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: ssh-keygen.c,v 1.12 2000/03/17 12:40:17 damien Exp $"); +RCSID("$Id: ssh-keygen.c,v 1.13 2000/04/16 01:18:46 damien Exp $"); #include "rsa.h" #include "ssh.h" @@ -508,7 +508,7 @@ passphrase_again: if (identity_comment) { strlcpy(comment, identity_comment, sizeof(comment)); } else { - /* Create default commend field for the passphrase. */ + /* Create default commend field for the passphrase. */ if (gethostname(hostname, sizeof(hostname)) < 0) { perror("gethostname"); exit(1); @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: ssh.1,v 1.21 2000/04/13 02:26:37 damien Exp $ +.\" $Id: ssh.1,v 1.22 2000/04/16 01:18:46 damien Exp $ .\" .Dd September 25, 1999 .Dt SSH 1 @@ -24,7 +24,7 @@ .Op Ar command .Pp .Nm ssh -.Op Fl afgknqtvxCPX46 +.Op Fl afgknqtvxCPX246 .Op Fl c Ar blowfish | 3des .Op Fl e Ar escape_char .Op Fl i Ar identity_file @@ -455,6 +455,10 @@ from the local machine. Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. +.It Fl 2 +Forces +.Nm +to use protocol version 2 only. .It Fl 4 Forces .Nm @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.25 2000/04/12 10:17:40 damien Exp $"); +RCSID("$Id: ssh.c,v 1.26 2000/04/16 01:18:46 damien Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -138,6 +138,7 @@ usage() fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n"); fprintf(stderr, " -4 Use IPv4 only.\n"); fprintf(stderr, " -6 Use IPv6 only.\n"); + fprintf(stderr, " -2 Force protocol version 2.\n"); fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n"); exit(1); } @@ -251,8 +252,8 @@ main(int ac, char **av) if (host) break; if ((cp = strchr(av[optind], '@'))) { - if(cp == av[optind]) - usage(); + if(cp == av[optind]) + usage(); options.user = av[optind]; *cp = '\0'; host = ++cp; @@ -276,39 +277,34 @@ main(int ac, char **av) optarg = NULL; } switch (opt) { + case '2': + options.protocol = SSH_PROTO_2; + break; case '4': IPv4or6 = AF_INET; break; - case '6': IPv4or6 = AF_INET6; break; - case 'n': stdin_null_flag = 1; break; - case 'f': fork_after_authentication_flag = 1; stdin_null_flag = 1; break; - case 'x': options.forward_x11 = 0; break; - case 'X': options.forward_x11 = 1; break; - case 'g': options.gateway_ports = 1; break; - case 'P': options.use_privileged_port = 0; break; - case 'a': options.forward_agent = 0; break; @@ -330,11 +326,9 @@ main(int ac, char **av) options.identity_files[options.num_identity_files++] = xstrdup(optarg); break; - case 't': tty_flag = 1; break; - case 'v': case 'V': fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n", @@ -347,11 +341,9 @@ main(int ac, char **av) debug_flag = 1; options.log_level = SYSLOG_LEVEL_DEBUG; break; - case 'q': options.log_level = SYSLOG_LEVEL_QUIET; break; - case 'e': if (optarg[0] == '^' && optarg[2] == 0 && (unsigned char) optarg[1] >= 64 && (unsigned char) optarg[1] < 128) @@ -365,7 +357,6 @@ main(int ac, char **av) exit(1); } break; - case 'c': options.cipher = cipher_number(optarg); if (options.cipher == -1) { @@ -373,15 +364,12 @@ main(int ac, char **av) exit(1); } break; - case 'p': options.port = atoi(optarg); break; - case 'l': options.user = optarg; break; - case 'R': if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf, &fwd_host_port) != 3 && @@ -393,7 +381,6 @@ main(int ac, char **av) } add_remote_forward(&options, fwd_port, buf, fwd_host_port); break; - case 'L': if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf, &fwd_host_port) != 3 && @@ -405,27 +392,22 @@ main(int ac, char **av) } add_local_forward(&options, fwd_port, buf, fwd_host_port); break; - case 'C': options.compression = 1; break; - case 'N': no_shell_flag = 1; no_tty_flag = 1; break; - case 'T': no_tty_flag = 1; break; - case 'o': dummy = 1; if (process_config_line(&options, host ? host : "", optarg, "command-line", 0, &dummy) != 0) exit(1); break; - default: usage(); } @@ -634,7 +616,7 @@ main(int ac, char **av) /* Expand ~ in known host file names. */ options.system_hostfile = tilde_expand_filename(options.system_hostfile, - original_real_uid); + original_real_uid); options.user_hostfile = tilde_expand_filename(options.user_hostfile, original_real_uid); @@ -803,7 +785,7 @@ ssh_session(void) options.local_forwards[i].host, options.local_forwards[i].host_port); channel_request_local_forwarding(options.local_forwards[i].port, - options.local_forwards[i].host, + options.local_forwards[i].host, options.local_forwards[i].host_port, options.gateway_ports); } @@ -816,11 +798,11 @@ ssh_session(void) options.remote_forwards[i].host_port); channel_request_remote_forwarding(options.remote_forwards[i].port, options.remote_forwards[i].host, - options.remote_forwards[i].host_port); + options.remote_forwards[i].host_port); } /* If requested, let ssh continue in the background. */ - if (fork_after_authentication_flag) + if (fork_after_authentication_flag) if (daemon(1, 1) < 0) fatal("daemon() failed: %.200s", strerror(errno)); @@ -859,7 +841,7 @@ init_local_fwd(void) options.local_forwards[i].host, options.local_forwards[i].host_port); channel_request_local_forwarding(options.local_forwards[i].port, - options.local_forwards[i].host, + options.local_forwards[i].host, options.local_forwards[i].host_port, options.gateway_ports); } @@ -1,19 +1,19 @@ /* - * + * * ssh.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Fri Mar 17 17:09:37 1995 ylo - * + * * Generic header file for ssh. - * + * */ -/* RCSID("$Id: ssh.h,v 1.31 2000/04/12 10:17:41 damien Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.32 2000/04/16 01:18:47 damien Exp $"); */ #ifndef SSH_H #define SSH_H @@ -279,7 +279,7 @@ * information is not available. This must be called before record_login. * The host from which the user logged in is stored in buf. */ -unsigned long +unsigned long get_last_login_time(uid_t uid, const char *logname, char *buf, unsigned int bufsize); @@ -287,7 +287,7 @@ get_last_login_time(uid_t uid, const char *logname, * Records that the user has logged in. This does many things normally done * by login(1). */ -void +void record_login(int pid, const char *ttyname, const char *user, uid_t uid, const char *host, struct sockaddr *addr); @@ -308,7 +308,7 @@ void record_logout(int pid, const char *ttyname); * and zero on failure. If the connection is successful, this calls * packet_set_connection for the connection. */ -int +int ssh_connect(const char *host, struct sockaddr_storage * hostaddr, u_short port, int connection_attempts, int anonymous, uid_t original_real_uid, @@ -323,7 +323,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, * references from the packet module). */ -void +void ssh_login(int host_key_valid, RSA * host_key, const char *host, struct sockaddr * hostaddr, uid_t original_real_uid); @@ -340,7 +340,7 @@ int auth_rhosts(struct passwd * pw, const char *client_user); * Tries to authenticate the user using the .rhosts file and the host using * its host key. Returns true if authentication succeeds. */ -int +int auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); /* @@ -409,7 +409,7 @@ char *read_passphrase(const char *prompt, int from_stdin); * precede the key to provide identification of the key without needing a * passphrase. */ -int +int save_private_key(const char *filename, const char *passphrase, RSA * private_key, const char *comment); @@ -419,7 +419,7 @@ save_private_key(const char *filename, const char *passphrase, * comment of the key is returned in comment_return if it is non-NULL; the * caller must free the value with xfree. */ -int +int load_public_key(const char *filename, RSA * pub, char **comment_return); @@ -430,7 +430,7 @@ load_public_key(const char *filename, RSA * pub, * comment_return if it is non-NULL; the caller must free the value with * xfree. */ -int +int load_private_key(const char *filename, const char *passphrase, RSA * private_key, char **comment_return); @@ -1,31 +1,31 @@ /* - * draft-ietf-secsh-architecture-04.txt + * draft-ietf-secsh-architecture-04.txt * * Transport layer protocol: - * + * * 1-19 Transport layer generic (e.g. disconnect, ignore, debug, * etc) * 20-29 Algorithm negotiation * 30-49 Key exchange method specific (numbers can be reused for * different authentication methods) - * + * * User authentication protocol: - * + * * 50-59 User authentication generic * 60-79 User authentication method specific (numbers can be reused * for different authentication methods) - * + * * Connection protocol: - * + * * 80-89 Connection protocol generic * 90-127 Channel related messages - * + * * Reserved for client protocols: - * + * * 128-191 Reserved - * + * * Local extensions: - * + * * 192-255 Local extensions */ diff --git a/sshconnect.c b/sshconnect.c index 675de610..bca0bf43 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.66 2000/04/12 09:39:10 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $"); #ifdef HAVE_OPENSSL #include <openssl/bn.h> @@ -250,7 +250,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, debug("Trying again..."); /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ + sequence until the connection succeeds. */ for (ai = aitop; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; @@ -264,7 +264,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, host, ntop, strport); /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, + sock = ssh_create_socket(original_real_uid, !anonymous && geteuid() == 0 && port < IPPORT_RESERVED, ai->ai_family); if (sock < 0) @@ -1059,7 +1059,7 @@ ssh_exchange_identification() break; } /* FALLTHROUGH */ - default: + default: mismatch = 1; break; } @@ -1363,13 +1363,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) debug("Sending KEX init."); if (options.ciphers != NULL) { - myproposal[PROPOSAL_ENC_ALGS_CTOS] = + myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; } else if ( options.cipher == SSH_CIPHER_ARCFOUR || - options.cipher == SSH_CIPHER_3DES_CBC || - options.cipher == SSH_CIPHER_CAST128_CBC || - options.cipher == SSH_CIPHER_BLOWFISH_CBC) { + options.cipher == SSH_CIPHER_3DES_CBC || + options.cipher == SSH_CIPHER_CAST128_CBC || + options.cipher == SSH_CIPHER_BLOWFISH_CBC) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher); } @@ -1411,6 +1411,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) debug("first kex follow == %d", i); i = packet_get_int(); debug("reserved == %d", i); + packet_done(); debug("done read kexinit"); kex = kex_choose_conf(cprop, sprop, 0); @@ -1434,7 +1435,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) fprintf(stderr, "\npub= "); bignum_print(dh->pub_key); fprintf(stderr, "\n"); - DHparams_print_fp(stderr, dh); + DHparams_print_fp(stderr, dh); #endif debug("Wait SSH2_MSG_KEXDH_REPLY."); @@ -1466,6 +1467,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) /* signed H */ signature = packet_get_string(&slen); + packet_done(); if (!dh_pub_is_valid(dh, dh_server_pub)) packet_disconnect("bad server public DH value"); @@ -1475,14 +1477,14 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) kout = DH_compute_key(kbuf, dh_server_pub, dh); #ifdef DEBUG_KEXDH debug("shared secret: len %d/%d", klen, kout); - fprintf(stderr, "shared secret == "); - for (i = 0; i< kout; i++) - fprintf(stderr, "%02x", (kbuf[i])&0xff); - fprintf(stderr, "\n"); + fprintf(stderr, "shared secret == "); + for (i = 0; i< kout; i++) + fprintf(stderr, "%02x", (kbuf[i])&0xff); + fprintf(stderr, "\n"); #endif - shared_secret = BN_new(); + shared_secret = BN_new(); - BN_bin2bn(kbuf, kout, shared_secret); + BN_bin2bn(kbuf, kout, shared_secret); memset(kbuf, 0, klen); xfree(kbuf); @@ -1502,10 +1504,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) xfree(client_kexinit); xfree(server_kexinit); #ifdef DEBUG_KEXDH - fprintf(stderr, "hash == "); - for (i = 0; i< 20; i++) - fprintf(stderr, "%02x", (hash[i])&0xff); - fprintf(stderr, "\n"); + fprintf(stderr, "hash == "); + for (i = 0; i< 20; i++) + fprintf(stderr, "%02x", (hash[i])&0xff); + fprintf(stderr, "\n"); #endif dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20); key_free(server_host_key); @@ -1518,6 +1520,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) debug("Wait SSH2_MSG_NEWKEYS."); packet_read_expect(&payload_len, SSH2_MSG_NEWKEYS); + packet_done(); debug("GOT SSH2_MSG_NEWKEYS."); debug("send SSH2_MSG_NEWKEYS."); @@ -1551,7 +1554,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key, char *server_user, *local_user; char *auths; char *password; - char *service = "ssh-connection"; // service name + char *service = "ssh-connection"; /* service name */ debug("send SSH2_MSG_SERVICE_REQUEST"); packet_start(SSH2_MSG_SERVICE_REQUEST); @@ -1563,8 +1566,15 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key, if (type != SSH2_MSG_SERVICE_ACCEPT) { fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type); } - /* payload empty for ssh-2.0.13 ?? */ - /* reply = packet_get_string(&payload_len); */ + if (packet_remaining() > 0) { + char *reply = packet_get_string(&plen); + debug("service_accept: %s", reply); + xfree(reply); + } else { + /* payload empty for ssh-2.0.13 ?? */ + log("buggy server: service_accept w/o service"); + } + packet_done(); debug("got SSH2_MSG_SERVICE_ACCEPT"); /*XX COMMONCODE: */ @@ -1593,6 +1603,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key, auths = packet_get_string(&dlen); debug("authentications that can continue: %s", auths); partial = packet_get_char(); + packet_done(); if (partial) debug("partial success"); if (strstr(auths, "password") == NULL) @@ -1613,6 +1624,7 @@ ssh_userauth2(int host_key_valid, RSA *own_host_key, packet_send(); packet_write_wait(); } + packet_done(); debug("ssh-userauth2 successfull"); } @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.104 2000/04/12 09:39:10 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.105 2000/04/14 10:30:33 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -67,7 +67,7 @@ ServerOptions options; /* Name of the server configuration file. */ char *config_file_name = SERVER_CONFIG_FILE; -/* +/* * Flag indicating whether IPv4 or IPv6. This can be set on the command line. * Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -162,7 +162,7 @@ close_listen_socks(void) * the effect is to reread the configuration file (and to regenerate * the server key). */ -void +void sighup_handler(int sig) { received_sighup = 1; @@ -173,7 +173,7 @@ sighup_handler(int sig) * Called from the main program after receiving SIGHUP. * Restarts the server. */ -void +void sighup_restart() { log("Received SIGHUP; restarting."); @@ -188,7 +188,7 @@ sighup_restart() * These close the listen socket; not closing it seems to cause "Address * already in use" problems on some machines, which is inconvenient. */ -void +void sigterm_handler(int sig) { log("Received signal %d; terminating.", sig); @@ -200,7 +200,7 @@ sigterm_handler(int sig) * SIGCHLD handler. This is called whenever a child dies. This will then * reap any zombies left by exited c. */ -void +void main_sigchld_handler(int sig) { int save_errno = errno; @@ -216,7 +216,7 @@ main_sigchld_handler(int sig) /* * Signal handler for the alarm after the login grace period has expired. */ -void +void grace_alarm_handler(int sig) { /* Close the connection. */ @@ -233,7 +233,7 @@ grace_alarm_handler(int sig) * Thus there should be no concurrency control/asynchronous execution * problems. */ -void +void key_regeneration_alarm(int sig) { int save_errno = errno; @@ -266,15 +266,15 @@ key_regeneration_alarm(int sig) char * chop(char *s) { - char *t = s; - while (*t) { - if(*t == '\n' || *t == '\r') { - *t = '\0'; - return s; - } - t++; - } - return s; + char *t = s; + while (*t) { + if(*t == '\n' || *t == '\r') { + *t = '\0'; + return s; + } + t++; + } + return s; } @@ -337,7 +337,7 @@ sshd_exchange_identification(int sock_in, int sock_out) */ if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, remote_version) != 3) { - s = "Protocol mismatch.\n"; + s = "Protocol mismatch.\n"; (void) atomicio(write, sock_out, s, strlen(s)); close(sock_in); close(sock_out); @@ -377,7 +377,7 @@ sshd_exchange_identification(int sock_in, int sock_out) break; } /* FALLTHROUGH */ - default: + default: mismatch = 1; break; } @@ -719,8 +719,8 @@ main(int ac, char **av) for (i = 0; i < num_listen_socks; i++) if (listen_socks[i] > maxfd) maxfd = listen_socks[i]; - fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask); - fdset = (fd_set *)xmalloc(fdsetsz); + fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask); + fdset = (fd_set *)xmalloc(fdsetsz); /* * Stay listening for connections until the system crashes or @@ -1018,7 +1018,7 @@ do_ssh1_kex() /* Get cipher type and check whether we accept this. */ cipher_type = packet_get_char(); - if (!(cipher_mask() & (1 << cipher_type))) + if (!(cipher_mask() & (1 << cipher_type))) packet_disconnect("Warning: client selects unsupported cipher."); /* Get check bytes from the packet. These must match those we @@ -1145,7 +1145,7 @@ do_ssh2_kex() /* KEXINIT */ if (options.ciphers != NULL) { - myproposal[PROPOSAL_ENC_ALGS_CTOS] = + myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; } @@ -1258,10 +1258,10 @@ do_ssh2_kex() xfree(client_kexinit); xfree(server_kexinit); #ifdef DEBUG_KEXDH - fprintf(stderr, "hash == "); - for (i = 0; i< 20; i++) - fprintf(stderr, "%02x", (hash[i])&0xff); - fprintf(stderr, "\n"); + fprintf(stderr, "hash == "); + for (i = 0; i< 20; i++) + fprintf(stderr, "%02x", (hash[i])&0xff); + fprintf(stderr, "\n"); #endif /* sign H */ dsa_sign(server_host_key, &signature, &slen, hash, 20); @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$Id: ttymodes.c,v 1.3 1999/11/25 00:54:59 damien Exp $"); +RCSID("$Id: ttymodes.c,v 1.4 2000/04/16 01:18:49 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -23,7 +23,7 @@ RCSID("$Id: ttymodes.c,v 1.3 1999/11/25 00:54:59 damien Exp $"); * Converts POSIX speed_t to a baud rate. The values of the * constants for speed_t are not themselves portable. */ -static int +static int speed_to_baud(speed_t speed) { switch (speed) { @@ -112,7 +112,7 @@ speed_to_baud(speed_t speed) /* * Converts a numeric baud rate to a POSIX speed_t. */ -static speed_t +static speed_t baud_to_speed(int baud) { switch (baud) { @@ -203,7 +203,7 @@ baud_to_speed(int baud) * in a portable manner, and appends the modes to a packet * being constructed. */ -void +void tty_make_modes(int fd) { struct termios tio; @@ -247,7 +247,7 @@ tty_make_modes(int fd) * Decodes terminal modes for the terminal referenced by fd in a portable * manner from a packet being read. */ -void +void tty_parse_modes(int fd, int *n_bytes_ptr) { struct termios tio; @@ -1,18 +1,18 @@ /* - * + * * ttymodes.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> * SGTTY stuff contributed by Janne Snabb <snabb@niksula.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Tue Mar 21 15:42:09 1995 ylo - * + * */ -/* RCSID("$Id: ttymodes.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */ +/* RCSID("$Id: ttymodes.h,v 1.4 2000/04/16 01:18:49 damien Exp $"); */ /* The tty mode description is a stream of bytes. The stream consists of * opcode-arguments pairs. It is terminated by opcode TTY_OP_END (0). @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: uidswap.c,v 1.4 2000/01/20 13:18:16 damien Exp $"); +RCSID("$Id: uidswap.c,v 1.5 2000/04/16 01:18:49 damien Exp $"); #include "ssh.h" #include "uidswap.h" @@ -35,7 +35,7 @@ static uid_t saved_euid = 0; * Temporarily changes to the given uid. If the effective user * id is not root, this does nothing. This call cannot be nested. */ -void +void temporarily_use_uid(uid_t uid) { #ifdef SAVED_IDS_WORK_WITH_SETEUID @@ -59,7 +59,7 @@ temporarily_use_uid(uid_t uid) /* * Restores to the original uid. */ -void +void restore_uid() { #ifdef SAVED_IDS_WORK_WITH_SETEUID @@ -80,7 +80,7 @@ restore_uid() * Permanently sets all uids to the given uid. This cannot be * called while temporarily_use_uid is effective. */ -void +void permanently_set_uid(uid_t uid) { if (setuid(uid) < 0) @@ -1,15 +1,15 @@ /* - * + * * uidswap.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Sat Sep 9 01:43:15 1995 ylo * Last modified: Sat Sep 9 02:34:04 1995 ylo - * + * */ #ifndef UIDSWAP_H @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$Id: xmalloc.c,v 1.2 1999/11/24 13:26:23 damien Exp $"); +RCSID("$Id: xmalloc.c,v 1.3 2000/04/16 01:18:49 damien Exp $"); #include "ssh.h" @@ -34,7 +34,7 @@ xrealloc(void *ptr, size_t new_size) return new_ptr; } -void +void xfree(void *ptr) { if (ptr == NULL) @@ -1,20 +1,20 @@ /* - * + * * xmalloc.h - * + * * Author: Tatu Ylonen <ylo@cs.hut.fi> - * + * * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved - * + * * Created: Mon Mar 20 22:09:17 1995 ylo - * + * * Versions of malloc and friends that check their results, and never return * failure (they call fatal if they encounter an error). - * + * */ -/* RCSID("$Id: xmalloc.h,v 1.2 1999/11/24 13:26:23 damien Exp $"); */ +/* RCSID("$Id: xmalloc.h,v 1.3 2000/04/16 01:18:49 damien Exp $"); */ #ifndef XMALLOC_H #define XMALLOC_H |