summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog63
-rw-r--r--Makefile.in2
-rw-r--r--acconfig.h2
-rw-r--r--atomicio.c4
-rw-r--r--atomicio.h29
-rw-r--r--auth-chall.c3
-rw-r--r--auth-krb4.c12
-rw-r--r--auth-options.c29
-rw-r--r--auth-options.h19
-rw-r--r--auth-pam.c5
-rw-r--r--auth-passwd.c7
-rw-r--r--auth-rh-rsa.c17
-rw-r--r--auth-rhosts.c14
-rw-r--r--auth-rsa.c30
-rw-r--r--auth.c13
-rw-r--r--auth.h66
-rw-r--r--auth1.c12
-rw-r--r--auth2-chall.c4
-rw-r--r--auth2-pam.c7
-rw-r--r--auth2.c20
-rw-r--r--authfd.c12
-rw-r--r--authfile.c11
-rw-r--r--bufaux.c4
-rw-r--r--bufaux.h3
-rw-r--r--buffer.c4
-rw-r--r--canohost.c4
-rw-r--r--canohost.h36
-rw-r--r--channels.c21
-rw-r--r--cipher.c5
-rw-r--r--cli.c4
-rw-r--r--clientloop.c18
-rw-r--r--clientloop.h15
-rw-r--r--compat.c9
-rw-r--r--compress.c4
-rw-r--r--configure.in2
-rw-r--r--deattack.c4
-rw-r--r--dh.c17
-rw-r--r--dispatch.c6
-rw-r--r--entropy.c10
-rw-r--r--groupaccess.c2
-rw-r--r--hmac.c4
-rw-r--r--hostfile.c6
-rw-r--r--kex.c21
-rw-r--r--key.c10
-rw-r--r--key.h3
-rw-r--r--log-client.c4
-rw-r--r--log-server.c4
-rw-r--r--log.c4
-rw-r--r--log.h76
-rw-r--r--login.c2
-rw-r--r--login.h38
-rw-r--r--loginrec.c4
-rw-r--r--match.c4
-rw-r--r--misc.c (renamed from util.c)1
-rw-r--r--misc.h19
-rw-r--r--nchan.c9
-rw-r--r--packet.c6
-rw-r--r--pathnames.h136
-rw-r--r--pty.c4
-rw-r--r--radix.h26
-rw-r--r--readconf.c31
-rw-r--r--readpass.c3
-rw-r--r--readpass.h18
-rw-r--r--rsa.c4
-rw-r--r--scp.c12
-rw-r--r--servconf.c27
-rw-r--r--serverloop.c8
-rw-r--r--serverloop.h20
-rw-r--r--session.c31
-rw-r--r--sftp-server.c4
-rw-r--r--ssh-add.c19
-rw-r--r--ssh-agent.c101
-rw-r--r--ssh-dss.c22
-rw-r--r--ssh-keygen.16
-rw-r--r--ssh-keygen.c18
-rw-r--r--ssh-keyscan.c6
-rw-r--r--ssh-rsa.c13
-rw-r--r--ssh.c28
-rw-r--r--ssh.h467
-rw-r--r--ssh1.h84
-rw-r--r--sshconnect.c14
-rw-r--r--sshconnect.h28
-rw-r--r--sshconnect1.c19
-rw-r--r--sshconnect2.c14
-rw-r--r--sshd.84
-rw-r--r--sshd.c32
-rw-r--r--tildexpand.c4
-rw-r--r--tildexpand.h17
-rw-r--r--ttymodes.c5
-rw-r--r--uidswap.c4
-rw-r--r--xmalloc.c5
91 files changed, 1161 insertions, 837 deletions
diff --git a/ChangeLog b/ChangeLog
index df472f843..064d7fb5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,66 @@
+20010122
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
+ [servconf.c ssh.h sshd.c]
+ only auth-chall.c needs #ifdef SKEY
+ - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
+ [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
+ packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
+ session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
+ ssh1.h sshconnect1.c sshd.c ttymodes.c]
+ move ssh1 definitions to ssh1.h, pathnames to pathnames.h
+ - markus@cvs.openbsd.org 2001/01/19 16:48:14
+ [sshd.8]
+ fix typo; from stevesk@
+ - markus@cvs.openbsd.org 2001/01/19 16:50:58
+ [ssh-dss.c]
+ clear and free digest, make consistent with other code (use dlen); from
+ stevesk@
+ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
+ [auth-options.c auth-options.h auth-rsa.c auth2.c]
+ pass the filename to auth_parse_options()
+ - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
+ [readconf.c]
+ fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
+ - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
+ [sshconnect2.c]
+ dh_new_group() does not return NULL. ok markus@
+ - markus@cvs.openbsd.org 2001/01/20 21:33:42
+ [ssh-add.c]
+ do not loop forever if askpass does not exist; from
+ andrew@pimlott.ne.mediaone.net
+ - djm@cvs.openbsd.org 2001/01/20 23:00:56
+ [servconf.c]
+ Check for NULL return from strdelim; ok markus
+ - djm@cvs.openbsd.org 2001/01/20 23:02:07
+ [readconf.c]
+ KNF; ok markus
+ - jakob@cvs.openbsd.org 2001/01/21 9:00:33
+ [ssh-keygen.1]
+ remove -R flag; ok markus@
+ - markus@cvs.openbsd.org 2001/01/21 19:05:40
+ [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
+ auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
+ bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
+ cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
+ deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
+ key.c key.h log-client.c log-server.c log.c log.h login.c login.h
+ match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
+ readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
+ session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
+ ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
+ sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
+ ttysmodes.c uidswap.c xmalloc.c]
+ split ssh.h and try to cleanup the #include mess. remove unnecessary
+ #includes. rename util.[ch] -> misc.[ch]
+ - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
+ - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
+ conflict when compiling for non-kerb install
+ - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
+ on 1/19.
+
20010120
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26
diff --git a/Makefile.in b/Makefile.in
index 57449dcd9..25ff41bdb 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -37,7 +37,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER)
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
diff --git a/acconfig.h b/acconfig.h
index 936a7ca5e..f0242eec4 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -268,7 +268,7 @@
#undef USER_PATH
/* Specify location of ssh.pid */
-#undef PIDDIR
+#undef _PATH_SSH_PIDDIR
/* Use IPv4 for connection by default, IPv6 can still if explicity asked */
#undef IPV4_DEFAULT
diff --git a/atomicio.c b/atomicio.c
index 29ff16c44..7985fb80d 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -24,10 +24,10 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $");
+RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
+#include "atomicio.h"
/*
* ensure all of data on socket comes through. f==read || f==write
diff --git a/atomicio.h b/atomicio.h
new file mode 100644
index 000000000..15fc025c3
--- /dev/null
+++ b/atomicio.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 1995,1999 Theo de Raadt
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Ensure all of data on socket comes through. f==read || f==write
+ */
+ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
diff --git a/auth-chall.c b/auth-chall.c
index e99ddb39f..b8b0c5d1e 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -23,9 +23,8 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $");
+RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $");
-#include "ssh.h"
#include "auth.h"
#ifdef SKEY
diff --git a/auth-krb4.c b/auth-krb4.c
index 80e8f4292..d68806f95 100644
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -23,14 +23,18 @@
*/
#include "includes.h"
+RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $");
+
+#ifdef KRB4
+#include "ssh.h"
+#include "ssh1.h"
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
#include "servconf.h"
+#include "auth.h"
+#include "radix.h"
-RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $");
-
-#ifdef KRB4
char *ticket = NULL;
extern ServerOptions options;
diff --git a/auth-options.c b/auth-options.c
index ef61d8df8..5457d9b14 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,12 +10,14 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $");
-#include "ssh.h"
#include "packet.h"
#include "xmalloc.h"
#include "match.h"
+#include "log.h"
+#include "canohost.h"
+#include "auth-options.h"
/* Flags set authorized_keys flags */
int no_port_forwarding_flag = 0;
@@ -48,9 +50,12 @@ auth_clear_options(void)
}
}
-/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
+/*
+ * return 1 if access is granted, 0 if not.
+ * side effect: sets key option flags
+ */
int
-auth_parse_options(struct passwd *pw, char *options, u_long linenum)
+auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum)
{
const char *cp;
if (!options)
@@ -106,9 +111,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
forced_command[i] = 0;
@@ -136,9 +141,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
s[i] = 0;
@@ -170,9 +175,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
patterns[i] = 0;
@@ -219,9 +224,9 @@ next_option:
bad_option:
log("Bad options in %.100s file, line %lu: %.50s",
- SSH_USER_PERMITTED_KEYS, linenum, options);
+ file, linenum, options);
packet_send_debug("Bad options in %.100s file, line %lu: %.50s",
- SSH_USER_PERMITTED_KEYS, linenum, options);
+ file, linenum, options);
/* deny access */
return 0;
}
diff --git a/auth-options.h b/auth-options.h
index 76d420d23..8ee269491 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -11,10 +11,17 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* $OpenBSD: auth-options.h,v 1.6 2000/12/19 23:17:55 markus Exp $ */
+/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */
#ifndef AUTH_OPTIONS_H
#define AUTH_OPTIONS_H
+
+/* Linked list of custom environment strings */
+struct envstring {
+ struct envstring *next;
+ char *s;
+};
+
/* Flags that may be set in authorized_keys options. */
extern int no_port_forwarding_flag;
extern int no_agent_forwarding_flag;
@@ -23,8 +30,14 @@ extern int no_pty_flag;
extern char *forced_command;
extern struct envstring *custom_environment;
-/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
-int auth_parse_options(struct passwd *pw, char *options, u_long linenum);
+/*
+ * return 1 if access is granted, 0 if not.
+ * side effect: sets key option flags
+ */
+int
+auth_parse_options(struct passwd *pw, char *options, char *file,
+ u_long linenum);
+
/* reset options flags */
void auth_clear_options(void);
diff --git a/auth-pam.c b/auth-pam.c
index befb84c08..3d550b4dd 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -27,9 +27,12 @@
#ifdef USE_PAM
#include "ssh.h"
#include "xmalloc.h"
+#include "log.h"
#include "servconf.h"
+#include "canohost.h"
+#include "readpass.h"
-RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.22 2001/01/22 05:34:40 mouring Exp $");
#define NEW_AUTHTOK_MSG \
"Warning: Your password has expired, please change it now"
diff --git a/auth-passwd.c b/auth-passwd.c
index 8295ea177..541aca607 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,15 +36,14 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $");
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
#include "packet.h"
-#include "ssh.h"
-#include "servconf.h"
#include "xmalloc.h"
-
+#include "log.h"
+#include "servconf.h"
#include "auth.h"
#ifdef WITH_AIXAUTHENTICATE
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 48c075e66..87d51549d 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,18 +13,19 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $");
#include "packet.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "log.h"
#include "servconf.h"
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include "key.h"
#include "hostfile.h"
+#include "pathnames.h"
+#include "auth.h"
+#include "tildexpand.h"
+#include "canohost.h"
/*
* Tries to authenticate the user using the .rhosts file and the host using
@@ -59,15 +60,15 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
found = key_new(KEY_RSA1);
/* Check if we know the host and its host key. */
- host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
+ host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
client_key, found, NULL);
/* Check user host file unless ignored. */
if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
struct stat st;
- char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
+ char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
/*
- * Check file permissions of SSH_USER_HOSTFILE, auth_rsa()
+ * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
* did already check pw->pw_dir, but there is a race XXX
*/
if (options.strict_modes &&
diff --git a/auth-rhosts.c b/auth-rhosts.c
index fb7dabe7a..4f9ea886d 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,13 +14,15 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $");
#include "packet.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "pathnames.h"
+#include "log.h"
#include "servconf.h"
+#include "canohost.h"
/*
* This function processes an rhosts-style file (.rhosts, .shosts, or
@@ -177,8 +179,8 @@ auth_rhosts(struct passwd *pw, const char *client_user)
/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
if (!rhosts_files[rhosts_file_index] &&
- stat("/etc/hosts.equiv", &st) < 0 &&
- stat(SSH_HOSTS_EQUIV, &st) < 0)
+ stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
+ stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
return 0;
hostname = get_canonical_hostname();
@@ -192,10 +194,10 @@ auth_rhosts(struct passwd *pw, const char *client_user)
hostname, ipaddr);
return 1;
}
- if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
+ if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
pw->pw_name)) {
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
- hostname, ipaddr, SSH_HOSTS_EQUIV);
+ hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
return 1;
}
}
diff --git a/auth-rsa.c b/auth-rsa.c
index 3daf4d13c..ee71655f3 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,21 +14,23 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.34 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.38 2001/01/21 19:05:42 markus Exp $");
+
+#include <openssl/rsa.h>
+#include <openssl/md5.h>
#include "rsa.h"
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "ssh1.h"
#include "mpaux.h"
#include "uidswap.h"
#include "match.h"
-#include "servconf.h"
#include "auth-options.h"
-
-#include <openssl/rsa.h>
-#include <openssl/md5.h>
-
+#include "pathnames.h"
+#include "log.h"
+#include "servconf.h"
+#include "auth.h"
/* import */
extern ServerOptions options;
@@ -120,7 +122,7 @@ auth_rsa_challenge_dialog(RSA *pk)
int
auth_rsa(struct passwd *pw, BIGNUM *client_n)
{
- char line[8192], file[1024];
+ char line[8192], file[MAXPATHLEN];
int authenticated;
u_int bits;
FILE *f;
@@ -137,7 +139,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
/* The authorized keys. */
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
- SSH_USER_PERMITTED_KEYS);
+ _PATH_SSH_USER_PERMITTED_KEYS);
/* Fail quietly if file does not exist */
if (stat(file, &st) < 0) {
@@ -165,10 +167,10 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
"bad ownership or modes for '%s'.", pw->pw_name, file);
fail = 1;
} else {
- /* Check path to SSH_USER_PERMITTED_KEYS */
+ /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
int i;
static const char *check[] = {
- "", SSH_USER_DIR, NULL
+ "", _PATH_SSH_USER_DIR, NULL
};
for (i = 0; check[i]; i++) {
snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);
@@ -235,9 +237,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
/* Parse the key from the line. */
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
debug("%.100s, line %lu: bad key syntax",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: bad key syntax",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
/* cp now points to the comment part. */
@@ -257,7 +259,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
* If our options do not allow this key to be used,
* do not send challenge.
*/
- if (!auth_parse_options(pw, options, linenum))
+ if (!auth_parse_options(pw, options, file, linenum))
continue;
/* Perform the challenge-response dialog for this key. */
diff --git a/auth.c b/auth.c
index 814506d7c..187216d27 100644
--- a/auth.c
+++ b/auth.c
@@ -23,13 +23,8 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.14 2001/01/21 19:05:43 markus Exp $");
-#include "xmalloc.h"
-#include "ssh.h"
-#include "match.h"
-#include "servconf.h"
-#include "groupaccess.h"
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
@@ -37,8 +32,14 @@ RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
#include <shadow.h>
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#include "xmalloc.h"
+#include "match.h"
+#include "groupaccess.h"
+#include "log.h"
+#include "servconf.h"
#include "auth.h"
#include "auth-options.h"
+#include "canohost.h"
/* import */
extern ServerOptions options;
diff --git a/auth.h b/auth.h
index bf4787b68..b604e6304 100644
--- a/auth.h
+++ b/auth.h
@@ -21,11 +21,13 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $OpenBSD: auth.h,v 1.9 2001/01/18 16:59:59 markus Exp $
+ * $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $
*/
#ifndef AUTH_H
#define AUTH_H
+#include <openssl/rsa.h>
+
typedef struct Authctxt Authctxt;
struct Authctxt {
int success;
@@ -39,6 +41,68 @@ struct Authctxt {
char *style;
};
+/*
+ * Tries to authenticate the user using the .rhosts file. Returns true if
+ * authentication succeeds. If ignore_rhosts is non-zero, this will not
+ * consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
+ */
+int auth_rhosts(struct passwd * pw, const char *client_user);
+
+/*
+ * Tries to authenticate the user using the .rhosts file and the host using
+ * its host key. Returns true if authentication succeeds.
+ */
+int
+auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
+
+/*
+ * Tries to authenticate the user using password. Returns true if
+ * authentication succeeds.
+ */
+int auth_password(struct passwd * pw, const char *password);
+
+/*
+ * Performs the RSA authentication dialog with the client. This returns 0 if
+ * the client could not be authenticated, and 1 if authentication was
+ * successful. This may exit if there is a serious protocol violation.
+ */
+int auth_rsa(struct passwd * pw, BIGNUM * client_n);
+
+/*
+ * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
+ * over the key. Skips any whitespace at the beginning and at end.
+ */
+int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
+
+/*
+ * Performs the RSA authentication challenge-response dialog with the client,
+ * and returns true (non-zero) if the client gave the correct answer to our
+ * challenge; returns zero if the client gives a wrong answer.
+ */
+int auth_rsa_challenge_dialog(RSA *pk);
+
+#ifdef KRB4
+#include <krb.h>
+/*
+ * Performs Kerberos v4 mutual authentication with the client. This returns 0
+ * if the client could not be authenticated, and 1 if authentication was
+ * successful. This may exit if there is a serious protocol violation.
+ */
+int auth_krb4(const char *server_user, KTEXT auth, char **client);
+int krb4_init(uid_t uid);
+void krb4_cleanup_proc(void *ignore);
+int auth_krb4_password(struct passwd * pw, const char *password);
+
+#ifdef AFS
+#include <kafs.h>
+
+/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
+int auth_kerberos_tgt(struct passwd * pw, const char *string);
+int auth_afs_token(struct passwd * pw, const char *token_string);
+#endif /* AFS */
+
+#endif /* KRB4 */
+
#include "auth-pam.h"
#include "auth2-pam.h"
diff --git a/auth1.c b/auth1.c
index b480fdbec..50037fd83 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
@@ -19,10 +19,11 @@ RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
+#include "ssh1.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
+#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "auth.h"
@@ -278,11 +279,6 @@ do_authloop(Authctxt *authctxt)
xfree(password);
break;
-#ifdef SKEY /* ISSUE: Is this right? we don't define
- having skey_authentication in
- servconf.h by default so I assume
- we need to deal with this via #ifdef
- in some reasonable way */
case SSH_CMSG_AUTH_TIS:
debug("rcvd SSH_CMSG_AUTH_TIS");
if (options.skey_authentication == 1) {
@@ -297,6 +293,7 @@ do_authloop(Authctxt *authctxt)
}
}
break;
+
case SSH_CMSG_AUTH_TIS_RESPONSE:
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
if (options.skey_authentication == 1) {
@@ -308,7 +305,6 @@ do_authloop(Authctxt *authctxt)
xfree(response);
}
break;
-#endif /* ISSUE: End of wrong SKEY defines */
default:
/*
diff --git a/auth2-chall.c b/auth2-chall.c
index 77294f4b8..39dc285b9 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -22,14 +22,14 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.1 2001/01/18 17:12:43 markus Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.2 2001/01/21 19:05:43 markus Exp $");
-#include "ssh.h"
#include "ssh2.h"
#include "auth.h"
#include "packet.h"
#include "xmalloc.h"
#include "dispatch.h"
+#include "log.h"
void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo);
void input_userauth_info_response(int type, int plen, void *ctxt);
diff --git a/auth2-pam.c b/auth2-pam.c
index adb36163e..c54ad31a2 100644
--- a/auth2-pam.c
+++ b/auth2-pam.c
@@ -1,14 +1,16 @@
#include "includes.h"
-RCSID("$Id: auth2-pam.c,v 1.5 2001/01/19 05:37:32 mouring Exp $");
+RCSID("$Id: auth2-pam.c,v 1.6 2001/01/22 05:34:40 mouring Exp $");
#ifdef USE_PAM
+#include <security/pam_appl.h>
+
#include "ssh.h"
#include "ssh2.h"
#include "auth.h"
#include "packet.h"
#include "xmalloc.h"
#include "dispatch.h"
-#include <security/pam_appl.h>
+#include "log.h"
struct {
int finished, num_received, num_expected;
@@ -31,7 +33,6 @@ int
auth2_pam(Authctxt *authctxt)
{
int retval = -1;
- char *method = "PAM";
if (authctxt->user == NULL)
fatal("auth2_pam: internal error: no user");
diff --git a/auth2.c b/auth2.c
index bab1c2ed8..0d2214c72 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,34 +23,34 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.28 2001/01/18 17:00:00 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
# include <siad.h>
#endif
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/evp.h>
+#include "ssh2.h"
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
#include "pty.h"
#include "packet.h"
#include "buffer.h"
+#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "channels.h"
#include "bufaux.h"
-#include "ssh2.h"
#include "auth.h"
#include "session.h"
#include "dispatch.h"
#include "auth.h"
+#include "cipher.h"
#include "key.h"
#include "kex.h"
+#include "pathnames.h"
#include "uidswap.h"
#include "auth-options.h"
@@ -583,7 +583,7 @@ authmethod_lookup(const char *name)
int
user_key_allowed(struct passwd *pw, Key *key)
{
- char line[8192], file[1024];
+ char line[8192], file[MAXPATHLEN];
int found_key = 0;
FILE *f;
u_long linenum = 0;
@@ -598,7 +598,7 @@ user_key_allowed(struct passwd *pw, Key *key)
/* The authorized keys. */
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
- SSH_USER_PERMITTED_KEYS2);
+ _PATH_SSH_USER_PERMITTED_KEYS2);
/* Fail quietly if file does not exist */
if (stat(file, &st) < 0) {
@@ -626,10 +626,10 @@ user_key_allowed(struct passwd *pw, Key *key)
key_type(key), pw->pw_name, file);
fail = 1;
} else {
- /* Check path to SSH_USER_PERMITTED_KEYS */
+ /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
int i;
static const char *check[] = {
- "", SSH_USER_DIR, NULL
+ "", _PATH_SSH_USER_DIR, NULL
};
for (i = 0; check[i]; i++) {
snprintf(line, sizeof line, "%.500s/%.100s",
@@ -686,7 +686,7 @@ user_key_allowed(struct passwd *pw, Key *key)
}
}
if (key_equal(found, key) &&
- auth_parse_options(pw, options, linenum) == 1) {
+ auth_parse_options(pw, options, file, linenum) == 1) {
found_key = 1;
debug("matching key found: file %s, line %ld",
file, linenum);
diff --git a/authfd.c b/authfd.c
index e2456e39e..17f5d139a 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.33 2001/01/21 19:05:44 markus Exp $");
+
+#include <openssl/evp.h>
#include "ssh.h"
#include "rsa.h"
@@ -43,14 +45,14 @@ RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $");
#include "bufaux.h"
#include "xmalloc.h"
#include "getput.h"
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
#include "key.h"
#include "authfd.h"
+#include "cipher.h"
#include "kex.h"
#include "compat.h"
+#include "log.h"
+#include "atomicio.h"
+#include "authfd.h"
/* helper */
int decode_reply(int type);
diff --git a/authfile.c b/authfile.c
index 422d080b2..c79b2d021 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,20 +36,19 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.24 2000/12/20 19:26:56 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.25 2001/01/21 19:05:44 markus Exp $");
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/err.h>
-#include <openssl/pem.h>
#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include "cipher.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
-#include "ssh.h"
#include "key.h"
+#include "ssh.h"
+#include "log.h"
/* Version identification string for identity files. */
#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
diff --git a/bufaux.c b/bufaux.c
index 2d20ad6db..8970ba137 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,13 +37,13 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.17 2001/01/21 19:05:45 markus Exp $");
-#include "ssh.h"
#include <openssl/bn.h>
#include "bufaux.h"
#include "xmalloc.h"
#include "getput.h"
+#include "log.h"
/*
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
diff --git a/bufaux.h b/bufaux.h
index ec4300227..8902ec2a8 100644
--- a/bufaux.h
+++ b/bufaux.h
@@ -10,12 +10,13 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: bufaux.h,v 1.10 2001/01/10 22:56:22 markus Exp $"); */
+/* RCSID("$OpenBSD: bufaux.h,v 1.11 2001/01/21 19:05:45 markus Exp $"); */
#ifndef BUFAUX_H
#define BUFAUX_H
#include "buffer.h"
+#include <openssl/bn.h>
/*
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
diff --git a/buffer.c b/buffer.c
index 668c17383..0a8a4aa35 100644
--- a/buffer.c
+++ b/buffer.c
@@ -12,11 +12,11 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.9 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.10 2001/01/21 19:05:45 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
-#include "ssh.h"
+#include "log.h"
/* Initializes the buffer structure. */
diff --git a/canohost.c b/canohost.c
index 506446d05..9fa33c260 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,11 +12,11 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.18 2001/01/21 19:05:45 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
/*
* Return the canonical name of the host at the other end of the socket. The
diff --git a/canohost.h b/canohost.h
new file mode 100644
index 000000000..572adb037
--- /dev/null
+++ b/canohost.h
@@ -0,0 +1,36 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+/*
+ * Returns the name of the machine at the other end of the socket. The
+ * returned string should be freed by the caller.
+ */
+char *get_remote_hostname(int socket);
+
+/*
+ * Return the canonical name of the host in the other side of the current
+ * connection (as returned by packet_get_connection). The host name is
+ * cached, so it is efficient to call this several times.
+ */
+const char *get_canonical_hostname(void);
+
+/*
+ * Returns the remote IP address as an ascii string. The value need not be
+ * freed by the caller.
+ */
+const char *get_remote_ipaddr(void);
+
+/* Returns the port number of the peer of the socket. */
+int get_peer_port(int sock);
+
+/* Returns the port number of the remote/local host. */
+int get_remote_port(void);
+int get_local_port(void);
diff --git a/channels.c b/channels.c
index 254f5df2f..a7da538ee 100644
--- a/channels.c
+++ b/channels.c
@@ -40,24 +40,24 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.80 2001/01/08 22:03:23 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.82 2001/01/21 19:05:46 markus Exp $");
+
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
#include "packet.h"
#include "xmalloc.h"
#include "buffer.h"
#include "uidswap.h"
-#include "readconf.h"
-#include "servconf.h"
-
+#include "log.h"
+#include "misc.h"
#include "channels.h"
#include "nchan.h"
#include "compat.h"
-
-#include "ssh2.h"
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
+#include "canohost.h"
#include "key.h"
#include "authfd.h"
@@ -130,6 +130,9 @@ static int all_opens_permitted = 0;
/* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */
static int have_hostname_in_open = 0;
+/* AF_UNSPEC or AF_INET or AF_INET6 */
+extern int IPv4or6;
+
/* Sets specific protocol options. */
void
diff --git a/cipher.c b/cipher.c
index 89e3c279f..c867216cc 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,10 +35,11 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.41 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.42 2001/01/21 19:05:46 markus Exp $");
-#include "ssh.h"
#include "xmalloc.h"
+#include "log.h"
+#include "cipher.h"
#include <openssl/md5.h>
diff --git a/cli.c b/cli.c
index 931107f28..f86adac4e 100644
--- a/cli.c
+++ b/cli.c
@@ -1,8 +1,8 @@
#include "includes.h"
-RCSID("$OpenBSD: cli.c,v 1.5 2001/01/08 08:50:29 markus Exp $");
+RCSID("$OpenBSD: cli.c,v 1.6 2001/01/21 19:05:47 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
static int cli_input = -1;
static int cli_output = -1;
diff --git a/clientloop.c b/clientloop.c
index 9079bcda8..aade8606b 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,27 +59,25 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.45 2001/01/21 19:05:47 markus Exp $");
-#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
+#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
-#include "readconf.h"
-
-#include "ssh2.h"
#include "compat.h"
#include "channels.h"
#include "dispatch.h"
-
#include "buffer.h"
#include "bufaux.h"
-
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include "key.h"
-#include "authfd.h"
+#include "log.h"
+#include "readconf.h"
#include "clientloop.h"
+#include "authfd.h"
+#include "atomicio.h"
/* import options */
extern Options options;
diff --git a/clientloop.h b/clientloop.h
index 3ad72aa55..58a1a7afb 100644
--- a/clientloop.h
+++ b/clientloop.h
@@ -1,4 +1,15 @@
/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -21,4 +32,8 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+
void clientloop_set_session_ident(int id);
+
+/* Client side main loop for the interactive session. */
+int client_loop(int have_pty, int escape_char, int id);
diff --git a/compat.c b/compat.c
index 6e0ed65af..a7a98f8fe 100644
--- a/compat.c
+++ b/compat.c
@@ -25,10 +25,6 @@
#include "includes.h"
RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
-#include "ssh.h"
-#include "packet.h"
-#include "xmalloc.h"
-#include "compat.h"
#ifdef HAVE_LIBPCRE
# include <pcreposix.h>
#else /* Use native regex libraries */
@@ -43,6 +39,11 @@ RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
# endif
#endif /* HAVE_LIBPCRE */
+#include "packet.h"
+#include "xmalloc.h"
+#include "compat.h"
+#include "log.h"
+
int compat13 = 0;
int compat20 = 0;
int datafellows = 0;
diff --git a/compress.c b/compress.c
index 2437606b7..1871bc8cc 100644
--- a/compress.c
+++ b/compress.c
@@ -12,9 +12,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: compress.c,v 1.11 2000/12/20 19:37:21 markus Exp $");
+RCSID("$OpenBSD: compress.c,v 1.12 2001/01/21 19:05:48 markus Exp $");
-#include "ssh.h"
+#include "log.h"
#include "buffer.h"
#include "zlib.h"
diff --git a/configure.in b/configure.in
index 23d5a0944..7007c9164 100644
--- a/configure.in
+++ b/configure.in
@@ -1382,7 +1382,7 @@ if test ! -d $piddir ; then
esac
fi
-AC_DEFINE_UNQUOTED(PIDDIR, "$piddir")
+AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
AC_SUBST(piddir)
dnl allow user to disable some login recording features
diff --git a/deattack.c b/deattack.c
index c3c3f08d2..9b9babace 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: deattack.c,v 1.11 2000/12/19 23:17:56 markus Exp $ */
+/* $OpenBSD: deattack.c,v 1.12 2001/01/21 19:05:48 markus Exp $ */
/*
* Cryptographic attack detector for ssh - source code
@@ -21,7 +21,7 @@
#include "includes.h"
#include "deattack.h"
-#include "ssh.h"
+#include "log.h"
#include "crc32.h"
#include "getput.h"
#include "xmalloc.h"
diff --git a/dh.c b/dh.c
index 87a478450..f1f7e5d43 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
#include "xmalloc.h"
@@ -31,10 +31,13 @@ RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
#include <openssl/dh.h>
#include <openssl/evp.h>
-#include "ssh.h"
#include "buffer.h"
+#include "cipher.h"
#include "kex.h"
#include "dh.h"
+#include "pathnames.h"
+#include "log.h"
+#include "misc.h"
int
parse_prime(int linenum, char *line, struct dhgroup *dhg)
@@ -100,9 +103,9 @@ choose_dh(int minbits)
int linenum;
struct dhgroup dhg;
- f = fopen(DH_PRIMES, "r");
+ f = fopen(_PATH_DH_PRIMES, "r");
if (!f) {
- log("WARNING: %s does not exist, using old prime", DH_PRIMES);
+ log("WARNING: %s does not exist, using old prime", _PATH_DH_PRIMES);
return (dh_new_group1());
}
@@ -126,13 +129,13 @@ choose_dh(int minbits)
fclose (f);
if (bestcount == 0) {
- log("WARNING: no primes in %s, using old prime", DH_PRIMES);
+ log("WARNING: no primes in %s, using old prime", _PATH_DH_PRIMES);
return (dh_new_group1());
}
- f = fopen(DH_PRIMES, "r");
+ f = fopen(_PATH_DH_PRIMES, "r");
if (!f) {
- fatal("WARNING: %s dissappeared, giving up", DH_PRIMES);
+ fatal("WARNING: %s dissappeared, giving up", _PATH_DH_PRIMES);
}
linenum = 0;
diff --git a/dispatch.c b/dispatch.c
index db8951c1b..74fcc553c 100644
--- a/dispatch.c
+++ b/dispatch.c
@@ -22,8 +22,10 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: dispatch.c,v 1.5 2000/09/21 11:25:34 markus Exp $");
-#include "ssh.h"
+RCSID("$OpenBSD: dispatch.c,v 1.7 2001/01/21 19:05:49 markus Exp $");
+
+#include "ssh1.h"
+#include "log.h"
#include "dispatch.h"
#include "packet.h"
diff --git a/entropy.c b/entropy.c
index 7cbc6951e..25e83889e 100644
--- a/entropy.c
+++ b/entropy.c
@@ -24,9 +24,6 @@
#include "includes.h"
-#include "ssh.h"
-#include "xmalloc.h"
-
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -35,7 +32,12 @@
# include <floatingpoint.h>
#endif /* HAVE_FLOATINGPOINT_H */
-RCSID("$Id: entropy.c,v 1.23 2001/01/16 22:37:15 djm Exp $");
+#include "ssh.h"
+#include "xmalloc.h"
+#include "atomicio.h"
+#include "log.h"
+
+RCSID("$Id: entropy.c,v 1.24 2001/01/22 05:34:41 mouring Exp $");
#ifndef offsetof
# define offsetof(type, member) ((size_t) &((type *)0)->member)
diff --git a/groupaccess.c b/groupaccess.c
index bf6be997e..9f72e577e 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -25,9 +25,9 @@
#include "includes.h"
#include "groupaccess.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "match.h"
+#include "log.h"
static int ngroups;
static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
diff --git a/hmac.c b/hmac.c
index 6c3883e67..e440d6117 100644
--- a/hmac.c
+++ b/hmac.c
@@ -23,11 +23,11 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: hmac.c,v 1.5 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: hmac.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
#include "getput.h"
+#include "log.h"
#include <openssl/hmac.h>
diff --git a/hostfile.c b/hostfile.c
index 1c3fb22ad..b285ee83c 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,15 +36,13 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.23 2000/12/21 15:10:16 markus Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.24 2001/01/21 19:05:49 markus Exp $");
#include "packet.h"
#include "match.h"
-#include "ssh.h"
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include "key.h"
#include "hostfile.h"
+#include "log.h"
/*
* Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the
diff --git a/kex.c b/kex.c
index 9a31ae927..d3099f708 100644
--- a/kex.c
+++ b/kex.c
@@ -23,18 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $");
-
-#include "ssh.h"
-#include "ssh2.h"
-#include "xmalloc.h"
-#include "buffer.h"
-#include "bufaux.h"
-#include "packet.h"
-#include "compat.h"
-
-#include <openssl/bn.h>
-#include <openssl/dh.h>
+RCSID("$OpenBSD: kex.c,v 1.18 2001/01/21 19:05:49 markus Exp $");
#include <openssl/crypto.h>
#include <openssl/bio.h>
@@ -42,8 +31,16 @@ RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $");
#include <openssl/dh.h>
#include <openssl/pem.h>
+#include "ssh2.h"
+#include "xmalloc.h"
+#include "buffer.h"
+#include "bufaux.h"
+#include "packet.h"
+#include "compat.h"
+#include "cipher.h"
#include "kex.h"
#include "key.h"
+#include "log.h"
#define KEX_COOKIE_LEN 16
diff --git a/key.c b/key.c
index 21e13b863..a2306fed6 100644
--- a/key.c
+++ b/key.c
@@ -31,12 +31,11 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-
#include "includes.h"
-#include "ssh.h"
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
+RCSID("$OpenBSD: key.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
+
#include <openssl/evp.h>
+
#include "xmalloc.h"
#include "key.h"
#include "rsa.h"
@@ -45,8 +44,7 @@
#include "uuencode.h"
#include "buffer.h"
#include "bufaux.h"
-
-RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $");
+#include "log.h"
Key *
key_new(int type)
diff --git a/key.h b/key.h
index 91f4d0055..00e71839a 100644
--- a/key.h
+++ b/key.h
@@ -24,6 +24,9 @@
#ifndef KEY_H
#define KEY_H
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
typedef struct Key Key;
enum types {
KEY_RSA1,
diff --git a/log-client.c b/log-client.c
index 656499ad1..b35f77bc9 100644
--- a/log-client.c
+++ b/log-client.c
@@ -36,10 +36,10 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: log-client.c,v 1.14 2001/01/18 16:20:21 markus Exp $");
+RCSID("$OpenBSD: log-client.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
static LogLevel log_level = SYSLOG_LEVEL_INFO;
diff --git a/log-server.c b/log-server.c
index 3b19550e3..3c53d9c59 100644
--- a/log-server.c
+++ b/log-server.c
@@ -36,12 +36,12 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: log-server.c,v 1.19 2001/01/18 16:20:21 markus Exp $");
+RCSID("$OpenBSD: log-server.c,v 1.20 2001/01/21 19:05:50 markus Exp $");
#include <syslog.h>
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 0;
diff --git a/log.c b/log.c
index 9df2a93fd..7e01384fa 100644
--- a/log.c
+++ b/log.c
@@ -36,9 +36,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: log.c,v 1.14 2001/01/18 16:20:21 markus Exp $");
+RCSID("$OpenBSD: log.c,v 1.15 2001/01/21 19:05:51 markus Exp $");
-#include "ssh.h"
+#include "log.h"
#include "xmalloc.h"
/* Fatal messages. This function never returns. */
diff --git a/log.h b/log.h
new file mode 100644
index 000000000..4b82ee3e7
--- /dev/null
+++ b/log.h
@@ -0,0 +1,76 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#ifndef SSH_LOG_H
+#define SSH_LOG_H
+
+/* Supported syslog facilities and levels. */
+typedef enum {
+ SYSLOG_FACILITY_DAEMON,
+ SYSLOG_FACILITY_USER,
+ SYSLOG_FACILITY_AUTH,
+#ifdef LOG_AUTHPRIV
+ SYSLOG_FACILITY_AUTHPRIV,
+#endif
+ SYSLOG_FACILITY_LOCAL0,
+ SYSLOG_FACILITY_LOCAL1,
+ SYSLOG_FACILITY_LOCAL2,
+ SYSLOG_FACILITY_LOCAL3,
+ SYSLOG_FACILITY_LOCAL4,
+ SYSLOG_FACILITY_LOCAL5,
+ SYSLOG_FACILITY_LOCAL6,
+ SYSLOG_FACILITY_LOCAL7
+} SyslogFacility;
+
+typedef enum {
+ SYSLOG_LEVEL_QUIET,
+ SYSLOG_LEVEL_FATAL,
+ SYSLOG_LEVEL_ERROR,
+ SYSLOG_LEVEL_INFO,
+ SYSLOG_LEVEL_VERBOSE,
+ SYSLOG_LEVEL_DEBUG1,
+ SYSLOG_LEVEL_DEBUG2,
+ SYSLOG_LEVEL_DEBUG3
+} LogLevel;
+/* Initializes logging. */
+void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
+
+/* Logging implementation, depending on server or client */
+void do_log(LogLevel level, const char *fmt, va_list args);
+
+/* name to facility/level */
+SyslogFacility log_facility_number(char *name);
+LogLevel log_level_number(char *name);
+
+/* Output a message to syslog or stderr */
+void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+
+/* same as fatal() but w/o logging */
+void fatal_cleanup(void);
+
+/*
+ * Registers a cleanup function to be called by fatal()/fatal_cleanup()
+ * before exiting. It is permissible to call fatal_remove_cleanup for the
+ * function itself from the function.
+ */
+void fatal_add_cleanup(void (*proc) (void *context), void *context);
+
+/* Removes a cleanup function to be called at fatal(). */
+void fatal_remove_cleanup(void (*proc) (void *context), void *context);
+
+#endif
diff --git a/login.c b/login.c
index 649648faf..3e9af193d 100644
--- a/login.c
+++ b/login.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: login.c,v 1.16 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: login.c,v 1.17 2001/01/21 19:05:51 markus Exp $");
#include "loginrec.h"
diff --git a/login.h b/login.h
new file mode 100644
index 000000000..fc9b5ded1
--- /dev/null
+++ b/login.h
@@ -0,0 +1,38 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+#ifndef LOGIN_H
+#define LOGIN_H
+
+/*
+ * Returns the time when the user last logged in. Returns 0 if the
+ * information is not available. This must be called before record_login.
+ * The host from which the user logged in is stored in buf.
+ */
+u_long
+get_last_login_time(uid_t uid, const char *logname,
+ char *buf, u_int bufsize);
+
+/*
+ * Records that the user has logged in. This does many things normally done
+ * by login(1).
+ */
+void
+record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
+ const char *host, struct sockaddr *addr);
+
+/*
+ * Records that the user has logged out. This does many thigs normally done
+ * by login(1) or init.
+ */
+void record_logout(pid_t pid, const char *ttyname);
+
+#endif
diff --git a/loginrec.c b/loginrec.c
index 4afe6fec1..dc723f742 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -160,8 +160,10 @@
#include "ssh.h"
#include "xmalloc.h"
#include "loginrec.h"
+#include "log.h"
+#include "atomicio.h"
-RCSID("$Id: loginrec.c,v 1.29 2000/12/28 00:07:07 mouring Exp $");
+RCSID("$Id: loginrec.c,v 1.30 2001/01/22 05:34:42 mouring Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
diff --git a/match.c b/match.c
index 895ecab37..81030da6a 100644
--- a/match.c
+++ b/match.c
@@ -12,9 +12,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.10 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: match.c,v 1.11 2001/01/21 19:05:52 markus Exp $");
-#include "ssh.h"
+#include "match.h"
/*
* Returns true if the given string matches the pattern (which may contain ?
diff --git a/util.c b/misc.c
index 1a591a6f0..2d7b2fa60 100644
--- a/util.c
+++ b/misc.c
@@ -28,6 +28,7 @@
RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $");
#include "ssh.h"
+#include "log.h"
char *
chop(char *s)
diff --git a/misc.h b/misc.h
new file mode 100644
index 000000000..8205a6070
--- /dev/null
+++ b/misc.h
@@ -0,0 +1,19 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+/* remove newline at end of string */
+char *chop(char *s);
+
+/* return next token in configuration line */
+char *strdelim(char **s);
+
+/* set filedescriptor to non-blocking */
+void set_nonblock(int fd);
diff --git a/nchan.c b/nchan.c
index 02c213c20..d049a945a 100644
--- a/nchan.c
+++ b/nchan.c
@@ -23,17 +23,16 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: nchan.c,v 1.20 2000/11/06 23:04:56 markus Exp $");
-
-#include "ssh.h"
+RCSID("$OpenBSD: nchan.c,v 1.22 2001/01/21 19:05:52 markus Exp $");
+#include "ssh1.h"
+#include "ssh2.h"
#include "buffer.h"
#include "packet.h"
#include "channels.h"
#include "nchan.h"
-
-#include "ssh2.h"
#include "compat.h"
+#include "log.h"
/* functions manipulating channel states */
/*
diff --git a/packet.c b/packet.c
index bf3a7ee0b..1b7cd162b 100644
--- a/packet.c
+++ b/packet.c
@@ -37,13 +37,12 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.46 2001/01/21 19:05:53 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
#include "packet.h"
#include "bufaux.h"
-#include "ssh.h"
#include "crc32.h"
#include "getput.h"
@@ -52,6 +51,7 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
#include "channels.h"
#include "compat.h"
+#include "ssh1.h"
#include "ssh2.h"
#include <openssl/bn.h>
@@ -61,6 +61,8 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
#include "cipher.h"
#include "kex.h"
#include "hmac.h"
+#include "log.h"
+#include "canohost.h"
#ifdef PACKET_DEBUG
#define DBG(x) x
diff --git a/pathnames.h b/pathnames.h
new file mode 100644
index 000000000..702251c08
--- /dev/null
+++ b/pathnames.h
@@ -0,0 +1,136 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#ifndef ETCDIR
+#define ETCDIR "/etc"
+#endif
+
+#ifndef _PATH_SSH_PIDDIR
+#define _PATH_SSH_PIDDIR "/var/run"
+#endif
+
+/*
+ * System-wide file containing host keys of known hosts. This file should be
+ * world-readable.
+ */
+#define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
+#define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
+
+/*
+ * Of these, ssh_host_key must be readable only by root, whereas ssh_config
+ * should be world-readable.
+ */
+#define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key"
+#define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config"
+#define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config"
+#define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
+#define _PATH_DH_PRIMES ETCDIR "/primes"
+
+#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
+
+/*
+ * The process id of the daemon listening for connections is saved here to
+ * make it easier to kill the correct daemon when necessary.
+ */
+#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid"
+
+/*
+ * The directory in user\'s home directory in which the files reside. The
+ * directory should be world-readable (though not all files are).
+ */
+#define _PATH_SSH_USER_DIR ".ssh"
+
+/*
+ * Per-user file containing host keys of known hosts. This file need not be
+ * readable by anyone except the user him/herself, though this does not
+ * contain anything particularly secret.
+ */
+#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts"
+#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
+
+/*
+ * Name of the default file containing client-side authentication key. This
+ * file should only be readable by the user him/herself.
+ */
+#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity"
+#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa"
+#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa"
+
+/*
+ * Configuration file in user\'s home directory. This file need not be
+ * readable by anyone but the user him/herself, but does not contain anything
+ * particularly secret. If the user\'s home directory resides on an NFS
+ * volume where root is mapped to nobody, this may need to be world-readable.
+ */
+#define _PATH_SSH_USER_CONFFILE ".ssh/config"
+
+/*
+ * File containing a list of those rsa keys that permit logging in as this
+ * user. This file need not be readable by anyone but the user him/herself,
+ * but does not contain anything particularly secret. If the user\'s home
+ * directory resides on an NFS volume where root is mapped to nobody, this
+ * may need to be world-readable. (This file is read by the daemon which is
+ * running as root.)
+ */
+#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
+#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
+
+/*
+ * Per-user and system-wide ssh "rc" files. These files are executed with
+ * /bin/sh before starting the shell or command if they exist. They will be
+ * passed "proto cookie" as arguments if X11 forwarding with spoofing is in
+ * use. xauth will be run if neither of these exists.
+ */
+#define _PATH_SSH_USER_RC ".ssh/rc"
+#define _PATH_SSH_SYSTEM_RC ETCDIR "/sshrc"
+
+/*
+ * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
+ * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
+ */
+#define _PATH_SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
+#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv"
+
+/*
+ * Default location of askpass
+ */
+#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
+
+/* for scp */
+#ifndef _PATH_CP
+#define _PATH_CP "cp"
+#endif
+
+/* path to login program */
+#ifndef LOGIN_PROGRAM
+# ifdef LOGIN_PROGRAM_FALLBACK
+# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
+# else
+# define LOGIN_PROGRAM "/usr/bin/login"
+# endif
+#endif /* LOGIN_PROGRAM */
+
+/* Askpass program define */
+#ifndef ASKPASS_PROGRAM
+#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
+#endif /* ASKPASS_PROGRAM */
+
+/*
+ * Relevant only when using builtin PRNG.
+ */
+#ifndef SSH_PRNG_SEED_FILE
+# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
+#endif /* SSH_PRNG_SEED_FILE */
+#ifndef SSH_PRNG_COMMAND_FILE
+# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
+#endif /* SSH_PRNG_COMMAND_FILE */
+
diff --git a/pty.c b/pty.c
index 37a907822..384e921b5 100644
--- a/pty.c
+++ b/pty.c
@@ -12,14 +12,14 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: pty.c,v 1.19 2000/12/20 20:00:34 markus Exp $");
+RCSID("$OpenBSD: pty.c,v 1.20 2001/01/21 19:05:53 markus Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
#endif /* HAVE_UTIL_H */
#include "pty.h"
-#include "ssh.h"
+#include "log.h"
/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
diff --git a/radix.h b/radix.h
new file mode 100644
index 000000000..993fa5887
--- /dev/null
+++ b/radix.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 1999 Dug Song. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
+int radix_to_creds(const char *buf, CREDENTIALS * creds);
diff --git a/readconf.c b/readconf.c
index 7efaf85eb..a10aaff1c 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,13 +12,17 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.54 2001/01/18 16:20:22 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.58 2001/01/21 19:05:53 markus Exp $");
#include "ssh.h"
-#include "readconf.h"
-#include "match.h"
#include "xmalloc.h"
#include "compat.h"
+#include "cipher.h"
+#include "pathnames.h"
+#include "log.h"
+#include "readconf.h"
+#include "match.h"
+#include "misc.h"
/* Format of the configuration file:
@@ -247,7 +251,7 @@ process_config_line(Options *options, const char *host,
/* Ignore leading whitespace. */
if (*keyword == '\0')
keyword = strdelim(&s);
- if (!*keyword || *keyword == '\n' || *keyword == '#')
+ if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
return 0;
opcode = parse_token(keyword, filename, linenum);
@@ -599,8 +603,7 @@ parse_int:
}
/* Check that there is no garbage at end of line. */
- if ((arg = strdelim(&s)) != NULL && *arg != '\0')
- {
+ if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
filename, linenum, arg);
}
@@ -782,27 +785,27 @@ fill_default_options(Options * options)
if (options->num_identity_files == 0) {
if (options->protocol & SSH_PROTO_1) {
options->identity_files[options->num_identity_files] =
- xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);
+ xmalloc(2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1);
sprintf(options->identity_files[options->num_identity_files++],
- "~/%.100s", SSH_CLIENT_IDENTITY);
+ "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
}
if (options->protocol & SSH_PROTO_2) {
options->identity_files[options->num_identity_files] =
- xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1);
+ xmalloc(2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1);
sprintf(options->identity_files[options->num_identity_files++],
- "~/%.100s", SSH_CLIENT_ID_DSA);
+ "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
}
}
if (options->escape_char == -1)
options->escape_char = '~';
if (options->system_hostfile == NULL)
- options->system_hostfile = SSH_SYSTEM_HOSTFILE;
+ options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
if (options->user_hostfile == NULL)
- options->user_hostfile = SSH_USER_HOSTFILE;
+ options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
if (options->system_hostfile2 == NULL)
- options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2;
+ options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
if (options->user_hostfile2 == NULL)
- options->user_hostfile2 = SSH_USER_HOSTFILE2;
+ options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
if (options->log_level == (LogLevel) - 1)
options->log_level = SYSLOG_LEVEL_INFO;
/* options->proxy_command should not be set by default */
diff --git a/readpass.c b/readpass.c
index 64281edd6..fe158d549 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,10 +32,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.12 2000/10/11 20:14:39 markus Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.13 2001/01/21 19:05:54 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
#include "cli.h"
/*
diff --git a/readpass.h b/readpass.h
new file mode 100644
index 000000000..fa64b4b34
--- /dev/null
+++ b/readpass.h
@@ -0,0 +1,18 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+/*
+ * Reads a passphrase from /dev/tty with echo turned off. Returns the
+ * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
+ * from_stdin is true, the passphrase will be read from stdin instead.
+ */
+char *read_passphrase(char *prompt, int from_stdin);
diff --git a/rsa.c b/rsa.c
index e5eea29f5..04bb239e5 100644
--- a/rsa.c
+++ b/rsa.c
@@ -60,10 +60,10 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: rsa.c,v 1.18 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: rsa.c,v 1.19 2001/01/21 19:05:54 markus Exp $");
#include "rsa.h"
-#include "ssh.h"
+#include "log.h"
#include "xmalloc.h"
void
diff --git a/scp.c b/scp.c
index d353b5ead..401e400d4 100644
--- a/scp.c
+++ b/scp.c
@@ -75,14 +75,12 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.51 2001/01/21 19:05:55 markus Exp $");
-#include "ssh.h"
#include "xmalloc.h"
-
-#ifndef _PATH_CP
-#define _PATH_CP "cp"
-#endif
+#include "atomicio.h"
+#include "pathnames.h"
+#include "log.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
@@ -130,7 +128,7 @@ int verbose_mode = 0;
int showprogress = 1;
/* This is the program to execute for the secured connection. ("ssh" or -S) */
-char *ssh_program = SSH_PROGRAM;
+char *ssh_program = _PATH_SSH_PROGRAM;
/* This is the list of arguments that scp passes to ssh */
struct {
diff --git a/servconf.c b/servconf.c
index 801267b48..7dfd040c8 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,16 +10,32 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.59 2001/01/19 12:45:26 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.62 2001/01/21 19:05:55 markus Exp $");
+
+#ifdef KRB4
+#include <krb.h>
+#endif
+#ifdef AFS
+#include <kafs.h>
+#endif
#include "ssh.h"
+#include "log.h"
#include "servconf.h"
#include "xmalloc.h"
#include "compat.h"
+#include "pathnames.h"
+#include "tildexpand.h"
+#include "misc.h"
+#include "cipher.h"
+
/* add listen address */
void add_listen_addr(ServerOptions *options, char *addr);
+/* AF_UNSPEC or AF_INET or AF_INET6 */
+extern int IPv4or6;
+
/* Initializes the server options to their default values. */
void
@@ -87,16 +103,16 @@ fill_default_server_options(ServerOptions *options)
if (options->num_host_key_files == 0) {
/* fill default hostkeys for protocols */
if (options->protocol & SSH_PROTO_1)
- options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE;
+ options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
if (options->protocol & SSH_PROTO_2)
- options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE;
+ options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
}
if (options->num_ports == 0)
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
if (options->listen_addrs == NULL)
add_listen_addr(options, NULL);
if (options->pid_file == NULL)
- options->pid_file = SSH_DAEMON_PID_FILE;
+ options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
if (options->server_key_bits == -1)
options->server_key_bits = 768;
if (options->login_grace_time == -1)
@@ -281,7 +297,6 @@ parse_token(const char *cp, const char *filename,
void
add_listen_addr(ServerOptions *options, char *addr)
{
- extern int IPv4or6;
struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV];
int gaierr;
@@ -332,7 +347,7 @@ read_server_config(ServerOptions *options, const char *filename)
/* Ignore leading whitespace */
if (*arg == '\0')
arg = strdelim(&cp);
- if (!*arg || *arg == '#')
+ if (!arg || !*arg || *arg == '#')
continue;
intptr = NULL;
charptr = NULL;
diff --git a/serverloop.c b/serverloop.c
index 958c9661e..a7f8e72b5 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,22 +35,24 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.40 2001/01/18 17:00:00 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.42 2001/01/21 19:05:55 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
#include "packet.h"
#include "buffer.h"
+#include "log.h"
#include "servconf.h"
#include "pty.h"
#include "channels.h"
-
#include "compat.h"
+#include "ssh1.h"
#include "ssh2.h"
#include "auth.h"
#include "session.h"
#include "dispatch.h"
#include "auth-options.h"
+#include "serverloop.h"
+#include "misc.h"
extern ServerOptions options;
diff --git a/serverloop.h b/serverloop.h
new file mode 100644
index 000000000..915bffeab
--- /dev/null
+++ b/serverloop.h
@@ -0,0 +1,20 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+/*
+ * Performs the interactive session. This handles data transmission between
+ * the client and the program. Note that the notion of stdin, stdout, and
+ * stderr in this function is sort of reversed: this function writes to stdin
+ * (of the child program), and reads from stdout and stderr (of the child
+ * program).
+ */
+void server_loop(pid_t pid, int fdin, int fdout, int fderr);
+void server_loop2(void);
diff --git a/session.c b/session.c
index 20975cb6c..b6ab88731 100644
--- a/session.c
+++ b/session.c
@@ -33,24 +33,29 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.49 2001/01/18 17:00:00 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.51 2001/01/21 19:05:56 markus Exp $");
-#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
+#include "xmalloc.h"
#include "pty.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
-#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
#include "channels.h"
#include "nchan.h"
-
#include "bufaux.h"
-#include "ssh2.h"
#include "auth.h"
#include "auth-options.h"
+#include "pathnames.h"
+#include "log.h"
+#include "servconf.h"
+#include "login.h"
+#include "serverloop.h"
+#include "canohost.h"
#ifdef WITH_IRIX_PROJECT
#include <proj.h>
@@ -1333,28 +1338,28 @@ do_child(const char *command, struct passwd * pw, const char *term,
* in this order).
*/
if (!options.use_login) {
- if (stat(SSH_USER_RC, &st) >= 0) {
+ if (stat(_PATH_SSH_USER_RC, &st) >= 0) {
if (debug_flag)
- fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC);
+ fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_USER_RC);
- f = popen(_PATH_BSHELL " " SSH_USER_RC, "w");
+ f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w");
if (f) {
if (auth_proto != NULL && auth_data != NULL)
fprintf(f, "%s %s\n", auth_proto, auth_data);
pclose(f);
} else
- fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
- } else if (stat(SSH_SYSTEM_RC, &st) >= 0) {
+ fprintf(stderr, "Could not run %s\n", _PATH_SSH_USER_RC);
+ } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
if (debug_flag)
- fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC);
+ fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_SYSTEM_RC);
- f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w");
+ f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
if (f) {
if (auth_proto != NULL && auth_data != NULL)
fprintf(f, "%s %s\n", auth_proto, auth_data);
pclose(f);
} else
- fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC);
+ fprintf(stderr, "Could not run %s\n", _PATH_SSH_SYSTEM_RC);
} else if (options.xauth_location != NULL) {
/* Add authority data to .Xauthority if appropriate. */
if (auth_proto != NULL && auth_data != NULL) {
diff --git a/sftp-server.c b/sftp-server.c
index b99f087fa..b0a8d0d57 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,12 +22,12 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.14 2001/01/21 19:05:56 markus Exp $");
-#include "ssh.h"
#include "buffer.h"
#include "bufaux.h"
#include "getput.h"
+#include "log.h"
#include "xmalloc.h"
#include "sftp.h"
diff --git a/ssh-add.c b/ssh-add.c
index c3b3ab4a9..da6f3dcf1 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,18 +35,19 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.27 2001/01/21 19:05:56 markus Exp $");
#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include "rsa.h"
#include "ssh.h"
+#include "rsa.h"
+#include "log.h"
#include "xmalloc.h"
#include "key.h"
#include "authfd.h"
#include "authfile.h"
+#include "pathnames.h"
+#include "readpass.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
@@ -103,6 +104,8 @@ ssh_askpass(char *askpass, char *msg)
int p[2], status;
char buf[1024];
+ if (fflush(stdout) != 0)
+ error("ssh_askpass: fflush: %s", strerror(errno));
if (askpass == NULL)
fatal("internal error: askpass undefined");
if (pipe(p) < 0)
@@ -117,9 +120,7 @@ ssh_askpass(char *askpass, char *msg)
fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
}
close(p[1]);
- buf[0] = '\0';
- atomicio(read, p[0], buf, sizeof buf);
- len = strlen(buf);
+ len = read(p[0], buf, sizeof buf);
close(p[0]);
while (waitpid(pid, &status, 0) < 0)
if (errno != EINTR)
@@ -166,7 +167,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
if (getenv(SSH_ASKPASS_ENV))
askpass = getenv(SSH_ASKPASS_ENV);
else
- askpass = SSH_ASKPASS_DEFAULT;
+ askpass = _PATH_SSH_ASKPASS_DEFAULT;
}
/* At first, try empty passphrase */
@@ -291,7 +292,7 @@ main(int argc, char **argv)
ssh_close_authentication_connection(ac);
exit(1);
}
- snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
+ snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY);
if (deleting)
delete_file(ac, buf);
else
diff --git a/ssh-agent.c b/ssh-agent.c
index 55704e492..bc577e76a 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,10 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $");
+
+#include <openssl/evp.h>
+#include <openssl/md5.h>
#include "ssh.h"
#include "rsa.h"
@@ -47,15 +50,12 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
#include "packet.h"
#include "getput.h"
#include "mpaux.h"
-
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include "key.h"
#include "authfd.h"
+#include "cipher.h"
#include "kex.h"
#include "compat.h"
+#include "log.h"
typedef struct {
int fd;
@@ -97,6 +97,8 @@ extern char *__progname;
char *__progname;
#endif
+int prepare_select(fd_set **, fd_set **, int *);
+
void
idtab_init(void)
{
@@ -293,7 +295,7 @@ process_remove_identity(SocketEntry *e, int version)
if (bits != key_size(key))
log("Warning: identity keysize mismatch: actual %d, announced %d",
- key_size(key), bits);
+ key_size(key), bits);
break;
case 2:
blob = buffer_get_string(&e->input, &blen);
@@ -388,7 +390,7 @@ process_add_identity(SocketEntry *e, int version)
switch (version) {
case 1:
k = key_new_private(KEY_RSA1);
- buffer_get_int(&e->input); /* ignored */
+ buffer_get_int(&e->input); /* ignored */
buffer_get_bignum(&e->input, k->rsa->n);
buffer_get_bignum(&e->input, k->rsa->e);
buffer_get_bignum(&e->input, k->rsa->d);
@@ -403,7 +405,7 @@ process_add_identity(SocketEntry *e, int version)
break;
case 2:
type_name = buffer_get_string(&e->input, NULL);
- type = key_type_from_name(type_name);
+ type = key_type_from_name(type_name);
xfree(type_name);
switch(type) {
case KEY_DSA:
@@ -556,17 +558,17 @@ new_socket(int type, int fd)
buffer_init(&sockets[old_alloc].output);
}
-void
-prepare_select(fd_set *readset, fd_set *writeset)
+int
+prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl)
{
- u_int i;
- for (i = 0; i < sockets_alloc; i++)
+ u_int i, sz;
+ int n = 0;
+
+ for (i = 0; i < sockets_alloc; i++) {
switch (sockets[i].type) {
case AUTH_SOCKET:
case AUTH_CONNECTION:
- FD_SET(sockets[i].fd, readset);
- if (buffer_len(&sockets[i].output) > 0)
- FD_SET(sockets[i].fd, writeset);
+ n = MAX(n, sockets[i].fd);
break;
case AUTH_UNUSED:
break;
@@ -574,6 +576,34 @@ prepare_select(fd_set *readset, fd_set *writeset)
fatal("Unknown socket type %d", sockets[i].type);
break;
}
+ }
+
+ sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
+ if (*fdrp == NULL || n > *fdl) {
+ if (*fdrp)
+ free(*fdrp);
+ if (*fdwp)
+ free(*fdwp);
+ *fdrp = xmalloc(sz);
+ *fdwp = xmalloc(sz);
+ *fdl = n;
+ }
+ memset(*fdrp, 0, sz);
+ memset(*fdwp, 0, sz);
+
+ for (i = 0; i < sockets_alloc; i++) {
+ switch (sockets[i].type) {
+ case AUTH_SOCKET:
+ case AUTH_CONNECTION:
+ FD_SET(sockets[i].fd, *fdrp);
+ if (buffer_len(&sockets[i].output) > 0)
+ FD_SET(sockets[i].fd, *fdwp);
+ break;
+ default:
+ break;
+ }
+ }
+ return (1);
}
void
@@ -592,7 +622,8 @@ after_select(fd_set *readset, fd_set *writeset)
case AUTH_SOCKET:
if (FD_ISSET(sockets[i].fd, readset)) {
slen = sizeof(sunaddr);
- sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen);
+ sock = accept(sockets[i].fd,
+ (struct sockaddr *) &sunaddr, &slen);
if (sock < 0) {
perror("accept from AUTH_SOCKET");
break;
@@ -603,8 +634,9 @@ after_select(fd_set *readset, fd_set *writeset)
case AUTH_CONNECTION:
if (buffer_len(&sockets[i].output) > 0 &&
FD_ISSET(sockets[i].fd, writeset)) {
- len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
- buffer_len(&sockets[i].output));
+ len = write(sockets[i].fd,
+ buffer_ptr(&sockets[i].output),
+ buffer_len(&sockets[i].output));
if (len <= 0) {
shutdown(sockets[i].fd, SHUT_RDWR);
close(sockets[i].fd);
@@ -637,12 +669,15 @@ after_select(fd_set *readset, fd_set *writeset)
void
check_parent_exists(int sig)
{
+ int save_errno = errno;
+
if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
/* printf("Parent has died - Authentication agent exiting.\n"); */
exit(1);
}
signal(SIGALRM, check_parent_exists);
alarm(10);
+ errno = save_errno;
}
void
@@ -664,14 +699,13 @@ usage()
{
fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
- __progname);
+ __progname);
exit(1);
}
int
main(int ac, char **av)
{
- fd_set readset, writeset;
int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
struct sockaddr_un sunaddr;
#ifdef HAVE_SETRLIMIT
@@ -680,6 +714,7 @@ main(int ac, char **av)
pid_t pid;
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
extern int optind;
+ fd_set *readsetp = NULL, *writesetp = NULL;
__progname = get_progname(av[0]);
init_rng();
@@ -722,14 +757,13 @@ main(int ac, char **av)
pidstr = getenv(SSH_AGENTPID_ENV_NAME);
if (pidstr == NULL) {
fprintf(stderr, "%s not set, cannot kill agent\n",
- SSH_AGENTPID_ENV_NAME);
+ SSH_AGENTPID_ENV_NAME);
exit(1);
}
pid = atoi(pidstr);
- if (pid < 1) { /* XXX PID_MAX check too */
- /* Yes, PID_MAX check please */
+ if (pid < 1) {
fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
- SSH_AGENTPID_ENV_NAME, pidstr);
+ SSH_AGENTPID_ENV_NAME, pidstr);
exit(1);
}
if (kill(pid, SIGTERM) == -1) {
@@ -751,7 +785,7 @@ main(int ac, char **av)
exit(1);
}
snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
- parent_pid);
+ parent_pid);
/*
* Create socket early so it will exist before command gets run from
@@ -773,6 +807,7 @@ main(int ac, char **av)
perror("listen");
cleanup_exit(1);
}
+
/*
* Fork, and have the parent execute the command, if any, or present
* the socket data. The child continues as the authentication agent.
@@ -788,9 +823,9 @@ main(int ac, char **av)
if (ac == 0) {
format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
- SSH_AUTHSOCKET_ENV_NAME);
+ SSH_AUTHSOCKET_ENV_NAME);
printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
- SSH_AGENTPID_ENV_NAME);
+ SSH_AGENTPID_ENV_NAME);
printf("echo Agent pid %d;\n", pid);
exit(0);
}
@@ -834,15 +869,13 @@ main(int ac, char **av)
signal(SIGHUP, cleanup_exit);
signal(SIGTERM, cleanup_exit);
while (1) {
- FD_ZERO(&readset);
- FD_ZERO(&writeset);
- prepare_select(&readset, &writeset);
- if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) {
+ prepare_select(&readsetp, &writesetp, &max_fd);
+ if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
if (errno == EINTR)
continue;
exit(1);
}
- after_select(&readset, &writeset);
+ after_select(readsetp, writesetp);
}
/* NOTREACHED */
}
diff --git a/ssh-dss.c b/ssh-dss.c
index 96b1565d2..2366c2117 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,19 +23,16 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.4 2001/01/21 19:05:57 markus Exp $");
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
-#include "ssh.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "compat.h"
-
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-
+#include "log.h"
#include "key.h"
#define INTBLOB_LEN 20
@@ -54,7 +51,7 @@ ssh_dss_sign(
EVP_MD_CTX md;
u_int rlen;
u_int slen;
- u_int len;
+ u_int len, dlen;
u_char sigblob[SIGBLOB_LEN];
Buffer b;
@@ -62,15 +59,18 @@ ssh_dss_sign(
error("ssh_dss_sign: no DSA key");
return -1;
}
- digest = xmalloc(evp_md->md_size);
+ dlen = evp_md->md_size;
+ digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
EVP_DigestFinal(&md, digest, NULL);
- sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
+ sig = DSA_do_sign(digest, dlen, key->dsa);
if (sig == NULL) {
fatal("ssh_dss_sign: cannot sign");
}
+ memset(digest, 0, dlen);
+ xfree(digest);
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index f7b08c983..9a9fac035 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -71,8 +71,6 @@
.Nm ssh-keygen
.Fl l
.Op Fl f Ar input_keyfile
-.Nm ssh-keygen
-.Fl R
.Sh DESCRIPTION
.Nm
generates and manages authentication keys for
@@ -172,10 +170,6 @@ Provides the new comment.
Provides the new passphrase.
.It Fl P Ar passphrase
Provides the (old) passphrase.
-.It Fl R
-If RSA support is functional, immediately exits with code 0. If RSA
-support is not functional, exits with code 1. This flag will be
-removed once the RSA patent expires.
.It Fl x
This option will read a private
OpenSSH DSA format file and print a SSH2-compatible public key to stdout.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5d9fa644e..9f519e596 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,22 +12,20 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.41 2001/01/21 19:05:57 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include "ssh.h"
#include "xmalloc.h"
#include "key.h"
-#include "rsa.h"
#include "authfile.h"
#include "uuencode.h"
-
#include "buffer.h"
#include "bufaux.h"
+#include "pathnames.h"
+#include "log.h"
+#include "readpass.h"
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
int bits = 1024;
@@ -87,13 +85,13 @@ ask_filename(struct passwd *pw, const char *prompt)
switch (key_type_from_name(key_type_name)) {
case KEY_RSA1:
- name = SSH_CLIENT_IDENTITY;
+ name = _PATH_SSH_CLIENT_IDENTITY;
break;
case KEY_DSA:
- name = SSH_CLIENT_ID_DSA;
+ name = _PATH_SSH_CLIENT_ID_DSA;
break;
case KEY_RSA:
- name = SSH_CLIENT_ID_RSA;
+ name = _PATH_SSH_CLIENT_ID_RSA;
break;
default:
fprintf(stderr, "bad key type");
@@ -757,7 +755,7 @@ main(int ac, char **av)
ask_filename(pw, "Enter file in which to save the key");
/* Create ~/.ssh directory if it doesn\'t already exist. */
- snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR);
+ snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
if (strstr(identity_file, dotsshdir) != NULL &&
stat(dotsshdir, &st) < 0) {
if (mkdir(dotsshdir, 0700) < 0)
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 69b029b05..64ac551b5 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -8,7 +8,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.11 2001/01/21 19:05:57 markus Exp $");
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
#include <sys/queue.h>
@@ -18,14 +18,14 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
#include <errno.h>
#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
#include "key.h"
#include "buffer.h"
#include "bufaux.h"
+#include "log.h"
static int argno = 1; /* Number of argument currently being parsed */
diff --git a/ssh-rsa.c b/ssh-rsa.c
index e53af9e0a..2dc341066 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,18 +23,15 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $");
-
-#include "ssh.h"
-#include "xmalloc.h"
-#include "buffer.h"
-#include "bufaux.h"
+RCSID("$OpenBSD: ssh-rsa.c,v 1.5 2001/01/21 19:05:58 markus Exp $");
#include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/err.h>
+#include "xmalloc.h"
+#include "log.h"
+#include "buffer.h"
+#include "bufaux.h"
#include "key.h"
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
diff --git a/ssh.c b/ssh.c
index f1beb8c53..9f9055a5f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,27 +39,31 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.84 2001/01/21 19:05:58 markus Exp $");
#include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/err.h>
-#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
+#include "compat.h"
+#include "cipher.h"
+#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
-#include "readconf.h"
#include "uidswap.h"
-
-#include "ssh2.h"
-#include "compat.h"
#include "channels.h"
#include "key.h"
#include "authfd.h"
#include "authfile.h"
+#include "pathnames.h"
#include "clientloop.h"
+#include "log.h"
+#include "readconf.h"
+#include "sshconnect.h"
+#include "tildexpand.h"
+#include "misc.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
@@ -555,11 +559,11 @@ main(int ac, char **av)
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
/* Read per-user configuration file. */
- snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE);
+ snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE);
read_config_file(buf, host, &options);
/* Read systemwide configuration file. */
- read_config_file(HOST_CONFIG_FILE, host, &options);
+ read_config_file(_PATH_HOST_CONFIG_FILE, host, &options);
/* Fill configuration defaults. */
fill_default_options(&options);
@@ -624,7 +628,7 @@ main(int ac, char **av)
host_private_key = RSA_new();
k.type = KEY_RSA1;
k.rsa = host_private_key;
- if (load_private_key(HOST_KEY_FILE, "", &k, NULL))
+ if (load_private_key(_PATH_HOST_KEY_FILE, "", &k, NULL))
host_private_key_loaded = 1;
}
/*
@@ -648,7 +652,7 @@ main(int ac, char **av)
* Now that we are back to our own permissions, create ~/.ssh
* directory if it doesn\'t already exist.
*/
- snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR);
+ snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_DIR);
if (stat(buf, &st) < 0)
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
diff --git a/ssh.h b/ssh.h
index 736d1dd65..5b60be603 100644
--- a/ssh.h
+++ b/ssh.h
@@ -3,8 +3,6 @@
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
- * Generic header file for ssh.
- *
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
@@ -12,7 +10,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: ssh.h,v 1.59 2001/01/19 12:45:27 markus Exp $"); */
+/* RCSID("$OpenBSD: ssh.h,v 1.61 2001/01/21 19:05:59 markus Exp $"); */
#ifndef SSH_H
#define SSH_H
@@ -26,8 +24,9 @@
#ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
#endif
-#include "rsa.h"
-#include "cipher.h"
+
+//#include "rsa.h"
+//#include "cipher.h"
/* Cipher used for encrypting authentication files. */
#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES
@@ -68,138 +67,21 @@
# define SSHD_PAM_SERVICE "sshd"
#endif
-#ifndef ETCDIR
-#define ETCDIR "/etc"
-#endif /* ETCDIR */
-
-#ifndef PIDDIR
-#define PIDDIR "/var/run"
-#endif /* PIDDIR */
-
-/*
- * System-wide file containing host keys of known hosts. This file should be
- * world-readable.
- */
-#define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
-#define SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
-
-/*
- * Of these, ssh_host_key must be readable only by root, whereas ssh_config
- * should be world-readable.
- */
-#define HOST_KEY_FILE ETCDIR "/ssh_host_key"
-#define SERVER_CONFIG_FILE ETCDIR "/sshd_config"
-#define HOST_CONFIG_FILE ETCDIR "/ssh_config"
-#define HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
-#define DH_PRIMES ETCDIR "/primes"
-
-#ifndef SSH_PROGRAM
-#define SSH_PROGRAM "/usr/bin/ssh"
-#endif /* SSH_PROGRAM */
-
-#ifndef LOGIN_PROGRAM
-# ifdef LOGIN_PROGRAM_FALLBACK
-# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
-# else
-# define LOGIN_PROGRAM "/usr/bin/login"
-# endif
-#endif /* LOGIN_PROGRAM */
-
-#ifndef ASKPASS_PROGRAM
-#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
-#endif /* ASKPASS_PROGRAM */
-
-/*
- * The process id of the daemon listening for connections is saved here to
- * make it easier to kill the correct daemon when necessary.
- */
-#define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid"
-
-/*
- * The directory in user\'s home directory in which the files reside. The
- * directory should be world-readable (though not all files are).
- */
-#define SSH_USER_DIR ".ssh"
-
-/*
- * Relevant only when using builtin PRNG.
- */
-#ifndef SSH_PRNG_SEED_FILE
-# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
-#endif /* SSH_PRNG_SEED_FILE */
-#ifndef SSH_PRNG_COMMAND_FILE
-# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
-#endif /* SSH_PRNG_COMMAND_FILE */
-
-/*
- * Per-user file containing host keys of known hosts. This file need not be
- * readable by anyone except the user him/herself, though this does not
- * contain anything particularly secret.
- */
-#define SSH_USER_HOSTFILE "~/.ssh/known_hosts"
-#define SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
-
-/*
- * Name of the default file containing client-side authentication key. This
- * file should only be readable by the user him/herself.
- */
-#define SSH_CLIENT_IDENTITY ".ssh/identity"
-#define SSH_CLIENT_ID_DSA ".ssh/id_dsa"
-#define SSH_CLIENT_ID_RSA ".ssh/id_rsa"
-
-/*
- * Configuration file in user\'s home directory. This file need not be
- * readable by anyone but the user him/herself, but does not contain anything
- * particularly secret. If the user\'s home directory resides on an NFS
- * volume where root is mapped to nobody, this may need to be world-readable.
- */
-#define SSH_USER_CONFFILE ".ssh/config"
-
-/*
- * File containing a list of those rsa keys that permit logging in as this
- * user. This file need not be readable by anyone but the user him/herself,
- * but does not contain anything particularly secret. If the user\'s home
- * directory resides on an NFS volume where root is mapped to nobody, this
- * may need to be world-readable. (This file is read by the daemon which is
- * running as root.)
- */
-#define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
-#define SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
-
-/*
- * Per-user and system-wide ssh "rc" files. These files are executed with
- * /bin/sh before starting the shell or command if they exist. They will be
- * passed "proto cookie" as arguments if X11 forwarding with spoofing is in
- * use. xauth will be run if neither of these exists.
- */
-#define SSH_USER_RC ".ssh/rc"
-#define SSH_SYSTEM_RC ETCDIR "/sshrc"
-
-/*
- * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
- * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
- */
-#define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
-
/*
* Name of the environment variable containing the pathname of the
* authentication socket.
*/
-#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
+#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
/*
* Name of the environment variable containing the pathname of the
* authentication socket.
*/
-#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
+#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
/*
- * Default path to ssh-askpass used by ssh-add,
- * environment variable for overwriting the default location
+ * Environment variable for overwriting the default location of askpass
*/
-#ifndef SSH_ASKPASS_DEFAULT
-# define SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
-#endif
#define SSH_ASKPASS_ENV "SSH_ASKPASS"
/*
@@ -217,339 +99,4 @@
/* Name of Kerberos service for SSH to use. */
#define KRB4_SERVICE_NAME "rcmd"
-/*
- * Authentication methods. New types can be added, but old types should not
- * be removed for compatibility. The maximum allowed value is 31.
- */
-#define SSH_AUTH_RHOSTS 1
-#define SSH_AUTH_RSA 2
-#define SSH_AUTH_PASSWORD 3
-#define SSH_AUTH_RHOSTS_RSA 4
-#define SSH_AUTH_TIS 5
-#define SSH_AUTH_KERBEROS 6
-#define SSH_PASS_KERBEROS_TGT 7
- /* 8 to 15 are reserved */
-#define SSH_PASS_AFS_TOKEN 21
-
-/* Protocol flags. These are bit masks. */
-#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
-#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
-
-/*
- * Definition of message types. New values can be added, but old values
- * should not be removed or without careful consideration of the consequences
- * for compatibility. The maximum value is 254; value 255 is reserved for
- * future extension.
- */
-/* Message name */ /* msg code */ /* arguments */
-#define SSH_MSG_NONE 0 /* no message */
-#define SSH_MSG_DISCONNECT 1 /* cause (string) */
-#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
-#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
-#define SSH_CMSG_USER 4 /* user (string) */
-#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
-#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
-#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
-#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
-#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
-#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
-#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
-#define SSH_CMSG_EXEC_SHELL 12 /* */
-#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
-#define SSH_SMSG_SUCCESS 14 /* */
-#define SSH_SMSG_FAILURE 15 /* */
-#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
-#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
-#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
-#define SSH_CMSG_EOF 19 /* */
-#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
-#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
-#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
-#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
-#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
-#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
-/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
-#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
-#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
-#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
-#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
-#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
-#define SSH_MSG_IGNORE 32 /* string */
-#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
-#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
-#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
-#define SSH_MSG_DEBUG 36 /* string */
-#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
-#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
-#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
-#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
-#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
-#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
-#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
-#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
-#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
-
-/*------------ definitions for login.c -------------*/
-
-/*
- * Returns the time when the user last logged in. Returns 0 if the
- * information is not available. This must be called before record_login.
- * The host from which the user logged in is stored in buf.
- */
-u_long
-get_last_login_time(uid_t uid, const char *logname,
- char *buf, u_int bufsize);
-
-/*
- * Records that the user has logged in. This does many things normally done
- * by login(1).
- */
-void
-record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
- const char *host, struct sockaddr *addr);
-
-/*
- * Records that the user has logged out. This does many thigs normally done
- * by login(1) or init.
- */
-void record_logout(pid_t pid, const char *ttyname);
-
-/*------------ definitions for sshconnect.c ----------*/
-
-/*
- * Opens a TCP/IP connection to the remote server on the given host. If port
- * is 0, the default port will be used. If anonymous is zero, a privileged
- * port will be allocated to make the connection. This requires super-user
- * privileges if anonymous is false. Connection_attempts specifies the
- * maximum number of tries, one per second. This returns true on success,
- * and zero on failure. If the connection is successful, this calls
- * packet_set_connection for the connection.
- */
-int
-ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
- u_short port, int connection_attempts,
- int anonymous, uid_t original_real_uid,
- const char *proxy_command);
-
-/*
- * Starts a dialog with the server, and authenticates the current user on the
- * server. This does not need any extra privileges. The basic connection to
- * the server must already have been established before this is called. If
- * login fails, this function prints an error and never returns. This
- * initializes the random state, and leaves it initialized (it will also have
- * references from the packet module).
- */
-
-void
-ssh_login(int host_key_valid, RSA * host_key, const char *host,
- struct sockaddr * hostaddr, uid_t original_real_uid);
-
-/*------------ Definitions for various authentication methods. -------*/
-
-/*
- * Tries to authenticate the user using the .rhosts file. Returns true if
- * authentication succeeds. If ignore_rhosts is non-zero, this will not
- * consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
- */
-int auth_rhosts(struct passwd * pw, const char *client_user);
-
-/*
- * Tries to authenticate the user using the .rhosts file and the host using
- * its host key. Returns true if authentication succeeds.
- */
-int
-auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
-
-/*
- * Tries to authenticate the user using password. Returns true if
- * authentication succeeds.
- */
-int auth_password(struct passwd * pw, const char *password);
-
-/*
- * Performs the RSA authentication dialog with the client. This returns 0 if
- * the client could not be authenticated, and 1 if authentication was
- * successful. This may exit if there is a serious protocol violation.
- */
-int auth_rsa(struct passwd * pw, BIGNUM * client_n);
-
-/*
- * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
- * over the key. Skips any whitespace at the beginning and at end.
- */
-int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
-
-/*
- * Returns the name of the machine at the other end of the socket. The
- * returned string should be freed by the caller.
- */
-char *get_remote_hostname(int socket);
-
-/*
- * Return the canonical name of the host in the other side of the current
- * connection (as returned by packet_get_connection). The host name is
- * cached, so it is efficient to call this several times.
- */
-const char *get_canonical_hostname(void);
-
-/*
- * Returns the remote IP address as an ascii string. The value need not be
- * freed by the caller.
- */
-const char *get_remote_ipaddr(void);
-
-/* Returns the port number of the peer of the socket. */
-int get_peer_port(int sock);
-
-/* Returns the port number of the remote/local host. */
-int get_remote_port(void);
-int get_local_port(void);
-
-
-/*
- * Performs the RSA authentication challenge-response dialog with the client,
- * and returns true (non-zero) if the client gave the correct answer to our
- * challenge; returns zero if the client gives a wrong answer.
- */
-int auth_rsa_challenge_dialog(RSA *pk);
-
-/*
- * Reads a passphrase from /dev/tty with echo turned off. Returns the
- * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
- * from_stdin is true, the passphrase will be read from stdin instead.
- */
-char *read_passphrase(const char *prompt, int from_stdin);
-
-
-/*------------ Definitions for logging. -----------------------*/
-
-/* Supported syslog facilities and levels. */
-typedef enum {
- SYSLOG_FACILITY_DAEMON,
- SYSLOG_FACILITY_USER,
- SYSLOG_FACILITY_AUTH,
-#ifdef LOG_AUTHPRIV
- SYSLOG_FACILITY_AUTHPRIV,
-#endif
- SYSLOG_FACILITY_LOCAL0,
- SYSLOG_FACILITY_LOCAL1,
- SYSLOG_FACILITY_LOCAL2,
- SYSLOG_FACILITY_LOCAL3,
- SYSLOG_FACILITY_LOCAL4,
- SYSLOG_FACILITY_LOCAL5,
- SYSLOG_FACILITY_LOCAL6,
- SYSLOG_FACILITY_LOCAL7
-} SyslogFacility;
-
-typedef enum {
- SYSLOG_LEVEL_QUIET,
- SYSLOG_LEVEL_FATAL,
- SYSLOG_LEVEL_ERROR,
- SYSLOG_LEVEL_INFO,
- SYSLOG_LEVEL_VERBOSE,
- SYSLOG_LEVEL_DEBUG1,
- SYSLOG_LEVEL_DEBUG2,
- SYSLOG_LEVEL_DEBUG3
-} LogLevel;
-/* Initializes logging. */
-void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
-
-/* Logging implementation, depending on server or client */
-void do_log(LogLevel level, const char *fmt, va_list args);
-
-/* name to facility/level */
-SyslogFacility log_facility_number(char *name);
-LogLevel log_level_number(char *name);
-
-/* Output a message to syslog or stderr */
-void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-
-/* same as fatal() but w/o logging */
-void fatal_cleanup(void);
-
-/*
- * Registers a cleanup function to be called by fatal()/fatal_cleanup()
- * before exiting. It is permissible to call fatal_remove_cleanup for the
- * function itself from the function.
- */
-void fatal_add_cleanup(void (*proc) (void *context), void *context);
-
-/* Removes a cleanup function to be called at fatal(). */
-void fatal_remove_cleanup(void (*proc) (void *context), void *context);
-
-/* ---- misc */
-
-/*
- * Expands tildes in the file name. Returns data allocated by xmalloc.
- * Warning: this calls getpw*.
- */
-char *tilde_expand_filename(const char *filename, uid_t my_uid);
-
-/* remove newline at end of string */
-char *chop(char *s);
-
-/* return next token in configuration line */
-char *strdelim(char **s);
-
-/* set filedescriptor to non-blocking */
-void set_nonblock(int fd);
-
-/*
- * Performs the interactive session. This handles data transmission between
- * the client and the program. Note that the notion of stdin, stdout, and
- * stderr in this function is sort of reversed: this function writes to stdin
- * (of the child program), and reads from stdout and stderr (of the child
- * program).
- */
-void server_loop(pid_t pid, int fdin, int fdout, int fderr);
-void server_loop2(void);
-
-/* Client side main loop for the interactive session. */
-int client_loop(int have_pty, int escape_char, int id);
-
-/* Linked list of custom environment strings (see auth-rsa.c). */
-struct envstring {
- struct envstring *next;
- char *s;
-};
-
-/*
- * Ensure all of data on socket comes through. f==read || f==write
- */
-ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
-
-#ifdef KRB4
-#include <krb.h>
-/*
- * Performs Kerberos v4 mutual authentication with the client. This returns 0
- * if the client could not be authenticated, and 1 if authentication was
- * successful. This may exit if there is a serious protocol violation.
- */
-int auth_krb4(const char *server_user, KTEXT auth, char **client);
-int krb4_init(uid_t uid);
-void krb4_cleanup_proc(void *ignore);
-int auth_krb4_password(struct passwd * pw, const char *password);
-
-#ifdef AFS
-#include <kafs.h>
-
-/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
-int auth_kerberos_tgt(struct passwd * pw, const char *string);
-int auth_afs_token(struct passwd * pw, const char *token_string);
-
-int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
-int radix_to_creds(const char *buf, CREDENTIALS * creds);
-#endif /* AFS */
-
-#endif /* KRB4 */
-
-/* AF_UNSPEC or AF_INET or AF_INET6 */
-extern int IPv4or6;
-
#endif /* SSH_H */
diff --git a/ssh1.h b/ssh1.h
new file mode 100644
index 000000000..a7782cebb
--- /dev/null
+++ b/ssh1.h
@@ -0,0 +1,84 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+/*
+ * Definition of message types. New values can be added, but old values
+ * should not be removed or without careful consideration of the consequences
+ * for compatibility. The maximum value is 254; value 255 is reserved for
+ * future extension.
+ */
+/* Message name */ /* msg code */ /* arguments */
+#define SSH_MSG_NONE 0 /* no message */
+#define SSH_MSG_DISCONNECT 1 /* cause (string) */
+#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
+#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
+#define SSH_CMSG_USER 4 /* user (string) */
+#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
+#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
+#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
+#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
+#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
+#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
+#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
+#define SSH_CMSG_EXEC_SHELL 12 /* */
+#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
+#define SSH_SMSG_SUCCESS 14 /* */
+#define SSH_SMSG_FAILURE 15 /* */
+#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
+#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
+#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
+#define SSH_CMSG_EOF 19 /* */
+#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
+#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
+#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
+#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
+#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
+#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
+/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
+#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
+#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
+#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
+#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
+#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
+#define SSH_MSG_IGNORE 32 /* string */
+#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
+#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
+#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
+#define SSH_MSG_DEBUG 36 /* string */
+#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
+#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
+#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
+#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
+#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
+#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
+#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
+#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
+#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
+
+/*
+ * Authentication methods. New types can be added, but old types should not
+ * be removed for compatibility. The maximum allowed value is 31.
+ */
+#define SSH_AUTH_RHOSTS 1
+#define SSH_AUTH_RSA 2
+#define SSH_AUTH_PASSWORD 3
+#define SSH_AUTH_RHOSTS_RSA 4
+#define SSH_AUTH_TIS 5
+#define SSH_AUTH_KERBEROS 6
+#define SSH_PASS_KERBEROS_TGT 7
+ /* 8 to 15 are reserved */
+#define SSH_PASS_AFS_TOKEN 21
+
+/* Protocol flags. These are bit masks. */
+#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
+#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
+
diff --git a/sshconnect.c b/sshconnect.c
index e40ba984c..0994126c0 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,23 +13,24 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.91 2001/01/21 19:05:59 markus Exp $");
#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
+#include "ssh.h"
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
#include "buffer.h"
#include "packet.h"
#include "uidswap.h"
#include "compat.h"
-#include "readconf.h"
#include "key.h"
#include "sshconnect.h"
#include "hostfile.h"
+#include "log.h"
+#include "readconf.h"
+#include "atomicio.h"
+#include "misc.h"
char *client_version_string = NULL;
char *server_version_string = NULL;
@@ -37,6 +38,9 @@ char *server_version_string = NULL;
extern Options options;
extern char *__progname;
+/* AF_UNSPEC or AF_INET or AF_INET6 */
+extern int IPv4or6;
+
/*
* Connect to the given ssh server using a proxy command.
*/
diff --git a/sshconnect.h b/sshconnect.h
index 720004675..4e16f2d85 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -23,6 +23,34 @@
*/
#ifndef SSHCONNECT_H
#define SSHCONNECT_H
+/*
+ * Opens a TCP/IP connection to the remote server on the given host. If port
+ * is 0, the default port will be used. If anonymous is zero, a privileged
+ * port will be allocated to make the connection. This requires super-user
+ * privileges if anonymous is false. Connection_attempts specifies the
+ * maximum number of tries, one per second. This returns true on success,
+ * and zero on failure. If the connection is successful, this calls
+ * packet_set_connection for the connection.
+ */
+int
+ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
+ u_short port, int connection_attempts,
+ int anonymous, uid_t original_real_uid,
+ const char *proxy_command);
+
+/*
+ * Starts a dialog with the server, and authenticates the current user on the
+ * server. This does not need any extra privileges. The basic connection to
+ * the server must already have been established before this is called. If
+ * login fails, this function prints an error and never returns. This
+ * initializes the random state, and leaves it initialized (it will also have
+ * references from the packet module).
+ */
+
+void
+ssh_login(int host_key_valid, RSA * host_key, const char *host,
+ struct sockaddr * hostaddr, uid_t original_real_uid);
+
void
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
diff --git a/sshconnect1.c b/sshconnect1.c
index b2d4e57bf..d0c0215ca 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,25 +13,36 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.16 2001/01/18 17:00:00 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.18 2001/01/21 19:06:00 markus Exp $");
#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/evp.h>
+#ifdef KRB4
+#include <krb.h>
+#include "radix.h"
+#endif
+#ifdef AFS
+#include <kafs.h>
+#endif
+
+#include "ssh.h"
+#include "ssh1.h"
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
#include "buffer.h"
#include "packet.h"
#include "mpaux.h"
#include "uidswap.h"
+#include "log.h"
#include "readconf.h"
#include "key.h"
#include "authfd.h"
#include "sshconnect.h"
#include "authfile.h"
+#include "readpass.h"
+#include "cipher.h"
+#include "canohost.h"
/* Session id for the current session. */
u_char session_id[16];
diff --git a/sshconnect2.c b/sshconnect2.c
index 8321c9eb7..6f41b987a 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,25 +23,23 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $");
#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include <openssl/md5.h>
#include <openssl/dh.h>
#include <openssl/hmac.h>
#include "ssh.h"
+#include "ssh2.h"
#include "xmalloc.h"
#include "rsa.h"
#include "buffer.h"
#include "packet.h"
#include "uidswap.h"
#include "compat.h"
-#include "readconf.h"
#include "bufaux.h"
-#include "ssh2.h"
+#include "cipher.h"
#include "kex.h"
#include "myproposal.h"
#include "key.h"
@@ -50,6 +48,9 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
#include "cli.h"
#include "dispatch.h"
#include "authfd.h"
+#include "log.h"
+#include "readconf.h"
+#include "readpass.h"
void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
@@ -332,8 +333,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
if ((g = BN_new()) == NULL)
fatal("BN_new");
packet_get_bignum2(g, &dlen);
- if ((dh = dh_new_group(g, p)) == NULL)
- fatal("dh_new_group");
+ dh = dh_new_group(g, p);
dh_gen_key(dh);
diff --git a/sshd.8 b/sshd.8
index 415d960a1..9734c397e 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.82 2001/01/18 16:20:22 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.83 2001/01/19 16:48:14 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -394,7 +394,7 @@ Specifies the file containing the private host keys (default
used by SSH protocol versions 1 and 2.
Note that
.Nm
-if this file is group/world-accessible.
+will refuse to use a file if it is group/world-accessible.
It is possible to have multiple host key files.
.Dq rsa1
keys are used for version 1 and
diff --git a/sshd.c b/sshd.c
index 9eaf312dc..77a17e14a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,32 +40,36 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.153 2001/01/19 12:45:27 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $");
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/hmac.h>
+
+#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
#include "pty.h"
#include "packet.h"
#include "mpaux.h"
+#include "log.h"
#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
#include "buffer.h"
-
-#include "ssh2.h"
-#include <openssl/dh.h>
-#include <openssl/bn.h>
-#include <openssl/hmac.h>
+#include "cipher.h"
#include "kex.h"
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include "key.h"
#include "dh.h"
-
-#include "auth.h"
#include "myproposal.h"
#include "authfile.h"
+#include "pathnames.h"
+#include "atomicio.h"
+#include "canohost.h"
+#include "auth.h"
+#include "misc.h"
#ifdef LIBWRAP
#include <tcpd.h>
@@ -88,7 +92,7 @@ char *__progname;
ServerOptions options;
/* Name of the server configuration file. */
-char *config_file_name = SERVER_CONFIG_FILE;
+char *config_file_name = _PATH_SERVER_CONFIG_FILE;
/*
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
@@ -643,7 +647,7 @@ main(int ac, char **av)
fprintf(stderr, "sshd version %s\n", SSH_VERSION);
fprintf(stderr, "Usage: %s [options]\n", __progname);
fprintf(stderr, "Options:\n");
- fprintf(stderr, " -f file Configuration file (default %s)\n", SERVER_CONFIG_FILE);
+ fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE);
fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n");
fprintf(stderr, " -i Started from inetd\n");
fprintf(stderr, " -D Do not fork into daemon mode\n");
@@ -653,7 +657,7 @@ main(int ac, char **av)
fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n");
fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
- HOST_KEY_FILE);
+ _PATH_HOST_KEY_FILE);
fprintf(stderr, " -u len Maximum hostname length for utmp recording\n");
fprintf(stderr, " -4 Use IPv4 only\n");
fprintf(stderr, " -6 Use IPv6 only\n");
diff --git a/tildexpand.c b/tildexpand.c
index b091d51ec..b72744683 100644
--- a/tildexpand.c
+++ b/tildexpand.c
@@ -11,10 +11,10 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: tildexpand.c,v 1.9 2000/12/19 23:17:59 markus Exp $");
+RCSID("$OpenBSD: tildexpand.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
/*
* Expands tildes in the file name. Returns data allocated by xmalloc.
diff --git a/tildexpand.h b/tildexpand.h
new file mode 100644
index 000000000..fc9997736
--- /dev/null
+++ b/tildexpand.h
@@ -0,0 +1,17 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+/*
+ * Expands tildes in the file name. Returns data allocated by xmalloc.
+ * Warning: this calls getpw*.
+ */
+char *tilde_expand_filename(const char *filename, uid_t my_uid);
diff --git a/ttymodes.c b/ttymodes.c
index a7a3e9301..2516e9310 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -15,10 +15,11 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ttymodes.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $");
+RCSID("$OpenBSD: ttymodes.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
#include "packet.h"
-#include "ssh.h"
+#include "log.h"
+#include "ssh1.h"
#define TTY_OP_END 0
#define TTY_OP_ISPEED 192 /* int follows */
diff --git a/uidswap.c b/uidswap.c
index fb95702a9..8b7f535be 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -12,9 +12,9 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.12 2000/12/29 10:48:56 markus Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $");
-#include "ssh.h"
+#include "log.h"
#include "uidswap.h"
/*
diff --git a/xmalloc.c b/xmalloc.c
index 738c9cdc3..566bbfd20 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -13,9 +13,10 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: xmalloc.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $");
+RCSID("$OpenBSD: xmalloc.c,v 1.9 2001/01/21 19:06:02 markus Exp $");
-#include "ssh.h"
+#include "xmalloc.h"
+#include "log.h"
void *
xmalloc(size_t size)