diff options
Diffstat (limited to 'usr.bin/ssh')
80 files changed, 680 insertions, 516 deletions
diff --git a/usr.bin/ssh/atomicio.c b/usr.bin/ssh/atomicio.c index 744ccc7a50f..8ccce3986d5 100644 --- a/usr.bin/ssh/atomicio.c +++ b/usr.bin/ssh/atomicio.c @@ -24,10 +24,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $"); +RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $"); #include "xmalloc.h" -#include "ssh.h" +#include "atomicio.h" /* * ensure all of data on socket comes through. f==read || f==write diff --git a/usr.bin/ssh/atomicio.h b/usr.bin/ssh/atomicio.h new file mode 100644 index 00000000000..15fc025c332 --- /dev/null +++ b/usr.bin/ssh/atomicio.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 1995,1999 Theo de Raadt + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Ensure all of data on socket comes through. f==read || f==write + */ +ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); diff --git a/usr.bin/ssh/auth-chall.c b/usr.bin/ssh/auth-chall.c index e99ddb39f9f..b8b0c5d1ed3 100644 --- a/usr.bin/ssh/auth-chall.c +++ b/usr.bin/ssh/auth-chall.c @@ -23,9 +23,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $"); +RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $"); -#include "ssh.h" #include "auth.h" #ifdef SKEY diff --git a/usr.bin/ssh/auth-krb4.c b/usr.bin/ssh/auth-krb4.c index befd6581e93..b23f393e608 100644 --- a/usr.bin/ssh/auth-krb4.c +++ b/usr.bin/ssh/auth-krb4.c @@ -23,13 +23,16 @@ */ #include "includes.h" -#include "packet.h" -#include "xmalloc.h" +RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $"); + #include "ssh.h" #include "ssh1.h" +#include "packet.h" +#include "xmalloc.h" +#include "log.h" #include "servconf.h" - -RCSID("$OpenBSD: auth-krb4.c,v 1.21 2001/01/19 15:55:10 markus Exp $"); +#include "auth.h" +#include "radix.h" #ifdef KRB4 char *ticket = NULL; diff --git a/usr.bin/ssh/auth-options.c b/usr.bin/ssh/auth-options.c index 5a830bfa403..5457d9b149c 100644 --- a/usr.bin/ssh/auth-options.c +++ b/usr.bin/ssh/auth-options.c @@ -10,12 +10,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.10 2001/01/20 15:55:20 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $"); -#include "ssh.h" #include "packet.h" #include "xmalloc.h" #include "match.h" +#include "log.h" +#include "canohost.h" +#include "auth-options.h" /* Flags set authorized_keys flags */ int no_port_forwarding_flag = 0; diff --git a/usr.bin/ssh/auth-options.h b/usr.bin/ssh/auth-options.h index 0808673e6ad..8ee26949103 100644 --- a/usr.bin/ssh/auth-options.h +++ b/usr.bin/ssh/auth-options.h @@ -11,10 +11,17 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* $OpenBSD: auth-options.h,v 1.7 2001/01/20 15:55:20 markus Exp $ */ +/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */ #ifndef AUTH_OPTIONS_H #define AUTH_OPTIONS_H + +/* Linked list of custom environment strings */ +struct envstring { + struct envstring *next; + char *s; +}; + /* Flags that may be set in authorized_keys options. */ extern int no_port_forwarding_flag; extern int no_agent_forwarding_flag; diff --git a/usr.bin/ssh/auth-passwd.c b/usr.bin/ssh/auth-passwd.c index 409c3462521..74590dfdad7 100644 --- a/usr.bin/ssh/auth-passwd.c +++ b/usr.bin/ssh/auth-passwd.c @@ -36,13 +36,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $"); #include "packet.h" -#include "ssh.h" -#include "servconf.h" #include "xmalloc.h" - +#include "log.h" +#include "servconf.h" #include "auth.h" /* diff --git a/usr.bin/ssh/auth-rh-rsa.c b/usr.bin/ssh/auth-rh-rsa.c index fcbb2197384..87d51549d20 100644 --- a/usr.bin/ssh/auth-rh-rsa.c +++ b/usr.bin/ssh/auth-rh-rsa.c @@ -13,19 +13,19 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.20 2001/01/19 15:55:10 markus Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $"); #include "packet.h" -#include "ssh.h" #include "xmalloc.h" #include "uidswap.h" +#include "log.h" #include "servconf.h" - -#include <openssl/rsa.h> -#include <openssl/dsa.h> #include "key.h" #include "hostfile.h" #include "pathnames.h" +#include "auth.h" +#include "tildexpand.h" +#include "canohost.h" /* * Tries to authenticate the user using the .rhosts file and the host using diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c index 4ee2b215f18..4f9ea886d47 100644 --- a/usr.bin/ssh/auth-rhosts.c +++ b/usr.bin/ssh/auth-rhosts.c @@ -14,14 +14,15 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.18 2001/01/19 15:55:10 markus Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $"); #include "packet.h" -#include "ssh.h" #include "xmalloc.h" #include "uidswap.h" -#include "servconf.h" #include "pathnames.h" +#include "log.h" +#include "servconf.h" +#include "canohost.h" /* * This function processes an rhosts-style file (.rhosts, .shosts, or diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index dc39995a7b3..ee71655f364 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -14,23 +14,23 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.37 2001/01/20 17:34:25 markus Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.38 2001/01/21 19:05:42 markus Exp $"); + +#include <openssl/rsa.h> +#include <openssl/md5.h> #include "rsa.h" #include "packet.h" #include "xmalloc.h" -#include "ssh.h" #include "ssh1.h" #include "mpaux.h" #include "uidswap.h" #include "match.h" -#include "servconf.h" #include "auth-options.h" #include "pathnames.h" - -#include <openssl/rsa.h> -#include <openssl/md5.h> - +#include "log.h" +#include "servconf.h" +#include "auth.h" /* import */ extern ServerOptions options; diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index 34df2ff5364..450250e28d4 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -23,16 +23,16 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.14 2001/01/21 19:05:43 markus Exp $"); #include "xmalloc.h" -#include "ssh.h" #include "match.h" -#include "servconf.h" #include "groupaccess.h" - +#include "log.h" +#include "servconf.h" #include "auth.h" #include "auth-options.h" +#include "canohost.h" /* import */ extern ServerOptions options; diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index 65ba95997f2..6b4efebe4c9 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -21,11 +21,13 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $OpenBSD: auth.h,v 1.9 2001/01/18 16:59:59 markus Exp $ + * $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $ */ #ifndef AUTH_H #define AUTH_H +#include <openssl/rsa.h> + typedef struct Authctxt Authctxt; struct Authctxt { int success; @@ -39,6 +41,68 @@ struct Authctxt { char *style; }; +/* + * Tries to authenticate the user using the .rhosts file. Returns true if + * authentication succeeds. If ignore_rhosts is non-zero, this will not + * consider .rhosts and .shosts (/etc/hosts.equiv will still be used). + */ +int auth_rhosts(struct passwd * pw, const char *client_user); + +/* + * Tries to authenticate the user using the .rhosts file and the host using + * its host key. Returns true if authentication succeeds. + */ +int +auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); + +/* + * Tries to authenticate the user using password. Returns true if + * authentication succeeds. + */ +int auth_password(struct passwd * pw, const char *password); + +/* + * Performs the RSA authentication dialog with the client. This returns 0 if + * the client could not be authenticated, and 1 if authentication was + * successful. This may exit if there is a serious protocol violation. + */ +int auth_rsa(struct passwd * pw, BIGNUM * client_n); + +/* + * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer + * over the key. Skips any whitespace at the beginning and at end. + */ +int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n); + +/* + * Performs the RSA authentication challenge-response dialog with the client, + * and returns true (non-zero) if the client gave the correct answer to our + * challenge; returns zero if the client gives a wrong answer. + */ +int auth_rsa_challenge_dialog(RSA *pk); + +#ifdef KRB4 +#include <krb.h> +/* + * Performs Kerberos v4 mutual authentication with the client. This returns 0 + * if the client could not be authenticated, and 1 if authentication was + * successful. This may exit if there is a serious protocol violation. + */ +int auth_krb4(const char *server_user, KTEXT auth, char **client); +int krb4_init(uid_t uid); +void krb4_cleanup_proc(void *ignore); +int auth_krb4_password(struct passwd * pw, const char *password); + +#ifdef AFS +#include <kafs.h> + +/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ +int auth_kerberos_tgt(struct passwd * pw, const char *string); +int auth_afs_token(struct passwd * pw, const char *token_string); +#endif /* AFS */ + +#endif /* KRB4 */ + void do_authentication(void); void do_authentication2(void); diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index 254cac6a972..cba6085afc3 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -10,15 +10,15 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.12 2001/01/19 15:55:10 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $"); #include "xmalloc.h" #include "rsa.h" -#include "ssh.h" #include "ssh1.h" #include "packet.h" #include "buffer.h" #include "mpaux.h" +#include "log.h" #include "servconf.h" #include "compat.h" #include "auth.h" diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c index 77294f4b895..39dc285b9a8 100644 --- a/usr.bin/ssh/auth2-chall.c +++ b/usr.bin/ssh/auth2-chall.c @@ -22,14 +22,14 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.1 2001/01/18 17:12:43 markus Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.2 2001/01/21 19:05:43 markus Exp $"); -#include "ssh.h" #include "ssh2.h" #include "auth.h" #include "packet.h" #include "xmalloc.h" #include "dispatch.h" +#include "log.h" void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo); void input_userauth_info_response(int type, int plen, void *ctxt); diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 52cee38f9b6..d6aa7f3e51f 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -23,28 +23,28 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.31 2001/01/20 17:34:25 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $"); -#include <openssl/dsa.h> -#include <openssl/rsa.h> #include <openssl/evp.h> +#include "ssh2.h" #include "xmalloc.h" #include "rsa.h" -#include "ssh.h" #include "pty.h" #include "packet.h" #include "buffer.h" +#include "log.h" #include "servconf.h" #include "compat.h" #include "channels.h" #include "bufaux.h" -#include "ssh2.h" #include "auth.h" #include "session.h" #include "dispatch.h" #include "auth.h" #include "key.h" +#include "cipher.h" +#include "kex.h" #include "kex.h" #include "pathnames.h" diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c index 7fa9080ca48..2ee8479b02c 100644 --- a/usr.bin/ssh/authfd.c +++ b/usr.bin/ssh/authfd.c @@ -35,7 +35,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.33 2001/01/21 19:05:44 markus Exp $"); + +#include <openssl/evp.h> #include "ssh.h" #include "rsa.h" @@ -43,14 +45,14 @@ RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $"); #include "bufaux.h" #include "xmalloc.h" #include "getput.h" - -#include <openssl/rsa.h> -#include <openssl/dsa.h> -#include <openssl/evp.h> #include "key.h" #include "authfd.h" +#include "cipher.h" #include "kex.h" #include "compat.h" +#include "log.h" +#include "atomicio.h" +#include "authfd.h" /* helper */ int decode_reply(int type); diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c index f9b920334ea..0bc33b0ef83 100644 --- a/usr.bin/ssh/authfile.c +++ b/usr.bin/ssh/authfile.c @@ -36,20 +36,19 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.24 2000/12/20 19:26:56 markus Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.25 2001/01/21 19:05:44 markus Exp $"); -#include <openssl/bn.h> -#include <openssl/dsa.h> -#include <openssl/rsa.h> #include <openssl/err.h> -#include <openssl/pem.h> #include <openssl/evp.h> +#include <openssl/pem.h> +#include "cipher.h" #include "xmalloc.h" #include "buffer.h" #include "bufaux.h" -#include "ssh.h" #include "key.h" +#include "ssh.h" +#include "log.h" /* Version identification string for identity files. */ #define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n" diff --git a/usr.bin/ssh/bufaux.c b/usr.bin/ssh/bufaux.c index 2d20ad6db77..8970ba13721 100644 --- a/usr.bin/ssh/bufaux.c +++ b/usr.bin/ssh/bufaux.c @@ -37,13 +37,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.17 2001/01/21 19:05:45 markus Exp $"); -#include "ssh.h" #include <openssl/bn.h> #include "bufaux.h" #include "xmalloc.h" #include "getput.h" +#include "log.h" /* * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed diff --git a/usr.bin/ssh/bufaux.h b/usr.bin/ssh/bufaux.h index ec4300227b5..8902ec2a8a0 100644 --- a/usr.bin/ssh/bufaux.h +++ b/usr.bin/ssh/bufaux.h @@ -10,12 +10,13 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: bufaux.h,v 1.10 2001/01/10 22:56:22 markus Exp $"); */ +/* RCSID("$OpenBSD: bufaux.h,v 1.11 2001/01/21 19:05:45 markus Exp $"); */ #ifndef BUFAUX_H #define BUFAUX_H #include "buffer.h" +#include <openssl/bn.h> /* * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed diff --git a/usr.bin/ssh/buffer.c b/usr.bin/ssh/buffer.c index 668c173839f..0a8a4aa3599 100644 --- a/usr.bin/ssh/buffer.c +++ b/usr.bin/ssh/buffer.c @@ -12,11 +12,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.9 2000/12/19 23:17:55 markus Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.10 2001/01/21 19:05:45 markus Exp $"); #include "xmalloc.h" #include "buffer.h" -#include "ssh.h" +#include "log.h" /* Initializes the buffer structure. */ diff --git a/usr.bin/ssh/canohost.c b/usr.bin/ssh/canohost.c index 01823fb9167..ceb840050de 100644 --- a/usr.bin/ssh/canohost.c +++ b/usr.bin/ssh/canohost.c @@ -12,11 +12,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.17 2000/12/19 23:17:55 markus Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.18 2001/01/21 19:05:45 markus Exp $"); #include "packet.h" #include "xmalloc.h" -#include "ssh.h" +#include "log.h" /* * Return the canonical name of the host at the other end of the socket. The diff --git a/usr.bin/ssh/canohost.h b/usr.bin/ssh/canohost.h new file mode 100644 index 00000000000..572adb037af --- /dev/null +++ b/usr.bin/ssh/canohost.h @@ -0,0 +1,36 @@ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +/* + * Returns the name of the machine at the other end of the socket. The + * returned string should be freed by the caller. + */ +char *get_remote_hostname(int socket); + +/* + * Return the canonical name of the host in the other side of the current + * connection (as returned by packet_get_connection). The host name is + * cached, so it is efficient to call this several times. + */ +const char *get_canonical_hostname(void); + +/* + * Returns the remote IP address as an ascii string. The value need not be + * freed by the caller. + */ +const char *get_remote_ipaddr(void); + +/* Returns the port number of the peer of the socket. */ +int get_peer_port(int sock); + +/* Returns the port number of the remote/local host. */ +int get_remote_port(void); +int get_local_port(void); diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 2953ef6484d..8e3592b8566 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -40,25 +40,24 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.81 2001/01/19 15:55:10 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.82 2001/01/21 19:05:46 markus Exp $"); + +#include <openssl/rsa.h> +#include <openssl/dsa.h> #include "ssh.h" +#include "ssh1.h" +#include "ssh2.h" #include "packet.h" #include "xmalloc.h" #include "buffer.h" #include "uidswap.h" -#include "readconf.h" -#include "servconf.h" - +#include "log.h" +#include "misc.h" #include "channels.h" #include "nchan.h" #include "compat.h" - -#include "ssh1.h" -#include "ssh2.h" - -#include <openssl/rsa.h> -#include <openssl/dsa.h> +#include "canohost.h" #include "key.h" #include "authfd.h" @@ -131,6 +130,9 @@ static int all_opens_permitted = 0; /* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */ static int have_hostname_in_open = 0; +/* AF_UNSPEC or AF_INET or AF_INET6 */ +extern int IPv4or6; + /* Sets specific protocol options. */ void diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c index 89e3c279fcc..c867216cc67 100644 --- a/usr.bin/ssh/cipher.c +++ b/usr.bin/ssh/cipher.c @@ -35,10 +35,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.41 2000/12/19 23:17:56 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.42 2001/01/21 19:05:46 markus Exp $"); -#include "ssh.h" #include "xmalloc.h" +#include "log.h" +#include "cipher.h" #include <openssl/md5.h> diff --git a/usr.bin/ssh/cli.c b/usr.bin/ssh/cli.c index fa18e7b54b6..943bc104b2c 100644 --- a/usr.bin/ssh/cli.c +++ b/usr.bin/ssh/cli.c @@ -1,8 +1,9 @@ #include "includes.h" -RCSID("$OpenBSD: cli.c,v 1.5 2001/01/08 08:50:29 markus Exp $"); +RCSID("$OpenBSD: cli.c,v 1.6 2001/01/21 19:05:47 markus Exp $"); #include "xmalloc.h" -#include "ssh.h" +#include "log.h" + #include <vis.h> static int cli_input = -1; diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index beaef8c2330..aade8606b63 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -59,28 +59,25 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.44 2001/01/19 15:55:10 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.45 2001/01/21 19:05:47 markus Exp $"); -#include "xmalloc.h" #include "ssh.h" -#include "packet.h" -#include "buffer.h" -#include "readconf.h" - #include "ssh1.h" #include "ssh2.h" +#include "xmalloc.h" +#include "packet.h" +#include "buffer.h" #include "compat.h" #include "channels.h" #include "dispatch.h" - #include "buffer.h" #include "bufaux.h" - -#include <openssl/dsa.h> -#include <openssl/rsa.h> #include "key.h" -#include "authfd.h" +#include "log.h" +#include "readconf.h" #include "clientloop.h" +#include "authfd.h" +#include "atomicio.h" /* import options */ extern Options options; diff --git a/usr.bin/ssh/clientloop.h b/usr.bin/ssh/clientloop.h index 3ad72aa55ce..58a1a7afb13 100644 --- a/usr.bin/ssh/clientloop.h +++ b/usr.bin/ssh/clientloop.h @@ -1,4 +1,15 @@ /* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +/* * Copyright (c) 2001 Markus Friedl. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -21,4 +32,8 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + void clientloop_set_session_ident(int id); + +/* Client side main loop for the interactive session. */ +int client_loop(int have_pty, int escape_char, int id); diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index c7df1906b06..87caf71cec6 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -23,13 +23,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.34 2001/01/21 19:05:48 markus Exp $"); + +#include <regex.h> -#include "ssh.h" #include "packet.h" #include "xmalloc.h" #include "compat.h" -#include <regex.h> +#include "log.h" int compat13 = 0; int compat20 = 0; diff --git a/usr.bin/ssh/compress.c b/usr.bin/ssh/compress.c index 2437606b7ab..1871bc8cc03 100644 --- a/usr.bin/ssh/compress.c +++ b/usr.bin/ssh/compress.c @@ -12,9 +12,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: compress.c,v 1.11 2000/12/20 19:37:21 markus Exp $"); +RCSID("$OpenBSD: compress.c,v 1.12 2001/01/21 19:05:48 markus Exp $"); -#include "ssh.h" +#include "log.h" #include "buffer.h" #include "zlib.h" diff --git a/usr.bin/ssh/deattack.c b/usr.bin/ssh/deattack.c index c3c3f08d2eb..9b9babace3b 100644 --- a/usr.bin/ssh/deattack.c +++ b/usr.bin/ssh/deattack.c @@ -1,4 +1,4 @@ -/* $OpenBSD: deattack.c,v 1.11 2000/12/19 23:17:56 markus Exp $ */ +/* $OpenBSD: deattack.c,v 1.12 2001/01/21 19:05:48 markus Exp $ */ /* * Cryptographic attack detector for ssh - source code @@ -21,7 +21,7 @@ #include "includes.h" #include "deattack.h" -#include "ssh.h" +#include "log.h" #include "crc32.h" #include "getput.h" #include "xmalloc.h" diff --git a/usr.bin/ssh/dh.c b/usr.bin/ssh/dh.c index 605148f908a..f1f7e5d43fa 100644 --- a/usr.bin/ssh/dh.c +++ b/usr.bin/ssh/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.5 2001/01/19 15:55:11 markus Exp $"); +RCSID("$OpenBSD: dh.c,v 1.6 2001/01/21 19:05:49 markus Exp $"); #include "xmalloc.h" @@ -31,11 +31,13 @@ RCSID("$OpenBSD: dh.c,v 1.5 2001/01/19 15:55:11 markus Exp $"); #include <openssl/dh.h> #include <openssl/evp.h> -#include "ssh.h" #include "buffer.h" +#include "cipher.h" #include "kex.h" #include "dh.h" #include "pathnames.h" +#include "log.h" +#include "misc.h" int parse_prime(int linenum, char *line, struct dhgroup *dhg) diff --git a/usr.bin/ssh/dispatch.c b/usr.bin/ssh/dispatch.c index 45bb47e92da..74fcc553cfc 100644 --- a/usr.bin/ssh/dispatch.c +++ b/usr.bin/ssh/dispatch.c @@ -22,9 +22,10 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: dispatch.c,v 1.6 2001/01/19 15:55:11 markus Exp $"); -#include "ssh.h" +RCSID("$OpenBSD: dispatch.c,v 1.7 2001/01/21 19:05:49 markus Exp $"); + #include "ssh1.h" +#include "log.h" #include "dispatch.h" #include "packet.h" diff --git a/usr.bin/ssh/groupaccess.c b/usr.bin/ssh/groupaccess.c index bf6be997ed8..9f72e577eb2 100644 --- a/usr.bin/ssh/groupaccess.c +++ b/usr.bin/ssh/groupaccess.c @@ -25,9 +25,9 @@ #include "includes.h" #include "groupaccess.h" -#include "ssh.h" #include "xmalloc.h" #include "match.h" +#include "log.h" static int ngroups; static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ diff --git a/usr.bin/ssh/hmac.c b/usr.bin/ssh/hmac.c index 6c3883e67e5..e440d611762 100644 --- a/usr.bin/ssh/hmac.c +++ b/usr.bin/ssh/hmac.c @@ -23,11 +23,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: hmac.c,v 1.5 2000/12/19 23:17:56 markus Exp $"); +RCSID("$OpenBSD: hmac.c,v 1.6 2001/01/21 19:05:49 markus Exp $"); #include "xmalloc.h" -#include "ssh.h" #include "getput.h" +#include "log.h" #include <openssl/hmac.h> diff --git a/usr.bin/ssh/hostfile.c b/usr.bin/ssh/hostfile.c index 1c3fb22ad43..b285ee83cf5 100644 --- a/usr.bin/ssh/hostfile.c +++ b/usr.bin/ssh/hostfile.c @@ -36,15 +36,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.23 2000/12/21 15:10:16 markus Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.24 2001/01/21 19:05:49 markus Exp $"); #include "packet.h" #include "match.h" -#include "ssh.h" -#include <openssl/rsa.h> -#include <openssl/dsa.h> #include "key.h" #include "hostfile.h" +#include "log.h" /* * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 9a31ae92739..d3099f7085c 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -23,18 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $"); - -#include "ssh.h" -#include "ssh2.h" -#include "xmalloc.h" -#include "buffer.h" -#include "bufaux.h" -#include "packet.h" -#include "compat.h" - -#include <openssl/bn.h> -#include <openssl/dh.h> +RCSID("$OpenBSD: kex.c,v 1.18 2001/01/21 19:05:49 markus Exp $"); #include <openssl/crypto.h> #include <openssl/bio.h> @@ -42,8 +31,16 @@ RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $"); #include <openssl/dh.h> #include <openssl/pem.h> +#include "ssh2.h" +#include "xmalloc.h" +#include "buffer.h" +#include "bufaux.h" +#include "packet.h" +#include "compat.h" +#include "cipher.h" #include "kex.h" #include "key.h" +#include "log.h" #define KEX_COOKIE_LEN 16 diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c index 21e13b8631f..a2306fed661 100644 --- a/usr.bin/ssh/key.c +++ b/usr.bin/ssh/key.c @@ -31,12 +31,11 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - #include "includes.h" -#include "ssh.h" -#include <openssl/rsa.h> -#include <openssl/dsa.h> +RCSID("$OpenBSD: key.c,v 1.15 2001/01/21 19:05:50 markus Exp $"); + #include <openssl/evp.h> + #include "xmalloc.h" #include "key.h" #include "rsa.h" @@ -45,8 +44,7 @@ #include "uuencode.h" #include "buffer.h" #include "bufaux.h" - -RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $"); +#include "log.h" Key * key_new(int type) diff --git a/usr.bin/ssh/key.h b/usr.bin/ssh/key.h index 91f4d005506..00e71839add 100644 --- a/usr.bin/ssh/key.h +++ b/usr.bin/ssh/key.h @@ -24,6 +24,9 @@ #ifndef KEY_H #define KEY_H +#include <openssl/rsa.h> +#include <openssl/dsa.h> + typedef struct Key Key; enum types { KEY_RSA1, diff --git a/usr.bin/ssh/lib/Makefile b/usr.bin/ssh/lib/Makefile index d82ad9b9390..59ae9005001 100644 --- a/usr.bin/ssh/lib/Makefile +++ b/usr.bin/ssh/lib/Makefile @@ -5,7 +5,7 @@ SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \ cipher.c compat.c compress.c crc32.c deattack.c \ hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \ rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \ - key.c dispatch.c kex.c hmac.c uuencode.c util.c \ + key.c dispatch.c kex.c hmac.c uuencode.c misc.c \ cli.c rijndael.c ssh-dss.c ssh-rsa.c NOPROFILE= yes diff --git a/usr.bin/ssh/log-client.c b/usr.bin/ssh/log-client.c index 656499ad1d7..b35f77bc9b6 100644 --- a/usr.bin/ssh/log-client.c +++ b/usr.bin/ssh/log-client.c @@ -36,10 +36,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: log-client.c,v 1.14 2001/01/18 16:20:21 markus Exp $"); +RCSID("$OpenBSD: log-client.c,v 1.15 2001/01/21 19:05:50 markus Exp $"); #include "xmalloc.h" -#include "ssh.h" +#include "log.h" static LogLevel log_level = SYSLOG_LEVEL_INFO; diff --git a/usr.bin/ssh/log-server.c b/usr.bin/ssh/log-server.c index 3c5547387ec..5e2b7722de0 100644 --- a/usr.bin/ssh/log-server.c +++ b/usr.bin/ssh/log-server.c @@ -36,12 +36,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: log-server.c,v 1.19 2001/01/18 16:20:21 markus Exp $"); +RCSID("$OpenBSD: log-server.c,v 1.20 2001/01/21 19:05:50 markus Exp $"); #include <syslog.h> #include "packet.h" #include "xmalloc.h" -#include "ssh.h" +#include "log.h" static LogLevel log_level = SYSLOG_LEVEL_INFO; static int log_on_stderr = 0; diff --git a/usr.bin/ssh/log.c b/usr.bin/ssh/log.c index 94b189b8da6..239997aec73 100644 --- a/usr.bin/ssh/log.c +++ b/usr.bin/ssh/log.c @@ -36,9 +36,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.14 2001/01/18 16:20:21 markus Exp $"); +RCSID("$OpenBSD: log.c,v 1.15 2001/01/21 19:05:51 markus Exp $"); -#include "ssh.h" +#include "log.h" #include "xmalloc.h" /* Fatal messages. This function never returns. */ diff --git a/usr.bin/ssh/log.h b/usr.bin/ssh/log.h new file mode 100644 index 00000000000..b9a9455dabb --- /dev/null +++ b/usr.bin/ssh/log.h @@ -0,0 +1,73 @@ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +#ifndef SSH_LOG_H +#define SSH_LOG_H + +/* Supported syslog facilities and levels. */ +typedef enum { + SYSLOG_FACILITY_DAEMON, + SYSLOG_FACILITY_USER, + SYSLOG_FACILITY_AUTH, + SYSLOG_FACILITY_LOCAL0, + SYSLOG_FACILITY_LOCAL1, + SYSLOG_FACILITY_LOCAL2, + SYSLOG_FACILITY_LOCAL3, + SYSLOG_FACILITY_LOCAL4, + SYSLOG_FACILITY_LOCAL5, + SYSLOG_FACILITY_LOCAL6, + SYSLOG_FACILITY_LOCAL7 +} SyslogFacility; + +typedef enum { + SYSLOG_LEVEL_QUIET, + SYSLOG_LEVEL_FATAL, + SYSLOG_LEVEL_ERROR, + SYSLOG_LEVEL_INFO, + SYSLOG_LEVEL_VERBOSE, + SYSLOG_LEVEL_DEBUG1, + SYSLOG_LEVEL_DEBUG2, + SYSLOG_LEVEL_DEBUG3 +} LogLevel; +/* Initializes logging. */ +void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr); + +/* Logging implementation, depending on server or client */ +void do_log(LogLevel level, const char *fmt, va_list args); + +/* name to facility/level */ +SyslogFacility log_facility_number(char *name); +LogLevel log_level_number(char *name); + +/* Output a message to syslog or stderr */ +void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2))); +void error(const char *fmt,...) __attribute__((format(printf, 1, 2))); +void log(const char *fmt,...) __attribute__((format(printf, 1, 2))); +void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2))); +void debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); +void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2))); +void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2))); + +/* same as fatal() but w/o logging */ +void fatal_cleanup(void); + +/* + * Registers a cleanup function to be called by fatal()/fatal_cleanup() + * before exiting. It is permissible to call fatal_remove_cleanup for the + * function itself from the function. + */ +void fatal_add_cleanup(void (*proc) (void *context), void *context); + +/* Removes a cleanup function to be called at fatal(). */ +void fatal_remove_cleanup(void (*proc) (void *context), void *context); + +#endif diff --git a/usr.bin/ssh/login.c b/usr.bin/ssh/login.c index 06eb0611c81..76ea2277f6d 100644 --- a/usr.bin/ssh/login.c +++ b/usr.bin/ssh/login.c @@ -39,11 +39,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: login.c,v 1.16 2000/12/19 23:17:57 markus Exp $"); +RCSID("$OpenBSD: login.c,v 1.17 2001/01/21 19:05:51 markus Exp $"); #include <util.h> #include <utmp.h> -#include "ssh.h" +#include "login.h" +#include "log.h" /* * Returns the time when the user last logged in. Returns 0 if the diff --git a/usr.bin/ssh/login.h b/usr.bin/ssh/login.h new file mode 100644 index 00000000000..fc9b5ded1af --- /dev/null +++ b/usr.bin/ssh/login.h @@ -0,0 +1,38 @@ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +#ifndef LOGIN_H +#define LOGIN_H + +/* + * Returns the time when the user last logged in. Returns 0 if the + * information is not available. This must be called before record_login. + * The host from which the user logged in is stored in buf. + */ +u_long +get_last_login_time(uid_t uid, const char *logname, + char *buf, u_int bufsize); + +/* + * Records that the user has logged in. This does many things normally done + * by login(1). + */ +void +record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, + const char *host, struct sockaddr *addr); + +/* + * Records that the user has logged out. This does many thigs normally done + * by login(1) or init. + */ +void record_logout(pid_t pid, const char *ttyname); + +#endif diff --git a/usr.bin/ssh/match.c b/usr.bin/ssh/match.c index 895ecab37a8..81030da6a70 100644 --- a/usr.bin/ssh/match.c +++ b/usr.bin/ssh/match.c @@ -12,9 +12,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: match.c,v 1.10 2000/12/19 23:17:57 markus Exp $"); +RCSID("$OpenBSD: match.c,v 1.11 2001/01/21 19:05:52 markus Exp $"); -#include "ssh.h" +#include "match.h" /* * Returns true if the given string matches the pattern (which may contain ? diff --git a/usr.bin/ssh/util.c b/usr.bin/ssh/misc.c index 1a591a6f0f5..e4e1fc76c17 100644 --- a/usr.bin/ssh/util.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $ */ +/* $OpenBSD: misc.c,v 1.1 2001/01/21 19:05:52 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,9 +25,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $"); +RCSID("$OpenBSD: misc.c,v 1.1 2001/01/21 19:05:52 markus Exp $"); -#include "ssh.h" +#include "misc.h" +#include "log.h" char * chop(char *s) diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h new file mode 100644 index 00000000000..8205a6070a1 --- /dev/null +++ b/usr.bin/ssh/misc.h @@ -0,0 +1,19 @@ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +/* remove newline at end of string */ +char *chop(char *s); + +/* return next token in configuration line */ +char *strdelim(char **s); + +/* set filedescriptor to non-blocking */ +void set_nonblock(int fd); diff --git a/usr.bin/ssh/nchan.c b/usr.bin/ssh/nchan.c index 84f3a2fdecb..4a76489bf3d 100644 --- a/usr.bin/ssh/nchan.c +++ b/usr.bin/ssh/nchan.c @@ -23,18 +23,16 @@ */ #include "includes.h" -RCSID("$OpenBSD: nchan.c,v 1.21 2001/01/19 15:55:11 markus Exp $"); - -#include "ssh.h" +RCSID("$OpenBSD: nchan.c,v 1.22 2001/01/21 19:05:52 markus Exp $"); +#include "ssh1.h" +#include "ssh2.h" #include "buffer.h" #include "packet.h" #include "channels.h" #include "nchan.h" - -#include "ssh1.h" -#include "ssh2.h" #include "compat.h" +#include "log.h" /* functions manipulating channel states */ /* diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 9661e145312..24764f448b1 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -37,13 +37,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.45 2001/01/19 15:55:11 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.46 2001/01/21 19:05:53 markus Exp $"); #include "xmalloc.h" #include "buffer.h" #include "packet.h" #include "bufaux.h" -#include "ssh.h" #include "crc32.h" #include "getput.h" @@ -62,6 +61,8 @@ RCSID("$OpenBSD: packet.c,v 1.45 2001/01/19 15:55:11 markus Exp $"); #include "cipher.h" #include "kex.h" #include "hmac.h" +#include "log.h" +#include "canohost.h" #ifdef PACKET_DEBUG #define DBG(x) x diff --git a/usr.bin/ssh/pty.c b/usr.bin/ssh/pty.c index 25ab0077a36..125f2c705f3 100644 --- a/usr.bin/ssh/pty.c +++ b/usr.bin/ssh/pty.c @@ -12,11 +12,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: pty.c,v 1.19 2000/12/20 20:00:34 markus Exp $"); +RCSID("$OpenBSD: pty.c,v 1.20 2001/01/21 19:05:53 markus Exp $"); #include <util.h> #include "pty.h" -#include "ssh.h" +#include "log.h" /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) diff --git a/usr.bin/ssh/radix.h b/usr.bin/ssh/radix.h new file mode 100644 index 00000000000..993fa588759 --- /dev/null +++ b/usr.bin/ssh/radix.h @@ -0,0 +1,26 @@ +/* + * Copyright (c) 1999 Dug Song. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen); +int radix_to_creds(const char *buf, CREDENTIALS * creds); diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 6086776b026..b2b3f10d5f5 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,14 +12,17 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.57 2001/01/20 23:02:07 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.58 2001/01/21 19:05:53 markus Exp $"); #include "ssh.h" -#include "readconf.h" -#include "match.h" #include "xmalloc.h" #include "compat.h" +#include "cipher.h" #include "pathnames.h" +#include "log.h" +#include "readconf.h" +#include "match.h" +#include "misc.h" /* Format of the configuration file: diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c index f3a7dcbed27..6df20f60b93 100644 --- a/usr.bin/ssh/readpass.c +++ b/usr.bin/ssh/readpass.c @@ -32,10 +32,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.12 2000/10/11 20:14:39 markus Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.13 2001/01/21 19:05:54 markus Exp $"); #include "xmalloc.h" -#include "ssh.h" #include "cli.h" /* diff --git a/usr.bin/ssh/readpass.h b/usr.bin/ssh/readpass.h new file mode 100644 index 00000000000..fa64b4b343b --- /dev/null +++ b/usr.bin/ssh/readpass.h @@ -0,0 +1,18 @@ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +/* + * Reads a passphrase from /dev/tty with echo turned off. Returns the + * passphrase (allocated with xmalloc). Exits if EOF is encountered. If + * from_stdin is true, the passphrase will be read from stdin instead. + */ +char *read_passphrase(char *prompt, int from_stdin); diff --git a/usr.bin/ssh/rsa.c b/usr.bin/ssh/rsa.c index e5eea29f5e3..04bb239e532 100644 --- a/usr.bin/ssh/rsa.c +++ b/usr.bin/ssh/rsa.c @@ -60,10 +60,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: rsa.c,v 1.18 2000/12/19 23:17:57 markus Exp $"); +RCSID("$OpenBSD: rsa.c,v 1.19 2001/01/21 19:05:54 markus Exp $"); #include "rsa.h" -#include "ssh.h" +#include "log.h" #include "xmalloc.h" void diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index 806115bfae2..4180cdade85 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -75,11 +75,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.50 2001/01/19 15:55:11 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.51 2001/01/21 19:05:55 markus Exp $"); -#include "ssh.h" #include "xmalloc.h" +#include "atomicio.h" #include "pathnames.h" +#include "log.h" /* For progressmeter() -- number of seconds before xfer considered "stalled" */ #define STALLTIME 5 diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 036eeb63289..67a82b8e867 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -10,17 +10,31 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.61 2001/01/20 23:00:56 djm Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.62 2001/01/21 19:05:55 markus Exp $"); + +#ifdef KRB4 +#include <krb.h> +#endif +#ifdef AFS +#include <kafs.h> +#endif #include "ssh.h" +#include "log.h" #include "servconf.h" #include "xmalloc.h" #include "compat.h" #include "pathnames.h" +#include "tildexpand.h" +#include "misc.h" +#include "cipher.h" /* add listen address */ void add_listen_addr(ServerOptions *options, char *addr); +/* AF_UNSPEC or AF_INET or AF_INET6 */ +extern int IPv4or6; + /* Initializes the server options to their default values. */ void @@ -282,7 +296,6 @@ parse_token(const char *cp, const char *filename, void add_listen_addr(ServerOptions *options, char *addr) { - extern int IPv4or6; struct addrinfo hints, *ai, *aitop; char strport[NI_MAXSERV]; int gaierr; diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index a7d21fbcad4..61f2c038516 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -35,16 +35,15 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.41 2001/01/19 15:55:11 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.42 2001/01/21 19:05:55 markus Exp $"); #include "xmalloc.h" -#include "ssh.h" #include "packet.h" #include "buffer.h" +#include "log.h" #include "servconf.h" #include "pty.h" #include "channels.h" - #include "compat.h" #include "ssh1.h" #include "ssh2.h" @@ -52,6 +51,8 @@ RCSID("$OpenBSD: serverloop.c,v 1.41 2001/01/19 15:55:11 markus Exp $"); #include "session.h" #include "dispatch.h" #include "auth-options.h" +#include "serverloop.h" +#include "misc.h" extern ServerOptions options; diff --git a/usr.bin/ssh/serverloop.h b/usr.bin/ssh/serverloop.h new file mode 100644 index 00000000000..915bffeab5e --- /dev/null +++ b/usr.bin/ssh/serverloop.h @@ -0,0 +1,20 @@ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ +/* + * Performs the interactive session. This handles data transmission between + * the client and the program. Note that the notion of stdin, stdout, and + * stderr in this function is sort of reversed: this function writes to stdin + * (of the child program), and reads from stdout and stderr (of the child + * program). + */ +void server_loop(pid_t pid, int fdin, int fdout, int fderr); +void server_loop2(void); diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 64a0a6e8a71..7a5e867b965 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,26 +33,29 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.50 2001/01/19 15:55:11 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.51 2001/01/21 19:05:56 markus Exp $"); -#include "xmalloc.h" #include "ssh.h" +#include "ssh1.h" +#include "ssh2.h" +#include "xmalloc.h" #include "pty.h" #include "packet.h" #include "buffer.h" #include "mpaux.h" -#include "servconf.h" #include "uidswap.h" #include "compat.h" #include "channels.h" #include "nchan.h" - #include "bufaux.h" -#include "ssh1.h" -#include "ssh2.h" #include "auth.h" #include "auth-options.h" #include "pathnames.h" +#include "log.h" +#include "servconf.h" +#include "login.h" +#include "serverloop.h" +#include "canohost.h" #ifdef HAVE_LOGIN_CAP #include <login_cap.h> diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c index 406133d31e6..30c93354713 100644 --- a/usr.bin/ssh/sftp-server.c +++ b/usr.bin/ssh/sftp-server.c @@ -22,12 +22,12 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.14 2001/01/21 19:05:56 markus Exp $"); -#include "ssh.h" #include "buffer.h" #include "bufaux.h" #include "getput.h" +#include "log.h" #include "xmalloc.h" #include "sftp.h" diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index b8a8aef2030..693055a0efb 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -35,19 +35,19 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.26 2001/01/20 21:33:42 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.27 2001/01/21 19:05:56 markus Exp $"); #include <openssl/evp.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> -#include "rsa.h" #include "ssh.h" +#include "rsa.h" +#include "log.h" #include "xmalloc.h" #include "key.h" #include "authfd.h" #include "authfile.h" #include "pathnames.h" +#include "readpass.h" void delete_file(AuthenticationConnection *ac, const char *filename) diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 1ce56b5d7db..d1739e273f9 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.46 2001/01/11 21:37:30 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -37,7 +37,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.46 2001/01/11 21:37:30 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $"); + +#include <openssl/evp.h> +#include <openssl/md5.h> #include "ssh.h" #include "rsa.h" @@ -47,16 +50,12 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.46 2001/01/11 21:37:30 markus Exp $"); #include "packet.h" #include "getput.h" #include "mpaux.h" -#include "includes.h" - -#include <openssl/evp.h> -#include <openssl/md5.h> -#include <openssl/dsa.h> -#include <openssl/rsa.h> #include "key.h" #include "authfd.h" +#include "cipher.h" #include "kex.h" #include "compat.h" +#include "log.h" typedef struct { int fd; diff --git a/usr.bin/ssh/ssh-dss.c b/usr.bin/ssh/ssh-dss.c index 4e7c94fcd88..2366c211790 100644 --- a/usr.bin/ssh/ssh-dss.c +++ b/usr.bin/ssh/ssh-dss.c @@ -23,19 +23,16 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.3 2001/01/19 16:50:58 markus Exp $"); +RCSID("$OpenBSD: ssh-dss.c,v 1.4 2001/01/21 19:05:57 markus Exp $"); + +#include <openssl/bn.h> +#include <openssl/evp.h> -#include "ssh.h" #include "xmalloc.h" #include "buffer.h" #include "bufaux.h" #include "compat.h" - -#include <openssl/bn.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> -#include <openssl/evp.h> - +#include "log.h" #include "key.h" #define INTBLOB_LEN 20 diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 66406d9cb48..d6bb3a0d9f6 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -12,23 +12,20 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.40 2001/01/19 15:55:11 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.41 2001/01/21 19:05:57 markus Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> -#include "ssh.h" #include "xmalloc.h" #include "key.h" -#include "rsa.h" #include "authfile.h" #include "uuencode.h" - #include "buffer.h" #include "bufaux.h" #include "pathnames.h" +#include "log.h" +#include "readpass.h" /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ int bits = 1024; diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index e6d2bbb0f12..6387c5ded4f 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -8,14 +8,12 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.10 2001/01/19 15:55:11 markus Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.11 2001/01/21 19:05:57 markus Exp $"); #include <sys/queue.h> #include <errno.h> #include <openssl/bn.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> #include "xmalloc.h" #include "ssh.h" @@ -23,6 +21,7 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.10 2001/01/19 15:55:11 markus Exp $"); #include "key.h" #include "buffer.h" #include "bufaux.h" +#include "log.h" static int argno = 1; /* Number of argument currently being parsed */ diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c index e53af9e0a3b..2dc34106667 100644 --- a/usr.bin/ssh/ssh-rsa.c +++ b/usr.bin/ssh/ssh-rsa.c @@ -23,18 +23,15 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $"); - -#include "ssh.h" -#include "xmalloc.h" -#include "buffer.h" -#include "bufaux.h" +RCSID("$OpenBSD: ssh-rsa.c,v 1.5 2001/01/21 19:05:58 markus Exp $"); #include <openssl/evp.h> -#include <openssl/dsa.h> -#include <openssl/rsa.h> #include <openssl/err.h> +#include "xmalloc.h" +#include "log.h" +#include "buffer.h" +#include "bufaux.h" #include "key.h" /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 110f51ef1b4..41e24605e97 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -39,29 +39,31 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.83 2001/01/19 15:55:11 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.84 2001/01/21 19:05:58 markus Exp $"); #include <openssl/evp.h> -#include <openssl/dsa.h> -#include <openssl/rsa.h> #include <openssl/err.h> -#include "xmalloc.h" #include "ssh.h" -#include "packet.h" -#include "buffer.h" -#include "readconf.h" -#include "uidswap.h" - #include "ssh1.h" #include "ssh2.h" #include "compat.h" +#include "cipher.h" +#include "xmalloc.h" +#include "packet.h" +#include "buffer.h" +#include "uidswap.h" #include "channels.h" #include "key.h" #include "authfd.h" #include "authfile.h" #include "pathnames.h" #include "clientloop.h" +#include "log.h" +#include "readconf.h" +#include "sshconnect.h" +#include "tildexpand.h" +#include "misc.h" extern char *__progname; diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index 6dffccbd6b2..8860ff84aad 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -3,8 +3,6 @@ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved * - * Generic header file for ssh. - * * As far as I am concerned, the code I have written for this software * can be used freely for any purpose. Any derived versions of this * software must be clearly marked as such, and if the derived work is @@ -12,13 +10,13 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: ssh.h,v 1.60 2001/01/19 15:55:11 markus Exp $"); */ +/* RCSID("$OpenBSD: ssh.h,v 1.61 2001/01/21 19:05:59 markus Exp $"); */ #ifndef SSH_H #define SSH_H -#include "rsa.h" -#include "cipher.h" +//#include "rsa.h" +//#include "cipher.h" /* Cipher used for encrypting authentication files. */ #define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES @@ -87,265 +85,4 @@ /* Name of Kerberos service for SSH to use. */ #define KRB4_SERVICE_NAME "rcmd" - -/*------------ definitions for login.c -------------*/ - -/* - * Returns the time when the user last logged in. Returns 0 if the - * information is not available. This must be called before record_login. - * The host from which the user logged in is stored in buf. - */ -u_long -get_last_login_time(uid_t uid, const char *logname, - char *buf, u_int bufsize); - -/* - * Records that the user has logged in. This does many things normally done - * by login(1). - */ -void -record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, - const char *host, struct sockaddr *addr); - -/* - * Records that the user has logged out. This does many thigs normally done - * by login(1) or init. - */ -void record_logout(pid_t pid, const char *ttyname); - -/*------------ definitions for sshconnect.c ----------*/ - -/* - * Opens a TCP/IP connection to the remote server on the given host. If port - * is 0, the default port will be used. If anonymous is zero, a privileged - * port will be allocated to make the connection. This requires super-user - * privileges if anonymous is false. Connection_attempts specifies the - * maximum number of tries, one per second. This returns true on success, - * and zero on failure. If the connection is successful, this calls - * packet_set_connection for the connection. - */ -int -ssh_connect(const char *host, struct sockaddr_storage * hostaddr, - u_short port, int connection_attempts, - int anonymous, uid_t original_real_uid, - const char *proxy_command); - -/* - * Starts a dialog with the server, and authenticates the current user on the - * server. This does not need any extra privileges. The basic connection to - * the server must already have been established before this is called. If - * login fails, this function prints an error and never returns. This - * initializes the random state, and leaves it initialized (it will also have - * references from the packet module). - */ - -void -ssh_login(int host_key_valid, RSA * host_key, const char *host, - struct sockaddr * hostaddr, uid_t original_real_uid); - -/*------------ Definitions for various authentication methods. -------*/ - -/* - * Tries to authenticate the user using the .rhosts file. Returns true if - * authentication succeeds. If ignore_rhosts is non-zero, this will not - * consider .rhosts and .shosts (/etc/hosts.equiv will still be used). - */ -int auth_rhosts(struct passwd * pw, const char *client_user); - -/* - * Tries to authenticate the user using the .rhosts file and the host using - * its host key. Returns true if authentication succeeds. - */ -int -auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); - -/* - * Tries to authenticate the user using password. Returns true if - * authentication succeeds. - */ -int auth_password(struct passwd * pw, const char *password); - -/* - * Performs the RSA authentication dialog with the client. This returns 0 if - * the client could not be authenticated, and 1 if authentication was - * successful. This may exit if there is a serious protocol violation. - */ -int auth_rsa(struct passwd * pw, BIGNUM * client_n); - -/* - * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer - * over the key. Skips any whitespace at the beginning and at end. - */ -int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n); - -/* - * Returns the name of the machine at the other end of the socket. The - * returned string should be freed by the caller. - */ -char *get_remote_hostname(int socket); - -/* - * Return the canonical name of the host in the other side of the current - * connection (as returned by packet_get_connection). The host name is - * cached, so it is efficient to call this several times. - */ -const char *get_canonical_hostname(void); - -/* - * Returns the remote IP address as an ascii string. The value need not be - * freed by the caller. - */ -const char *get_remote_ipaddr(void); - -/* Returns the port number of the peer of the socket. */ -int get_peer_port(int sock); - -/* Returns the port number of the remote/local host. */ -int get_remote_port(void); -int get_local_port(void); - - -/* - * Performs the RSA authentication challenge-response dialog with the client, - * and returns true (non-zero) if the client gave the correct answer to our - * challenge; returns zero if the client gives a wrong answer. - */ -int auth_rsa_challenge_dialog(RSA *pk); - -/* - * Reads a passphrase from /dev/tty with echo turned off. Returns the - * passphrase (allocated with xmalloc). Exits if EOF is encountered. If - * from_stdin is true, the passphrase will be read from stdin instead. - */ -char *read_passphrase(char *prompt, int from_stdin); - - -/*------------ Definitions for logging. -----------------------*/ - -/* Supported syslog facilities and levels. */ -typedef enum { - SYSLOG_FACILITY_DAEMON, - SYSLOG_FACILITY_USER, - SYSLOG_FACILITY_AUTH, - SYSLOG_FACILITY_LOCAL0, - SYSLOG_FACILITY_LOCAL1, - SYSLOG_FACILITY_LOCAL2, - SYSLOG_FACILITY_LOCAL3, - SYSLOG_FACILITY_LOCAL4, - SYSLOG_FACILITY_LOCAL5, - SYSLOG_FACILITY_LOCAL6, - SYSLOG_FACILITY_LOCAL7 -} SyslogFacility; - -typedef enum { - SYSLOG_LEVEL_QUIET, - SYSLOG_LEVEL_FATAL, - SYSLOG_LEVEL_ERROR, - SYSLOG_LEVEL_INFO, - SYSLOG_LEVEL_VERBOSE, - SYSLOG_LEVEL_DEBUG1, - SYSLOG_LEVEL_DEBUG2, - SYSLOG_LEVEL_DEBUG3 -} LogLevel; -/* Initializes logging. */ -void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr); - -/* Logging implementation, depending on server or client */ -void do_log(LogLevel level, const char *fmt, va_list args); - -/* name to facility/level */ -SyslogFacility log_facility_number(char *name); -LogLevel log_level_number(char *name); - -/* Output a message to syslog or stderr */ -void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void error(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void log(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2))); -void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2))); - -/* same as fatal() but w/o logging */ -void fatal_cleanup(void); - -/* - * Registers a cleanup function to be called by fatal()/fatal_cleanup() - * before exiting. It is permissible to call fatal_remove_cleanup for the - * function itself from the function. - */ -void fatal_add_cleanup(void (*proc) (void *context), void *context); - -/* Removes a cleanup function to be called at fatal(). */ -void fatal_remove_cleanup(void (*proc) (void *context), void *context); - -/* ---- misc */ - -/* - * Expands tildes in the file name. Returns data allocated by xmalloc. - * Warning: this calls getpw*. - */ -char *tilde_expand_filename(const char *filename, uid_t my_uid); - -/* remove newline at end of string */ -char *chop(char *s); - -/* return next token in configuration line */ -char *strdelim(char **s); - -/* set filedescriptor to non-blocking */ -void set_nonblock(int fd); - -/* - * Performs the interactive session. This handles data transmission between - * the client and the program. Note that the notion of stdin, stdout, and - * stderr in this function is sort of reversed: this function writes to stdin - * (of the child program), and reads from stdout and stderr (of the child - * program). - */ -void server_loop(pid_t pid, int fdin, int fdout, int fderr); -void server_loop2(void); - -/* Client side main loop for the interactive session. */ -int client_loop(int have_pty, int escape_char, int id); - -/* Linked list of custom environment strings (see auth-rsa.c). */ -struct envstring { - struct envstring *next; - char *s; -}; - -/* - * Ensure all of data on socket comes through. f==read || f==write - */ -ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); - -#ifdef KRB4 -#include <krb.h> -/* - * Performs Kerberos v4 mutual authentication with the client. This returns 0 - * if the client could not be authenticated, and 1 if authentication was - * successful. This may exit if there is a serious protocol violation. - */ -int auth_krb4(const char *server_user, KTEXT auth, char **client); -int krb4_init(uid_t uid); -void krb4_cleanup_proc(void *ignore); -int auth_krb4_password(struct passwd * pw, const char *password); - -#ifdef AFS -#include <kafs.h> - -/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ -int auth_kerberos_tgt(struct passwd * pw, const char *string); -int auth_afs_token(struct passwd * pw, const char *token_string); - -int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen); -int radix_to_creds(const char *buf, CREDENTIALS * creds); -#endif /* AFS */ - -#endif /* KRB4 */ - -/* AF_UNSPEC or AF_INET or AF_INET6 */ -extern int IPv4or6; - #endif /* SSH_H */ diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 8d24f8852cc..00649967439 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -13,23 +13,24 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.91 2001/01/21 19:05:59 markus Exp $"); #include <openssl/bn.h> -#include <openssl/dsa.h> -#include <openssl/rsa.h> +#include "ssh.h" #include "xmalloc.h" #include "rsa.h" -#include "ssh.h" #include "buffer.h" #include "packet.h" #include "uidswap.h" #include "compat.h" -#include "readconf.h" #include "key.h" #include "sshconnect.h" #include "hostfile.h" +#include "log.h" +#include "readconf.h" +#include "atomicio.h" +#include "misc.h" char *client_version_string = NULL; char *server_version_string = NULL; @@ -37,6 +38,9 @@ char *server_version_string = NULL; extern Options options; extern char *__progname; +/* AF_UNSPEC or AF_INET or AF_INET6 */ +extern int IPv4or6; + /* * Connect to the given ssh server using a proxy command. */ diff --git a/usr.bin/ssh/sshconnect.h b/usr.bin/ssh/sshconnect.h index 720004675b3..4e16f2d8598 100644 --- a/usr.bin/ssh/sshconnect.h +++ b/usr.bin/ssh/sshconnect.h @@ -23,6 +23,34 @@ */ #ifndef SSHCONNECT_H #define SSHCONNECT_H +/* + * Opens a TCP/IP connection to the remote server on the given host. If port + * is 0, the default port will be used. If anonymous is zero, a privileged + * port will be allocated to make the connection. This requires super-user + * privileges if anonymous is false. Connection_attempts specifies the + * maximum number of tries, one per second. This returns true on success, + * and zero on failure. If the connection is successful, this calls + * packet_set_connection for the connection. + */ +int +ssh_connect(const char *host, struct sockaddr_storage * hostaddr, + u_short port, int connection_attempts, + int anonymous, uid_t original_real_uid, + const char *proxy_command); + +/* + * Starts a dialog with the server, and authenticates the current user on the + * server. This does not need any extra privileges. The basic connection to + * the server must already have been established before this is called. If + * login fails, this function prints an error and never returns. This + * initializes the random state, and leaves it initialized (it will also have + * references from the packet module). + */ + +void +ssh_login(int host_key_valid, RSA * host_key, const char *host, + struct sockaddr * hostaddr, uid_t original_real_uid); + void check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index ecfdfe5d6c0..d0c0215cab8 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,26 +13,36 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.17 2001/01/19 15:55:12 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.18 2001/01/21 19:06:00 markus Exp $"); #include <openssl/bn.h> -#include <openssl/dsa.h> -#include <openssl/rsa.h> #include <openssl/evp.h> -#include "xmalloc.h" -#include "rsa.h" +#ifdef KRB4 +#include <krb.h> +#include "radix.h" +#endif +#ifdef AFS +#include <kafs.h> +#endif + #include "ssh.h" #include "ssh1.h" +#include "xmalloc.h" +#include "rsa.h" #include "buffer.h" #include "packet.h" #include "mpaux.h" #include "uidswap.h" +#include "log.h" #include "readconf.h" #include "key.h" #include "authfd.h" #include "sshconnect.h" #include "authfile.h" +#include "readpass.h" +#include "cipher.h" +#include "canohost.h" /* Session id for the current session. */ u_char session_id[16]; diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 88df3aaf7c8..6f41b987a12 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,25 +23,23 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.36 2001/01/20 18:20:29 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $"); #include <openssl/bn.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> #include <openssl/md5.h> #include <openssl/dh.h> #include <openssl/hmac.h> #include "ssh.h" +#include "ssh2.h" #include "xmalloc.h" #include "rsa.h" #include "buffer.h" #include "packet.h" #include "uidswap.h" #include "compat.h" -#include "readconf.h" #include "bufaux.h" -#include "ssh2.h" +#include "cipher.h" #include "kex.h" #include "myproposal.h" #include "key.h" @@ -50,6 +48,9 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.36 2001/01/20 18:20:29 stevesk Exp $"); #include "cli.h" #include "dispatch.h" #include "authfd.h" +#include "log.h" +#include "readconf.h" +#include "readpass.h" void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 9148f0f7af7..21b0cdbe3ca 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -40,34 +40,36 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.154 2001/01/19 15:55:12 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $"); +#include <openssl/dh.h> +#include <openssl/bn.h> +#include <openssl/hmac.h> + +#include "ssh.h" +#include "ssh1.h" +#include "ssh2.h" #include "xmalloc.h" #include "rsa.h" -#include "ssh.h" #include "pty.h" #include "packet.h" #include "mpaux.h" +#include "log.h" #include "servconf.h" #include "uidswap.h" #include "compat.h" #include "buffer.h" - -#include "ssh1.h" -#include "ssh2.h" -#include <openssl/dh.h> -#include <openssl/bn.h> -#include <openssl/hmac.h> +#include "cipher.h" #include "kex.h" -#include <openssl/dsa.h> -#include <openssl/rsa.h> #include "key.h" #include "dh.h" - -#include "auth.h" #include "myproposal.h" #include "authfile.h" #include "pathnames.h" +#include "atomicio.h" +#include "canohost.h" +#include "auth.h" +#include "misc.h" #ifdef LIBWRAP #include <tcpd.h> diff --git a/usr.bin/ssh/tildexpand.c b/usr.bin/ssh/tildexpand.c index b091d51ec0b..b72744683b7 100644 --- a/usr.bin/ssh/tildexpand.c +++ b/usr.bin/ssh/tildexpand.c @@ -11,10 +11,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: tildexpand.c,v 1.9 2000/12/19 23:17:59 markus Exp $"); +RCSID("$OpenBSD: tildexpand.c,v 1.10 2001/01/21 19:06:01 markus Exp $"); #include "xmalloc.h" -#include "ssh.h" +#include "log.h" /* * Expands tildes in the file name. Returns data allocated by xmalloc. diff --git a/usr.bin/ssh/tildexpand.h b/usr.bin/ssh/tildexpand.h new file mode 100644 index 00000000000..fc999773657 --- /dev/null +++ b/usr.bin/ssh/tildexpand.h @@ -0,0 +1,17 @@ +/* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + */ + +/* + * Expands tildes in the file name. Returns data allocated by xmalloc. + * Warning: this calls getpw*. + */ +char *tilde_expand_filename(const char *filename, uid_t my_uid); diff --git a/usr.bin/ssh/ttymodes.c b/usr.bin/ssh/ttymodes.c index 68d38614621..2516e931065 100644 --- a/usr.bin/ssh/ttymodes.c +++ b/usr.bin/ssh/ttymodes.c @@ -15,10 +15,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: ttymodes.c,v 1.9 2001/01/19 15:55:12 markus Exp $"); +RCSID("$OpenBSD: ttymodes.c,v 1.10 2001/01/21 19:06:01 markus Exp $"); #include "packet.h" -#include "ssh.h" +#include "log.h" #include "ssh1.h" #define TTY_OP_END 0 diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c index fb95702a9c8..8b7f535bec9 100644 --- a/usr.bin/ssh/uidswap.c +++ b/usr.bin/ssh/uidswap.c @@ -12,9 +12,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: uidswap.c,v 1.12 2000/12/29 10:48:56 markus Exp $"); +RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $"); -#include "ssh.h" +#include "log.h" #include "uidswap.h" /* diff --git a/usr.bin/ssh/xmalloc.c b/usr.bin/ssh/xmalloc.c index 738c9cdc390..566bbfd2027 100644 --- a/usr.bin/ssh/xmalloc.c +++ b/usr.bin/ssh/xmalloc.c @@ -13,9 +13,10 @@ */ #include "includes.h" -RCSID("$OpenBSD: xmalloc.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $"); +RCSID("$OpenBSD: xmalloc.c,v 1.9 2001/01/21 19:06:02 markus Exp $"); -#include "ssh.h" +#include "xmalloc.h" +#include "log.h" void * xmalloc(size_t size) |