Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ssh OpenSSH 3.3 as of June 24, 2002.
details: https://anonhg.NetBSD.org/src/rev/5b88d1ba6331
branches: trunk
changeset: 533188:5b88d1ba6331
user: itojun <itojun%NetBSD.org@localhost>
date: Mon Jun 24 05:25:39 2002 +0000
description:
OpenSSH 3.3 as of June 24, 2002.
- ssh is no longer seruid root. ssh-keyscan is added to read secret host keys.
protocol version 1 rsh-like authentication is gone.
- FallBackToRsh is deprecated.
diffstat:
crypto/dist/ssh/LICENCE | 1 +
crypto/dist/ssh/auth-options.c | 78 +--
crypto/dist/ssh/auth-rsa.c | 8 +-
crypto/dist/ssh/auth2-hostbased.c | 183 +++++++++
crypto/dist/ssh/auth2-kbdint.c | 62 +++
crypto/dist/ssh/auth2-none.c | 107 +++++
crypto/dist/ssh/auth2-passwd.c | 63 +++
crypto/dist/ssh/auth2-pubkey.c | 280 +++++++++++++
crypto/dist/ssh/authfd.h | 34 +-
crypto/dist/ssh/authfile.h | 5 +-
crypto/dist/ssh/bufaux.c | 17 +-
crypto/dist/ssh/kex.h | 6 +-
crypto/dist/ssh/monitor.h | 8 +-
crypto/dist/ssh/monitor_fdpass.c | 14 +-
crypto/dist/ssh/monitor_mm.c | 15 +-
crypto/dist/ssh/msg.c | 74 +++
crypto/dist/ssh/msg.h | 32 +
crypto/dist/ssh/nchan.c | 10 +-
crypto/dist/ssh/packet.h | 5 +-
crypto/dist/ssh/scp.1 | 11 +-
crypto/dist/ssh/ssh-keysign.8 | 68 +++
crypto/dist/ssh/ssh-keysign.c | 209 ++++++++++
crypto/dist/ssh/ssh-keysign/Makefile | 18 +
crypto/dist/ssh/ssh_config.5 | 622 ++++++++++++++++++++++++++++++
crypto/dist/ssh/sshconnect.h | 35 +-
crypto/dist/ssh/sshd_config.5 | 708 +++++++++++++++++++++++++++++++++++
crypto/dist/ssh/ttymodes.c | 6 +-
crypto/dist/ssh/uidswap.c | 22 +-
crypto/dist/ssh/xmalloc.h | 6 +-
29 files changed, 2572 insertions(+), 135 deletions(-)
diffs (truncated from 3373 to 300 lines):
diff -r 691a5043cb72 -r 5b88d1ba6331 crypto/dist/ssh/LICENCE
--- a/crypto/dist/ssh/LICENCE Mon Jun 24 01:23:11 2002 +0000
+++ b/crypto/dist/ssh/LICENCE Mon Jun 24 05:25:39 2002 +0000
@@ -191,6 +191,7 @@
Damien Miller
Kevin Steves
Daniel Kouril
+ Per Allansson
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff -r 691a5043cb72 -r 5b88d1ba6331 crypto/dist/ssh/auth-options.c
--- a/crypto/dist/ssh/auth-options.c Mon Jun 24 01:23:11 2002 +0000
+++ b/crypto/dist/ssh/auth-options.c Mon Jun 24 05:25:39 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-options.c,v 1.1.1.10 2002/04/22 07:35:43 itojun Exp $ */
+/* $NetBSD: auth-options.c,v 1.1.1.11 2002/06/24 05:25:41 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.23 2002/03/19 10:35:39 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
@@ -24,10 +24,7 @@
#include "bufaux.h"
#include "misc.h"
#include "monitor_wrap.h"
-
-/* Debugging messages */
-Buffer auth_debug;
-int auth_debug_init;
+#include "auth.h"
/* Flags set authorized_keys flags */
int no_port_forwarding_flag = 0;
@@ -43,28 +40,9 @@
extern ServerOptions options;
-static void
-auth_send_debug(Buffer *m)
-{
- char *msg;
-
- while (buffer_len(m)) {
- msg = buffer_get_string(m, NULL);
- packet_send_debug("%s", msg);
- xfree(msg);
- }
-}
-
void
auth_clear_options(void)
{
- if (auth_debug_init)
- buffer_clear(&auth_debug);
- else {
- buffer_init(&auth_debug);
- auth_debug_init = 1;
- }
-
no_agent_forwarding_flag = 0;
no_port_forwarding_flag = 0;
no_pty_flag = 0;
@@ -80,6 +58,7 @@
forced_command = NULL;
}
channel_clear_permitted_opens();
+ auth_debug_reset();
}
/*
@@ -89,7 +68,6 @@
int
auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
{
- char tmp[1024];
const char *cp;
int i;
@@ -102,32 +80,28 @@
while (*opts && *opts != ' ' && *opts != '\t') {
cp = "no-port-forwarding";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- snprintf(tmp, sizeof(tmp), "Port forwarding disabled.");
- buffer_put_cstring(&auth_debug, tmp);
+ auth_debug_add("Port forwarding disabled.");
no_port_forwarding_flag = 1;
opts += strlen(cp);
goto next_option;
}
cp = "no-agent-forwarding";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- snprintf(tmp, sizeof(tmp), "Agent forwarding disabled.");
- buffer_put_cstring(&auth_debug, tmp);
+ auth_debug_add("Agent forwarding disabled.");
no_agent_forwarding_flag = 1;
opts += strlen(cp);
goto next_option;
}
cp = "no-X11-forwarding";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- snprintf(tmp, sizeof(tmp), "X11 forwarding disabled.");
- buffer_put_cstring(&auth_debug, tmp);
+ auth_debug_add("X11 forwarding disabled.");
no_x11_forwarding_flag = 1;
opts += strlen(cp);
goto next_option;
}
cp = "no-pty";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- snprintf(tmp, sizeof(tmp), "Pty allocation disabled.");
- buffer_put_cstring(&auth_debug, tmp);
+ auth_debug_add("Pty allocation disabled.");
no_pty_flag = 1;
opts += strlen(cp);
goto next_option;
@@ -150,16 +124,14 @@
if (!*opts) {
debug("%.100s, line %lu: missing end quote",
file, linenum);
- snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",
+ auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- buffer_put_cstring(&auth_debug, tmp);
xfree(forced_command);
forced_command = NULL;
goto bad_option;
}
forced_command[i] = 0;
- snprintf(tmp, sizeof(tmp), "Forced command: %.900s", forced_command);
- buffer_put_cstring(&auth_debug, tmp);
+ auth_debug_add("Forced command: %.900s", forced_command);
opts++;
goto next_option;
}
@@ -184,15 +156,13 @@
if (!*opts) {
debug("%.100s, line %lu: missing end quote",
file, linenum);
- snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",
+ auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- buffer_put_cstring(&auth_debug, tmp);
xfree(s);
goto bad_option;
}
s[i] = 0;
- snprintf(tmp, sizeof(tmp), "Adding to environment: %.900s", s);
- buffer_put_cstring(&auth_debug, tmp);
+ auth_debug_add("Adding to environment: %.900s", s);
debug("Adding to environment: %.900s", s);
opts++;
new_envstring = xmalloc(sizeof(struct envstring));
@@ -223,9 +193,8 @@
if (!*opts) {
debug("%.100s, line %lu: missing end quote",
file, linenum);
- snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",
+ auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- buffer_put_cstring(&auth_debug, tmp);
xfree(patterns);
goto bad_option;
}
@@ -238,11 +207,9 @@
"correct key but not from a permitted "
"host (host=%.200s, ip=%.200s).",
pw->pw_name, remote_host, remote_ip);
- snprintf(tmp, sizeof(tmp),
- "Your host '%.200s' is not "
+ auth_debug_add("Your host '%.200s' is not "
"permitted to use this key for login.",
remote_host);
- buffer_put_cstring(&auth_debug, tmp);
/* deny access */
return 0;
}
@@ -271,9 +238,8 @@
if (!*opts) {
debug("%.100s, line %lu: missing end quote",
file, linenum);
- snprintf(tmp, sizeof(tmp), "%.100s, line %lu: missing end quote",
+ auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- buffer_put_cstring(&auth_debug, tmp);
xfree(patterns);
goto bad_option;
}
@@ -283,18 +249,16 @@
sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) {
debug("%.100s, line %lu: Bad permitopen specification "
"<%.100s>", file, linenum, patterns);
- snprintf(tmp, sizeof(tmp), "%.100s, line %lu: "
+ auth_debug_add("%.100s, line %lu: "
"Bad permitopen specification", file, linenum);
- buffer_put_cstring(&auth_debug, tmp);
xfree(patterns);
goto bad_option;
}
if ((port = a2port(sport)) == 0) {
debug("%.100s, line %lu: Bad permitopen port <%.100s>",
file, linenum, sport);
- snprintf(tmp, sizeof(tmp), "%.100s, line %lu: "
+ auth_debug_add("%.100s, line %lu: "
"Bad permitopen port", file, linenum);
- buffer_put_cstring(&auth_debug, tmp);
xfree(patterns);
goto bad_option;
}
@@ -319,7 +283,7 @@
}
if (!use_privsep)
- auth_send_debug(&auth_debug);
+ auth_debug_send();
/* grant access */
return 1;
@@ -327,13 +291,11 @@
bad_option:
log("Bad options in %.100s file, line %lu: %.50s",
file, linenum, opts);
- snprintf(tmp, sizeof(tmp),
- "Bad options in %.100s file, line %lu: %.50s",
+ auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
file, linenum, opts);
- buffer_put_cstring(&auth_debug, tmp);
if (!use_privsep)
- auth_send_debug(&auth_debug);
+ auth_debug_send();
/* deny access */
return 0;
diff -r 691a5043cb72 -r 5b88d1ba6331 crypto/dist/ssh/auth-rsa.c
--- a/crypto/dist/ssh/auth-rsa.c Mon Jun 24 01:23:11 2002 +0000
+++ b/crypto/dist/ssh/auth-rsa.c Mon Jun 24 05:25:39 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-rsa.c,v 1.1.1.10 2002/04/22 07:35:43 itojun Exp $ */
+/* $NetBSD: auth-rsa.c,v 1.1.1.11 2002/06/24 05:25:41 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.55 2002/03/29 19:18:33 stevesk Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.56 2002/06/10 16:53:06 stevesk Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
@@ -82,8 +82,8 @@
/* don't allow short keys */
if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
- error("auth_rsa_verify_response: n too small: %d bits",
- BN_num_bits(key->rsa->n));
+ error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits",
+ BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
return (0);
}
diff -r 691a5043cb72 -r 5b88d1ba6331 crypto/dist/ssh/auth2-hostbased.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/ssh/auth2-hostbased.c Mon Jun 24 05:25:39 2002 +0000
@@ -0,0 +1,183 @@
+/* $NetBSD: auth2-hostbased.c,v 1.1.1.1 2002/06/24 05:26:12 itojun Exp $ */
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
Home |
Main Index |
Thread Index |
Old Index