Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src crypto/dist/ssh: resolve conflicts with 2.3.0/20010105.
details: https://anonhg.NetBSD.org/src/rev/5afa2e5789bc
branches: trunk
changeset: 502232:5afa2e5789bc
user: itojun <itojun%NetBSD.org@localhost>
date: Sun Jan 14 05:22:31 2001 +0000
description:
crypto/dist/ssh: resolve conflicts with 2.3.0/20010105.
usr.bin/ssh: add ssh-keyscan and sftp-server into SUBDIR.
diffstat:
crypto/dist/ssh/auth-rhosts.c | 11 +-
crypto/dist/ssh/auth-skey.c | 6 +-
crypto/dist/ssh/auth1.c | 214 ++++-------
crypto/dist/ssh/canohost.c | 8 +-
crypto/dist/ssh/channels.c | 366 ++++++++++++++-----
crypto/dist/ssh/cipher.c | 734 +++++++++++++++++++++-----------------
crypto/dist/ssh/clientloop.c | 152 ++++++--
crypto/dist/ssh/deattack.c | 20 +-
crypto/dist/ssh/dsa.c | 313 ----------------
crypto/dist/ssh/dsa.h | 48 --
crypto/dist/ssh/kex.c | 209 +++++++---
crypto/dist/ssh/packet.c | 151 +++----
crypto/dist/ssh/scp.c | 238 +++++-------
crypto/dist/ssh/servconf.c | 86 +++-
crypto/dist/ssh/servconf.h | 27 +-
crypto/dist/ssh/sftp-server.c | 111 +++--
crypto/dist/ssh/ssh-add.c | 43 +-
crypto/dist/ssh/ssh-agent.c | 203 +++++-----
crypto/dist/ssh/ssh-keygen.c | 270 +++++++++----
crypto/dist/ssh/ssh.1 | 468 +++++++++++++++---------
crypto/dist/ssh/ssh.c | 279 +++++++-------
crypto/dist/ssh/ssh.h | 22 +-
crypto/dist/ssh/sshd.8 | 382 ++++++++++++-------
crypto/dist/ssh/version.h | 6 +-
distrib/sets/lists/base/mi | 4 +-
distrib/sets/lists/man/mi | 6 +-
usr.bin/ssh/Makefile | 5 +-
usr.bin/ssh/libssh/Makefile | 5 +-
usr.bin/ssh/scp/Makefile | 3 +-
usr.bin/ssh/sftp-server/Makefile | 15 +
usr.bin/ssh/ssh-keyscan/Makefile | 13 +
usr.bin/ssh/ssh/Makefile | 4 +-
usr.bin/ssh/sshd/Makefile | 6 +-
33 files changed, 2363 insertions(+), 2065 deletions(-)
diffs (truncated from 8235 to 300 lines):
diff -r 031e80bdd97a -r 5afa2e5789bc crypto/dist/ssh/auth-rhosts.c
--- a/crypto/dist/ssh/auth-rhosts.c Sun Jan 14 04:49:51 2001 +0000
+++ b/crypto/dist/ssh/auth-rhosts.c Sun Jan 14 05:22:31 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-rhosts.c,v 1.2 2000/10/03 09:56:38 lukem Exp $ */
+/* $NetBSD: auth-rhosts.c,v 1.3 2001/01/14 05:22:31 itojun Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
@@ -15,11 +15,11 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* from OpenBSD: auth-rhosts.c,v 1.15 2000/09/07 20:27:49 deraadt Exp */
+/* from OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp */
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: auth-rhosts.c,v 1.2 2000/10/03 09:56:38 lukem Exp $");
+__RCSID("$NetBSD: auth-rhosts.c,v 1.3 2001/01/14 05:22:31 itojun Exp $");
#endif
#include "includes.h"
@@ -161,8 +161,11 @@
const char *hostname, *ipaddr;
struct stat st;
static const char *rhosts_files[] = {".shosts", ".rhosts", NULL};
- unsigned int rhosts_file_index;
+ u_int rhosts_file_index;
+ /* no user given */
+ if (pw == NULL)
+ return 0;
/* Switch to the user's uid. */
temporarily_use_uid(pw->pw_uid);
/*
diff -r 031e80bdd97a -r 5afa2e5789bc crypto/dist/ssh/auth-skey.c
--- a/crypto/dist/ssh/auth-skey.c Sun Jan 14 04:49:51 2001 +0000
+++ b/crypto/dist/ssh/auth-skey.c Sun Jan 14 05:22:31 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-skey.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $ */
+/* $NetBSD: auth-skey.c,v 1.3 2001/01/14 05:22:31 itojun Exp $ */
/*
* Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
@@ -24,11 +24,11 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* from OpenBSD: auth-skey.c,v 1.8 2000/09/07 20:27:49 deraadt Exp */
+/* from OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp */
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: auth-skey.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $");
+__RCSID("$NetBSD: auth-skey.c,v 1.3 2001/01/14 05:22:31 itojun Exp $");
#endif
#include "includes.h"
diff -r 031e80bdd97a -r 5afa2e5789bc crypto/dist/ssh/auth1.c
--- a/crypto/dist/ssh/auth1.c Sun Jan 14 04:49:51 2001 +0000
+++ b/crypto/dist/ssh/auth1.c Sun Jan 14 05:22:31 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth1.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $ */
+/* $NetBSD: auth1.c,v 1.3 2001/01/14 05:22:31 itojun Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -11,11 +11,11 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* from OpenBSD: auth1.c,v 1.4 2000/09/07 20:27:49 deraadt Exp */
+/* from OpenBSD: auth1.c,v 1.9 2000/12/27 12:34:49 markus Exp */
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: auth1.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $");
+__RCSID("$NetBSD: auth1.c,v 1.3 2001/01/14 05:22:31 itojun Exp $");
#endif
#include "includes.h"
@@ -25,7 +25,6 @@
#include "ssh.h"
#include "packet.h"
#include "buffer.h"
-#include "cipher.h"
#include "mpaux.h"
#include "servconf.h"
#include "compat.h"
@@ -66,82 +65,25 @@
}
/*
- * The user does not exist or access is denied,
- * but fake indication that authentication is needed.
+ * read packets and try to authenticate local user 'luser'.
+ * return if authentication is successful. not that pw == NULL
+ * if the user does not exists or is not allowed to login.
+ * each auth method has to 'fake' authentication for nonexisting
+ * users.
*/
static void
-do_fake_authloop1(char *user)
+do_authloop(struct passwd * pw, char *luser)
{
+ int authenticated = 0;
int attempt = 0;
-
- /* Indicate that authentication is needed. */
- packet_start(SSH_SMSG_FAILURE);
- packet_send();
- packet_write_wait();
-
- /*
- * Keep reading packets, and always respond with a failure. This is
- * to avoid disclosing whether such a user really exists.
- */
- for (attempt = 1;; attempt++) {
- /* Read a packet. This will not return if the client disconnects. */
- int plen;
- int type = packet_read(&plen);
-#ifdef SKEY
- unsigned int dlen;
- char *password, *skeyinfo;
- password = NULL;
- /* Try to send a fake s/key challenge. */
- if (options.skey_authentication == 1 &&
- (skeyinfo = skey_fake_keyinfo(user)) != NULL) {
- if (type == SSH_CMSG_AUTH_TIS) {
- packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
- packet_put_string(skeyinfo, strlen(skeyinfo));
- packet_send();
- packet_write_wait();
- continue;
- } else if (type == SSH_CMSG_AUTH_PASSWORD &&
- options.password_authentication &&
- (password = packet_get_string(&dlen)) != NULL &&
- dlen == 5 &&
- strncasecmp(password, "s/key", 5) == 0 ) {
- packet_send_debug("%s", skeyinfo);
- }
- }
- if (password != NULL)
- xfree(password);
-#endif
- if (attempt > AUTH_FAIL_MAX)
- packet_disconnect(AUTH_FAIL_MSG, user);
-
- /*
- * Send failure. This should be indistinguishable from a
- * failed authentication.
- */
- packet_start(SSH_SMSG_FAILURE);
- packet_send();
- packet_write_wait();
- }
- /* NOTREACHED */
- abort();
-}
-
-/*
- * read packets and try to authenticate local user *pw.
- * return if authentication is successfull
- */
-static void
-do_authloop(struct passwd * pw)
-{
- int attempt = 0;
- unsigned int bits;
+ u_int bits;
RSA *client_host_key;
BIGNUM *n;
char *client_user, *password;
char user[1024];
- unsigned int dlen;
+ u_int dlen;
int plen, nlen, elen;
- unsigned int ulen;
+ u_int ulen;
int type = 0;
void (*authlog) (const char *fmt,...) = verbose;
@@ -151,7 +93,9 @@
packet_write_wait();
for (attempt = 1;; attempt++) {
- int authenticated = 0;
+ /* default to fail */
+ authenticated = 0;
+
strlcpy(user, "", sizeof user);
/* Get a packet from the client. */
@@ -162,7 +106,6 @@
#if defined(AFS) || defined(KRB5)
case SSH_CMSG_HAVE_KERBEROS_TGT:
if (!options.kerberos_tgt_passing) {
- /* packet_get_all(); */
verbose("Kerberos TGT passing disabled.");
break;
} else {
@@ -185,9 +128,8 @@
default:
ret = 0;
}
- if (ret == 0)
- verbose("Kerberos TGT REFUSED for %s",
- pw->pw_name);
+ if (ret == 0))
+ verbose("Kerberos tgt REFUSED for %.100s", luser);
xfree(tgt);
}
continue;
@@ -195,7 +137,6 @@
#if defined(AFS)
case SSH_CMSG_HAVE_AFS_TOKEN:
if (!options.afs_token_passing || !k_hasafs()) {
- /* packet_get_all(); */
verbose("AFS token passing disabled.");
break;
} else {
@@ -203,14 +144,14 @@
char *token_string = packet_get_string(&dlen);
packet_integrity_check(plen, 4 + dlen, type);
if (!auth_afs_token(pw, token_string))
- verbose("AFS token REFUSED for %s", pw->pw_name);
+ verbose("AFS token REFUSED for %.100s", luser);
xfree(token_string);
}
continue;
#endif /* AFS */
#if defined(KRB4) || defined(KRB5)
case SSH_CMSG_AUTH_KERBEROS:
- if (options.kerberos_authentication == 0) {
+ if (!options.kerberos_authentication) {
/* packet_get_all(); */
verbose("Kerberos authentication disabled.");
break;
@@ -220,20 +161,19 @@
/* Try Kerberos v4 authentication. */
KTEXT_ST auth;
char *tkt_user = NULL;
- char *kdata = packet_get_string((unsigned int *) &auth.length);
+ char *kdata = packet_get_string((u_int *) &auth.length);
packet_integrity_check(plen, 4 + auth.length, type);
if (auth.length < MAX_KTXT_LEN)
memcpy(auth.dat, kdata, auth.length);
xfree(kdata);
- authenticated = auth_krb4(pw->pw_name, &auth,
- &tkt_user);
-
- if (authenticated) {
- snprintf(user, sizeof user,
- " tktuser %s", tkt_user);
- xfree(tkt_user);
+ if (pw != NULL) {
+ authenticated = auth_krb4(pw->pw_name, &auth, &tkt_user);
+ if (authenticated) {
+ snprintf(user, sizeof user, " tktuser %s", tkt_user);
+ xfree(tkt_user);
+ }
}
}
#endif
@@ -260,8 +200,7 @@
client_user = packet_get_string(&ulen);
packet_integrity_check(plen, 4 + ulen, type);
- /* Try to authenticate using /etc/hosts.equiv and
- .rhosts. */
+ /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
authenticated = auth_rhosts(pw, client_user);
snprintf(user, sizeof user, " ruser %s", client_user);
@@ -293,14 +232,11 @@
packet_get_bignum(client_host_key->n, &nlen);
if (bits != BN_num_bits(client_host_key->n))
- log("Warning: keysize mismatch for client_host_key: "
- "actual %d, announced %d",
- BN_num_bits(client_host_key->n), bits);
- packet_integrity_check(plen,
- (4 + ulen) + 4 + elen + nlen, type);
+ verbose("Warning: keysize mismatch for client_host_key: "
+ "actual %d, announced %d", BN_num_bits(client_host_key->n), bits);
+ packet_integrity_check(plen, (4 + ulen) + 4 + elen + nlen, type);
- authenticated = auth_rhosts_rsa(pw, client_user,
- client_host_key);
+ authenticated = auth_rhosts_rsa(pw, client_user, client_host_key);
RSA_free(client_host_key);
snprintf(user, sizeof user, " ruser %s", client_user);
@@ -344,18 +280,18 @@
case SSH_CMSG_AUTH_TIS:
debug("rcvd SSH_CMSG_AUTH_TIS");
if (options.skey_authentication == 1) {
Home |
Main Index |
Thread Index |
Old Index