diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2001-01-19 15:55:13 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-01-19 15:55:13 +0000 |
| commit | c8e30de90fc429e1ff3ad41ca71e4dccd8d82cc0 (patch) | |
| tree | 399702fc4973938c6f47bff5cbe9674747e43db0 /usr.bin | |
| parent | 89ca1809e467b574468e1fd98161130448eecf10 (diff) | |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/auth-krb4.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-options.c | 19 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-rh-rsa.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-rhosts.c | 11 | ||||
| -rw-r--r-- | usr.bin/ssh/auth-rsa.c | 14 | ||||
| -rw-r--r-- | usr.bin/ssh/auth1.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/auth2.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/channels.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/clientloop.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/dh.c | 13 | ||||
| -rw-r--r-- | usr.bin/ssh/dispatch.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/nchan.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/packet.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/pathnames.h | 104 | ||||
| -rw-r--r-- | usr.bin/ssh/readconf.c | 19 | ||||
| -rw-r--r-- | usr.bin/ssh/scp.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/serverloop.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 20 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-add.c | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 11 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keyscan.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.h | 165 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh1.h | 84 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect1.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 10 | ||||
| -rw-r--r-- | usr.bin/ssh/ttymodes.c | 3 |
28 files changed, 307 insertions, 249 deletions
diff --git a/usr.bin/ssh/auth-krb4.c b/usr.bin/ssh/auth-krb4.c index 80e8f4292c1..befd6581e93 100644 --- a/usr.bin/ssh/auth-krb4.c +++ b/usr.bin/ssh/auth-krb4.c @@ -26,9 +26,10 @@ #include "packet.h" #include "xmalloc.h" #include "ssh.h" +#include "ssh1.h" #include "servconf.h" -RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $"); +RCSID("$OpenBSD: auth-krb4.c,v 1.21 2001/01/19 15:55:10 markus Exp $"); #ifdef KRB4 char *ticket = NULL; diff --git a/usr.bin/ssh/auth-options.c b/usr.bin/ssh/auth-options.c index ef61d8df83f..b603bb994e1 100644 --- a/usr.bin/ssh/auth-options.c +++ b/usr.bin/ssh/auth-options.c @@ -10,12 +10,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.9 2001/01/19 15:55:10 markus Exp $"); #include "ssh.h" #include "packet.h" #include "xmalloc.h" #include "match.h" +#include "pathnames.h" /* Flags set authorized_keys flags */ int no_port_forwarding_flag = 0; @@ -106,9 +107,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum) } if (!*options) { debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + _PATH_SSH_USER_PERMITTED_KEYS, linenum); packet_send_debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + _PATH_SSH_USER_PERMITTED_KEYS, linenum); continue; } forced_command[i] = 0; @@ -136,9 +137,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum) } if (!*options) { debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + _PATH_SSH_USER_PERMITTED_KEYS, linenum); packet_send_debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + _PATH_SSH_USER_PERMITTED_KEYS, linenum); continue; } s[i] = 0; @@ -170,9 +171,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum) } if (!*options) { debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + _PATH_SSH_USER_PERMITTED_KEYS, linenum); packet_send_debug("%.100s, line %lu: missing end quote", - SSH_USER_PERMITTED_KEYS, linenum); + _PATH_SSH_USER_PERMITTED_KEYS, linenum); continue; } patterns[i] = 0; @@ -219,9 +220,9 @@ next_option: bad_option: log("Bad options in %.100s file, line %lu: %.50s", - SSH_USER_PERMITTED_KEYS, linenum, options); + _PATH_SSH_USER_PERMITTED_KEYS, linenum, options); packet_send_debug("Bad options in %.100s file, line %lu: %.50s", - SSH_USER_PERMITTED_KEYS, linenum, options); + _PATH_SSH_USER_PERMITTED_KEYS, linenum, options); /* deny access */ return 0; } diff --git a/usr.bin/ssh/auth-rh-rsa.c b/usr.bin/ssh/auth-rh-rsa.c index 48c075e66f3..fcbb2197384 100644 --- a/usr.bin/ssh/auth-rh-rsa.c +++ b/usr.bin/ssh/auth-rh-rsa.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.20 2001/01/19 15:55:10 markus Exp $"); #include "packet.h" #include "ssh.h" @@ -25,6 +25,7 @@ RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $"); #include <openssl/dsa.h> #include "key.h" #include "hostfile.h" +#include "pathnames.h" /* * Tries to authenticate the user using the .rhosts file and the host using @@ -59,15 +60,15 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key found = key_new(KEY_RSA1); /* Check if we know the host and its host key. */ - host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, + host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname, client_key, found, NULL); /* Check user host file unless ignored. */ if (host_status != HOST_OK && !options.ignore_user_known_hosts) { struct stat st; - char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid); + char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); /* - * Check file permissions of SSH_USER_HOSTFILE, auth_rsa() + * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa() * did already check pw->pw_dir, but there is a race XXX */ if (options.strict_modes && diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c index fb7dabe7aa3..4ee2b215f18 100644 --- a/usr.bin/ssh/auth-rhosts.c +++ b/usr.bin/ssh/auth-rhosts.c @@ -14,13 +14,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.18 2001/01/19 15:55:10 markus Exp $"); #include "packet.h" #include "ssh.h" #include "xmalloc.h" #include "uidswap.h" #include "servconf.h" +#include "pathnames.h" /* * This function processes an rhosts-style file (.rhosts, .shosts, or @@ -177,8 +178,8 @@ auth_rhosts(struct passwd *pw, const char *client_user) /* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */ if (!rhosts_files[rhosts_file_index] && - stat("/etc/hosts.equiv", &st) < 0 && - stat(SSH_HOSTS_EQUIV, &st) < 0) + stat(_PATH_RHOSTS_EQUIV, &st) < 0 && + stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) return 0; hostname = get_canonical_hostname(); @@ -192,10 +193,10 @@ auth_rhosts(struct passwd *pw, const char *client_user) hostname, ipaddr); return 1; } - if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, + if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, pw->pw_name)) { packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", - hostname, ipaddr, SSH_HOSTS_EQUIV); + hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); return 1; } } diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index 3daf4d13c56..65ff8ea208f 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -14,17 +14,19 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.34 2000/12/19 23:17:55 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.35 2001/01/19 15:55:10 markus Exp $"); #include "rsa.h" #include "packet.h" #include "xmalloc.h" #include "ssh.h" +#include "ssh1.h" #include "mpaux.h" #include "uidswap.h" #include "match.h" #include "servconf.h" #include "auth-options.h" +#include "pathnames.h" #include <openssl/rsa.h> #include <openssl/md5.h> @@ -137,7 +139,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* The authorized keys. */ snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, - SSH_USER_PERMITTED_KEYS); + _PATH_SSH_USER_PERMITTED_KEYS); /* Fail quietly if file does not exist */ if (stat(file, &st) < 0) { @@ -165,10 +167,10 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) "bad ownership or modes for '%s'.", pw->pw_name, file); fail = 1; } else { - /* Check path to SSH_USER_PERMITTED_KEYS */ + /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */ int i; static const char *check[] = { - "", SSH_USER_DIR, NULL + "", _PATH_SSH_USER_DIR, NULL }; for (i = 0; check[i]; i++) { snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]); @@ -235,9 +237,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Parse the key from the line. */ if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { debug("%.100s, line %lu: bad key syntax", - SSH_USER_PERMITTED_KEYS, linenum); + _PATH_SSH_USER_PERMITTED_KEYS, linenum); packet_send_debug("%.100s, line %lu: bad key syntax", - SSH_USER_PERMITTED_KEYS, linenum); + _PATH_SSH_USER_PERMITTED_KEYS, linenum); continue; } /* cp now points to the comment part. */ diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index eae86c408c8..254cac6a972 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -10,11 +10,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.12 2001/01/19 15:55:10 markus Exp $"); #include "xmalloc.h" #include "rsa.h" #include "ssh.h" +#include "ssh1.h" #include "packet.h" #include "buffer.h" #include "mpaux.h" diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index e3743c4d956..72ea3426058 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.28 2001/01/18 17:00:00 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.29 2001/01/19 15:55:10 markus Exp $"); #include <openssl/dsa.h> #include <openssl/rsa.h> @@ -46,6 +46,7 @@ RCSID("$OpenBSD: auth2.c,v 1.28 2001/01/18 17:00:00 markus Exp $"); #include "auth.h" #include "key.h" #include "kex.h" +#include "pathnames.h" #include "uidswap.h" #include "auth-options.h" @@ -529,7 +530,7 @@ user_key_allowed(struct passwd *pw, Key *key) /* The authorized keys. */ snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, - SSH_USER_PERMITTED_KEYS2); + _PATH_SSH_USER_PERMITTED_KEYS2); /* Fail quietly if file does not exist */ if (stat(file, &st) < 0) { @@ -557,10 +558,10 @@ user_key_allowed(struct passwd *pw, Key *key) key_type(key), pw->pw_name, file); fail = 1; } else { - /* Check path to SSH_USER_PERMITTED_KEYS */ + /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */ int i; static const char *check[] = { - "", SSH_USER_DIR, NULL + "", _PATH_SSH_USER_DIR, NULL }; for (i = 0; check[i]; i++) { snprintf(line, sizeof line, "%.500s/%.100s", diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index de027d0ef9d..2953ef6484d 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.80 2001/01/08 22:03:23 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.81 2001/01/19 15:55:10 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -54,6 +54,7 @@ RCSID("$OpenBSD: channels.c,v 1.80 2001/01/08 22:03:23 markus Exp $"); #include "nchan.h" #include "compat.h" +#include "ssh1.h" #include "ssh2.h" #include <openssl/rsa.h> diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 9079bcda8b6..beaef8c2330 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.44 2001/01/19 15:55:10 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -67,6 +67,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $"); #include "buffer.h" #include "readconf.h" +#include "ssh1.h" #include "ssh2.h" #include "compat.h" #include "channels.h" diff --git a/usr.bin/ssh/dh.c b/usr.bin/ssh/dh.c index 87a47845007..605148f908a 100644 --- a/usr.bin/ssh/dh.c +++ b/usr.bin/ssh/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $"); +RCSID("$OpenBSD: dh.c,v 1.5 2001/01/19 15:55:11 markus Exp $"); #include "xmalloc.h" @@ -35,6 +35,7 @@ RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $"); #include "buffer.h" #include "kex.h" #include "dh.h" +#include "pathnames.h" int parse_prime(int linenum, char *line, struct dhgroup *dhg) @@ -100,9 +101,9 @@ choose_dh(int minbits) int linenum; struct dhgroup dhg; - f = fopen(DH_PRIMES, "r"); + f = fopen(_PATH_DH_PRIMES, "r"); if (!f) { - log("WARNING: %s does not exist, using old prime", DH_PRIMES); + log("WARNING: %s does not exist, using old prime", _PATH_DH_PRIMES); return (dh_new_group1()); } @@ -126,13 +127,13 @@ choose_dh(int minbits) fclose (f); if (bestcount == 0) { - log("WARNING: no primes in %s, using old prime", DH_PRIMES); + log("WARNING: no primes in %s, using old prime", _PATH_DH_PRIMES); return (dh_new_group1()); } - f = fopen(DH_PRIMES, "r"); + f = fopen(_PATH_DH_PRIMES, "r"); if (!f) { - fatal("WARNING: %s dissappeared, giving up", DH_PRIMES); + fatal("WARNING: %s dissappeared, giving up", _PATH_DH_PRIMES); } linenum = 0; diff --git a/usr.bin/ssh/dispatch.c b/usr.bin/ssh/dispatch.c index db8951c1b5e..45bb47e92da 100644 --- a/usr.bin/ssh/dispatch.c +++ b/usr.bin/ssh/dispatch.c @@ -22,8 +22,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: dispatch.c,v 1.5 2000/09/21 11:25:34 markus Exp $"); +RCSID("$OpenBSD: dispatch.c,v 1.6 2001/01/19 15:55:11 markus Exp $"); #include "ssh.h" +#include "ssh1.h" #include "dispatch.h" #include "packet.h" diff --git a/usr.bin/ssh/nchan.c b/usr.bin/ssh/nchan.c index 1424fd8da36..84f3a2fdecb 100644 --- a/usr.bin/ssh/nchan.c +++ b/usr.bin/ssh/nchan.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: nchan.c,v 1.20 2000/11/06 23:04:56 markus Exp $"); +RCSID("$OpenBSD: nchan.c,v 1.21 2001/01/19 15:55:11 markus Exp $"); #include "ssh.h" @@ -32,6 +32,7 @@ RCSID("$OpenBSD: nchan.c,v 1.20 2000/11/06 23:04:56 markus Exp $"); #include "channels.h" #include "nchan.h" +#include "ssh1.h" #include "ssh2.h" #include "compat.h" diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 0db6797920d..9661e145312 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.45 2001/01/19 15:55:11 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -52,6 +52,7 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $"); #include "channels.h" #include "compat.h" +#include "ssh1.h" #include "ssh2.h" #include <openssl/bn.h> diff --git a/usr.bin/ssh/pathnames.h b/usr.bin/ssh/pathnames.h new file mode 100644 index 00000000000..6cbd6f73ff7 --- /dev/null +++ b/usr.bin/ssh/pathnames.h @@ -0,0 +1,104 @@ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#define ETCDIR "/etc" +#define _PATH_SSH_PIDDIR "/var/run" + +/* + * System-wide file containing host keys of known hosts. This file should be + * world-readable. + */ +#define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" +#define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2" + +/* + * Of these, ssh_host_key must be readable only by root, whereas ssh_config + * should be world-readable. + */ +#define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key" +#define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config" +#define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config" +#define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key" +#define _PATH_DH_PRIMES ETCDIR "/primes" + +#define _PATH_SSH_PROGRAM "/usr/bin/ssh" + +/* + * The process id of the daemon listening for connections is saved here to + * make it easier to kill the correct daemon when necessary. + */ +#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid" + +/* + * The directory in user\'s home directory in which the files reside. The + * directory should be world-readable (though not all files are). + */ +#define _PATH_SSH_USER_DIR ".ssh" + +/* + * Per-user file containing host keys of known hosts. This file need not be + * readable by anyone except the user him/herself, though this does not + * contain anything particularly secret. + */ +#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts" +#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" + +/* + * Name of the default file containing client-side authentication key. This + * file should only be readable by the user him/herself. + */ +#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity" +#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa" +#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa" + +/* + * Configuration file in user\'s home directory. This file need not be + * readable by anyone but the user him/herself, but does not contain anything + * particularly secret. If the user\'s home directory resides on an NFS + * volume where root is mapped to nobody, this may need to be world-readable. + */ +#define _PATH_SSH_USER_CONFFILE ".ssh/config" + +/* + * File containing a list of those rsa keys that permit logging in as this + * user. This file need not be readable by anyone but the user him/herself, + * but does not contain anything particularly secret. If the user\'s home + * directory resides on an NFS volume where root is mapped to nobody, this + * may need to be world-readable. (This file is read by the daemon which is + * running as root.) + */ +#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" +#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" + +/* + * Per-user and system-wide ssh "rc" files. These files are executed with + * /bin/sh before starting the shell or command if they exist. They will be + * passed "proto cookie" as arguments if X11 forwarding with spoofing is in + * use. xauth will be run if neither of these exists. + */ +#define _PATH_SSH_USER_RC ".ssh/rc" +#define _PATH_SSH_SYSTEM_RC ETCDIR "/sshrc" + +/* + * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use + * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. + */ +#define _PATH_SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv" +#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv" + +/* + * Default location of askpass + */ +#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass" + +/* for scp */ +#define _PATH_CP "cp" diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 34eb3160d9a..f6fa869a8e7 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,13 +12,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.54 2001/01/18 16:20:22 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.55 2001/01/19 15:55:11 markus Exp $"); #include "ssh.h" #include "readconf.h" #include "match.h" #include "xmalloc.h" #include "compat.h" +#include "pathnames.h" /* Format of the configuration file: @@ -780,27 +781,27 @@ fill_default_options(Options * options) if (options->num_identity_files == 0) { if (options->protocol & SSH_PROTO_1) { options->identity_files[options->num_identity_files] = - xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1); + xmalloc(2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1); sprintf(options->identity_files[options->num_identity_files++], - "~/%.100s", SSH_CLIENT_IDENTITY); + "~/%.100s", _PATH_SSH_CLIENT_IDENTITY); } if (options->protocol & SSH_PROTO_2) { options->identity_files[options->num_identity_files] = - xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1); + xmalloc(2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1); sprintf(options->identity_files[options->num_identity_files++], - "~/%.100s", SSH_CLIENT_ID_DSA); + "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); } } if (options->escape_char == -1) options->escape_char = '~'; if (options->system_hostfile == NULL) - options->system_hostfile = SSH_SYSTEM_HOSTFILE; + options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE; if (options->user_hostfile == NULL) - options->user_hostfile = SSH_USER_HOSTFILE; + options->user_hostfile = _PATH_SSH_USER_HOSTFILE; if (options->system_hostfile2 == NULL) - options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2; + options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2; if (options->user_hostfile2 == NULL) - options->user_hostfile2 = SSH_USER_HOSTFILE2; + options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2; if (options->log_level == (LogLevel) - 1) options->log_level = SYSLOG_LEVEL_INFO; /* options->proxy_command should not be set by default */ diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index 5e3f70e88e5..806115bfae2 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -75,12 +75,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.50 2001/01/19 15:55:11 markus Exp $"); #include "ssh.h" #include "xmalloc.h" - -#define _PATH_CP "cp" +#include "pathnames.h" /* For progressmeter() -- number of seconds before xfer considered "stalled" */ #define STALLTIME 5 @@ -114,7 +113,7 @@ int verbose_mode = 0; int showprogress = 1; /* This is the program to execute for the secured connection. ("ssh" or -S) */ -char *ssh_program = SSH_PROGRAM; +char *ssh_program = _PATH_SSH_PROGRAM; /* This is the list of arguments that scp passes to ssh */ struct { diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 801267b4853..3da10ff2ddd 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -10,12 +10,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.59 2001/01/19 12:45:26 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.60 2001/01/19 15:55:11 markus Exp $"); #include "ssh.h" #include "servconf.h" #include "xmalloc.h" #include "compat.h" +#include "pathnames.h" /* add listen address */ void add_listen_addr(ServerOptions *options, char *addr); @@ -87,16 +88,16 @@ fill_default_server_options(ServerOptions *options) if (options->num_host_key_files == 0) { /* fill default hostkeys for protocols */ if (options->protocol & SSH_PROTO_1) - options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE; + options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE; if (options->protocol & SSH_PROTO_2) - options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE; + options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; } if (options->num_ports == 0) options->ports[options->num_ports++] = SSH_DEFAULT_PORT; if (options->listen_addrs == NULL) add_listen_addr(options, NULL); if (options->pid_file == NULL) - options->pid_file = SSH_DAEMON_PID_FILE; + options->pid_file = _PATH_SSH_DAEMON_PID_FILE; if (options->server_key_bits == -1) options->server_key_bits = 768; if (options->login_grace_time == -1) diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 2a4da54ff1d..a7d21fbcad4 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.40 2001/01/18 17:00:00 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.41 2001/01/19 15:55:11 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -46,6 +46,7 @@ RCSID("$OpenBSD: serverloop.c,v 1.40 2001/01/18 17:00:00 markus Exp $"); #include "channels.h" #include "compat.h" +#include "ssh1.h" #include "ssh2.h" #include "auth.h" #include "session.h" diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 318095cbfb4..64a0a6e8a71 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.49 2001/01/18 17:00:00 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.50 2001/01/19 15:55:11 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -48,9 +48,11 @@ RCSID("$OpenBSD: session.c,v 1.49 2001/01/18 17:00:00 markus Exp $"); #include "nchan.h" #include "bufaux.h" +#include "ssh1.h" #include "ssh2.h" #include "auth.h" #include "auth-options.h" +#include "pathnames.h" #ifdef HAVE_LOGIN_CAP #include <login_cap.h> @@ -1011,28 +1013,28 @@ do_child(const char *command, struct passwd * pw, const char *term, * in this order). */ if (!options.use_login) { - if (stat(SSH_USER_RC, &st) >= 0) { + if (stat(_PATH_SSH_USER_RC, &st) >= 0) { if (debug_flag) - fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC); + fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_USER_RC); - f = popen(_PATH_BSHELL " " SSH_USER_RC, "w"); + f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w"); if (f) { if (auth_proto != NULL && auth_data != NULL) fprintf(f, "%s %s\n", auth_proto, auth_data); pclose(f); } else - fprintf(stderr, "Could not run %s\n", SSH_USER_RC); - } else if (stat(SSH_SYSTEM_RC, &st) >= 0) { + fprintf(stderr, "Could not run %s\n", _PATH_SSH_USER_RC); + } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) { if (debug_flag) - fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC); + fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_SYSTEM_RC); - f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w"); + f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w"); if (f) { if (auth_proto != NULL && auth_data != NULL) fprintf(f, "%s %s\n", auth_proto, auth_data); pclose(f); } else - fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC); + fprintf(stderr, "Could not run %s\n", _PATH_SSH_SYSTEM_RC); } else if (options.xauth_location != NULL) { /* Add authority data to .Xauthority if appropriate. */ if (auth_proto != NULL && auth_data != NULL) { diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index e947e6205ef..5c47856ea13 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.25 2001/01/19 15:55:11 markus Exp $"); #include <openssl/evp.h> #include <openssl/rsa.h> @@ -47,6 +47,7 @@ RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $"); #include "key.h" #include "authfd.h" #include "authfile.h" +#include "pathnames.h" void delete_file(AuthenticationConnection *ac, const char *filename) @@ -158,7 +159,7 @@ add_file(AuthenticationConnection *ac, const char *filename) if (getenv(SSH_ASKPASS_ENV)) askpass = getenv(SSH_ASKPASS_ENV); else - askpass = SSH_ASKPASS_DEFAULT; + askpass = _PATH_SSH_ASKPASS_DEFAULT; } /* At first, try empty passphrase */ @@ -280,7 +281,7 @@ main(int argc, char **argv) ssh_close_authentication_connection(ac); exit(1); } - snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); + snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY); if (deleting) delete_file(ac, buf); else diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 034086c3c31..66406d9cb48 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.40 2001/01/19 15:55:11 markus Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -28,6 +28,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $"); #include "buffer.h" #include "bufaux.h" +#include "pathnames.h" /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ int bits = 1024; @@ -83,13 +84,13 @@ ask_filename(struct passwd *pw, const char *prompt) switch (key_type_from_name(key_type_name)) { case KEY_RSA1: - name = SSH_CLIENT_IDENTITY; + name = _PATH_SSH_CLIENT_IDENTITY; break; case KEY_DSA: - name = SSH_CLIENT_ID_DSA; + name = _PATH_SSH_CLIENT_ID_DSA; break; case KEY_RSA: - name = SSH_CLIENT_ID_RSA; + name = _PATH_SSH_CLIENT_ID_RSA; break; default: fprintf(stderr, "bad key type"); @@ -750,7 +751,7 @@ main(int ac, char **av) ask_filename(pw, "Enter file in which to save the key"); /* Create ~/.ssh directory if it doesn\'t already exist. */ - snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR); + snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); if (strstr(identity_file, dotsshdir) != NULL && stat(dotsshdir, &st) < 0) { if (mkdir(dotsshdir, 0700) < 0) diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index 068ffca01a2..e6d2bbb0f12 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.10 2001/01/19 15:55:11 markus Exp $"); #include <sys/queue.h> #include <errno.h> @@ -19,6 +19,7 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $"); #include "xmalloc.h" #include "ssh.h" +#include "ssh1.h" #include "key.h" #include "buffer.h" #include "bufaux.h" diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 5cd59287660..110f51ef1b4 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.83 2001/01/19 15:55:11 markus Exp $"); #include <openssl/evp.h> #include <openssl/dsa.h> @@ -53,12 +53,14 @@ RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $"); #include "readconf.h" #include "uidswap.h" +#include "ssh1.h" #include "ssh2.h" #include "compat.h" #include "channels.h" #include "key.h" #include "authfd.h" #include "authfile.h" +#include "pathnames.h" #include "clientloop.h" extern char *__progname; @@ -531,11 +533,11 @@ main(int ac, char **av) log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); /* Read per-user configuration file. */ - snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE); + snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE); read_config_file(buf, host, &options); /* Read systemwide configuration file. */ - read_config_file(HOST_CONFIG_FILE, host, &options); + read_config_file(_PATH_HOST_CONFIG_FILE, host, &options); /* Fill configuration defaults. */ fill_default_options(&options); @@ -595,7 +597,7 @@ main(int ac, char **av) host_private_key = RSA_new(); k.type = KEY_RSA1; k.rsa = host_private_key; - if (load_private_key(HOST_KEY_FILE, "", &k, NULL)) + if (load_private_key(_PATH_HOST_KEY_FILE, "", &k, NULL)) host_private_key_loaded = 1; } /* @@ -619,7 +621,7 @@ main(int ac, char **av) * Now that we are back to our own permissions, create ~/.ssh * directory if it doesn\'t already exist. */ - snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR); + snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_DIR); if (stat(buf, &st) < 0) if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index c80a2a2d52a..6dffccbd6b2 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -12,7 +12,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: ssh.h,v 1.59 2001/01/19 12:45:27 markus Exp $"); */ +/* RCSID("$OpenBSD: ssh.h,v 1.60 2001/01/19 15:55:11 markus Exp $"); */ #ifndef SSH_H #define SSH_H @@ -55,107 +55,21 @@ */ #define SSH_SERVICE_NAME "ssh" -#define ETCDIR "/etc" -#define PIDDIR "/var/run" - -/* - * System-wide file containing host keys of known hosts. This file should be - * world-readable. - */ -#define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" -#define SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2" - -/* - * Of these, ssh_host_key must be readable only by root, whereas ssh_config - * should be world-readable. - */ -#define HOST_KEY_FILE ETCDIR "/ssh_host_key" -#define SERVER_CONFIG_FILE ETCDIR "/sshd_config" -#define HOST_CONFIG_FILE ETCDIR "/ssh_config" -#define HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key" -#define DH_PRIMES ETCDIR "/primes" - -#define SSH_PROGRAM "/usr/bin/ssh" - -/* - * The process id of the daemon listening for connections is saved here to - * make it easier to kill the correct daemon when necessary. - */ -#define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid" - -/* - * The directory in user\'s home directory in which the files reside. The - * directory should be world-readable (though not all files are). - */ -#define SSH_USER_DIR ".ssh" - -/* - * Per-user file containing host keys of known hosts. This file need not be - * readable by anyone except the user him/herself, though this does not - * contain anything particularly secret. - */ -#define SSH_USER_HOSTFILE "~/.ssh/known_hosts" -#define SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" - -/* - * Name of the default file containing client-side authentication key. This - * file should only be readable by the user him/herself. - */ -#define SSH_CLIENT_IDENTITY ".ssh/identity" -#define SSH_CLIENT_ID_DSA ".ssh/id_dsa" -#define SSH_CLIENT_ID_RSA ".ssh/id_rsa" - -/* - * Configuration file in user\'s home directory. This file need not be - * readable by anyone but the user him/herself, but does not contain anything - * particularly secret. If the user\'s home directory resides on an NFS - * volume where root is mapped to nobody, this may need to be world-readable. - */ -#define SSH_USER_CONFFILE ".ssh/config" - -/* - * File containing a list of those rsa keys that permit logging in as this - * user. This file need not be readable by anyone but the user him/herself, - * but does not contain anything particularly secret. If the user\'s home - * directory resides on an NFS volume where root is mapped to nobody, this - * may need to be world-readable. (This file is read by the daemon which is - * running as root.) - */ -#define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" -#define SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" - -/* - * Per-user and system-wide ssh "rc" files. These files are executed with - * /bin/sh before starting the shell or command if they exist. They will be - * passed "proto cookie" as arguments if X11 forwarding with spoofing is in - * use. xauth will be run if neither of these exists. - */ -#define SSH_USER_RC ".ssh/rc" -#define SSH_SYSTEM_RC ETCDIR "/sshrc" - -/* - * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use - * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. - */ -#define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv" - /* * Name of the environment variable containing the pathname of the * authentication socket. */ -#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" +#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" /* * Name of the environment variable containing the pathname of the * authentication socket. */ -#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" +#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" /* - * Default path to ssh-askpass used by ssh-add, - * environment variable for overwriting the default location + * Environment variable for overwriting the default location of askpass */ -#define SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass" #define SSH_ASKPASS_ENV "SSH_ASKPASS" /* @@ -173,77 +87,6 @@ /* Name of Kerberos service for SSH to use. */ #define KRB4_SERVICE_NAME "rcmd" -/* - * Authentication methods. New types can be added, but old types should not - * be removed for compatibility. The maximum allowed value is 31. - */ -#define SSH_AUTH_RHOSTS 1 -#define SSH_AUTH_RSA 2 -#define SSH_AUTH_PASSWORD 3 -#define SSH_AUTH_RHOSTS_RSA 4 -#define SSH_AUTH_TIS 5 -#define SSH_AUTH_KERBEROS 6 -#define SSH_PASS_KERBEROS_TGT 7 - /* 8 to 15 are reserved */ -#define SSH_PASS_AFS_TOKEN 21 - -/* Protocol flags. These are bit masks. */ -#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ -#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */ - -/* - * Definition of message types. New values can be added, but old values - * should not be removed or without careful consideration of the consequences - * for compatibility. The maximum value is 254; value 255 is reserved for - * future extension. - */ -/* Message name */ /* msg code */ /* arguments */ -#define SSH_MSG_NONE 0 /* no message */ -#define SSH_MSG_DISCONNECT 1 /* cause (string) */ -#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ -#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */ -#define SSH_CMSG_USER 4 /* user (string) */ -#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */ -#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */ -#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */ -#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */ -#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */ -#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ -#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ -#define SSH_CMSG_EXEC_SHELL 12 /* */ -#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */ -#define SSH_SMSG_SUCCESS 14 /* */ -#define SSH_SMSG_FAILURE 15 /* */ -#define SSH_CMSG_STDIN_DATA 16 /* data (string) */ -#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */ -#define SSH_SMSG_STDERR_DATA 18 /* data (string) */ -#define SSH_CMSG_EOF 19 /* */ -#define SSH_SMSG_EXITSTATUS 20 /* status (int) */ -#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */ -#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */ -#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */ -#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */ -#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */ -/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ -#define SSH_SMSG_X11_OPEN 27 /* channel (int) */ -#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */ -#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */ -#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */ -#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */ -#define SSH_MSG_IGNORE 32 /* string */ -#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */ -#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */ -#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */ -#define SSH_MSG_DEBUG 36 /* string */ -#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */ -#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */ -#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */ -#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */ -#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */ -#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */ -#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */ -#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ -#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ /*------------ definitions for login.c -------------*/ diff --git a/usr.bin/ssh/ssh1.h b/usr.bin/ssh/ssh1.h new file mode 100644 index 00000000000..a7782cebb3c --- /dev/null +++ b/usr.bin/ssh/ssh1.h @@ -0,0 +1,84 @@ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +/* + * Definition of message types. New values can be added, but old values + * should not be removed or without careful consideration of the consequences + * for compatibility. The maximum value is 254; value 255 is reserved for + * future extension. + */ +/* Message name */ /* msg code */ /* arguments */ +#define SSH_MSG_NONE 0 /* no message */ +#define SSH_MSG_DISCONNECT 1 /* cause (string) */ +#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ +#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */ +#define SSH_CMSG_USER 4 /* user (string) */ +#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */ +#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */ +#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */ +#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */ +#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */ +#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ +#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ +#define SSH_CMSG_EXEC_SHELL 12 /* */ +#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */ +#define SSH_SMSG_SUCCESS 14 /* */ +#define SSH_SMSG_FAILURE 15 /* */ +#define SSH_CMSG_STDIN_DATA 16 /* data (string) */ +#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */ +#define SSH_SMSG_STDERR_DATA 18 /* data (string) */ +#define SSH_CMSG_EOF 19 /* */ +#define SSH_SMSG_EXITSTATUS 20 /* status (int) */ +#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */ +#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */ +#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */ +#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */ +#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */ +/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ +#define SSH_SMSG_X11_OPEN 27 /* channel (int) */ +#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */ +#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */ +#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */ +#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */ +#define SSH_MSG_IGNORE 32 /* string */ +#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */ +#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */ +#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */ +#define SSH_MSG_DEBUG 36 /* string */ +#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */ +#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */ +#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */ +#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */ +#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */ +#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */ +#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */ +#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ +#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ + +/* + * Authentication methods. New types can be added, but old types should not + * be removed for compatibility. The maximum allowed value is 31. + */ +#define SSH_AUTH_RHOSTS 1 +#define SSH_AUTH_RSA 2 +#define SSH_AUTH_PASSWORD 3 +#define SSH_AUTH_RHOSTS_RSA 4 +#define SSH_AUTH_TIS 5 +#define SSH_AUTH_KERBEROS 6 +#define SSH_PASS_KERBEROS_TGT 7 + /* 8 to 15 are reserved */ +#define SSH_PASS_AFS_TOKEN 21 + +/* Protocol flags. These are bit masks. */ +#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ +#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */ + diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index b2d4e57bfbb..ecfdfe5d6c0 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.16 2001/01/18 17:00:00 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.17 2001/01/19 15:55:12 markus Exp $"); #include <openssl/bn.h> #include <openssl/dsa.h> @@ -23,6 +23,7 @@ RCSID("$OpenBSD: sshconnect1.c,v 1.16 2001/01/18 17:00:00 markus Exp $"); #include "xmalloc.h" #include "rsa.h" #include "ssh.h" +#include "ssh1.h" #include "buffer.h" #include "packet.h" #include "mpaux.h" diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 41df30d5ea0..9148f0f7af7 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.153 2001/01/19 12:45:27 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.154 2001/01/19 15:55:12 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -53,6 +53,7 @@ RCSID("$OpenBSD: sshd.c,v 1.153 2001/01/19 12:45:27 markus Exp $"); #include "compat.h" #include "buffer.h" +#include "ssh1.h" #include "ssh2.h" #include <openssl/dh.h> #include <openssl/bn.h> @@ -66,6 +67,7 @@ RCSID("$OpenBSD: sshd.c,v 1.153 2001/01/19 12:45:27 markus Exp $"); #include "auth.h" #include "myproposal.h" #include "authfile.h" +#include "pathnames.h" #ifdef LIBWRAP #include <tcpd.h> @@ -84,7 +86,7 @@ extern char *__progname; ServerOptions options; /* Name of the server configuration file. */ -char *config_file_name = SERVER_CONFIG_FILE; +char *config_file_name = _PATH_SERVER_CONFIG_FILE; /* * Flag indicating whether IPv4 or IPv6. This can be set on the command line. @@ -630,7 +632,7 @@ main(int ac, char **av) fprintf(stderr, "sshd version %s\n", SSH_VERSION); fprintf(stderr, "Usage: %s [options]\n", __progname); fprintf(stderr, "Options:\n"); - fprintf(stderr, " -f file Configuration file (default %s)\n", SERVER_CONFIG_FILE); + fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE); fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n"); fprintf(stderr, " -i Started from inetd\n"); fprintf(stderr, " -D Do not fork into daemon mode\n"); @@ -640,7 +642,7 @@ main(int ac, char **av) fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n"); fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n"); fprintf(stderr, " -h file File from which to read host key (default: %s)\n", - HOST_KEY_FILE); + _PATH_HOST_KEY_FILE); fprintf(stderr, " -u len Maximum hostname length for utmp recording\n"); fprintf(stderr, " -4 Use IPv4 only\n"); fprintf(stderr, " -6 Use IPv6 only\n"); diff --git a/usr.bin/ssh/ttymodes.c b/usr.bin/ssh/ttymodes.c index a7a3e930108..68d38614621 100644 --- a/usr.bin/ssh/ttymodes.c +++ b/usr.bin/ssh/ttymodes.c @@ -15,10 +15,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: ttymodes.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $"); +RCSID("$OpenBSD: ttymodes.c,v 1.9 2001/01/19 15:55:12 markus Exp $"); #include "packet.h" #include "ssh.h" +#include "ssh1.h" #define TTY_OP_END 0 #define TTY_OP_ISPEED 192 /* int follows */ |