Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src sync crypto/dist/ssh with re-importorted tree. try to minim...
details: https://anonhg.NetBSD.org/src/rev/d92ab7856c4d
branches: trunk
changeset: 503513:d92ab7856c4d
user: itojun <itojun%NetBSD.org@localhost>
date: Wed Feb 07 17:05:31 2001 +0000
description:
sync crypto/dist/ssh with re-importorted tree. try to minimize diffs
with openssh tree to ease future upgrade. re-do local changes, including:
- prototype pedants
- IgnoreRootRhosts
- login.conf user validation
some of the local changes that weren't used are omitted for now. we may
need to revisit those afterwards.
it adds "sftp".
diffstat:
crypto/dist/ssh/atomicio.c | 34 ++-
crypto/dist/ssh/atomicio.h | 6 +-
crypto/dist/ssh/auth-chall.c | 2 +-
crypto/dist/ssh/auth-rhosts.c | 30 +-
crypto/dist/ssh/auth-skey.c | 214 ------------------
crypto/dist/ssh/auth.c | 95 +++++++-
crypto/dist/ssh/auth1.c | 243 +++++++-------------
crypto/dist/ssh/auth2-skey.c | 104 --------
crypto/dist/ssh/authfd.c | 10 +-
crypto/dist/ssh/authfile.c | 13 +-
crypto/dist/ssh/canohost.c | 283 ++++++++++++-----------
crypto/dist/ssh/channels.c | 166 +++++++------
crypto/dist/ssh/cipher.c | 21 +-
crypto/dist/ssh/cli.c | 13 +-
crypto/dist/ssh/client.h | 39 ---
crypto/dist/ssh/clientloop.c | 202 +++++++---------
crypto/dist/ssh/compress.c | 1 +
crypto/dist/ssh/deattack.c | 12 +-
crypto/dist/ssh/dh.c | 2 +-
crypto/dist/ssh/hmac.c | 2 +
crypto/dist/ssh/hostfile.c | 4 +-
crypto/dist/ssh/hostfile.h | 3 +
crypto/dist/ssh/includes.h | 5 +-
crypto/dist/ssh/kex.c | 51 +--
crypto/dist/ssh/key.c | 8 +-
crypto/dist/ssh/log-server.c | 51 +--
crypto/dist/ssh/mpaux.c | 2 +
crypto/dist/ssh/openssh2netbsd | 44 +++
crypto/dist/ssh/packet.c | 51 +--
crypto/dist/ssh/pathnames.h | 7 +-
crypto/dist/ssh/pty.c | 6 +-
crypto/dist/ssh/random.c | 18 +-
crypto/dist/ssh/random.h | 40 +++
crypto/dist/ssh/readconf.c | 77 ++----
crypto/dist/ssh/readpass.c | 1 +
crypto/dist/ssh/scp.c | 42 +--
crypto/dist/ssh/servconf.c | 79 +++--
crypto/dist/ssh/servconf.h | 13 +-
crypto/dist/ssh/serverloop.c | 54 ++--
crypto/dist/ssh/session.c | 39 +-
crypto/dist/ssh/sftp-client.c | 22 +-
crypto/dist/ssh/sftp-int.c | 18 +-
crypto/dist/ssh/sftp-server.c | 462 +++++++++++++++-----------------------
crypto/dist/ssh/sftp.c | 6 +-
crypto/dist/ssh/ssh-add.1 | 3 +-
crypto/dist/ssh/ssh-add.c | 29 +-
crypto/dist/ssh/ssh-agent.1 | 3 +-
crypto/dist/ssh/ssh-agent.c | 156 +++++++-----
crypto/dist/ssh/ssh-dss.c | 1 +
crypto/dist/ssh/ssh-keygen.1 | 7 +-
crypto/dist/ssh/ssh-keygen.c | 27 +-
crypto/dist/ssh/ssh-keyscan.1 | 2 +-
crypto/dist/ssh/ssh-keyscan.c | 24 +-
crypto/dist/ssh/ssh-rsa.c | 1 +
crypto/dist/ssh/ssh.1 | 115 ++++-----
crypto/dist/ssh/ssh.c | 141 +++++++----
crypto/dist/ssh/ssh.conf | 34 --
crypto/dist/ssh/ssh.h | 377 +-------------------------------
crypto/dist/ssh/ssh_config | 1 +
crypto/dist/ssh/sshconnect.c | 16 +-
crypto/dist/ssh/sshconnect1.c | 22 +-
crypto/dist/ssh/sshconnect2.c | 16 +-
crypto/dist/ssh/sshd.8 | 96 ++++---
crypto/dist/ssh/sshd.c | 230 +++++++++---------
crypto/dist/ssh/sshd.conf | 60 -----
crypto/dist/ssh/sshd_config | 2 +
crypto/dist/ssh/tildexpand.c | 1 +
crypto/dist/ssh/util.c | 102 --------
crypto/dist/ssh/uuencode.c | 1 +
crypto/dist/ssh/version.h | 6 +-
distrib/sets/lists/base/mi | 3 +-
distrib/sets/lists/man/mi | 4 +-
usr.bin/ssh/Makefile | 10 +-
usr.bin/ssh/Makefile.inc | 4 +-
usr.bin/ssh/libssh/Makefile | 7 +-
usr.bin/ssh/sftp-server/Makefile | 4 +-
usr.bin/ssh/sftp/Makefile | 19 +
usr.bin/ssh/ssh/Makefile | 10 +-
usr.bin/ssh/sshd/Makefile | 28 +-
79 files changed, 1629 insertions(+), 2528 deletions(-)
diffs (truncated from 8629 to 300 lines):
diff -r b15384341438 -r d92ab7856c4d crypto/dist/ssh/atomicio.c
--- a/crypto/dist/ssh/atomicio.c Wed Feb 07 17:01:02 2001 +0000
+++ b/crypto/dist/ssh/atomicio.c Wed Feb 07 17:05:31 2001 +0000
@@ -29,21 +29,14 @@
#include "xmalloc.h"
#include "atomicio.h"
-/*
- * ensure all of data on socket comes through. f==read || f==write
- */
ssize_t
-atomicio(f, fd, _s, n)
- ssize_t (*f) ();
- int fd;
- void *_s;
- size_t n;
+atomic_read(int fd, void *v, size_t n)
{
- char *s = _s;
+ char *s = v;
ssize_t res, pos = 0;
while (n > pos) {
- res = (f) (fd, s + pos, n - pos);
+ res = read(fd, s + pos, n - pos);
switch (res) {
case -1:
if (errno == EINTR || errno == EAGAIN)
@@ -56,3 +49,24 @@
}
return (pos);
}
+
+ssize_t
+atomic_write(int fd, const void *v, size_t n)
+{
+ const char *s = v;
+ ssize_t res, pos = 0;
+
+ while (n > pos) {
+ res = write(fd, s + pos, n - pos);
+ switch (res) {
+ case -1:
+ if (errno == EINTR || errno == EAGAIN)
+ continue;
+ case 0:
+ return (res);
+ default:
+ pos += res;
+ }
+ }
+ return (pos);
+}
diff -r b15384341438 -r d92ab7856c4d crypto/dist/ssh/atomicio.h
--- a/crypto/dist/ssh/atomicio.h Wed Feb 07 17:01:02 2001 +0000
+++ b/crypto/dist/ssh/atomicio.h Wed Feb 07 17:05:31 2001 +0000
@@ -26,6 +26,8 @@
*/
/*
- * Ensure all of data on socket comes through. f==read || f==write
+ * `Atomic' read and write operations, to ensure that all the
+ * data makes it through a socket (handles signals, etc.).
*/
-ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
+ssize_t atomic_read(int, void *, size_t);
+ssize_t atomic_write(int, const void *, size_t);
diff -r b15384341438 -r d92ab7856c4d crypto/dist/ssh/auth-chall.c
--- a/crypto/dist/ssh/auth-chall.c Wed Feb 07 17:01:02 2001 +0000
+++ b/crypto/dist/ssh/auth-chall.c Wed Feb 07 17:05:31 2001 +0000
@@ -35,7 +35,7 @@
{
static char challenge[1024];
struct skey skey;
- if (skeychallenge(&skey, authctxt->user, challenge) == -1)
+ if (skeychallenge(&skey, authctxt->user, challenge, sizeof(challenge)) == -1)
return NULL;
strlcat(challenge, "\nS/Key Password: ", sizeof challenge);
return challenge;
diff -r b15384341438 -r d92ab7856c4d crypto/dist/ssh/auth-rhosts.c
--- a/crypto/dist/ssh/auth-rhosts.c Wed Feb 07 17:01:02 2001 +0000
+++ b/crypto/dist/ssh/auth-rhosts.c Wed Feb 07 17:05:31 2001 +0000
@@ -1,5 +1,3 @@
-/* $NetBSD: auth-rhosts.c,v 1.3 2001/01/14 05:22:31 itojun Exp $ */
-
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -15,21 +13,17 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/* from OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp */
-
-#include <sys/cdefs.h>
-#ifndef lint
-__RCSID("$NetBSD: auth-rhosts.c,v 1.3 2001/01/14 05:22:31 itojun Exp $");
-#endif
-
#include "includes.h"
+RCSID("$OpenBSD: auth-rhosts.c,v 1.20 2001/02/03 10:08:36 markus Exp $");
#include "packet.h"
-#include "pathnames.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "pathnames.h"
+#include "log.h"
#include "servconf.h"
+#include "canohost.h"
+#include "auth.h"
/*
* This function processes an rhosts-style file (.rhosts, .shosts, or
@@ -186,25 +180,25 @@
/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
if (!rhosts_files[rhosts_file_index] &&
- stat(_PATH_HEQUIV, &st) < 0 &&
- stat(_PATH_SSH_HEQUIV, &st) < 0)
+ stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
+ stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
return 0;
- hostname = get_canonical_hostname();
+ hostname = get_canonical_hostname(options.reverse_mapping_check);
ipaddr = get_remote_ipaddr();
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
if (pw->pw_uid != 0) {
- if (check_rhosts_file(_PATH_HEQUIV, hostname, ipaddr, client_user,
+ if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user,
pw->pw_name)) {
- packet_send_debug("Accepted for %.100s [%.100s] by " _PATH_HEQUIV ".",
+ packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
hostname, ipaddr);
return 1;
}
- if (check_rhosts_file(_PATH_SSH_HEQUIV, hostname, ipaddr, client_user,
+ if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
pw->pw_name)) {
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
- hostname, ipaddr, _PATH_SSH_HEQUIV);
+ hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
return 1;
}
}
diff -r b15384341438 -r d92ab7856c4d crypto/dist/ssh/auth-skey.c
--- a/crypto/dist/ssh/auth-skey.c Wed Feb 07 17:01:02 2001 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,214 +0,0 @@
-/* $NetBSD: auth-skey.c,v 1.3 2001/01/14 05:22:31 itojun Exp $ */
-
-/*
- * Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* from OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp */
-
-#include <sys/cdefs.h>
-#ifndef lint
-__RCSID("$NetBSD: auth-skey.c,v 1.3 2001/01/14 05:22:31 itojun Exp $");
-#endif
-
-#include "includes.h"
-
-#include "ssh.h"
-#include "packet.h"
-#include <sha1.h>
-
-/*
- * try skey authentication,
- * return 1 on success, 0 on failure, -1 if skey is not available
- */
-
-int
-auth_skey_password(struct passwd * pw, const char *password)
-{
-
- if (strncasecmp(password, "s/key", 5) == 0) {
- const char *skeyinfo = skey_keyinfo(pw->pw_name);
- if (skeyinfo == NULL) {
- debug("generating fake skeyinfo for %.100s.",
- pw->pw_name);
- skeyinfo = skey_fake_keyinfo(pw->pw_name);
- }
- if (skeyinfo != NULL)
- packet_send_debug("%s", skeyinfo);
- /* Try again. */
- return 0;
- } else if (skey_haskey(pw->pw_name) == 0 &&
- skey_passcheck(pw->pw_name, (char *) password) != -1) {
- /* Authentication succeeded. */
- return 1;
- }
- /* Fall back to ordinary passwd authentication. */
- return -1;
-}
-
-/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
-
-#define ROUND(x) (((x)[0] << 24) + (((x)[1]) << 16) + (((x)[2]) << 8) + \
- ((x)[3]))
-
-/*
- * hash_collapse()
- */
-static u_int32_t
-hash_collapse(u_char *s)
-{
- int len, target;
- u_int32_t i;
-
- if ((strlen(s) % sizeof(u_int32_t)) == 0)
- target = strlen(s); /* Multiple of 4 */
- else
- target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
-
- for (i = 0, len = 0; len < target; len += 4)
- i ^= ROUND(s + len);
-
- return i;
-}
-
-char *
-skey_fake_keyinfo(const char *username)
-{
- int i;
- u_int ptr;
- u_char hseed[SKEY_MAX_SEED_LEN], flg = 1, *up;
- char pbuf[SKEY_MAX_PW_LEN+1];
- static char skeyprompt[SKEY_MAX_CHALLENGE+1];
- char *secret = NULL;
- size_t secretlen = 0;
- SHA1_CTX ctx;
- const char *u;
- char *p;
-
- /*
- * Base first 4 chars of seed on hostname.
- * Add some filler for short hostnames if necessary.
- */
- if (gethostname(pbuf, sizeof(pbuf)) == -1)
- *(p = pbuf) = '.';
- else
- for (p = pbuf; *p && isalnum(*p); p++)
- if (isalpha(*p) && isupper(*p))
- *p = tolower(*p);
- if (*p && pbuf - p < 4)
- (void)strncpy(p, "asjd", 4 - (pbuf - p));
- pbuf[4] = '\0';
-
- /* Hash the username if possible */
- if ((up = SHA1Data(username, strlen(username), NULL)) != NULL) {
- struct stat sb;
- time_t t;
- int fd;
-
- /* Collapse the hash */
- ptr = hash_collapse(up);
- memset(up, 0, strlen(up));
-
- /* See if the random file's there, else use ctime */
- if ((fd = open(_SKEY_RAND_FILE_PATH_, O_RDONLY)) != -1
- && fstat(fd, &sb) == 0 &&
- sb.st_size > (off_t)SKEY_MAX_SEED_LEN &&
- lseek(fd, ptr % (sb.st_size - SKEY_MAX_SEED_LEN),
- SEEK_SET) != -1 && read(fd, hseed,
- SKEY_MAX_SEED_LEN) == SKEY_MAX_SEED_LEN) {
- close(fd);
- fd = -1;
- secret = hseed;
- secretlen = SKEY_MAX_SEED_LEN;
- flg = 0;
- } else if (!stat(_PATH_MEM, &sb) || !stat("/", &sb)) {
- t = sb.st_ctime;
- secret = ctime(&t);
- secretlen = strlen(secret);
- flg = 0;
Home |
Main Index |
Thread Index |
Old Index