[src/trunk]: src/crypto/dist/ssh sync with 3.2.1 as of 5/13.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/dist/ssh sync with 3.2.1 as of 5/13.
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 10:59:54 +0000
details:   https://anonhg.NetBSD.org/src/rev/79305d2b666b
branches:  trunk
changeset: 526871:79305d2b666b
user:      itojun <itojun%NetBSD.org@localhost>
date:      Mon May 13 02:58:17 2002 +0000

description:
sync with 3.2.1 as of 5/13.
NOTE: privilege separation is turned off by default
as it seems there still are issues with setsid().

diffstat:

 crypto/dist/ssh/auth-passwd.c  |   4 +-
 crypto/dist/ssh/auth.h         |   6 +++-
 crypto/dist/ssh/auth2.c        |  46 ++++++++++++++++++++++++++++++-----------
 crypto/dist/ssh/channels.c     |   6 ++--
 crypto/dist/ssh/clientloop.c   |   9 ++++++-
 crypto/dist/ssh/clientloop.h   |   5 ++-
 crypto/dist/ssh/monitor.c      |  25 ++++++++++++++++++++--
 crypto/dist/ssh/monitor_wrap.c |  22 ++++++++++++++++++-
 crypto/dist/ssh/servconf.c     |   6 ++--
 crypto/dist/ssh/ssh.1          |   7 ++---
 crypto/dist/ssh/ssh.c          |  28 +++++++++++++++++++++++-
 crypto/dist/ssh/ssh.h          |   8 +++---
 crypto/dist/ssh/sshd.8         |  18 ++++++++--------
 crypto/dist/ssh/sshd.c         |   7 +++--
 crypto/dist/ssh/sshd_config    |   7 ++---
 crypto/dist/ssh/version.h      |   8 +++---
 16 files changed, 150 insertions(+), 62 deletions(-)

diffs (truncated from 581 to 300 lines):

diff -r 85755acd928a -r 79305d2b666b crypto/dist/ssh/auth-passwd.c
--- a/crypto/dist/ssh/auth-passwd.c     Mon May 13 02:53:07 2002 +0000
+++ b/crypto/dist/ssh/auth-passwd.c     Mon May 13 02:58:17 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth-passwd.c,v 1.5 2002/03/08 02:00:51 itojun Exp $   */
+/*     $NetBSD: auth-passwd.c,v 1.6 2002/05/13 02:58:17 itojun Exp $   */
 /*
  * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
  * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.24 2002/03/04 12:43:06 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.26 2002/05/10 02:30:12 mouring Exp $");
 
 #include "packet.h"
 #include "log.h"
diff -r 85755acd928a -r 79305d2b666b crypto/dist/ssh/auth.h
--- a/crypto/dist/ssh/auth.h    Mon May 13 02:53:07 2002 +0000
+++ b/crypto/dist/ssh/auth.h    Mon May 13 02:58:17 2002 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: auth.h,v 1.9 2002/04/22 07:59:36 itojun Exp $  */
-/*     $OpenBSD: auth.h,v 1.35 2002/03/19 10:35:39 markus Exp $        */
+/*     $NetBSD: auth.h,v 1.10 2002/05/13 02:58:17 itojun Exp $ */
+/*     $OpenBSD: auth.h,v 1.36 2002/05/12 23:53:45 djm Exp $   */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -134,6 +134,8 @@
 void   userauth_finish(Authctxt *, int, char *);
 int    auth_root_allowed(char *);
 
+char   *auth2_read_banner(void);
+
 void   privsep_challenge_enable(void);
 
 int    auth2_challenge(Authctxt *, char *);
diff -r 85755acd928a -r 79305d2b666b crypto/dist/ssh/auth2.c
--- a/crypto/dist/ssh/auth2.c   Mon May 13 02:53:07 2002 +0000
+++ b/crypto/dist/ssh/auth2.c   Mon May 13 02:58:17 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth2.c,v 1.15 2002/04/22 07:59:37 itojun Exp $        */
+/*     $NetBSD: auth2.c,v 1.16 2002/05/13 02:58:17 itojun Exp $        */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.89 2002/03/19 14:27:39 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.90 2002/05/12 23:53:45 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -52,6 +52,7 @@
 #include "canohost.h"
 #include "match.h"
 #include "monitor_wrap.h"
+#include "atomicio.h"
 
 /* import */
 extern ServerOptions options;
@@ -262,25 +263,45 @@
        }
 }
 
-static void
-userauth_banner(void)
+char *
+auth2_read_banner(void)
 {
        struct stat st;
        char *banner = NULL;
        off_t len, n;
        int fd;
 
+       if ((fd = open(options.banner, O_RDONLY)) == -1)
+               return (NULL);
+       if (fstat(fd, &st) == -1) {
+               close(fd);
+               return (NULL);
+       }
+       len = st.st_size;
+       banner = xmalloc(len + 1);
+       n = atomic_read(fd, banner, len);
+       close(fd);
+
+       if (n != len) {
+               free(banner);
+               return (NULL);
+       }
+       banner[n] = '\0';
+       
+       return (banner);
+}
+
+static void
+userauth_banner(void)
+{
+       char *banner = NULL;
+
        if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))
                return;
-       if ((fd = open(options.banner, O_RDONLY)) < 0)
-               return;
-       if (fstat(fd, &st) < 0)
+
+       if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
                goto done;
-       len = st.st_size;
-       banner = xmalloc(len + 1);
-       if ((n = read(fd, banner, len)) < 0)
-               goto done;
-       banner[n] = '\0';
+
        packet_start(SSH2_MSG_USERAUTH_BANNER);
        packet_put_cstring(banner);
        packet_put_cstring("");         /* language, unused */
@@ -289,7 +310,6 @@
 done:
        if (banner)
                xfree(banner);
-       close(fd);
        return;
 }
 
diff -r 85755acd928a -r 79305d2b666b crypto/dist/ssh/channels.c
--- a/crypto/dist/ssh/channels.c        Mon May 13 02:53:07 2002 +0000
+++ b/crypto/dist/ssh/channels.c        Mon May 13 02:58:17 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: channels.c,v 1.20 2002/04/22 07:59:38 itojun Exp $     */
+/*     $NetBSD: channels.c,v 1.21 2002/05/13 02:58:17 itojun Exp $     */
 /*
  * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
  * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.172 2002/03/25 21:13:51 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.173 2002/04/22 21:04:52 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -2128,7 +2128,7 @@
                const char *address_to_bind = "0.0.0.0";
                packet_start(SSH2_MSG_GLOBAL_REQUEST);
                packet_put_cstring("tcpip-forward");
-               packet_put_char(0);                     /* boolean: want reply */
+               packet_put_char(1);                     /* boolean: want reply */
                packet_put_cstring(address_to_bind);
                packet_put_int(listen_port);
                packet_send();
diff -r 85755acd928a -r 79305d2b666b crypto/dist/ssh/clientloop.c
--- a/crypto/dist/ssh/clientloop.c      Mon May 13 02:53:07 2002 +0000
+++ b/crypto/dist/ssh/clientloop.c      Mon May 13 02:58:17 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: clientloop.c,v 1.17 2002/04/22 07:59:39 itojun Exp $   */
+/*     $NetBSD: clientloop.c,v 1.18 2002/05/13 02:58:18 itojun Exp $   */
 /*
  * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
  * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -60,7 +60,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.99 2002/03/21 23:07:37 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.100 2002/04/22 21:04:52 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -1315,6 +1315,7 @@
 client_init_dispatch_20(void)
 {
        dispatch_init(&dispatch_protocol_error);
+
        dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
        dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
        dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
@@ -1328,6 +1329,10 @@
 
        /* rekeying */
        dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
+
+       /* global request reply messages */
+       dispatch_set(SSH2_MSG_REQUEST_FAILURE, &client_global_request_reply);
+       dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &client_global_request_reply);
 }
 static void
 client_init_dispatch_13(void)
diff -r 85755acd928a -r 79305d2b666b crypto/dist/ssh/clientloop.h
--- a/crypto/dist/ssh/clientloop.h      Mon May 13 02:53:07 2002 +0000
+++ b/crypto/dist/ssh/clientloop.h      Mon May 13 02:58:17 2002 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: clientloop.h,v 1.3 2001/09/27 03:24:03 itojun Exp $    */
-/*     $OpenBSD: clientloop.h,v 1.6 2001/06/26 17:27:23 markus Exp $   */
+/*     $NetBSD: clientloop.h,v 1.4 2002/05/13 02:58:18 itojun Exp $    */
+/*     $OpenBSD: clientloop.h,v 1.7 2002/04/22 21:04:52 markus Exp $   */
 
 /*
  * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
@@ -38,3 +38,4 @@
 
 /* Client side main loop for the interactive session. */
 int     client_loop(int, int, int);
+void    client_global_request_reply(int type, u_int32_t seq, void *ctxt);
diff -r 85755acd928a -r 79305d2b666b crypto/dist/ssh/monitor.c
--- a/crypto/dist/ssh/monitor.c Mon May 13 02:53:07 2002 +0000
+++ b/crypto/dist/ssh/monitor.c Mon May 13 02:58:17 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: monitor.c,v 1.2 2002/04/22 07:59:40 itojun Exp $       */
+/*     $NetBSD: monitor.c,v 1.3 2002/05/13 02:58:18 itojun Exp $       */
 /*
  * Copyright 2002 Niels Provos <provos%citi.umich.edu@localhost>
  * Copyright 2002 Markus Friedl <markus%openbsd.org@localhost>
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.9 2002/03/30 18:51:15 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.10 2002/05/12 23:53:45 djm Exp $");
 
 #include <openssl/dh.h>
 
@@ -97,6 +97,7 @@
 int mm_answer_moduli(int, Buffer *);
 int mm_answer_sign(int, Buffer *);
 int mm_answer_pwnamallow(int, Buffer *);
+int mm_answer_auth2_read_banner(int, Buffer *);
 int mm_answer_authserv(int, Buffer *);
 int mm_answer_authpassword(int, Buffer *);
 int mm_answer_bsdauthquery(int, Buffer *);
@@ -144,6 +145,7 @@
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
+    {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
@@ -506,14 +508,31 @@
        /* For SSHv1 allow authentication now */
        if (!compat20)
                monitor_permit_authentications(1);
-       else
+       else {
                /* Allow service/style information on the auth context */
                monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
+               monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
+       }
 
 
        return (0);
 }
 
+int mm_answer_auth2_read_banner(int socket, Buffer *m)
+{
+       char *banner;
+
+       buffer_clear(m);
+       banner = auth2_read_banner();
+       buffer_put_cstring(m, banner != NULL ? banner : "");
+       mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m);
+
+       if (banner != NULL)
+               free(banner);
+
+       return (0);
+}
+
 int
 mm_answer_authserv(int socket, Buffer *m)
 {
diff -r 85755acd928a -r 79305d2b666b crypto/dist/ssh/monitor_wrap.c
--- a/crypto/dist/ssh/monitor_wrap.c    Mon May 13 02:53:07 2002 +0000
+++ b/crypto/dist/ssh/monitor_wrap.c    Mon May 13 02:58:17 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: monitor_wrap.c,v 1.2 2002/04/22 07:59:41 itojun Exp $  */
+/*     $NetBSD: monitor_wrap.c,v 1.3 2002/05/13 02:58:18 itojun Exp $  */
 /*
  * Copyright 2002 Niels Provos <provos%citi.umich.edu@localhost>
  * Copyright 2002 Markus Friedl <markus%openbsd.org@localhost>
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.5 2002/03/25 20:12:10 stevesk Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.6 2002/05/12 23:53:45 djm Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -206,6 +206,24 @@
        return (pw);
 }
 
+char* mm_auth2_read_banner(void)
+{
+       Buffer m;
Prev by Date: [src/trunk]: src/sys/compat/linux/arch/i386 Remove an unreachable "return 0; ".
Next by Date: [src/trunk]: src/distrib/notes/common note ssh config file name change
Previous by Thread: [src/trunk]: src/sys/compat/linux/arch/i386 Remove an unreachable "return 0; ".
Next by Thread: [src/trunk]: src/distrib/notes/common note ssh config file name change
Indexes:
Home | Main Index | Thread Index | Old Index