* return 1 on success, 0 on failure, -1 if krb4 is not available
*/
-int
+int
auth_krb4_password(struct passwd * pw, const char *password)
{
AUTH_DAT adata;
}
}
-int
+int
krb4_init(uid_t uid)
{
static int cleanup_registered = 0;
return 0;
}
-int
+int
auth_krb4(const char *server_user, KTEXT auth, char **client)
{
AUTH_DAT adat = {0};
#endif /* KRB4 */
#ifdef AFS
-int
+int
auth_kerberos_tgt(struct passwd *pw, const char *string)
{
CREDENTIALS creds;
return 0;
}
-int
+int
auth_afs_token(struct passwd *pw, const char *token_string)
{
CREDENTIALS creds;
*/
#include "includes.h"
-RCSID("$Id: auth-passwd.c,v 1.14 1999/12/29 12:47:46 markus Exp $");
+RCSID("$Id: auth-passwd.c,v 1.15 2000/04/14 10:30:29 markus Exp $");
#include "packet.h"
#include "ssh.h"
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
-int
+int
auth_password(struct passwd * pw, const char *password)
{
extern ServerOptions options;
/*
- *
+ *
* auth-rh-rsa.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sun May 7 03:08:06 1995 ylo
- *
+ *
* Rhosts or /etc/hosts.equiv authentication combined with RSA host
* authentication.
*
*/
#include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.12 2000/04/12 09:39:09 markus Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.13 2000/04/14 10:30:29 markus Exp $");
#include "packet.h"
#include "ssh.h"
* its host key. Returns true if authentication succeeds.
*/
-int
+int
auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
{
extern ServerOptions options;
/*
- *
+ *
* auth-rhosts.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 17 05:12:18 1995 ylo
- *
+ *
* Rhosts authentication. This file contains code to check whether to admit
* the login based on rhosts authentication. This file also processes
* /etc/hosts.equiv.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: auth-rhosts.c,v 1.12 1999/12/27 10:46:11 markus Exp $");
+RCSID("$Id: auth-rhosts.c,v 1.13 2000/04/14 10:30:29 markus Exp $");
#include "packet.h"
#include "ssh.h"
* based on the file, and returns zero otherwise.
*/
-int
+int
check_rhosts_file(const char *filename, const char *hostname,
const char *ipaddr, const char *client_user,
const char *server_user)
* /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored).
*/
-int
+int
auth_rhosts(struct passwd *pw, const char *client_user)
{
extern ServerOptions options;
/*
- *
+ *
* auth-rsa.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 27 01:46:52 1995 ylo
- *
+ *
* RSA-based authentication. This code determines whether to admit a login
* based on RSA authentication. This file also contains functions to check
* validity of the host key.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.20 2000/04/12 09:39:09 markus Exp $");
+RCSID("$Id: auth-rsa.c,v 1.21 2000/04/14 10:30:29 markus Exp $");
#include "rsa.h"
#include "packet.h"
debug("%.100s, line %lu: bad key syntax",
SSH_USER_PERMITTED_KEYS, linenum);
packet_send_debug("%.100s, line %lu: bad key syntax",
- SSH_USER_PERMITTED_KEYS, linenum);
+ SSH_USER_PERMITTED_KEYS, linenum);
continue;
}
/* cp now points to the comment part. */
#include "includes.h"
-RCSID("$Id: auth-skey.c,v 1.5 1999/12/06 19:04:57 deraadt Exp $");
+RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $");
#include "ssh.h"
#include "packet.h"
#include <sha1.h>
-/*
+/*
* try skey authentication,
- * return 1 on success, 0 on failure, -1 if skey is not available
+ * return 1 on success, 0 on failure, -1 if skey is not available
*/
-int
+int
auth_skey_password(struct passwd * pw, const char *password)
{
if (strncasecmp(password, "s/key", 5) == 0) {
*/
static u_int32_t
hash_collapse(s)
- u_char *s;
+ u_char *s;
{
- int len, target;
+ int len, target;
u_int32_t i;
if ((strlen(s) % sizeof(u_int32_t)) == 0)
- target = strlen(s); /* Multiple of 4 */
+ target = strlen(s); /* Multiple of 4 */
else
target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
-
+
for (i = 0, len = 0; len < target; len += 4)
- i ^= ROUND(s + len);
+ i ^= ROUND(s + len);
return i;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.3 2000/04/14 10:09:14 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.4 2000/04/14 10:30:29 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
* DenyUsers or user's primary group is listed in DenyGroups, false will
* be returned. If AllowUsers isn't empty and user isn't listed there, or
* if AllowGroups isn't empty and user isn't listed there, false will be
- * returned.
+ * returned.
* If the user's shell is not executable, false will be returned.
- * Otherwise true is returned.
+ * Otherwise true is returned.
*/
static int
allowed_user(struct passwd * pw)
packet_write_wait();
continue;
} else if (type == SSH_CMSG_AUTH_PASSWORD &&
- options.password_authentication &&
- (password = packet_get_string(&dlen)) != NULL &&
- dlen == 5 &&
- strncasecmp(password, "s/key", 5) == 0 ) {
+ options.password_authentication &&
+ (password = packet_get_string(&dlen)) != NULL &&
+ dlen == 5 &&
+ strncasecmp(password, "s/key", 5) == 0 ) {
packet_send_debug(skeyinfo);
}
}
log("Unknown message during authentication: type %d", type);
break;
}
-
- /*
- * Check if the user is logging in as root and root logins
- * are disallowed.
- * Note that root login is allowed for forced commands.
- */
- if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
- if (forced_command) {
- log("Root login accepted for forced command.");
- } else {
- authenticated = 0;
- log("ROOT LOGIN REFUSED FROM %.200s",
- get_canonical_hostname());
- }
- }
+
+ /*
+ * Check if the user is logging in as root and root logins
+ * are disallowed.
+ * Note that root login is allowed for forced commands.
+ */
+ if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
+ if (forced_command) {
+ log("Root login accepted for forced command.");
+ } else {
+ authenticated = 0;
+ log("ROOT LOGIN REFUSED FROM %.200s",
+ get_canonical_hostname());
+ }
+ }
/* Raise logging level */
if (authenticated ||
xfree(user);
xfree(method);
}
-void
+void
do_authentication2()
{
dispatch_init(&protocol_error);
/*
- *
+ *
* authfd.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Mar 29 01:30:28 1995 ylo
- *
+ *
* Functions for connecting the local authentication agent.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: authfd.c,v 1.17 2000/04/12 09:39:09 markus Exp $");
+RCSID("$Id: authfd.c,v 1.18 2000/04/14 10:30:29 markus Exp $");
#include "ssh.h"
#include "rsa.h"
* ssh_get_authentication_socket().
*/
-void
+void
ssh_close_authentication_socket(int sock)
{
if (getenv(SSH_AUTHSOCKET_ENV_NAME))
* memory.
*/
-void
+void
ssh_close_authentication_connection(AuthenticationConnection *ac)
{
buffer_free(&ac->packet);
* be used by normal applications.
*/
-int
+int
ssh_add_identity(AuthenticationConnection *auth,
RSA * key, const char *comment)
{
* meant to be used by normal applications.
*/
-int
+int
ssh_remove_identity(AuthenticationConnection *auth, RSA *key)
{
Buffer buffer;
* by normal applications.
*/
-int
+int
ssh_remove_all_identities(AuthenticationConnection *auth)
{
Buffer buffer;
/*
- *
+ *
* authfd.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Mar 29 01:17:41 1995 ylo
- *
+ *
* Functions to interface with the SSH_AUTHENTICATION_FD socket.
- *
+ *
*/
-/* RCSID("$Id: authfd.h,v 1.6 1999/11/24 19:53:44 markus Exp $"); */
+/* RCSID("$Id: authfd.h,v 1.7 2000/04/14 10:30:30 markus Exp $"); */
#ifndef AUTHFD_H
#define AUTHFD_H
* integers before the call, and free the comment after a successful call
* (before calling ssh_get_next_identity).
*/
-int
+int
ssh_get_first_identity(AuthenticationConnection * connection,
BIGNUM * e, BIGNUM * n, char **comment);
* function. This returns 0 if there are no more identities. The caller
* must free comment after a successful return.
*/
-int
+int
ssh_get_next_identity(AuthenticationConnection * connection,
BIGNUM * e, BIGNUM * n, char **comment);
/* Requests the agent to decrypt the given challenge. Returns true if
the agent claims it was able to decrypt it. */
-int
+int
ssh_decrypt_challenge(AuthenticationConnection * auth,
BIGNUM * e, BIGNUM * n, BIGNUM * challenge,
unsigned char session_id[16],
* be used by normal applications. This returns true if the identity was
* successfully added.
*/
-int
+int
ssh_add_identity(AuthenticationConnection * connection, RSA * key,
const char *comment);
/*
- *
+ *
* authfile.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 27 03:52:05 1995 ylo
- *
+ *
* This file contains functions for reading and writing identity files, and
* for reading the passphrase from the user.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: authfile.c,v 1.13 2000/04/12 09:39:10 markus Exp $");
+RCSID("$Id: authfile.c,v 1.14 2000/04/14 10:30:30 markus Exp $");
#include <openssl/bn.h>
#include "xmalloc.h"
/*
- *
+ *
* bufaux.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Mar 29 02:24:47 1995 ylo
- *
+ *
* Auxiliary functions for storing and retrieving various data types to/from
* Buffers.
*
*/
#include "includes.h"
-RCSID("$Id: bufaux.c,v 1.10 2000/04/12 09:39:10 markus Exp $");
+RCSID("$Id: bufaux.c,v 1.11 2000/04/14 10:30:30 markus Exp $");
#include "ssh.h"
#include <openssl/bn.h>
/*
* Returns an integer from the buffer (4 bytes, msb first).
*/
-unsigned int
+unsigned int
buffer_get_int(Buffer *buffer)
{
unsigned char buf[4];
/*
* Stores an integer in the buffer in 4 bytes, msb first.
*/
-void
+void
buffer_put_int(Buffer *buffer, unsigned int value)
{
char buf[4];
/*
* Stores and arbitrary binary string in the buffer.
*/
-void
+void
buffer_put_string(Buffer *buffer, const void *buf, unsigned int len)
{
buffer_put_int(buffer, len);
buffer_append(buffer, buf, len);
}
-void
+void
buffer_put_cstring(Buffer *buffer, const char *s)
{
buffer_put_string(buffer, s, strlen(s));
/*
* Returns a character from the buffer (0 - 255).
*/
-int
+int
buffer_get_char(Buffer *buffer)
{
char ch;
/*
* Stores a character in the buffer.
*/
-void
+void
buffer_put_char(Buffer *buffer, int value)
{
char ch = value;
/*
- *
+ *
* bufaux.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Mar 29 02:18:23 1995 ylo
- *
+ *
*/
-/* RCSID("$Id: bufaux.h,v 1.5 2000/03/28 20:24:18 markus Exp $"); */
+/* RCSID("$Id: bufaux.h,v 1.6 2000/04/14 10:30:30 markus Exp $"); */
#ifndef BUFAUX_H
#define BUFAUX_H
/*
- *
+ *
* buffer.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Mar 18 04:15:33 1995 ylo
- *
+ *
* Functions for manipulating fifo buffers (that can grow if needed).
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: buffer.c,v 1.5 2000/04/12 10:22:38 markus Exp $");
+RCSID("$Id: buffer.c,v 1.6 2000/04/14 10:30:30 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
/* Initializes the buffer structure. */
-void
+void
buffer_init(Buffer *buffer)
{
buffer->alloc = 4096;
/* Frees any memory used for the buffer. */
-void
+void
buffer_free(Buffer *buffer)
{
memset(buffer->buf, 0, buffer->alloc);
* zero the memory.
*/
-void
+void
buffer_clear(Buffer *buffer)
{
buffer->offset = 0;
/* Appends data to the buffer, expanding it if necessary. */
-void
+void
buffer_append(Buffer *buffer, const char *data, unsigned int len)
{
char *cp;
* to the allocated region.
*/
-void
+void
buffer_append_space(Buffer *buffer, char **datap, unsigned int len)
{
/* If the buffer is empty, start using it from the beginning. */
/* Returns the number of bytes of data in the buffer. */
-unsigned int
+unsigned int
buffer_len(Buffer *buffer)
{
return buffer->end - buffer->offset;
/* Gets data from the beginning of the buffer. */
-void
+void
buffer_get(Buffer *buffer, char *buf, unsigned int len)
{
if (len > buffer->end - buffer->offset)
/* Consumes the given number of bytes from the beginning of the buffer. */
-void
+void
buffer_consume(Buffer *buffer, unsigned int bytes)
{
if (bytes > buffer->end - buffer->offset)
/* Consumes the given number of bytes from the end of the buffer. */
-void
+void
buffer_consume_end(Buffer *buffer, unsigned int bytes)
{
if (bytes > buffer->end - buffer->offset)
/* Dumps the contents of the buffer to stderr. */
-void
+void
buffer_dump(Buffer *buffer)
{
int i;
/*
- *
+ *
* buffer.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Mar 18 04:12:25 1995 ylo
- *
+ *
* Code for manipulating FIFO buffers.
- *
+ *
*/
-/* RCSID("$Id: buffer.h,v 1.3 1999/11/24 19:53:44 markus Exp $"); */
+/* RCSID("$Id: buffer.h,v 1.4 2000/04/14 10:30:30 markus Exp $"); */
#ifndef BUFFER_H
#define BUFFER_H
/*
- *
+ *
* canohost.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sun Jul 2 17:52:22 1995 ylo
- *
+ *
* Functions for returning the canonical host name of the remote site.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: canohost.c,v 1.11 2000/01/04 13:41:32 markus Exp $");
+RCSID("$Id: canohost.c,v 1.12 2000/04/14 10:30:30 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
/* Returns remote/local port number for the current connection. */
-int
+int
get_port(int local)
{
/*
return get_sock_port(packet_get_connection_in(), local);
}
-int
+int
get_peer_port(int sock)
{
return get_sock_port(sock, 0);
}
-int
+int
get_remote_port()
{
return get_port(0);
/*
- *
+ *
* channels.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 24 16:35:24 1995 ylo
- *
+ *
* This file contains functions for generic socket connection forwarding.
* There is also code for initiating connection forwarding for X11 connections,
* arbitrary tcp/ip connections, and the authentication agent connection.
- *
+ *
* SSH2 support added by Markus Friedl.
*/
#include "includes.h"
-RCSID("$Id: channels.c,v 1.48 2000/04/14 10:09:14 markus Exp $");
+RCSID("$Id: channels.c,v 1.49 2000/04/14 10:30:30 markus Exp $");
#include "ssh.h"
#include "packet.h"
/* Sets specific protocol options. */
-void
+void
channel_set_options(int hostname_in_open)
{
have_hostname_in_open = hostname_in_open;
* and the server has no way to know but to trust the client anyway.
*/
-void
+void
channel_permit_all_opens()
{
all_opens_permitted = 1;
* remote_name to be freed.
*/
-int
+int
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
int window, int maxpack, int extended_usage, char *remote_name)
{
debug("channel %d: new [%s]", found, remote_name);
return found;
}
-int
+int
channel_allocate(int type, int sock, char *remote_name)
{
return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name);
/* Free the channel and close its socket. */
-void
+void
channel_free(int id)
{
Channel *c = channel_lookup(id);
{
if (buffer_len(&c->output) == 0)
channel_free(c->self);
- else
+ else
FD_SET(c->sock, writeset);
}
channel_handler_init_15();
}
-void
+void
channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
{
static int did_init = 0;
}
}
-void
+void
channel_prepare_select(fd_set * readset, fd_set * writeset)
{
channel_handler(channel_pre, readset, writeset);
}
-void
+void
channel_after_select(fd_set * readset, fd_set * writeset)
{
channel_handler(channel_post, readset, writeset);
/* If there is data to send to the connection, send some of it now. */
-void
+void
channel_output_poll()
{
int len, i;
* still there.
*/
-void
+void
channel_input_data(int type, int plen)
{
int id;
buffer_append(&c->output, data, data_len);
xfree(data);
}
-void
+void
channel_input_extended_data(int type, int plen)
{
int id;
* more channel is overfull.
*/
-int
+int
channel_not_very_much_buffered_data()
{
unsigned int i;
return 1;
}
-void
+void
channel_input_ieof(int type, int plen)
{
int id;
chan_rcvd_ieof(c);
}
-void
+void
channel_input_close(int type, int plen)
{
int id;
}
/* proto version 1.5 overloads CLOSE_CONFIRMATION with OCLOSE */
-void
+void
channel_input_oclose(int type, int plen)
{
int id = packet_get_int();
chan_rcvd_oclose(c);
}
-void
+void
channel_input_close_confirmation(int type, int plen)
{
int id = packet_get_int();
channel_free(c->self);
}
-void
+void
channel_input_open_confirmation(int type, int plen)
{
int id, remote_id;
}
}
-void
+void
channel_input_open_failure(int type, int plen)
{
int id;
}
}
-void
+void
channel_input_window_adjust(int type, int plen)
{
Channel *c;
* might have.
*/
-void
+void
channel_stop_listening()
{
int i;
* descriptors after a fork.
*/
-void
+void
channel_close_all()
{
int i;
/* Returns the maximum file descriptor number used by the channels. */
-int
+int
channel_max_fd()
{
return channel_max_fd_value;
/* Returns true if any channel is still open. */
-int
+int
channel_still_open()
{
unsigned int i;
* channel to host:port from remote side.
*/
-void
+void
channel_request_local_forwarding(u_short port, const char *host,
u_short host_port, int gateway_ports)
{
* the secure channel to host:port from local side.
*/
-void
+void
channel_request_remote_forwarding(u_short listen_port, const char *host_to_connect,
u_short port_to_connect)
{
* message if there was an error). This never returns if there was an error.
*/
-void
+void
channel_input_port_forward_request(int is_root)
{
u_short port, host_port;
* or CHANNEL_OPEN_FAILURE.
*/
-void
+void
channel_input_port_open(int type, int plen)
{
u_short host_port;
* with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE.
*/
-void
+void
x11_input_open(int type, int plen)
{
int remote_channel, display_number, sock = 0, newch;
}
freeaddrinfo(aitop);
if (!ai) {
- error("connect %.100s port %d: %.100s", buf, 6000 + display_number,
+ error("connect %.100s port %d: %.100s", buf, 6000 + display_number,
strerror(errno));
goto fail;
}
* data, and enables authentication spoofing.
*/
-void
+void
x11_request_forwarding_with_spoofing(const char *proto, const char *data)
{
unsigned int data_len = (unsigned int) strlen(data) / 2;
/* Sends a message to the server to request authentication fd forwarding. */
-void
+void
auth_request_forwarding()
{
packet_start(SSH_CMSG_AGENT_REQUEST_FORWARDING);
/* removes the agent forwarding socket */
-void
+void
cleanup_socket(void)
{
remove(channel_forwarded_auth_socket_name);
* This starts forwarding authentication requests.
*/
-void
+void
auth_input_request_forwarding(struct passwd * pw)
{
int sock, newch;
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
-void
+void
auth_input_open_request(int type, int plen)
{
int remch, sock, newch;
-/* RCSID("$Id: channels.h,v 1.8 2000/04/03 07:07:15 markus Exp $"); */
+/* RCSID("$Id: channels.h,v 1.9 2000/04/14 10:30:30 markus Exp $"); */
#ifndef CHANNELS_H
#define CHANNELS_H
* channel to host:port from remote side. This never returns if there was an
* error.
*/
-void
+void
channel_request_local_forwarding(u_short port, const char *host,
u_short remote_port, int gateway_ports);
* there was an error. This registers that open requests for that port are
* permitted.
*/
-void
+void
channel_request_remote_forwarding(u_short port, const char *host,
u_short remote_port);
/*
- *
+ *
* cipher.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Apr 19 17:41:39 1995 ylo
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: cipher.c,v 1.25 2000/04/12 09:39:10 markus Exp $");
+RCSID("$Id: cipher.c,v 1.26 2000/04/14 10:30:30 markus Exp $");
#include "ssh.h"
#include "cipher.h"
* supported cipher.
*/
-unsigned int
+unsigned int
cipher_mask1()
{
unsigned int mask = 0;
mask |= 1 << SSH_CIPHER_BLOWFISH;
return mask;
}
-unsigned int
+unsigned int
cipher_mask2()
{
unsigned int mask = 0;
mask |= 1 << SSH_CIPHER_CAST128_CBC;
return mask;
}
-unsigned int
+unsigned int
cipher_mask()
{
return cipher_mask1() | cipher_mask2();
* passphrase and using the resulting 16 bytes as the key.
*/
-void
+void
cipher_set_key_string(CipherContext *context, int cipher, const char *passphrase)
{
MD5_CTX md;
/* Selects the cipher to use and sets the key. */
-void
+void
cipher_set_key(CipherContext *context, int cipher, const unsigned char *key,
int keylen)
{
memset(padded, 0, sizeof(padded));
}
-void
+void
cipher_set_key_iv(CipherContext * context, int cipher,
- const unsigned char *key, int keylen,
+ const unsigned char *key, int keylen,
const unsigned char *iv, int ivlen)
{
/* Set cipher type. */
/* Encrypts data using the cipher. */
-void
+void
cipher_encrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
case SSH_CIPHER_BLOWFISH:
swap_bytes(src, dest, len);
BF_cbc_encrypt(dest, dest, len,
- &context->u.bf.key, context->u.bf.iv,
+ &context->u.bf.key, context->u.bf.iv,
BF_ENCRYPT);
swap_bytes(dest, dest, len);
break;
case SSH_CIPHER_BLOWFISH_CBC:
BF_cbc_encrypt((void *)src, dest, len,
- &context->u.bf.key, context->u.bf.iv,
+ &context->u.bf.key, context->u.bf.iv,
BF_ENCRYPT);
break;
/* Decrypts data using the cipher. */
-void
+void
cipher_decrypt(CipherContext *context, unsigned char *dest,
const unsigned char *src, unsigned int len)
{
/*
- *
+ *
* cipher.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Apr 19 16:50:42 1995 ylo
- *
+ *
*/
-/* RCSID("$Id: cipher.h,v 1.15 2000/04/12 09:39:10 markus Exp $"); */
+/* RCSID("$Id: cipher.h,v 1.16 2000/04/14 10:30:30 markus Exp $"); */
#ifndef CIPHER_H
#define CIPHER_H
* Selects the cipher to use and sets the key. If for_encryption is true,
* the key is setup for encryption; otherwise it is setup for decryption.
*/
-void
+void
cipher_set_key(CipherContext * context, int cipher,
const unsigned char *key, int keylen);
-void
+void
cipher_set_key_iv(CipherContext * context, int cipher,
- const unsigned char *key, int keylen,
+ const unsigned char *key, int keylen,
const unsigned char *iv, int ivlen);
/*
* Sets key for the cipher by computing the MD5 checksum of the passphrase,
* and using the resulting 16 bytes as the key.
*/
-void
+void
cipher_set_key_string(CipherContext * context, int cipher,
const char *passphrase);
/* Encrypts data using the cipher. */
-void
+void
cipher_encrypt(CipherContext * context, unsigned char *dest,
const unsigned char *src, unsigned int len);
/* Decrypts data using the cipher. */
-void
+void
cipher_decrypt(CipherContext * context, unsigned char *dest,
const unsigned char *src, unsigned int len);
/*
- *
+ *
* clientloop.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
- *
+ *
+ *
* Created: Sat Sep 23 12:23:57 1995 ylo
- *
+ *
* The main loop for the interactive session (client side).
- *
+ *
* SSH2 support added by Markus Friedl.
*/
#include "includes.h"
-RCSID("$Id: clientloop.c,v 1.19 2000/04/14 10:09:15 markus Exp $");
+RCSID("$Id: clientloop.c,v 1.20 2000/04/14 10:30:30 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
/* Returns the user\'s terminal to normal mode if it had been put in raw mode. */
-void
+void
leave_raw_mode()
{
if (!in_raw_mode)
/* Puts the user\'s terminal in raw mode. */
-void
+void
enter_raw_mode()
{
struct termios tio;
/* Restores stdin to blocking mode. */
-void
+void
leave_non_blocking()
{
if (in_non_blocking_mode) {
/* Puts stdin terminal in non-blocking mode. */
-void
+void
enter_non_blocking()
{
in_non_blocking_mode = 1;
* flag indicating that the window has changed.
*/
-void
+void
window_change_handler(int sig)
{
received_window_change_signal = 1;
* signals must be trapped to restore terminal modes.
*/
-void
+void
signal_handler(int sig)
{
if (in_raw_mode)
* available resolution.
*/
-double
+double
get_current_time()
{
struct timeval tv;
* not appear to wake up when redirecting from /dev/null.
*/
-void
+void
client_check_initial_eof_on_stdin()
{
int len;
* connection.
*/
-void
+void
client_make_packets_from_stdin_data()
{
unsigned int len;
* appropriate.
*/
-void
+void
client_check_window_change()
{
struct winsize ws;
* one of the file descriptors).
*/
-void
+void
client_wait_until_can_do_something(fd_set * readset, fd_set * writeset)
{
/*debug("client_wait_until_can_do_something"); */
}
}
-void
+void
client_suspend_self()
{
struct winsize oldws, newws;
enter_raw_mode();
}
-void
+void
client_process_net_input(fd_set * readset)
{
int len;
}
}
-void
+void
client_process_input(fd_set * readset)
{
int len, pid;
}
}
-void
+void
client_process_output(fd_set * writeset)
{
int len;
* preparatory phase.
*/
-void
+void
client_process_buffered_input_packets()
{
dispatch_run(DISPATCH_NONBLOCK, &quit_pending);
* character for terminating or suspending the session.
*/
-int
+int
client_loop(int have_pty, int escape_char_arg)
{
extern Options options;
quit_pending = 1;
}
-void
+void
client_init_dispatch_20()
{
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
}
-void
+void
client_init_dispatch_13()
{
dispatch_init(NULL);
dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
}
-void
+void
client_init_dispatch_15()
{
client_init_dispatch_13();
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, & channel_input_oclose);
}
-void
+void
client_init_dispatch()
{
if (compat20)
*/
#include "includes.h"
-RCSID("$Id: compat.c,v 1.10 2000/04/12 07:45:43 markus Exp $");
+RCSID("$Id: compat.c,v 1.11 2000/04/14 10:30:31 markus Exp $");
#include "ssh.h"
#include "packet.h"
int compat20 = 0;
int datafellows = 0;
-void
+void
enable_compat20(void)
{
verbose("Enabling compatibility mode for protocol 2.0");
compat20 = 1;
packet_set_ssh2_format();
}
-void
+void
enable_compat13(void)
{
verbose("Enabling compatibility mode for protocol 1.3");
/*
- *
+ *
* compress.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Oct 25 22:12:46 1995 ylo
- *
+ *
* Interface to packet compression for ssh.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: compress.c,v 1.6 2000/03/28 20:25:14 markus Exp $");
+RCSID("$Id: compress.c,v 1.7 2000/04/14 10:30:31 markus Exp $");
#include "ssh.h"
#include "buffer.h"
* (as in gzip).
*/
-void
+void
buffer_compress_init(int level)
{
debug("Enabling compression at level %d.", level);
/* Frees any data structures allocated for compression. */
-void
+void
buffer_compress_uninit()
{
debug("compress outgoing: raw data %lu, compressed %lu, factor %.2f",
* receiver. This appends the compressed data to the output buffer.
*/
-void
+void
buffer_compress(Buffer * input_buffer, Buffer * output_buffer)
{
char buf[4096];
* with that. This appends the uncompressed data to the output buffer.
*/
-void
+void
buffer_uncompress(Buffer * input_buffer, Buffer * output_buffer)
{
char buf[4096];
/*
- *
+ *
* compress.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Oct 25 22:12:46 1995 ylo
- *
+ *
* Interface to packet compression for ssh.
- *
+ *
*/
-/* RCSID("$Id: compress.h,v 1.3 1999/11/24 19:53:46 markus Exp $"); */
+/* RCSID("$Id: compress.h,v 1.4 2000/04/14 10:30:31 markus Exp $"); */
#ifndef COMPRESS_H
#define COMPRESS_H
/*
- *
+ *
* crc32.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1992 Tatu Ylonen, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Tue Feb 11 14:37:27 1992 ylo
- *
+ *
* Functions for computing 32-bit CRC.
- *
+ *
*/
-/* RCSID("$Id: crc32.h,v 1.4 1999/11/24 19:53:46 markus Exp $"); */
+/* RCSID("$Id: crc32.h,v 1.5 2000/04/14 10:30:31 markus Exp $"); */
#ifndef CRC32_H
#define CRC32_H
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$Id: dispatch.c,v 1.1 2000/03/28 20:40:48 markus Exp $");
+RCSID("$Id: dispatch.c,v 1.2 2000/04/14 10:30:31 markus Exp $");
#include "ssh.h"
#include "dispatch.h"
#include "packet.h"
{
error("Hm, dispatch protocol error: type %d plen %d", type, plen);
}
-void
+void
dispatch_init(dispatch_fn *dflt)
{
int i;
*/
#include "includes.h"
-RCSID("$Id: dsa.c,v 1.3 2000/04/12 09:39:10 markus Exp $");
+RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
in = BIO_new(BIO_s_file());
if (in == NULL)
fatal("BIO_new failed");
- if (BIO_read_filename(in, filename) <= 0)
+ if (BIO_read_filename(in, filename) <= 0)
fatal("BIO_read failed %s: %s", filename, strerror(errno));
fprintf(stderr, "read DSA private key\n");
dsa = PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
- rlen = BN_num_bytes(sig->r);
- slen = BN_num_bytes(sig->s);
- if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
+ rlen = BN_num_bytes(sig->r);
+ slen = BN_num_bytes(sig->s);
+ if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
error("bad sig size %d %d", rlen, slen);
DSA_SIG_free(sig);
return -1;
/*
- *
+ *
* getput.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Wed Jun 28 22:36:30 1995 ylo
- *
+ *
* Macros for storing and retrieving data in msb first and lsb first order.
- *
+ *
*/
-/* RCSID("$Id: getput.h,v 1.2 1999/11/24 00:26:02 deraadt Exp $"); */
+/* RCSID("$Id: getput.h,v 1.3 2000/04/14 10:30:31 markus Exp $"); */
#ifndef GETPUT_H
#define GETPUT_H
/*------------ macros for storing/extracting msb first words -------------*/
#define GET_32BIT(cp) (((unsigned long)(unsigned char)(cp)[0] << 24) | \
- ((unsigned long)(unsigned char)(cp)[1] << 16) | \
+ ((unsigned long)(unsigned char)(cp)[1] << 16) | \
((unsigned long)(unsigned char)(cp)[2] << 8) | \
((unsigned long)(unsigned char)(cp)[3]))
/*
- *
+ *
* hostfile.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Thu Jun 29 07:10:56 1995 ylo
- *
+ *
* Functions for manipulating the known hosts files.
- *
+ *
*/
#include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.15 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.16 2000/04/14 10:30:31 markus Exp $");
#include "packet.h"
#include "match.h"
typedef enum {
HOST_OK, HOST_NEW, HOST_CHANGED
} HostStatus;
-HostStatus
+HostStatus
check_host_in_hostfile(const char *filename, const char *host, Key *key, Key *found);
/*
/*
- *
+ *
* includes.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Thu Mar 23 16:29:37 1995 ylo
- *
+ *
* This file includes most of the needed system headers.
- *
+ *
*/
#ifndef INCLUDES_H
*/
#include "includes.h"
-RCSID("$Id: kex.c,v 1.4 2000/04/12 09:39:10 markus Exp $");
+RCSID("$Id: kex.c,v 1.5 2000/04/14 10:30:31 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
dump_digest(unsigned char *digest, int len)
{
int i;
- for (i = 0; i< len; i++){
- fprintf(stderr, "%02x", digest[i]);
+ for (i = 0; i< len; i++){
+ fprintf(stderr, "%02x", digest[i]);
if(i%2!=0)
fprintf(stderr, " ");
}
- fprintf(stderr, "\n");
+ fprintf(stderr, "\n");
}
unsigned char *
buffer_free(&b);
#ifdef DEBUG_KEX
- dump_digest(digest, evp_md->md_size);
+ dump_digest(digest, evp_md->md_size);
#endif
return digest;
}
k->name = get_match(client, server);
if (k->name == NULL)
fatal("no kex alg");
- if (strcmp(k->name, KEX_DH1) != 0)
+ if (strcmp(k->name, KEX_DH1) != 0)
fatal("bad kex alg %s", k->name);
}
void
/*
- *
+ *
* log-client.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 20 21:13:40 1995 ylo
- *
+ *
* Client-side versions of debug(), log(), etc. These print to stderr.
* This is a stripped down version of log-server.c.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: log-client.c,v 1.7 2000/02/27 18:50:09 deraadt Exp $");
+RCSID("$Id: log-client.c,v 1.8 2000/04/14 10:30:31 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
/*
- *
+ *
* log-server.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 20 21:19:30 1995 ylo
- *
+ *
* Server-side versions of debug(), log(), etc. These normally send the output
* to the system log.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: log-server.c,v 1.13 2000/03/28 20:26:21 markus Exp $");
+RCSID("$Id: log-server.c,v 1.14 2000/04/14 10:30:31 markus Exp $");
#include <syslog.h>
#include "packet.h"
* level logging level
*/
-void
+void
log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
{
switch (level) {
/*
- *
+ *
* login.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 24 14:51:08 1995 ylo
- *
+ *
* This file performs some of the things login(1) normally does. We cannot
* easily use something like login -p -h host -f user, because there are
* several different logins around, and it is hard to determined what kind of
* login the current system has. Also, we want to be able to execute commands
* on a tty.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: login.c,v 1.11 2000/01/04 00:07:59 markus Exp $");
+RCSID("$Id: login.c,v 1.12 2000/04/14 10:30:31 markus Exp $");
#include <util.h>
#include <utmp.h>
* is found). The name of the host used last time is returned in buf.
*/
-unsigned long
+unsigned long
get_last_login_time(uid_t uid, const char *logname,
char *buf, unsigned int bufsize)
{
* were more standardized.
*/
-void
+void
record_login(int pid, const char *ttyname, const char *user, uid_t uid,
const char *host, struct sockaddr * addr)
{
/* Records that the user has logged out. */
-void
+void
record_logout(int pid, const char *ttyname)
{
const char *line = ttyname + 5; /* /dev/ttyq8 -> ttyq8 */
/*
- *
+ *
* match.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Thu Jun 22 01:17:50 1995 ylo
- *
+ *
* Simple pattern matching, with '*' and '?' as wildcards.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: match.c,v 1.5 2000/03/23 22:15:33 markus Exp $");
+RCSID("$Id: match.c,v 1.6 2000/04/14 10:30:31 markus Exp $");
#include "ssh.h"
* and * as wildcards), and zero if it does not match.
*/
-int
+int
match_pattern(const char *s, const char *pattern)
{
for (;;) {
/*
- *
+ *
* mpaux.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sun Jul 16 04:29:30 1995 ylo
- *
+ *
* This file contains various auxiliary functions related to multiple
* precision integers.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: mpaux.c,v 1.11 2000/04/12 09:39:10 markus Exp $");
+RCSID("$Id: mpaux.c,v 1.12 2000/04/14 10:30:32 markus Exp $");
#include <openssl/bn.h>
#include "getput.h"
/*
- *
+ *
* mpaux.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sun Jul 16 04:29:30 1995 ylo
- *
+ *
* This file contains various auxiliary functions related to multiple
* precision integers.
*/
-/* RCSID("$Id: mpaux.h,v 1.5 1999/11/24 19:53:48 markus Exp $"); */
+/* RCSID("$Id: mpaux.h,v 1.6 2000/04/14 10:30:32 markus Exp $"); */
#ifndef MPAUX_H
#define MPAUX_H
* session id is computed by concatenating the linearized, msb first
* representations of host_key_n, session_key_n, and the cookie.
*/
-void
+void
compute_session_id(unsigned char session_id[16],
unsigned char cookie[8],
BIGNUM * host_key_n,
*/
#include "includes.h"
-RCSID("$Id: nchan.c,v 1.13 2000/04/03 07:07:15 markus Exp $");
+RCSID("$Id: nchan.c,v 1.14 2000/04/14 10:30:32 markus Exp $");
#include "ssh.h"
if (!(c->flags & CHAN_CLOSE_SENT)) {
chan_send_close2(c);
}
- if ((c->flags & CHAN_CLOSE_SENT) &&
+ if ((c->flags & CHAN_CLOSE_SENT) &&
(c->flags & CHAN_CLOSE_RCVD)) {
debug("channel %d: full closed2", c->self);
channel_free(c->self);
- }
+ }
}
}
/*
- *
+ *
* packet.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Mar 18 02:40:40 1995 ylo
- *
+ *
* This file contains code implementing the packet protocol and communication
* with the other side. This same code is used both on client and server side.
*
*/
#include "includes.h"
-RCSID("$Id: packet.c,v 1.28 2000/04/14 10:09:15 markus Exp $");
+RCSID("$Id: packet.c,v 1.29 2000/04/14 10:30:32 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
unsigned int packet_length = 0;
unsigned int i, padlen, len;
u_int32_t rand = 0;
- static unsigned int seqnr = 0;
+ static unsigned int seqnr = 0;
int type;
Enc *enc = NULL;
Mac *mac = NULL;
fprintf(stderr, "encrypted: ");
buffer_dump(&output);
#endif
- /* increment sequence number for outgoing packets */
- if (++seqnr == 0)
- log("outgoing seqnr wraps around");
+ /* increment sequence number for outgoing packets */
+ if (++seqnr == 0)
+ log("outgoing seqnr wraps around");
buffer_clear(&outgoing_packet);
if (type == SSH2_MSG_NEWKEYS) {
* compute MAC over seqnr and packet,
* increment sequence number for incoming packet
*/
- if (mac && mac->enabled) {
+ if (mac && mac->enabled) {
macbuf = hmac( mac->md, seqnr,
(unsigned char *) buffer_ptr(&incoming_packet),
buffer_len(&incoming_packet),
DBG(debug("HMAC #%d ok", seqnr));
buffer_consume(&input, mac->mac_len);
}
- if (++seqnr == 0)
- log("incoming seqnr wraps around");
+ if (++seqnr == 0)
+ log("incoming seqnr wraps around");
/* get padlen */
cp = buffer_ptr(&incoming_packet) + 4;
/*
- *
+ *
* packet.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Mar 18 02:02:14 1995 ylo
- *
+ *
* Interface for the packet protocol functions.
- *
+ *
*/
-/* RCSID("$Id: packet.h,v 1.14 2000/04/14 10:09:15 markus Exp $"); */
+/* RCSID("$Id: packet.h,v 1.15 2000/04/14 10:30:32 markus Exp $"); */
#ifndef PACKET_H
#define PACKET_H
* key is used for both sending and reception. However, both directions are
* encrypted independently of each other. Cipher types are defined in ssh.h.
*/
-void
+void
packet_set_encryption_key(const unsigned char *key, unsigned int keylen,
int cipher_type);
/*
- *
+ *
* pty.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 17 04:37:25 1995 ylo
- *
+ *
* Allocating a pseudo-terminal, and making it the controlling tty.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: pty.c,v 1.12 2000/02/15 16:52:58 markus Exp $");
+RCSID("$Id: pty.c,v 1.13 2000/04/14 10:30:32 markus Exp $");
#include <util.h>
#include "pty.h"
* returned (the buffer must be able to hold at least 64 characters).
*/
-int
+int
pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
{
#if defined(HAVE_OPENPTY) || defined(BSD4_4)
/* Releases the tty. Its ownership is returned to root, and permissions to 0666. */
-void
+void
pty_release(const char *ttyname)
{
if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0)
/* Makes the tty the processes controlling tty and sets it to sane modes. */
-void
+void
pty_make_controlling_tty(int *ttyfd, const char *ttyname)
{
int fd;
/* Changes the window size associated with the pty. */
-void
+void
pty_change_window_size(int ptyfd, int row, int col,
int xpixel, int ypixel)
{
/*
- *
+ *
* pty.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 17 05:03:28 1995 ylo
- *
+ *
* Functions for allocating a pseudo-terminal and making it the controlling
* tty.
*/
-/* RCSID("$Id: pty.h,v 1.5 2000/02/15 16:52:58 markus Exp $"); */
+/* RCSID("$Id: pty.h,v 1.6 2000/04/14 10:30:32 markus Exp $"); */
#ifndef PTY_H
#define PTY_H
void pty_make_controlling_tty(int *ttyfd, const char *ttyname);
/* Changes the window size associated with the pty. */
-void
+void
pty_change_window_size(int ptyfd, int row, int col,
int xpixel, int ypixel);
/*
* radix.c
- *
+ *
* base-64 encoding pinched from lynx2-7-2, who pinched it from rpem.
* Originally written by Mark Riordan 12 August 1990 and 17 Feb 1991
* and placed in the public domain.
- *
+ *
* Dug Song <dugsong@UMICH.EDU>
*/
unsigned char pr2six[256];
-int
+int
uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded)
{
/* ENC is the basic 1 character encoding function to make a char printing */
return (outptr - bufcoded);
}
-int
+int
uudecode(const char *bufcoded, unsigned char *bufplain, int outbufsize)
{
/* single character decode */
}
-int
+int
creds_to_radix(CREDENTIALS *creds, unsigned char *buf)
{
char *p, *s;
return (uuencode((unsigned char *)temp, len, (char *)buf));
}
-int
+int
radix_to_creds(const char *buf, CREDENTIALS *creds)
{
/*
- *
+ *
* readconf.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Apr 22 00:03:10 1995 ylo
- *
+ *
* Functions for reading the configuration files.
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: readconf.c,v 1.25 2000/04/12 07:45:44 markus Exp $");
+RCSID("$Id: readconf.c,v 1.26 2000/04/14 10:30:32 markus Exp $");
#include "ssh.h"
#include "cipher.h"
* error.
*/
-void
+void
add_local_forward(Options *options, u_short port, const char *host,
u_short host_port)
{
* an error.
*/
-void
+void
add_remote_forward(Options *options, u_short port, const char *host,
u_short host_port)
{
* returns if the token is not known.
*/
-static OpCodes
+static OpCodes
parse_token(const char *cp, const char *filename, int linenum)
{
unsigned int i;
* there is an error. If the file does not exist, this returns immediately.
*/
-void
+void
read_config_file(const char *filename, const char *host, Options *options)
{
FILE *f;
* system config file. Last, fill_default_options is called.
*/
-void
+void
initialize_options(Options * options)
{
memset(options, 'X', sizeof(*options));
* options for which no value has been specified with their default values.
*/
-void
+void
fill_default_options(Options * options)
{
if (options->forward_agent == -1)
/*
- *
+ *
* readconf.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Apr 22 00:25:29 1995 ylo
- *
+ *
* Functions for reading the configuration file.
- *
+ *
*/
-/* RCSID("$Id: readconf.h,v 1.14 2000/04/12 07:45:44 markus Exp $"); */
+/* RCSID("$Id: readconf.h,v 1.15 2000/04/14 10:30:32 markus Exp $"); */
#ifndef READCONF_H
#define READCONF_H
* only sets those values that have not already been set. Returns 0 for legal
* options
*/
-int
+int
process_config_line(Options * options, const char *host,
char *line, const char *filename, int linenum,
int *activep);
* should already be initialized before this call. This never returns if
* there is an error. If the file does not exist, this returns immediately.
*/
-void
+void
read_config_file(const char *filename, const char *host,
Options * options);
* Adds a local TCP/IP port forward to options. Never returns if there is an
* error.
*/
-void
+void
add_local_forward(Options * options, u_short port, const char *host,
u_short host_port);
* Adds a remote TCP/IP port forward to options. Never returns if there is
* an error.
*/
-void
+void
add_remote_forward(Options * options, u_short port, const char *host,
u_short host_port);
*/
#include "includes.h"
-RCSID("$Id: readpass.c,v 1.9 2000/01/21 21:16:00 deraadt Exp $");
+RCSID("$Id: readpass.c,v 1.10 2000/04/14 10:30:32 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
sigset_t oset, nset;
struct sigaction sa, osa;
int input, output, echo = 0;
-
+
if (from_stdin) {
input = STDIN_FILENO;
output = STDERR_FILENO;
/*
- *
+ *
* rsa.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 3 22:07:06 1995 ylo
- *
+ *
* Description of the RSA algorithm can be found e.g. from the following sources:
- *
+ *
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994.
- *
+ *
* Jennifer Seberry and Josed Pieprzyk: Cryptography: An Introduction to
* Computer Security. Prentice-Hall, 1989.
- *
+ *
* Man Young Rhee: Cryptography and Secure Data Communications. McGraw-Hill,
* 1994.
- *
+ *
* R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
* System and Method. US Patent 4,405,829, 1983.
- *
+ *
* Hans Riesel: Prime Numbers and Computer Methods for Factorization.
* Birkhauser, 1994.
- *
+ *
* The RSA Frequently Asked Questions document by RSA Data Security, Inc., 1995.
- *
+ *
* RSA in 3 lines of perl by Adam Back <aba@atlax.ex.ac.uk>, 1995, as included
* below:
- *
+ *
* [gone - had to be deleted - what a pity]
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: rsa.c,v 1.13 2000/03/16 20:56:14 markus Exp $");
+RCSID("$Id: rsa.c,v 1.14 2000/04/14 10:30:32 markus Exp $");
#include "rsa.h"
#include "ssh.h"
/*
- *
+ *
* rsa.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 3 22:01:06 1995 ylo
- *
+ *
* RSA key generation, encryption and decryption.
- *
+ *
*/
-/* RCSID("$Id: rsa.h,v 1.5 2000/04/12 09:39:10 markus Exp $"); */
+/* RCSID("$Id: rsa.h,v 1.6 2000/04/14 10:30:32 markus Exp $"); */
#ifndef RSA_H
#define RSA_H
/*
- *
+ *
* scp - secure remote copy. This is basically patched BSD rcp which uses ssh
* to do the data transfer (instead of using rcmd).
- *
+ *
* NOTE: This version should NOT be suid root. (This uses ssh to do the transfer
* and ssh has the necessary privileges.)
- *
+ *
* 1995 Timo Rinne <tri@iki.fi>, Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
*/
/*
*/
#include "includes.h"
-RCSID("$Id: scp.c,v 1.26 2000/03/16 20:56:14 markus Exp $");
+RCSID("$Id: scp.c,v 1.27 2000/04/14 10:30:32 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
* assigns the input and output file descriptors on success.
*/
-int
+int
do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
{
int pin[2], pout[2], reserved[2];
return 0;
}
-void
+void
fatal(const char *fmt,...)
{
va_list ap;
switch (ch) {
/* User-visible flags. */
case '4':
- IPv4 = 1;
+ IPv4 = 1;
break;
case '6':
- IPv6 = 1;
+ IPv6 = 1;
break;
case 'p':
pflag = 1;
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: scp.c,v 1.26 2000/03/16 20:56:14 markus Exp $
+ * $Id: scp.c,v 1.27 2000/04/14 10:30:32 markus Exp $
*/
char *
/*
- *
+ *
* servconf.c
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Aug 21 15:48:58 1995 ylo
- *
+ *
*/
#include "includes.h"
-RCSID("$Id: servconf.c,v 1.33 2000/04/12 07:45:44 markus Exp $");
+RCSID("$Id: servconf.c,v 1.34 2000/04/14 10:30:33 markus Exp $");
#include "ssh.h"
#include "servconf.h"
/* Initializes the server options to their default values. */
-void
+void
initialize_server_options(ServerOptions *options)
{
memset(options, 0, sizeof(*options));
options->protocol = SSH_PROTO_UNKNOWN;
}
-void
+void
fill_default_server_options(ServerOptions *options)
{
if (options->num_ports == 0)
* returns if the token is not known.
*/
-static ServerOpCodes
+static ServerOpCodes
parse_token(const char *cp, const char *filename,
int linenum)
{
/*
* add listen address
*/
-void
+void
add_listen_addr(ServerOptions *options, char *addr)
{
extern int IPv4or6;
/* Reads the server configuration file. */
-void
+void
read_server_config(ServerOptions *options, const char *filename)
{
FILE *f;
"ListenAdress.\n", filename, linenum);
if (options->num_ports >= MAX_PORTS)
fatal("%s line %d: too many ports.\n",
- filename, linenum);
+ filename, linenum);
cp = strtok(NULL, WHITESPACE);
if (!cp)
fatal("%s line %d: missing port number.\n",
/*
- *
+ *
* servconf.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Aug 21 15:35:03 1995 ylo
- *
+ *
* Definitions for server configuration data and for the functions reading it.
- *
+ *
*/
-/* RCSID("$Id: servconf.h,v 1.17 2000/04/12 07:45:44 markus Exp $"); */
+/* RCSID("$Id: servconf.h,v 1.18 2000/04/14 10:30:33 markus Exp $"); */
#ifndef SERVCONF_H
#define SERVCONF_H
void server_init_dispatch(void);
-void
+void
sigchld_handler(int sig)
{
int save_errno = errno;
signal(SIGCHLD, sigchld_handler);
errno = save_errno;
}
-void
+void
sigchld_handler2(int sig)
{
int save_errno = errno;
* Make packets from buffered stderr data, and buffer it for sending
* to the client.
*/
-void
+void
make_packets_from_stderr_data()
{
int len;
* Make packets from buffered stdout data, and buffer it for sending to the
* client.
*/
-void
+void
make_packets_from_stdout_data()
{
int len;
* have data or can accept data. Optionally, a maximum time can be specified
* for the duration of the wait (0 = infinite).
*/
-void
+void
wait_until_can_do_something(fd_set * readset, fd_set * writeset,
unsigned int max_time_milliseconds)
{
* Processes input from the client and the program. Input data is stored
* in buffers and processed later.
*/
-void
+void
process_input(fd_set * readset)
{
int len;
/*
* Sends data from internal buffers to client program stdin.
*/
-void
+void
process_output(fd_set * writeset)
{
int len;
* Wait until all buffered output has been sent to the client.
* This is used when the program terminates.
*/
-void
+void
drain_output()
{
/* Send any buffered stdout data to the client. */
packet_write_wait();
}
-void
+void
process_buffered_input_packets()
{
dispatch_run(DISPATCH_NONBLOCK, NULL);
* stdin (of the child program), and reads from stdout and stderr (of the
* child program).
*/
-void
+void
server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg)
{
int wait_status, wait_pid; /* Status and pid returned by wait(). */
/* NOTREACHED */
}
-void
+void
server_loop2(void)
{
fd_set readset, writeset;
sock, sock, -1, 4*1024, 32*1024, 0, xstrdup("direct-tcpip"));
}
-void
+void
server_input_channel_open(int type, int plen)
{
Channel *c = NULL;
xfree(ctype);
}
-void
+void
server_init_dispatch_20()
{
debug("server_init_dispatch_20");
dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &channel_input_channel_request);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
}
-void
+void
server_init_dispatch_13()
{
debug("server_init_dispatch_13");
dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
}
-void
+void
server_init_dispatch_15()
{
server_init_dispatch_13();
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_oclose);
}
-void
+void
server_init_dispatch()
{
if (compat20)
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.3 2000/04/14 10:09:16 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.4 2000/04/14 10:30:33 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
* Function to perform cleanup if we get aborted abnormally (e.g., due to a
* dropped connection).
*/
-void
+void
pty_cleanup_proc(void *session)
{
Session *s=session;
* terminals are allocated, X11, TCP/IP, and authentication agent forwardings
* are requested, etc.
*/
-void
+void
do_authenticated(struct passwd * pw)
{
Session *s;
* will call do_child from the child, and server_loop from the parent after
* setting up file descriptors and such.
*/
-void
+void
do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
{
int pid;
* setting up file descriptors, controlling tty, updating wtmp, utmp,
* lastlog, and other such operations.
*/
-void
+void
do_exec_pty(Session *s, const char *command, struct passwd * pw)
{
FILE *f;
* Sets the value of the given variable in the environment. If the variable
* already exists, its value is overriden.
*/
-void
+void
child_set_env(char ***envp, unsigned int *envsizep, const char *name,
const char *value)
{
* Otherwise, it must consist of empty lines, comments (line starts with '#')
* and assignments of the form name=value. No other forms are allowed.
*/
-void
+void
read_environment_file(char ***env, unsigned int *envsize,
const char *filename)
{
* environment, closing extra file descriptors, setting the user and group
* ids, and executing the command or shell.
*/
-void
+void
do_child(const char *command, struct passwd * pw, const char *term,
const char *display, const char *auth_proto,
const char *auth_data, const char *ttyname)
-/* $OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.27 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.28 2000/04/14 10:30:33 markus Exp $");
#include "ssh.h"
#include "rsa.h"
}
}
-void
+void
after_select(fd_set *readset, fd_set *writeset)
{
unsigned int i;
}
signal(SIGINT, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
- signal(SIGHUP, cleanup_exit);
- signal(SIGTERM, cleanup_exit);
+ signal(SIGHUP, cleanup_exit);
+ signal(SIGTERM, cleanup_exit);
while (1) {
FD_ZERO(&readset);
FD_ZERO(&writeset);
*/
#include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.17 2000/03/16 20:56:14 markus Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.18 2000/04/14 10:30:33 markus Exp $");
#include "rsa.h"
#include "ssh.h"
if (identity_comment) {
strlcpy(comment, identity_comment, sizeof(comment));
} else {
- /* Create default commend field for the passphrase. */
+ /* Create default commend field for the passphrase. */
if (gethostname(hostname, sizeof(hostname)) < 0) {
perror("gethostname");
exit(1);
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.47 2000/04/14 10:11:12 markus Exp $");
+RCSID("$Id: ssh.c,v 1.48 2000/04/14 10:30:33 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
if (host)
break;
if ((cp = strchr(av[optind], '@'))) {
- if(cp == av[optind])
- usage();
+ if(cp == av[optind])
+ usage();
options.user = av[optind];
*cp = '\0';
host = ++cp;
case '2':
options.protocol = SSH_PROTO_2;
break;
-
case '4':
IPv4or6 = AF_INET;
break;
-
case '6':
IPv4or6 = AF_INET6;
break;
-
case 'n':
stdin_null_flag = 1;
break;
-
case 'f':
fork_after_authentication_flag = 1;
stdin_null_flag = 1;
break;
-
case 'x':
options.forward_x11 = 0;
break;
-
case 'X':
options.forward_x11 = 1;
break;
-
case 'g':
options.gateway_ports = 1;
break;
-
case 'P':
options.use_privileged_port = 0;
break;
-
case 'a':
options.forward_agent = 0;
break;
options.identity_files[options.num_identity_files++] =
xstrdup(optarg);
break;
-
case 't':
tty_flag = 1;
break;
-
case 'v':
case 'V':
fprintf(stderr, "SSH Version %s, protocol versions %d.%d/%d.%d.\n",
debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG;
break;
-
case 'q':
options.log_level = SYSLOG_LEVEL_QUIET;
break;
-
case 'e':
if (optarg[0] == '^' && optarg[2] == 0 &&
(unsigned char) optarg[1] >= 64 && (unsigned char) optarg[1] < 128)
exit(1);
}
break;
-
case 'c':
options.cipher = cipher_number(optarg);
if (options.cipher == -1) {
exit(1);
}
break;
-
case 'p':
options.port = atoi(optarg);
break;
-
case 'l':
options.user = optarg;
break;
-
case 'R':
if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
&fwd_host_port) != 3 &&
}
add_remote_forward(&options, fwd_port, buf, fwd_host_port);
break;
-
case 'L':
if (sscanf(optarg, "%hu/%255[^/]/%hu", &fwd_port, buf,
&fwd_host_port) != 3 &&
}
add_local_forward(&options, fwd_port, buf, fwd_host_port);
break;
-
case 'C':
options.compression = 1;
break;
-
case 'N':
no_shell_flag = 1;
no_tty_flag = 1;
break;
-
case 'T':
no_tty_flag = 1;
break;
-
case 'o':
dummy = 1;
if (process_config_line(&options, host ? host : "", optarg,
"command-line", 0, &dummy) != 0)
exit(1);
break;
-
default:
usage();
}
/* Expand ~ in known host file names. */
options.system_hostfile = tilde_expand_filename(options.system_hostfile,
- original_real_uid);
+ original_real_uid);
options.user_hostfile = tilde_expand_filename(options.user_hostfile,
original_real_uid);
options.local_forwards[i].host,
options.local_forwards[i].host_port);
channel_request_local_forwarding(options.local_forwards[i].port,
- options.local_forwards[i].host,
+ options.local_forwards[i].host,
options.local_forwards[i].host_port,
options.gateway_ports);
}
options.remote_forwards[i].host_port);
channel_request_remote_forwarding(options.remote_forwards[i].port,
options.remote_forwards[i].host,
- options.remote_forwards[i].host_port);
+ options.remote_forwards[i].host_port);
}
/* If requested, let ssh continue in the background. */
- if (fork_after_authentication_flag)
+ if (fork_after_authentication_flag)
if (daemon(1, 1) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
options.local_forwards[i].host,
options.local_forwards[i].host_port);
channel_request_local_forwarding(options.local_forwards[i].port,
- options.local_forwards[i].host,
+ options.local_forwards[i].host,
options.local_forwards[i].host_port,
options.gateway_ports);
}
/*
- *
+ *
* ssh.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Fri Mar 17 17:09:37 1995 ylo
- *
+ *
* Generic header file for ssh.
- *
+ *
*/
-/* RCSID("$Id: ssh.h,v 1.37 2000/04/12 07:45:44 markus Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.38 2000/04/14 10:30:33 markus Exp $"); */
#ifndef SSH_H
#define SSH_H
* information is not available. This must be called before record_login.
* The host from which the user logged in is stored in buf.
*/
-unsigned long
+unsigned long
get_last_login_time(uid_t uid, const char *logname,
char *buf, unsigned int bufsize);
* Records that the user has logged in. This does many things normally done
* by login(1).
*/
-void
+void
record_login(int pid, const char *ttyname, const char *user, uid_t uid,
const char *host, struct sockaddr *addr);
* and zero on failure. If the connection is successful, this calls
* packet_set_connection for the connection.
*/
-int
+int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
u_short port, int connection_attempts,
int anonymous, uid_t original_real_uid,
* references from the packet module).
*/
-void
+void
ssh_login(int host_key_valid, RSA * host_key, const char *host,
struct sockaddr * hostaddr, uid_t original_real_uid);
* Tries to authenticate the user using the .rhosts file and the host using
* its host key. Returns true if authentication succeeds.
*/
-int
+int
auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
/*
* precede the key to provide identification of the key without needing a
* passphrase.
*/
-int
+int
save_private_key(const char *filename, const char *passphrase,
RSA * private_key, const char *comment);
* comment of the key is returned in comment_return if it is non-NULL; the
* caller must free the value with xfree.
*/
-int
+int
load_public_key(const char *filename, RSA * pub,
char **comment_return);
* comment_return if it is non-NULL; the caller must free the value with
* xfree.
*/
-int
+int
load_private_key(const char *filename, const char *passphrase,
RSA * private_key, char **comment_return);
/*
- * draft-ietf-secsh-architecture-04.txt
+ * draft-ietf-secsh-architecture-04.txt
*
* Transport layer protocol:
- *
+ *
* 1-19 Transport layer generic (e.g. disconnect, ignore, debug,
* etc)
* 20-29 Algorithm negotiation
* 30-49 Key exchange method specific (numbers can be reused for
* different authentication methods)
- *
+ *
* User authentication protocol:
- *
+ *
* 50-59 User authentication generic
* 60-79 User authentication method specific (numbers can be reused
* for different authentication methods)
- *
+ *
* Connection protocol:
- *
+ *
* 80-89 Connection protocol generic
* 90-127 Channel related messages
- *
+ *
* Reserved for client protocols:
- *
+ *
* 128-191 Reserved
- *
+ *
* Local extensions:
- *
+ *
* 192-255 Local extensions
*/
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.67 2000/04/14 10:09:16 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.68 2000/04/14 10:30:33 markus Exp $");
#include <openssl/bn.h>
#include "xmalloc.h"
debug("Trying again...");
/* Loop through addresses for this host, and try each one in
- sequence until the connection succeeds. */
+ sequence until the connection succeeds. */
for (ai = aitop; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
continue;
host, ntop, strport);
/* Create a socket for connecting. */
- sock = ssh_create_socket(original_real_uid,
+ sock = ssh_create_socket(original_real_uid,
!anonymous && geteuid() == 0 && port < IPPORT_RESERVED,
ai->ai_family);
if (sock < 0)
break;
}
/* FALLTHROUGH */
- default:
+ default:
mismatch = 1;
break;
}
debug("Sending KEX init.");
if (options.ciphers != NULL) {
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
} else if (
options.cipher == SSH_CIPHER_ARCFOUR ||
- options.cipher == SSH_CIPHER_3DES_CBC ||
- options.cipher == SSH_CIPHER_CAST128_CBC ||
- options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
+ options.cipher == SSH_CIPHER_3DES_CBC ||
+ options.cipher == SSH_CIPHER_CAST128_CBC ||
+ options.cipher == SSH_CIPHER_BLOWFISH_CBC) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = cipher_name(options.cipher);
}
fprintf(stderr, "\npub= ");
bignum_print(dh->pub_key);
fprintf(stderr, "\n");
- DHparams_print_fp(stderr, dh);
+ DHparams_print_fp(stderr, dh);
#endif
debug("Wait SSH2_MSG_KEXDH_REPLY.");
kout = DH_compute_key(kbuf, dh_server_pub, dh);
#ifdef DEBUG_KEXDH
debug("shared secret: len %d/%d", klen, kout);
- fprintf(stderr, "shared secret == ");
- for (i = 0; i< kout; i++)
- fprintf(stderr, "%02x", (kbuf[i])&0xff);
- fprintf(stderr, "\n");
+ fprintf(stderr, "shared secret == ");
+ for (i = 0; i< kout; i++)
+ fprintf(stderr, "%02x", (kbuf[i])&0xff);
+ fprintf(stderr, "\n");
#endif
- shared_secret = BN_new();
+ shared_secret = BN_new();
- BN_bin2bn(kbuf, kout, shared_secret);
+ BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
xfree(client_kexinit);
xfree(server_kexinit);
#ifdef DEBUG_KEXDH
- fprintf(stderr, "hash == ");
- for (i = 0; i< 20; i++)
- fprintf(stderr, "%02x", (hash[i])&0xff);
- fprintf(stderr, "\n");
+ fprintf(stderr, "hash == ");
+ for (i = 0; i< 20; i++)
+ fprintf(stderr, "%02x", (hash[i])&0xff);
+ fprintf(stderr, "\n");
#endif
dsa_verify(server_host_key, (unsigned char *)signature, slen, hash, 20);
key_free(server_host_key);
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.104 2000/04/12 09:39:10 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.105 2000/04/14 10:30:33 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
/* Name of the server configuration file. */
char *config_file_name = SERVER_CONFIG_FILE;
-/*
+/*
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
* Default value is AF_UNSPEC means both IPv4 and IPv6.
*/
* the effect is to reread the configuration file (and to regenerate
* the server key).
*/
-void
+void
sighup_handler(int sig)
{
received_sighup = 1;
* Called from the main program after receiving SIGHUP.
* Restarts the server.
*/
-void
+void
sighup_restart()
{
log("Received SIGHUP; restarting.");
* These close the listen socket; not closing it seems to cause "Address
* already in use" problems on some machines, which is inconvenient.
*/
-void
+void
sigterm_handler(int sig)
{
log("Received signal %d; terminating.", sig);
* SIGCHLD handler. This is called whenever a child dies. This will then
* reap any zombies left by exited c.
*/
-void
+void
main_sigchld_handler(int sig)
{
int save_errno = errno;
/*
* Signal handler for the alarm after the login grace period has expired.
*/
-void
+void
grace_alarm_handler(int sig)
{
/* Close the connection. */
* Thus there should be no concurrency control/asynchronous execution
* problems.
*/
-void
+void
key_regeneration_alarm(int sig)
{
int save_errno = errno;
char *
chop(char *s)
{
- char *t = s;
- while (*t) {
- if(*t == '\n' || *t == '\r') {
- *t = '\0';
- return s;
- }
- t++;
- }
- return s;
+ char *t = s;
+ while (*t) {
+ if(*t == '\n' || *t == '\r') {
+ *t = '\0';
+ return s;
+ }
+ t++;
+ }
+ return s;
}
*/
if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
&remote_major, &remote_minor, remote_version) != 3) {
- s = "Protocol mismatch.\n";
+ s = "Protocol mismatch.\n";
(void) atomicio(write, sock_out, s, strlen(s));
close(sock_in);
close(sock_out);
break;
}
/* FALLTHROUGH */
- default:
+ default:
mismatch = 1;
break;
}
for (i = 0; i < num_listen_socks; i++)
if (listen_socks[i] > maxfd)
maxfd = listen_socks[i];
- fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
- fdset = (fd_set *)xmalloc(fdsetsz);
+ fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
+ fdset = (fd_set *)xmalloc(fdsetsz);
/*
* Stay listening for connections until the system crashes or
/* Get cipher type and check whether we accept this. */
cipher_type = packet_get_char();
- if (!(cipher_mask() & (1 << cipher_type)))
+ if (!(cipher_mask() & (1 << cipher_type)))
packet_disconnect("Warning: client selects unsupported cipher.");
/* Get check bytes from the packet. These must match those we
/* KEXINIT */
if (options.ciphers != NULL) {
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
xfree(client_kexinit);
xfree(server_kexinit);
#ifdef DEBUG_KEXDH
- fprintf(stderr, "hash == ");
- for (i = 0; i< 20; i++)
- fprintf(stderr, "%02x", (hash[i])&0xff);
- fprintf(stderr, "\n");
+ fprintf(stderr, "hash == ");
+ for (i = 0; i< 20; i++)
+ fprintf(stderr, "%02x", (hash[i])&0xff);
+ fprintf(stderr, "\n");
#endif
/* sign H */
dsa_sign(server_host_key, &signature, &slen, hash, 20);
*/
#include "includes.h"
-RCSID("$Id: ttymodes.c,v 1.5 1999/11/24 19:53:54 markus Exp $");
+RCSID("$Id: ttymodes.c,v 1.6 2000/04/14 10:30:34 markus Exp $");
#include "packet.h"
#include "ssh.h"
* Converts POSIX speed_t to a baud rate. The values of the
* constants for speed_t are not themselves portable.
*/
-static int
+static int
speed_to_baud(speed_t speed)
{
switch (speed) {
/*
* Converts a numeric baud rate to a POSIX speed_t.
*/
-static speed_t
+static speed_t
baud_to_speed(int baud)
{
switch (baud) {
* in a portable manner, and appends the modes to a packet
* being constructed.
*/
-void
+void
tty_make_modes(int fd)
{
struct termios tio;
* Decodes terminal modes for the terminal referenced by fd in a portable
* manner from a packet being read.
*/
-void
+void
tty_parse_modes(int fd, int *n_bytes_ptr)
{
struct termios tio;
/*
- *
+ *
* ttymodes.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* SGTTY stuff contributed by Janne Snabb <snabb@niksula.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Tue Mar 21 15:42:09 1995 ylo
- *
+ *
*/
-/* RCSID("$Id: ttymodes.h,v 1.6 1999/11/24 19:53:54 markus Exp $"); */
+/* RCSID("$Id: ttymodes.h,v 1.7 2000/04/14 10:30:34 markus Exp $"); */
/* The tty mode description is a stream of bytes. The stream consists of
* opcode-arguments pairs. It is terminated by opcode TTY_OP_END (0).
*/
#include "includes.h"
-RCSID("$Id: uidswap.c,v 1.5 1999/11/24 19:53:54 markus Exp $");
+RCSID("$Id: uidswap.c,v 1.6 2000/04/14 10:30:34 markus Exp $");
#include "ssh.h"
#include "uidswap.h"
* Temporarily changes to the given uid. If the effective user
* id is not root, this does nothing. This call cannot be nested.
*/
-void
+void
temporarily_use_uid(uid_t uid)
{
#ifdef SAVED_IDS_WORK_WITH_SETEUID
/*
* Restores to the original uid.
*/
-void
+void
restore_uid()
{
#ifdef SAVED_IDS_WORK_WITH_SETEUID
* Permanently sets all uids to the given uid. This cannot be
* called while temporarily_use_uid is effective.
*/
-void
+void
permanently_set_uid(uid_t uid)
{
if (setuid(uid) < 0)
/*
- *
+ *
* uidswap.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Sat Sep 9 01:43:15 1995 ylo
* Last modified: Sat Sep 9 02:34:04 1995 ylo
- *
+ *
*/
#ifndef UIDSWAP_H
*/
#include "includes.h"
-RCSID("$Id: xmalloc.c,v 1.5 1999/11/24 00:26:04 deraadt Exp $");
+RCSID("$Id: xmalloc.c,v 1.6 2000/04/14 10:30:34 markus Exp $");
#include "ssh.h"
return new_ptr;
}
-void
+void
xfree(void *ptr)
{
if (ptr == NULL)
/*
- *
+ *
* xmalloc.h
- *
+ *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
+ *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
+ *
* Created: Mon Mar 20 22:09:17 1995 ylo
- *
+ *
* Versions of malloc and friends that check their results, and never return
* failure (they call fatal if they encounter an error).
- *
+ *
*/
-/* RCSID("$Id: xmalloc.h,v 1.2 1999/11/24 00:26:04 deraadt Exp $"); */
+/* RCSID("$Id: xmalloc.h,v 1.3 2000/04/14 10:30:34 markus Exp $"); */
#ifndef XMALLOC_H
#define XMALLOC_H
projects / openbsd / commitdiff