Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ssh OpenSSH 2.9 as of 2001/6/24
details: https://anonhg.NetBSD.org/src/rev/b74cf642e90b
branches: trunk
changeset: 511642:b74cf642e90b
user: itojun <itojun%NetBSD.org@localhost>
date: Sat Jun 23 16:36:22 2001 +0000
description:
OpenSSH 2.9 as of 2001/6/24
diffstat:
crypto/dist/ssh/OVERVIEW | 6 ++
crypto/dist/ssh/auth-bsdauth.c | 117 ++++++++++++++++++++++++++++++++++++++++
crypto/dist/ssh/auth-options.c | 4 +-
crypto/dist/ssh/auth-rh-rsa.c | 39 ++-----------
crypto/dist/ssh/auth-rsa.c | 60 +++++--------------
crypto/dist/ssh/cipher.h | 7 +-
crypto/dist/ssh/dispatch.c | 8 +-
crypto/dist/ssh/kex.h | 6 +-
crypto/dist/ssh/nchan.c | 119 +++++++++++++++++++++++++++-------------
crypto/dist/ssh/nchan.ms | 1 +
crypto/dist/ssh/packet.h | 9 +--
crypto/dist/ssh/sftp-server.8 | 4 +-
crypto/dist/ssh/sshconnect.h | 8 +-
13 files changed, 248 insertions(+), 140 deletions(-)
diffs (truncated from 832 to 300 lines):
diff -r d711af508231 -r b74cf642e90b crypto/dist/ssh/OVERVIEW
--- a/crypto/dist/ssh/OVERVIEW Sat Jun 23 13:40:35 2001 +0000
+++ b/crypto/dist/ssh/OVERVIEW Sat Jun 23 16:36:22 2001 +0000
@@ -1,9 +1,15 @@
+[Note: This file has not been updated for OpenSSH versions after
+OpenSSH-1.2 and should be considered OBSOLETE. It has been left in
+the distribution because some of its information may still be useful
+to developers.]
+
This document is intended for those who wish to read the ssh source
code. This tries to give an overview of the structure of the code.
Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>
Updated 17 Nov 1995.
Updated 19 Oct 1999 for OpenSSH-1.2
+Updated 20 May 2001 note obsolete for > OpenSSH-1.2
The software consists of ssh (client), sshd (server), scp, sdist, and
the auxiliary programs ssh-keygen, ssh-agent, ssh-add, and
diff -r d711af508231 -r b74cf642e90b crypto/dist/ssh/auth-bsdauth.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/dist/ssh/auth-bsdauth.c Sat Jun 23 16:36:22 2001 +0000
@@ -0,0 +1,117 @@
+/* $NetBSD: auth-bsdauth.c,v 1.1.1.1 2001/06/23 16:36:59 itojun Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+RCSID("$OpenBSD: auth-bsdauth.c,v 1.1 2001/05/18 14:13:28 markus Exp $");
+
+#ifdef BSD_AUTH
+#include "xmalloc.h"
+#include "auth.h"
+#include "log.h"
+
+static void *
+bsdauth_init_ctx(Authctxt *authctxt)
+{
+ return authctxt;
+}
+
+static int
+bsdauth_query(void *ctx, char **name, char **infotxt,
+ u_int *numprompts, char ***prompts, u_int **echo_on)
+{
+ Authctxt *authctxt = ctx;
+ char *challenge = NULL;
+
+ if (authctxt->as != NULL) {
+ debug2("bsdauth_query: try reuse session");
+ challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
+ if (challenge == NULL) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+ }
+
+ if (challenge == NULL) {
+ debug2("bsdauth_query: new bsd auth session");
+ debug3("bsdauth_query: style %s",
+ authctxt->style ? authctxt->style : "<default>");
+ authctxt->as = auth_userchallenge(authctxt->user,
+ authctxt->style, "auth-ssh", &challenge);
+ if (authctxt->as == NULL)
+ challenge = NULL;
+ debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
+ }
+
+ if (challenge == NULL)
+ return -1;
+
+ *name = xstrdup("");
+ *infotxt = xstrdup("");
+ *numprompts = 1;
+ *prompts = xmalloc(*numprompts * sizeof(char*));
+ *echo_on = xmalloc(*numprompts * sizeof(u_int));
+ (*echo_on)[0] = 0;
+ (*prompts)[0] = xstrdup(challenge);
+
+ return 0;
+}
+
+static int
+bsdauth_respond(void *ctx, u_int numresponses, char **responses)
+{
+ Authctxt *authctxt = ctx;
+ int authok;
+
+ if (authctxt->as == 0)
+ error("bsdauth_respond: no bsd auth session");
+
+ if (numresponses != 1)
+ return -1;
+
+ authok = auth_userresponse(authctxt->as, responses[0], 0);
+ authctxt->as = NULL;
+ debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
+
+ return (authok == 0) ? -1 : 0;
+}
+
+static void
+bsdauth_free_ctx(void *ctx)
+{
+ Authctxt *authctxt = ctx;
+
+ if (authctxt && authctxt->as) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+}
+
+KbdintDevice bsdauth_device = {
+ "bsdauth",
+ bsdauth_init_ctx,
+ bsdauth_query,
+ bsdauth_respond,
+ bsdauth_free_ctx
+};
+#endif
diff -r d711af508231 -r b74cf642e90b crypto/dist/ssh/auth-options.c
--- a/crypto/dist/ssh/auth-options.c Sat Jun 23 13:40:35 2001 +0000
+++ b/crypto/dist/ssh/auth-options.c Sat Jun 23 16:36:22 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-options.c,v 1.1.1.6 2001/04/10 07:13:48 itojun Exp $ */
+/* $NetBSD: auth-options.c,v 1.1.1.7 2001/06/23 16:36:23 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.16 2001/03/18 12:07:52 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.18 2001/05/31 10:30:12 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
diff -r d711af508231 -r b74cf642e90b crypto/dist/ssh/auth-rh-rsa.c
--- a/crypto/dist/ssh/auth-rh-rsa.c Sat Jun 23 13:40:35 2001 +0000
+++ b/crypto/dist/ssh/auth-rh-rsa.c Sat Jun 23 16:36:22 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-rh-rsa.c,v 1.1.1.4 2001/04/10 07:13:48 itojun Exp $ */
+/* $NetBSD: auth-rh-rsa.c,v 1.1.1.5 2001/06/23 16:36:23 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -14,7 +14,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.23 2001/04/06 21:00:04 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.25 2001/06/23 03:04:42 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
@@ -39,7 +39,7 @@
extern ServerOptions options;
const char *canonical_hostname;
HostStatus host_status;
- Key *client_key, *found;
+ Key *client_key;
debug("Trying rhosts with RSA host authentication for client user %.100s", client_user);
@@ -59,37 +59,12 @@
client_key = key_new(KEY_RSA1);
BN_copy(client_key->rsa->e, client_host_key->e);
BN_copy(client_key->rsa->n, client_host_key->n);
- found = key_new(KEY_RSA1);
-
- /* Check if we know the host and its host key. */
- host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
- client_key, found, NULL);
- /* Check user host file unless ignored. */
- if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
- struct stat st;
- char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
- /*
- * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
- * did already check pw->pw_dir, but there is a race XXX
- */
- if (options.strict_modes &&
- (stat(user_hostfile, &st) == 0) &&
- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
- log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s",
- pw->pw_name, user_hostfile);
- } else {
- /* XXX race between stat and the following open() */
- temporarily_use_uid(pw);
- host_status = check_host_in_hostfile(user_hostfile, canonical_hostname,
- client_key, found, NULL);
- restore_uid();
- }
- xfree(user_hostfile);
- }
+ host_status = check_key_in_hostfiles(pw, client_key, canonical_hostname,
+ _PATH_SSH_SYSTEM_HOSTFILE,
+ options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
+
key_free(client_key);
- key_free(found);
if (host_status != HOST_OK) {
debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
diff -r d711af508231 -r b74cf642e90b crypto/dist/ssh/auth-rsa.c
--- a/crypto/dist/ssh/auth-rsa.c Sat Jun 23 13:40:35 2001 +0000
+++ b/crypto/dist/ssh/auth-rsa.c Sat Jun 23 16:36:22 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-rsa.c,v 1.1.1.5 2001/04/10 07:13:49 itojun Exp $ */
+/* $NetBSD: auth-rsa.c,v 1.1.1.6 2001/06/23 16:36:24 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.40 2001/04/06 21:00:07 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.42 2001/06/22 21:55:48 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/md5.h>
@@ -123,7 +123,7 @@
int
auth_rsa(struct passwd *pw, BIGNUM *client_n)
{
- char line[8192], file[MAXPATHLEN];
+ char line[8192], *file;
int authenticated;
u_int bits;
FILE *f;
@@ -139,13 +139,14 @@
temporarily_use_uid(pw);
/* The authorized keys. */
- snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
- _PATH_SSH_USER_PERMITTED_KEYS);
+ file = authorized_keys_file(pw);
+ debug("trying public RSA key file %s", file);
/* Fail quietly if file does not exist */
if (stat(file, &st) < 0) {
/* Restore the privileged uid. */
restore_uid();
+ xfree(file);
return 0;
}
/* Open the file containing the authorized keys. */
@@ -155,43 +156,17 @@
restore_uid();
packet_send_debug("Could not open %.900s for reading.", file);
packet_send_debug("If your home is on an NFS volume, it may need to be world-readable.");
+ xfree(file);
return 0;
}
- if (options.strict_modes) {
- int fail = 0;
- char buf[1024];
- /* Check open file in order to avoid open/stat races */
- if (fstat(fileno(f), &st) < 0 ||
- (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0) {
- snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: "
- "bad ownership or modes for '%s'.", pw->pw_name, file);
- fail = 1;
- } else {
- /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
- int i;
- static const char *check[] = {
- "", _PATH_SSH_USER_DIR, NULL
- };
- for (i = 0; check[i]; i++) {
- snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);
- if (stat(line, &st) < 0 ||
- (st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0) {
- snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: "
Home |
Main Index |
Thread Index |
Old Index