Commit 4af51306 authored by Damien Miller's avatar Damien Miller

- OpenBSD CVS updates.

   [ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   - whitespace cleanup
parent 5d1705ec
20000415
- OpenBSD CVS updates.
[ssh.1 ssh.c]
- ssh -2
[auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
[session.c sshconnect.c]
- check payload for (illegal) extra data
[ALL]
whitespace cleanup
20000413
- INSTALL doc updates
- Merged OpenBSD updates to include paths.
20000412
- OpenBSD CVS updates:
- [channels.c]
......
......@@ -19,7 +19,7 @@ extern ServerOptions options;
* return 1 on success, 0 on failure, -1 if krb4 is not available
*/
int
int
auth_krb4_password(struct passwd * pw, const char *password)
{
AUTH_DAT adata;
......@@ -135,7 +135,7 @@ krb4_cleanup_proc(void *ignore)
}
}
int
int
krb4_init(uid_t uid)
{
static int cleanup_registered = 0;
......@@ -179,7 +179,7 @@ krb4_init(uid_t uid)
return 0;
}
int
int
auth_krb4(const char *server_user, KTEXT auth, char **client)
{
AUTH_DAT adat = {0};
......@@ -252,7 +252,7 @@ auth_krb4(const char *server_user, KTEXT auth, char **client)
#endif /* KRB4 */
#ifdef AFS
int
int
auth_kerberos_tgt(struct passwd *pw, const char *string)
{
CREDENTIALS creds;
......@@ -307,7 +307,7 @@ auth_kerberos_tgt_failure:
return 0;
}
int
int
auth_afs_token(struct passwd *pw, const char *token_string)
{
CREDENTIALS creds;
......
......@@ -11,7 +11,7 @@
#ifndef USE_PAM
RCSID("$Id: auth-passwd.c,v 1.16 2000/01/22 23:32:03 damien Exp $");
RCSID("$Id: auth-passwd.c,v 1.17 2000/04/16 01:18:39 damien Exp $");
#include "packet.h"
#include "ssh.h"
......@@ -33,7 +33,7 @@ RCSID("$Id: auth-passwd.c,v 1.16 2000/01/22 23:32:03 damien Exp $");
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
int
int
auth_password(struct passwd * pw, const char *password)
{
extern ServerOptions options;
......
/*
*
*
* auth-rh-rsa.c
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Sun May 7 03:08:06 1995 ylo
*
*
* Rhosts or /etc/hosts.equiv authentication combined with RSA host
* authentication.
*
*/
#include "includes.h"
RCSID("$Id: auth-rh-rsa.c,v 1.9 2000/04/13 02:26:35 damien Exp $");
RCSID("$Id: auth-rh-rsa.c,v 1.10 2000/04/16 01:18:39 damien Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
......@@ -42,7 +42,7 @@ RCSID("$Id: auth-rh-rsa.c,v 1.9 2000/04/13 02:26:35 damien Exp $");
* its host key. Returns true if authentication succeeds.
*/
int
int
auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key)
{
extern ServerOptions options;
......
/*
*
*
* auth-rhosts.c
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Fri Mar 17 05:12:18 1995 ylo
*
*
* Rhosts authentication. This file contains code to check whether to admit
* the login based on rhosts authentication. This file also processes
* /etc/hosts.equiv.
*
*
*/
#include "includes.h"
RCSID("$Id: auth-rhosts.c,v 1.7 1999/12/27 12:54:55 damien Exp $");
RCSID("$Id: auth-rhosts.c,v 1.8 2000/04/16 01:18:39 damien Exp $");
#include "packet.h"
#include "ssh.h"
......@@ -30,7 +30,7 @@ RCSID("$Id: auth-rhosts.c,v 1.7 1999/12/27 12:54:55 damien Exp $");
* based on the file, and returns zero otherwise.
*/
int
int
check_rhosts_file(const char *filename, const char *hostname,
const char *ipaddr, const char *client_user,
const char *server_user)
......@@ -146,7 +146,7 @@ check_rhosts_file(const char *filename, const char *hostname,
* /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored).
*/
int
int
auth_rhosts(struct passwd *pw, const char *client_user)
{
extern ServerOptions options;
......
/*
*
*
* auth-rsa.c
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Mon Mar 27 01:46:52 1995 ylo
*
*
* RSA-based authentication. This code determines whether to admit a login
* based on RSA authentication. This file also contains functions to check
* validity of the host key.
*
*
*/
#include "includes.h"
RCSID("$Id: auth-rsa.c,v 1.15 2000/04/13 02:26:35 damien Exp $");
RCSID("$Id: auth-rsa.c,v 1.16 2000/04/16 01:18:39 damien Exp $");
#include "rsa.h"
#include "packet.h"
......@@ -244,7 +244,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
debug("%.100s, line %lu: bad key syntax",
SSH_USER_PERMITTED_KEYS, linenum);
packet_send_debug("%.100s, line %lu: bad key syntax",
SSH_USER_PERMITTED_KEYS, linenum);
SSH_USER_PERMITTED_KEYS, linenum);
continue;
}
/* cp now points to the comment part. */
......
#include "includes.h"
#ifdef SKEY
RCSID("$Id: auth-skey.c,v 1.5 1999/12/06 19:04:57 deraadt Exp $");
RCSID("$Id: auth-skey.c,v 1.6 2000/04/14 10:30:29 markus Exp $");
#include "ssh.h"
#include "packet.h"
......@@ -15,12 +15,12 @@ RCSID("$Id: auth-skey.c,v 1.5 1999/12/06 19:04:57 deraadt Exp $");
/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
/*
/*
* try skey authentication,
* return 1 on success, 0 on failure, -1 if skey is not available
* return 1 on success, 0 on failure, -1 if skey is not available
*/
int
int
auth_skey_password(struct passwd * pw, const char *password)
{
if (strncasecmp(password, "s/key", 5) == 0) {
......@@ -53,18 +53,18 @@ auth_skey_password(struct passwd * pw, const char *password)
*/
static u_int32_t
hash_collapse(s)
u_char *s;
u_char *s;
{
int len, target;
int len, target;
u_int32_t i;
if ((strlen(s) % sizeof(u_int32_t)) == 0)
target = strlen(s); /* Multiple of 4 */
target = strlen(s); /* Multiple of 4 */
else
target = strlen(s) - (strlen(s) % sizeof(u_int32_t));
for (i = 0, len = 0; len < target; len += 4)
i ^= ROUND(s + len);
i ^= ROUND(s + len);
return i;
}
......
......@@ -5,7 +5,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth.c,v 1.2 2000/04/06 08:55:22 markus Exp $");
RCSID("$OpenBSD: auth.c,v 1.4 2000/04/14 10:30:29 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
......@@ -36,9 +36,9 @@ extern char *forced_command;
* DenyUsers or user's primary group is listed in DenyGroups, false will
* be returned. If AllowUsers isn't empty and user isn't listed there, or
* if AllowGroups isn't empty and user isn't listed there, false will be
* returned.
* returned.
* If the user's shell is not executable, false will be returned.
* Otherwise true is returned.
* Otherwise true is returned.
*/
static int
allowed_user(struct passwd * pw)
......@@ -201,10 +201,10 @@ do_fake_authloop1(char *user)
packet_write_wait();
continue;
} else if (type == SSH_CMSG_AUTH_PASSWORD &&
options.password_authentication &&
(password = packet_get_string(&dlen)) != NULL &&
dlen == 5 &&
strncasecmp(password, "s/key", 5) == 0 ) {
options.password_authentication &&
(password = packet_get_string(&dlen)) != NULL &&
dlen == 5 &&
strncasecmp(password, "s/key", 5) == 0 ) {
packet_send_debug(skeyinfo);
}
if (password != NULL)
......@@ -457,20 +457,20 @@ do_authloop(struct passwd * pw)
break;
}
/*
* Check if the user is logging in as root and root logins
* are disallowed.
* Note that root login is allowed for forced commands.
*/
if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
if (forced_command) {
log("Root login accepted for forced command.");
} else {
authenticated = 0;
log("ROOT LOGIN REFUSED FROM %.200s",
get_canonical_hostname());
}
}
/*
* Check if the user is logging in as root and root logins
* are disallowed.
* Note that root login is allowed for forced commands.
*/
if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) {
if (forced_command) {
log("Root login accepted for forced command.");
} else {
authenticated = 0;
log("ROOT LOGIN REFUSED FROM %.200s",
get_canonical_hostname());
}
}
/* Raise logging level */
if (authenticated ||
......@@ -685,6 +685,7 @@ input_service_request(int type, int plen)
unsigned int len;
int accept = 0;
char *service = packet_get_string(&len);
packet_done();
if (strcmp(service, "ssh-userauth") == 0) {
if (!userauth_success) {
......@@ -727,6 +728,7 @@ input_userauth_request(int type, int plen)
pw = auth_set_user(user, service);
if (pw && strcmp(service, "ssh-connection")==0) {
if (strcmp(method, "none") == 0 && try == 1) {
packet_done();
#ifdef USE_PAM
/* Do PAM auth with password */
authenticated = auth_pam_password(pw, "");
......@@ -740,6 +742,7 @@ input_userauth_request(int type, int plen)
if (c)
debug("password change not supported");
password = packet_get_string(&len);
packet_done();
#ifdef USE_PAM
/* Do PAM auth with password */
authenticated = auth_pam_password(pw, password);
......@@ -751,11 +754,19 @@ input_userauth_request(int type, int plen)
xfree(password);
} else if (strcmp(method, "publickey") == 0) {
/* XXX TODO */
char *pkalg;
char *pkblob;
c = packet_get_char();
char *pkalg, *pkblob, *sig;
int have_sig = packet_get_char();
pkalg = packet_get_string(&len);
pkblob = packet_get_string(&len);
if (have_sig) {
sig = packet_get_string(&len);
/* test for correct signature */
packet_done();
xfree(sig);
} else {
packet_done();
/* test whether pkalg/pkblob are acceptable */
}
xfree(pkalg);
xfree(pkblob);
}
......@@ -764,7 +775,6 @@ input_userauth_request(int type, int plen)
if (authenticated) {
/* turn off userauth */
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error);
/* success! */
packet_start(SSH2_MSG_USERAUTH_SUCCESS);
packet_send();
packet_write_wait();
......@@ -782,7 +792,7 @@ input_userauth_request(int type, int plen)
xfree(user);
xfree(method);
}
void
void
do_authentication2()
{
dispatch_init(&protocol_error);
......
/*
*
*
* authfd.c
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Wed Mar 29 01:30:28 1995 ylo
*
*
* Functions for connecting the local authentication agent.
*
*
*/
#include "includes.h"
RCSID("$Id: authfd.c,v 1.11 2000/04/13 02:26:35 damien Exp $");
RCSID("$Id: authfd.c,v 1.12 2000/04/16 01:18:40 damien Exp $");
#include "ssh.h"
#include "rsa.h"
......@@ -69,7 +69,7 @@ ssh_get_authentication_socket()
* ssh_get_authentication_socket().
*/
void
void
ssh_close_authentication_socket(int sock)
{
if (getenv(SSH_AUTHSOCKET_ENV_NAME))
......@@ -113,7 +113,7 @@ ssh_get_authentication_connection()
* memory.
*/
void
void
ssh_close_authentication_connection(AuthenticationConnection *ac)
{
buffer_free(&ac->packet);
......@@ -343,7 +343,7 @@ error_cleanup:
* be used by normal applications.
*/
int
int
ssh_add_identity(AuthenticationConnection *auth,
RSA * key, const char *comment)
{
......@@ -431,7 +431,7 @@ error_cleanup:
* meant to be used by normal applications.
*/
int
int
ssh_remove_identity(AuthenticationConnection *auth, RSA *key)
{
Buffer buffer;
......@@ -514,7 +514,7 @@ error_cleanup:
* by normal applications.
*/
int
int
ssh_remove_all_identities(AuthenticationConnection *auth)
{
Buffer buffer;
......
/*
*
*
* authfd.h
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Wed Mar 29 01:17:41 1995 ylo
*
*
* Functions to interface with the SSH_AUTHENTICATION_FD socket.
*
*
*/
/* RCSID("$Id: authfd.h,v 1.4 1999/11/25 00:54:58 damien Exp $"); */
/* RCSID("$Id: authfd.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
#ifndef AUTHFD_H
#define AUTHFD_H
......@@ -67,7 +67,7 @@ void ssh_close_authentication_connection(AuthenticationConnection * ac);
* integers before the call, and free the comment after a successful call
* (before calling ssh_get_next_identity).
*/
int
int
ssh_get_first_identity(AuthenticationConnection * connection,
BIGNUM * e, BIGNUM * n, char **comment);
......@@ -77,13 +77,13 @@ ssh_get_first_identity(AuthenticationConnection * connection,
* function. This returns 0 if there are no more identities. The caller
* must free comment after a successful return.
*/
int
int
ssh_get_next_identity(AuthenticationConnection * connection,
BIGNUM * e, BIGNUM * n, char **comment);
/* Requests the agent to decrypt the given challenge. Returns true if
the agent claims it was able to decrypt it. */
int
int
ssh_decrypt_challenge(AuthenticationConnection * auth,
BIGNUM * e, BIGNUM * n, BIGNUM * challenge,
unsigned char session_id[16],
......@@ -95,7 +95,7 @@ ssh_decrypt_challenge(AuthenticationConnection * auth,
* be used by normal applications. This returns true if the identity was
* successfully added.
*/
int
int
ssh_add_identity(AuthenticationConnection * connection, RSA * key,
const char *comment);
......
/*
*
*
* authfile.c
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Mon Mar 27 03:52:05 1995 ylo
*
*
* This file contains functions for reading and writing identity files, and
* for reading the passphrase from the user.
*
*
*/
#include "includes.h"
RCSID("$Id: authfile.c,v 1.9 2000/04/13 02:26:36 damien Exp $");
RCSID("$Id: authfile.c,v 1.10 2000/04/16 01:18:40 damien Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
......
/*
*
*
* bufaux.c
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Wed Mar 29 02:24:47 1995 ylo
*
*
* Auxiliary functions for storing and retrieving various data types to/from
* Buffers.
*
......@@ -17,7 +17,7 @@
*/
#include "includes.h"
RCSID("$Id: bufaux.c,v 1.10 2000/04/13 02:26:36 damien Exp $");
RCSID("$Id: bufaux.c,v 1.11 2000/04/16 01:18:40 damien Exp $");
#include "ssh.h"
......
/*
*
*
* bufaux.h
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Wed Mar 29 02:18:23 1995 ylo
*
*
*/
/* RCSID("$Id: bufaux.h,v 1.4 2000/04/01 01:09:23 damien Exp $"); */
/* RCSID("$Id: bufaux.h,v 1.5 2000/04/16 01:18:40 damien Exp $"); */
#ifndef BUFAUX_H
#define BUFAUX_H
......
/*
*
*
* buffer.c
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Sat Mar 18 04:15:33 1995 ylo
*
*
* Functions for manipulating fifo buffers (that can grow if needed).
*
*
*/
#include "includes.h"
RCSID("$Id: buffer.c,v 1.4 2000/04/13 02:26:36 damien Exp $");
RCSID("$Id: buffer.c,v 1.5 2000/04/16 01:18:40 damien Exp $");
#include "xmalloc.h"
#include "buffer.h"
......@@ -22,7 +22,7 @@ RCSID("$Id: buffer.c,v 1.4 2000/04/13 02:26:36 damien Exp $");
/* Initializes the buffer structure. */
void
void
buffer_init(Buffer *buffer)
{
buffer->alloc = 4096;
......@@ -33,7 +33,7 @@ buffer_init(Buffer *buffer)
/* Frees any memory used for the buffer. */
void
void
buffer_free(Buffer *buffer)
{
memset(buffer->buf, 0, buffer->alloc);
......@@ -45,7 +45,7 @@ buffer_free(Buffer *buffer)
* zero the memory.
*/
void
void
buffer_clear(Buffer *buffer)
{
buffer->offset = 0;
......@@ -54,7 +54,7 @@ buffer_clear(Buffer *buffer)
/* Appends data to the buffer, expanding it if necessary. */
void
void
buffer_append(Buffer *buffer, const char *data, unsigned int len)
{
char *cp;
......@@ -68,7 +68,7 @@ buffer_append(Buffer *buffer, const char *data, unsigned int len)
* to the allocated region.
*/
void
void
buffer_append_space(Buffer *buffer, char **datap, unsigned int len)
{
/* If the buffer is empty, start using it from the beginning. */
......@@ -102,7 +102,7 @@ restart:
/* Returns the number of bytes of data in the buffer. */
unsigned int
unsigned int
buffer_len(Buffer *buffer)
{
return buffer->end - buffer->offset;
......@@ -110,7 +110,7 @@ buffer_len(Buffer *buffer)
/* Gets data from the beginning of the buffer. */
void
void
buffer_get(Buffer *buffer, char *buf, unsigned int len)
{
if (len > buffer->end - buffer->offset)
......@@ -121,7 +121,7 @@ buffer_get(Buffer *buffer, char *buf, unsigned int len)
/* Consumes the given number of bytes from the beginning of the buffer. */
void
void
buffer_consume(Buffer *buffer, unsigned int bytes)
{
if (bytes > buffer->end - buffer->offset)
......@@ -131,7 +131,7 @@ buffer_consume(Buffer *buffer, unsigned int bytes)
/* Consumes the given number of bytes from the end of the buffer. */
void
void
buffer_consume_end(Buffer *buffer, unsigned int bytes)
{
if (bytes > buffer->end - buffer->offset)
......@@ -149,7 +149,7 @@ buffer_ptr(Buffer *buffer)
/* Dumps the contents of the buffer to stderr. */
void
void
buffer_dump(Buffer *buffer)
{
int i;
......
/*
*
*
* canohost.c
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
*
* Created: Sun Jul 2 17:52:22 1995 ylo
*
*
* Functions for returning the canonical host name of the remote site.
*
*
*/
#include "includes.h"
RCSID("$Id: canohost.c,v 1.8 2000/03/11 09:45:41 damien Exp $");
RCSID("$Id: canohost.c,v 1.9 2000/04/16 01:18:40 damien Exp $");
#include "packet.h"
#include "xmalloc.h"
......@@ -265,7 +265,7 @@ get_sock_port(int sock, int local)
/* Returns remote/local port number for the current connection. */
int
int
get_port(int local)
{
/*
......@@ -279,13 +279,13 @@ get_port(int local)
return get_sock_port(packet_get_connection_in(), local);
}
int
int
get_peer_port(int sock)
{
return get_sock_port(sock, 0);
}
int
int
get_remote_port()
{
return get_port(0);
......
/*
*
*
* channels.c
*
*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*
*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved