diff options
Diffstat (limited to 'usr.bin')
50 files changed, 2372 insertions, 1638 deletions
diff --git a/usr.bin/ssh/auth-passwd.c b/usr.bin/ssh/auth-passwd.c index 542c393183b..ca052958536 100644 --- a/usr.bin/ssh/auth-passwd.c +++ b/usr.bin/ssh/auth-passwd.c @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$Id: auth-passwd.c,v 1.11 1999/11/24 00:26:00 deraadt Exp $"); +RCSID("$Id: auth-passwd.c,v 1.12 1999/11/24 19:53:43 markus Exp $"); #include "packet.h" #include "ssh.h" @@ -25,14 +25,10 @@ auth_password(struct passwd * pw, const char *password) extern ServerOptions options; char *encrypted_password; - if (pw->pw_uid == 0 && options.permit_root_login == 2) { - /* Server does not permit root login with password */ + if (pw->pw_uid == 0 && options.permit_root_login == 2) return 0; - } - if (*password == '\0' && options.permit_empty_passwd == 0) { - /* Server does not permit empty password login */ + if (*password == '\0' && options.permit_empty_passwd == 0) return 0; - } /* deny if no user. */ if (pw == NULL) return 0; @@ -60,8 +56,10 @@ auth_password(struct passwd * pw, const char *password) #endif #if defined(KRB4) - /* Support for Kerberos v4 authentication - Dug Song - <dugsong@UMICH.EDU> */ + /* + * Support for Kerberos v4 authentication + * - Dug Song <dugsong@UMICH.EDU> + */ if (options.kerberos_authentication) { AUTH_DAT adata; KTEXT_ST tkt; @@ -72,8 +70,10 @@ auth_password(struct passwd * pw, const char *password) char realm[REALM_SZ]; int r; - /* Try Kerberos password authentication only for non-root - users and only if Kerberos is installed. */ + /* + * Try Kerberos password authentication only for non-root + * users and only if Kerberos is installed. + */ if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { /* Set up our ticket file. */ @@ -130,14 +130,17 @@ auth_password(struct passwd * pw, const char *password) goto kerberos_auth_failure; } } else if (r == KDC_PR_UNKNOWN) { - /* Allow login if no rcmd service exists, - but log the error. */ + /* + * Allow login if no rcmd service exists, but + * log the error. + */ log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " "not registered, or srvtab is wrong?", pw->pw_name, krb_err_txt[r], KRB4_SERVICE_NAME, phost); } else { - /* TGT is bad, forget it. Possibly - spoofed! */ + /* + * TGT is bad, forget it. Possibly spoofed! + */ packet_send_debug("WARNING: Kerberos V4 TGT " "possibly spoofed for %s: %s", pw->pw_name, krb_err_txt[r]); @@ -161,11 +164,8 @@ auth_password(struct passwd * pw, const char *password) #endif /* KRB4 */ /* Check for users with no password. */ - if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) { - packet_send_debug("Login permitted without a password " - "because the account has no password."); + if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) return 1; - } /* Encrypt the candidate password using the proper salt. */ encrypted_password = crypt(password, (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); diff --git a/usr.bin/ssh/auth-rh-rsa.c b/usr.bin/ssh/auth-rh-rsa.c index 696e47965d1..a9195f0d96b 100644 --- a/usr.bin/ssh/auth-rh-rsa.c +++ b/usr.bin/ssh/auth-rh-rsa.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rh-rsa.c,v 1.9 1999/11/24 00:26:00 deraadt Exp $"); +RCSID("$Id: auth-rh-rsa.c,v 1.10 1999/11/24 19:53:43 markus Exp $"); #include "packet.h" #include "ssh.h" @@ -23,8 +23,10 @@ RCSID("$Id: auth-rh-rsa.c,v 1.9 1999/11/24 00:26:00 deraadt Exp $"); #include "uidswap.h" #include "servconf.h" -/* Tries to authenticate the user using the .rhosts file and the host using - its host key. Returns true if authentication succeeds. */ +/* + * Tries to authenticate the user using the .rhosts file and the host using + * its host key. Returns true if authentication succeeds. + */ int auth_rhosts_rsa(struct passwd *pw, const char *client_user, @@ -57,8 +59,10 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, if (host_status != HOST_OK && !options.ignore_user_known_hosts) { struct stat st; char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid); - /* Check file permissions of SSH_USER_HOSTFILE, auth_rsa() - did already check pw->pw_dir, but there is a race XXX */ + /* + * Check file permissions of SSH_USER_HOSTFILE, auth_rsa() + * did already check pw->pw_dir, but there is a race XXX + */ if (options.strict_modes && (stat(user_hostfile, &st) == 0) && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || @@ -91,8 +95,10 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, canonical_hostname); return 0; } - /* We have authenticated the user using .rhosts or /etc/hosts.equiv, and the host using RSA. - We accept the authentication. */ + /* + * We have authenticated the user using .rhosts or /etc/hosts.equiv, + * and the host using RSA. We accept the authentication. + */ verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", pw->pw_name, client_user, canonical_hostname); diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c index 7e9f1d4c876..28890002d68 100644 --- a/usr.bin/ssh/auth-rhosts.c +++ b/usr.bin/ssh/auth-rhosts.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rhosts.c,v 1.10 1999/11/24 00:26:00 deraadt Exp $"); +RCSID("$Id: auth-rhosts.c,v 1.11 1999/11/24 19:53:43 markus Exp $"); #include "packet.h" #include "ssh.h" @@ -24,9 +24,11 @@ RCSID("$Id: auth-rhosts.c,v 1.10 1999/11/24 00:26:00 deraadt Exp $"); #include "uidswap.h" #include "servconf.h" -/* This function processes an rhosts-style file (.rhosts, .shosts, or - /etc/hosts.equiv). This returns true if authentication can be granted - based on the file, and returns zero otherwise. */ +/* + * This function processes an rhosts-style file (.rhosts, .shosts, or + * /etc/hosts.equiv). This returns true if authentication can be granted + * based on the file, and returns zero otherwise. + */ int check_rhosts_file(const char *filename, const char *hostname, @@ -41,7 +43,6 @@ check_rhosts_file(const char *filename, const char *hostname, if (!f) return 0; - /* Go through the file, checking every entry. */ while (fgets(buf, sizeof(buf), f)) { /* All three must be at least as big as buf to avoid overflows. */ char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp; @@ -52,13 +53,17 @@ check_rhosts_file(const char *filename, const char *hostname, if (*cp == '#' || *cp == '\n' || !*cp) continue; - /* NO_PLUS is supported at least on OSF/1. We skip it (we - don't ever support the plus syntax). */ + /* + * NO_PLUS is supported at least on OSF/1. We skip it (we + * don't ever support the plus syntax). + */ if (strncmp(cp, "NO_PLUS", 7) == 0) continue; - /* This should be safe because each buffer is as big as - the whole string, and thus cannot be overwritten. */ + /* + * This should be safe because each buffer is as big as the + * whole string, and thus cannot be overwritten. + */ switch (sscanf(buf, "%s %s %s", hostbuf, userbuf, dummy)) { case 0: packet_send_debug("Found empty line in %.100s.", filename); @@ -135,10 +140,11 @@ check_rhosts_file(const char *filename, const char *hostname, return 0; } -/* Tries to authenticate the user using the .shosts or .rhosts file. - Returns true if authentication succeeds. If ignore_rhosts is - true, only /etc/hosts.equiv will be considered (.rhosts and .shosts - are ignored). */ +/* + * Tries to authenticate the user using the .shosts or .rhosts file. Returns + * true if authentication succeeds. If ignore_rhosts is true, only + * /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored). + */ int auth_rhosts(struct passwd *pw, const char *client_user) @@ -150,11 +156,13 @@ auth_rhosts(struct passwd *pw, const char *client_user) static const char *rhosts_files[] = {".shosts", ".rhosts", NULL}; unsigned int rhosts_file_index; - /* Quick check: if the user has no .shosts or .rhosts files, - return failure immediately without doing costly lookups from - name servers. */ /* Switch to the user's uid. */ temporarily_use_uid(pw->pw_uid); + /* + * Quick check: if the user has no .shosts or .rhosts files, return + * failure immediately without doing costly lookups from name + * servers. + */ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; rhosts_file_index++) { /* Check users .rhosts or .shosts. */ @@ -172,7 +180,6 @@ auth_rhosts(struct passwd *pw, const char *client_user) stat(SSH_HOSTS_EQUIV, &st) < 0) return 0; - /* Get the name, address, and port of the remote host. */ hostname = get_canonical_hostname(); ipaddr = get_remote_ipaddr(); @@ -191,8 +198,10 @@ auth_rhosts(struct passwd *pw, const char *client_user) return 1; } } - /* Check that the home directory is owned by root or the user, and - is not group or world writable. */ + /* + * Check that the home directory is owned by root or the user, and is + * not group or world writable. + */ if (stat(pw->pw_dir, &st) < 0) { log("Rhosts authentication refused for %.100s: no home directory %.200s", pw->pw_name, pw->pw_dir); @@ -221,10 +230,12 @@ auth_rhosts(struct passwd *pw, const char *client_user) if (stat(buf, &st) < 0) continue; - /* Make sure that the file is either owned by the user or - by root, and make sure it is not writable by anyone but - the owner. This is to help avoid novices accidentally - allowing access to their account by anyone. */ + /* + * Make sure that the file is either owned by the user or by + * root, and make sure it is not writable by anyone but the + * owner. This is to help avoid novices accidentally + * allowing access to their account by anyone. + */ if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || (st.st_mode & 022) != 0)) { diff --git a/usr.bin/ssh/auth-rsa.c b/usr.bin/ssh/auth-rsa.c index 2b324a0a26d..197a2e91092 100644 --- a/usr.bin/ssh/auth-rsa.c +++ b/usr.bin/ssh/auth-rsa.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: auth-rsa.c,v 1.13 1999/11/24 00:26:00 deraadt Exp $"); +RCSID("$Id: auth-rsa.c,v 1.14 1999/11/24 19:53:44 markus Exp $"); #include "rsa.h" #include "packet.h" @@ -37,22 +37,27 @@ extern int no_pty_flag; extern char *forced_command; extern struct envstring *custom_environment; -/* Session identifier that is used to bind key exchange and authentication - responses to a particular session. */ +/* + * Session identifier that is used to bind key exchange and authentication + * responses to a particular session. + */ extern unsigned char session_id[16]; -/* The .ssh/authorized_keys file contains public keys, one per line, in the - following format: - options bits e n comment - where bits, e and n are decimal numbers, - and comment is any string of characters up to newline. The maximum - length of a line is 8000 characters. See the documentation for a - description of the options. -*/ +/* + * The .ssh/authorized_keys file contains public keys, one per line, in the + * following format: + * options bits e n comment + * where bits, e and n are decimal numbers, + * and comment is any string of characters up to newline. The maximum + * length of a line is 8000 characters. See the documentation for a + * description of the options. + */ -/* Performs the RSA authentication challenge-response dialog with the client, - and returns true (non-zero) if the client gave the correct answer to - our challenge; returns zero if the client gives a wrong answer. */ +/* + * Performs the RSA authentication challenge-response dialog with the client, + * and returns true (non-zero) if the client gave the correct answer to + * our challenge; returns zero if the client gives a wrong answer. + */ int auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) @@ -122,9 +127,11 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) return 1; } -/* Performs the RSA authentication dialog with the client. This returns - 0 if the client could not be authenticated, and 1 if authentication was - successful. This may exit if there is a serious protocol violation. */ +/* + * Performs the RSA authentication dialog with the client. This returns + * 0 if the client could not be authenticated, and 1 if authentication was + * successful. This may exit if there is a serious protocol violation. + */ int auth_rsa(struct passwd *pw, BIGNUM *client_n) @@ -198,30 +205,32 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Flag indicating whether authentication has succeeded. */ authenticated = 0; - /* Initialize mp-int variables. */ e = BN_new(); n = BN_new(); - /* Go though the accepted keys, looking for the current key. If - found, perform a challenge-response dialog to verify that the - user really has the corresponding private key. */ + /* + * Go though the accepted keys, looking for the current key. If + * found, perform a challenge-response dialog to verify that the + * user really has the corresponding private key. + */ while (fgets(line, sizeof(line), f)) { char *cp; char *options; linenum++; - /* Skip leading whitespace. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++); - - /* Skip empty and comment lines. */ + /* Skip leading whitespace, empty and comment lines. */ + for (cp = line; *cp == ' ' || *cp == '\t'; cp++) + ; if (!*cp || *cp == '\n' || *cp == '#') continue; - /* Check if there are options for this key, and if so, - save their starting address and skip the option part - for now. If there are no options, set the starting - address to NULL. */ + /* + * Check if there are options for this key, and if so, + * save their starting address and skip the option part + * for now. If there are no options, set the starting + * address to NULL. + */ if (*cp < '0' || *cp > '9') { int quoted = 0; options = cp; @@ -252,7 +261,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Check if the we have found the desired key (identified by its modulus). */ if (BN_cmp(n, client_n) != 0) - continue; /* Wrong key. */ + continue; /* We have found the desired key. */ @@ -263,10 +272,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) packet_send_debug("Wrong response to RSA authentication challenge."); continue; } - /* Correct response. The client has been successfully - authenticated. Note that we have not yet processed the - options; this will be reset if the options cause the - authentication to be rejected. */ + /* + * Correct response. The client has been successfully + * authenticated. Note that we have not yet processed the + * options; this will be reset if the options cause the + * authentication to be rejected. + */ authenticated = 1; /* RSA part of authentication was accepted. Now process the options. */ @@ -406,7 +417,6 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) goto next_option; } bad_option: - /* Unknown option. */ log("Bad options in %.100s file, line %lu: %.50s", SSH_USER_PERMITTED_KEYS, linenum, options); packet_send_debug("Bad options in %.100s file, line %lu: %.50s", @@ -415,12 +425,14 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) break; next_option: - /* Skip the comma, and move to the next option - (or break out if there are no more). */ + /* + * Skip the comma, and move to the next option + * (or break out if there are no more). + */ if (!*options) fatal("Bugs in auth-rsa.c option processing."); if (*options == ' ' || *options == '\t') - break; /* End of options. */ + break; /* End of options. */ if (*options != ',') goto bad_option; options++; @@ -428,8 +440,10 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) continue; } } - /* Break out of the loop if authentication was successful; - otherwise continue searching. */ + /* + * Break out of the loop if authentication was successful; + * otherwise continue searching. + */ if (authenticated) break; } @@ -440,7 +454,6 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) /* Close the file. */ fclose(f); - /* Clear any mp-int variables. */ BN_clear_free(n); BN_clear_free(e); diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c index d70686362ac..0e65f50e3cd 100644 --- a/usr.bin/ssh/authfd.c +++ b/usr.bin/ssh/authfd.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: authfd.c,v 1.13 1999/11/24 00:26:00 deraadt Exp $"); +RCSID("$Id: authfd.c,v 1.14 1999/11/24 19:53:44 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -58,9 +58,11 @@ ssh_get_authentication_socket() return sock; } -/* Closes the agent socket if it should be closed (depends on how it was - obtained). The argument must have been returned by - ssh_get_authentication_socket(). */ +/* + * Closes the agent socket if it should be closed (depends on how it was + * obtained). The argument must have been returned by + * ssh_get_authentication_socket(). + */ void ssh_close_authentication_socket(int sock) @@ -69,11 +71,13 @@ ssh_close_authentication_socket(int sock) close(sock); } -/* Opens and connects a private socket for communication with the - authentication agent. Returns the file descriptor (which must be - shut down and closed by the caller when no longer needed). - Returns NULL if an error occurred and the connection could not be - opened. */ +/* + * Opens and connects a private socket for communication with the + * authentication agent. Returns the file descriptor (which must be + * shut down and closed by the caller when no longer needed). + * Returns NULL if an error occurred and the connection could not be + * opened. + */ AuthenticationConnection * ssh_get_authentication_connection() @@ -83,12 +87,13 @@ ssh_get_authentication_connection() sock = ssh_get_authentication_socket(); - /* Fail if we couldn't obtain a connection. This happens if we - exited due to a timeout. */ + /* + * Fail if we couldn't obtain a connection. This happens if we + * exited due to a timeout. + */ if (sock < 0) return NULL; - /* Applocate the connection structure and initialize it. */ auth = xmalloc(sizeof(*auth)); auth->fd = sock; buffer_init(&auth->packet); @@ -98,8 +103,10 @@ ssh_get_authentication_connection() return auth; } -/* Closes the connection to the authentication agent and frees any associated - memory. */ +/* + * Closes the connection to the authentication agent and frees any associated + * memory. + */ void ssh_close_authentication_connection(AuthenticationConnection *ac) @@ -110,10 +117,12 @@ ssh_close_authentication_connection(AuthenticationConnection *ac) xfree(ac); } -/* Returns the first authentication identity held by the agent. - Returns true if an identity is available, 0 otherwise. - The caller must initialize the integers before the call, and free the - comment after a successful call (before calling ssh_get_next_identity). */ +/* + * Returns the first authentication identity held by the agent. + * Returns true if an identity is available, 0 otherwise. + * The caller must initialize the integers before the call, and free the + * comment after a successful call (before calling ssh_get_next_identity). + */ int ssh_get_first_identity(AuthenticationConnection *auth, @@ -122,8 +131,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, unsigned char msg[8192]; int len, l; - /* Send a message to the agent requesting for a list of the - identities it can represent. */ + /* + * Send a message to the agent requesting for a list of the + * identities it can represent. + */ msg[0] = 0; msg[1] = 0; msg[2] = 0; @@ -144,8 +155,10 @@ ssh_get_first_identity(AuthenticationConnection *auth, len -= l; } - /* Extract the length, and check it for sanity. (We cannot trust - authentication agents). */ + /* + * Extract the length, and check it for sanity. (We cannot trust + * authentication agents). + */ len = GET_32BIT(msg); if (len < 1 || len > 256 * 1024) fatal("Authentication reply message too long: %d\n", len); @@ -177,10 +190,12 @@ ssh_get_first_identity(AuthenticationConnection *auth, return ssh_get_next_identity(auth, e, n, comment); } -/* Returns the next authentication identity for the agent. Other functions - can be called between this and ssh_get_first_identity or two calls of this - function. This returns 0 if there are no more identities. The caller - must free comment after a successful return. */ +/* + * Returns the next authentication identity for the agent. Other functions + * can be called between this and ssh_get_first_identity or two calls of this + * function. This returns 0 if there are no more identities. The caller + * must free comment after a successful return. + */ int ssh_get_next_identity(AuthenticationConnection *auth, @@ -192,8 +207,10 @@ ssh_get_next_identity(AuthenticationConnection *auth, if (auth->howmany <= 0) return 0; - /* Get the next entry from the packet. These will abort with a - fatal error if the packet is too short or contains corrupt data. */ + /* + * Get the next entry from the packet. These will abort with a fatal + * error if the packet is too short or contains corrupt data. + */ bits = buffer_get_int(&auth->identities); buffer_get_bignum(&auth->identities, e); buffer_get_bignum(&auth->identities, n); @@ -209,11 +226,13 @@ ssh_get_next_identity(AuthenticationConnection *auth, return 1; } -/* Generates a random challenge, sends it to the agent, and waits for response - from the agent. Returns true (non-zero) if the agent gave the correct - answer, zero otherwise. Response type selects the style of response - desired, with 0 corresponding to protocol version 1.0 (no longer supported) - and 1 corresponding to protocol version 1.1. */ +/* + * Generates a random challenge, sends it to the agent, and waits for + * response from the agent. Returns true (non-zero) if the agent gave the + * correct answer, zero otherwise. Response type selects the style of + * response desired, with 0 corresponding to protocol version 1.0 (no longer + * supported) and 1 corresponding to protocol version 1.1. + */ int ssh_decrypt_challenge(AuthenticationConnection *auth, @@ -254,8 +273,10 @@ error_cleanup: buffer_free(&buffer); return 0; } - /* Wait for response from the agent. First read the length of the - response packet. */ + /* + * Wait for response from the agent. First read the length of the + * response packet. + */ len = 4; while (len > 0) { l = read(auth->fd, buf + 4 - len, len); @@ -298,8 +319,10 @@ error_cleanup: if (buf[0] != SSH_AGENT_RSA_RESPONSE) fatal("Bad authentication response: %d", buf[0]); - /* Get the response from the packet. This will abort with a fatal - error if the packet is corrupt. */ + /* + * Get the response from the packet. This will abort with a fatal + * error if the packet is corrupt. + */ for (i = 0; i < 16; i++) response[i] = buffer_get_char(&buffer); @@ -310,8 +333,10 @@ error_cleanup: return 1; } -/* Adds an identity to the authentication server. This call is not meant to - be used by normal applications. */ +/* + * Adds an identity to the authentication server. This call is not meant to + * be used by normal applications. + */ int ssh_add_identity(AuthenticationConnection *auth, @@ -396,8 +421,10 @@ error_cleanup: return 0; } -/* Removes an identity from the authentication server. This call is not meant - to be used by normal applications. */ +/* + * Removes an identity from the authentication server. This call is not + * meant to be used by normal applications. + */ int ssh_remove_identity(AuthenticationConnection *auth, RSA *key) @@ -426,8 +453,10 @@ error_cleanup: buffer_free(&buffer); return 0; } - /* Wait for response from the agent. First read the length of the - response packet. */ + /* + * Wait for response from the agent. First read the length of the + * response packet. + */ len = 4; while (len > 0) { l = read(auth->fd, buf + 4 - len, len); @@ -475,8 +504,10 @@ error_cleanup: return 0; } -/* Removes all identities from the agent. This call is not meant - to be used by normal applications. */ +/* + * Removes all identities from the agent. This call is not meant to be used + * by normal applications. + */ int ssh_remove_all_identities(AuthenticationConnection *auth) @@ -494,8 +525,10 @@ ssh_remove_all_identities(AuthenticationConnection *auth) error("Error writing to authentication socket."); return 0; } - /* Wait for response from the agent. First read the length of the - response packet. */ + /* + * Wait for response from the agent. First read the length of the + * response packet. + */ len = 4; while (len > 0) { l = read(auth->fd, buf + 4 - len, len); diff --git a/usr.bin/ssh/authfd.h b/usr.bin/ssh/authfd.h index a808ba0a7a6..2af4858052f 100644 --- a/usr.bin/ssh/authfd.h +++ b/usr.bin/ssh/authfd.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: authfd.h,v 1.5 1999/11/24 00:26:00 deraadt Exp $"); */ +/* RCSID("$Id: authfd.h,v 1.6 1999/11/24 19:53:44 markus Exp $"); */ #ifndef AUTHFD_H #define AUTHFD_H @@ -40,33 +40,43 @@ typedef struct { /* Returns the number of the authentication fd, or -1 if there is none. */ int ssh_get_authentication_socket(); -/* This should be called for any descriptor returned by - ssh_get_authentication_socket(). Depending on the way the descriptor was - obtained, this may close the descriptor. */ +/* + * This should be called for any descriptor returned by + * ssh_get_authentication_socket(). Depending on the way the descriptor was + * obtained, this may close the descriptor. + */ void ssh_close_authentication_socket(int authfd); -/* Opens and connects a private socket for communication with the - authentication agent. Returns NULL if an error occurred and the - connection could not be opened. The connection should be closed by - the caller by calling ssh_close_authentication_connection(). */ +/* + * Opens and connects a private socket for communication with the + * authentication agent. Returns NULL if an error occurred and the + * connection could not be opened. The connection should be closed by the + * caller by calling ssh_close_authentication_connection(). + */ AuthenticationConnection *ssh_get_authentication_connection(); -/* Closes the connection to the authentication agent and frees any associated - memory. */ +/* + * Closes the connection to the authentication agent and frees any associated + * memory. + */ void ssh_close_authentication_connection(AuthenticationConnection * ac); -/* Returns the first authentication identity held by the agent. - Returns true if an identity is available, 0 otherwise. - The caller must initialize the integers before the call, and free the - comment after a successful call (before calling ssh_get_next_identity). */ +/* + * Returns the first authentication identity held by the agent. Returns true + * if an identity is available, 0 otherwise. The caller must initialize the + * integers before the call, and free the comment after a successful call + * (before calling ssh_get_next_identity). + */ int ssh_get_first_identity(AuthenticationConnection * connection, BIGNUM * e, BIGNUM * n, char **comment); -/* Returns the next authentication identity for the agent. Other functions - can be called between this and ssh_get_first_identity or two calls of this - function. This returns 0 if there are no more identities. The caller - must free comment after a successful return. */ +/* + * Returns the next authentication identity for the agent. Other functions + * can be called between this and ssh_get_first_identity or two calls of this + * function. This returns 0 if there are no more identities. The caller + * must free comment after a successful return. + */ int ssh_get_next_identity(AuthenticationConnection * connection, BIGNUM * e, BIGNUM * n, char **comment); @@ -80,24 +90,30 @@ ssh_decrypt_challenge(AuthenticationConnection * auth, unsigned int response_type, unsigned char response[16]); -/* Adds an identity to the authentication server. This call is not meant to - be used by normal applications. This returns true if the identity - was successfully added. */ - int ssh_add_identity(AuthenticationConnection * connection, - RSA * key, const char *comment); +/* + * Adds an identity to the authentication server. This call is not meant to + * be used by normal applications. This returns true if the identity was + * successfully added. + */ +int +ssh_add_identity(AuthenticationConnection * connection, RSA * key, + const char *comment); -/* Removes the identity from the authentication server. This call is - not meant to be used by normal applications. This returns true if the - identity was successfully added. */ - int ssh_remove_identity(AuthenticationConnection * connection, - RSA * key); +/* + * Removes the identity from the authentication server. This call is not + * meant to be used by normal applications. This returns true if the + * identity was successfully added. + */ +int ssh_remove_identity(AuthenticationConnection * connection, RSA * key); -/* Removes all identities from the authentication agent. This call is not - meant to be used by normal applications. This returns true if the - operation was successful. */ - int ssh_remove_all_identities(AuthenticationConnection * connection); +/* + * Removes all identities from the authentication agent. This call is not + * meant to be used by normal applications. This returns true if the + * operation was successful. + */ +int ssh_remove_all_identities(AuthenticationConnection * connection); /* Closes the connection to the authentication agent. */ - void ssh_close_authentication(AuthenticationConnection * connection); +void ssh_close_authentication(AuthenticationConnection * connection); #endif /* AUTHFD_H */ diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c index 143cdf00c7b..14f6ffd0696 100644 --- a/usr.bin/ssh/authfile.c +++ b/usr.bin/ssh/authfile.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: authfile.c,v 1.9 1999/11/24 00:26:00 deraadt Exp $"); +RCSID("$Id: authfile.c,v 1.10 1999/11/24 19:53:44 markus Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -27,10 +27,12 @@ RCSID("$Id: authfile.c,v 1.9 1999/11/24 00:26:00 deraadt Exp $"); /* Version identification string for identity files. */ #define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n" -/* Saves the authentication (private) key in a file, encrypting it with - passphrase. The identification of the file (lowest 64 bits of n) - will precede the key to provide identification of the key without - needing a passphrase. */ +/* + * Saves the authentication (private) key in a file, encrypting it with + * passphrase. The identification of the file (lowest 64 bits of n) will + * precede the key to provide identification of the key without needing a + * passphrase. + */ int save_private_key(const char *filename, const char *passphrase, @@ -43,9 +45,10 @@ save_private_key(const char *filename, const char *passphrase, int cipher_type; u_int32_t rand; - /* If the passphrase is empty, use SSH_CIPHER_NONE to ease - converting to another cipher; otherwise use - SSH_AUTHFILE_CIPHER. */ + /* + * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting + * to another cipher; otherwise use SSH_AUTHFILE_CIPHER. + */ if (strcmp(passphrase, "") == 0) cipher_type = SSH_CIPHER_NONE; else @@ -62,9 +65,11 @@ save_private_key(const char *filename, const char *passphrase, buf[3] = buf[1]; buffer_append(&buffer, buf, 4); - /* Store the private key (n and e will not be stored because they - will be stored in plain text, and storing them also in - encrypted format would just give known plaintext). */ + /* + * Store the private key (n and e will not be stored because they + * will be stored in plain text, and storing them also in encrypted + * format would just give known plaintext). + */ buffer_put_bignum(&buffer, key->d); buffer_put_bignum(&buffer, key->iqmp); buffer_put_bignum(&buffer, key->q); /* reverse from SSL p */ @@ -106,11 +111,9 @@ save_private_key(const char *filename, const char *passphrase, memset(buf, 0, sizeof(buf)); buffer_free(&buffer); - /* Write to a file. */ f = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (f < 0) return 0; - if (write(f, buffer_ptr(&encrypted), buffer_len(&encrypted)) != buffer_len(&encrypted)) { debug("Write to key file %.200s failed: %.100s", filename, @@ -125,9 +128,11 @@ save_private_key(const char *filename, const char *passphrase, return 1; } -/* Loads the public part of the key file. Returns 0 if an error - was encountered (the file does not exist or is not readable), and - non-zero otherwise. */ +/* + * Loads the public part of the key file. Returns 0 if an error was + * encountered (the file does not exist or is not readable), and non-zero + * otherwise. + */ int load_public_key(const char *filename, RSA * pub, @@ -138,11 +143,9 @@ load_public_key(const char *filename, RSA * pub, Buffer buffer; char *cp; - /* Read data from the file into the buffer. */ f = open(filename, O_RDONLY); if (f < 0) return 0; - len = lseek(f, (off_t) 0, SEEK_END); lseek(f, (off_t) 0, SEEK_SET); @@ -164,8 +167,10 @@ load_public_key(const char *filename, RSA * pub, buffer_free(&buffer); return 0; } - /* Make sure it begins with the id string. Consume the id string - from the buffer. */ + /* + * Make sure it begins with the id string. Consume the id string + * from the buffer. + */ for (i = 0; i < (unsigned int) strlen(AUTHFILE_ID_STRING) + 1; i++) if (buffer_get_char(&buffer) != (unsigned char) AUTHFILE_ID_STRING[i]) { debug("Bad key file %.200s.", filename); @@ -191,9 +196,12 @@ load_public_key(const char *filename, RSA * pub, return 1; } -/* Loads the private key from the file. Returns 0 if an error is encountered - (file does not exist or is not readable, or passphrase is bad). - This initializes the private key. */ +/* + * Loads the private key from the file. Returns 0 if an error is encountered + * (file does not exist or is not readable, or passphrase is bad). This + * initializes the private key. + * Assumes we are called under uid of the owner of the file. + */ int load_private_key(const char *filename, const char *passphrase, @@ -208,12 +216,11 @@ load_private_key(const char *filename, const char *passphrase, BIGNUM *aux; struct stat st; - /* Read the file into the buffer. */ f = open(filename, O_RDONLY); if (f < 0) return 0; - /* We assume we are called under uid of the owner of the file */ + /* check owner and modes */ if (fstat(f, &st) < 0 || (st.st_uid != 0 && st.st_uid != getuid()) || (st.st_mode & 077) != 0) { @@ -246,8 +253,10 @@ load_private_key(const char *filename, const char *passphrase, buffer_free(&buffer); return 0; } - /* Make sure it begins with the id string. Consume the id string - from the buffer. */ + /* + * Make sure it begins with the id string. Consume the id string + * from the buffer. + */ for (i = 0; i < (unsigned int) strlen(AUTHFILE_ID_STRING) + 1; i++) if (buffer_get_char(&buffer) != (unsigned char) AUTHFILE_ID_STRING[i]) { debug("Bad key file %.200s.", filename); diff --git a/usr.bin/ssh/bufaux.c b/usr.bin/ssh/bufaux.c index 6b59c8f1d91..5091968c564 100644 --- a/usr.bin/ssh/bufaux.c +++ b/usr.bin/ssh/bufaux.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: bufaux.c,v 1.6 1999/11/24 00:26:01 deraadt Exp $"); +RCSID("$Id: bufaux.c,v 1.7 1999/11/24 19:53:44 markus Exp $"); #include "ssh.h" #include <ssl/bn.h> @@ -47,7 +47,7 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value) buffer_append(buffer, msg, 2); /* Store the binary data. */ buffer_append(buffer, buf, oi); - /* Clear the temporary data. */ + memset(buf, 0, bin_size); xfree(buf); } diff --git a/usr.bin/ssh/bufaux.h b/usr.bin/ssh/bufaux.h index d7839c2f7bd..124a2656ba5 100644 --- a/usr.bin/ssh/bufaux.h +++ b/usr.bin/ssh/bufaux.h @@ -11,15 +11,17 @@ * */ -/* RCSID("$Id: bufaux.h,v 1.3 1999/11/24 00:26:01 deraadt Exp $"); */ +/* RCSID("$Id: bufaux.h,v 1.4 1999/11/24 19:53:44 markus Exp $"); */ #ifndef BUFAUX_H #define BUFAUX_H #include "buffer.h" -/* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed - by (bits+7)/8 bytes of binary data, msb first. */ +/* + * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed + * by (bits+7)/8 bytes of binary data, msb first. + */ void buffer_put_bignum(Buffer * buffer, BIGNUM * value); /* Retrieves an BIGNUM from the buffer. */ @@ -37,12 +39,14 @@ int buffer_get_char(Buffer * buffer); /* Stores a character in the buffer. */ void buffer_put_char(Buffer * buffer, int value); -/* Returns an arbitrary binary string from the buffer. The string cannot - be longer than 256k. The returned value points to memory allocated - with xmalloc; it is the responsibility of the calling function to free - the data. If length_ptr is non-NULL, the length of the returned data - will be stored there. A null character will be automatically appended - to the returned string, and is not counted in length. */ +/* + * Returns an arbitrary binary string from the buffer. The string cannot be + * longer than 256k. The returned value points to memory allocated with + * xmalloc; it is the responsibility of the calling function to free the + * data. If length_ptr is non-NULL, the length of the returned data will be + * stored there. A null character will be automatically appended to the + * returned string, and is not counted in length. + */ char *buffer_get_string(Buffer * buffer, unsigned int *length_ptr); /* Stores and arbitrary binary string in the buffer. */ diff --git a/usr.bin/ssh/buffer.c b/usr.bin/ssh/buffer.c index 0f117ccc1c7..65579341b8c 100644 --- a/usr.bin/ssh/buffer.c +++ b/usr.bin/ssh/buffer.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: buffer.c,v 1.3 1999/11/24 00:26:01 deraadt Exp $"); +RCSID("$Id: buffer.c,v 1.4 1999/11/24 19:53:44 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -40,8 +40,10 @@ buffer_free(Buffer *buffer) xfree(buffer->buf); } -/* Clears any data from the buffer, making it empty. This does not actually - zero the memory. */ +/* + * Clears any data from the buffer, making it empty. This does not actually + * zero the memory. + */ void buffer_clear(Buffer *buffer) @@ -60,9 +62,11 @@ buffer_append(Buffer *buffer, const char *data, unsigned int len) memcpy(cp, data, len); } -/* Appends space to the buffer, expanding the buffer if necessary. - This does not actually copy the data into the buffer, but instead - returns a pointer to the allocated region. */ +/* + * Appends space to the buffer, expanding the buffer if necessary. This does + * not actually copy the data into the buffer, but instead returns a pointer + * to the allocated region. + */ void buffer_append_space(Buffer *buffer, char **datap, unsigned int len) @@ -79,8 +83,10 @@ restart: buffer->end += len; return; } - /* If the buffer is quite empty, but all data is at the end, move - the data to the beginning and retry. */ + /* + * If the buffer is quite empty, but all data is at the end, move the + * data to the beginning and retry. + */ if (buffer->offset > buffer->alloc / 2) { memmove(buffer->buf, buffer->buf + buffer->offset, buffer->end - buffer->offset); diff --git a/usr.bin/ssh/buffer.h b/usr.bin/ssh/buffer.h index 5031ea5790e..04efc25221c 100644 --- a/usr.bin/ssh/buffer.h +++ b/usr.bin/ssh/buffer.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: buffer.h,v 1.2 1999/11/24 00:26:01 deraadt Exp $"); */ +/* RCSID("$Id: buffer.h,v 1.3 1999/11/24 19:53:44 markus Exp $"); */ #ifndef BUFFER_H #define BUFFER_H @@ -37,9 +37,11 @@ void buffer_clear(Buffer * buffer); /* Appends data to the buffer, expanding it if necessary. */ void buffer_append(Buffer * buffer, const char *data, unsigned int len); -/* Appends space to the buffer, expanding the buffer if necessary. - This does not actually copy the data into the buffer, but instead - returns a pointer to the allocated region. */ +/* + * Appends space to the buffer, expanding the buffer if necessary. This does + * not actually copy the data into the buffer, but instead returns a pointer + * to the allocated region. + */ void buffer_append_space(Buffer * buffer, char **datap, unsigned int len); /* Returns the number of bytes of data in the buffer. */ @@ -57,8 +59,10 @@ void buffer_consume_end(Buffer * buffer, unsigned int bytes); /* Returns a pointer to the first used byte in the buffer. */ char *buffer_ptr(Buffer * buffer); -/* Dumps the contents of the buffer to stderr in hex. This intended for - debugging purposes only. */ +/* + * Dumps the contents of the buffer to stderr in hex. This intended for + * debugging purposes only. + */ void buffer_dump(Buffer * buffer); #endif /* BUFFER_H */ diff --git a/usr.bin/ssh/canohost.c b/usr.bin/ssh/canohost.c index 91a6c257566..a3ca1778519 100644 --- a/usr.bin/ssh/canohost.c +++ b/usr.bin/ssh/canohost.c @@ -14,14 +14,16 @@ */ #include "includes.h" -RCSID("$Id: canohost.c,v 1.7 1999/11/24 00:26:01 deraadt Exp $"); +RCSID("$Id: canohost.c,v 1.8 1999/11/24 19:53:44 markus Exp $"); #include "packet.h" #include "xmalloc.h" #include "ssh.h" -/* Return the canonical name of the host at the other end of the socket. - The caller should free the returned string with xfree. */ +/* + * Return the canonical name of the host at the other end of the socket. The + * caller should free the returned string with xfree. + */ char * get_remote_hostname(int socket) @@ -52,19 +54,23 @@ get_remote_hostname(int socket) else strlcpy(name, hp->h_name, sizeof(name)); - /* Convert it to all lowercase (which is expected by the - rest of this software). */ + /* + * Convert it to all lowercase (which is expected by the rest + * of this software). + */ for (i = 0; name[i]; i++) if (isupper(name[i])) name[i] = tolower(name[i]); - /* Map it back to an IP address and check that the given - address actually is an address of this host. This is - necessary because anyone with access to a name server - can define arbitrary names for an IP address. Mapping - from name to IP address can be trusted better (but can - still be fooled if the intruder has access to the name - server of the domain). */ + /* + * Map it back to an IP address and check that the given + * address actually is an address of this host. This is + * necessary because anyone with access to a name server can + * define arbitrary names for an IP address. Mapping from + * name to IP address can be trusted better (but can still be + * fooled if the intruder has access to the name server of + * the domain). + */ hp = gethostbyname(name); if (!hp) { log("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); @@ -76,8 +82,10 @@ get_remote_hostname(int socket) if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr)) == 0) break; - /* If we reached the end of the list, the address was not - there. */ + /* + * If we reached the end of the list, the address was not + * there. + */ if (!hp->h_addr_list[i]) { /* Address not found for the host name. */ log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", @@ -94,16 +102,17 @@ get_remote_hostname(int socket) check_ip_options: - /* If IP options are supported, make sure there are none (log and - disconnect them if any are found). Basically we are worried - about source routing; it can be used to pretend you are - somebody (ip-address) you are not. That itself may be "almost - acceptable" under certain circumstances, but rhosts - autentication is useless if source routing is accepted. Notice - also that if we just dropped source routing here, the other - side could use IP spoofing to do rest of the interaction and - could still bypass security. So we exit here if we detect any - IP options. */ + /* + * If IP options are supported, make sure there are none (log and + * disconnect them if any are found). Basically we are worried about + * source routing; it can be used to pretend you are somebody + * (ip-address) you are not. That itself may be "almost acceptable" + * under certain circumstances, but rhosts autentication is useless + * if source routing is accepted. Notice also that if we just dropped + * source routing here, the other side could use IP spoofing to do + * rest of the interaction and could still bypass security. So we + * exit here if we detect any IP options. + */ { unsigned char options[200], *ucp; char text[1024], *cp; @@ -134,9 +143,11 @@ check_ip_options: static char *canonical_host_name = NULL; static char *canonical_host_ip = NULL; -/* Return the canonical name of the host in the other side of the current - connection. The host name is cached, so it is efficient to call this - several times. */ +/* + * Return the canonical name of the host in the other side of the current + * connection. The host name is cached, so it is efficient to call this + * several times. + */ const char * get_canonical_hostname() @@ -154,8 +165,10 @@ get_canonical_hostname() return canonical_host_name; } -/* Returns the IP-address of the remote host as a string. The returned - string need not be freed. */ +/* + * Returns the IP-address of the remote host as a string. The returned + * string need not be freed. + */ const char * get_remote_ipaddr() @@ -163,7 +176,7 @@ get_remote_ipaddr() struct sockaddr_in from; int fromlen, socket; - /* Check if we have previously retrieved this same name. */ + /* Check whether we have chached the name. */ if (canonical_host_ip != NULL) return canonical_host_ip; @@ -215,8 +228,10 @@ get_remote_port() { int socket; - /* If the connection is not a socket, return 65535. This is - intentionally chosen to be an unprivileged port number. */ + /* + * If the connection is not a socket, return 65535. This is + * intentionally chosen to be an unprivileged port number. + */ if (packet_get_connection_in() != packet_get_connection_out()) return 65535; diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index a10b9c356f8..a9084d3fe78 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -16,7 +16,7 @@ */ #include "includes.h" -RCSID("$Id: channels.c,v 1.26 1999/11/24 00:26:01 deraadt Exp $"); +RCSID("$Id: channels.c,v 1.27 1999/11/24 19:53:45 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -37,17 +37,23 @@ RCSID("$Id: channels.c,v 1.26 1999/11/24 00:26:01 deraadt Exp $"); /* Max len of agent socket */ #define MAX_SOCKET_NAME 100 -/* Pointer to an array containing all allocated channels. The array is - dynamically extended as needed. */ +/* + * Pointer to an array containing all allocated channels. The array is + * dynamically extended as needed. + */ static Channel *channels = NULL; -/* Size of the channel array. All slots of the array must always be - initialized (at least the type field); unused slots are marked with - type SSH_CHANNEL_FREE. */ +/* + * Size of the channel array. All slots of the array must always be + * initialized (at least the type field); unused slots are marked with type + * SSH_CHANNEL_FREE. + */ static int channels_alloc = 0; -/* Maximum file descriptor value used in any of the channels. This is updated - in channel_allocate. */ +/* + * Maximum file descriptor value used in any of the channels. This is + * updated in channel_allocate. + */ static int channel_max_fd_value = 0; /* Name and directory of socket for authentication agent forwarding. */ @@ -61,15 +67,19 @@ char *x11_saved_proto = NULL; char *x11_saved_data = NULL; unsigned int x11_saved_data_len = 0; -/* Fake X11 authentication data. This is what the server will be sending - us; we should replace any occurrences of this by the real data. */ +/* + * Fake X11 authentication data. This is what the server will be sending us; + * we should replace any occurrences of this by the real data. + */ char *x11_fake_data = NULL; unsigned int x11_fake_data_len; -/* Data structure for storing which hosts are permitted for forward requests. - The local sides of any remote forwards are stored in this array to prevent - a corrupt remote server from accessing arbitrary TCP/IP ports on our - local network (which might be behind a firewall). */ +/* + * Data structure for storing which hosts are permitted for forward requests. + * The local sides of any remote forwards are stored in this array to prevent + * a corrupt remote server from accessing arbitrary TCP/IP ports on our local + * network (which might be behind a firewall). + */ typedef struct { char *host; /* Host name. */ int port; /* Port number. */ @@ -79,9 +89,11 @@ typedef struct { static ForwardPermission permitted_opens[SSH_MAX_FORWARDS_PER_DIRECTION]; /* Number of permitted host/port pairs in the array. */ static int num_permitted_opens = 0; -/* If this is true, all opens are permitted. This is the case on the - server on which we have to trust the client anyway, and the user could - do anything after logging in anyway. */ +/* + * If this is true, all opens are permitted. This is the case on the server + * on which we have to trust the client anyway, and the user could do + * anything after logging in anyway. + */ static int all_opens_permitted = 0; /* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */ @@ -95,9 +107,11 @@ channel_set_options(int hostname_in_open) have_hostname_in_open = hostname_in_open; } -/* Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually - called by the server, because the user could connect to any port anyway, - and the server has no way to know but to trust the client anyway. */ +/* + * Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually + * called by the server, because the user could connect to any port anyway, + * and the server has no way to know but to trust the client anyway. + */ void channel_permit_all_opens() @@ -105,8 +119,10 @@ channel_permit_all_opens() all_opens_permitted = 1; } -/* Allocate a new channel object and set its type and socket. - This will cause remote_name to be freed. */ +/* + * Allocate a new channel object and set its type and socket. This will cause + * remote_name to be freed. + */ int channel_allocate(int type, int sock, char *remote_name) @@ -117,6 +133,7 @@ channel_allocate(int type, int sock, char *remote_name) /* Update the maximum file descriptor value. */ if (sock > channel_max_fd_value) channel_max_fd_value = sock; + /* XXX set close-on-exec -markus */ /* Do initial allocation if this is the first call. */ if (channels_alloc == 0) { @@ -124,9 +141,10 @@ channel_allocate(int type, int sock, char *remote_name) channels = xmalloc(channels_alloc * sizeof(Channel)); for (i = 0; i < channels_alloc; i++) channels[i].type = SSH_CHANNEL_FREE; - - /* Kludge: arrange a call to channel_stop_listening if we - terminate with fatal(). */ + /* + * Kludge: arrange a call to channel_stop_listening if we + * terminate with fatal(). + */ fatal_add_cleanup((void (*) (void *)) channel_stop_listening, NULL); } /* Try to find a free slot where to put the new channel. */ @@ -137,8 +155,7 @@ channel_allocate(int type, int sock, char *remote_name) break; } if (found == -1) { - /* There are no free slots. Take last+1 slot and expand - the array. */ + /* There are no free slots. Take last+1 slot and expand the array. */ found = channels_alloc; channels_alloc += 10; debug("channel: expanding %d", channels_alloc); @@ -181,8 +198,10 @@ channel_free(int channel) } } -/* This is called just before select() to add any bits relevant to - channels in the select bitmasks. */ +/* + * This is called just before select() to add any bits relevant to channels + * in the select bitmasks. + */ void channel_prepare_select(fd_set * readset, fd_set * writeset) @@ -248,15 +267,16 @@ redo: break; case SSH_CHANNEL_X11_OPEN: - /* This is a special state for X11 authentication - spoofing. An opened X11 connection (when - authentication spoofing is being done) remains - in this state until the first packet has been - completely read. The authentication data in - that packet is then substituted by the real - data if it matches the fake data, and the - channel is put into normal mode. */ - + /* + * This is a special state for X11 authentication + * spoofing. An opened X11 connection (when + * authentication spoofing is being done) remains in + * this state until the first packet has been + * completely read. The authentication data in that + * packet is then substituted by the real data if it + * matches the fake data, and the channel is put into + * normal mode. + */ /* Check if the fixed size part of the packet is in buffer. */ if (buffer_len(&ch->output) < 12) break; @@ -303,9 +323,11 @@ redo: ch->type = SSH_CHANNEL_OPEN; goto reject; } - /* Received authentication protocol and data match - our fake data. Substitute the fake data with - real data. */ + /* + * Received authentication protocol and data match + * our fake data. Substitute the fake data with real + * data. + */ memcpy(ucp + 12 + ((proto_len + 3) & ~3), x11_saved_data, x11_saved_data_len); @@ -314,8 +336,10 @@ redo: goto redo; reject: - /* We have received an X11 connection that has bad - authentication information. */ + /* + * We have received an X11 connection that has bad + * authentication information. + */ log("X11 connection rejected because of wrong authentication.\r\n"); buffer_clear(&ch->input); buffer_clear(&ch->output); @@ -341,8 +365,10 @@ redo: } } -/* After select, perform any appropriate operations for channels which - have events pending. */ +/* + * After select, perform any appropriate operations for channels which have + * events pending. + */ void channel_after_select(fd_set * readset, fd_set * writeset) @@ -381,8 +407,10 @@ channel_after_select(fd_set * readset, fd_set * writeset) break; case SSH_CHANNEL_PORT_LISTENER: - /* This socket is listening for connections to a - forwarded TCP/IP port. */ + /* + * This socket is listening for connections to a + * forwarded TCP/IP port. + */ if (FD_ISSET(ch->sock, readset)) { debug("Connection to port %d forwarding to %.100s:%d requested.", ch->listening_port, ch->path, ch->host_port); @@ -410,8 +438,10 @@ channel_after_select(fd_set * readset, fd_set * writeset) break; case SSH_CHANNEL_AUTH_SOCKET: - /* This is the authentication agent socket - listening for connections from clients. */ + /* + * This is the authentication agent socket listening + * for connections from clients. + */ if (FD_ISSET(ch->sock, readset)) { int nchan; len = sizeof(addr); @@ -429,13 +459,16 @@ channel_after_select(fd_set * readset, fd_set * writeset) break; case SSH_CHANNEL_OPEN: - /* This is an open two-way communication channel. - It is not of interest to us at this point what - kind of data is being transmitted. */ - - /* Read available incoming data and append it to - buffer; shutdown socket, if read or write - failes */ + /* + * This is an open two-way communication channel. It + * is not of interest to us at this point what kind + * of data is being transmitted. + */ + + /* + * Read available incoming data and append it to + * buffer; shutdown socket, if read or write failes + */ if (FD_ISSET(ch->sock, readset)) { len = read(ch->sock, buf, sizeof(buf)); if (len <= 0) { @@ -500,8 +533,7 @@ channel_output_poll() for (i = 0; i < channels_alloc; i++) { ch = &channels[i]; - /* We are only interested in channels that can have - buffered incoming data. */ + /* We are only interested in channels that can have buffered incoming data. */ if (ch->type != SSH_CHANNEL_OPEN && ch->type != SSH_CHANNEL_INPUT_DRAINING) continue; @@ -509,8 +541,7 @@ channel_output_poll() /* Get the amount of buffered data for this channel. */ len = buffer_len(&ch->input); if (len > 0) { - /* Send some data for the other side over the - secure connection. */ + /* Send some data for the other side over the secure connection. */ if (packet_is_interactive()) { if (len > 1024) len = 512; @@ -527,17 +558,20 @@ channel_output_poll() } else if (ch->istate == CHAN_INPUT_WAIT_DRAIN) { if (compat13) fatal("cannot happen: istate == INPUT_WAIT_DRAIN for proto 1.3"); - /* input-buffer is empty and read-socket shutdown: - tell peer, that we will not send more data: - send IEOF */ + /* + * input-buffer is empty and read-socket shutdown: + * tell peer, that we will not send more data: send IEOF + */ chan_ibuf_empty(ch); } } } -/* This is called when a packet of type CHANNEL_DATA has just been received. - The message type has already been consumed, but channel number and data - is still there. */ +/* + * This is called when a packet of type CHANNEL_DATA has just been received. + * The message type has already been consumed, but channel number and data is + * still there. + */ void channel_input_data(int payload_len) @@ -564,8 +598,10 @@ channel_input_data(int payload_len) xfree(data); } -/* Returns true if no channel has too much buffered data, and false if - one or more channel is overfull. */ +/* + * Returns true if no channel has too much buffered data, and false if one or + * more channel is overfull. + */ int channel_not_very_much_buffered_data() @@ -615,20 +651,27 @@ channel_input_close() chan_rcvd_ieof(&channels[channel]); return; } - /* Send a confirmation that we have closed the channel and no more - data is coming for it. */ + + /* + * Send a confirmation that we have closed the channel and no more + * data is coming for it. + */ packet_start(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION); packet_put_int(channels[channel].remote_id); packet_send(); - /* If the channel is in closed state, we have sent a close - request, and the other side will eventually respond with a - confirmation. Thus, we cannot free the channel here, because - then there would be no-one to receive the confirmation. The - channel gets freed when the confirmation arrives. */ + /* + * If the channel is in closed state, we have sent a close request, + * and the other side will eventually respond with a confirmation. + * Thus, we cannot free the channel here, because then there would be + * no-one to receive the confirmation. The channel gets freed when + * the confirmation arrives. + */ if (channels[channel].type != SSH_CHANNEL_CLOSED) { - /* Not a closed channel - mark it as draining, which will - cause it to be freed later. */ + /* + * Not a closed channel - mark it as draining, which will + * cause it to be freed later. + */ buffer_consume(&channels[channel].input, buffer_len(&channels[channel].input)); channels[channel].type = SSH_CHANNEL_OUTPUT_DRAINING; @@ -678,8 +721,7 @@ channel_input_open_confirmation() /* Get remote side's id for this channel. */ remote_channel = packet_get_int(); - /* Record the remote channel number and mark that the channel is - now open. */ + /* Record the remote channel number and mark that the channel is now open. */ channels[channel].remote_id = remote_channel; channels[channel].type = SSH_CHANNEL_OPEN; } @@ -702,8 +744,10 @@ channel_input_open_failure() channel_free(channel); } -/* Stops listening for channels, and removes any unix domain sockets that - we might have. */ +/* + * Stops listening for channels, and removes any unix domain sockets that we + * might have. + */ void channel_stop_listening() @@ -727,8 +771,10 @@ channel_stop_listening() } } -/* Closes the sockets of all channels. This is used to close extra file - descriptors after a fork. */ +/* + * Closes the sockets of all channels. This is used to close extra file + * descriptors after a fork. + */ void channel_close_all() @@ -778,9 +824,11 @@ channel_still_open() return 0; } -/* Returns a message describing the currently open forwarded - connections, suitable for sending to the client. The message - contains crlf pairs for newlines. */ +/* + * Returns a message describing the currently open forwarded connections, + * suitable for sending to the client. The message contains crlf pairs for + * newlines. + */ char * channel_open_message() @@ -822,8 +870,10 @@ channel_open_message() return cp; } -/* Initiate forwarding of connections to local port "port" through the secure - channel to host:port from remote side. */ +/* + * Initiate forwarding of connections to local port "port" through the secure + * channel to host:port from remote side. + */ void channel_request_local_forwarding(int port, const char *host, @@ -866,8 +916,10 @@ channel_request_local_forwarding(int port, const char *host, channels[ch].listening_port = port; } -/* Initiate forwarding of connections to port "port" on remote host through - the secure channel to host:port from local side. */ +/* + * Initiate forwarding of connections to port "port" on remote host through + * the secure channel to host:port from local side. + */ void channel_request_remote_forwarding(int port, const char *host, @@ -890,15 +942,18 @@ channel_request_remote_forwarding(int port, const char *host, packet_send(); packet_write_wait(); - /* Wait for response from the remote side. It will send a - disconnect message on failure, and we will never see it here. */ + /* + * Wait for response from the remote side. It will send a disconnect + * message on failure, and we will never see it here. + */ packet_read_expect(&payload_len, SSH_SMSG_SUCCESS); } -/* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates - listening for the port, and sends back a success reply (or disconnect - message if there was an error). This never returns if there was an - error. */ +/* + * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates + * listening for the port, and sends back a success reply (or disconnect + * message if there was an error). This never returns if there was an error. + */ void channel_input_port_forward_request(int is_root) @@ -915,8 +970,10 @@ channel_input_port_forward_request(int is_root) if ((port & 0xffff) != port) packet_disconnect("Requested forwarding of nonexistent port %d.", port); - /* Check that an unprivileged user is not trying to forward a - privileged port. */ + /* + * Check that an unprivileged user is not trying to forward a + * privileged port. + */ if (port < IPPORT_RESERVED && !is_root) packet_disconnect("Requested forwarding of port %d but user is not root.", port); @@ -928,9 +985,11 @@ channel_input_port_forward_request(int is_root) xfree(hostname); } -/* This is called after receiving PORT_OPEN message. This attempts to connect - to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION or - CHANNEL_OPEN_FAILURE. */ +/* + * This is called after receiving PORT_OPEN message. This attempts to + * connect to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION + * or CHANNEL_OPEN_FAILURE. + */ void channel_input_port_open(int payload_len) @@ -1040,9 +1099,11 @@ fail: packet_send(); } -/* Creates an internet domain socket for listening for X11 connections. - Returns a suitable value for the DISPLAY variable, or NULL if an error - occurs. */ +/* + * Creates an internet domain socket for listening for X11 connections. + * Returns a suitable value for the DISPLAY variable, or NULL if an error + * occurs. + */ char * x11_create_display_inet(int screen_number) @@ -1134,9 +1195,11 @@ connect_local_xsocket(unsigned dnr) } -/* This is called when SSH_SMSG_X11_OPEN is received. The packet contains - the remote channel number. We should do whatever we want, and respond - with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. */ +/* + * This is called when SSH_SMSG_X11_OPEN is received. The packet contains + * the remote channel number. We should do whatever we want, and respond + * with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. + */ void x11_input_open(int payload_len) @@ -1166,11 +1229,15 @@ x11_input_open(int payload_len) error("DISPLAY not set."); goto fail; } - /* Now we decode the value of the DISPLAY variable and make a - connection to the real X server. */ - - /* Check if it is a unix domain socket. Unix domain displays are - in one of the following formats: unix:d[.s], :d[.s], ::d[.s] */ + /* + * Now we decode the value of the DISPLAY variable and make a + * connection to the real X server. + */ + + /* + * Check if it is a unix domain socket. Unix domain displays are in + * one of the following formats: unix:d[.s], :d[.s], ::d[.s] + */ if (strncmp(display, "unix:", 5) == 0 || display[0] == ':') { /* Connect to the unix domain socket. */ @@ -1187,8 +1254,10 @@ x11_input_open(int payload_len) /* OK, we now have a connection to the display. */ goto success; } - /* Connect to an inet socket. The DISPLAY value is supposedly - hostname:d[.s], where hostname may also be numeric IP address. */ + /* + * Connect to an inet socket. The DISPLAY value is supposedly + * hostname:d[.s], where hostname may also be numeric IP address. + */ strncpy(buf, display, sizeof(buf)); buf[sizeof(buf) - 1] = 0; cp = strchr(buf, ':'); @@ -1197,8 +1266,7 @@ x11_input_open(int payload_len) goto fail; } *cp = 0; - /* buf now contains the host name. But first we parse the display - number. */ + /* buf now contains the host name. But first we parse the display number. */ if (sscanf(cp + 1, "%d", &display_number) != 1) { error("Could not parse display number from DISPLAY: %.100s", display); @@ -1267,8 +1335,10 @@ fail: packet_send(); } -/* Requests forwarding of X11 connections, generates fake authentication - data, and enables authentication spoofing. */ +/* + * Requests forwarding of X11 connections, generates fake authentication + * data, and enables authentication spoofing. + */ void x11_request_forwarding_with_spoofing(const char *proto, const char *data) @@ -1293,8 +1363,10 @@ x11_request_forwarding_with_spoofing(const char *proto, const char *data) /* Save protocol name. */ x11_saved_proto = xstrdup(proto); - /* Extract real authentication data and generate fake data of the - same length. */ + /* + * Extract real authentication data and generate fake data of the + * same length. + */ x11_saved_data = xmalloc(data_len); x11_fake_data = xmalloc(data_len); for (i = 0; i < data_len; i++) { @@ -1334,9 +1406,11 @@ auth_request_forwarding() packet_write_wait(); } -/* Returns the name of the forwarded authentication socket. Returns NULL - if there is no forwarded authentication socket. The returned value - points to a static buffer. */ +/* + * Returns the name of the forwarded authentication socket. Returns NULL if + * there is no forwarded authentication socket. The returned value points to + * a static buffer. + */ char * auth_get_socket_name() @@ -1353,8 +1427,10 @@ cleanup_socket(void) rmdir(channel_forwarded_auth_socket_dir); } -/* This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. - This starts forwarding authentication requests. */ +/* + * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. + * This starts forwarding authentication requests. + */ void auth_input_request_forwarding(struct passwd * pw) @@ -1422,14 +1498,18 @@ auth_input_open_request() /* Read the remote channel number from the message. */ remch = packet_get_int(); - /* Get a connection to the local authentication agent (this may - again get forwarded). */ + /* + * Get a connection to the local authentication agent (this may again + * get forwarded). + */ sock = ssh_get_authentication_socket(); - /* If we could not connect the agent, send an error message back - to the server. This should never happen unless the agent dies, - because authentication forwarding is only enabled if we have an - agent. */ + /* + * If we could not connect the agent, send an error message back to + * the server. This should never happen unless the agent dies, + * because authentication forwarding is only enabled if we have an + * agent. + */ if (sock < 0) { packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); packet_put_int(remch); @@ -1438,9 +1518,11 @@ auth_input_open_request() } debug("Forwarding authentication connection."); - /* Dummy host name. This will be freed when the channel is freed; - it will still be valid in the packet_put_string below since the - channel cannot yet be freed at that point. */ + /* + * Dummy host name. This will be freed when the channel is freed; it + * will still be valid in the packet_put_string below since the + * channel cannot yet be freed at that point. + */ dummyname = xstrdup("authentication agent connection"); newch = channel_allocate(SSH_CHANNEL_OPEN, sock, dummyname); diff --git a/usr.bin/ssh/channels.h b/usr.bin/ssh/channels.h index f55b74c2c01..93a7b539b76 100644 --- a/usr.bin/ssh/channels.h +++ b/usr.bin/ssh/channels.h @@ -1,29 +1,26 @@ -/* RCSID("$Id: channels.h,v 1.5 1999/11/24 00:26:01 deraadt Exp $"); */ +/* RCSID("$Id: channels.h,v 1.6 1999/11/24 19:53:45 markus Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H /* Definitions for channel types. */ -#define SSH_CHANNEL_FREE 0 /* This channel is free - * (unused). */ -#define SSH_CHANNEL_X11_LISTENER 1 /* Listening for inet X11 - * conn. */ +#define SSH_CHANNEL_FREE 0 /* This channel is free (unused). */ +#define SSH_CHANNEL_X11_LISTENER 1 /* Listening for inet X11 conn. */ #define SSH_CHANNEL_PORT_LISTENER 2 /* Listening on a port. */ #define SSH_CHANNEL_OPENING 3 /* waiting for confirmation */ #define SSH_CHANNEL_OPEN 4 /* normal open two-way channel */ -#define SSH_CHANNEL_CLOSED 5 /* waiting for close - * confirmation */ -/* SSH_CHANNEL_AUTH_FD 6 authentication fd */ +#define SSH_CHANNEL_CLOSED 5 /* waiting for close confirmation */ +/* SSH_CHANNEL_AUTH_FD 6 authentication fd */ #define SSH_CHANNEL_AUTH_SOCKET 7 /* authentication socket */ -/* SSH_CHANNEL_AUTH_SOCKET_FD 8 connection to auth socket */ +/* SSH_CHANNEL_AUTH_SOCKET_FD 8 connection to auth socket */ #define SSH_CHANNEL_X11_OPEN 9 /* reading first X11 packet */ -#define SSH_CHANNEL_INPUT_DRAINING 10 /* sending remaining data to - * conn */ -#define SSH_CHANNEL_OUTPUT_DRAINING 11 /* sending remaining data to - * app */ +#define SSH_CHANNEL_INPUT_DRAINING 10 /* sending remaining data to conn */ +#define SSH_CHANNEL_OUTPUT_DRAINING 11 /* sending remaining data to app */ -/* Data structure for channel data. This is iniailized in channel_allocate - and cleared in channel_free. */ +/* + * Data structure for channel data. This is iniailized in channel_allocate + * and cleared in channel_free. + */ typedef struct Channel { int type; /* channel type/state */ diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c index 06176271020..2364b71ea84 100644 --- a/usr.bin/ssh/cipher.c +++ b/usr.bin/ssh/cipher.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.17 1999/11/24 00:26:01 deraadt Exp $"); +RCSID("$Id: cipher.c,v 1.18 1999/11/24 19:53:45 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -116,8 +116,10 @@ detect_cbc_attack(const unsigned char *src, cipher_attack_detected("CRC-32 CBC insertion attack detected"); } -/* Names of all encryption algorithms. These must match the numbers defined - int cipher.h. */ +/* + * Names of all encryption algorithms. + * These must match the numbers defined in cipher.h. + */ static char *cipher_names[] = { "none", @@ -129,9 +131,11 @@ static char *cipher_names[] = "blowfish" }; -/* Returns a bit mask indicating which ciphers are supported by this - implementation. The bit mask has the corresponding bit set of each - supported cipher. */ +/* + * Returns a bit mask indicating which ciphers are supported by this + * implementation. The bit mask has the corresponding bit set of each + * supported cipher. + */ unsigned int cipher_mask() @@ -153,8 +157,10 @@ cipher_name(int cipher) return cipher_names[cipher]; } -/* Parses the name of the cipher. Returns the number of the corresponding - cipher, or -1 on error. */ +/* + * Parses the name of the cipher. Returns the number of the corresponding + * cipher, or -1 on error. + */ int cipher_number(const char *name) @@ -167,8 +173,10 @@ cipher_number(const char *name) return -1; } -/* Selects the cipher, and keys if by computing the MD5 checksum of the - passphrase and using the resulting 16 bytes as the key. */ +/* + * Selects the cipher, and keys if by computing the MD5 checksum of the + * passphrase and using the resulting 16 bytes as the key. + */ void cipher_set_key_string(CipherContext *context, int cipher, @@ -206,15 +214,18 @@ cipher_set_key(CipherContext *context, int cipher, /* Initialize the initialization vector. */ switch (cipher) { case SSH_CIPHER_NONE: - /* Has to stay for authfile saving of private key with - no passphrase */ + /* + * Has to stay for authfile saving of private key with no + * passphrase + */ break; case SSH_CIPHER_3DES: - /* Note: the least significant bit of each byte of key is - parity, and must be ignored by the implementation. 16 - bytes of key are used (first and last keys are the - same). */ + /* + * Note: the least significant bit of each byte of key is + * parity, and must be ignored by the implementation. 16 + * bytes of key are used (first and last keys are the same). + */ if (keylen < 16) error("Key length %d is insufficient for 3DES.", keylen); des_set_key((void *) padded, context->u.des3.key1); diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h index 3f2e202442b..2e06c98f90e 100644 --- a/usr.bin/ssh/cipher.h +++ b/usr.bin/ssh/cipher.h @@ -11,7 +11,7 @@ * */ -/* RCSID("$Id: cipher.h,v 1.9 1999/11/24 00:26:01 deraadt Exp $"); */ +/* RCSID("$Id: cipher.h,v 1.10 1999/11/24 19:53:46 markus Exp $"); */ #ifndef CIPHER_H #define CIPHER_H @@ -46,26 +46,34 @@ typedef struct { } bf; } u; } CipherContext; -/* Returns a bit mask indicating which ciphers are supported by this - implementation. The bit mask has the corresponding bit set of each - supported cipher. */ +/* + * Returns a bit mask indicating which ciphers are supported by this + * implementation. The bit mask has the corresponding bit set of each + * supported cipher. + */ unsigned int cipher_mask(); /* Returns the name of the cipher. */ const char *cipher_name(int cipher); -/* Parses the name of the cipher. Returns the number of the corresponding - cipher, or -1 on error. */ +/* + * Parses the name of the cipher. Returns the number of the corresponding + * cipher, or -1 on error. + */ int cipher_number(const char *name); -/* Selects the cipher to use and sets the key. If for_encryption is true, - the key is setup for encryption; otherwise it is setup for decryption. */ +/* + * Selects the cipher to use and sets the key. If for_encryption is true, + * the key is setup for encryption; otherwise it is setup for decryption. + */ void cipher_set_key(CipherContext * context, int cipher, const unsigned char *key, int keylen, int for_encryption); -/* Sets key for the cipher by computing the MD5 checksum of the passphrase, - and using the resulting 16 bytes as the key. */ +/* + * Sets key for the cipher by computing the MD5 checksum of the passphrase, + * and using the resulting 16 bytes as the key. + */ void cipher_set_key_string(CipherContext * context, int cipher, const char *passphrase, int for_encryption); @@ -80,8 +88,10 @@ void cipher_decrypt(CipherContext * context, unsigned char *dest, const unsigned char *src, unsigned int len); -/* If and CRC-32 attack is detected this function is called. Defaults - * to fatal, changed to packet_disconnect in sshd and ssh. */ -extern void (*cipher_attack_detected) (const char *fmt,...); +/* + * If and CRC-32 attack is detected this function is called. Defaults to + * fatal, changed to packet_disconnect in sshd and ssh. + */ +extern void (*cipher_attack_detected) (const char *fmt, ...); #endif /* CIPHER_H */ diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index b8ea16f0e52..e12110daf38 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: clientloop.c,v 1.12 1999/11/24 00:26:01 deraadt Exp $"); +RCSID("$Id: clientloop.c,v 1.13 1999/11/24 19:53:46 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -27,22 +27,28 @@ RCSID("$Id: clientloop.c,v 1.12 1999/11/24 00:26:01 deraadt Exp $"); /* Flag indicating that stdin should be redirected from /dev/null. */ extern int stdin_null_flag; -/* Name of the host we are connecting to. This is the name given on the - command line, or the HostName specified for the user-supplied name - in a configuration file. */ +/* + * Name of the host we are connecting to. This is the name given on the + * command line, or the HostName specified for the user-supplied name in a + * configuration file. + */ extern char *host; -/* Flag to indicate that we have received a window change signal which has - not yet been processed. This will cause a message indicating the new - window size to be sent to the server a little later. This is volatile - because this is updated in a signal handler. */ +/* + * Flag to indicate that we have received a window change signal which has + * not yet been processed. This will cause a message indicating the new + * window size to be sent to the server a little later. This is volatile + * because this is updated in a signal handler. + */ static volatile int received_window_change_signal = 0; /* Terminal modes, as saved by enter_raw_mode. */ static struct termios saved_tio; -/* Flag indicating whether we are in raw mode. This is used by enter_raw_mode - and leave_raw_mode. */ +/* + * Flag indicating whether we are in raw mode. This is used by + * enter_raw_mode and leave_raw_mode. + */ static int in_raw_mode = 0; /* Flag indicating whether the user\'s terminal is in non-blocking mode. */ @@ -64,8 +70,7 @@ static unsigned long stdin_bytes, stdout_bytes, stderr_bytes; static int quit_pending; /* Set to non-zero to quit the client loop. */ static int escape_char; /* Escape character. */ -/* Returns the user\'s terminal to normal mode if it had been put in raw - mode. */ +/* Returns the user\'s terminal to normal mode if it had been put in raw mode. */ void leave_raw_mode() @@ -127,8 +132,10 @@ enter_non_blocking() fatal_add_cleanup((void (*) (void *)) leave_non_blocking, NULL); } -/* Signal handler for the window change signal (SIGWINCH). This just - sets a flag indicating that the window has changed. */ +/* + * Signal handler for the window change signal (SIGWINCH). This just sets a + * flag indicating that the window has changed. + */ void window_change_handler(int sig) @@ -137,8 +144,10 @@ window_change_handler(int sig) signal(SIGWINCH, window_change_handler); } -/* Signal handler for signals that cause the program to terminate. These - signals must be trapped to restore terminal modes. */ +/* + * Signal handler for signals that cause the program to terminate. These + * signals must be trapped to restore terminal modes. + */ void signal_handler(int sig) @@ -152,8 +161,10 @@ signal_handler(int sig) fatal("Killed by signal %d.", sig); } -/* Returns current time in seconds from Jan 1, 1970 with the maximum available - resolution. */ +/* + * Returns current time in seconds from Jan 1, 1970 with the maximum + * available resolution. + */ double get_current_time() @@ -163,9 +174,11 @@ get_current_time() return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; } -/* This is called when the interactive is entered. This checks if there - is an EOF coming on stdin. We must check this explicitly, as select() - does not appear to wake up when redirecting from /dev/null. */ +/* + * This is called when the interactive is entered. This checks if there is + * an EOF coming on stdin. We must check this explicitly, as select() does + * not appear to wake up when redirecting from /dev/null. + */ void client_check_initial_eof_on_stdin() @@ -173,13 +186,14 @@ client_check_initial_eof_on_stdin() int len; char buf[1]; - /* If standard input is to be "redirected from /dev/null", we - simply mark that we have seen an EOF and send an EOF message to - the server. Otherwise, we try to read a single character; it - appears that for some files, such /dev/null, select() never - wakes up for read for this descriptor, which means that we - never get EOF. This way we will get the EOF if stdin comes - from /dev/null or similar. */ + /* + * If standard input is to be "redirected from /dev/null", we simply + * mark that we have seen an EOF and send an EOF message to the + * server. Otherwise, we try to read a single character; it appears + * that for some files, such /dev/null, select() never wakes up for + * read for this descriptor, which means that we never get EOF. This + * way we will get the EOF if stdin comes from /dev/null or similar. + */ if (stdin_null_flag) { /* Fake EOF on stdin. */ debug("Sending eof."); @@ -187,22 +201,22 @@ client_check_initial_eof_on_stdin() packet_start(SSH_CMSG_EOF); packet_send(); } else { - /* Enter non-blocking mode for stdin. */ enter_non_blocking(); /* Check for immediate EOF on stdin. */ len = read(fileno(stdin), buf, 1); if (len == 0) { - /* EOF. Record that we have seen it and send EOF - to server. */ + /* EOF. Record that we have seen it and send EOF to server. */ debug("Sending eof."); stdin_eof = 1; packet_start(SSH_CMSG_EOF); packet_send(); } else if (len > 0) { - /* Got data. We must store the data in the - buffer, and also process it as an escape - character if appropriate. */ + /* + * Got data. We must store the data in the buffer, + * and also process it as an escape character if + * appropriate. + */ if ((unsigned char) buf[0] == escape_char) escape_pending = 1; else { @@ -210,13 +224,14 @@ client_check_initial_eof_on_stdin() stdin_bytes += 1; } } - /* Leave non-blocking mode. */ leave_non_blocking(); } } -/* Get packets from the connection input buffer, and process them as long - as there are packets available. */ +/* + * Get packets from the connection input buffer, and process them as long as + * there are packets available. + */ void client_process_buffered_input_packets() @@ -255,8 +270,10 @@ client_process_buffered_input_packets() /* Acknowledge the exit. */ packet_start(SSH_CMSG_EXIT_CONFIRMATION); packet_send(); - /* Must wait for packet to be sent since we are - exiting the loop. */ + /* + * Must wait for packet to be sent since we are + * exiting the loop. + */ packet_write_wait(); /* Flag that we want to exit. */ quit_pending = 1; @@ -300,20 +317,24 @@ client_process_buffered_input_packets() break; default: - /* Any unknown packets received during the actual - session cause the session to terminate. This - is intended to make debugging easier since no - confirmations are sent. Any compatible - protocol extensions must be negotiated during - the preparatory phase. */ + /* + * Any unknown packets received during the actual + * session cause the session to terminate. This is + * intended to make debugging easier since no + * confirmations are sent. Any compatible protocol + * extensions must be negotiated during the + * preparatory phase. + */ packet_disconnect("Protocol error during session: type %d", type); } } } -/* Make packets from buffered stdin data, and buffer them for sending to - the connection. */ +/* + * Make packets from buffered stdin data, and buffer them for sending to the + * connection. + */ void client_make_packets_from_stdin_data() @@ -339,10 +360,12 @@ client_make_packets_from_stdin_data() } } -/* Checks if the client window has changed, and sends a packet about it to - the server if so. The actual change is detected elsewhere (by a software - interrupt on Unix); this just checks the flag and sends a message if - appropriate. */ +/* + * Checks if the client window has changed, and sends a packet about it to + * the server if so. The actual change is detected elsewhere (by a software + * interrupt on Unix); this just checks the flag and sends a message if + * appropriate. + */ void client_check_window_change() @@ -367,8 +390,10 @@ client_check_window_change() } } -/* Waits until the client can do something (some data becomes available on - one of the file descriptors). */ +/* + * Waits until the client can do something (some data becomes available on + * one of the file descriptors). + */ void client_wait_until_can_do_something(fd_set * readset, fd_set * writeset) @@ -382,8 +407,10 @@ client_wait_until_can_do_something(fd_set * readset, fd_set * writeset) channel_not_very_much_buffered_data()) FD_SET(connection_in, readset); - /* Read from stdin, unless we have seen EOF or have very much - buffered data to send to the server. */ + /* + * Read from stdin, unless we have seen EOF or have very much + * buffered data to send to the server. + */ if (!stdin_eof && packet_not_very_much_data_to_write()) FD_SET(fileno(stdin), readset); @@ -408,13 +435,14 @@ client_wait_until_can_do_something(fd_set * readset, fd_set * writeset) if (channel_max_fd() > max_fd) max_fd = channel_max_fd(); - /* Wait for something to happen. This will suspend the process - until some selected descriptor can be read, written, or has - some other event pending. - Note: if you want to implement SSH_MSG_IGNORE messages to fool - traffic analysis, this might be the place to do it: - just have a random timeout for the select, and send a random - SSH_MSG_IGNORE packet when the timeout expires. */ + /* + * Wait for something to happen. This will suspend the process until + * some selected descriptor can be read, written, or has some other + * event pending. Note: if you want to implement SSH_MSG_IGNORE + * messages to fool traffic analysis, this might be the place to do + * it: just have a random timeout for the select, and send a random + * SSH_MSG_IGNORE packet when the timeout expires. + */ if (select(max_fd + 1, readset, writeset, NULL, NULL) < 0) { char buf[100]; @@ -446,11 +474,12 @@ client_suspend_self() buffer_ptr(&stderr_buffer), buffer_len(&stderr_buffer)); - /* Leave raw mode. */ leave_raw_mode(); - /* Free (and clear) the buffer to reduce the amount of data that - gets written to swap. */ + /* + * Free (and clear) the buffer to reduce the amount of data that gets + * written to swap. + */ buffer_free(&stdin_buffer); buffer_free(&stdout_buffer); buffer_free(&stderr_buffer); @@ -474,7 +503,6 @@ client_suspend_self() buffer_init(&stdout_buffer); buffer_init(&stderr_buffer); - /* Re-enter raw mode. */ enter_raw_mode(); } @@ -484,8 +512,10 @@ client_process_input(fd_set * readset) int len, pid; char buf[8192], *s; - /* Read input from the server, and add any such data to the buffer - of the packet subsystem. */ + /* + * Read input from the server, and add any such data to the buffer of + * the packet subsystem. + */ if (FD_ISSET(connection_in, readset)) { /* Read as much as possible. */ len = read(connection_in, buf, sizeof(buf)); @@ -498,9 +528,10 @@ client_process_input(fd_set * readset) quit_pending = 1; return; } - /* There is a kernel bug on Solaris that causes select to - sometimes wake up even though there is no data - available. */ + /* + * There is a kernel bug on Solaris that causes select to + * sometimes wake up even though there is no data available. + */ if (len < 0 && errno == EAGAIN) len = 0; @@ -520,9 +551,11 @@ client_process_input(fd_set * readset) /* Read as much as possible. */ len = read(fileno(stdin), buf, sizeof(buf)); if (len <= 0) { - /* Received EOF or error. They are treated - similarly, except that an error message is - printed if it was an error condition. */ + /* + * Received EOF or error. They are treated + * similarly, except that an error message is printed + * if it was an error condition. + */ if (len < 0) { snprintf(buf, sizeof buf, "read: %.100s\r\n", strerror(errno)); buffer_append(&stderr_buffer, buf, strlen(buf)); @@ -530,32 +563,35 @@ client_process_input(fd_set * readset) } /* Mark that we have seen EOF. */ stdin_eof = 1; - /* Send an EOF message to the server unless there - is data in the buffer. If there is data in the - buffer, no message will be sent now. Code - elsewhere will send the EOF when the buffer - becomes empty if stdin_eof is set. */ + /* + * Send an EOF message to the server unless there is + * data in the buffer. If there is data in the + * buffer, no message will be sent now. Code + * elsewhere will send the EOF when the buffer + * becomes empty if stdin_eof is set. + */ if (buffer_len(&stdin_buffer) == 0) { packet_start(SSH_CMSG_EOF); packet_send(); } } else if (escape_char == -1) { - /* Normal successful read, and no escape - character. Just append the data to buffer. */ + /* + * Normal successful read, and no escape character. + * Just append the data to buffer. + */ buffer_append(&stdin_buffer, buf, len); stdin_bytes += len; } else { - /* Normal, successful read. But we have an escape - character and have to process the characters - one by one. */ + /* + * Normal, successful read. But we have an escape character + * and have to process the characters one by one. + */ unsigned int i; for (i = 0; i < len; i++) { unsigned char ch; /* Get one character at a time. */ ch = buf[i]; - /* Check if we have a pending escape - character. */ if (escape_pending) { /* We have previously seen an escape character. */ /* Clear the flag now. */ @@ -584,12 +620,16 @@ client_process_input(fd_set * readset) continue; case '&': - /* Detach the program (continue to serve connections, - but put in background and no more new connections). */ + /* + * Detach the program (continue to serve connections, + * but put in background and no more new connections). + */ if (!stdin_eof) { - /* Sending SSH_CMSG_EOF alone does not always appear - to be enough. So we try to send an EOF character - first. */ + /* + * Sending SSH_CMSG_EOF alone does not always appear + * to be enough. So we try to send an EOF character + * first. + */ packet_start(SSH_CMSG_STDIN_DATA); packet_put_string("\004", 1); packet_send(); @@ -646,22 +686,28 @@ Supported escape sequences:\r\n\ default: if (ch != escape_char) { - /* Escape character followed by non-special character. - Append both to the input buffer. */ + /* + * Escape character followed by non-special character. + * Append both to the input buffer. + */ buf[0] = escape_char; buf[1] = ch; buffer_append(&stdin_buffer, buf, 2); stdin_bytes += 2; continue; } - /* Note that escape character typed twice - falls through here; the latter gets processed - as a normal character below. */ + /* + * Note that escape character typed twice + * falls through here; the latter gets processed + * as a normal character below. + */ break; } } else { - /* The previous character was not an escape char. Check if this - is an escape. */ + /* + * The previous character was not an escape char. Check if this + * is an escape. + */ if (last_was_cr && ch == escape_char) { /* It is. Set the flag and continue to next character. */ escape_pending = 1; @@ -669,8 +715,10 @@ Supported escape sequences:\r\n\ } } - /* Normal character. Record whether it was a newline, and append it to the - buffer. */ + /* + * Normal character. Record whether it was a newline, + * and append it to the buffer. + */ last_was_cr = (ch == '\r' || ch == '\n'); buf[0] = ch; buffer_append(&stdin_buffer, buf, 1); @@ -696,8 +744,10 @@ client_process_output(fd_set * writeset) if (errno == EAGAIN) len = 0; else { - /* An error or EOF was encountered. Put - an error message to stderr buffer. */ + /* + * An error or EOF was encountered. Put an + * error message to stderr buffer. + */ snprintf(buf, sizeof buf, "write stdout: %.50s\r\n", strerror(errno)); buffer_append(&stderr_buffer, buf, strlen(buf)); stderr_bytes += strlen(buf); @@ -717,8 +767,7 @@ client_process_output(fd_set * writeset) if (errno == EAGAIN) len = 0; else { - /* EOF or error, but can't even print - error message. */ + /* EOF or error, but can't even print error message. */ quit_pending = 1; return; } @@ -728,11 +777,12 @@ client_process_output(fd_set * writeset) } } -/* Implements the interactive session with the server. This is called - after the user has been authenticated, and a command has been - started on the remote host. If escape_char != -1, it is the character - used as an escape character for terminating or suspending the - session. */ +/* + * Implements the interactive session with the server. This is called after + * the user has been authenticated, and a command has been started on the + * remote host. If escape_char != -1, it is the character used as an escape + * character for terminating or suspending the session. + */ int client_loop(int have_pty, int escape_char_arg) @@ -776,7 +826,6 @@ client_loop(int have_pty, int escape_char_arg) if (have_pty) signal(SIGWINCH, window_change_handler); - /* Enter raw mode if have a pseudo terminal. */ if (have_pty) enter_raw_mode(); @@ -787,27 +836,35 @@ client_loop(int have_pty, int escape_char_arg) while (!quit_pending) { fd_set readset, writeset; - /* Precess buffered packets sent by the server. */ + /* Process buffered packets sent by the server. */ client_process_buffered_input_packets(); - /* Make packets of buffered stdin data, and buffer them - for sending to the server. */ + /* + * Make packets of buffered stdin data, and buffer them for + * sending to the server. + */ client_make_packets_from_stdin_data(); - /* Make packets from buffered channel data, and buffer - them for sending to the server. */ + /* + * Make packets from buffered channel data, and buffer them + * for sending to the server. + */ if (packet_not_very_much_data_to_write()) channel_output_poll(); - /* Check if the window size has changed, and buffer a - message about it to the server if so. */ + /* + * Check if the window size has changed, and buffer a message + * about it to the server if so. + */ client_check_window_change(); if (quit_pending) break; - /* Wait until we have something to do (something becomes - available on one of the descriptors). */ + /* + * Wait until we have something to do (something becomes + * available on one of the descriptors). + */ client_wait_until_can_do_something(&readset, &writeset); if (quit_pending) @@ -816,16 +873,19 @@ client_loop(int have_pty, int escape_char_arg) /* Do channel operations. */ channel_after_select(&readset, &writeset); - /* Process input from the connection and from stdin. - Buffer any data that is available. */ + /* + * Process input from the connection and from stdin. Buffer + * any data that is available. + */ client_process_input(&readset); - /* Process output to stdout and stderr. Output to the - connection is processed elsewhere (above). */ + /* + * Process output to stdout and stderr. Output to the + * connection is processed elsewhere (above). + */ client_process_output(&writeset); - /* Send as much buffered packet data as possible to the - sender. */ + /* Send as much buffered packet data as possible to the sender. */ if (FD_ISSET(connection_out, &writeset)) packet_write_poll(); } @@ -839,8 +899,10 @@ client_loop(int have_pty, int escape_char_arg) /* Stop listening for connections. */ channel_stop_listening(); - /* In interactive mode (with pseudo tty) display a message - indicating that the connection has been closed. */ + /* + * In interactive mode (with pseudo tty) display a message indicating + * that the connection has been closed. + */ if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) { snprintf(buf, sizeof buf, "Connection to %.64s closed.\r\n", host); buffer_append(&stderr_buffer, buf, strlen(buf)); @@ -868,7 +930,6 @@ client_loop(int have_pty, int escape_char_arg) buffer_consume(&stderr_buffer, len); } - /* Leave raw mode. */ if (have_pty) leave_raw_mode(); diff --git a/usr.bin/ssh/compress.c b/usr.bin/ssh/compress.c index be9180e6d12..f4a87857348 100644 --- a/usr.bin/ssh/compress.c +++ b/usr.bin/ssh/compress.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: compress.c,v 1.3 1999/11/24 00:26:01 deraadt Exp $"); +RCSID("$Id: compress.c,v 1.4 1999/11/24 19:53:46 markus Exp $"); #include "ssh.h" #include "buffer.h" @@ -23,8 +23,10 @@ RCSID("$Id: compress.c,v 1.3 1999/11/24 00:26:01 deraadt Exp $"); static z_stream incoming_stream; static z_stream outgoing_stream; -/* Initializes compression; level is compression level from 1 to 9 - (as in gzip). */ +/* + * Initializes compression; level is compression level from 1 to 9 + * (as in gzip). + */ void buffer_compress_init(int level) @@ -53,13 +55,14 @@ buffer_compress_uninit() deflateEnd(&outgoing_stream); } -/* Compresses the contents of input_buffer into output_buffer. All - packets compressed using this function will form a single - compressed data stream; however, data will be flushed at the end of - every call so that each output_buffer can be decompressed - independently (but in the appropriate order since they together - form a single compression stream) by the receiver. This appends - the compressed data to the output buffer. */ +/* + * Compresses the contents of input_buffer into output_buffer. All packets + * compressed using this function will form a single compressed data stream; + * however, data will be flushed at the end of every call so that each + * output_buffer can be decompressed independently (but in the appropriate + * order since they together form a single compression stream) by the + * receiver. This appends the compressed data to the output buffer. + */ void buffer_compress(Buffer * input_buffer, Buffer * output_buffer) @@ -106,13 +109,14 @@ buffer_compress(Buffer * input_buffer, Buffer * output_buffer) while (outgoing_stream.avail_out == 0); } -/* Uncompresses the contents of input_buffer into output_buffer. All - packets uncompressed using this function will form a single - compressed data stream; however, data will be flushed at the end of - every call so that each output_buffer. This must be called for the - same size units that the buffer_compress was called, and in the - same order that buffers compressed with that. This appends the - uncompressed data to the output buffer. */ +/* + * Uncompresses the contents of input_buffer into output_buffer. All packets + * uncompressed using this function will form a single compressed data + * stream; however, data will be flushed at the end of every call so that + * each output_buffer. This must be called for the same size units that the + * buffer_compress was called, and in the same order that buffers compressed + * with that. This appends the uncompressed data to the output buffer. + */ void buffer_uncompress(Buffer * input_buffer, Buffer * output_buffer) @@ -145,9 +149,11 @@ buffer_uncompress(Buffer * input_buffer, Buffer * output_buffer) fatal("buffer_uncompress: inflate returned Z_STREAM_ERROR"); /* NOTREACHED */ case Z_BUF_ERROR: - /* Comments in zlib.h say that we should keep - calling inflate() until we get an error. This - appears to be the error that we get. */ + /* + * Comments in zlib.h say that we should keep calling + * inflate() until we get an error. This appears to + * be the error that we get. + */ return; case Z_MEM_ERROR: fatal("buffer_uncompress: inflate returned Z_MEM_ERROR"); diff --git a/usr.bin/ssh/compress.h b/usr.bin/ssh/compress.h index e6bd513e667..4e9c598abf5 100644 --- a/usr.bin/ssh/compress.h +++ b/usr.bin/ssh/compress.h @@ -13,34 +13,38 @@ * */ -/* RCSID("$Id: compress.h,v 1.2 1999/11/24 00:26:01 deraadt Exp $"); */ +/* RCSID("$Id: compress.h,v 1.3 1999/11/24 19:53:46 markus Exp $"); */ #ifndef COMPRESS_H #define COMPRESS_H -/* Initializes compression; level is compression level from 1 to 9 (as in - gzip). */ +/* + * Initializes compression; level is compression level from 1 to 9 (as in + * gzip). + */ void buffer_compress_init(int level); /* Frees any data structures allocated by buffer_compress_init. */ void buffer_compress_uninit(); -/* Compresses the contents of input_buffer into output_buffer. All - packets compressed using this function will form a single - compressed data stream; however, data will be flushed at the end of - every call so that each output_buffer can be decompressed - independently (but in the appropriate order since they together - form a single compression stream) by the receiver. This appends - the compressed data to the output buffer. */ +/* + * Compresses the contents of input_buffer into output_buffer. All packets + * compressed using this function will form a single compressed data stream; + * however, data will be flushed at the end of every call so that each + * output_buffer can be decompressed independently (but in the appropriate + * order since they together form a single compression stream) by the + * receiver. This appends the compressed data to the output buffer. + */ void buffer_compress(Buffer * input_buffer, Buffer * output_buffer); -/* Uncompresses the contents of input_buffer into output_buffer. All - packets uncompressed using this function will form a single - compressed data stream; however, data will be flushed at the end of - every call so that each output_buffer. This must be called for the - same size units that the buffer_compress was called, and in the - same order that buffers compressed with that. This appends the - uncompressed data to the output buffer. */ +/* + * Uncompresses the contents of input_buffer into output_buffer. All packets + * uncompressed using this function will form a single compressed data + * stream; however, data will be flushed at the end of every call so that + * each output_buffer. This must be called for the same size units that the + * buffer_compress was called, and in the same order that buffers compressed + * with that. This appends the uncompressed data to the output buffer. + */ void buffer_uncompress(Buffer * input_buffer, Buffer * output_buffer); #endif /* COMPRESS_H */ diff --git a/usr.bin/ssh/crc32.h b/usr.bin/ssh/crc32.h index 014536c1482..54299fccb11 100644 --- a/usr.bin/ssh/crc32.h +++ b/usr.bin/ssh/crc32.h @@ -13,13 +13,15 @@ * */ -/* RCSID("$Id: crc32.h,v 1.3 1999/11/24 00:26:01 deraadt Exp $"); */ +/* RCSID("$Id: crc32.h,v 1.4 1999/11/24 19:53:46 markus Exp $"); */ #ifndef CRC32_H #define CRC32_H -/* This computes a 32 bit CRC of the data in the buffer, and returns the - CRC. The polynomial used is 0xedb88320. */ +/* + * This computes a 32 bit CRC of the data in the buffer, and returns the CRC. + * The polynomial used is 0xedb88320. + */ unsigned int crc32(const unsigned char *buf, unsigned int len); #endif /* CRC32_H */ diff --git a/usr.bin/ssh/hostfile.c b/usr.bin/ssh/hostfile.c index 8e181c8989f..8117b7017c7 100644 --- a/usr.bin/ssh/hostfile.c +++ b/usr.bin/ssh/hostfile.c @@ -14,16 +14,18 @@ */ #include "includes.h" -RCSID("$Id: hostfile.c,v 1.8 1999/11/24 00:26:02 deraadt Exp $"); +RCSID("$Id: hostfile.c,v 1.9 1999/11/24 19:53:47 markus Exp $"); #include "packet.h" #include "ssh.h" -/* Reads a multiple-precision integer in hex from the buffer, and advances the - pointer. The integer must already be initialized. This function is - permitted to modify the buffer. This leaves *cpp to point just beyond - the last processed (and maybe modified) character. Note that this may - modify the buffer containing the number. */ +/* + * Reads a multiple-precision integer in hex from the buffer, and advances + * the pointer. The integer must already be initialized. This function is + * permitted to modify the buffer. This leaves *cpp to point just beyond the + * last processed (and maybe modified) character. Note that this may modify + * the buffer containing the number. + */ int auth_rsa_read_bignum(char **cpp, BIGNUM * value) @@ -32,7 +34,8 @@ auth_rsa_read_bignum(char **cpp, BIGNUM * value) int len, old; /* Skip any leading whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++); + for (; *cp == ' ' || *cp == '\t'; cp++) + ; /* Check that it begins with a hex digit. */ if (*cp < '0' || *cp > '9') @@ -42,7 +45,8 @@ auth_rsa_read_bignum(char **cpp, BIGNUM * value) *cpp = cp; /* Move forward until all hex digits skipped. */ - for (; *cp >= '0' && *cp <= '9'; cp++); + for (; *cp >= '0' && *cp <= '9'; cp++) + ; /* Compute the length of the hex number. */ len = cp - *cpp; @@ -51,7 +55,6 @@ auth_rsa_read_bignum(char **cpp, BIGNUM * value) old = *cp; *cp = 0; - /* Parse the number. */ if (BN_dec2bn(&value, *cpp) == 0) return 0; @@ -64,8 +67,10 @@ auth_rsa_read_bignum(char **cpp, BIGNUM * value) return 1; } -/* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer - over the key. Skips any whitespace at the beginning and at end. */ +/* + * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer + * over the key. Skips any whitespace at the beginning and at end. + */ int auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n) @@ -74,7 +79,8 @@ auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n) char *cp; /* Skip leading whitespace. */ - for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++); + for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++) + ; /* Get number of bits. */ if (*cp < '0' || *cp > '9') @@ -91,7 +97,8 @@ auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n) return 0; /* Skip trailing whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++); + for (; *cp == ' ' || *cp == '\t'; cp++) + ; /* Return results. */ *cpp = cp; @@ -99,10 +106,12 @@ auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n) return 1; } -/* Tries to match the host name (which must be in all lowercase) against the - comma-separated sequence of subpatterns (each possibly preceded by ! to - indicate negation). Returns true if there is a positive match; zero - otherwise. */ +/* + * Tries to match the host name (which must be in all lowercase) against the + * comma-separated sequence of subpatterns (each possibly preceded by ! to + * indicate negation). Returns true if there is a positive match; zero + * otherwise. + */ int match_hostname(const char *host, const char *pattern, unsigned int len) @@ -121,18 +130,19 @@ match_hostname(const char *host, const char *pattern, unsigned int len) } else negated = 0; - /* Extract the subpattern up to a comma or end. Convert - the subpattern to lowercase. */ + /* + * Extract the subpattern up to a comma or end. Convert the + * subpattern to lowercase. + */ for (subi = 0; - i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; + i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; subi++, i++) sub[subi] = isupper(pattern[i]) ? tolower(pattern[i]) : pattern[i]; /* If subpattern too long, return failure (no match). */ if (subi >= sizeof(sub) - 1) return 0; - /* If the subpattern was terminated by a comma, skip the - comma. */ + /* If the subpattern was terminated by a comma, skip the comma. */ if (i < len && pattern[i] == ',') i++; @@ -142,24 +152,25 @@ match_hostname(const char *host, const char *pattern, unsigned int len) /* Try to match the subpattern against the host name. */ if (match_pattern(host, sub)) { if (negated) - return 0; /* Fail if host matches - any negated subpattern. */ + return 0; /* Fail */ else got_positive = 1; } } - /* Return success if got a positive match. If there was a - negative match, we have already returned zero and never get - here. */ + /* + * Return success if got a positive match. If there was a negative + * match, we have already returned zero and never get here. + */ return got_positive; } -/* Checks whether the given host (which must be in all lowercase) is - already in the list of our known hosts. - Returns HOST_OK if the host is known and has the specified key, - HOST_NEW if the host is not known, and HOST_CHANGED if the host is known - but used to have a different host key. */ +/* + * Checks whether the given host (which must be in all lowercase) is already + * in the list of our known hosts. Returns HOST_OK if the host is known and + * has the specified key, HOST_NEW if the host is not known, and HOST_CHANGED + * if the host is known but used to have a different host key. + */ HostStatus check_host_in_hostfile(const char *filename, const char *host, @@ -180,9 +191,11 @@ check_host_in_hostfile(const char *filename, const char *host, /* Cache the length of the host name. */ hostlen = strlen(host); - /* Return value when the loop terminates. This is set to - HOST_CHANGED if we have seen a different key for the host and - have not found the proper one. */ + /* + * Return value when the loop terminates. This is set to + * HOST_CHANGED if we have seen a different key for the host and have + * not found the proper one. + */ end_return = HOST_NEW; /* size of modulus 'n' */ @@ -193,15 +206,15 @@ check_host_in_hostfile(const char *filename, const char *host, cp = line; linenum++; - /* Skip any leading whitespace. */ - for (; *cp == ' ' || *cp == '\t'; cp++); - - /* Ignore comment lines and empty lines. */ + /* Skip any leading whitespace, comments and empty lines. */ + for (; *cp == ' ' || *cp == '\t'; cp++) + ; if (!*cp || *cp == '#' || *cp == '\n') continue; /* Find the end of the host name portion. */ - for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++); + for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++) + ; /* Check if the host name matches. */ if (!match_hostname(host, cp, (unsigned int) (cp2 - cp))) @@ -210,8 +223,10 @@ check_host_in_hostfile(const char *filename, const char *host, /* Got a match. Skip host name. */ cp = cp2; - /* Extract the key from the line. This will skip any - leading whitespace. Ignore badly formatted lines. */ + /* + * Extract the key from the line. This will skip any leading + * whitespace. Ignore badly formatted lines. + */ if (!auth_rsa_read_key(&cp, &kbits, ke, kn)) continue; @@ -228,21 +243,27 @@ check_host_in_hostfile(const char *filename, const char *host, fclose(f); return HOST_OK; } - /* They do not match. We will continue to go through the - file; however, we note that we will not return that it - is new. */ + /* + * They do not match. We will continue to go through the + * file; however, we note that we will not return that it is + * new. + */ end_return = HOST_CHANGED; } /* Clear variables and close the file. */ fclose(f); - /* Return either HOST_NEW or HOST_CHANGED, depending on whether we - saw a different key for the host. */ + /* + * Return either HOST_NEW or HOST_CHANGED, depending on whether we + * saw a different key for the host. + */ return end_return; } -/* Appends an entry to the host file. Returns false if the entry - could not be appended. */ +/* + * Appends an entry to the host file. Returns false if the entry could not + * be appended. + */ int add_host_to_hostfile(const char *filename, const char *host, diff --git a/usr.bin/ssh/includes.h b/usr.bin/ssh/includes.h index 712f86bd71b..68690e3a53f 100644 --- a/usr.bin/ssh/includes.h +++ b/usr.bin/ssh/includes.h @@ -60,8 +60,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } /* Define this to be the path of the xauth program. */ #define XAUTH_PATH "/usr/X11R6/bin/xauth" -/* Define this to use pipes instead of socketpairs for communicating with the - client program. Socketpairs do not seem to work on all systems. */ +/* + * Define this to use pipes instead of socketpairs for communicating with the + * client program. Socketpairs do not seem to work on all systems. + */ #define USE_PIPES 1 #endif /* INCLUDES_H */ diff --git a/usr.bin/ssh/log.c b/usr.bin/ssh/log.c index e7052115e1f..837a670de1c 100644 --- a/usr.bin/ssh/log.c +++ b/usr.bin/ssh/log.c @@ -1,11 +1,9 @@ /* - * * Shared versions of debug(), log(), etc. - * -*/ + */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.5 1999/11/24 00:26:02 deraadt Exp $"); +RCSID("$OpenBSD: log.c,v 1.6 1999/11/24 19:53:47 markus Exp $"); #include "ssh.h" #include "xmalloc.h" diff --git a/usr.bin/ssh/login.c b/usr.bin/ssh/login.c index b47aa15b36e..f529f2c776e 100644 --- a/usr.bin/ssh/login.c +++ b/usr.bin/ssh/login.c @@ -18,18 +18,22 @@ */ #include "includes.h" -RCSID("$Id: login.c,v 1.9 1999/11/24 00:26:02 deraadt Exp $"); +RCSID("$Id: login.c,v 1.10 1999/11/24 19:53:47 markus Exp $"); #include <util.h> #include <utmp.h> #include "ssh.h" -/* Returns the time when the user last logged in. Returns 0 if the - information is not available. This must be called before record_login. - The host the user logged in from will be returned in buf. */ +/* + * Returns the time when the user last logged in. Returns 0 if the + * information is not available. This must be called before record_login. + * The host the user logged in from will be returned in buf. + */ -/* Returns the time when the user last logged in (or 0 if no previous login - is found). The name of the host used last time is returned in buf. */ +/* + * Returns the time when the user last logged in (or 0 if no previous login + * is found). The name of the host used last time is returned in buf. + */ unsigned long get_last_login_time(uid_t uid, const char *logname, @@ -58,8 +62,10 @@ get_last_login_time(uid_t uid, const char *logname, return ll.ll_time; } -/* Records that the user has logged in. I these parts of operating systems - were more standardized. */ +/* + * Records that the user has logged in. I these parts of operating systems + * were more standardized. + */ void record_login(int pid, const char *ttyname, const char *user, uid_t uid, @@ -87,9 +93,10 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid, /* Update lastlog unless actually recording a logout. */ if (strcmp(user, "") != 0) { - /* It is safer to bzero the lastlog structure first - because some systems might have some extra fields in it - (e.g. SGI) */ + /* + * It is safer to bzero the lastlog structure first because + * some systems might have some extra fields in it (e.g. SGI) + */ memset(&ll, 0, sizeof(ll)); /* Update lastlog. */ diff --git a/usr.bin/ssh/match.c b/usr.bin/ssh/match.c index 1eccf4d2cad..7a63be63fb9 100644 --- a/usr.bin/ssh/match.c +++ b/usr.bin/ssh/match.c @@ -14,12 +14,14 @@ */ #include "includes.h" -RCSID("$Id: match.c,v 1.3 1999/11/24 00:26:02 deraadt Exp $"); +RCSID("$Id: match.c,v 1.4 1999/11/24 19:53:48 markus Exp $"); #include "ssh.h" -/* Returns true if the given string matches the pattern (which may contain - ? and * as wildcards), and zero if it does not match. */ +/* + * Returns true if the given string matches the pattern (which may contain ? + * and * as wildcards), and zero if it does not match. + */ int match_pattern(const char *s, const char *pattern) @@ -29,7 +31,6 @@ match_pattern(const char *s, const char *pattern) if (!*pattern) return !*s; - /* Process '*'. */ if (*pattern == '*') { /* Skip the asterisk. */ pattern++; @@ -40,9 +41,11 @@ match_pattern(const char *s, const char *pattern) /* If next character in pattern is known, optimize. */ if (*pattern != '?' && *pattern != '*') { - /* Look instances of the next character in - pattern, and try to match starting from - those. */ + /* + * Look instances of the next character in + * pattern, and try to match starting from + * those. + */ for (; *s; s++) if (*s == *pattern && match_pattern(s + 1, pattern + 1)) @@ -50,26 +53,28 @@ match_pattern(const char *s, const char *pattern) /* Failed. */ return 0; } - /* Move ahead one character at a time and try to - match at each position. */ + /* + * Move ahead one character at a time and try to + * match at each position. + */ for (; *s; s++) if (match_pattern(s, pattern)) return 1; /* Failed. */ return 0; } - /* There must be at least one more character in the - string. If we are at the end, fail. */ + /* + * There must be at least one more character in the string. + * If we are at the end, fail. + */ if (!*s) return 0; - /* Check if the next character of the string is - acceptable. */ + /* Check if the next character of the string is acceptable. */ if (*pattern != '?' && *pattern != *s) return 0; - /* Move to the next character, both in string and in - pattern. */ + /* Move to the next character, both in string and in pattern. */ s++; pattern++; } diff --git a/usr.bin/ssh/mpaux.h b/usr.bin/ssh/mpaux.h index 3c19a173b83..6b30fe03c4a 100644 --- a/usr.bin/ssh/mpaux.h +++ b/usr.bin/ssh/mpaux.h @@ -13,14 +13,16 @@ * precision integers. */ -/* RCSID("$Id: mpaux.h,v 1.4 1999/11/24 00:26:02 deraadt Exp $"); */ +/* RCSID("$Id: mpaux.h,v 1.5 1999/11/24 19:53:48 markus Exp $"); */ #ifndef MPAUX_H #define MPAUX_H -/* Computes a 16-byte session id in the global variable session_id. - The session id is computed by concatenating the linearized, msb - first representations of host_key_n, session_key_n, and the cookie. */ +/* + * Computes a 16-byte session id in the global variable session_id. The + * session id is computed by concatenating the linearized, msb first + * representations of host_key_n, session_key_n, and the cookie. + */ void compute_session_id(unsigned char session_id[16], unsigned char cookie[8], diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index 1d6d25a90da..566df5beaef 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -15,7 +15,7 @@ */ #include "includes.h" -RCSID("$Id: packet.c,v 1.15 1999/11/24 00:26:02 deraadt Exp $"); +RCSID("$Id: packet.c,v 1.16 1999/11/24 19:53:48 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -29,15 +29,19 @@ RCSID("$Id: packet.c,v 1.15 1999/11/24 00:26:02 deraadt Exp $"); #include "compress.h" #include "deattack.h" -/* This variable contains the file descriptors used for communicating with - the other side. connection_in is used for reading; connection_out - for writing. These can be the same descriptor, in which case it is - assumed to be a socket. */ +/* + * This variable contains the file descriptors used for communicating with + * the other side. connection_in is used for reading; connection_out for + * writing. These can be the same descriptor, in which case it is assumed to + * be a socket. + */ static int connection_in = -1; static int connection_out = -1; -/* Cipher type. This value is only used to determine whether to pad the - packets with zeroes or random data. */ +/* + * Cipher type. This value is only used to determine whether to pad the + * packets with zeroes or random data. + */ static int cipher_type = SSH_CIPHER_NONE; /* Protocol flags for the remote side. */ @@ -76,8 +80,10 @@ static int initialized = 0; /* Set to true if the connection is interactive. */ static int interactive_mode = 0; -/* Sets the descriptors used for communication. Disables encryption until - packet_set_encryption_key is called. */ +/* + * Sets the descriptors used for communication. Disables encryption until + * packet_set_encryption_key is called. + */ void packet_set_connection(int fd_in, int fd_out) @@ -171,8 +177,10 @@ packet_get_protocol_flags() return remote_protocol_flags; } -/* Starts packet compression from the next packet on in both directions. - Level is compression level 1 (fastest) - 9 (slow, best) as in gzip. */ +/* + * Starts packet compression from the next packet on in both directions. + * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip. + */ void packet_start_compression(int level) @@ -184,8 +192,10 @@ packet_start_compression(int level) buffer_compress_init(level); } -/* Encrypts the given number of bytes, copying from src to dest. - bytes is known to be a multiple of 8. */ +/* + * Encrypts the given number of bytes, copying from src to dest. bytes is + * known to be a multiple of 8. + */ void packet_encrypt(CipherContext * cc, void *dest, void *src, @@ -194,8 +204,10 @@ packet_encrypt(CipherContext * cc, void *dest, void *src, cipher_encrypt(cc, dest, src, bytes); } -/* Decrypts the given number of bytes, copying from src to dest. - bytes is known to be a multiple of 8. */ +/* + * Decrypts the given number of bytes, copying from src to dest. bytes is + * known to be a multiple of 8. + */ void packet_decrypt(CipherContext * cc, void *dest, void *src, @@ -206,8 +218,10 @@ packet_decrypt(CipherContext * cc, void *dest, void *src, if ((bytes % 8) != 0) fatal("packet_decrypt: bad ciphertext length %d", bytes); - /* Cryptographic attack detector for ssh - Modifications for packet.c - (C)1998 CORE-SDI, Buenos Aires Argentina Ariel Futoransky(futo@core-sdi.com) */ + /* + * Cryptographic attack detector for ssh - Modifications for packet.c + * (C)1998 CORE-SDI, Buenos Aires Argentina Ariel Futoransky(futo@core-sdi.com) + */ switch (cc->type) { case SSH_CIPHER_NONE: @@ -224,9 +238,11 @@ packet_decrypt(CipherContext * cc, void *dest, void *src, cipher_decrypt(cc, dest, src, bytes); } -/* Causes any further packets to be encrypted using the given key. The same - key is used for both sending and reception. However, both directions - are encrypted independently of each other. */ +/* + * Causes any further packets to be encrypted using the given key. The same + * key is used for both sending and reception. However, both directions are + * encrypted independently of each other. + */ void packet_set_encryption_key(const unsigned char *key, unsigned int keylen, @@ -283,8 +299,10 @@ packet_put_bignum(BIGNUM * value) buffer_put_bignum(&outgoing_packet, value); } -/* Finalizes and sends the packet. If the encryption key has been set, - encrypts the packet before sending. */ +/* + * Finalizes and sends the packet. If the encryption key has been set, + * encrypts the packet before sending. + */ void packet_send() @@ -294,8 +312,10 @@ packet_send() unsigned int checksum; u_int32_t rand = 0; - /* If using packet compression, compress the payload of the - outgoing packet. */ + /* + * If using packet compression, compress the payload of the outgoing + * packet. + */ if (packet_compression) { buffer_clear(&compression_buffer); /* Skip padding. */ @@ -348,14 +368,18 @@ packet_send() buffer_clear(&outgoing_packet); - /* Note that the packet is now only buffered in output. It won\'t - be actually sent until packet_write_wait or packet_write_poll - is called. */ + /* + * Note that the packet is now only buffered in output. It won\'t be + * actually sent until packet_write_wait or packet_write_poll is + * called. + */ } -/* Waits until a packet has been received, and returns its type. Note that - no other data is processed until this returns, so this function should - not be used during the interactive session. */ +/* + * Waits until a packet has been received, and returns its type. Note that + * no other data is processed until this returns, so this function should not + * be used during the interactive session. + */ int packet_read(int *payload_len_ptr) @@ -379,12 +403,16 @@ packet_read(int *payload_len_ptr) /* If we got a packet, return it. */ if (type != SSH_MSG_NONE) return type; - /* Otherwise, wait for some data to arrive, add it to the - buffer, and try again. */ + /* + * Otherwise, wait for some data to arrive, add it to the + * buffer, and try again. + */ FD_ZERO(&set); FD_SET(connection_in, &set); + /* Wait for some data to arrive. */ select(connection_in + 1, &set, NULL, NULL, NULL); + /* Read data from the socket. */ len = read(connection_in, buf, sizeof(buf)); if (len == 0) @@ -397,8 +425,10 @@ packet_read(int *payload_len_ptr) /* NOTREACHED */ } -/* Waits until a packet has been received, verifies that its type matches - that given, and gives a fatal error and exits if there is a mismatch. */ +/* + * Waits until a packet has been received, verifies that its type matches + * that given, and gives a fatal error and exits if there is a mismatch. + */ void packet_read_expect(int *payload_len_ptr, int expected_type) @@ -516,8 +546,10 @@ restart: return (unsigned char) buf[0]; } -/* Buffers the given amount of input characters. This is intended to be - used together with packet_read_poll. */ +/* + * Buffers the given amount of input characters. This is intended to be used + * together with packet_read_poll. + */ void packet_process_incoming(const char *buf, unsigned int len) @@ -543,8 +575,10 @@ packet_get_int() return buffer_get_int(&incoming_packet); } -/* Returns an arbitrary precision integer from the packet data. The integer - must have been initialized before this call. */ +/* + * Returns an arbitrary precision integer from the packet data. The integer + * must have been initialized before this call. + */ void packet_get_bignum(BIGNUM * value, int *length_ptr) @@ -552,25 +586,27 @@ packet_get_bignum(BIGNUM * value, int *length_ptr) *length_ptr = buffer_get_bignum(&incoming_packet, value); } -/* Returns a string from the packet data. The string is allocated using - xmalloc; it is the responsibility of the calling program to free it when - no longer needed. The length_ptr argument may be NULL, or point to an - integer into which the length of the string is stored. */ +/* + * Returns a string from the packet data. The string is allocated using + * xmalloc; it is the responsibility of the calling program to free it when + * no longer needed. The length_ptr argument may be NULL, or point to an + * integer into which the length of the string is stored. + */ -char -* +char * packet_get_string(unsigned int *length_ptr) { return buffer_get_string(&incoming_packet, length_ptr); } -/* Sends a diagnostic message from the server to the client. This message - can be sent at any time (but not while constructing another message). - The message is printed immediately, but only if the client is being - executed in verbose mode. These messages are primarily intended to - ease debugging authentication problems. The length of the formatted - message must not exceed 1024 bytes. This will automatically call - packet_write_wait. */ +/* + * Sends a diagnostic message from the server to the client. This message + * can be sent at any time (but not while constructing another message). The + * message is printed immediately, but only if the client is being executed + * in verbose mode. These messages are primarily intended to ease debugging + * authentication problems. The length of the formatted message must not + * exceed 1024 bytes. This will automatically call packet_write_wait. + */ void packet_send_debug(const char *fmt,...) @@ -588,10 +624,12 @@ packet_send_debug(const char *fmt,...) packet_write_wait(); } -/* Logs the error plus constructs and sends a disconnect - packet, closes the connection, and exits. This function never returns. - The error message should not contain a newline. The length of the - formatted message must not exceed 1024 bytes. */ +/* + * Logs the error plus constructs and sends a disconnect packet, closes the + * connection, and exits. This function never returns. The error message + * should not contain a newline. The length of the formatted message must + * not exceed 1024 bytes. + */ void packet_disconnect(const char *fmt,...) @@ -603,8 +641,10 @@ packet_disconnect(const char *fmt,...) fatal("packet_disconnect called recursively."); disconnecting = 1; - /* Format the message. Note that the caller must make sure the - message is of limited size. */ + /* + * Format the message. Note that the caller must make sure the + * message is of limited size. + */ va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); @@ -625,8 +665,7 @@ packet_disconnect(const char *fmt,...) fatal("Disconnecting: %.100s", buf); } -/* Checks if there is any buffered output, and tries to write some of the - output. */ +/* Checks if there is any buffered output, and tries to write some of the output. */ void packet_write_poll() @@ -644,8 +683,10 @@ packet_write_poll() } } -/* Calls packet_write_poll repeatedly until all pending output data has - been written. */ +/* + * Calls packet_write_poll repeatedly until all pending output data has been + * written. + */ void packet_write_wait() @@ -689,8 +730,10 @@ packet_set_interactive(int interactive, int keepalives) /* Record that we are in interactive mode. */ interactive_mode = interactive; - /* Only set socket options if using a socket (as indicated by the - descriptors being the same). */ + /* + * Only set socket options if using a socket (as indicated by the + * descriptors being the same). + */ if (connection_in != connection_out) return; @@ -701,8 +744,10 @@ packet_set_interactive(int interactive, int keepalives) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); } if (interactive) { - /* Set IP options for an interactive connection. Use - IPTOS_LOWDELAY and TCP_NODELAY. */ + /* + * Set IP options for an interactive connection. Use + * IPTOS_LOWDELAY and TCP_NODELAY. + */ int lowdelay = IPTOS_LOWDELAY; if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &lowdelay, sizeof(lowdelay)) < 0) @@ -711,8 +756,10 @@ packet_set_interactive(int interactive, int keepalives) sizeof(on)) < 0) error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); } else { - /* Set IP options for a non-interactive connection. Use - IPTOS_THROUGHPUT. */ + /* + * Set IP options for a non-interactive connection. Use + * IPTOS_THROUGHPUT. + */ int throughput = IPTOS_THROUGHPUT; if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput, sizeof(throughput)) < 0) diff --git a/usr.bin/ssh/packet.h b/usr.bin/ssh/packet.h index 15e5e45d2a2..64950f55570 100644 --- a/usr.bin/ssh/packet.h +++ b/usr.bin/ssh/packet.h @@ -13,17 +13,18 @@ * */ -/* RCSID("$Id: packet.h,v 1.5 1999/11/24 00:26:02 deraadt Exp $"); */ +/* RCSID("$Id: packet.h,v 1.6 1999/11/24 19:53:48 markus Exp $"); */ #ifndef PACKET_H #define PACKET_H #include <ssl/bn.h> -/* Sets the socket used for communication. Disables encryption until - packet_set_encryption_key is called. It is permissible that fd_in - and fd_out are the same descriptor; in that case it is assumed to - be a socket. */ +/* + * Sets the socket used for communication. Disables encryption until + * packet_set_encryption_key is called. It is permissible that fd_in and + * fd_out are the same descriptor; in that case it is assumed to be a socket. + */ void packet_set_connection(int fd_in, int fd_out); /* Puts the connection file descriptors into non-blocking mode. */ @@ -35,20 +36,25 @@ int packet_get_connection_in(void); /* Returns the file descriptor used for output. */ int packet_get_connection_out(void); -/* Closes the connection (both descriptors) and clears and frees - internal data structures. */ +/* + * Closes the connection (both descriptors) and clears and frees internal + * data structures. + */ void packet_close(void); -/* Causes any further packets to be encrypted using the given key. The same - key is used for both sending and reception. However, both directions - are encrypted independently of each other. Cipher types are - defined in ssh.h. */ +/* + * Causes any further packets to be encrypted using the given key. The same + * key is used for both sending and reception. However, both directions are + * encrypted independently of each other. Cipher types are defined in ssh.h. + */ void packet_set_encryption_key(const unsigned char *key, unsigned int keylen, int cipher_type); -/* Sets remote side protocol flags for the current connection. This can - be called at any time. */ +/* + * Sets remote side protocol flags for the current connection. This can be + * called at any time. + */ void packet_set_protocol_flags(unsigned int flags); /* Returns the remote protocol flags set earlier by the above function. */ @@ -57,8 +63,10 @@ unsigned int packet_get_protocol_flags(void); /* Enables compression in both directions starting from the next packet. */ void packet_start_compression(int level); -/* Informs that the current session is interactive. Sets IP flags for optimal - performance in interactive use. */ +/* + * Informs that the current session is interactive. Sets IP flags for + * optimal performance in interactive use. + */ void packet_set_interactive(int interactive, int keepalives); /* Returns true if the current connection is interactive. */ @@ -79,28 +87,35 @@ void packet_put_bignum(BIGNUM * value); /* Appends a string to packet data. */ void packet_put_string(const char *buf, unsigned int len); -/* Finalizes and sends the packet. If the encryption key has been set, - encrypts the packet before sending. */ +/* + * Finalizes and sends the packet. If the encryption key has been set, + * encrypts the packet before sending. + */ void packet_send(void); /* Waits until a packet has been received, and returns its type. */ int packet_read(int *payload_len_ptr); -/* Waits until a packet has been received, verifies that its type matches - that given, and gives a fatal error and exits if there is a mismatch. */ +/* + * Waits until a packet has been received, verifies that its type matches + * that given, and gives a fatal error and exits if there is a mismatch. + */ void packet_read_expect(int *payload_len_ptr, int type); -/* Checks if a full packet is available in the data received so far via - packet_process_incoming. If so, reads the packet; otherwise returns - SSH_MSG_NONE. This does not wait for data from the connection. - - SSH_MSG_DISCONNECT is handled specially here. Also, - SSH_MSG_IGNORE messages are skipped by this function and are never returned - to higher levels. */ +/* + * Checks if a full packet is available in the data received so far via + * packet_process_incoming. If so, reads the packet; otherwise returns + * SSH_MSG_NONE. This does not wait for data from the connection. + * SSH_MSG_DISCONNECT is handled specially here. Also, SSH_MSG_IGNORE + * messages are skipped by this function and are never returned to higher + * levels. + */ int packet_read_poll(int *packet_len_ptr); -/* Buffers the given amount of input characters. This is intended to be - used together with packet_read_poll. */ +/* + * Buffers the given amount of input characters. This is intended to be used + * together with packet_read_poll. + */ void packet_process_incoming(const char *buf, unsigned int len); /* Returns a character (0-255) from the packet data. */ @@ -109,34 +124,41 @@ unsigned int packet_get_char(void); /* Returns an integer from the packet data. */ unsigned int packet_get_int(void); -/* Returns an arbitrary precision integer from the packet data. The integer - must have been initialized before this call. */ +/* + * Returns an arbitrary precision integer from the packet data. The integer + * must have been initialized before this call. + */ void packet_get_bignum(BIGNUM * value, int *length_ptr); -/* Returns a string from the packet data. The string is allocated using - xmalloc; it is the responsibility of the calling program to free it when - no longer needed. The length_ptr argument may be NULL, or point to an - integer into which the length of the string is stored. */ +/* + * Returns a string from the packet data. The string is allocated using + * xmalloc; it is the responsibility of the calling program to free it when + * no longer needed. The length_ptr argument may be NULL, or point to an + * integer into which the length of the string is stored. + */ char *packet_get_string(unsigned int *length_ptr); -/* Logs the error in syslog using LOG_INFO, constructs and sends a disconnect - packet, closes the connection, and exits. This function never returns. - The error message should not contain a newline. The total length of the - message must not exceed 1024 bytes. */ +/* + * Logs the error in syslog using LOG_INFO, constructs and sends a disconnect + * packet, closes the connection, and exits. This function never returns. + * The error message should not contain a newline. The total length of the + * message must not exceed 1024 bytes. + */ void packet_disconnect(const char *fmt,...); -/* Sends a diagnostic message to the other side. This message - can be sent at any time (but not while constructing another message). - The message is printed immediately, but only if the client is being - executed in verbose mode. These messages are primarily intended to - ease debugging authentication problems. The total length of the message - must not exceed 1024 bytes. This will automatically call - packet_write_wait. If the remote side protocol flags do not indicate - that it supports SSH_MSG_DEBUG, this will do nothing. */ +/* + * Sends a diagnostic message to the other side. This message can be sent at + * any time (but not while constructing another message). The message is + * printed immediately, but only if the client is being executed in verbose + * mode. These messages are primarily intended to ease debugging + * authentication problems. The total length of the message must not exceed + * 1024 bytes. This will automatically call packet_write_wait. If the + * remote side protocol flags do not indicate that it supports SSH_MSG_DEBUG, + * this will do nothing. + */ void packet_send_debug(const char *fmt,...); -/* Checks if there is any buffered output, and tries to write some of the - output. */ +/* Checks if there is any buffered output, and tries to write some of the output. */ void packet_write_poll(void); /* Waits until all pending output data has been written. */ diff --git a/usr.bin/ssh/pty.c b/usr.bin/ssh/pty.c index ff0173ff738..d52591507d1 100644 --- a/usr.bin/ssh/pty.c +++ b/usr.bin/ssh/pty.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: pty.c,v 1.7 1999/11/24 00:26:02 deraadt Exp $"); +RCSID("$Id: pty.c,v 1.8 1999/11/24 19:53:48 markus Exp $"); #include "pty.h" #include "ssh.h" @@ -28,10 +28,12 @@ RCSID("$Id: pty.c,v 1.7 1999/11/24 00:26:02 deraadt Exp $"); #define O_NOCTTY 0 #endif -/* Allocates and opens a pty. Returns 0 if no pty could be allocated, - or nonzero if a pty was successfully allocated. On success, open file - descriptors for the pty and tty sides and the name of the tty side are - returned (the buffer must be able to hold at least 64 characters). */ +/* + * Allocates and opens a pty. Returns 0 if no pty could be allocated, or + * nonzero if a pty was successfully allocated. On success, open file + * descriptors for the pty and tty sides and the name of the tty side are + * returned (the buffer must be able to hold at least 64 characters). + */ int pty_allocate(int *ptyfd, int *ttyfd, char *namebuf) @@ -48,8 +50,10 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf) return 1; #else /* HAVE_OPENPTY */ #ifdef HAVE__GETPTY - /* _getpty(3) exists in SGI Irix 4.x, 5.x & 6.x -- it generates - more pty's automagically when needed */ + /* + * _getpty(3) exists in SGI Irix 4.x, 5.x & 6.x -- it generates more + * pty's automagically when needed + */ char *slave; slave = _getpty(ptyfd, O_RDWR, 0622, 0); @@ -68,8 +72,10 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf) return 1; #else /* HAVE__GETPTY */ #ifdef HAVE_DEV_PTMX - /* This code is used e.g. on Solaris 2.x. (Note that Solaris 2.3 - also has bsd-style ptys, but they simply do not work.) */ + /* + * This code is used e.g. on Solaris 2.x. (Note that Solaris 2.3 + * also has bsd-style ptys, but they simply do not work.) + */ int ptm; char *pts; @@ -99,8 +105,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf) close(*ptyfd); return 0; } - /* Push the appropriate streams modules, as described in Solaris - pts(7). */ + /* Push the appropriate streams modules, as described in Solaris pts(7). */ if (ioctl(*ttyfd, I_PUSH, "ptem") < 0) error("ioctl I_PUSH ptem: %.100s", strerror(errno)); if (ioctl(*ttyfd, I_PUSH, "ldterm") < 0) @@ -134,8 +139,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf) /* BSD-style pty code. */ char buf[64]; int i; - const char *ptymajors = - "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ"; + const char *ptymajors = "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ"; const char *ptyminors = "0123456789abcdef"; int num_minors = strlen(ptyminors); int num_ptys = strlen(ptymajors) * num_minors; @@ -194,8 +198,10 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) if (setsid() < 0) error("setsid: %.100s", strerror(errno)); - /* Verify that we are successfully disconnected from the - controlling tty. */ + /* + * Verify that we are successfully disconnected from the controlling + * tty. + */ fd = open("/dev/tty", O_RDWR | O_NOCTTY); if (fd >= 0) { error("Failed to disconnect from controlling tty."); @@ -204,9 +210,11 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) /* Make it our controlling tty. */ #ifdef TIOCSCTTY debug("Setting controlling tty using TIOCSCTTY."); - /* We ignore errors from this, because HPSUX defines TIOCSCTTY, - but returns EINVAL with these arguments, and there is - absolutely no documentation. */ + /* + * We ignore errors from this, because HPSUX defines TIOCSCTTY, but + * returns EINVAL with these arguments, and there is absolutely no + * documentation. + */ ioctl(*ttyfd, TIOCSCTTY, NULL); #endif /* TIOCSCTTY */ fd = open(ttyname, O_RDWR); diff --git a/usr.bin/ssh/pty.h b/usr.bin/ssh/pty.h index f2a98dc1099..49c7d1bca85 100644 --- a/usr.bin/ssh/pty.h +++ b/usr.bin/ssh/pty.h @@ -13,23 +13,29 @@ * tty. */ -/* RCSID("$Id: pty.h,v 1.2 1999/11/24 00:26:02 deraadt Exp $"); */ +/* RCSID("$Id: pty.h,v 1.3 1999/11/24 19:53:49 markus Exp $"); */ #ifndef PTY_H #define PTY_H -/* Allocates and opens a pty. Returns 0 if no pty could be allocated, - or nonzero if a pty was successfully allocated. On success, open file - descriptors for the pty and tty sides and the name of the tty side are - returned (the buffer must be able to hold at least 64 characters). */ +/* + * Allocates and opens a pty. Returns 0 if no pty could be allocated, or + * nonzero if a pty was successfully allocated. On success, open file + * descriptors for the pty and tty sides and the name of the tty side are + * returned (the buffer must be able to hold at least 64 characters). + */ int pty_allocate(int *ptyfd, int *ttyfd, char *ttyname); -/* Releases the tty. Its ownership is returned to root, and permissions to - 0666. */ +/* + * Releases the tty. Its ownership is returned to root, and permissions to + * 0666. + */ void pty_release(const char *ttyname); -/* Makes the tty the processes controlling tty and sets it to sane modes. - This may need to reopen the tty to get rid of possible eavesdroppers. */ +/* + * Makes the tty the processes controlling tty and sets it to sane modes. + * This may need to reopen the tty to get rid of possible eavesdroppers. + */ void pty_make_controlling_tty(int *ttyfd, const char *ttyname); /* Changes the window size associated with the pty. */ diff --git a/usr.bin/ssh/radix.c b/usr.bin/ssh/radix.c index 6637b2fb109..c87dd2d35b2 100644 --- a/usr.bin/ssh/radix.c +++ b/usr.bin/ssh/radix.c @@ -74,9 +74,11 @@ uudecode(const char *bufcoded, unsigned char *bufplain, int outbufsize) while (*bufcoded == ' ' || *bufcoded == '\t') bufcoded++; - /* Figure out how many characters are in the input buffer. If this - would decode into more bytes than would fit into the output - buffer, adjust the number of input bytes downwards. */ + /* + * Figure out how many characters are in the input buffer. If this + * would decode into more bytes than would fit into the output + * buffer, adjust the number of input bytes downwards. + */ bufin = bufcoded; while (DEC(*(bufin++)) <= MAXVAL); nprbytes = bufin - bufcoded - 1; diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 68f97758040..961da4a06d6 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: readconf.c,v 1.18 1999/11/24 00:26:02 deraadt Exp $"); +RCSID("$Id: readconf.c,v 1.19 1999/11/24 19:53:49 markus Exp $"); #include "ssh.h" #include "cipher.h" @@ -158,8 +158,10 @@ static struct { #define WHITESPACE " \t\r\n" -/* Adds a local TCP/IP port forward to options. Never returns if there - is an error. */ +/* + * Adds a local TCP/IP port forward to options. Never returns if there is an + * error. + */ void add_local_forward(Options *options, int port, const char *host, @@ -179,8 +181,10 @@ add_local_forward(Options *options, int port, const char *host, fwd->host_port = host_port; } -/* Adds a remote TCP/IP port forward to options. Never returns if there - is an error. */ +/* + * Adds a remote TCP/IP port forward to options. Never returns if there is + * an error. + */ void add_remote_forward(Options *options, int port, const char *host, @@ -196,8 +200,10 @@ add_remote_forward(Options *options, int port, const char *host, fwd->host_port = host_port; } -/* Returns the number of the token pointed to by cp of length len. - Never returns if the token is not known. */ +/* + * Returns the number of the token pointed to by cp of length len. Never + * returns if the token is not known. + */ static OpCodes parse_token(const char *cp, const char *filename, int linenum) @@ -213,8 +219,10 @@ parse_token(const char *cp, const char *filename, int linenum) return oBadOption; } -/* Processes a single option line as used in the configuration files. - This only sets those values that have not already been set. */ +/* + * Processes a single option line as used in the configuration files. This + * only sets those values that have not already been set. + */ int process_config_line(Options *options, const char *host, @@ -229,8 +237,7 @@ process_config_line(Options *options, const char *host, if (!*cp || *cp == '\n' || *cp == '#') return 0; - /* Get the keyword. (Each line is supposed to begin with a - keyword). */ + /* Get the keyword. (Each line is supposed to begin with a keyword). */ cp = strtok(cp, WHITESPACE); { char *t = cp; @@ -243,7 +250,8 @@ process_config_line(Options *options, const char *host, switch (opcode) { case oBadOption: - return -1; /* don't panic, but count bad options */ + /* don't panic, but count bad options */ + return -1; /* NOTREACHED */ case oForwardAgent: intptr = &options->forward_agent; @@ -424,8 +432,8 @@ parse_int: #else { char *ptr; - value = strtol(cp, &ptr, 0); /* Octal, decimal, or - hex format? */ + /* Octal, decimal, or hex format? */ + value = strtol(cp, &ptr, 0); if (cp == ptr) fatal("%.200s line %d: Bad number.", filename, linenum); } @@ -506,8 +514,7 @@ parse_int: *activep = 1; break; } - /* Avoid garbage check below, as strtok already returned - NULL. */ + /* Avoid garbage check below, as strtok already returned NULL. */ return 0; case oEscapeChar: @@ -544,9 +551,11 @@ parse_int: } -/* Reads the config file and modifies the options accordingly. Options should - already be initialized before this call. This never returns if there - is an error. If the file does not exist, this returns immediately. */ +/* + * Reads the config file and modifies the options accordingly. Options + * should already be initialized before this call. This never returns if + * there is an error. If the file does not exist, this returns immediately. + */ void read_config_file(const char *filename, const char *host, Options *options) @@ -563,8 +572,10 @@ read_config_file(const char *filename, const char *host, Options *options) debug("Reading configuration data %.200s", filename); - /* Mark that we are now processing the options. This flag is - turned on/off by Host specifications. */ + /* + * Mark that we are now processing the options. This flag is turned + * on/off by Host specifications. + */ active = 1; linenum = 0; while (fgets(line, sizeof(line), f)) { @@ -579,10 +590,12 @@ read_config_file(const char *filename, const char *host, Options *options) filename, bad_options); } -/* Initializes options to special values that indicate that they have not - yet been set. Read_config_file will only set options with this value. - Options are processed in the following order: command line, user config - file, system config file. Last, fill_default_options is called. */ +/* + * Initializes options to special values that indicate that they have not yet + * been set. Read_config_file will only set options with this value. Options + * are processed in the following order: command line, user config file, + * system config file. Last, fill_default_options is called. + */ void initialize_options(Options * options) @@ -628,8 +641,10 @@ initialize_options(Options * options) options->log_level = (LogLevel) - 1; } -/* Called after processing other sources of option data, this fills those - options for which no value has been specified with their default values. */ +/* + * Called after processing other sources of option data, this fills those + * options for which no value has been specified with their default values. + */ void fill_default_options(Options * options) diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index 25262e49f27..70baaee6675 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: readconf.h,v 1.11 1999/11/24 00:26:02 deraadt Exp $"); */ +/* RCSID("$Id: readconf.h,v 1.12 1999/11/24 19:53:49 markus Exp $"); */ #ifndef READCONF_H #define READCONF_H @@ -85,42 +85,53 @@ typedef struct { } Options; -/* Initializes options to special values that indicate that they have not - yet been set. Read_config_file will only set options with this value. - Options are processed in the following order: command line, user config - file, system config file. Last, fill_default_options is called. */ +/* + * Initializes options to special values that indicate that they have not yet + * been set. Read_config_file will only set options with this value. Options + * are processed in the following order: command line, user config file, + * system config file. Last, fill_default_options is called. + */ void initialize_options(Options * options); -/* Called after processing other sources of option data, this fills those - options for which no value has been specified with their default values. */ +/* + * Called after processing other sources of option data, this fills those + * options for which no value has been specified with their default values. + */ void fill_default_options(Options * options); -/* Processes a single option line as used in the configuration files. - This only sets those values that have not already been set. - Returns 0 for legal options */ +/* + * Processes a single option line as used in the configuration files. This + * only sets those values that have not already been set. Returns 0 for legal + * options + */ int process_config_line(Options * options, const char *host, char *line, const char *filename, int linenum, int *activep); -/* Reads the config file and modifies the options accordingly. Options should - already be initialized before this call. This never returns if there - is an error. If the file does not exist, this returns immediately. */ +/* + * Reads the config file and modifies the options accordingly. Options + * should already be initialized before this call. This never returns if + * there is an error. If the file does not exist, this returns immediately. + */ void read_config_file(const char *filename, const char *host, Options * options); -/* Adds a local TCP/IP port forward to options. Never returns if there - is an error. */ +/* + * Adds a local TCP/IP port forward to options. Never returns if there is an + * error. + */ void add_local_forward(Options * options, int port, const char *host, int host_port); -/* Adds a remote TCP/IP port forward to options. Never returns if there - is an error. */ +/* + * Adds a remote TCP/IP port forward to options. Never returns if there is + * an error. + */ void add_remote_forward(Options * options, int port, const char *host, int host_port); - #endif /* READCONF_H */ diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c index 9cd50a86884..b1e58a64d54 100644 --- a/usr.bin/ssh/readpass.c +++ b/usr.bin/ssh/readpass.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$Id: readpass.c,v 1.6 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$Id: readpass.c,v 1.7 1999/11/24 19:53:50 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -38,10 +38,12 @@ intr_handler(int sig) kill(getpid(), sig); } -/* Reads a passphrase from /dev/tty with echo turned off. Returns the - passphrase (allocated with xmalloc). Exits if EOF is encountered. - The passphrase if read from stdin if from_stdin is true (as is the - case with ssh-keygen). */ +/* + * Reads a passphrase from /dev/tty with echo turned off. Returns the + * passphrase (allocated with xmalloc). Exits if EOF is encountered. The + * passphrase if read from stdin if from_stdin is true (as is the case with + * ssh-keygen). + */ char * read_passphrase(const char *prompt, int from_stdin) @@ -53,8 +55,10 @@ read_passphrase(const char *prompt, int from_stdin) if (from_stdin) f = stdin; else { - /* Read the passphrase from /dev/tty to make it possible - to ask it even when stdin has been redirected. */ + /* + * Read the passphrase from /dev/tty to make it possible to + * ask it even when stdin has been redirected. + */ f = fopen("/dev/tty", "r"); if (!f) { /* No controlling terminal and no DISPLAY. Nowhere to read. */ @@ -101,8 +105,10 @@ read_passphrase(const char *prompt, int from_stdin) *strchr(buf, '\n') = 0; /* Allocate a copy of the passphrase. */ cp = xstrdup(buf); - /* Clear the buffer so we don\'t leave copies of the passphrase - laying around. */ + /* + * Clear the buffer so we don\'t leave copies of the passphrase + * laying around. + */ memset(buf, 0, sizeof(buf)); /* Print a newline since the prompt probably didn\'t have one. */ fprintf(stderr, "\n"); diff --git a/usr.bin/ssh/rsa.c b/usr.bin/ssh/rsa.c index 624820d8442..2e27e7fad82 100644 --- a/usr.bin/ssh/rsa.c +++ b/usr.bin/ssh/rsa.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$Id: rsa.c,v 1.10 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$Id: rsa.c,v 1.11 1999/11/24 19:53:50 markus Exp $"); #include "rsa.h" #include "ssh.h" @@ -55,9 +55,11 @@ rsa_alive() return (1); } -/* Generates RSA public and private keys. This initializes the data - structures; they should be freed with rsa_clear_private_key and - rsa_clear_public_key. */ +/* + * Generates RSA public and private keys. This initializes the data + * structures; they should be freed with rsa_clear_private_key and + * rsa_clear_public_key. + */ void rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits) diff --git a/usr.bin/ssh/rsa.h b/usr.bin/ssh/rsa.h index d5a5ba81dd3..2e33cee5081 100644 --- a/usr.bin/ssh/rsa.h +++ b/usr.bin/ssh/rsa.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: rsa.h,v 1.3 1999/11/24 00:26:03 deraadt Exp $"); */ +/* RCSID("$Id: rsa.h,v 1.4 1999/11/24 19:53:50 markus Exp $"); */ #ifndef RSA_H #define RSA_H @@ -24,8 +24,10 @@ /* Calls SSL RSA_generate_key, only copies to prv and pub */ void rsa_generate_key(RSA * prv, RSA * pub, unsigned int bits); -/* Indicates whether the rsa module is permitted to show messages on - the terminal. */ +/* + * Indicates whether the rsa module is permitted to show messages on the + * terminal. + */ void rsa_set_verbose __P((int verbose)); int rsa_alive __P((void)); diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index f5f53e7ad3b..d046409593a 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -45,7 +45,7 @@ */ #include "includes.h" -RCSID("$Id: scp.c,v 1.19 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$Id: scp.c,v 1.20 1999/11/24 19:53:50 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -97,9 +97,11 @@ char *identity = NULL; /* This is the port to use in contacting the remote site (is non-NULL). */ char *port = NULL; -/* This function executes the given command as the specified user on the given - host. This returns < 0 if execution fails, and >= 0 otherwise. - This assigns the input and output file descriptors on success. */ +/* + * This function executes the given command as the specified user on the + * given host. This returns < 0 if execution fails, and >= 0 otherwise. This + * assigns the input and output file descriptors on success. + */ int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) @@ -110,8 +112,10 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) fprintf(stderr, "Executing: host %s, user %s, command %s\n", host, remuser ? remuser : "(unspecified)", cmd); - /* Reserve two descriptors so that the real pipes won't get - descriptors 0 and 1 because that will screw up dup2 below. */ + /* + * Reserve two descriptors so that the real pipes won't get + * descriptors 0 and 1 because that will screw up dup2 below. + */ pipe(reserved); /* Create a socket pair for communicating with ssh. */ @@ -970,7 +974,7 @@ run_err(const char *fmt,...) * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: scp.c,v 1.19 1999/11/24 00:26:03 deraadt Exp $ + * $Id: scp.c,v 1.20 1999/11/24 19:53:50 markus Exp $ */ char * diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index ca4d17878f7..6aaa63572e2 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: servconf.c,v 1.26 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$Id: servconf.c,v 1.27 1999/11/24 19:53:50 markus Exp $"); #include "ssh.h" #include "servconf.h" @@ -212,8 +212,10 @@ static struct { { NULL, 0 } }; -/* Returns the number of the token pointed to by cp of length len. - Never returns if the token is not known. */ +/* + * Returns the number of the token pointed to by cp of length len. Never + * returns if the token is not known. + */ static ServerOpCodes parse_token(const char *cp, const char *filename, diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index d5a15b697f8..602748e79b1 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: servconf.h,v 1.13 1999/11/24 00:26:03 deraadt Exp $"); */ +/* RCSID("$Id: servconf.h,v 1.14 1999/11/24 19:53:51 markus Exp $"); */ #ifndef SERVCONF_H #define SERVCONF_H @@ -84,12 +84,16 @@ typedef struct { unsigned int num_deny_groups; char *deny_groups[MAX_DENY_GROUPS]; } ServerOptions; -/* Initializes the server options to special values that indicate that they - have not yet been set. */ +/* + * Initializes the server options to special values that indicate that they + * have not yet been set. + */ void initialize_server_options(ServerOptions * options); -/* Reads the server configuration file. This only sets the values for those - options that have the special value indicating they have not been set. */ +/* + * Reads the server configuration file. This only sets the values for those + * options that have the special value indicating they have not been set. + */ void read_server_config(ServerOptions * options, const char *filename); /* Sets values for those values that have not yet been set. */ diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index fc959baef8e..683598ef8c7 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -33,8 +33,10 @@ static int connection_out; /* Connection to client (output). */ static unsigned int buffer_high;/* "Soft" max buffer size. */ static int max_fd; /* Max file descriptor number for select(). */ -/* This SIGCHLD kludge is used to detect when the child exits. The server - will exit after that, as soon as forwarded connections have terminated. */ +/* + * This SIGCHLD kludge is used to detect when the child exits. The server + * will exit after that, as soon as forwarded connections have terminated. + */ static int child_pid; /* Pid of the child. */ static volatile int child_terminated; /* The child has terminated. */ @@ -87,9 +89,11 @@ process_buffered_input_packets() break; case SSH_CMSG_EOF: - /* Eof from the client. The stdin descriptor to - the program will be closed when all buffered - data has drained. */ + /* + * Eof from the client. The stdin descriptor to the + * program will be closed when all buffered data has + * drained. + */ debug("EOF received for stdin."); packet_integrity_check(payload_len, 0, type); stdin_eof = 1; @@ -140,13 +144,15 @@ process_buffered_input_packets() break; default: - /* In this phase, any unexpected messages cause a - protocol error. This is to ease debugging; - also, since no confirmations are sent messages, - unprocessed unknown messages could cause - strange problems. Any compatible protocol - extensions must be negotiated before entering - the interactive session. */ + /* + * In this phase, any unexpected messages cause a + * protocol error. This is to ease debugging; also, + * since no confirmations are sent messages, + * unprocessed unknown messages could cause strange + * problems. Any compatible protocol extensions must + * be negotiated before entering the interactive + * session. + */ packet_disconnect("Protocol error during session: type %d", type); } @@ -230,14 +236,18 @@ retry_select: /* Initialize select() masks. */ FD_ZERO(readset); - /* Read packets from the client unless we have too much buffered - stdin or channel data. */ + /* + * Read packets from the client unless we have too much buffered + * stdin or channel data. + */ if (buffer_len(&stdin_buffer) < 4096 && channel_not_very_much_buffered_data()) FD_SET(connection_in, readset); - /* If there is not too much data already buffered going to the - client, try to get some more data from the program. */ + /* + * If there is not too much data already buffered going to the + * client, try to get some more data from the program. + */ if (packet_not_very_much_data_to_write()) { if (!fdout_eof) FD_SET(fdout, readset); @@ -249,8 +259,10 @@ retry_select: /* Set masks for channel descriptors. */ channel_prepare_select(readset, writeset); - /* If we have buffered packet data going to the client, mark that - descriptor. */ + /* + * If we have buffered packet data going to the client, mark that + * descriptor. + */ if (packet_have_data_to_write()) FD_SET(connection_out, writeset); @@ -263,8 +275,10 @@ retry_select: if (channel_max_fd() > max_fd) max_fd = channel_max_fd(); - /* If child has terminated and there is enough buffer space to - read from it, then read as much as is available and exit. */ + /* + * If child has terminated and there is enough buffer space to read + * from it, then read as much as is available and exit. + */ if (child_terminated && packet_not_very_much_data_to_write()) if (max_time_milliseconds == 0) max_time_milliseconds = 100; @@ -305,9 +319,10 @@ process_input(fd_set * readset) verbose("Connection closed by remote host."); fatal_cleanup(); } - /* There is a kernel bug on Solaris that causes select to - sometimes wake up even though there is no data - available. */ + /* + * There is a kernel bug on Solaris that causes select to + * sometimes wake up even though there is no data available. + */ if (len < 0 && errno == EAGAIN) len = 0; @@ -456,11 +471,12 @@ server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) buffer_init(&stdout_buffer); buffer_init(&stderr_buffer); - /* If we have no separate fderr (which is the case when we have a - pty - there we cannot make difference between data sent to - stdout and stderr), indicate that we have seen an EOF from - stderr. This way we don\'t need to check the descriptor - everywhere. */ + /* + * If we have no separate fderr (which is the case when we have a pty + * - there we cannot make difference between data sent to stdout and + * stderr), indicate that we have seen an EOF from stderr. This way + * we don\'t need to check the descriptor everywhere. + */ if (fderr == -1) fderr_eof = 1; @@ -471,8 +487,10 @@ server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) /* Process buffered packets from the client. */ process_buffered_input_packets(); - /* If we have received eof, and there is no more pending - input data, cause a real eof by closing fdin. */ + /* + * If we have received eof, and there is no more pending + * input data, cause a real eof by closing fdin. + */ if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) { #ifdef USE_PIPES close(fdin); @@ -484,16 +502,16 @@ server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) #endif fdin = -1; } - /* Make packets from buffered stderr data to send to the - client. */ + /* Make packets from buffered stderr data to send to the client. */ make_packets_from_stderr_data(); - /* Make packets from buffered stdout data to send to the - client. If there is very little to send, this arranges - to not send them now, but to wait a short while to see - if we are getting more data. This is necessary, as some - systems wake up readers from a pty after each separate - character. */ + /* + * Make packets from buffered stdout data to send to the + * client. If there is very little to send, this arranges to + * not send them now, but to wait a short while to see if we + * are getting more data. This is necessary, as some systems + * wake up readers from a pty after each separate character. + */ max_time_milliseconds = 0; stdout_buffer_bytes = buffer_len(&stdout_buffer); if (stdout_buffer_bytes != 0 && stdout_buffer_bytes < 256 && @@ -510,9 +528,11 @@ server_loop(int pid, int fdin_arg, int fdout_arg, int fderr_arg) if (packet_not_very_much_data_to_write()) channel_output_poll(); - /* Bail out of the loop if the program has closed its - output descriptors, and we have no more data to send to - the client, and there is no pending buffered data. */ + /* + * Bail out of the loop if the program has closed its output + * descriptors, and we have no more data to send to the + * client, and there is no pending buffered data. + */ if (fdout_eof && fderr_eof && !packet_have_data_to_write() && buffer_len(&stdout_buffer) == 0 && buffer_len(&stderr_buffer) == 0) { if (!channel_still_open()) @@ -604,11 +624,13 @@ quit: packet_send(); packet_write_wait(); - /* Wait for exit confirmation. Note that there might be - other packets coming before it; however, the program - has already died so we just ignore them. The client is - supposed to respond with the confirmation when it - receives the exit status. */ + /* + * Wait for exit confirmation. Note that there might be + * other packets coming before it; however, the program has + * already died so we just ignore them. The client is + * supposed to respond with the confirmation when it receives + * the exit status. + */ do { int plen; type = packet_read(&plen); diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 5057a171950..a58095d0b44 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.22 1999/11/24 00:26:03 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.23 1999/11/24 19:53:51 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -9,7 +9,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.22 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.23 1999/11/24 19:53:51 markus Exp $"); #include "ssh.h" #include "rsa.h" @@ -180,10 +180,12 @@ process_remove_identity(SocketEntry *e) /* Check if we have the key. */ for (i = 0; i < num_identities; i++) if (BN_cmp(identities[i].key->n, n) == 0) { - /* We have this key. Free the old key. Since we - don\'t want to leave empty slots in the middle - of the array, we actually free the key there - and copy data from the last entry. */ + /* + * We have this key. Free the old key. Since we + * don\'t want to leave empty slots in the middle of + * the array, we actually free the key there and copy + * data from the last entry. + */ RSA_free(identities[i].key); xfree(identities[i].comment); if (i < num_identities - 1) @@ -282,8 +284,10 @@ process_add_identity(SocketEntry *e) /* Check if we already have the key. */ for (i = 0; i < num_identities; i++) if (BN_cmp(identities[i].key->n, k->n) == 0) { - /* We already have this key. Clear and free the - new data and return success. */ + /* + * We already have this key. Clear and free the new + * data and return success. + */ RSA_free(k); xfree(identities[num_identities].comment); @@ -566,8 +570,10 @@ main(int ac, char **av) snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir, parent_pid); - /* Create socket early so it will exist before command gets run - from the parent. */ + /* + * Create socket early so it will exist before command gets run from + * the parent. + */ sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { perror("socket"); @@ -584,9 +590,10 @@ main(int ac, char **av) perror("listen"); cleanup_exit(1); } - /* Fork, and have the parent execute the command, if any, or - present the socket data. The child continues as the - authentication agent. */ + /* + * Fork, and have the parent execute the command, if any, or present + * the socket data. The child continues as the authentication agent. + */ pid = fork(); if (pid == -1) { perror("fork"); diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 3919f62ea38..022bf458e55 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: ssh-keygen.c,v 1.13 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$Id: ssh-keygen.c,v 1.14 1999/11/24 19:53:52 markus Exp $"); #include "rsa.h" #include "ssh.h" @@ -20,16 +20,19 @@ RSA *private_key; /* Generated public key. */ RSA *public_key; -/* Number of bits in the RSA key. This value can be changed on the command - line. */ +/* Number of bits in the RSA key. This value can be changed on the command line. */ int bits = 1024; -/* Flag indicating that we just want to change the passphrase. This can be - set on the command line. */ +/* + * Flag indicating that we just want to change the passphrase. This can be + * set on the command line. + */ int change_passphrase = 0; -/* Flag indicating that we just want to change the comment. This can be set - on the command line. */ +/* + * Flag indicating that we just want to change the comment. This can be set + * on the command line. + */ int change_comment = 0; int quiet = 0; @@ -132,13 +135,10 @@ do_change_passphrase(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - /* Check if the file exists. */ if (stat(identity_file, &st) < 0) { perror(identity_file); exit(1); } - /* Try to load the public key from the file the verify that it is - readable and of the proper format. */ public_key = RSA_new(); if (!load_public_key(identity_file, public_key, NULL)) { printf("%s is not a valid key file.\n", identity_file); @@ -150,19 +150,16 @@ do_change_passphrase(struct passwd *pw) /* Try to load the file with empty passphrase. */ private_key = RSA_new(); if (!load_private_key(identity_file, "", private_key, &comment)) { - /* Read passphrase from the user. */ if (identity_passphrase) old_passphrase = xstrdup(identity_passphrase); else old_passphrase = read_passphrase("Enter old passphrase: ", 1); - /* Try to load using the passphrase. */ if (!load_private_key(identity_file, old_passphrase, private_key, &comment)) { memset(old_passphrase, 0, strlen(old_passphrase)); xfree(old_passphrase); printf("Bad passphrase.\n"); exit(1); } - /* Destroy the passphrase. */ memset(old_passphrase, 0, strlen(old_passphrase)); xfree(old_passphrase); } @@ -226,24 +223,24 @@ do_change_comment(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - /* Check if the file exists. */ if (stat(identity_file, &st) < 0) { perror(identity_file); exit(1); } - /* Try to load the public key from the file the verify that it is - readable and of the proper format. */ + /* + * Try to load the public key from the file the verify that it is + * readable and of the proper format. + */ public_key = RSA_new(); if (!load_public_key(identity_file, public_key, NULL)) { printf("%s is not a valid key file.\n", identity_file); exit(1); } private_key = RSA_new(); - /* Try to load the file with empty passphrase. */ + if (load_private_key(identity_file, "", private_key, &comment)) passphrase = xstrdup(""); else { - /* Read passphrase from the user. */ if (identity_passphrase) passphrase = xstrdup(identity_passphrase); else if (identity_new_passphrase) @@ -270,7 +267,6 @@ do_change_comment(struct passwd *pw) RSA_free(private_key); exit(1); } - /* Remove terminating newline from comment. */ if (strchr(new_comment, '\n')) *strchr(new_comment, '\n') = 0; } @@ -285,13 +281,10 @@ do_change_comment(struct passwd *pw) xfree(comment); exit(1); } - /* Destroy the passphrase and the private key in memory. */ memset(passphrase, 0, strlen(passphrase)); xfree(passphrase); RSA_free(private_key); - /* Save the public key in text format in a file with the same name - but .pub appended. */ strlcat(identity_file, ".pub", sizeof(identity_file)); f = fopen(identity_file, "w"); if (!f) { @@ -339,21 +332,18 @@ main(int ac, char **av) /* check if RSA support exists */ if (rsa_alive() == 0) { - extern char *__progname; - fprintf(stderr, "%s: no RSA support in libssl and libcrypto. See ssl(8).\n", __progname); exit(1); } - /* Get user\'s passwd structure. We need this for the home - directory. */ + /* we need this for the home * directory. */ pw = getpwuid(getuid()); if (!pw) { printf("You don't exist, go away!\n"); exit(1); } - /* Parse command line arguments. */ + while ((opt = getopt(ac, av, "qpclb:f:P:N:C:")) != EOF) { switch (opt) { case 'b': @@ -412,14 +402,8 @@ main(int ac, char **av) } if (print_fingerprint) do_fingerprint(pw); - - /* If the user requested to change the passphrase, do it now. - This function never returns. */ if (change_passphrase) do_change_passphrase(pw); - - /* If the user requested to change the comment, do it now. This - function never returns. */ if (change_comment) do_change_comment(pw); @@ -480,11 +464,10 @@ passphrase_again: xfree(passphrase2); } - /* Create default commend field for the passphrase. The user can - later edit this field. */ if (identity_comment) { strlcpy(comment, identity_comment, sizeof(comment)); } else { + /* Create default commend field for the passphrase. */ if (gethostname(hostname, sizeof(hostname)) < 0) { perror("gethostname"); exit(1); @@ -511,8 +494,6 @@ passphrase_again: if (!quiet) printf("Your identification has been saved in %s.\n", identity_file); - /* Save the public key in text format in a file with the same name - but .pub appended. */ strlcat(identity_file, ".pub", sizeof(identity_file)); f = fopen(identity_file, "w"); if (!f) { diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 1755f17e54d..cef5247e7d3 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.32 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$Id: ssh.c,v 1.33 1999/11/24 19:53:52 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -24,35 +24,43 @@ RCSID("$Id: ssh.c,v 1.32 1999/11/24 00:26:03 deraadt Exp $"); /* Flag indicating whether debug mode is on. This can be set on the command line. */ int debug_flag = 0; -/* Flag indicating whether to allocate a pseudo tty. This can be set on the command - line, and is automatically set if no command is given on the command line. */ int tty_flag = 0; -/* Flag indicating that nothing should be read from stdin. This can be set - on the command line. */ +/* + * Flag indicating that nothing should be read from stdin. This can be set + * on the command line. + */ int stdin_null_flag = 0; -/* Flag indicating that ssh should fork after authentication. This is useful - so that the pasphrase can be entered manually, and then ssh goes to the - background. */ +/* + * Flag indicating that ssh should fork after authentication. This is useful + * so that the pasphrase can be entered manually, and then ssh goes to the + * background. + */ int fork_after_authentication_flag = 0; -/* General data structure for command line options and options configurable - in configuration files. See readconf.h. */ +/* + * General data structure for command line options and options configurable + * in configuration files. See readconf.h. + */ Options options; -/* Name of the host we are connecting to. This is the name given on the - command line, or the HostName specified for the user-supplied name - in a configuration file. */ +/* + * Name of the host we are connecting to. This is the name given on the + * command line, or the HostName specified for the user-supplied name in a + * configuration file. + */ char *host; /* socket address the host resolves to */ struct sockaddr_in hostaddr; -/* Flag to indicate that we have received a window change signal which has - not yet been processed. This will cause a message indicating the new - window size to be sent to the server a little later. This is volatile - because this is updated in a signal handler. */ +/* + * Flag to indicate that we have received a window change signal which has + * not yet been processed. This will cause a message indicating the new + * window size to be sent to the server a little later. This is volatile + * because this is updated in a signal handler. + */ volatile int received_window_change_signal = 0; /* Value of argv[0] (set in the main program). */ @@ -159,8 +167,10 @@ main(int ac, char **av) uid_t original_effective_uid; int plen; - /* Save the original real uid. It will be needed later - (uid-swapping may clobber the real uid). */ + /* + * Save the original real uid. It will be needed later (uid-swapping + * may clobber the real uid). + */ original_real_uid = getuid(); original_effective_uid = geteuid(); @@ -171,18 +181,21 @@ main(int ac, char **av) if (setrlimit(RLIMIT_CORE, &rlim) < 0) fatal("setrlimit failed: %.100s", strerror(errno)); } - /* Use uid-swapping to give up root privileges for the duration of - option processing. We will re-instantiate the rights when we - are ready to create the privileged port, and will permanently - drop them when the port has been created (actually, when the - connection has been made, as we may need to create the port - several times). */ + /* + * Use uid-swapping to give up root privileges for the duration of + * option processing. We will re-instantiate the rights when we are + * ready to create the privileged port, and will permanently drop + * them when the port has been created (actually, when the connection + * has been made, as we may need to create the port several times). + */ temporarily_use_uid(original_real_uid); - /* Set our umask to something reasonable, as some files are - created with the default umask. This will make them - world-readable but writable only by the owner, which is ok for - all files for which we don't set the modes explicitly. */ + /* + * Set our umask to something reasonable, as some files are created + * with the default umask. This will make them world-readable but + * writable only by the owner, which is ok for all files for which we + * don't set the modes explicitly. + */ umask(022); /* Save our own name. */ @@ -383,10 +396,11 @@ main(int ac, char **av) /* Initialize the command to execute on remote host. */ buffer_init(&command); - /* Save the command to execute on the remote host in a buffer. - There is no limit on the length of the command, except by the - maximum packet size. Also sets the tty flag if there is no - command. */ + /* + * Save the command to execute on the remote host in a buffer. There + * is no limit on the length of the command, except by the maximum + * packet size. Also sets the tty flag if there is no command. + */ if (optind == ac) { /* No command specified - execute shell on a tty. */ tty_flag = 1; @@ -470,11 +484,15 @@ main(int ac, char **av) options.rhosts_authentication = 0; options.rhosts_rsa_authentication = 0; } - /* If using rsh has been selected, exec it now (without trying - anything else). Note that we must release privileges first. */ + /* + * If using rsh has been selected, exec it now (without trying + * anything else). Note that we must release privileges first. + */ if (options.use_rsh) { - /* Restore our superuser privileges. This must be done - before permanently setting the uid. */ + /* + * Restore our superuser privileges. This must be done + * before permanently setting the uid. + */ restore_uid(); /* Switch to the original uid permanently. */ @@ -487,8 +505,10 @@ main(int ac, char **av) /* Restore our superuser privileges. */ restore_uid(); - /* Open a connection to the remote host. This needs root - privileges if rhosts_{rsa_}authentication is enabled. */ + /* + * Open a connection to the remote host. This needs root privileges + * if rhosts_{rsa_}authentication is enabled. + */ ok = ssh_connect(host, &hostaddr, options.port, options.connection_attempts, @@ -497,31 +517,38 @@ main(int ac, char **av) original_real_uid, options.proxy_command); - /* If we successfully made the connection, load the host private - key in case we will need it later for combined rsa-rhosts - authentication. This must be done before releasing extra - privileges, because the file is only readable by root. */ + /* + * If we successfully made the connection, load the host private key + * in case we will need it later for combined rsa-rhosts + * authentication. This must be done before releasing extra + * privileges, because the file is only readable by root. + */ if (ok) { host_private_key = RSA_new(); if (load_private_key(HOST_KEY_FILE, "", host_private_key, NULL)) host_private_key_loaded = 1; } - /* Get rid of any extra privileges that we may have. We will no - longer need them. Also, extra privileges could make it very - hard to read identity files and other non-world-readable files - from the user's home directory if it happens to be on a NFS - volume where root is mapped to nobody. */ - - /* Note that some legacy systems need to postpone the following - call to permanently_set_uid() until the private hostkey is - destroyed with RSA_free(). Otherwise the calling user could - ptrace() the process, read the private hostkey and impersonate - the host. OpenBSD does not allow ptracing of setuid processes. */ - + /* + * Get rid of any extra privileges that we may have. We will no + * longer need them. Also, extra privileges could make it very hard + * to read identity files and other non-world-readable files from the + * user's home directory if it happens to be on a NFS volume where + * root is mapped to nobody. + */ + + /* + * Note that some legacy systems need to postpone the following call + * to permanently_set_uid() until the private hostkey is destroyed + * with RSA_free(). Otherwise the calling user could ptrace() the + * process, read the private hostkey and impersonate the host. + * OpenBSD does not allow ptracing of setuid processes. + */ permanently_set_uid(original_real_uid); - /* Now that we are back to our own permissions, create ~/.ssh - directory if it doesn\'t already exist. */ + /* + * Now that we are back to our own permissions, create ~/.ssh + * directory if it doesn\'t already exist. + */ snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR); if (stat(buf, &st) < 0) if (mkdir(buf, 0755) < 0) @@ -649,12 +676,14 @@ main(int ac, char **av) if (f) pclose(f); #endif /* XAUTH_PATH */ - /* If we didn't get authentication data, just make up some - data. The forwarding code will check the validity of - the response anyway, and substitute this data. The X11 - server, however, will ignore this fake data and use - whatever authentication mechanisms it was using - otherwise for the local connection. */ + /* + * If we didn't get authentication data, just make up some + * data. The forwarding code will check the validity of the + * response anyway, and substitute this data. The X11 + * server, however, will ignore this fake data and use + * whatever authentication mechanisms it was using otherwise + * for the local connection. + */ if (!got_data) { u_int32_t rand = 0; @@ -666,8 +695,10 @@ main(int ac, char **av) rand >>= 8; } } - /* Got local authentication reasonable information. - Request forwarding with authentication spoofing. */ + /* + * Got local authentication reasonable information. Request + * forwarding with authentication spoofing. + */ debug("Requesting X11 forwarding with authentication spoofing."); x11_request_forwarding_with_spoofing(proto, data); @@ -724,8 +755,10 @@ main(int ac, char **av) options.remote_forwards[i].host_port); } - /* If a command was specified on the command line, execute the - command now. Otherwise request the server to start a shell. */ + /* + * If a command was specified on the command line, execute the + * command now. Otherwise request the server to start a shell. + */ if (buffer_len(&command) > 0) { int len = buffer_len(&command); if (len > 900) diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h index ec43f932dff..5f5b351728f 100644 --- a/usr.bin/ssh/ssh.h +++ b/usr.bin/ssh/ssh.h @@ -13,7 +13,7 @@ * */ -/* RCSID("$Id: ssh.h,v 1.25 1999/11/24 00:26:03 deraadt Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.26 1999/11/24 19:53:52 markus Exp $"); */ #ifndef SSH_H #define SSH_H @@ -21,9 +21,11 @@ #include "rsa.h" #include "cipher.h" -/* The default cipher used if IDEA is not supported by the remote host. - It is recommended that this be one of the mandatory ciphers (DES, 3DES), - though that is not required. */ +/* + * The default cipher used if IDEA is not supported by the remote host. It is + * recommended that this be one of the mandatory ciphers (DES, 3DES), though + * that is not required. + */ #define SSH_FALLBACK_CIPHER SSH_CIPHER_3DES /* Cipher used for encrypting authentication files. */ @@ -35,108 +37,138 @@ /* Maximum number of TCP/IP ports forwarded per direction. */ #define SSH_MAX_FORWARDS_PER_DIRECTION 100 -/* Maximum number of RSA authentication identity files that can be specified - in configuration files or on the command line. */ +/* + * Maximum number of RSA authentication identity files that can be specified + * in configuration files or on the command line. + */ #define SSH_MAX_IDENTITY_FILES 100 -/* Major protocol version. Different version indicates major incompatiblity - that prevents communication. */ +/* + * Major protocol version. Different version indicates major incompatiblity + * that prevents communication. + */ #define PROTOCOL_MAJOR 1 -/* Minor protocol version. Different version indicates minor incompatibility - that does not prevent interoperation. */ +/* + * Minor protocol version. Different version indicates minor incompatibility + * that does not prevent interoperation. + */ #define PROTOCOL_MINOR 5 -/* Name for the service. The port named by this service overrides the default - port if present. */ +/* + * Name for the service. The port named by this service overrides the + * default port if present. + */ #define SSH_SERVICE_NAME "ssh" #define ETCDIR "/etc" #define PIDDIR "/var/run" -/* System-wide file containing host keys of known hosts. This file should be - world-readable. */ +/* + * System-wide file containing host keys of known hosts. This file should be + * world-readable. + */ #define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" -/* HOST_KEY_FILE /etc/ssh_host_key, - SERVER_CONFIG_FILE /etc/sshd_config, -and HOST_CONFIG_FILE /etc/ssh_config -are all defined in Makefile.in. Of these, ssh_host_key should be readable -only by root, whereas ssh_config should be world-readable. */ - -#define HOST_KEY_FILE "/etc/ssh_host_key" -#define SERVER_CONFIG_FILE "/etc/sshd_config" -#define HOST_CONFIG_FILE "/etc/ssh_config" +/* + * Of these, ssh_host_key must be readable only by root, whereas ssh_config + * should be world-readable. + */ +#define HOST_KEY_FILE ETCDIR "/ssh_host_key" +#define SERVER_CONFIG_FILE ETCDIR "/sshd_config" +#define HOST_CONFIG_FILE ETCDIR "/ssh_config" #define SSH_PROGRAM "/usr/bin/ssh" -/* The process id of the daemon listening for connections is saved - here to make it easier to kill the correct daemon when necessary. */ +/* + * The process id of the daemon listening for connections is saved here to + * make it easier to kill the correct daemon when necessary. + */ #define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid" -/* The directory in user\'s home directory in which the files reside. - The directory should be world-readable (though not all files are). */ +/* + * The directory in user\'s home directory in which the files reside. The + * directory should be world-readable (though not all files are). + */ #define SSH_USER_DIR ".ssh" -/* Per-user file containing host keys of known hosts. This file need - not be readable by anyone except the user him/herself, though this does - not contain anything particularly secret. */ +/* + * Per-user file containing host keys of known hosts. This file need not be + * readable by anyone except the user him/herself, though this does not + * contain anything particularly secret. + */ #define SSH_USER_HOSTFILE "~/.ssh/known_hosts" -/* Name of the default file containing client-side authentication key. - This file should only be readable by the user him/herself. */ +/* + * Name of the default file containing client-side authentication key. This + * file should only be readable by the user him/herself. + */ #define SSH_CLIENT_IDENTITY ".ssh/identity" -/* Configuration file in user\'s home directory. This file need not be - readable by anyone but the user him/herself, but does not contain - anything particularly secret. If the user\'s home directory resides - on an NFS volume where root is mapped to nobody, this may need to be - world-readable. */ +/* + * Configuration file in user\'s home directory. This file need not be + * readable by anyone but the user him/herself, but does not contain anything + * particularly secret. If the user\'s home directory resides on an NFS + * volume where root is mapped to nobody, this may need to be world-readable. + */ #define SSH_USER_CONFFILE ".ssh/config" -/* File containing a list of those rsa keys that permit logging in as - this user. This file need not be - readable by anyone but the user him/herself, but does not contain - anything particularly secret. If the user\'s home directory resides - on an NFS volume where root is mapped to nobody, this may need to be - world-readable. (This file is read by the daemon which is running as - root.) */ +/* + * File containing a list of those rsa keys that permit logging in as this + * user. This file need not be readable by anyone but the user him/herself, + * but does not contain anything particularly secret. If the user\'s home + * directory resides on an NFS volume where root is mapped to nobody, this + * may need to be world-readable. (This file is read by the daemon which is + * running as root.) + */ #define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" -/* Per-user and system-wide ssh "rc" files. These files are executed with - /bin/sh before starting the shell or command if they exist. They - will be passed "proto cookie" as arguments if X11 forwarding with - spoofing is in use. xauth will be run if neither of these exists. */ +/* + * Per-user and system-wide ssh "rc" files. These files are executed with + * /bin/sh before starting the shell or command if they exist. They will be + * passed "proto cookie" as arguments if X11 forwarding with spoofing is in + * use. xauth will be run if neither of these exists. + */ #define SSH_USER_RC ".ssh/rc" #define SSH_SYSTEM_RC ETCDIR "/sshrc" -/* Ssh-only version of /etc/hosts.equiv. */ +/* + * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use + * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. + */ #define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv" -/* Additionally, the daemon may use ~/.rhosts and /etc/hosts.equiv if - rhosts authentication is enabled. */ - -/* Name of the environment variable containing the pathname of the - authentication socket. */ +/* + * Name of the environment variable containing the pathname of the + * authentication socket. + */ #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" -/* Name of the environment variable containing the pathname of the - authentication socket. */ +/* + * Name of the environment variable containing the pathname of the + * authentication socket. + */ #define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" -/* Force host key length and server key length to differ by at least this - many bits. This is to make double encryption with rsaref work. */ +/* + * Force host key length and server key length to differ by at least this + * many bits. This is to make double encryption with rsaref work. + */ #define SSH_KEY_BITS_RESERVED 128 -/* Length of the session key in bytes. (Specified as 256 bits in the - protocol.) */ +/* + * Length of the session key in bytes. (Specified as 256 bits in the + * protocol.) + */ #define SSH_SESSION_KEY_LENGTH 32 /* Name of Kerberos service for SSH to use. */ #define KRB4_SERVICE_NAME "rcmd" -/* Authentication methods. New types can be added, but old types should not - be removed for compatibility. The maximum allowed value is 31. */ +/* + * Authentication methods. New types can be added, but old types should not + * be removed for compatibility. The maximum allowed value is 31. + */ #define SSH_AUTH_RHOSTS 1 #define SSH_AUTH_RSA 2 #define SSH_AUTH_PASSWORD 3 @@ -144,20 +176,20 @@ only by root, whereas ssh_config should be world-readable. */ #define SSH_AUTH_TIS 5 #define SSH_AUTH_KERBEROS 6 #define SSH_PASS_KERBEROS_TGT 7 - /* 8 to 15 are reserved */ + /* 8 to 15 are reserved */ #define SSH_PASS_AFS_TOKEN 21 /* Protocol flags. These are bit masks. */ -#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes - * screen */ -#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain - * host */ - -/* Definition of message types. New values can be added, but old values - should not be removed or without careful consideration of the consequences - for compatibility. The maximum value is 254; value 255 is reserved - for future extension. */ - /* Message name *//* msg code *//* arguments */ +#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ +#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */ + +/* + * Definition of message types. New values can be added, but old values + * should not be removed or without careful consideration of the consequences + * for compatibility. The maximum value is 254; value 255 is reserved for + * future extension. + */ +/* Message name */ /* msg code */ /* arguments */ #define SSH_MSG_NONE 0 /* no message */ #define SSH_MSG_DISCONNECT 1 /* cause (string) */ #define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ @@ -207,45 +239,54 @@ only by root, whereas ssh_config should be world-readable. */ /*------------ definitions for login.c -------------*/ -/* Returns the time when the user last logged in. Returns 0 if the - information is not available. This must be called before record_login. - The host from which the user logged in is stored in buf. */ +/* + * Returns the time when the user last logged in. Returns 0 if the + * information is not available. This must be called before record_login. + * The host from which the user logged in is stored in buf. + */ unsigned long get_last_login_time(uid_t uid, const char *logname, char *buf, unsigned int bufsize); -/* Records that the user has logged in. This does many things normally - done by login(1). */ +/* + * Records that the user has logged in. This does many things normally done + * by login(1). + */ void record_login(int pid, const char *ttyname, const char *user, uid_t uid, const char *host, struct sockaddr_in * addr); -/* Records that the user has logged out. This does many thigs normally - done by login(1) or init. */ +/* + * Records that the user has logged out. This does many thigs normally done + * by login(1) or init. + */ void record_logout(int pid, const char *ttyname); /*------------ definitions for sshconnect.c ----------*/ -/* Opens a TCP/IP connection to the remote server on the given host. If - port is 0, the default port will be used. If anonymous is zero, - a privileged port will be allocated to make the connection. - This requires super-user privileges if anonymous is false. - Connection_attempts specifies the maximum number of tries, one per - second. This returns true on success, and zero on failure. If the - connection is successful, this calls packet_set_connection for the - connection. */ +/* + * Opens a TCP/IP connection to the remote server on the given host. If port + * is 0, the default port will be used. If anonymous is zero, a privileged + * port will be allocated to make the connection. This requires super-user + * privileges if anonymous is false. Connection_attempts specifies the + * maximum number of tries, one per second. This returns true on success, + * and zero on failure. If the connection is successful, this calls + * packet_set_connection for the connection. + */ int ssh_connect(const char *host, struct sockaddr_in * hostaddr, int port, int connection_attempts, int anonymous, uid_t original_real_uid, const char *proxy_command); -/* Starts a dialog with the server, and authenticates the current user on the - server. This does not need any extra privileges. The basic connection - to the server must already have been established before this is called. - If login fails, this function prints an error and never returns. - This initializes the random state, and leaves it initialized (it will also - have references from the packet module). */ +/* + * Starts a dialog with the server, and authenticates the current user on the + * server. This does not need any extra privileges. The basic connection to + * the server must already have been established before this is called. If + * login fails, this function prints an error and never returns. This + * initializes the random state, and leaves it initialized (it will also have + * references from the packet module). + */ void ssh_login(int host_key_valid, RSA * host_key, const char *host, @@ -253,41 +294,57 @@ ssh_login(int host_key_valid, RSA * host_key, const char *host, /*------------ Definitions for various authentication methods. -------*/ -/* Tries to authenticate the user using the .rhosts file. Returns true if - authentication succeeds. If ignore_rhosts is non-zero, this will not - consider .rhosts and .shosts (/etc/hosts.equiv will still be used). */ +/* + * Tries to authenticate the user using the .rhosts file. Returns true if + * authentication succeeds. If ignore_rhosts is non-zero, this will not + * consider .rhosts and .shosts (/etc/hosts.equiv will still be used). + */ int auth_rhosts(struct passwd * pw, const char *client_user); -/* Tries to authenticate the user using the .rhosts file and the host using - its host key. Returns true if authentication succeeds. */ +/* + * Tries to authenticate the user using the .rhosts file and the host using + * its host key. Returns true if authentication succeeds. + */ int auth_rhosts_rsa(struct passwd * pw, const char *client_user, BIGNUM * client_host_key_e, BIGNUM * client_host_key_n); -/* Tries to authenticate the user using password. Returns true if - authentication succeeds. */ +/* + * Tries to authenticate the user using password. Returns true if + * authentication succeeds. + */ int auth_password(struct passwd * pw, const char *password); -/* Performs the RSA authentication dialog with the client. This returns - 0 if the client could not be authenticated, and 1 if authentication was - successful. This may exit if there is a serious protocol violation. */ +/* + * Performs the RSA authentication dialog with the client. This returns 0 if + * the client could not be authenticated, and 1 if authentication was + * successful. This may exit if there is a serious protocol violation. + */ int auth_rsa(struct passwd * pw, BIGNUM * client_n); -/* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer - over the key. Skips any whitespace at the beginning and at end. */ +/* + * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer + * over the key. Skips any whitespace at the beginning and at end. + */ int auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n); -/* Returns the name of the machine at the other end of the socket. The - returned string should be freed by the caller. */ +/* + * Returns the name of the machine at the other end of the socket. The + * returned string should be freed by the caller. + */ char *get_remote_hostname(int socket); -/* Return the canonical name of the host in the other side of the current - connection (as returned by packet_get_connection). The host name is - cached, so it is efficient to call this several times. */ +/* + * Return the canonical name of the host in the other side of the current + * connection (as returned by packet_get_connection). The host name is + * cached, so it is efficient to call this several times. + */ const char *get_canonical_hostname(void); -/* Returns the remote IP address as an ascii string. The value need not be - freed by the caller. */ +/* + * Returns the remote IP address as an ascii string. The value need not be + * freed by the caller. + */ const char *get_remote_ipaddr(void); /* Returns the port number of the peer of the socket. */ @@ -296,16 +353,20 @@ int get_peer_port(int sock); /* Returns the port number of the remote host. */ int get_remote_port(void); -/* Tries to match the host name (which must be in all lowercase) against the - comma-separated sequence of subpatterns (each possibly preceded by ! to - indicate negation). Returns true if there is a positive match; zero - otherwise. */ +/* + * Tries to match the host name (which must be in all lowercase) against the + * comma-separated sequence of subpatterns (each possibly preceded by ! to + * indicate negation). Returns true if there is a positive match; zero + * otherwise. + */ int match_hostname(const char *host, const char *pattern, unsigned int len); -/* Checks whether the given host is already in the list of our known hosts. - Returns HOST_OK if the host is known and has the specified key, - HOST_NEW if the host is not known, and HOST_CHANGED if the host is known - but used to have a different host key. The host must be in all lowercase. */ +/* + * Checks whether the given host is already in the list of our known hosts. + * Returns HOST_OK if the host is known and has the specified key, HOST_NEW + * if the host is not known, and HOST_CHANGED if the host is known but used + * to have a different host key. The host must be in all lowercase. + */ typedef enum { HOST_OK, HOST_NEW, HOST_CHANGED } HostStatus; @@ -313,43 +374,55 @@ HostStatus check_host_in_hostfile(const char *filename, const char *host, BIGNUM * e, BIGNUM * n, BIGNUM * ke, BIGNUM * kn); -/* Appends an entry to the host file. Returns false if the entry - could not be appended. */ +/* + * Appends an entry to the host file. Returns false if the entry could not + * be appended. + */ int add_host_to_hostfile(const char *filename, const char *host, BIGNUM * e, BIGNUM * n); -/* Performs the RSA authentication challenge-response dialog with the client, - and returns true (non-zero) if the client gave the correct answer to - our challenge; returns zero if the client gives a wrong answer. */ +/* + * Performs the RSA authentication challenge-response dialog with the client, + * and returns true (non-zero) if the client gave the correct answer to our + * challenge; returns zero if the client gives a wrong answer. + */ int auth_rsa_challenge_dialog(BIGNUM * e, BIGNUM * n); -/* Reads a passphrase from /dev/tty with echo turned off. Returns the - passphrase (allocated with xmalloc). Exits if EOF is encountered. - If from_stdin is true, the passphrase will be read from stdin instead. */ +/* + * Reads a passphrase from /dev/tty with echo turned off. Returns the + * passphrase (allocated with xmalloc). Exits if EOF is encountered. If + * from_stdin is true, the passphrase will be read from stdin instead. + */ char *read_passphrase(const char *prompt, int from_stdin); -/* Saves the authentication (private) key in a file, encrypting it with - passphrase. The identification of the file (lowest 64 bits of n) - will precede the key to provide identification of the key without - needing a passphrase. */ +/* + * Saves the authentication (private) key in a file, encrypting it with + * passphrase. The identification of the file (lowest 64 bits of n) will + * precede the key to provide identification of the key without needing a + * passphrase. + */ int save_private_key(const char *filename, const char *passphrase, RSA * private_key, const char *comment); -/* Loads the public part of the key file (public key and comment). - Returns 0 if an error occurred; zero if the public key was successfully - read. The comment of the key is returned in comment_return if it is - non-NULL; the caller must free the value with xfree. */ +/* + * Loads the public part of the key file (public key and comment). Returns 0 + * if an error occurred; zero if the public key was successfully read. The + * comment of the key is returned in comment_return if it is non-NULL; the + * caller must free the value with xfree. + */ int load_public_key(const char *filename, RSA * pub, char **comment_return); -/* Loads the private key from the file. Returns 0 if an error is encountered - (file does not exist or is not readable, or passphrase is bad). - This initializes the private key. The comment of the key is returned - in comment_return if it is non-NULL; the caller must free the value - with xfree. */ +/* + * Loads the private key from the file. Returns 0 if an error is encountered + * (file does not exist or is not readable, or passphrase is bad). This + * initializes the private key. The comment of the key is returned in + * comment_return if it is non-NULL; the caller must free the value with + * xfree. + */ int load_private_key(const char *filename, const char *passphrase, RSA * private_key, char **comment_return); @@ -399,9 +472,11 @@ void debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); /* same as fatal() but w/o logging */ void fatal_cleanup(void); -/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting. - It is permissible to call fatal_remove_cleanup for the function itself - from the function. */ +/* + * Registers a cleanup function to be called by fatal()/fatal_cleanup() + * before exiting. It is permissible to call fatal_remove_cleanup for the + * function itself from the function. + */ void fatal_add_cleanup(void (*proc) (void *context), void *context); /* Removes a cleanup function to be called at fatal(). */ @@ -412,9 +487,11 @@ void fatal_remove_cleanup(void (*proc) (void *context), void *context); /* Sets specific protocol options. */ void channel_set_options(int hostname_in_open); -/* Allocate a new channel object and set its type and socket. Remote_name - must have been allocated with xmalloc; this will free it when the channel - is freed. */ +/* + * Allocate a new channel object and set its type and socket. Remote_name + * must have been allocated with xmalloc; this will free it when the channel + * is freed. + */ int channel_allocate(int type, int sock, char *remote_name); /* Free the channel and close its socket. */ @@ -423,16 +500,20 @@ void channel_free(int channel); /* Add any bits relevant to channels in select bitmasks. */ void channel_prepare_select(fd_set * readset, fd_set * writeset); -/* After select, perform any appropriate operations for channels which - have events pending. */ +/* + * After select, perform any appropriate operations for channels which have + * events pending. + */ void channel_after_select(fd_set * readset, fd_set * writeset); /* If there is data to send to the connection, send some of it now. */ void channel_output_poll(void); -/* This is called when a packet of type CHANNEL_DATA has just been received. - The message type has already been consumed, but channel number and data - is still there. */ +/* + * This is called when a packet of type CHANNEL_DATA has just been received. + * The message type has already been consumed, but channel number and data is + * still there. + */ void channel_input_data(int payload_len); /* Returns true if no channel has too much buffered data. */ @@ -454,8 +535,10 @@ void channel_input_open_failure(void); any unix domain sockets. */ void channel_stop_listening(void); -/* Closes the sockets of all channels. This is used to close extra file - descriptors after a fork. */ +/* + * Closes the sockets of all channels. This is used to close extra file + * descriptors after a fork. + */ void channel_close_all(void); /* Returns the maximum file descriptor number used by the channels. */ @@ -464,92 +547,123 @@ int channel_max_fd(void); /* Returns true if there is still an open channel over the connection. */ int channel_still_open(void); -/* Returns a string containing a list of all open channels. The list is - suitable for displaying to the user. It uses crlf instead of newlines. - The caller should free the string with xfree. */ +/* + * Returns a string containing a list of all open channels. The list is + * suitable for displaying to the user. It uses crlf instead of newlines. + * The caller should free the string with xfree. + */ char *channel_open_message(void); -/* Initiate forwarding of connections to local port "port" through the secure - channel to host:port from remote side. This never returns if there - was an error. */ +/* + * Initiate forwarding of connections to local port "port" through the secure + * channel to host:port from remote side. This never returns if there was an + * error. + */ void channel_request_local_forwarding(int port, const char *host, int remote_port); -/* Initiate forwarding of connections to port "port" on remote host through - the secure channel to host:port from local side. This never returns - if there was an error. This registers that open requests for that - port are permitted. */ +/* + * Initiate forwarding of connections to port "port" on remote host through + * the secure channel to host:port from local side. This never returns if + * there was an error. This registers that open requests for that port are + * permitted. + */ void channel_request_remote_forwarding(int port, const char *host, int remote_port); -/* Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually - called by the server, because the user could connect to any port anyway, - and the server has no way to know but to trust the client anyway. */ +/* + * Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually + * called by the server, because the user could connect to any port anyway, + * and the server has no way to know but to trust the client anyway. + */ void channel_permit_all_opens(void); -/* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates - listening for the port, and sends back a success reply (or disconnect - message if there was an error). This never returns if there was an - error. */ +/* + * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates + * listening for the port, and sends back a success reply (or disconnect + * message if there was an error). This never returns if there was an error. + */ void channel_input_port_forward_request(int is_root); -/* This is called after receiving PORT_OPEN message. This attempts to connect - to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION or - CHANNEL_OPEN_FAILURE. */ +/* + * This is called after receiving PORT_OPEN message. This attempts to + * connect to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION + * or CHANNEL_OPEN_FAILURE. + */ void channel_input_port_open(int payload_len); -/* Creates a port for X11 connections, and starts listening for it. - Returns the display name, or NULL if an error was encountered. */ +/* + * Creates a port for X11 connections, and starts listening for it. Returns + * the display name, or NULL if an error was encountered. + */ char *x11_create_display(int screen); -/* Creates an internet domain socket for listening for X11 connections. - Returns a suitable value for the DISPLAY variable, or NULL if an error - occurs. */ +/* + * Creates an internet domain socket for listening for X11 connections. + * Returns a suitable value for the DISPLAY variable, or NULL if an error + * occurs. + */ char *x11_create_display_inet(int screen); -/* This is called when SSH_SMSG_X11_OPEN is received. The packet contains - the remote channel number. We should do whatever we want, and respond - with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. */ +/* + * This is called when SSH_SMSG_X11_OPEN is received. The packet contains + * the remote channel number. We should do whatever we want, and respond + * with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. + */ void x11_input_open(int payload_len); -/* Requests forwarding of X11 connections. This should be called on the - client only. */ +/* + * Requests forwarding of X11 connections. This should be called on the + * client only. + */ void x11_request_forwarding(void); -/* Requests forwarding for X11 connections, with authentication spoofing. - This should be called in the client only. */ +/* + * Requests forwarding for X11 connections, with authentication spoofing. + * This should be called in the client only. + */ void x11_request_forwarding_with_spoofing(const char *proto, const char *data); /* Sends a message to the server to request authentication fd forwarding. */ void auth_request_forwarding(void); -/* Returns the name of the forwarded authentication socket. Returns NULL - if there is no forwarded authentication socket. The returned value points - to a static buffer. */ +/* + * Returns the name of the forwarded authentication socket. Returns NULL if + * there is no forwarded authentication socket. The returned value points to + * a static buffer. + */ char *auth_get_socket_name(void); -/* This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. - This starts forwarding authentication requests. */ +/* + * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. + * This starts forwarding authentication requests. + */ void auth_input_request_forwarding(struct passwd * pw); /* This is called to process an SSH_SMSG_AGENT_OPEN message. */ void auth_input_open_request(void); -/* Returns true if the given string matches the pattern (which may contain - ? and * as wildcards), and zero if it does not match. */ +/* + * Returns true if the given string matches the pattern (which may contain ? + * and * as wildcards), and zero if it does not match. + */ int match_pattern(const char *s, const char *pattern); -/* Expands tildes in the file name. Returns data allocated by xmalloc. - Warning: this calls getpw*. */ +/* + * Expands tildes in the file name. Returns data allocated by xmalloc. + * Warning: this calls getpw*. + */ char *tilde_expand_filename(const char *filename, uid_t my_uid); -/* Performs the interactive session. This handles data transmission between - the client and the program. Note that the notion of stdin, stdout, and - stderr in this function is sort of reversed: this function writes to - stdin (of the child program), and reads from stdout and stderr (of the - child program). */ +/* + * Performs the interactive session. This handles data transmission between + * the client and the program. Note that the notion of stdin, stdout, and + * stderr in this function is sort of reversed: this function writes to stdin + * (of the child program), and reads from stdout and stderr (of the child + * program). + */ void server_loop(int pid, int fdin, int fdout, int fderr); /* Client side main loop for the interactive session. */ @@ -563,9 +677,11 @@ struct envstring { #ifdef KRB4 #include <krb.h> -/* Performs Kerberos v4 mutual authentication with the client. This returns - 0 if the client could not be authenticated, and 1 if authentication was - successful. This may exit if there is a serious protocol violation. */ +/* + * Performs Kerberos v4 mutual authentication with the client. This returns 0 + * if the client could not be authenticated, and 1 if authentication was + * successful. This may exit if there is a serious protocol violation. + */ int auth_krb4(const char *server_user, KTEXT auth, char **client); int krb4_init(uid_t uid); void krb4_cleanup_proc(void *ignore); diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 19a8235586f..c3ef1365043 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$Id: sshconnect.c,v 1.39 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$Id: sshconnect.c,v 1.40 1999/11/24 19:53:53 markus Exp $"); #include <ssl/bn.h> #include "xmalloc.h" @@ -136,8 +136,10 @@ ssh_create_socket(uid_t original_real_uid, int privileged) { int sock; - /* If we are running as root and want to connect to a privileged - port, bind our own socket to a privileged port. */ + /* + * If we are running as root and want to connect to a privileged + * port, bind our own socket to a privileged port. + */ if (privileged) { int p = IPPORT_RESERVED - 1; @@ -221,9 +223,11 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr, !anonymous && geteuid() == 0 && port < IPPORT_RESERVED); - /* Connect to the host. We use the user's uid in - the hope that it will help with the problems of - tcp_wrappers showing the remote uid as root. */ + /* + * Connect to the host. We use the user's uid in the + * hope that it will help with the problems of + * tcp_wrappers showing the remote uid as root. + */ temporarily_use_uid(original_real_uid); if (connect(sock, (struct sockaddr *) hostaddr, sizeof(*hostaddr)) >= 0) { @@ -264,8 +268,12 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr, !anonymous && geteuid() == 0 && port < IPPORT_RESERVED); - /* Connect to the host. We use the user's uid in the hope that - it will help with tcp_wrappers showing the remote uid as root. */ + /* + * Connect to the host. We use the user's + * uid in the hope that it will help with + * tcp_wrappers showing the remote uid as + * root. + */ temporarily_use_uid(original_real_uid); if (connect(sock, (struct sockaddr *) hostaddr, sizeof(*hostaddr)) >= 0) { @@ -276,8 +284,12 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr, debug("connect: %.100s", strerror(errno)); restore_uid(); - /* Close the failed socket; there appear to be some problems when - reusing a socket for which connect() has already returned an error. */ + /* + * Close the failed socket; there appear to + * be some problems when reusing a socket for + * which connect() has already returned an + * error. + */ shutdown(sock, SHUT_RDWR); close(sock); } @@ -294,10 +306,11 @@ ssh_connect(const char *host, struct sockaddr_in * hostaddr, debug("Connection established."); - /* Set socket options. We would like the socket to disappear as - soon as it has been closed for whatever reason. */ - /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, - sizeof(on)); */ + /* + * Set socket options. We would like the socket to disappear as soon + * as it has been closed for whatever reason. + */ + /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *) &on, sizeof(on)); linger.l_onoff = 1; linger.l_linger = 5; @@ -487,8 +500,10 @@ try_rsa_authentication(struct passwd * pw, const char *authfile) /* Wait for server's response. */ type = packet_read(&plen); - /* The server responds with failure if it doesn\'t like our key or - doesn\'t support RSA authentication. */ + /* + * The server responds with failure if it doesn\'t like our key or + * doesn\'t support RSA authentication. + */ if (type == SSH_SMSG_FAILURE) { debug("Server refused our key."); xfree(comment); @@ -508,8 +523,10 @@ try_rsa_authentication(struct passwd * pw, const char *authfile) debug("Received RSA challenge from server."); private_key = RSA_new(); - /* Load the private key. Try first with empty passphrase; if it - fails, ask for a passphrase. */ + /* + * Load the private key. Try first with empty passphrase; if it + * fails, ask for a passphrase. + */ if (!load_private_key(authfile, "", private_key, NULL)) { char buf[300]; snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ", @@ -714,9 +731,11 @@ try_kerberos_authentication() packet_integrity_check(plen, 4 + auth.length, type); - /* If his response isn't properly encrypted with the - session key, and the decrypted checksum fails to match, - he's bogus. Bail out. */ + /* + * If his response isn't properly encrypted with the session + * key, and the decrypted checksum fails to match, he's + * bogus. Bail out. + */ r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session, &foreign, &local, &msg_data); if (r != KSUCCESS) { @@ -888,8 +907,10 @@ ssh_exchange_identification() } buf[sizeof(buf) - 1] = 0; - /* Check that the versions match. In future this might accept - several versions and set appropriate flags to handle them. */ + /* + * Check that the versions match. In future this might accept + * several versions and set appropriate flags to handle them. + */ if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, remote_version) != 3) fatal("Bad remote protocol version identification: '%.100s'", buf); @@ -910,9 +931,11 @@ ssh_exchange_identification() } } #if 0 - /* Removed for now, to permit compatibility with latter versions. - The server will reject our version and disconnect if it doesn't - support it. */ + /* + * Removed for now, to permit compatibility with latter versions. The + * server will reject our version and disconnect if it doesn't + * support it. + */ if (remote_major != PROTOCOL_MAJOR) fatal("Protocol major versions differ: %d vs. %d", PROTOCOL_MAJOR, remote_major); @@ -1080,10 +1103,7 @@ ssh_login(int host_key_valid, protocol_flags = packet_get_int(); packet_set_protocol_flags(protocol_flags); - /* Get supported cipher types. */ supported_ciphers = packet_get_int(); - - /* Get supported authentication types. */ supported_authentications = packet_get_int(); debug("Received server public key (%d bits) and host key (%d bits).", @@ -1093,11 +1113,12 @@ ssh_login(int host_key_valid, 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, SSH_SMSG_PUBLIC_KEY); - /* Compute the session id. */ compute_session_id(session_id, check_bytes, host_key->n, public_key->n); - /* Check if the host key is present in the user\'s list of known - hosts or in the systemwide list. */ + /* + * Check if the host key is present in the user\'s list of known + * hosts or in the systemwide list. + */ host_status = check_host_in_hostfile(options.user_hostfile, host, host_key->e, host_key->n, file_key->e, file_key->n); @@ -1105,18 +1126,22 @@ ssh_login(int host_key_valid, host_status = check_host_in_hostfile(options.system_hostfile, host, host_key->e, host_key->n, file_key->e, file_key->n); - /* Force accepting of the host key for localhost and 127.0.0.1. - The problem is that if the home directory is NFS-mounted to - multiple machines, localhost will refer to a different machine - in each of them, and the user will get bogus HOST_CHANGED - warnings. This essentially disables host authentication for - localhost; however, this is probably not a real problem. */ + /* + * Force accepting of the host key for localhost and 127.0.0.1. The + * problem is that if the home directory is NFS-mounted to multiple + * machines, localhost will refer to a different machine in each of + * them, and the user will get bogus HOST_CHANGED warnings. This + * essentially disables host authentication for localhost; however, + * this is probably not a real problem. + */ if (local) { debug("Forcing accepting of host key for localhost."); host_status = HOST_OK; } - /* Also perform check for the ip address, skip the check if we are - localhost or the hostname was an ip address to begin with */ + /* + * Also perform check for the ip address, skip the check if we are + * localhost or the hostname was an ip address to begin with + */ if (options.check_host_ip && !local && strcmp(host, ip)) { RSA *ip_key = RSA_new(); ip_key->n = BN_new(); @@ -1220,13 +1245,18 @@ ssh_login(int host_key_valid, error("Add correct host key in %.100s to get rid of this message.", options.user_hostfile); - /* If strict host key checking is in use, the user will - have to edit the key manually and we can only abort. */ + /* + * If strict host key checking is in use, the user will have + * to edit the key manually and we can only abort. + */ if (options.strict_host_key_checking) fatal("Host key for %.200s has changed and you have requested strict checking.", host); - /* If strict host key checking has not been requested, allow the connection - but without password authentication or agent forwarding. */ + /* + * If strict host key checking has not been requested, allow + * the connection but without password authentication or + * agent forwarding. + */ if (options.password_authentication) { error("Password authentication is disabled to avoid trojan horses."); options.password_authentication = 0; @@ -1235,11 +1265,13 @@ ssh_login(int host_key_valid, error("Agent forwarding is disabled to avoid trojan horses."); options.forward_agent = 0; } - /* XXX Should permit the user to change to use the new id. - This could be done by converting the host key to an - identifying sentence, tell that the host identifies - itself by that sentence, and ask the user if he/she - whishes to accept the authentication. */ + /* + * XXX Should permit the user to change to use the new id. + * This could be done by converting the host key to an + * identifying sentence, tell that the host identifies itself + * by that sentence, and ask the user if he/she whishes to + * accept the authentication. + */ break; } @@ -1249,9 +1281,11 @@ ssh_login(int host_key_valid, /* Generate a session key. */ arc4random_stir(); - /* Generate an encryption key for the session. The key is a 256 - bit random number, interpreted as a 32-byte key, with the least - significant 8 bits being the first byte of the key. */ + /* + * Generate an encryption key for the session. The key is a 256 bit + * random number, interpreted as a 32-byte key, with the least + * significant 8 bits being the first byte of the key. + */ for (i = 0; i < 32; i++) { if (i % 4 == 0) rand = arc4random(); @@ -1259,9 +1293,11 @@ ssh_login(int host_key_valid, rand >>= 8; } - /* According to the protocol spec, the first byte of the session - key is the highest byte of the integer. The session key is - xored with the first 16 bytes of the session id. */ + /* + * According to the protocol spec, the first byte of the session key + * is the highest byte of the integer. The session key is xored with + * the first 16 bytes of the session id. + */ key = BN_new(); BN_set_word(key, 0); for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { @@ -1272,8 +1308,10 @@ ssh_login(int host_key_valid, BN_add_word(key, session_key[i]); } - /* Encrypt the integer using the public key and host key of the - server (key with smaller modulus first). */ + /* + * Encrypt the integer using the public key and host key of the + * server (key with smaller modulus first). + */ if (BN_cmp(public_key->n, host_key->n) < 0) { /* Public key has smaller modulus. */ if (BN_num_bits(host_key->n) < @@ -1348,8 +1386,10 @@ ssh_login(int host_key_valid, /* We will no longer need the session key here. Destroy any extra copies. */ memset(session_key, 0, sizeof(session_key)); - /* Expect a success message from the server. Note that this - message will be received in encrypted form. */ + /* + * Expect a success message from the server. Note that this message + * will be received in encrypted form. + */ packet_read_expect(&payload_len, SSH_SMSG_SUCCESS); debug("Received encrypted confirmation."); @@ -1360,9 +1400,11 @@ ssh_login(int host_key_valid, packet_send(); packet_write_wait(); - /* The server should respond with success if no authentication is - needed (the user has no password). Otherwise the server - responds with failure. */ + /* + * The server should respond with success if no authentication is + * needed (the user has no password). Otherwise the server responds + * with failure. + */ type = packet_read(&payload_len); /* check whether the connection was accepted without authentication. */ @@ -1404,8 +1446,10 @@ ssh_login(int host_key_valid, } #endif /* KRB4 */ - /* Use rhosts authentication if running in privileged socket and - we do not wish to remain anonymous. */ + /* + * Use rhosts authentication if running in privileged socket and we + * do not wish to remain anonymous. + */ if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && options.rhosts_authentication) { debug("Trying rhosts authentication."); @@ -1422,8 +1466,10 @@ ssh_login(int host_key_valid, packet_disconnect("Protocol error: got %d in response to rhosts auth", type); } - /* Try .rhosts or /etc/hosts.equiv authentication with RSA host - authentication. */ + /* + * Try .rhosts or /etc/hosts.equiv authentication with RSA host + * authentication. + */ if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) && options.rhosts_rsa_authentication && host_key_valid) { if (try_rhosts_rsa_authentication(local_user, own_host_key)) @@ -1432,10 +1478,11 @@ ssh_login(int host_key_valid, /* Try RSA authentication if the server supports it. */ if ((supported_authentications & (1 << SSH_AUTH_RSA)) && options.rsa_authentication) { - /* Try RSA authentication using the authentication agent. - The agent is tried first because no passphrase is - needed for it, whereas identity files may require - passphrases. */ + /* + * Try RSA authentication using the authentication agent. The + * agent is tried first because no passphrase is needed for + * it, whereas identity files may require passphrases. + */ if (try_agent_authentication()) return; diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 17800aeb221..27977aafb87 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.65 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$Id: sshd.c,v 1.66 1999/11/24 19:53:53 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -65,12 +65,16 @@ char *av0; /* Saved arguments to main(). */ char **saved_argv; -/* This is set to the socket that the server is listening; this is used in - the SIGHUP signal handler. */ +/* + * This is set to the socket that the server is listening; this is used in + * the SIGHUP signal handler. + */ int listen_sock; -/* the client's version string, passed by sshd2 in compat mode. - if != NULL, sshd will skip the version-number exchange */ +/* + * the client's version string, passed by sshd2 in compat mode. if != NULL, + * sshd will skip the version-number exchange + */ char *client_version_string = NULL; /* Flags set in auth-rsa from authorized_keys flags. These are set in auth-rsa.c. */ @@ -88,19 +92,23 @@ struct envstring *custom_environment = NULL; /* Session id for the current session. */ unsigned char session_id[16]; -/* Any really sensitive data in the application is contained in this structure. - The idea is that this structure could be locked into memory so that the - pages do not get written into swap. However, there are some problems. - The private key contains BIGNUMs, and we do not (in principle) have - access to the internals of them, and locking just the structure is not - very useful. Currently, memory locking is not implemented. */ +/* + * Any really sensitive data in the application is contained in this + * structure. The idea is that this structure could be locked into memory so + * that the pages do not get written into swap. However, there are some + * problems. The private key contains BIGNUMs, and we do not (in principle) + * have access to the internals of them, and locking just the structure is + * not very useful. Currently, memory locking is not implemented. + */ struct { RSA *private_key; /* Private part of server key. */ RSA *host_key; /* Private part of host key. */ } sensitive_data; -/* Flag indicating whether the current session key has been used. This flag - is set whenever the key is used, and cleared when the key is regenerated. */ +/* + * Flag indicating whether the current session key has been used. This flag + * is set whenever the key is used, and cleared when the key is regenerated. + */ int key_used = 0; /* This is set to true when SIGHUP is received. */ @@ -335,7 +343,7 @@ main(int ac, char **av) fprintf(stderr, "sshd version %s\n", SSH_VERSION); fprintf(stderr, "Usage: %s [options]\n", av0); fprintf(stderr, "Options:\n"); - fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR); + fprintf(stderr, " -f file Configuration file (default %s)\n", SERVER_CONFIG_FILE); fprintf(stderr, " -d Debugging mode\n"); fprintf(stderr, " -i Started from inetd\n"); fprintf(stderr, " -q Quiet (no logging)\n"); @@ -483,13 +491,11 @@ main(int ac, char **av) setsockopt(listen_sock, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger)); - /* Initialize the socket address. */ memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; sin.sin_addr = options.listen_addr; sin.sin_port = htons(options.port); - /* Bind the socket to the desired port. */ if (bind(listen_sock, (struct sockaddr *) & sin, sizeof(sin)) < 0) { error("bind: %.100s", strerror(errno)); shutdown(listen_sock, SHUT_RDWR); @@ -497,12 +503,13 @@ main(int ac, char **av) fatal("Bind to port %d failed.", options.port); } if (!debug_flag) { - /* Record our pid in /etc/sshd_pid to make it - easier to kill the correct sshd. We don\'t - want to do this before the bind above because - the bind will fail if there already is a - daemon, and this will overwrite any old pid in - the file. */ + /* + * Record our pid in /etc/sshd_pid to make it easier + * to kill the correct sshd. We don\'t want to do + * this before the bind above because the bind will + * fail if there already is a daemon, and this will + * overwrite any old pid in the file. + */ f = fopen(SSH_DAEMON_PID_FILE, "w"); if (f) { fprintf(f, "%u\n", (unsigned int) getpid()); @@ -535,8 +542,10 @@ main(int ac, char **av) /* Arrange SIGCHLD to be caught. */ signal(SIGCHLD, main_sigchld_handler); - /* Stay listening for connections until the system crashes - or the daemon is killed with a signal. */ + /* + * Stay listening for connections until the system crashes or + * the daemon is killed with a signal. + */ for (;;) { if (received_sighup) sighup_restart(); @@ -551,12 +560,16 @@ main(int ac, char **av) error("accept: %.100s", strerror(errno)); continue; } - /* Got connection. Fork a child to handle it, - unless we are in debugging mode. */ + /* + * Got connection. Fork a child to handle it, unless + * we are in debugging mode. + */ if (debug_flag) { - /* In debugging mode. Close the listening - socket, and start processing the - connection without forking. */ + /* + * In debugging mode. Close the listening + * socket, and start processing the + * connection without forking. + */ debug("Server will not fork when running in debugging mode."); close(listen_sock); sock_in = newsock; @@ -564,16 +577,17 @@ main(int ac, char **av) pid = getpid(); break; } else { - /* Normal production daemon. Fork, and - have the child process the connection. - The parent continues listening. */ + /* + * Normal production daemon. Fork, and have + * the child process the connection. The + * parent continues listening. + */ if ((pid = fork()) == 0) { - /* Child. Close the listening - socket, and start using the - accepted socket. Reinitialize - logging (since our pid has - changed). We break out of the - loop to handle the connection. */ + /* + * Child. Close the listening socket, and start using the + * accepted socket. Reinitialize logging (since our pid has + * changed). We break out of the loop to handle the connection. + */ close(listen_sock); sock_in = newsock; sock_out = newsock; @@ -600,9 +614,11 @@ main(int ac, char **av) /* This is the child processing a new connection. */ - /* Disable the key regeneration alarm. We will not regenerate the - key since we are no longer in a position to give it to anyone. - We will not restart on SIGHUP since it no longer makes sense. */ + /* + * Disable the key regeneration alarm. We will not regenerate the + * key since we are no longer in a position to give it to anyone. We + * will not restart on SIGHUP since it no longer makes sense. + */ alarm(0); signal(SIGALRM, SIG_DFL); signal(SIGHUP, SIG_DFL); @@ -610,17 +626,20 @@ main(int ac, char **av) signal(SIGQUIT, SIG_DFL); signal(SIGCHLD, SIG_DFL); - /* Set socket options for the connection. We want the socket to - close as fast as possible without waiting for anything. If the - connection is not a socket, these will do nothing. */ - /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, - sizeof(on)); */ + /* + * Set socket options for the connection. We want the socket to + * close as fast as possible without waiting for anything. If the + * connection is not a socket, these will do nothing. + */ + /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ linger.l_onoff = 1; linger.l_linger = 5; setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger)); - /* Register our connection. This turns encryption off because we - do not have a key. */ + /* + * Register our connection. This turns encryption off because we do + * not have a key. + */ packet_set_connection(sock_in, sock_out); remote_port = get_remote_port(); @@ -646,12 +665,14 @@ main(int ac, char **av) verbose("Connection from %.500s port %d", remote_ip, remote_port); #endif /* LIBWRAP */ - /* We don\'t want to listen forever unless the other side - successfully authenticates itself. So we set up an alarm which - is cleared after successful authentication. A limit of zero - indicates no limit. Note that we don\'t set the alarm in - debugging mode; it is just annoying to have the server exit - just when you are about to discover the bug. */ + /* + * We don\'t want to listen forever unless the other side + * successfully authenticates itself. So we set up an alarm which is + * cleared after successful authentication. A limit of zero + * indicates no limit. Note that we don\'t set the alarm in debugging + * mode; it is just annoying to have the server exit just when you + * are about to discover the bug. + */ signal(SIGALRM, grace_alarm_handler); if (!debug_flag) alarm(options.login_grace_time); @@ -684,8 +705,10 @@ main(int ac, char **av) buf[sizeof(buf) - 1] = 0; } - /* Check that the versions match. In future this might accept - several versions and set appropriate flags to handle them. */ + /* + * Check that the versions match. In future this might accept + * several versions and set appropriate flags to handle them. + */ if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor, remote_version) != 3) { const char *s = "Protocol mismatch.\n"; @@ -717,11 +740,13 @@ main(int ac, char **av) no_agent_forwarding_flag = 1; } } - /* Check that the connection comes from a privileged port. Rhosts- - and Rhosts-RSA-Authentication only make sense from priviledged - programs. Of course, if the intruder has root access on his - local machine, he can connect from any port. So do not use - these authentication methods from machines that you do not trust. */ + /* + * Check that the connection comes from a privileged port. Rhosts- + * and Rhosts-RSA-Authentication only make sense from priviledged + * programs. Of course, if the intruder has root access on his local + * machine, he can connect from any port. So do not use these + * authentication methods from machines that you do not trust. + */ if (remote_port >= IPPORT_RESERVED || remote_port < IPPORT_RESERVED / 2) { options.rhosts_authentication = 0; @@ -765,13 +790,15 @@ do_connection() int plen, slen; u_int32_t rand = 0; - /* Generate check bytes that the client must send back in the user - packet in order for it to be accepted; this is used to defy ip - spoofing attacks. Note that this only works against somebody - doing IP spoofing from a remote machine; any machine on the - local network can still see outgoing packets and catch the - random cookie. This only affects rhosts authentication, and - this is one of the reasons why it is inherently insecure. */ + /* + * Generate check bytes that the client must send back in the user + * packet in order for it to be accepted; this is used to defy ip + * spoofing attacks. Note that this only works against somebody + * doing IP spoofing from a remote machine; any machine on the local + * network can still see outgoing packets and catch the random + * cookie. This only affects rhosts authentication, and this is one + * of the reasons why it is inherently insecure. + */ for (i = 0; i < 8; i++) { if (i % 4 == 0) rand = arc4random(); @@ -779,9 +806,11 @@ do_connection() rand >>= 8; } - /* Send our public key. We include in the packet 64 bits of - random data that must be matched in the reply in order to - prevent IP spoofing. */ + /* + * Send our public key. We include in the packet 64 bits of random + * data that must be matched in the reply in order to prevent IP + * spoofing. + */ packet_start(SSH_SMSG_PUBLIC_KEY); for (i = 0; i < 8; i++) packet_put_char(check_bytes[i]); @@ -853,14 +882,15 @@ do_connection() session_key_int = BN_new(); packet_get_bignum(session_key_int, &slen); - /* Get protocol flags. */ protocol_flags = packet_get_int(); packet_set_protocol_flags(protocol_flags); packet_integrity_check(plen, 1 + 8 + slen + 4, SSH_CMSG_SESSION_KEY); - /* Decrypt it using our private server key and private host key - (key with larger modulus first). */ + /* + * Decrypt it using our private server key and private host key (key + * with larger modulus first). + */ if (BN_cmp(sensitive_data.private_key->n, sensitive_data.host_key->n) > 0) { /* Private key has bigger modulus. */ if (BN_num_bits(sensitive_data.private_key->n) < @@ -891,14 +921,15 @@ do_connection() sensitive_data.private_key); } - /* Compute session id for this session. */ compute_session_id(session_id, check_bytes, sensitive_data.host_key->n, sensitive_data.private_key->n); - /* Extract session key from the decrypted integer. The key is in - the least significant 256 bits of the integer; the first byte - of the key is in the highest bits. */ + /* + * Extract session key from the decrypted integer. The key is in the + * least significant 256 bits of the integer; the first byte of the + * key is in the highest bits. + */ BN_mask_bits(session_key_int, sizeof(session_key) * 8); len = BN_num_bytes(session_key_int); if (len < 0 || len > sizeof(session_key)) @@ -976,8 +1007,7 @@ allowed_user(struct passwd * pw) if (match_pattern(pw->pw_name, options.deny_users[i])) return 0; } - /* Return false if AllowUsers isn't empty and user isn't listed - there */ + /* Return false if AllowUsers isn't empty and user isn't listed there */ if (options.num_allow_users > 0) { if (!pw->pw_name) return 0; @@ -1002,8 +1032,10 @@ allowed_user(struct passwd * pw) if (match_pattern(grp->gr_name, options.deny_groups[i])) return 0; } - /* Return false if AllowGroups isn't empty and user's - group isn't listed there */ + /* + * Return false if AllowGroups isn't empty and user's group + * isn't listed there + */ if (options.num_allow_groups > 0) { if (!grp->gr_name) return 0; @@ -1053,8 +1085,10 @@ do_authentication(char *user) pwcopy.pw_shell = xstrdup(pw->pw_shell); pw = &pwcopy; - /* If we are not running as root, the user must have the same uid - as the server. */ + /* + * If we are not running as root, the user must have the same uid as + * the server. + */ if (getuid() != 0 && pw->pw_uid != getuid()) packet_disconnect("Cannot change user when server not running as root."); @@ -1191,10 +1225,12 @@ do_authloop(struct passwd * pw) verbose("Rhosts authentication disabled."); break; } - /* Get client user name. Note that we just have - to trust the client; this is one reason why - rhosts authentication is insecure. (Another is - IP-spoofing on a local network.) */ + /* + * Get client user name. Note that we just have to + * trust the client; this is one reason why rhosts + * authentication is insecure. (Another is + * IP-spoofing on a local network.) + */ client_user = packet_get_string(&ulen); packet_integrity_check(plen, 4 + ulen, type); @@ -1211,9 +1247,11 @@ do_authloop(struct passwd * pw) verbose("Rhosts with RSA authentication disabled."); break; } - /* Get client user name. Note that we just have - to trust the client; root on the client machine - can claim to be any user. */ + /* + * Get client user name. Note that we just have to + * trust the client; root on the client machine can + * claim to be any user. + */ client_user = packet_get_string(&ulen); /* Get the client host key. */ @@ -1255,9 +1293,11 @@ do_authloop(struct passwd * pw) verbose("Password authentication disabled."); break; } - /* Read user password. It is in plain text, but - was transmitted over the encrypted channel so - it is not visible to an outside observer. */ + /* + * Read user password. It is in plain text, but was + * transmitted over the encrypted channel so it is + * not visible to an outside observer. + */ password = packet_get_string(&dlen); packet_integrity_check(plen, 4 + dlen, type); @@ -1278,8 +1318,7 @@ do_authloop(struct passwd * pw) skeyinfo = skey_fake_keyinfo(pw->pw_name); } if (skeyinfo != NULL) { - /* we send our s/key- in - tis-challenge messages */ + /* we send our s/key- in tis-challenge messages */ debug("sending challenge '%s'", skeyinfo); packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); packet_put_string(skeyinfo, strlen(skeyinfo)); @@ -1308,8 +1347,10 @@ do_authloop(struct passwd * pw) #endif default: - /* Any unknown messages will be ignored (and - failure returned) during authentication. */ + /* + * Any unknown messages will be ignored (and failure + * returned) during authentication. + */ log("Unknown message during authentication: type %d", type); break; } @@ -1360,11 +1401,12 @@ do_fake_authloop(char *user) packet_send(); packet_write_wait(); - /* Keep reading packets, and always respond with a failure. This - is to avoid disclosing whether such a user really exists. */ + /* + * Keep reading packets, and always respond with a failure. This is + * to avoid disclosing whether such a user really exists. + */ for (attempt = 1;; attempt++) { - /* Read a packet. This will not return if the client - disconnects. */ + /* Read a packet. This will not return if the client disconnects. */ int plen; int type = packet_read(&plen); #ifdef SKEY @@ -1384,8 +1426,10 @@ do_fake_authloop(char *user) if (attempt > AUTH_FAIL_MAX) packet_disconnect(AUTH_FAIL_MSG, user); - /* Send failure. This should be indistinguishable from a - failed authentication. */ + /* + * Send failure. This should be indistinguishable from a + * failed authentication. + */ packet_start(SSH_SMSG_FAILURE); packet_send(); packet_write_wait(); @@ -1431,19 +1475,25 @@ do_authenticated(struct passwd * pw) mode_t tty_mode; int n_bytes; - /* Cancel the alarm we set to limit the time taken for - authentication. */ + /* + * Cancel the alarm we set to limit the time taken for + * authentication. + */ alarm(0); - /* Inform the channel mechanism that we are the server side and - that the client may request to connect to any port at all. - (The user could do it anyway, and we wouldn\'t know what is - permitted except by the client telling us, so we can equally - well trust the client not to request anything bogus.) */ + /* + * Inform the channel mechanism that we are the server side and that + * the client may request to connect to any port at all. (The user + * could do it anyway, and we wouldn\'t know what is permitted except + * by the client telling us, so we can equally well trust the client + * not to request anything bogus.) + */ channel_permit_all_opens(); - /* We stay in this loop until the client requests to execute a - shell or a command. */ + /* + * We stay in this loop until the client requests to execute a shell + * or a command. + */ while (1) { int plen, dlen; @@ -1627,8 +1677,10 @@ do_authenticated(struct passwd * pw) return; default: - /* Any unknown messages in this phase are ignored, - and a failure message is returned. */ + /* + * Any unknown messages in this phase are ignored, + * and a failure message is returned. + */ log("Unknown packet type received after authentication: %d", type); goto fail; } @@ -1653,8 +1705,10 @@ fail: continue; do_forced_command: - /* There is a forced command specified for this login. - Execute it. */ + /* + * There is a forced command specified for this login. + * Execute it. + */ debug("Executing forced command: %.900s", forced_command); if (have_pty) do_exec_pty(forced_command, ptyfd, ttyfd, ttyname, pw, term, display, proto, data); @@ -1698,14 +1752,18 @@ do_exec_no_pty(const char *command, struct passwd * pw, /* Child. Reinitialize the log since the pid has changed. */ log_init(av0, options.log_level, options.log_facility, log_stderr); - /* Create a new session and process group since the 4.4BSD - setlogin() affects the entire process group. */ + /* + * Create a new session and process group since the 4.4BSD + * setlogin() affects the entire process group. + */ if (setsid() < 0) error("setsid failed: %.100s", strerror(errno)); #ifdef USE_PIPES - /* Redirect stdin. We close the parent side of the socket - pair, and make the child side the standard input. */ + /* + * Redirect stdin. We close the parent side of the socket + * pair, and make the child side the standard input. + */ close(pin[1]); if (dup2(pin[0], 0) < 0) perror("dup2 stdin"); @@ -1723,9 +1781,11 @@ do_exec_no_pty(const char *command, struct passwd * pw, perror("dup2 stderr"); close(perr[1]); #else /* USE_PIPES */ - /* Redirect stdin, stdout, and stderr. Stdin and stdout - will use the same socket, as some programs - (particularly rdist) seem to depend on it. */ + /* + * Redirect stdin, stdout, and stderr. Stdin and stdout will + * use the same socket, as some programs (particularly rdist) + * seem to depend on it. + */ close(inout[1]); close(err[1]); if (dup2(inout[0], 0) < 0) /* stdin */ @@ -1756,8 +1816,10 @@ do_exec_no_pty(const char *command, struct passwd * pw, close(inout[0]); close(err[0]); - /* Enter the interactive session. Note: server_loop must be able - to handle the case that fdin and fdout are the same. */ + /* + * Enter the interactive session. Note: server_loop must be able to + * handle the case that fdin and fdout are the same. + */ server_loop(pid, inout[1], inout[1], err[1]); /* server_loop has closed inout[1] and err[1]. */ #endif /* USE_PIPES */ @@ -1813,8 +1875,10 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd, /* Get remote host name. */ hostname = get_canonical_hostname(); - /* Get the time when the user last logged in. Buf will be set to - contain the hostname the last login was from. */ + /* + * Get the time when the user last logged in. Buf will be set to + * contain the hostname the last login was from. + */ if (!options.use_login) { last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name, buf, sizeof(buf)); @@ -1850,9 +1914,11 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd, /* Close the extra descriptor for the pseudo tty. */ close(ttyfd); - /* Get IP address of client. This is needed because we - want to record where the user logged in from. If the - connection is not a socket, let the ip address be 0.0.0.0. */ + /* + * Get IP address of client. This is needed because we want + * to record where the user logged in from. If the + * connection is not a socket, let the ip address be 0.0.0.0. + */ memset(&from, 0, sizeof(from)); if (packet_get_connection_in() == packet_get_connection_out()) { fromlen = sizeof(from); @@ -1870,12 +1936,14 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd, snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); quiet_login = stat(line, &st) >= 0; - /* If the user has logged in before, display the time of - last login. However, don't display anything extra if a - command has been specified (so that ssh can be used to - execute commands on a remote machine without users - knowing they are going to another machine). Login(1) - will do this for us as well, so check if login(1) is used */ + /* + * If the user has logged in before, display the time of last + * login. However, don't display anything extra if a command + * has been specified (so that ssh can be used to execute + * commands on a remote machine without users knowing they + * are going to another machine). Login(1) will do this for + * us as well, so check if login(1) is used + */ if (command == NULL && last_login_time != 0 && !quiet_login && !options.use_login) { /* Convert the date to a string. */ @@ -1890,10 +1958,12 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd, else printf("Last login: %s from %s\r\n", time_string, buf); } - /* Print /etc/motd unless a command was specified or - printing it was disabled in server options or login(1) - will be used. Note that some machines appear to print - it in /etc/profile or similar. */ + /* + * Print /etc/motd unless a command was specified or printing + * it was disabled in server options or login(1) will be + * used. Note that some machines appear to print it in + * /etc/profile or similar. + */ if (command == NULL && options.print_motd && !quiet_login && !options.use_login) { /* Print /etc/motd if it exists. */ @@ -1913,15 +1983,19 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd, /* Parent. Close the slave side of the pseudo tty. */ close(ttyfd); - /* Create another descriptor of the pty master side for use as the - standard input. We could use the original descriptor, but this - simplifies code in server_loop. The descriptor is bidirectional. */ + /* + * Create another descriptor of the pty master side for use as the + * standard input. We could use the original descriptor, but this + * simplifies code in server_loop. The descriptor is bidirectional. + */ fdout = dup(ptyfd); if (fdout < 0) packet_disconnect("dup failed: %.100s", strerror(errno)); - /* Add a cleanup function to clear the utmp entry and record logout - time in case we call fatal() (e.g., the connection gets closed). */ + /* + * Add a cleanup function to clear the utmp entry and record logout + * time in case we call fatal() (e.g., the connection gets closed). + */ cleanup_context.pid = pid; cleanup_context.ttyname = ttyname; fatal_add_cleanup(pty_cleanup_proc, (void *) &cleanup_context); @@ -1939,9 +2013,11 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd, /* Release the pseudo-tty. */ pty_release(ttyname); - /* Close the server side of the socket pairs. We must do this - after the pty cleanup, so that another process doesn't get this - pty while we're still cleaning up. */ + /* + * Close the server side of the socket pairs. We must do this after + * the pty cleanup, so that another process doesn't get this pty + * while we're still cleaning up. + */ close(ptyfd); close(fdout); } @@ -1957,19 +2033,21 @@ child_set_env(char ***envp, unsigned int *envsizep, const char *name, unsigned int i, namelen; char **env; - /* Find the slot where the value should be stored. If the - variable already exists, we reuse the slot; otherwise we append - a new slot at the end of the array, expanding if necessary. */ + /* + * Find the slot where the value should be stored. If the variable + * already exists, we reuse the slot; otherwise we append a new slot + * at the end of the array, expanding if necessary. + */ env = *envp; namelen = strlen(name); for (i = 0; env[i]; i++) if (strncmp(env[i], name, namelen) == 0 && env[i][namelen] == '=') break; if (env[i]) { - /* Name already exists. Reuse the slot. */ + /* Reuse the slot. */ xfree(env[i]); } else { - /* New variable. Expand the array if necessary. */ + /* New variable. Expand if necessary. */ if (i >= (*envsizep) - 1) { (*envsizep) += 50; env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); @@ -1997,40 +2075,27 @@ read_environment_file(char ***env, unsigned int *envsize, char buf[4096]; char *cp, *value; - /* Open the environment file. */ f = fopen(filename, "r"); if (!f) return; - /* Process each line. */ while (fgets(buf, sizeof(buf), f)) { - /* Skip leading whitespace. */ - for (cp = buf; *cp == ' ' || *cp == '\t'; cp++); - - /* Ignore empty and comment lines. */ + for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) + ; if (!*cp || *cp == '#' || *cp == '\n') continue; - - /* Remove newline. */ if (strchr(cp, '\n')) *strchr(cp, '\n') = '\0'; - - /* Find the equals sign. Its lack indicates badly - formatted line. */ value = strchr(cp, '='); if (value == NULL) { fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); continue; } - /* Replace the equals sign by nul, and advance value to - the value string. */ + /* Replace the equals sign by nul, and advance value to the value string. */ *value = '\0'; value++; - - /* Set the value in environment. */ child_set_env(env, envsize, cp, value); } - fclose(f); } @@ -2053,7 +2118,6 @@ do_child(const char *command, struct passwd * pw, const char *term, struct stat st; char *argv[10]; - /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ @@ -2089,8 +2153,10 @@ do_child(const char *command, struct passwd * pw, const char *term, if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %d.", (int) pw->pw_uid); } - /* Get the shell from the password data. An empty shell field is - legal, and means /bin/sh. */ + /* + * Get the shell from the password data. An empty shell field is + * legal, and means /bin/sh. + */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; #ifdef AFS @@ -2105,8 +2171,7 @@ do_child(const char *command, struct passwd * pw, const char *term, } #endif /* AFS */ - /* Initialize the environment. In the first part we allocate - space for all environment variables. */ + /* Initialize the environment. */ envsize = 100; env = xmalloc(envsize * sizeof(char *)); env[0] = NULL; @@ -2125,7 +2190,6 @@ do_child(const char *command, struct passwd * pw, const char *term, /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); } - /* Let it inherit timezone if we have one. */ if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); @@ -2144,20 +2208,14 @@ do_child(const char *command, struct passwd * pw, const char *term, xfree(ce); } - /* Set SSH_CLIENT. */ snprintf(buf, sizeof buf, "%.50s %d %d", get_remote_ipaddr(), get_remote_port(), options.port); child_set_env(&env, &envsize, "SSH_CLIENT", buf); - /* Set SSH_TTY if we have a pty. */ if (ttyname) child_set_env(&env, &envsize, "SSH_TTY", ttyname); - - /* Set TERM if we have a pty. */ if (term) child_set_env(&env, &envsize, "TERM", term); - - /* Set DISPLAY if we have one. */ if (display) child_set_env(&env, &envsize, "DISPLAY", display); @@ -2170,52 +2228,56 @@ do_child(const char *command, struct passwd * pw, const char *term, } #endif /* KRB4 */ - /* Set XAUTHORITY to always be a local file. */ if (xauthfile) child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); - - /* Set variable for forwarded authentication connection, if we - have one. */ if (auth_get_socket_name() != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_get_socket_name()); - /* Read $HOME/.ssh/environment. */ + /* read $HOME/.ssh/environment. */ if (!options.use_login) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); read_environment_file(&env, &envsize, buf); } - /* If debugging, dump the environment to stderr. */ if (debug_flag) { + /* dump the environment */ fprintf(stderr, "Environment:\n"); for (i = 0; env[i]; i++) fprintf(stderr, " %.200s\n", env[i]); } - /* Close the connection descriptors; note that this is the child, - and the server will still have the socket open, and it is - important that we do not shutdown it. Note that the - descriptors cannot be closed before building the environment, - as we call get_remote_ipaddr there. */ + /* + * Close the connection descriptors; note that this is the child, and + * the server will still have the socket open, and it is important + * that we do not shutdown it. Note that the descriptors cannot be + * closed before building the environment, as we call + * get_remote_ipaddr there. + */ if (packet_get_connection_in() == packet_get_connection_out()) close(packet_get_connection_in()); else { close(packet_get_connection_in()); close(packet_get_connection_out()); } - /* Close all descriptors related to channels. They will still - remain open in the parent. */ + /* + * Close all descriptors related to channels. They will still remain + * open in the parent. + */ + /* XXX better use close-on-exec? -markus */ channel_close_all(); - /* Close any extra file descriptors. Note that there may still be - descriptors left by system functions. They will be closed - later. */ + /* + * Close any extra file descriptors. Note that there may still be + * descriptors left by system functions. They will be closed later. + */ endpwent(); endhostent(); - /* Close any extra open file descriptors so that we don\'t have - them hanging around in clients. Note that we want to do this - after initgroups, because at least on Solaris 2.3 it leaves - file descriptors open. */ + /* + * Close any extra open file descriptors so that we don\'t have them + * hanging around in clients. Note that we want to do this after + * initgroups, because at least on Solaris 2.3 it leaves file + * descriptors open. + */ for (i = 3; i < 64; i++) close(i); @@ -2224,12 +2286,16 @@ do_child(const char *command, struct passwd * pw, const char *term, fprintf(stderr, "Could not chdir to home directory %s: %s\n", pw->pw_dir, strerror(errno)); - /* Must take new environment into use so that .ssh/rc, /etc/sshrc - and xauth are run in the proper environment. */ + /* + * Must take new environment into use so that .ssh/rc, /etc/sshrc and + * xauth are run in the proper environment. + */ environ = env; - /* Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found - first in this order). */ + /* + * Run $HOME/.ssh/rc, /etc/sshrc, or xauth (whichever is found first + * in this order). + */ if (!options.use_login) { if (stat(SSH_USER_RC, &st) >= 0) { if (debug_flag) @@ -2256,8 +2322,7 @@ do_child(const char *command, struct passwd * pw, const char *term, } #ifdef XAUTH_PATH else { - /* Add authority data to .Xauthority if - appropriate. */ + /* Add authority data to .Xauthority if appropriate. */ if (auth_proto != NULL && auth_data != NULL) { if (debug_flag) fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n", @@ -2280,15 +2345,19 @@ do_child(const char *command, struct passwd * pw, const char *term, else cp = shell; } - /* If we have no command, execute the shell. In this case, the - shell name to be passed in argv[0] is preceded by '-' to - indicate that this is a login shell. */ + /* + * If we have no command, execute the shell. In this case, the shell + * name to be passed in argv[0] is preceded by '-' to indicate that + * this is a login shell. + */ if (!command) { if (!options.use_login) { char buf[256]; - /* Check for mail if we have a tty and it was - enabled in server options. */ + /* + * Check for mail if we have a tty and it was enabled + * in server options. + */ if (ttyname && options.check_mail) { char *mailbox; struct stat mailstat; @@ -2328,8 +2397,10 @@ do_child(const char *command, struct passwd * pw, const char *term, exit(1); } } - /* Execute the command using the user's shell. This uses the -c - option to execute the command. */ + /* + * Execute the command using the user's shell. This uses the -c + * option to execute the command. + */ argv[0] = (char *) cp; argv[1] = "-c"; argv[2] = (char *) command; diff --git a/usr.bin/ssh/tildexpand.c b/usr.bin/ssh/tildexpand.c index c7b5be16767..3345c0fd2ab 100644 --- a/usr.bin/ssh/tildexpand.c +++ b/usr.bin/ssh/tildexpand.c @@ -6,7 +6,7 @@ */ #include "includes.h" -RCSID("$Id: tildexpand.c,v 1.4 1999/11/24 00:26:03 deraadt Exp $"); +RCSID("$Id: tildexpand.c,v 1.5 1999/11/24 19:53:54 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -38,7 +38,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid) else userlen = strlen(filename); /* Nothing after username. */ if (userlen == 0) - pw = getpwuid(my_uid); /* Own home directory. */ + pw = getpwuid(my_uid); /* Own home directory. */ else { /* Tilde refers to someone elses home directory. */ if (userlen > sizeof(user) - 1) @@ -47,12 +47,12 @@ tilde_expand_filename(const char *filename, uid_t my_uid) user[userlen] = 0; pw = getpwnam(user); } - /* Check that we found the user. */ if (!pw) fatal("Unknown user %100s.", user); /* If referring to someones home directory, return it now. */ - if (!cp) { /* Only home directory specified */ + if (!cp) { + /* Only home directory specified */ return xstrdup(pw->pw_dir); } /* Build a path combining the specified directory and path. */ diff --git a/usr.bin/ssh/ttymodes.c b/usr.bin/ssh/ttymodes.c index 0b4d8f9811d..309885efb4c 100644 --- a/usr.bin/ssh/ttymodes.c +++ b/usr.bin/ssh/ttymodes.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$Id: ttymodes.c,v 1.4 1999/11/24 00:26:04 deraadt Exp $"); +RCSID("$Id: ttymodes.c,v 1.5 1999/11/24 19:53:54 markus Exp $"); #include "packet.h" #include "ssh.h" @@ -209,7 +209,6 @@ tty_make_modes(int fd) struct termios tio; int baud; - /* Get the modes. */ if (tcgetattr(fd, &tio) < 0) { packet_put_char(TTY_OP_END); log("tcgetattr: %.100s", strerror(errno)); diff --git a/usr.bin/ssh/ttymodes.h b/usr.bin/ssh/ttymodes.h index 74a7d411a07..433ff73efa8 100644 --- a/usr.bin/ssh/ttymodes.h +++ b/usr.bin/ssh/ttymodes.h @@ -12,7 +12,7 @@ * */ -/* RCSID("$Id: ttymodes.h,v 1.5 1999/11/24 00:26:04 deraadt Exp $"); */ +/* RCSID("$Id: ttymodes.h,v 1.6 1999/11/24 19:53:54 markus Exp $"); */ /* The tty mode description is a stream of bytes. The stream consists of * opcode-arguments pairs. It is terminated by opcode TTY_OP_END (0). @@ -29,112 +29,113 @@ /* * Some constants and prototypes are defined in packet.h; this file - * is only intended for including from ttymodes.h. + * is only intended for including from ttymodes.c. */ - /* termios macro *//* sgtty macro */ +/* termios macro */ /* sgtty macro */ /* name, op */ -TTYCHAR(VINTR, 1) SGTTYCHAR(tiotc.t_intrc, 1) -TTYCHAR(VQUIT, 2) SGTTYCHAR(tiotc.t_quitc, 2) -TTYCHAR(VERASE, 3) SGTTYCHAR(tio.sg_erase, 3) +TTYCHAR(VINTR, 1) SGTTYCHAR(tiotc.t_intrc, 1) +TTYCHAR(VQUIT, 2) SGTTYCHAR(tiotc.t_quitc, 2) +TTYCHAR(VERASE, 3) SGTTYCHAR(tio.sg_erase, 3) #if defined(VKILL) -TTYCHAR(VKILL, 4) SGTTYCHAR(tio.sg_kill, 4) -#endif /* VKILL */ -TTYCHAR(VEOF, 5) SGTTYCHAR(tiotc.t_eofc, 5) +TTYCHAR(VKILL, 4) SGTTYCHAR(tio.sg_kill, 4) +#endif /* VKILL */ +TTYCHAR(VEOF, 5) SGTTYCHAR(tiotc.t_eofc, 5) #if defined(VEOL) -TTYCHAR(VEOL, 6) SGTTYCHAR(tiotc.t_brkc, 6) -#endif /* VEOL */ +TTYCHAR(VEOL, 6) SGTTYCHAR(tiotc.t_brkc, 6) +#endif /* VEOL */ #ifdef VEOL2 /* n/a */ TTYCHAR(VEOL2, 7) -#endif /* VEOL2 */ -TTYCHAR(VSTART, 8) SGTTYCHAR(tiotc.t_startc, 8) -TTYCHAR(VSTOP, 9) SGTTYCHAR(tiotc.t_stopc, 9) +#endif /* VEOL2 */ +TTYCHAR(VSTART, 8) SGTTYCHAR(tiotc.t_startc, 8) +TTYCHAR(VSTOP, 9) SGTTYCHAR(tiotc.t_stopc, 9) #if defined(VSUSP) -TTYCHAR(VSUSP, 10) SGTTYCHAR(tioltc.t_suspc, 10) -#endif /* VSUSP */ +TTYCHAR(VSUSP, 10) SGTTYCHAR(tioltc.t_suspc, 10) +#endif /* VSUSP */ #if defined(VDSUSP) -TTYCHAR(VDSUSP, 11) SGTTYCHAR(tioltc.t_dsuspc, 11) -#endif /* VDSUSP */ +TTYCHAR(VDSUSP, 11) SGTTYCHAR(tioltc.t_dsuspc, 11) +#endif /* VDSUSP */ #if defined(VREPRINT) -TTYCHAR(VREPRINT, 12) SGTTYCHAR(tioltc.t_rprntc, 12) -#endif /* VREPRINT */ +TTYCHAR(VREPRINT, 12) SGTTYCHAR(tioltc.t_rprntc, 12) +#endif /* VREPRINT */ #if defined(VWERASE) -TTYCHAR(VWERASE, 13) SGTTYCHAR(tioltc.t_werasc, 13) -#endif /* VWERASE */ +TTYCHAR(VWERASE, 13) SGTTYCHAR(tioltc.t_werasc, 13) +#endif /* VWERASE */ #if defined(VLNEXT) -TTYCHAR(VLNEXT, 14) SGTTYCHAR(tioltc.t_lnextc, 14) -#endif /* VLNEXT */ +TTYCHAR(VLNEXT, 14) SGTTYCHAR(tioltc.t_lnextc, 14) +#endif /* VLNEXT */ #if defined(VFLUSH) -TTYCHAR(VFLUSH, 15) SGTTYCHAR(tioltc.t_flushc, 15) -#endif /* VFLUSH */ +TTYCHAR(VFLUSH, 15) SGTTYCHAR(tioltc.t_flushc, 15) +#endif /* VFLUSH */ #ifdef VSWTCH TTYCHAR(VSWTCH, 16) /* n/a */ -#endif /* VSWTCH */ +#endif /* VSWTCH */ #if defined(VSTATUS) -TTYCHAR(VSTATUS, 17) SGTTYCHAR(tiots.tc_statusc, 17) -#endif /* VSTATUS */ +TTYCHAR(VSTATUS, 17) SGTTYCHAR(tiots.tc_statusc, 17) +#endif /* VSTATUS */ #ifdef VDISCARD TTYCHAR(VDISCARD, 18) /* n/a */ -#endif /* VDISCARD */ +#endif /* VDISCARD */ /* name, field, op */ -TTYMODE(IGNPAR, c_iflag, 30) /* n/a */ -TTYMODE(PARMRK, c_iflag, 31) /* n/a */ -TTYMODE(INPCK, c_iflag, 32) SGTTYMODEN(ANYP, tio.sg_flags, 32) -TTYMODE(ISTRIP, c_iflag, 33) SGTTYMODEN(LPASS8, tiolm, 33) -TTYMODE(INLCR, c_iflag, 34) /* n/a */ -TTYMODE(IGNCR, c_iflag, 35) /* n/a */ -TTYMODE(ICRNL, c_iflag, 36) SGTTYMODE(CRMOD, tio.sg_flags, 36) +TTYMODE(IGNPAR, c_iflag, 30) /* n/a */ +TTYMODE(PARMRK, c_iflag, 31) /* n/a */ +TTYMODE(INPCK, c_iflag, 32) SGTTYMODEN(ANYP, tio.sg_flags, 32) +TTYMODE(ISTRIP, c_iflag, 33) SGTTYMODEN(LPASS8, tiolm, 33) +TTYMODE(INLCR, c_iflag, 34) /* n/a */ +TTYMODE(IGNCR, c_iflag, 35) /* n/a */ +TTYMODE(ICRNL, c_iflag, 36) SGTTYMODE(CRMOD, tio.sg_flags, 36) #if defined(IUCLC) -TTYMODE(IUCLC, c_iflag, 37) SGTTYMODE(LCASE, tio.sg_flags, 37) +TTYMODE(IUCLC, c_iflag, 37) SGTTYMODE(LCASE, tio.sg_flags, 37) #endif -TTYMODE(IXON, c_iflag, 38) /* n/a */ -TTYMODE(IXANY, c_iflag, 39) SGTTYMODEN(LDECCTQ, tiolm, 39) -TTYMODE(IXOFF, c_iflag, 40) SGTTYMODE(TANDEM, tio.sg_flags, 40) +TTYMODE(IXON, c_iflag, 38) /* n/a */ +TTYMODE(IXANY, c_iflag, 39) SGTTYMODEN(LDECCTQ, tiolm, 39) +TTYMODE(IXOFF, c_iflag, 40) SGTTYMODE(TANDEM, tio.sg_flags, 40) #ifdef IMAXBEL -TTYMODE(IMAXBEL, c_iflag, 41) /* n/a */ -#endif /* IMAXBEL */ +TTYMODE(IMAXBEL,c_iflag, 41) /* n/a */ +#endif /* IMAXBEL */ -TTYMODE(ISIG, c_lflag, 50) /* n/a */ -TTYMODE(ICANON, c_lflag, 51) SGTTYMODEN(CBREAK, tio.sg_flags, 51) +TTYMODE(ISIG, c_lflag, 50) /* n/a */ +TTYMODE(ICANON, c_lflag, 51) SGTTYMODEN(CBREAK, tio.sg_flags, 51) #ifdef XCASE -TTYMODE(XCASE, c_lflag, 52) /* n/a */ +TTYMODE(XCASE, c_lflag, 52) /* n/a */ #endif -TTYMODE(ECHO, c_lflag, 53) SGTTYMODE(ECHO, tio.sg_flags, 53) -TTYMODE(ECHOE, c_lflag, 54) SGTTYMODE(LCRTERA, tiolm, 54) -TTYMODE(ECHOK, c_lflag, 55) SGTTYMODE(LCRTKIL, tiolm, 55) -TTYMODE(ECHONL, c_lflag, 56) /* n/a */ -TTYMODE(NOFLSH, c_lflag, 57) SGTTYMODE(LNOFLSH, tiolm, 57) -TTYMODE(TOSTOP, c_lflag, 58) SGTTYMODE(LTOSTOP, tiolm, 58) +TTYMODE(ECHO, c_lflag, 53) SGTTYMODE(ECHO, tio.sg_flags, 53) +TTYMODE(ECHOE, c_lflag, 54) SGTTYMODE(LCRTERA, tiolm, 54) +TTYMODE(ECHOK, c_lflag, 55) SGTTYMODE(LCRTKIL, tiolm, 55) +TTYMODE(ECHONL, c_lflag, 56) /* n/a */ +TTYMODE(NOFLSH, c_lflag, 57) SGTTYMODE(LNOFLSH, tiolm, 57) +TTYMODE(TOSTOP, c_lflag, 58) SGTTYMODE(LTOSTOP, tiolm, 58) #ifdef IEXTEN TTYMODE(IEXTEN, c_lflag, 59) /* n/a */ -#endif /* IEXTEN */ +#endif /* IEXTEN */ #if defined(ECHOCTL) -TTYMODE(ECHOCTL, c_lflag, 60) SGTTYMODE(LCTLECH, tiolm, 60) -#endif /* ECHOCTL */ +TTYMODE(ECHOCTL,c_lflag, 60) SGTTYMODE(LCTLECH, tiolm, 60) +#endif /* ECHOCTL */ #ifdef ECHOKE -TTYMODE(ECHOKE, c_lflag, 61) /* n/a */ -#endif /* ECHOKE */ +TTYMODE(ECHOKE, c_lflag, 61) /* n/a */ +#endif /* ECHOKE */ #if defined(PENDIN) -TTYMODE(PENDIN, c_lflag, 62) SGTTYMODE(LPENDIN, tiolm, 62) -#endif /* PENDIN */ +TTYMODE(PENDIN, c_lflag, 62) SGTTYMODE(LPENDIN, tiolm, 62) +#endif /* PENDIN */ -TTYMODE(OPOST, c_oflag, 70) /* n/a */ +TTYMODE(OPOST, c_oflag, 70) /* n/a */ #if defined(OLCUC) -TTYMODE(OLCUC, c_oflag, 71) SGTTYMODE(LCASE, tio.sg_flags, 71) +TTYMODE(OLCUC, c_oflag, 71) SGTTYMODE(LCASE, tio.sg_flags, 71) #endif -TTYMODE(ONLCR, c_oflag, 72) SGTTYMODE(CRMOD, tio.sg_flags, 72) +TTYMODE(ONLCR, c_oflag, 72) SGTTYMODE(CRMOD, tio.sg_flags, 72) #ifdef OCRNL -TTYMODE(OCRNL, c_oflag, 73) /* n/a */ +TTYMODE(OCRNL, c_oflag, 73) /* n/a */ #endif #ifdef ONOCR -TTYMODE(ONOCR, c_oflag, 74) /* n/a */ +TTYMODE(ONOCR, c_oflag, 74) /* n/a */ #endif #ifdef ONLRET -TTYMODE(ONLRET, c_oflag, 75) /* n/a */ +TTYMODE(ONLRET, c_oflag, 75) /* n/a */ #endif -TTYMODE(CS7, c_cflag, 90) /* n/a */ -TTYMODE(CS8, c_cflag, 91) SGTTYMODE(LPASS8, tiolm, 91) -TTYMODE(PARENB, c_cflag, 92) /* n/a */ -TTYMODE(PARODD, c_cflag, 93) SGTTYMODE(ODDP, tio.sg_flags, 93) +TTYMODE(CS7, c_cflag, 90) /* n/a */ +TTYMODE(CS8, c_cflag, 91) SGTTYMODE(LPASS8, tiolm, 91) +TTYMODE(PARENB, c_cflag, 92) /* n/a */ +TTYMODE(PARODD, c_cflag, 93) SGTTYMODE(ODDP, tio.sg_flags, 93) + diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c index 3025f86fdff..aebff0c73c8 100644 --- a/usr.bin/ssh/uidswap.c +++ b/usr.bin/ssh/uidswap.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$Id: uidswap.c,v 1.4 1999/11/24 00:26:04 deraadt Exp $"); +RCSID("$Id: uidswap.c,v 1.5 1999/11/24 19:53:54 markus Exp $"); #include "ssh.h" #include "uidswap.h" @@ -66,10 +66,11 @@ restore_uid() if (seteuid(saved_euid) < 0) debug("seteuid %d: %.100s", (int) saved_euid, strerror(errno)); #else /* SAVED_IDS_WORK_WITH_SETEUID */ - /* We are unable to restore the real uid to its unprivileged - value. */ - /* Propagate the real uid (usually more privileged) to effective - uid as well. */ + /* + * We are unable to restore the real uid to its unprivileged value. + * Propagate the real uid (usually more privileged) to effective uid + * as well. + */ setuid(getuid()); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ } |