Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/crypto/dist/ssh Pull up revisions 1.3-1.5 (requested by...
details: https://anonhg.NetBSD.org/src/rev/a947236abede
branches: netbsd-1-5
changeset: 490697:a947236abede
user: he <he%NetBSD.org@localhost>
date: Mon Feb 26 20:26:36 2001 +0000
description:
Pull up revisions 1.3-1.5 (requested by itojun):
Update SSH to version found on trunk as of 26 Feb 2001.
diffstat:
crypto/dist/ssh/auth-rhosts.c | 35 +--
crypto/dist/ssh/canohost.c | 284 +++++++++++++++++----------------
crypto/dist/ssh/clientloop.c | 349 ++++++++++++++++++++++++-----------------
crypto/dist/ssh/kex.c | 261 ++++++++++++++++++------------
crypto/dist/ssh/servconf.c | 193 +++++++++++++++--------
crypto/dist/ssh/servconf.h | 51 +++--
crypto/dist/ssh/ssh-keygen.c | 286 ++++++++++++++++++++++------------
7 files changed, 868 insertions(+), 591 deletions(-)
diffs (truncated from 2539 to 300 lines):
diff -r ae7d4b43f26a -r a947236abede crypto/dist/ssh/auth-rhosts.c
--- a/crypto/dist/ssh/auth-rhosts.c Mon Feb 26 20:26:32 2001 +0000
+++ b/crypto/dist/ssh/auth-rhosts.c Mon Feb 26 20:26:36 2001 +0000
@@ -1,5 +1,3 @@
-/* $NetBSD: auth-rhosts.c,v 1.1.1.1.2.2 2000/10/03 21:55:26 lukem Exp $ */
-
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -15,21 +13,17 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* from OpenBSD: auth-rhosts.c,v 1.15 2000/09/07 20:27:49 deraadt Exp */
-
-#include <sys/cdefs.h>
-#ifndef lint
-__RCSID("$NetBSD: auth-rhosts.c,v 1.1.1.1.2.2 2000/10/03 21:55:26 lukem Exp $");
-#endif
-
#include "includes.h"
+RCSID("$OpenBSD: auth-rhosts.c,v 1.21 2001/02/08 19:30:51 itojun Exp $");
#include "packet.h"
-#include "pathnames.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "pathnames.h"
+#include "log.h"
#include "servconf.h"
+#include "canohost.h"
+#include "auth.h"
/*
* This function processes an rhosts-style file (.rhosts, .shosts, or
@@ -161,8 +155,11 @@
const char *hostname, *ipaddr;
struct stat st;
static const char *rhosts_files[] = {".shosts", ".rhosts", NULL};
- unsigned int rhosts_file_index;
+ u_int rhosts_file_index;
+ /* no user given */
+ if (pw == NULL)
+ return 0;
/* Switch to the user's uid. */
temporarily_use_uid(pw->pw_uid);
/*
@@ -183,25 +180,25 @@
/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
if (!rhosts_files[rhosts_file_index] &&
- stat(_PATH_HEQUIV, &st) < 0 &&
- stat(_PATH_SSH_HEQUIV, &st) < 0)
+ stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
+ stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
return 0;
- hostname = get_canonical_hostname();
+ hostname = get_canonical_hostname(options.reverse_mapping_check);
ipaddr = get_remote_ipaddr();
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
if (pw->pw_uid != 0) {
- if (check_rhosts_file(_PATH_HEQUIV, hostname, ipaddr, client_user,
+ if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user,
pw->pw_name)) {
- packet_send_debug("Accepted for %.100s [%.100s] by " _PATH_HEQUIV ".",
+ packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
hostname, ipaddr);
return 1;
}
- if (check_rhosts_file(_PATH_SSH_HEQUIV, hostname, ipaddr, client_user,
+ if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
pw->pw_name)) {
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
- hostname, ipaddr, _PATH_SSH_HEQUIV);
+ hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
return 1;
}
}
diff -r ae7d4b43f26a -r a947236abede crypto/dist/ssh/canohost.c
--- a/crypto/dist/ssh/canohost.c Mon Feb 26 20:26:32 2001 +0000
+++ b/crypto/dist/ssh/canohost.c Mon Feb 26 20:26:36 2001 +0000
@@ -1,5 +1,3 @@
-/* $NetBSD: canohost.c,v 1.1.1.1.2.2 2000/11/09 23:56:05 tv Exp $ */
-
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -13,138 +11,138 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* from OpenBSD: canohost.c,v 1.15 2000/09/07 21:13:37 markus Exp */
-
-#include <sys/cdefs.h>
-#ifndef lint
-__RCSID("$NetBSD: canohost.c,v 1.1.1.1.2.2 2000/11/09 23:56:05 tv Exp $");
-#endif
-
#include "includes.h"
+RCSID("$OpenBSD: canohost.c,v 1.23 2001/02/10 01:33:32 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
+#include "canohost.h"
+
+void check_ip_options(int socket, char *ipaddr);
/*
* Return the canonical name of the host at the other end of the socket. The
* caller should free the returned string with xfree.
*/
-char *
-get_remote_hostname(int socket)
+static char *
+get_remote_hostname(int socket, int reverse_mapping_check)
{
struct sockaddr_storage from;
int i;
socklen_t fromlen;
struct addrinfo hints, *ai, *aitop;
- char name[MAXHOSTNAMELEN];
- char ntop[NI_MAXHOST], ntop2[NI_MAXHOST];
+ char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST];
/* Get IP address of client. */
fromlen = sizeof(from);
memset(&from, 0, sizeof(from));
- if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) {
+ if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) {
debug("getpeername failed: %.100s", strerror(errno));
fatal_cleanup();
}
+ if (from.ss_family == AF_INET)
+ check_ip_options(socket, ntop);
+
if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
NULL, 0, NI_NUMERICHOST) != 0)
fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
+ debug("Trying to reverse map address %.100s.", ntop);
/* Map the IP address to a host name. */
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
- NULL, 0, NI_NAMEREQD) == 0) {
- /* Got host name. */
- name[sizeof(name) - 1] = '\0';
- /*
- * Convert it to all lowercase (which is expected by the rest
- * of this software).
- */
- for (i = 0; name[i]; i++)
- if (isupper(name[i]))
- name[i] = tolower(name[i]);
-
- /*
- * Map it back to an IP address and check that the given
- * address actually is an address of this host. This is
- * necessary because anyone with access to a name server can
- * define arbitrary names for an IP address. Mapping from
- * name to IP address can be trusted better (but can still be
- * fooled if the intruder has access to the name server of
- * the domain).
- */
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = from.ss_family;
- hints.ai_socktype = SOCK_STREAM;
- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
- log("reverse mapping checking getaddrinfo for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name);
- strlcpy(name, ntop, sizeof name);
- goto check_ip_options;
- }
- /* Look for the address from the list of addresses. */
- for (ai = aitop; ai; ai = ai->ai_next) {
- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
- (strcmp(ntop, ntop2) == 0))
- break;
- }
- freeaddrinfo(aitop);
- /* If we reached the end of the list, the address was not there. */
- if (!ai) {
- /* Address not found for the host name. */
- log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!",
- ntop, name);
- strlcpy(name, ntop, sizeof name);
- goto check_ip_options;
- }
- /* Address was found for the host name. We accept the host name. */
- } else {
- /* Host name not found. Use ascii representation of the address. */
- strlcpy(name, ntop, sizeof name);
- log("Could not reverse map address %.100s.", name);
+ NULL, 0, NI_NAMEREQD) != 0) {
+ /* Host name not found. Use ip address. */
+ log("Could not reverse map address %.100s.", ntop);
+ return xstrdup(ntop);
}
-check_ip_options:
-
+ /* Got host name. */
+ name[sizeof(name) - 1] = '\0';
/*
- * If IP options are supported, make sure there are none (log and
- * disconnect them if any are found). Basically we are worried about
- * source routing; it can be used to pretend you are somebody
- * (ip-address) you are not. That itself may be "almost acceptable"
- * under certain circumstances, but rhosts autentication is useless
- * if source routing is accepted. Notice also that if we just dropped
- * source routing here, the other side could use IP spoofing to do
- * rest of the interaction and could still bypass security. So we
- * exit here if we detect any IP options.
+ * Convert it to all lowercase (which is expected by the rest
+ * of this software).
+ */
+ for (i = 0; name[i]; i++)
+ if (isupper(name[i]))
+ name[i] = tolower(name[i]);
+
+ if (!reverse_mapping_check)
+ return xstrdup(name);
+ /*
+ * Map it back to an IP address and check that the given
+ * address actually is an address of this host. This is
+ * necessary because anyone with access to a name server can
+ * define arbitrary names for an IP address. Mapping from
+ * name to IP address can be trusted better (but can still be
+ * fooled if the intruder has access to the name server of
+ * the domain).
*/
- /* IP options -- IPv4 only */
- if (from.ss_family == AF_INET) {
- unsigned char options[200], *ucp;
- char text[1024], *cp;
- socklen_t option_size;
- int ipproto;
- struct protoent *ip;
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = from.ss_family;
+ hints.ai_socktype = SOCK_STREAM;
+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
+ log("reverse mapping checking getaddrinfo for %.700s "
+ "failed - POSSIBLE BREAKIN ATTEMPT!", name);
+ return xstrdup(ntop);
+ }
+ /* Look for the address from the list of addresses. */
+ for (ai = aitop; ai; ai = ai->ai_next) {
+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
+ (strcmp(ntop, ntop2) == 0))
+ break;
+ }
+ freeaddrinfo(aitop);
+ /* If we reached the end of the list, the address was not there. */
+ if (!ai) {
+ /* Address not found for the host name. */
+ log("Address %.100s maps to %.600s, but this does not "
+ "map back to the address - POSSIBLE BREAKIN ATTEMPT!",
+ ntop, name);
+ return xstrdup(ntop);
+ }
+ return xstrdup(name);
+}
- if ((ip = getprotobyname("ip")) != NULL)
- ipproto = ip->p_proto;
- else
- ipproto = IPPROTO_IP;
- option_size = sizeof(options);
- if (getsockopt(socket, ipproto, IP_OPTIONS, (char *) options,
- &option_size) >= 0 && option_size != 0) {
- cp = text;
- /* Note: "text" buffer must be at least 3x as big as options. */
- for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3)
- sprintf(cp, " %2.2x", *ucp);
- log("Connection from %.100s with IP options:%.800s",
- ntop, text);
- packet_disconnect("Connection from %.100s with IP options:%.800s",
- ntop, text);
- }
+/*
+ * If IP options are supported, make sure there are none (log and
+ * disconnect them if any are found). Basically we are worried about
+ * source routing; it can be used to pretend you are somebody
+ * (ip-address) you are not. That itself may be "almost acceptable"
+ * under certain circumstances, but rhosts autentication is useless
+ * if source routing is accepted. Notice also that if we just dropped
+ * source routing here, the other side could use IP spoofing to do
+ * rest of the interaction and could still bypass security. So we
+ * exit here if we detect any IP options.
+ */
+/* IPv4 only */
+void
+check_ip_options(int socket, char *ipaddr)
Home |
Main Index |
Thread Index |
Old Index