diff options
Diffstat (limited to 'usr.bin')
54 files changed, 702 insertions, 704 deletions
diff --git a/usr.bin/ssh/auth-bsdauth.c b/usr.bin/ssh/auth-bsdauth.c index 3732477deb0..b70d48f20e0 100644 --- a/usr.bin/ssh/auth-bsdauth.c +++ b/usr.bin/ssh/auth-bsdauth.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-bsdauth.c,v 1.1 2001/05/18 14:13:28 markus Exp $"); +RCSID("$OpenBSD: auth-bsdauth.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $"); #ifdef BSD_AUTH #include "xmalloc.h" @@ -36,74 +36,74 @@ bsdauth_init_ctx(Authctxt *authctxt) } static int -bsdauth_query(void *ctx, char **name, char **infotxt, +bsdauth_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) { - Authctxt *authctxt = ctx; - char *challenge = NULL; - - if (authctxt->as != NULL) { - debug2("bsdauth_query: try reuse session"); - challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); - if (challenge == NULL) { - auth_close(authctxt->as); - authctxt->as = NULL; - } - } - - if (challenge == NULL) { - debug2("bsdauth_query: new bsd auth session"); - debug3("bsdauth_query: style %s", + Authctxt *authctxt = ctx; + char *challenge = NULL; + + if (authctxt->as != NULL) { + debug2("bsdauth_query: try reuse session"); + challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); + if (challenge == NULL) { + auth_close(authctxt->as); + authctxt->as = NULL; + } + } + + if (challenge == NULL) { + debug2("bsdauth_query: new bsd auth session"); + debug3("bsdauth_query: style %s", authctxt->style ? authctxt->style : "<default>"); - authctxt->as = auth_userchallenge(authctxt->user, + authctxt->as = auth_userchallenge(authctxt->user, authctxt->style, "auth-ssh", &challenge); - if (authctxt->as == NULL) - challenge = NULL; - debug2("bsdauth_query: <%s>", challenge ? challenge : "empty"); - } - - if (challenge == NULL) - return -1; - - *name = xstrdup(""); - *infotxt = xstrdup(""); - *numprompts = 1; - *prompts = xmalloc(*numprompts * sizeof(char*)); - *echo_on = xmalloc(*numprompts * sizeof(u_int)); - (*echo_on)[0] = 0; - (*prompts)[0] = xstrdup(challenge); - - return 0; + if (authctxt->as == NULL) + challenge = NULL; + debug2("bsdauth_query: <%s>", challenge ? challenge : "empty"); + } + + if (challenge == NULL) + return -1; + + *name = xstrdup(""); + *infotxt = xstrdup(""); + *numprompts = 1; + *prompts = xmalloc(*numprompts * sizeof(char*)); + *echo_on = xmalloc(*numprompts * sizeof(u_int)); + (*echo_on)[0] = 0; + (*prompts)[0] = xstrdup(challenge); + + return 0; } static int bsdauth_respond(void *ctx, u_int numresponses, char **responses) { - Authctxt *authctxt = ctx; - int authok; - - if (authctxt->as == 0) - error("bsdauth_respond: no bsd auth session"); + Authctxt *authctxt = ctx; + int authok; + + if (authctxt->as == 0) + error("bsdauth_respond: no bsd auth session"); - if (numresponses != 1) - return -1; + if (numresponses != 1) + return -1; - authok = auth_userresponse(authctxt->as, responses[0], 0); - authctxt->as = NULL; - debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok); + authok = auth_userresponse(authctxt->as, responses[0], 0); + authctxt->as = NULL; + debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok); - return (authok == 0) ? -1 : 0; + return (authok == 0) ? -1 : 0; } static void bsdauth_free_ctx(void *ctx) { - Authctxt *authctxt = ctx; + Authctxt *authctxt = ctx; - if (authctxt && authctxt->as) { - auth_close(authctxt->as); - authctxt->as = NULL; - } + if (authctxt && authctxt->as) { + auth_close(authctxt->as); + authctxt->as = NULL; + } } KbdintDevice bsdauth_device = { diff --git a/usr.bin/ssh/auth-krb4.c b/usr.bin/ssh/auth-krb4.c index 031dcd30126..f7a144f9d6e 100644 --- a/usr.bin/ssh/auth-krb4.c +++ b/usr.bin/ssh/auth-krb4.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb4.c,v 1.24 2001/06/26 16:15:22 dugsong Exp $"); +RCSID("$OpenBSD: auth-krb4.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -49,7 +49,7 @@ krb4_init(void *context) const char *tkt_root = TKT_ROOT; struct stat st; int fd; - + if (!authctxt->krb4_ticket_file) { /* Set unique ticket string manually since we're still root. */ authctxt->krb4_ticket_file = xmalloc(MAXPATHLEN); @@ -79,13 +79,13 @@ krb4_init(void *context) } /* Failure - cancel cleanup function, leaving ticket for inspection. */ log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file); - + fatal_remove_cleanup(krb4_cleanup_proc, authctxt); cleanup_registered = 0; - + xfree(authctxt->krb4_ticket_file); authctxt->krb4_ticket_file = NULL; - + return (0); } @@ -103,10 +103,10 @@ auth_krb4_password(Authctxt *authctxt, const char *password) char localhost[MAXHOSTNAMELEN], phost[INST_SZ], realm[REALM_SZ]; u_int32_t faddr; int r; - + if ((pw = authctxt->pw) == NULL) return (0); - + /* * Try Kerberos password authentication only for non-root * users and only if Kerberos is installed. @@ -128,7 +128,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password) } /* Successful authentication. */ chown(tkt_string(), pw->pw_uid, pw->pw_gid); - + /* * Now that we have a TGT, try to get a local * "rcmd" ticket to ensure that we are not talking @@ -138,7 +138,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password) strlcpy(phost, (char *)krb_get_phost(localhost), sizeof(phost)); r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); - + if (r == KSUCCESS) { if ((hp = gethostbyname(localhost)) == NULL) { log("Couldn't get local host address!"); @@ -146,7 +146,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password) } memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr)); - + /* Verify our "rcmd" ticket. */ r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost, faddr, &adata, ""); @@ -186,13 +186,13 @@ auth_krb4_password(Authctxt *authctxt, const char *password) } else /* Logging in as root or no local Kerberos realm. */ debug("Unable to authenticate to Kerberos."); - + failure: krb4_cleanup_proc(authctxt); - + if (!options.kerberos_or_local_passwd) return (0); - + /* Fall back to ordinary passwd authentication. */ return (-1); } @@ -220,9 +220,9 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) socklen_t slen; u_int cksum; int r, s; - + s = packet_get_connection_in(); - + slen = sizeof(local); memset(&local, 0, sizeof(local)); if (getsockname(s, (struct sockaddr *) & local, &slen) < 0) @@ -235,7 +235,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) } instance[0] = '*'; instance[1] = 0; - + /* Get the encrypted request, challenge, and session key. */ if ((r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance, 0, &adat, ""))) { @@ -243,11 +243,11 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) return (0); } des_key_sched((des_cblock *) adat.session, schedule); - + *client = xmalloc(MAX_K_NAME_SZ); (void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname, *adat.pinst ? "." : "", adat.pinst, adat.prealm); - + /* Check ~/.klogin authorization now. */ if (kuserok(&adat, authctxt->user) != KSUCCESS) { log("Kerberos v4 .klogin authorization failed for %s to " @@ -259,7 +259,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) session key. */ cksum = adat.checksum + 1; cksum = htonl(cksum); - + /* If we can't successfully encrypt the checksum, we send back an empty message, admitting our failure. */ if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1, @@ -269,10 +269,10 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) reply.length = 0; } else reply.length = r; - + /* Clear session key. */ memset(&adat.session, 0, sizeof(&adat.session)); - + packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); packet_put_string((char *) reply.dat, reply.length); packet_send(); @@ -287,19 +287,19 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string) { CREDENTIALS creds; struct passwd *pw; - + if ((pw = authctxt->pw) == NULL) goto failure; - + temporarily_use_uid(pw); - + if (!radix_to_creds(string, &creds)) { log("Protocol error decoding Kerberos v4 TGT"); goto failure; } if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ strlcpy(creds.service, "krbtgt", sizeof creds.service); - + if (strcmp(creds.service, "krbtgt")) { log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s", creds.pname, creds.pinst[0] ? "." : "", creds.pinst, @@ -308,10 +308,10 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string) } if (!krb4_init(authctxt)) goto failure; - + if (in_tkt(creds.pname, creds.pinst) != KSUCCESS) goto failure; - + if (save_credentials(creds.service, creds.instance, creds.realm, creds.session, creds.lifetime, creds.kvno, &creds.ticket_st, creds.issue_date) != KSUCCESS) { @@ -320,20 +320,20 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string) } /* Successful authentication, passed all checks. */ chown(tkt_string(), pw->pw_uid, pw->pw_gid); - + debug("Kerberos v4 TGT accepted (%s%s%s@%s)", creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm); memset(&creds, 0, sizeof(creds)); - + restore_uid(); - + return (1); - + failure: krb4_cleanup_proc(authctxt); memset(&creds, 0, sizeof(creds)); restore_uid(); - + return (0); } @@ -343,22 +343,22 @@ auth_afs_token(Authctxt *authctxt, const char *token_string) CREDENTIALS creds; struct passwd *pw; uid_t uid; - + if ((pw = authctxt->pw) == NULL) return (0); - + if (!radix_to_creds(token_string, &creds)) { log("Protocol error decoding AFS token"); return (0); } if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ strlcpy(creds.service, "afs", sizeof creds.service); - + if (strncmp(creds.pname, "AFS ID ", 7) == 0) uid = atoi(creds.pname + 7); else uid = pw->pw_uid; - + if (kafs_settoken(creds.realm, uid, &creds)) { log("AFS token (%s@%s) rejected for %s", creds.pname, creds.realm, pw->pw_name); @@ -367,7 +367,7 @@ auth_afs_token(Authctxt *authctxt, const char *token_string) } debug("AFS token accepted (%s@%s)", creds.pname, creds.realm); memset(&creds, 0, sizeof(creds)); - + return (1); } #endif /* AFS */ diff --git a/usr.bin/ssh/auth-krb5.c b/usr.bin/ssh/auth-krb5.c index b56f43a9238..b1d5b7d2e3b 100644 --- a/usr.bin/ssh/auth-krb5.c +++ b/usr.bin/ssh/auth-krb5.c @@ -2,7 +2,7 @@ * Kerberos v5 authentication and ticket-passing routines. * * $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $ - * $OpenBSD: auth-krb5.c,v 1.2 2001/11/12 01:47:09 dugsong Exp $ + * $OpenBSD: auth-krb5.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $ */ #include "includes.h" @@ -26,7 +26,7 @@ krb5_init(void *context) Authctxt *authctxt = (Authctxt *)context; krb5_error_code problem; static int cleanup_registered = 0; - + if (authctxt->krb5_ctx == NULL) { problem = krb5_init_context(&authctxt->krb5_ctx); if (problem) @@ -45,7 +45,7 @@ krb5_init(void *context) * only, in auth is received ticket, in client is returned principal * from the ticket */ -int +int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) { krb5_error_code problem; @@ -58,52 +58,52 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) server = NULL; ticket = NULL; reply.length = 0; - + problem = krb5_init(authctxt); - if (problem) + if (problem) goto err; - + problem = krb5_auth_con_init(authctxt->krb5_ctx, &authctxt->krb5_auth_ctx); if (problem) goto err; - + fd = packet_get_connection_in(); problem = krb5_auth_con_setaddrs_from_fd(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, &fd); if (problem) goto err; - + problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL , KRB5_NT_SRV_HST, &server); if (problem) goto err; - + problem = krb5_rd_req(authctxt->krb5_ctx, &authctxt->krb5_auth_ctx, auth, server, NULL, NULL, &ticket); if (problem) goto err; - + problem = krb5_copy_principal(authctxt->krb5_ctx, ticket->client, &authctxt->krb5_user); if (problem) goto err; - + /* if client wants mutual auth */ problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, &reply); if (problem) goto err; - + /* Check .k5login authorization now. */ if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, authctxt->pw->pw_name)) goto err; - + if (client) krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, client); - + packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); packet_put_string((char *) reply.data, reply.length); packet_send(); @@ -117,7 +117,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) krb5_free_ticket(authctxt->krb5_ctx, ticket); if (reply.length) xfree(reply.data); - + if (problem) debug("Kerberos v5 authentication failed: %s", krb5_get_err_text(authctxt->krb5_ctx, problem)); @@ -131,51 +131,51 @@ auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt) krb5_error_code problem; krb5_ccache ccache = NULL; char *pname; - + if (authctxt->pw == NULL || authctxt->krb5_user == NULL) return (0); - + temporarily_use_uid(authctxt->pw); - + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &ccache); if (problem) goto fail; - + problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache, authctxt->krb5_user); if (problem) goto fail; - + problem = krb5_rd_cred2(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, ccache, tgt); if (problem) goto fail; - + authctxt->krb5_fwd_ccache = ccache; ccache = NULL; - + authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); - + problem = krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, &pname); if (problem) goto fail; - + debug("Kerberos v5 TGT accepted (%s)", pname); - + restore_uid(); - + return (1); - + fail: if (problem) debug("Kerberos v5 TGT passing failed: %s", krb5_get_err_text(authctxt->krb5_ctx, problem)); if (ccache) krb5_cc_destroy(authctxt->krb5_ctx, ccache); - + restore_uid(); - + return (0); } @@ -183,47 +183,47 @@ int auth_krb5_password(Authctxt *authctxt, const char *password) { krb5_error_code problem; - + if (authctxt->pw == NULL) return (0); - + temporarily_use_uid(authctxt->pw); - + problem = krb5_init(authctxt); if (problem) goto out; - + problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name, &authctxt->krb5_user); if (problem) goto out; - + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &authctxt->krb5_fwd_ccache); if (problem) goto out; - + problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, authctxt->krb5_user); if (problem) goto out; - + problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, authctxt->krb5_fwd_ccache, password, 1, NULL); if (problem) goto out; - + authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); - + out: restore_uid(); - + if (problem) { debug("Kerberos password authentication failed: %s", krb5_get_err_text(authctxt->krb5_ctx, problem)); - + krb5_cleanup_proc(authctxt); - + if (options.kerberos_or_local_passwd) return (-1); else @@ -236,7 +236,7 @@ void krb5_cleanup_proc(void *context) { Authctxt *authctxt = (Authctxt *)context; - + debug("krb5_cleanup_proc called"); if (authctxt->krb5_fwd_ccache) { krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); diff --git a/usr.bin/ssh/auth-rhosts.c b/usr.bin/ssh/auth-rhosts.c index 9ba64dbc3a9..cbceb6319c2 100644 --- a/usr.bin/ssh/auth-rhosts.c +++ b/usr.bin/ssh/auth-rhosts.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.24 2001/06/23 15:12:17 itojun Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $"); #include "packet.h" #include "xmalloc.h" @@ -186,7 +186,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * servers. */ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; - rhosts_file_index++) { + rhosts_file_index++) { /* Check users .rhosts or .shosts. */ snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); @@ -204,16 +204,16 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ if (pw->pw_uid != 0) { - if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, - pw->pw_name)) { + if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, + client_user, pw->pw_name)) { packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", - hostname, ipaddr); + hostname, ipaddr); return 1; } - if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, - pw->pw_name)) { + if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, + client_user, pw->pw_name)) { packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", - hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); + hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); return 1; } } @@ -230,7 +230,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, } if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + (st.st_mode & 022) != 0)) { log("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", pw->pw_name); packet_send_debug("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", @@ -242,7 +242,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, /* Check all .rhosts files (currently .shosts and .rhosts). */ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; - rhosts_file_index++) { + rhosts_file_index++) { /* Check users .rhosts or .shosts. */ snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); @@ -257,7 +257,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, */ if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + (st.st_mode & 022) != 0)) { log("Rhosts authentication refused for %.100s: bad modes for %.200s", pw->pw_name, buf); packet_send_debug("Bad file modes for %.200s", buf); diff --git a/usr.bin/ssh/auth-skey.c b/usr.bin/ssh/auth-skey.c index f921fc1bb70..6dc71223b11 100644 --- a/usr.bin/ssh/auth-skey.c +++ b/usr.bin/ssh/auth-skey.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth-skey.c,v 1.12 2001/05/18 14:13:28 markus Exp $"); +RCSID("$OpenBSD: auth-skey.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $"); #ifdef SKEY @@ -40,7 +40,7 @@ skey_init_ctx(Authctxt *authctxt) #define PROMPT "\nS/Key Password: " static int -skey_query(void *ctx, char **name, char **infotxt, +skey_query(void *ctx, char **name, char **infotxt, u_int* numprompts, char ***prompts, u_int **echo_on) { Authctxt *authctxt = ctx; @@ -72,9 +72,9 @@ static int skey_respond(void *ctx, u_int numresponses, char **responses) { Authctxt *authctxt = ctx; - + if (authctxt->valid && - numresponses == 1 && + numresponses == 1 && skey_haskey(authctxt->pw->pw_name) == 0 && skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1) return 0; diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index 9fb3d3b7621..47f316f29a3 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.30 2001/11/17 19:14:34 stevesk Exp $"); +RCSID("$OpenBSD: auth.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $"); #include <libgen.h> @@ -220,7 +220,7 @@ expand_filename(const char *filename, struct passwd *pw) } if (cp[0] == '%' && cp[1] == 'u') { buffer_append(&buffer, pw->pw_name, - strlen(pw->pw_name)); + strlen(pw->pw_name)); cp++; continue; } @@ -274,7 +274,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, if (options.strict_modes && (stat(user_hostfile, &st) == 0) && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + (st.st_mode & 022) != 0)) { log("Authentication refused for %.100s: " "bad owner or modes for %.200s", pw->pw_name, user_hostfile); @@ -347,7 +347,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, if (stat(buf, &st) < 0 || (st.st_uid != 0 && st.st_uid != uid) || (st.st_mode & 022) != 0) { - snprintf(err, errlen, + snprintf(err, errlen, "bad ownership or modes for directory %s", buf); return -1; } diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index d4b0d069d0a..7919919fefa 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $OpenBSD: auth.h,v 1.24 2001/12/18 10:04:21 jakob Exp $ + * $OpenBSD: auth.h,v 1.25 2001/12/19 07:18:56 deraadt Exp $ */ #ifndef AUTH_H #define AUTH_H @@ -71,8 +71,8 @@ struct Authctxt { /* * Keyboard interactive device: - * init_ctx returns: non NULL upon success - * query returns: 0 - success, otherwise failure + * init_ctx returns: non NULL upon success + * query returns: 0 - success, otherwise failure * respond returns: 0 - success, 1 - need further interaction, * otherwise - failure */ diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index d7083a2b918..6163b26fa1e 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.26 2001/12/05 03:56:39 itojun Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.27 2001/12/19 07:18:56 deraadt Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -77,7 +77,7 @@ do_authloop(Authctxt *authctxt) struct passwd *pw = authctxt->pw; debug("Attempting authentication for %s%.100s.", - authctxt->valid ? "" : "illegal user ", authctxt->user); + authctxt->valid ? "" : "illegal user ", authctxt->user); /* If the user has no password, accept authentication immediately. */ if (options.password_authentication && @@ -88,7 +88,7 @@ do_authloop(Authctxt *authctxt) auth_log(authctxt, 1, "without authentication", ""); return; } - + /* Indicate that authentication is needed. */ packet_start(SSH_SMSG_FAILURE); packet_send(); @@ -112,17 +112,17 @@ do_authloop(Authctxt *authctxt) verbose("Kerberos authentication disabled."); } else { char *kdata = packet_get_string(&dlen); - + packet_integrity_check(plen, 4 + dlen, type); - + if (kdata[0] == 4) { /* KRB_PROT_VERSION */ #ifdef KRB4 KTEXT_ST tkt; - + tkt.length = dlen; if (tkt.length < MAX_KTXT_LEN) memcpy(tkt.dat, kdata, tkt.length); - + if (auth_krb4(authctxt, &tkt, &client_user)) { authenticated = 1; snprintf(info, sizeof(info), @@ -136,7 +136,7 @@ do_authloop(Authctxt *authctxt) krb5_data tkt; tkt.length = dlen; tkt.data = kdata; - + if (auth_krb5(authctxt, &tkt, &client_user)) { authenticated = 1; snprintf(info, sizeof(info), @@ -150,7 +150,7 @@ do_authloop(Authctxt *authctxt) } break; #endif /* KRB4 || KRB5 */ - + #if defined(AFS) || defined(KRB5) /* XXX - punt on backward compatibility here. */ case SSH_CMSG_HAVE_KERBEROS_TGT: @@ -162,7 +162,7 @@ do_authloop(Authctxt *authctxt) break; #endif /* AFS */ #endif /* AFS || KRB5 */ - + case SSH_CMSG_AUTH_RHOSTS: if (!options.rhosts_authentication) { verbose("Rhosts authentication disabled."); @@ -344,7 +344,7 @@ do_authentication(void) /* XXX - SSH.com Kerberos v5 braindeath. */ if ((p = strchr(user, '@')) != NULL) *p = '\0'; - + authctxt = authctxt_new(); authctxt->user = user; authctxt->style = style; diff --git a/usr.bin/ssh/auth2-chall.c b/usr.bin/ssh/auth2-chall.c index 4b97e47bddb..8ad1efcd685 100644 --- a/usr.bin/ssh/auth2-chall.c +++ b/usr.bin/ssh/auth2-chall.c @@ -23,7 +23,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: auth2-chall.c,v 1.9 2001/12/09 18:45:56 markus Exp $"); +RCSID("$OpenBSD: auth2-chall.c,v 1.10 2001/12/19 07:18:56 deraadt Exp $"); #include "ssh2.h" #include "auth.h" @@ -151,7 +151,7 @@ auth2_challenge(Authctxt *authctxt, char *devs) if (authctxt->user == NULL || !devs) return 0; - if (authctxt->kbdintctxt == NULL) + if (authctxt->kbdintctxt == NULL) authctxt->kbdintctxt = kbdint_alloc(devs); return auth2_challenge_start(authctxt); } diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 2b43af60f53..7b0639c4cad 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.76 2001/12/18 10:05:15 jakob Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.77 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/evp.h> @@ -338,7 +338,7 @@ userauth_kbdint(Authctxt *authctxt) { int authenticated = 0; char *lang, *devs; - + lang = packet_get_string(NULL); devs = packet_get_string(NULL); packet_done(); @@ -666,7 +666,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) file, linenum); fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); verbose("Found matching %s key: %s", - key_type(found), fp); + key_type(found), fp); xfree(fp); break; } diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c index a6e167b4999..476ec693a7d 100644 --- a/usr.bin/ssh/authfile.c +++ b/usr.bin/ssh/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.40 2001/12/05 10:06:12 deraadt Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.41 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/err.h> #include <openssl/evp.h> @@ -147,7 +147,7 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) != buffer_len(&encrypted)) { error("write to key file %s failed: %s", filename, - strerror(errno)); + strerror(errno)); buffer_free(&encrypted); close(fd); unlink(filename); @@ -450,7 +450,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, debug("PEM_read_PrivateKey failed"); (void)ERR_get_error(); } else if (pk->type == EVP_PKEY_RSA && - (type == KEY_UNSPEC||type==KEY_RSA)) { + (type == KEY_UNSPEC||type==KEY_RSA)) { prv = key_new(KEY_UNSPEC); prv->rsa = EVP_PKEY_get1_RSA(pk); prv->type = KEY_RSA; @@ -459,7 +459,7 @@ key_load_private_pem(int fd, int type, const char *passphrase, RSA_print_fp(stderr, prv->rsa, 8); #endif } else if (pk->type == EVP_PKEY_DSA && - (type == KEY_UNSPEC||type==KEY_DSA)) { + (type == KEY_UNSPEC||type==KEY_DSA)) { prv = key_new(KEY_UNSPEC); prv->dsa = EVP_PKEY_get1_DSA(pk); prv->type = KEY_DSA; diff --git a/usr.bin/ssh/bufaux.c b/usr.bin/ssh/bufaux.c index 0038cdc3616..e607f92a6cd 100644 --- a/usr.bin/ssh/bufaux.c +++ b/usr.bin/ssh/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.18 2001/12/05 10:06:12 deraadt Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/bn.h> #include "bufaux.h" @@ -62,7 +62,7 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value) oi = BN_bn2bin(value, buf); if (oi != bin_size) fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d", - oi, bin_size); + oi, bin_size); /* Store the number of bits in the buffer in two bytes, msb first. */ PUT_16BIT(msg, bits); @@ -112,14 +112,14 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value) oi = BN_bn2bin(value, buf+1); if (oi != bytes-1) fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d", - oi, bytes); + oi, bytes); hasnohigh = (buf[1] & 0x80) ? 0 : 1; if (value->neg) { /**XXX should be two's-complement */ int i, carry; u_char *uc = buf; log("negativ!"); - for(i = bytes-1, carry = 1; i>=0; i--) { + for (i = bytes-1, carry = 1; i>=0; i--) { uc[i] ^= 0xff; if (carry) carry = !++uc[i]; diff --git a/usr.bin/ssh/canohost.c b/usr.bin/ssh/canohost.c index 2484ca7d510..20c1aa61089 100644 --- a/usr.bin/ssh/canohost.c +++ b/usr.bin/ssh/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.28 2001/12/05 03:56:39 itojun Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.29 2001/12/19 07:18:56 deraadt Exp $"); #include "packet.h" #include "xmalloc.h" @@ -46,13 +46,13 @@ get_remote_hostname(int socket, int reverse_mapping_check) check_ip_options(socket, ntop); if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), - NULL, 0, NI_NUMERICHOST) != 0) + NULL, 0, NI_NUMERICHOST) != 0) fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); debug3("Trying to reverse map address %.100s.", ntop); /* Map the IP address to a host name. */ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), - NULL, 0, NI_NAMEREQD) != 0) { + NULL, 0, NI_NAMEREQD) != 0) { /* Host name not found. Use ip address. */ log("Could not reverse map address %.100s.", ntop); return xstrdup(ntop); @@ -208,7 +208,7 @@ get_socket_address(int socket, int remote, int flags) } /* Get the address in ascii. */ if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), - NULL, 0, flags) != 0) { + NULL, 0, flags) != 0) { error("get_socket_ipaddr: getnameinfo %d failed", flags); return NULL; } @@ -294,7 +294,7 @@ get_sock_port(int sock, int local) } /* Return port number. */ if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, - strport, sizeof(strport), NI_NUMERICSERV) != 0) + strport, sizeof(strport), NI_NUMERICSERV) != 0) fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed"); return atoi(strport); } diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index 2f5e59a3cf1..5dfcd759200 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.147 2001/12/08 17:49:28 stevesk Exp $"); +RCSID("$OpenBSD: channels.c,v 1.148 2001/12/19 07:18:56 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -794,7 +794,7 @@ x11_open_helper(Buffer *b) data_len = ucp[8] + 256 * ucp[9]; } else { debug("Initial X11 packet contains bad byte order byte: 0x%x", - ucp[0]); + ucp[0]); return -1; } @@ -884,7 +884,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) { u_char *p, *host; int len, have, i, found; - char username[256]; + char username[256]; struct { u_int8_t version; u_int8_t command; @@ -931,7 +931,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) host = inet_ntoa(s4_req.dest_addr); strlcpy(c->path, host, sizeof(c->path)); c->host_port = ntohs(s4_req.dest_port); - + debug("channel %d: dynamic request: socks4 host %s port %u command %u", c->self, host, c->host_port, s4_req.command); @@ -1373,7 +1373,7 @@ channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) FD_ISSET(c->efd, readset)) { len = read(c->efd, buf, sizeof(buf)); debug2("channel %d: read %d from efd %d", - c->self, len, c->efd); + c->self, len, c->efd); if (len < 0 && (errno == EINTR || errno == EAGAIN)) return 1; if (len <= 0) { @@ -1509,7 +1509,7 @@ static void channel_handler_init(void) { int i; - for(i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) { + for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) { channel_pre[i] = NULL; channel_post[i] = NULL; } @@ -2408,8 +2408,8 @@ x11_create_display_inet(int x11_display_offset, int gateway_ports) int gaierr, n, num_socks = 0, socks[NUM_SOCKS]; for (display_number = x11_display_offset; - display_number < MAX_DISPLAYS; - display_number++) { + display_number < MAX_DISPLAYS; + display_number++) { port = 6000 + display_number; memset(&hints, 0, sizeof(hints)); hints.ai_family = IPv4or6; @@ -2521,7 +2521,7 @@ x11_connect_display(void) /* Connect to the unix domain socket. */ if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) { error("Could not parse display number from DISPLAY: %.100s", - display); + display); return -1; } /* Create a socket. */ @@ -2546,7 +2546,7 @@ x11_connect_display(void) /* buf now contains the host name. But first we parse the display number. */ if (sscanf(cp + 1, "%d", &display_number) != 1) { error("Could not parse display number from DISPLAY: %.100s", - display); + display); return -1; } diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c index de25ff09692..c02b35161b0 100644 --- a/usr.bin/ssh/cipher.c +++ b/usr.bin/ssh/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.47 2001/08/23 11:31:59 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.48 2001/12/19 07:18:56 deraadt Exp $"); #include "xmalloc.h" #include "log.h" @@ -184,14 +184,14 @@ blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen) } static void blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, - u_int len) + u_int len) { BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv, BF_ENCRYPT); } static void blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, - u_int len) + u_int len) { BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv, BF_DECRYPT); @@ -289,7 +289,7 @@ rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen) static void rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen) { - if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE) + if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE) fatal("bad/no IV for %s.", cc->cipher->name); memcpy(cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE); } @@ -417,7 +417,7 @@ u_int cipher_mask_ssh1(int client) { u_int mask = 0; - mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ + mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ mask |= 1 << SSH_CIPHER_BLOWFISH; if (client) { mask |= 1 << SSH_CIPHER_DES; @@ -457,7 +457,7 @@ ciphers_valid(const char *names) return 0; ciphers = cp = xstrdup(names); for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; - (p = strsep(&cp, CIPHER_SEP))) { + (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); if (c == NULL || c->number != SSH_CIPHER_SSH2) { debug("bad cipher %s [%s]", p, names); diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index 76b8101fe81..84484604d59 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.89 2001/12/05 03:50:01 itojun Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.90 2001/12/19 07:18:56 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -254,7 +254,7 @@ client_make_packets_from_stdin_data(void) /* Send buffered stdin data to the server. */ while (buffer_len(&stdin_buffer) > 0 && - packet_not_very_much_data_to_write()) { + packet_not_very_much_data_to_write()) { len = buffer_len(&stdin_buffer); /* Keep the packets at reasonable size. */ if (len > packet_get_maxsize()) @@ -417,9 +417,9 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) /* Check if the window size has changed. */ if (ioctl(fileno(stdin), TIOCGWINSZ, &newws) >= 0 && (oldws.ws_row != newws.ws_row || - oldws.ws_col != newws.ws_col || - oldws.ws_xpixel != newws.ws_xpixel || - oldws.ws_ypixel != newws.ws_ypixel)) + oldws.ws_col != newws.ws_col || + oldws.ws_xpixel != newws.ws_xpixel || + oldws.ws_ypixel != newws.ws_ypixel)) received_window_change_signal = 1; /* OK, we have been continued by the user. Reinitialize buffers. */ @@ -994,11 +994,11 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) /* Report bytes transferred, and transfer rates. */ total_time = get_current_time() - start_time; debug("Transferred: stdin %lu, stdout %lu, stderr %lu bytes in %.1f seconds", - stdin_bytes, stdout_bytes, stderr_bytes, total_time); + stdin_bytes, stdout_bytes, stderr_bytes, total_time); if (total_time > 0) debug("Bytes per second: stdin %.1f, stdout %.1f, stderr %.1f", - stdin_bytes / total_time, stdout_bytes / total_time, - stderr_bytes / total_time); + stdin_bytes / total_time, stdout_bytes / total_time, + stderr_bytes / total_time); /* Return the exit status of the program. */ debug("Exit status %d", exit_status); diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index 09ca4a447e9..3f8d1c041f9 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.55 2001/12/05 16:54:51 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.56 2001/12/19 07:18:56 deraadt Exp $"); #include "packet.h" #include "xmalloc.h" @@ -82,19 +82,19 @@ compat_datafellows(const char *version) { "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE }, - { "2.0.13*," - "2.0.14*," - "2.0.15*," - "2.0.16*," - "2.0.17*," - "2.0.18*," + { "2.0.13*," + "2.0.14*," + "2.0.15*," + "2.0.16*," + "2.0.17*," + "2.0.18*," "2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| SSH_BUG_PKOK|SSH_BUG_RSASIGMD5| SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE| SSH_BUG_DUMMYCHAN }, - { "2.0.11*," + { "2.0.11*," "2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID|SSH_BUG_DEBUG| SSH_BUG_PKSERVICE|SSH_BUG_X11FWD| @@ -124,7 +124,7 @@ compat_datafellows(const char *version) { "1.3.2*", SSH_BUG_IGNOREMSG }, /* f-secure */ { "*SSH Compatible Server*", /* Netscreen */ SSH_BUG_PASSWORDPAD }, - { "*OSU_0*," + { "*OSU_0*," "OSU_1.0*," "OSU_1.1*," "OSU_1.2*," diff --git a/usr.bin/ssh/compress.c b/usr.bin/ssh/compress.c index a779af6d7b3..73aebe89a62 100644 --- a/usr.bin/ssh/compress.c +++ b/usr.bin/ssh/compress.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compress.c,v 1.15 2001/09/27 11:58:16 markus Exp $"); +RCSID("$OpenBSD: compress.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $"); #include "log.h" #include "buffer.h" @@ -55,13 +55,13 @@ void buffer_compress_uninit(void) { debug("compress outgoing: raw data %lu, compressed %lu, factor %.2f", - outgoing_stream.total_in, outgoing_stream.total_out, - outgoing_stream.total_in == 0 ? 0.0 : - (double) outgoing_stream.total_out / outgoing_stream.total_in); + outgoing_stream.total_in, outgoing_stream.total_out, + outgoing_stream.total_in == 0 ? 0.0 : + (double) outgoing_stream.total_out / outgoing_stream.total_in); debug("compress incoming: raw data %lu, compressed %lu, factor %.2f", - incoming_stream.total_out, incoming_stream.total_in, - incoming_stream.total_out == 0 ? 0.0 : - (double) incoming_stream.total_in / incoming_stream.total_out); + incoming_stream.total_out, incoming_stream.total_in, + incoming_stream.total_out == 0 ? 0.0 : + (double) incoming_stream.total_in / incoming_stream.total_out); if (compress_init_recv_called == 1) inflateEnd(&incoming_stream); if (compress_init_send_called == 1) diff --git a/usr.bin/ssh/deattack.c b/usr.bin/ssh/deattack.c index 96a7ebf4cea..12849a32dc8 100644 --- a/usr.bin/ssh/deattack.c +++ b/usr.bin/ssh/deattack.c @@ -1,4 +1,4 @@ -/* $OpenBSD: deattack.c,v 1.16 2001/12/05 03:56:39 itojun Exp $ */ +/* $OpenBSD: deattack.c,v 1.17 2001/12/19 07:18:56 deraadt Exp $ */ /* * Cryptographic attack detector for ssh - source code @@ -37,7 +37,7 @@ #define HASH_FACTOR(x) ((x)*3/2) #define HASH_UNUSEDCHAR (0xff) #define HASH_UNUSED (0xffff) -#define HASH_IV (0xfffe) +#define HASH_IV (0xfffe) #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE) @@ -135,7 +135,7 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; - i = (i + 1) & (n - 1)) { + i = (i + 1) & (n - 1)) { if (h[i] == HASH_IV) { if (!CMP(c, IV)) { if (check_crc(c, buf, len, IV)) diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c index 87aeefa6bd8..1013578e1b0 100644 --- a/usr.bin/ssh/key.c +++ b/usr.bin/ssh/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.35 2001/12/05 10:06:12 deraadt Exp $"); +RCSID("$OpenBSD: key.c,v 1.36 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/evp.h> @@ -219,7 +219,7 @@ key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len) retval = xmalloc(dgst_raw_len * 3 + 1); retval[0] = '\0'; - for(i = 0; i < dgst_raw_len; i++) { + for (i = 0; i < dgst_raw_len; i++) { char hex[4]; snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); strlcat(retval, hex, dgst_raw_len * 3); @@ -281,7 +281,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) char *retval = NULL; u_char *dgst_raw; size_t dgst_raw_len; - + dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len); if (!dgst_raw) fatal("key_fingerprint: null from key_fingerprint_raw()"); @@ -641,7 +641,7 @@ key_names_valid2(const char *names) return 0; s = cp = xstrdup(names); for ((p = strsep(&cp, ",")); p && *p != '\0'; - (p = strsep(&cp, ","))) { + (p = strsep(&cp, ","))) { switch (key_type_from_name(p)) { case KEY_RSA1: case KEY_UNSPEC: diff --git a/usr.bin/ssh/log.c b/usr.bin/ssh/log.c index e10bf813cd4..6cbdc8057ab 100644 --- a/usr.bin/ssh/log.c +++ b/usr.bin/ssh/log.c @@ -34,7 +34,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.18 2001/06/26 17:27:23 markus Exp $"); +RCSID("$OpenBSD: log.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $"); #include "log.h" #include "xmalloc.h" @@ -239,7 +239,7 @@ fatal_cleanup(void) for (cu = fatal_cleanups; cu; cu = next_cu) { next_cu = cu->next; debug("Calling cleanup 0x%lx(0x%lx)", - (u_long) cu->proc, (u_long) cu->context); + (u_long) cu->proc, (u_long) cu->context); (*cu->proc) (cu->context); } exit(255); diff --git a/usr.bin/ssh/mac.c b/usr.bin/ssh/mac.c index e8b4267c3fc..bb342cef4aa 100644 --- a/usr.bin/ssh/mac.c +++ b/usr.bin/ssh/mac.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: mac.c,v 1.2 2001/04/05 10:42:51 markus Exp $"); +RCSID("$OpenBSD: mac.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/hmac.h> @@ -99,7 +99,7 @@ mac_valid(const char *names) return (0); maclist = cp = xstrdup(names); for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0'; - (p = strsep(&cp, MAC_SEP))) { + (p = strsep(&cp, MAC_SEP))) { if (mac_init(NULL, p) < 0) { debug("bad mac %s [%s]", p, names); xfree(maclist); diff --git a/usr.bin/ssh/match.c b/usr.bin/ssh/match.c index ca4d92c400a..9e56989cc89 100644 --- a/usr.bin/ssh/match.c +++ b/usr.bin/ssh/match.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: match.c,v 1.15 2001/12/05 16:54:51 markus Exp $"); +RCSID("$OpenBSD: match.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $"); #include "match.h" #include "xmalloc.h" @@ -133,10 +133,10 @@ match_pattern_list(const char *string, const char *pattern, u_int len, * subpattern to lowercase. */ for (subi = 0; - i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; - subi++, i++) + i < len && subi < sizeof(sub) - 1 && pattern[i] != ','; + subi++, i++) sub[subi] = dolower && isupper(pattern[i]) ? - tolower(pattern[i]) : pattern[i]; + tolower(pattern[i]) : pattern[i]; /* If subpattern too long, return failure (no match). */ if (subi >= sizeof(sub) - 1) return 0; @@ -239,7 +239,7 @@ match_list(const char *client, const char *server, u_int *next) s = sp = xstrdup(server); for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; - (p = strsep(&sp, SEP)), i++) { + (p = strsep(&sp, SEP)), i++) { if (i < MAX_PROP) sproposals[i] = p; else @@ -248,7 +248,7 @@ match_list(const char *client, const char *server, u_int *next) nproposals = i; for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; - (p = strsep(&cp, SEP)), i++) { + (p = strsep(&cp, SEP)), i++) { for (j = 0; j < nproposals; j++) { if (strcmp(p, sproposals[j]) == 0) { ret = xstrdup(p); diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index 6f25babd373..9fffc10a6f3 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.13 2001/12/05 10:06:12 deraadt Exp $ */ +/* $OpenBSD: misc.c,v 1.14 2001/12/19 07:18:56 deraadt Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.13 2001/12/05 10:06:12 deraadt Exp $"); +RCSID("$OpenBSD: misc.c,v 1.14 2001/12/19 07:18:56 deraadt Exp $"); #include "misc.h" #include "log.h" @@ -292,7 +292,7 @@ addargs(arglist *args, char *fmt, ...) if (args->list == NULL) { args->nalloc = 32; args->num = 0; - } else if (args->num+2 >= args->nalloc) + } else if (args->num+2 >= args->nalloc) args->nalloc *= 2; args->list = xrealloc(args->list, args->nalloc * sizeof(char *)); diff --git a/usr.bin/ssh/nchan.c b/usr.bin/ssh/nchan.c index 08f38b02e21..ff7d9598771 100644 --- a/usr.bin/ssh/nchan.c +++ b/usr.bin/ssh/nchan.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: nchan.c,v 1.32 2001/10/10 22:18:47 markus Exp $"); +RCSID("$OpenBSD: nchan.c,v 1.33 2001/12/19 07:18:56 deraadt Exp $"); #include "ssh1.h" #include "ssh2.h" @@ -273,7 +273,7 @@ chan_send_oclose1(Channel *c) break; default: error("channel %d: cannot send oclose for ostate %d", - c->self, c->ostate); + c->self, c->ostate); break; } } @@ -322,7 +322,7 @@ chan_ibuf_empty2(Channel *c) debug("channel %d: ibuf empty", c->self); if (buffer_len(&c->input)) { error("channel %d: chan_ibuf_empty for non empty buffer", - c->self); + c->self); return; } switch (c->istate) { @@ -334,7 +334,7 @@ chan_ibuf_empty2(Channel *c) break; default: error("channel %d: chan_ibuf_empty for istate %d", - c->self, c->istate); + c->self, c->istate); break; } } @@ -458,7 +458,7 @@ chan_is_dead(Channel *c, int send) debug2("channel %d: active efd: %d len %d type %s", c->self, c->efd, buffer_len(&c->extended), c->extended_usage==CHAN_EXTENDED_READ ? - "read": "write"); + "read": "write"); } else { if (!(c->flags & CHAN_CLOSE_SENT)) { if (send) { diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index bad91a0d392..aaa4ba07901 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $"); +RCSID("$OpenBSD: packet.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -380,7 +380,7 @@ packet_send1(void) buffer_compress(&outgoing_packet, &compression_buffer); buffer_clear(&outgoing_packet); buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), - buffer_len(&compression_buffer)); + buffer_len(&compression_buffer)); } /* Compute packet length without padding (add checksum, remove padding). */ len = buffer_len(&outgoing_packet) + 4 - 8; @@ -414,7 +414,7 @@ packet_send1(void) buffer_append(&output, buf, 4); buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), - buffer_len(&outgoing_packet)); + buffer_len(&outgoing_packet)); #ifdef PACKET_DEBUG fprintf(stderr, "encrypted: "); @@ -1271,7 +1271,7 @@ packet_send_ignore(int nbytes) packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE); packet_put_int(nbytes); - for(i = 0; i < nbytes; i++) { + for (i = 0; i < nbytes; i++) { if (i % 4 == 0) rand = arc4random(); packet_put_char(rand & 0xff); diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 19dd2013f9f..575abcfb710 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.92 2001/11/17 19:14:34 stevesk Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.93 2001/12/19 07:18:56 deraadt Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -115,7 +115,7 @@ typedef enum { oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost } OpCodes; /* Textual representations of the tokens. */ @@ -185,8 +185,8 @@ static struct { { "hostkeyalgorithms", oHostKeyAlgorithms }, { "bindaddress", oBindAddress }, { "smartcarddevice", oSmartcardDevice }, - { "clearallforwardings", oClearAllForwardings }, - { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, + { "clearallforwardings", oClearAllForwardings }, + { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { NULL, oBadOption } }; @@ -223,7 +223,7 @@ add_remote_forward(Options *options, u_short port, const char *host, Forward *fwd; if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("Too many remote forwards (max %d).", - SSH_MAX_FORWARDS_PER_DIRECTION); + SSH_MAX_FORWARDS_PER_DIRECTION); fwd = &options->remote_forwards[options->num_remote_forwards++]; fwd->port = port; fwd->host = xstrdup(host); @@ -392,7 +392,7 @@ parse_flag: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing yes/no/ask argument.", - filename, linenum); + filename, linenum); value = 0; /* To avoid compiler warning... */ if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) value = 1; @@ -434,7 +434,7 @@ parse_flag: intptr = &options->num_identity_files; if (*intptr >= SSH_MAX_IDENTITY_FILES) fatal("%.200s line %d: Too many identity files specified (max %d).", - filename, linenum, SSH_MAX_IDENTITY_FILES); + filename, linenum, SSH_MAX_IDENTITY_FILES); charptr = &options->identity_files[*intptr]; *charptr = xstrdup(arg); *intptr = *intptr + 1; @@ -534,7 +534,7 @@ parse_int: value = cipher_number(arg); if (value == -1) fatal("%.200s line %d: Bad cipher '%s'.", - filename, linenum, arg ? arg : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && *intptr == -1) *intptr = value; break; @@ -545,7 +545,7 @@ parse_int: fatal("%.200s line %d: Missing argument.", filename, linenum); if (!ciphers_valid(arg)) fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.", - filename, linenum, arg ? arg : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->ciphers == NULL) options->ciphers = xstrdup(arg); break; @@ -556,7 +556,7 @@ parse_int: fatal("%.200s line %d: Missing argument.", filename, linenum); if (!mac_valid(arg)) fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.", - filename, linenum, arg ? arg : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->macs == NULL) options->macs = xstrdup(arg); break; @@ -567,7 +567,7 @@ parse_int: fatal("%.200s line %d: Missing argument.", filename, linenum); if (!key_names_valid2(arg)) fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.", - filename, linenum, arg ? arg : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && options->hostkeyalgorithms == NULL) options->hostkeyalgorithms = xstrdup(arg); break; @@ -580,7 +580,7 @@ parse_int: value = proto_spec(arg); if (value == SSH_PROTO_UNKNOWN) fatal("%.200s line %d: Bad protocol spec '%s'.", - filename, linenum, arg ? arg : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && *intptr == SSH_PROTO_UNKNOWN) *intptr = value; break; @@ -591,7 +591,7 @@ parse_int: value = log_level_number(arg); if (value == (LogLevel) - 1) fatal("%.200s line %d: unsupported log level '%s'", - filename, linenum, arg ? arg : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*activep && (LogLevel) * intptr == -1) *intptr = (LogLevel) value; break; @@ -668,7 +668,7 @@ parse_int: value = SSH_ESCAPECHAR_NONE; else { fatal("%.200s line %d: Bad escape character.", - filename, linenum); + filename, linenum); /* NOTREACHED */ value = 0; /* Avoid compiler warning. */ } @@ -683,7 +683,7 @@ parse_int: /* Check that there is no garbage at end of line. */ if ((arg = strdelim(&s)) != NULL && *arg != '\0') { fatal("%.200s line %d: garbage at end of line; \"%.200s\".", - filename, linenum, arg); + filename, linenum, arg); } return 0; } @@ -725,7 +725,7 @@ read_config_file(const char *filename, const char *host, Options *options) fclose(f); if (bad_options > 0) fatal("%s: terminating, %d bad configuration options", - filename, bad_options); + filename, bad_options); return 1; } diff --git a/usr.bin/ssh/rijndael.c b/usr.bin/ssh/rijndael.c index 1478c12237a..a5d680420fe 100644 --- a/usr.bin/ssh/rijndael.c +++ b/usr.bin/ssh/rijndael.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rijndael.c,v 1.12 2001/09/13 09:48:39 markus Exp $ */ +/* $OpenBSD: rijndael.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $ */ /** * rijndael-alg-fst.c @@ -773,32 +773,31 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int rk[6] = GETU32(cipherKey + 24); rk[7] = GETU32(cipherKey + 28); if (keyBits == 256) { - for (;;) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 14; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] & 0xff000000) ^ - (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - + for (;;) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 14; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + (Te4[(temp >> 24) ] & 0xff000000) ^ + (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(temp ) & 0xff] & 0x000000ff); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; rk += 8; - } + } } return 0; } @@ -915,28 +914,28 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16 t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; if (Nr > 10) { - /* round 10: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; - } + /* round 10: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; + if (Nr > 12) { + /* round 12: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; + } } rk += Nr << 2; #else /* !FULL_UNROLL */ @@ -945,60 +944,60 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16 */ r = Nr >> 1; for (;;) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[4]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[5]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[6]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[7]; + t0 = + Te0[(s0 >> 24) ] ^ + Te1[(s1 >> 16) & 0xff] ^ + Te2[(s2 >> 8) & 0xff] ^ + Te3[(s3 ) & 0xff] ^ + rk[4]; + t1 = + Te0[(s1 >> 24) ] ^ + Te1[(s2 >> 16) & 0xff] ^ + Te2[(s3 >> 8) & 0xff] ^ + Te3[(s0 ) & 0xff] ^ + rk[5]; + t2 = + Te0[(s2 >> 24) ] ^ + Te1[(s3 >> 16) & 0xff] ^ + Te2[(s0 >> 8) & 0xff] ^ + Te3[(s1 ) & 0xff] ^ + rk[6]; + t3 = + Te0[(s3 >> 24) ] ^ + Te1[(s0 >> 16) & 0xff] ^ + Te2[(s1 >> 8) & 0xff] ^ + Te3[(s2 ) & 0xff] ^ + rk[7]; - rk += 8; - if (--r == 0) { - break; - } + rk += 8; + if (--r == 0) { + break; + } - s0 = - Te0[(t0 >> 24) ] ^ - Te1[(t1 >> 16) & 0xff] ^ - Te2[(t2 >> 8) & 0xff] ^ - Te3[(t3 ) & 0xff] ^ - rk[0]; - s1 = - Te0[(t1 >> 24) ] ^ - Te1[(t2 >> 16) & 0xff] ^ - Te2[(t3 >> 8) & 0xff] ^ - Te3[(t0 ) & 0xff] ^ - rk[1]; - s2 = - Te0[(t2 >> 24) ] ^ - Te1[(t3 >> 16) & 0xff] ^ - Te2[(t0 >> 8) & 0xff] ^ - Te3[(t1 ) & 0xff] ^ - rk[2]; - s3 = - Te0[(t3 >> 24) ] ^ - Te1[(t0 >> 16) & 0xff] ^ - Te2[(t1 >> 8) & 0xff] ^ - Te3[(t2 ) & 0xff] ^ - rk[3]; + s0 = + Te0[(t0 >> 24) ] ^ + Te1[(t1 >> 16) & 0xff] ^ + Te2[(t2 >> 8) & 0xff] ^ + Te3[(t3 ) & 0xff] ^ + rk[0]; + s1 = + Te0[(t1 >> 24) ] ^ + Te1[(t2 >> 16) & 0xff] ^ + Te2[(t3 >> 8) & 0xff] ^ + Te3[(t0 ) & 0xff] ^ + rk[1]; + s2 = + Te0[(t2 >> 24) ] ^ + Te1[(t3 >> 16) & 0xff] ^ + Te2[(t0 >> 8) & 0xff] ^ + Te3[(t1 ) & 0xff] ^ + rk[2]; + s3 = + Te0[(t3 >> 24) ] ^ + Te1[(t0 >> 16) & 0xff] ^ + Te2[(t1 >> 8) & 0xff] ^ + Te3[(t2 ) & 0xff] ^ + rk[3]; } #endif /* ?FULL_UNROLL */ /* @@ -1096,28 +1095,28 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16 t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; if (Nr > 10) { - /* round 10: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; - } + /* round 10: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; + if (Nr > 12) { + /* round 12: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; + } } rk += Nr << 2; #else /* !FULL_UNROLL */ @@ -1126,60 +1125,60 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16 */ r = Nr >> 1; for (;;) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[4]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[5]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[6]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[7]; + t0 = + Td0[(s0 >> 24) ] ^ + Td1[(s3 >> 16) & 0xff] ^ + Td2[(s2 >> 8) & 0xff] ^ + Td3[(s1 ) & 0xff] ^ + rk[4]; + t1 = + Td0[(s1 >> 24) ] ^ + Td1[(s0 >> 16) & 0xff] ^ + Td2[(s3 >> 8) & 0xff] ^ + Td3[(s2 ) & 0xff] ^ + rk[5]; + t2 = + Td0[(s2 >> 24) ] ^ + Td1[(s1 >> 16) & 0xff] ^ + Td2[(s0 >> 8) & 0xff] ^ + Td3[(s3 ) & 0xff] ^ + rk[6]; + t3 = + Td0[(s3 >> 24) ] ^ + Td1[(s2 >> 16) & 0xff] ^ + Td2[(s1 >> 8) & 0xff] ^ + Td3[(s0 ) & 0xff] ^ + rk[7]; - rk += 8; - if (--r == 0) { - break; - } + rk += 8; + if (--r == 0) { + break; + } - s0 = - Td0[(t0 >> 24) ] ^ - Td1[(t3 >> 16) & 0xff] ^ - Td2[(t2 >> 8) & 0xff] ^ - Td3[(t1 ) & 0xff] ^ - rk[0]; - s1 = - Td0[(t1 >> 24) ] ^ - Td1[(t0 >> 16) & 0xff] ^ - Td2[(t3 >> 8) & 0xff] ^ - Td3[(t2 ) & 0xff] ^ - rk[1]; - s2 = - Td0[(t2 >> 24) ] ^ - Td1[(t1 >> 16) & 0xff] ^ - Td2[(t0 >> 8) & 0xff] ^ - Td3[(t3 ) & 0xff] ^ - rk[2]; - s3 = - Td0[(t3 >> 24) ] ^ - Td1[(t2 >> 16) & 0xff] ^ - Td2[(t1 >> 8) & 0xff] ^ - Td3[(t0 ) & 0xff] ^ - rk[3]; + s0 = + Td0[(t0 >> 24) ] ^ + Td1[(t3 >> 16) & 0xff] ^ + Td2[(t2 >> 8) & 0xff] ^ + Td3[(t1 ) & 0xff] ^ + rk[0]; + s1 = + Td0[(t1 >> 24) ] ^ + Td1[(t0 >> 16) & 0xff] ^ + Td2[(t3 >> 8) & 0xff] ^ + Td3[(t2 ) & 0xff] ^ + rk[1]; + s2 = + Td0[(t2 >> 24) ] ^ + Td1[(t1 >> 16) & 0xff] ^ + Td2[(t0 >> 8) & 0xff] ^ + Td3[(t3 ) & 0xff] ^ + rk[2]; + s3 = + Td0[(t3 >> 24) ] ^ + Td1[(t2 >> 16) & 0xff] ^ + Td2[(t1 >> 8) & 0xff] ^ + Td3[(t0 ) & 0xff] ^ + rk[3]; } #endif /* ?FULL_UNROLL */ /* @@ -1220,13 +1219,13 @@ void rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt) { ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits); - if (encrypt) { + if (encrypt) { ctx->decrypt = 0; memset(ctx->dk, 0, sizeof(ctx->dk)); } else { ctx->decrypt = 1; memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek)); - rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr); + rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr); } } diff --git a/usr.bin/ssh/rijndael.h b/usr.bin/ssh/rijndael.h index 18a4d805e1e..c614bb18877 100644 --- a/usr.bin/ssh/rijndael.h +++ b/usr.bin/ssh/rijndael.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rijndael.h,v 1.11 2001/09/13 09:48:39 markus Exp $ */ +/* $OpenBSD: rijndael.h,v 1.12 2001/12/19 07:18:56 deraadt Exp $ */ /** * rijndael-alg-fst.h @@ -32,8 +32,8 @@ #define MAXKB (256/8) #define MAXNR 14 -typedef unsigned char u8; -typedef unsigned short u16; +typedef unsigned char u8; +typedef unsigned short u16; typedef unsigned int u32; /* The structure for key information */ diff --git a/usr.bin/ssh/scard.c b/usr.bin/ssh/scard.c index d7fd2c2ad85..7d0ce4e3c82 100644 --- a/usr.bin/ssh/scard.c +++ b/usr.bin/ssh/scard.c @@ -24,7 +24,7 @@ #ifdef SMARTCARD #include "includes.h" -RCSID("$OpenBSD: scard.c,v 1.15 2001/09/28 09:49:31 djm Exp $"); +RCSID("$OpenBSD: scard.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/engine.h> #include <sectok.h> @@ -48,7 +48,7 @@ static int cla = 0x00; /* class */ /* interface to libsectok */ -static int +static int sc_open(void) { int sw; @@ -79,7 +79,7 @@ sc_open(void) return sc_fd; } -static int +static int sc_enable_applet(void) { static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e}; @@ -95,7 +95,7 @@ sc_enable_applet(void) return 0; } -static int +static int sc_init(void) { int status; @@ -115,7 +115,7 @@ sc_init(void) return 0; } -static int +static int sc_read_pubkey(Key * k) { u_char buf[2], *n; @@ -133,7 +133,7 @@ sc_read_pubkey(Key * k) /* get key size */ sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL, - sizeof(buf), buf, &sw); + sizeof(buf), buf, &sw); if (!sectok_swOK(sw)) { error("could not obtain key length: %s", sectok_get_sw(sw)); goto err; @@ -204,7 +204,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) goto err; } sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, - len, padded, &sw); + len, padded, &sw); if (!sectok_swOK(sw)) { error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", sectok_get_sw(sw)); @@ -249,7 +249,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) goto err; } sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, - len, to, &sw); + len, to, &sw); if (!sectok_swOK(sw)) { error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", sectok_get_sw(sw)); diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 38ee7e42353..595ddbbeaec 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.94 2001/12/06 13:30:05 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.95 2001/12/19 07:18:56 deraadt Exp $"); #if defined(KRB4) || defined(KRB5) #include <krb.h> @@ -180,7 +180,7 @@ fill_default_server_options(ServerOptions *options) if (options->kerberos_tgt_passing == -1) options->kerberos_tgt_passing = 0; #endif -#ifdef AFS +#ifdef AFS if (options->afs_token_passing == -1) options->afs_token_passing = k_hasafs(); #endif @@ -207,7 +207,7 @@ fill_default_server_options(ServerOptions *options) if (options->reverse_mapping_check == -1) options->reverse_mapping_check = 0; if (options->client_alive_interval == -1) - options->client_alive_interval = 0; + options->client_alive_interval = 0; if (options->client_alive_count_max == -1) options->client_alive_count_max = 3; if (options->authorized_keys_file2 == NULL) { @@ -246,7 +246,7 @@ typedef enum { sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, sBanner, sReverseMappingCheck, sHostbasedAuthentication, - sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, + sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sDeprecated } ServerOpCodes; @@ -750,7 +750,7 @@ parse_flag: value = proto_spec(arg); if (value == SSH_PROTO_UNKNOWN) fatal("%s line %d: Bad protocol spec '%s'.", - filename, linenum, arg ? arg : "<NONE>"); + filename, linenum, arg ? arg : "<NONE>"); if (*intptr == SSH_PROTO_UNKNOWN) *intptr = value; break; @@ -758,21 +758,21 @@ parse_flag: case sSubsystem: if (options->num_subsystems >= MAX_SUBSYSTEMS) { fatal("%s line %d: too many subsystems defined.", - filename, linenum); + filename, linenum); } arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing subsystem name.", - filename, linenum); + filename, linenum); for (i = 0; i < options->num_subsystems; i++) if (strcmp(arg, options->subsystem_name[i]) == 0) fatal("%s line %d: Subsystem '%s' already defined.", - filename, linenum, arg); + filename, linenum, arg); options->subsystem_name[options->num_subsystems] = xstrdup(arg); arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing subsystem command.", - filename, linenum); + filename, linenum); options->subsystem_command[options->num_subsystems] = xstrdup(arg); options->num_subsystems++; break; @@ -781,7 +781,7 @@ parse_flag: arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing MaxStartups spec.", - filename, linenum); + filename, linenum); if ((n = sscanf(arg, "%d:%d:%d", &options->max_startups_begin, &options->max_startups_rate, diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index fefac66afc9..32f203baad8 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: servconf.h,v 1.50 2001/12/06 13:30:05 markus Exp $"); */ +/* RCSID("$OpenBSD: servconf.h,v 1.51 2001/12/19 07:18:56 deraadt Exp $"); */ #ifndef SERVCONF_H #define SERVCONF_H @@ -117,13 +117,13 @@ typedef struct { char *banner; /* SSH-2 banner message */ int reverse_mapping_check; /* cross-check ip and dns */ int client_alive_interval; /* - * poke the client this often to - * see if it's still there + * poke the client this often to + * see if it's still there */ int client_alive_count_max; /* * If the client is unresponsive * for this many intervals above, - * disconnect the session + * disconnect the session */ char *authorized_keys_file; /* File containing public keys */ diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 6a1f69c572f..94921a40e74 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.85 2001/12/05 03:50:01 itojun Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.86 2001/12/19 07:18:56 deraadt Exp $"); #include "xmalloc.h" #include "packet.h" @@ -195,12 +195,12 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, int client_alive_scheduled = 0; /* - * if using client_alive, set the max timeout accordingly, + * if using client_alive, set the max timeout accordingly, * and indicate that this particular timeout was for client * alive by setting the client_alive_scheduled flag. * * this could be randomized somewhat to make traffic - * analysis more difficult, but we're not doing it yet. + * analysis more difficult, but we're not doing it yet. */ if (compat20 && max_time_milliseconds == 0 && options.client_alive_interval) { @@ -598,7 +598,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) drain_output(); debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.", - stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes); + stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes); /* Free and clear the buffers. */ buffer_free(&stdin_buffer); @@ -738,12 +738,12 @@ static void server_input_channel_failure(int type, int plen, void *ctxt) { debug("Got CHANNEL_FAILURE for keepalive"); - /* + /* * reset timeout, since we got a sane answer from the client. * even if this was generated by something other than * the bogus CHANNEL_REQUEST we send for keepalives. */ - client_alive_timeouts = 0; + client_alive_timeouts = 0; } diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 9256f901e9d..e9978bff72a 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.111 2001/12/06 18:09:23 stevesk Exp $"); +RCSID("$OpenBSD: session.c,v 1.112 2001/12/19 07:18:56 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -208,7 +208,7 @@ do_authenticated1(Authctxt *authctxt) compression_level = packet_get_int(); if (compression_level < 1 || compression_level > 9) { packet_send_debug("Received illegal compression level %d.", - compression_level); + compression_level); break; } /* Enable compression after we have responded with SUCCESS. */ @@ -273,7 +273,7 @@ do_authenticated1(Authctxt *authctxt) if (packet_set_maxsize(packet_get_int()) > 0) success = 1; break; - + #if defined(AFS) || defined(KRB5) case SSH_CMSG_HAVE_KERBEROS_TGT: if (!options.kerberos_tgt_passing) { @@ -281,14 +281,14 @@ do_authenticated1(Authctxt *authctxt) } else { char *kdata = packet_get_string(&dlen); packet_integrity_check(plen, 4 + dlen, type); - + /* XXX - 0x41, see creds_to_radix version */ if (kdata[0] != 0x41) { #ifdef KRB5 krb5_data tgt; tgt.data = kdata; tgt.length = dlen; - + if (auth_krb5_tgt(s->authctxt, &tgt)) success = 1; else @@ -306,7 +306,7 @@ do_authenticated1(Authctxt *authctxt) } break; #endif /* AFS || KRB5 */ - + #ifdef AFS case SSH_CMSG_HAVE_AFS_TOKEN: if (!options.afs_token_passing || !k_hasafs()) { @@ -315,7 +315,7 @@ do_authenticated1(Authctxt *authctxt) /* Accept AFS token. */ char *token = packet_get_string(&dlen); packet_integrity_check(plen, 4 + dlen, type); - + if (auth_afs_token(s->authctxt, token)) success = 1; else @@ -598,7 +598,7 @@ do_login(Session *s, const char *command) if (packet_connection_is_on_socket()) { fromlen = sizeof(from); if (getpeername(packet_get_connection_in(), - (struct sockaddr *) & from, &fromlen) < 0) { + (struct sockaddr *) & from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); fatal_cleanup(); } @@ -687,7 +687,7 @@ check_quietlogin(Session *s, const char *command) */ static void child_set_env(char ***envp, u_int *envsizep, const char *name, - const char *value) + const char *value) { u_int i, namelen; char **env; @@ -728,7 +728,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, */ static void read_environment_file(char ***env, u_int *envsize, - const char *filename) + const char *filename) { FILE *f; char buf[4096]; @@ -910,16 +910,16 @@ do_child(Session *s, const char *command) #ifdef KRB4 if (s->authctxt->krb4_ticket_file) child_set_env(&env, &envsize, "KRBTKFILE", - s->authctxt->krb4_ticket_file); + s->authctxt->krb4_ticket_file); #endif #ifdef KRB5 if (s->authctxt->krb5_ticket_file) child_set_env(&env, &envsize, "KRB5CCNAME", - s->authctxt->krb5_ticket_file); + s->authctxt->krb5_ticket_file); #endif if (auth_get_socket_name() != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, - auth_get_socket_name()); + auth_get_socket_name()); /* read $HOME/.ssh/environment. */ if (!options.use_login) { @@ -982,10 +982,10 @@ do_child(Session *s, const char *command) /* Try to get AFS tokens for the local cell. */ if (k_hasafs()) { char cell[64]; - + if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) krb_afslog(cell, 0); - + krb_afslog(0, 0); } #endif /* AFS */ @@ -1092,7 +1092,7 @@ do_child(Session *s, const char *command) /* Launch login(1). */ execl("/usr/bin/login", "login", "-h", hostname, - "-p", "-f", "--", pw->pw_name, (char *)NULL); + "-p", "-f", "--", pw->pw_name, (char *)NULL); /* Login couldn't be executed, die. */ @@ -1120,12 +1120,12 @@ session_new(void) static int did_init = 0; if (!did_init) { debug("session_new: init"); - for(i = 0; i < MAX_SESSIONS; i++) { + for (i = 0; i < MAX_SESSIONS; i++) { sessions[i].used = 0; } did_init = 1; } - for(i = 0; i < MAX_SESSIONS; i++) { + for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; if (! s->used) { memset(s, 0, sizeof(*s)); @@ -1145,7 +1145,7 @@ static void session_dump(void) { int i; - for(i = 0; i < MAX_SESSIONS; i++) { + for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; debug("dump: used %d session %d %p channel %d pid %d", s->used, @@ -1178,7 +1178,7 @@ static Session * session_by_channel(int id) { int i; - for(i = 0; i < MAX_SESSIONS; i++) { + for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; if (s->used && s->chanid == id) { debug("session_by_channel: session %d channel %d", i, id); @@ -1195,7 +1195,7 @@ session_by_pid(pid_t pid) { int i; debug("session_by_pid: pid %d", pid); - for(i = 0; i < MAX_SESSIONS; i++) { + for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; if (s->used && s->pid == pid) return s; @@ -1598,9 +1598,9 @@ void session_destroy_all(void) { int i; - for(i = 0; i < MAX_SESSIONS; i++) { + for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; - if (s->used) + if (s->used) session_close(s); } } @@ -1611,7 +1611,7 @@ session_tty_list(void) static char buf[1024]; int i; buf[0] = '\0'; - for(i = 0; i < MAX_SESSIONS; i++) { + for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; if (s->used && s->ttyfd != -1) { if (buf[0] != '\0') diff --git a/usr.bin/ssh/sftp-client.c b/usr.bin/ssh/sftp-client.c index da30ac7e8c6..527d23b4f1d 100644 --- a/usr.bin/ssh/sftp-client.c +++ b/usr.bin/ssh/sftp-client.c @@ -29,7 +29,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.18 2001/07/14 15:10:16 stevesk Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $"); #include "buffer.h" #include "bufaux.h" @@ -308,9 +308,8 @@ do_lsreaddir(int fd_in, int fd_out, char *path, int printflag, *dir = xmalloc(sizeof(**dir)); (*dir)[0] = NULL; } - - for(;;) { + for (;;) { int count; id = expected_id = msg_id++; @@ -356,7 +355,7 @@ do_lsreaddir(int fd_in, int fd_out, char *path, int printflag, if (count == 0) break; debug3("Received %d SSH2_FXP_NAME responses", count); - for(i = 0; i < count; i++) { + for (i = 0; i < count; i++) { char *filename, *longname; Attrib *a; @@ -404,8 +403,8 @@ do_readdir(int fd_in, int fd_out, char *path, SFTP_DIRENT ***dir) void free_sftp_dirents(SFTP_DIRENT **s) { int i; - - for(i = 0; s[i]; i++) { + + for (i = 0; s[i]; i++) { xfree(s[i]->filename); xfree(s[i]->longname); xfree(s[i]); @@ -726,7 +725,7 @@ do_download(int fd_in, int fd_out, char *remote_path, char *local_path, /* Read from remote and write to local */ offset = 0; - for(;;) { + for (;;) { u_int len; char *data; @@ -758,7 +757,7 @@ do_download(int fd_in, int fd_out, char *remote_path, char *local_path, else { error("Couldn't read from remote " "file \"%s\" : %s", remote_path, - fx2txt(status)); + fx2txt(status)); do_close(fd_in, fd_out, handle, handle_len); goto done; } @@ -864,7 +863,7 @@ do_upload(int fd_in, int fd_out, char *local_path, char *remote_path, /* Read from local and write to remote */ offset = 0; - for(;;) { + for (;;) { int len; char data[COPY_SIZE]; diff --git a/usr.bin/ssh/sftp-glob.c b/usr.bin/ssh/sftp-glob.c index 048c9f6be12..607a8972784 100644 --- a/usr.bin/ssh/sftp-glob.c +++ b/usr.bin/ssh/sftp-glob.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-glob.c,v 1.8 2001/07/14 15:10:17 stevesk Exp $"); +RCSID("$OpenBSD: sftp-glob.c,v 1.9 2001/12/19 07:18:56 deraadt Exp $"); #include <glob.h> @@ -51,9 +51,9 @@ static void * fudge_opendir(const char *path) { struct SFTP_OPENDIR *r; - + r = xmalloc(sizeof(*r)); - + if (do_readdir(cur.fd_in, cur.fd_out, (char*)path, &r->dir)) return(NULL); @@ -66,7 +66,7 @@ static struct dirent * fudge_readdir(struct SFTP_OPENDIR *od) { static struct dirent ret; - + if (od->dir[od->offset] == NULL) return(NULL); @@ -88,7 +88,7 @@ static void attrib_to_stat(Attrib *a, struct stat *st) { memset(st, 0, sizeof(*st)); - + if (a->flags & SSH2_FILEXFER_ATTR_SIZE) st->st_size = a->size; if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { @@ -107,12 +107,12 @@ static int fudge_lstat(const char *path, struct stat *st) { Attrib *a; - + if (!(a = do_lstat(cur.fd_in, cur.fd_out, (char*)path, 0))) return(-1); - + attrib_to_stat(a, st); - + return(0); } @@ -120,12 +120,12 @@ static int fudge_stat(const char *path, struct stat *st) { Attrib *a; - + if (!(a = do_stat(cur.fd_in, cur.fd_out, (char*)path, 0))) return(-1); - + attrib_to_stat(a, st); - + return(0); } @@ -138,7 +138,7 @@ remote_glob(int fd_in, int fd_out, const char *pattern, int flags, pglob->gl_closedir = (void (*)(void *))fudge_closedir; pglob->gl_lstat = fudge_lstat; pglob->gl_stat = fudge_stat; - + memset(&cur, 0, sizeof(cur)); cur.fd_in = fd_in; cur.fd_out = fd_out; diff --git a/usr.bin/ssh/sftp-int.c b/usr.bin/ssh/sftp-int.c index 637cff1e52a..12a350c7b6c 100644 --- a/usr.bin/ssh/sftp-int.c +++ b/usr.bin/ssh/sftp-int.c @@ -26,7 +26,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.40 2001/08/14 09:23:02 markus Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.41 2001/12/19 07:18:56 deraadt Exp $"); #include <glob.h> @@ -207,7 +207,7 @@ path_append(char *p1, char *p2) ret = xmalloc(len); strlcpy(ret, p1, len); - if (strcmp(p1, "/") != 0) + if (strcmp(p1, "/") != 0) strlcat(ret, "/", len); strlcat(ret, p2, len); @@ -395,7 +395,7 @@ process_get(int in, int out, char *src, char *dst, char *pwd, int pflag) goto out; } - for(i = 0; g.gl_pathv[i]; i++) { + for (i = 0; g.gl_pathv[i]; i++) { if (infer_path(g.gl_pathv[i], &tmp)) { err = -1; goto out; @@ -477,7 +477,7 @@ process_put(int in, int out, char *src, char *dst, char *pwd, int pflag) goto out; } - for(i = 0; g.gl_pathv[i]; i++) { + for (i = 0; g.gl_pathv[i]; i++) { if (infer_path(g.gl_pathv[i], &tmp)) { err = -1; goto out; @@ -519,7 +519,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg, return(-1); /* Figure out which command we have */ - for(i = 0; cmds[i].c; i++) { + for (i = 0; cmds[i].c; i++) { int cmdlen = strlen(cmds[i].c); /* Check for command followed by whitespace */ @@ -690,7 +690,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd) case I_RM: path1 = make_absolute(path1, *pwd); remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g); - for(i = 0; g.gl_pathv[i]; i++) { + for (i = 0; g.gl_pathv[i]; i++) { printf("Removing %s\n", g.gl_pathv[i]); if (do_rm(in, out, g.gl_pathv[i]) == -1) err = -1; @@ -783,7 +783,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd) a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; a.perm = n_arg; remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g); - for(i = 0; g.gl_pathv[i]; i++) { + for (i = 0; g.gl_pathv[i]; i++) { printf("Changing mode on %s\n", g.gl_pathv[i]); do_setstat(in, out, g.gl_pathv[i], &a); } @@ -791,7 +791,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd) case I_CHOWN: path1 = make_absolute(path1, *pwd); remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g); - for(i = 0; g.gl_pathv[i]; i++) { + for (i = 0; g.gl_pathv[i]; i++) { if (!(aa = do_stat(in, out, g.gl_pathv[i], 0))) continue; if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { @@ -808,7 +808,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd) case I_CHGRP: path1 = make_absolute(path1, *pwd); remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g); - for(i = 0; g.gl_pathv[i]; i++) { + for (i = 0; g.gl_pathv[i]; i++) { if (!(aa = do_stat(in, out, g.gl_pathv[i], 0))) continue; if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) { @@ -896,7 +896,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2) setvbuf(stdout, NULL, _IOLBF, 0); setvbuf(infile, NULL, _IOLBF, 0); - for(;;) { + for (;;) { char *cp; printf("sftp> "); diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c index 7f442f86f07..6475d60d604 100644 --- a/usr.bin/ssh/sftp-server.c +++ b/usr.bin/ssh/sftp-server.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.30 2001/07/31 12:42:50 jakob Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $"); #include "buffer.h" #include "bufaux.h" @@ -138,7 +138,7 @@ handle_init(void) { int i; - for(i = 0; i < sizeof(handles)/sizeof(Handle); i++) + for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) handles[i].use = HANDLE_UNUSED; } @@ -147,7 +147,7 @@ handle_new(int use, char *name, int fd, DIR *dirp) { int i; - for(i = 0; i < sizeof(handles)/sizeof(Handle); i++) { + for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) { if (handles[i].use == HANDLE_UNUSED) { handles[i].use = use; handles[i].dirp = dirp; @@ -751,7 +751,7 @@ process_readdir(void) } if (count > 0) { send_names(id, count, stats); - for(i = 0; i < count; i++) { + for (i = 0; i < count; i++) { xfree(stats[i].name); xfree(stats[i].long_name); } @@ -877,7 +877,7 @@ process_readlink(void) send_status(id, errno_to_portable(errno)); else { Stat s; - + link[len] = '\0'; attrib_clear(&s.attrib); s.name = s.long_name = link; diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c index 3724380e1cd..faa2383b712 100644 --- a/usr.bin/ssh/sftp.c +++ b/usr.bin/ssh/sftp.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.21 2001/09/19 19:24:19 stevesk Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.22 2001/12/19 07:18:56 deraadt Exp $"); /* XXX: commandline mode */ /* XXX: short-form remote directory listings (like 'ls -C') */ @@ -107,7 +107,7 @@ main(int argc, char **argv) extern char *optarg; args.list = NULL; - addargs(&args, "ssh"); /* overwritten with ssh_program */ + addargs(&args, "ssh"); /* overwritten with ssh_program */ addargs(&args, "-oFallBackToRsh no"); addargs(&args, "-oForwardX11 no"); addargs(&args, "-oForwardAgent no"); @@ -188,7 +188,7 @@ main(int argc, char **argv) addargs(&args, "-oProtocol %d", sshver); /* no subsystem if the server-spec contains a '/' */ - if (sftp_server == NULL || strchr(sftp_server, '/') == NULL) + if (sftp_server == NULL || strchr(sftp_server, '/') == NULL) addargs(&args, "-s"); addargs(&args, "%s", host); diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index 7d284d27be0..f51ff7ee231 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.46 2001/10/02 08:38:50 djm Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.47 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/evp.h> @@ -84,7 +84,7 @@ delete_file(AuthenticationConnection *ac, const char *filename) key_free(public); xfree(comment); - + return ret; } @@ -154,7 +154,7 @@ add_file(AuthenticationConnection *ac, const char *filename) xfree(comment); key_free(private); - + return ret; } @@ -163,11 +163,11 @@ update_card(AuthenticationConnection *ac, int add, const char *id) { if (ssh_update_card(ac, add, id)) { fprintf(stderr, "Card %s: %s\n", - add ? "added" : "removed", id); + add ? "added" : "removed", id); return 0; } else { fprintf(stderr, "Could not %s card: %s\n", - add ? "add" : "remove", id); + add ? "add" : "remove", id); return -1; } } @@ -182,8 +182,8 @@ list_identities(AuthenticationConnection *ac, int do_fp) for (version = 1; version <= 2; version++) { for (key = ssh_get_first_identity(ac, &comment, version); - key != NULL; - key = ssh_get_next_identity(ac, &comment, version)) { + key != NULL; + key = ssh_get_next_identity(ac, &comment, version)) { had_identities = 1; if (do_fp) { fp = key_fingerprint(key, SSH_FP_MD5, @@ -238,7 +238,7 @@ main(int argc, char **argv) fprintf(stderr, "Could not open a connection to your authentication agent.\n"); exit(1); } - while ((ch = getopt(argc, argv, "lLdDe:s:")) != -1) { + while ((ch = getopt(argc, argv, "lLdDe:s:")) != -1) { switch (ch) { case 'l': case 'L': @@ -257,7 +257,7 @@ main(int argc, char **argv) sc_reader_id = optarg; break; case 'e': - deleting = 1; + deleting = 1; sc_reader_id = optarg; break; default: diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index c209d69fbd3..b799f31c3d3 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -453,7 +453,7 @@ process_add_smartcard_key (SocketEntry *e) Key *n = NULL, *k = NULL; char *sc_reader_id = NULL; int success = 0; - + sc_reader_id = buffer_get_string(&e->input, NULL); k = sc_get_key(sc_reader_id); xfree(sc_reader_id); @@ -611,10 +611,10 @@ process_message(SocketEntry *e) #ifdef SMARTCARD case SSH_AGENTC_ADD_SMARTCARD_KEY: process_add_smartcard_key(e); - break; + break; case SSH_AGENTC_REMOVE_SMARTCARD_KEY: process_remove_smartcard_key(e); - break; + break; #endif /* SMARTCARD */ default: /* Unknown message. Respond with failure. */ diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index cc5b5745679..894070d2d0f 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.85 2001/12/05 10:06:12 deraadt Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.86 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -666,7 +666,7 @@ do_change_passphrase(struct passwd *pw) read_passphrase("Enter new passphrase (empty for no " "passphrase): ", RP_ALLOW_STDIN); passphrase2 = read_passphrase("Enter same passphrase again: ", - RP_ALLOW_STDIN); + RP_ALLOW_STDIN); /* Verify that they are the same. */ if (strcmp(passphrase1, passphrase2) != 0) { @@ -744,7 +744,7 @@ do_change_comment(struct passwd *pw) fprintf(stderr, "Comments are only supported for RSA1 keys.\n"); key_free(private); exit(1); - } + } printf("Key now has comment '%s'\n", comment); if (identity_comment) { diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index fce36e2665c..bed8a775ddc 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.150 2001/11/30 20:39:28 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.151 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -472,7 +472,7 @@ again: fwd_host_port); else if (opt == 'R') add_remote_forward(&options, fwd_port, buf, - fwd_host_port); + fwd_host_port); break; case 'D': @@ -1130,8 +1130,8 @@ ssh_session2_open(void) channel_send_open(c->self); if (!no_shell_flag) channel_register_callback(c->self, - SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, - ssh_session2_setup, (void *)0); + SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, + ssh_session2_setup, (void *)0); return c->self; } diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index bf217dd92aa..c9dd5b954e1 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.117 2001/12/06 18:02:32 stevesk Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.118 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/bn.h> @@ -105,7 +105,7 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw, /* Create pipes for communicating with the proxy. */ if (pipe(pin) < 0 || pipe(pout) < 0) fatal("Could not create pipes to communicate with the proxy: %.100s", - strerror(errno)); + strerror(errno)); debug("Executing proxy command: %.500s", command_string); @@ -254,7 +254,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, int full_failure = 1; debug("ssh_connect: getuid %u geteuid %u anon %d", - (u_int) getuid(), (u_int) geteuid(), anonymous); + (u_int) getuid(), (u_int) geteuid(), anonymous); /* Get default port if port has not been set. */ if (port == 0) { @@ -420,7 +420,7 @@ ssh_exchange_identification(void) &remote_major, &remote_minor, remote_version) != 3) fatal("Bad remote protocol version identification: '%.100s'", buf); debug("Remote protocol version %d.%d, remote software version %.100s", - remote_major, remote_minor, remote_version); + remote_major, remote_minor, remote_version); compat_datafellows(remote_version); mismatch = 0; @@ -608,7 +608,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, */ host_file = user_hostfile; host_status = check_host_in_hostfile(host_file, host, host_key, - file_key, &host_line); + file_key, &host_line); if (host_status == HOST_NEW) { host_file = system_hostfile; host_status = check_host_in_hostfile(host_file, host, host_key, @@ -651,7 +651,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, "'%.128s' not in list of known hosts.", type, ip); else if (!add_host_to_hostfile(user_hostfile, ip, - host_key)) + host_key)) log("Failed to add the %s host key for IP " "address '%.128s' to the list of known " "hosts (%.30s).", type, ip, user_hostfile); @@ -777,7 +777,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, error("Port forwarding is disabled to avoid " "man-in-the-middle attacks."); options.num_local_forwards = - options.num_remote_forwards = 0; + options.num_remote_forwards = 0; } /* * XXX Should permit the user to change to use the new id. @@ -801,7 +801,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, error("Exiting, you have requested strict checking."); goto fail; } else if (options.strict_host_key_checking == 2) { - if (!confirm("Are you sure you want " + if (!confirm("Are you sure you want " "to continue connecting (yes/no)? ")) { goto fail; } diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index d6b86235296..2829ca5a7da 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.41 2001/10/06 11:18:19 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.42 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/bn.h> #include <openssl/evp.h> @@ -80,8 +80,8 @@ try_agent_authentication(void) /* Loop through identities served by the agent. */ for (key = ssh_get_first_identity(auth, &comment, 1); - key != NULL; - key = ssh_get_next_identity(auth, &comment, 1)) { + key != NULL; + key = ssh_get_next_identity(auth, &comment, 1)) { /* Try this identity. */ debug("Trying RSA authentication via agent with '%.100s'", comment); @@ -400,10 +400,10 @@ try_krb4_authentication(void) /* Don't do anything if we don't have any tickets. */ if (stat(tkt_string(), &st) < 0) return 0; - + strlcpy(inst, (char *)krb_get_phost(get_canonical_hostname(1)), INST_SZ); - + realm = (char *)krb_realmofhost(get_canonical_hostname(1)); if (!realm) { debug("Kerberos v4: no realm for %s", get_canonical_hostname(1)); @@ -411,7 +411,7 @@ try_krb4_authentication(void) } /* This can really be anything. */ checksum = (u_long)getpid(); - + r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum); if (r != KSUCCESS) { debug("Kerberos v4 krb_mk_req failed: %s", krb_err_txt[r]); @@ -424,22 +424,22 @@ try_krb4_authentication(void) return 0; } des_key_sched((des_cblock *) cred.session, schedule); - + /* Send authentication info to server. */ packet_start(SSH_CMSG_AUTH_KERBEROS); packet_put_string((char *) auth.dat, auth.length); packet_send(); packet_write_wait(); - + /* Zero the buffer. */ (void) memset(auth.dat, 0, MAX_KTXT_LEN); - + slen = sizeof(local); memset(&local, 0, sizeof(local)); if (getsockname(packet_get_connection_in(), (struct sockaddr *)&local, &slen) < 0) debug("getsockname failed: %s", strerror(errno)); - + slen = sizeof(foreign); memset(&foreign, 0, sizeof(foreign)); if (getpeername(packet_get_connection_in(), @@ -455,18 +455,18 @@ try_krb4_authentication(void) debug("Kerberos v4 authentication failed."); return 0; break; - + case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ debug("Kerberos v4 authentication accepted."); - + /* Get server's response. */ reply = packet_get_string((u_int *) &auth.length); memcpy(auth.dat, reply, auth.length); xfree(reply); - + packet_integrity_check(plen, 4 + auth.length, type); - + /* * If his response isn't properly encrypted with the session * key, and the decrypted checksum fails to match, he's @@ -483,7 +483,7 @@ try_krb4_authentication(void) memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum)); cksum = ntohl(cksum); - + /* If it matches, we're golden. */ if (cksum == checksum + 1) { debug("Kerberos v4 challenge successful."); @@ -491,7 +491,7 @@ try_krb4_authentication(void) } else packet_disconnect("Kerberos v4 challenge failed!"); break; - + default: packet_disconnect("Protocol error on Kerberos v4 response: %d", type); } @@ -513,26 +513,26 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) int type, payload_len; krb5_ap_rep_enc_part *reply = NULL; int ret; - + memset(&ap, 0, sizeof(ap)); - + problem = krb5_init_context(context); if (problem) { debug("Kerberos v5: krb5_init_context failed"); ret = 0; goto out; } - + tkfile = krb5_cc_default_name(*context); if (strncmp(tkfile, "FILE:", 5) == 0) tkfile += 5; - + if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) { debug("Kerberos v5: could not get default ccache (permission denied)."); ret = 0; goto out; } - + problem = krb5_cc_default(*context, &ccache); if (problem) { debug("Kerberos v5: krb5_cc_default failed: %s", @@ -540,9 +540,9 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) ret = 0; goto out; } - + remotehost = get_canonical_hostname(1); - + problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED, "host", remotehost, NULL, ccache, &ap); if (problem) { @@ -551,48 +551,48 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) ret = 0; goto out; } - + packet_start(SSH_CMSG_AUTH_KERBEROS); packet_put_string((char *) ap.data, ap.length); packet_send(); packet_write_wait(); - + xfree(ap.data); ap.length = 0; - + type = packet_read(&payload_len); switch (type) { - case SSH_SMSG_FAILURE: - /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ - debug("Kerberos v5 authentication failed."); - ret = 0; - break; - + case SSH_SMSG_FAILURE: + /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ + debug("Kerberos v5 authentication failed."); + ret = 0; + break; + case SSH_SMSG_AUTH_KERBEROS_RESPONSE: - /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ - debug("Kerberos v5 authentication accepted."); - - /* Get server's response. */ - ap.data = packet_get_string((unsigned int *) &ap.length); - - packet_integrity_check(payload_len, 4 + ap.length, type); - /* XXX je to dobre? */ - - problem = krb5_rd_rep(*context, *auth_context, &ap, &reply); - if (problem) { + /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ + debug("Kerberos v5 authentication accepted."); + + /* Get server's response. */ + ap.data = packet_get_string((unsigned int *) &ap.length); + + packet_integrity_check(payload_len, 4 + ap.length, type); + /* XXX je to dobre? */ + + problem = krb5_rd_rep(*context, *auth_context, &ap, &reply); + if (problem) { ret = 0; } ret = 1; break; - + default: packet_disconnect("Protocol error on Kerberos v5 response: %d", type); ret = 0; break; - + } - + out: if (ccache != NULL) krb5_cc_close(*context, ccache); @@ -600,7 +600,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context) krb5_free_ap_rep_enc_part(*context, reply); if (ap.length > 0) krb5_data_free(&ap); - + return (ret); } @@ -614,62 +614,62 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context) krb5_creds creds; krb5_kdc_flags flags; const char *remotehost; - + memset(&creds, 0, sizeof(creds)); memset(&outbuf, 0, sizeof(outbuf)); - + fd = packet_get_connection_in(); - + problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd); if (problem) goto out; - + problem = krb5_cc_default(context, &ccache); if (problem) goto out; - + problem = krb5_cc_get_principal(context, ccache, &creds.client); if (problem) goto out; - + problem = krb5_build_principal(context, &creds.server, strlen(creds.client->realm), creds.client->realm, "krbtgt", creds.client->realm, NULL); if (problem) goto out; - + creds.times.endtime = 0; - + flags.i = 0; flags.b.forwarded = 1; flags.b.forwardable = krb5_config_get_bool(context, NULL, "libdefaults", "forwardable", NULL); - + remotehost = get_canonical_hostname(1); - + problem = krb5_get_forwarded_creds(context, auth_context, ccache, flags.i, remotehost, &creds, &outbuf); if (problem) goto out; - + packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); packet_put_string((char *)outbuf.data, outbuf.length); packet_send(); packet_write_wait(); - + type = packet_read(&payload_len); - + if (type == SSH_SMSG_SUCCESS) { char *pname; - + krb5_unparse_name(context, creds.client, &pname); debug("Kerberos v5 TGT forwarded (%s).", pname); xfree(pname); } else debug("Kerberos v5 TGT forwarding failed."); - + return; - + out: if (problem) debug("Kerberos v5 TGT forwarding failed: %s", @@ -693,44 +693,44 @@ send_krb4_tgt(void) struct stat st; char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; int problem, type, len; - + /* Don't do anything if we don't have any tickets. */ if (stat(tkt_string(), &st) < 0) return; - + creds = xmalloc(sizeof(*creds)); - + problem = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm); if (problem) goto out; - + problem = krb_get_cred("krbtgt", prealm, prealm, creds); if (problem) goto out; - + if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) { problem = RD_AP_EXP; goto out; } creds_to_radix(creds, (u_char *)buffer, sizeof(buffer)); - + packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); packet_put_cstring(buffer); packet_send(); packet_write_wait(); - + type = packet_read(&len); - + if (type == SSH_SMSG_SUCCESS) debug("Kerberos v4 TGT forwarded (%s%s%s@%s).", creds->pname, creds->pinst[0] ? "." : "", creds->pinst, creds->realm); else debug("Kerberos v4 TGT rejected."); - + xfree(creds); return; - + out: debug("Kerberos v4 TGT passing failed: %s", krb_err_txt[problem]); xfree(creds); @@ -745,7 +745,7 @@ send_afs_tokens(void) int i, type, len; char buf[2048], *p, *server_cell; char buffer[8192]; - + /* Move over ktc_GetToken, here's something leaner. */ for (i = 0; i < 100; i++) { /* just in case */ parms.in = (char *) &i; @@ -755,7 +755,7 @@ send_afs_tokens(void) if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break; p = buf; - + /* Get secret token. */ memcpy(&creds.ticket_st.length, p, sizeof(u_int)); if (creds.ticket_st.length > MAX_KTXT_LEN) @@ -763,7 +763,7 @@ send_afs_tokens(void) p += sizeof(u_int); memcpy(creds.ticket_st.dat, p, creds.ticket_st.length); p += creds.ticket_st.length; - + /* Get clear token. */ memcpy(&len, p, sizeof(len)); if (len != sizeof(struct ClearToken)) @@ -773,7 +773,7 @@ send_afs_tokens(void) p += len; p += sizeof(len); /* primary flag */ server_cell = p; - + /* Flesh out our credentials. */ strlcpy(creds.service, "afs", sizeof(creds.service)); creds.instance[0] = '\0'; @@ -785,7 +785,7 @@ send_afs_tokens(void) creds.kvno = ct.AuthHandle; snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId); creds.pinst[0] = '\0'; - + /* Encode token, ship it off. */ if (creds_to_radix(&creds, (u_char *)buffer, sizeof(buffer)) <= 0) @@ -798,7 +798,7 @@ send_afs_tokens(void) /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */ type = packet_read(&len); - + if (type == SSH_SMSG_FAILURE) debug("AFS token for cell %s rejected.", server_cell); else if (type != SSH_SMSG_SUCCESS) @@ -842,7 +842,7 @@ try_challenge_response_authentication(void) challenge = packet_get_string(&clen); packet_integrity_check(payload_len, (4 + clen), type); snprintf(prompt, sizeof prompt, "%s%s", challenge, - strchr(challenge, '\n') ? "" : "\nResponse: "); + strchr(challenge, '\n') ? "" : "\nResponse: "); xfree(challenge); if (i != 0) error("Permission denied, please try again."); @@ -974,11 +974,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr) supported_authentications = packet_get_int(); debug("Received server public key (%d bits) and host key (%d bits).", - BN_num_bits(public_key->n), BN_num_bits(host_key->n)); + BN_num_bits(public_key->n), BN_num_bits(host_key->n)); packet_integrity_check(payload_len, - 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, - SSH_SMSG_PUBLIC_KEY); + 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, + SSH_SMSG_PUBLIC_KEY); k.type = KEY_RSA1; k.rsa = host_key; if (verify_host_key(host, hostaddr, &k) == -1) @@ -1027,10 +1027,10 @@ ssh_kex(char *host, struct sockaddr *hostaddr) if (BN_num_bits(host_key->n) < BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) { fatal("respond_to_rsa_challenge: host_key %d < public_key %d + " - "SSH_KEY_BITS_RESERVED %d", - BN_num_bits(host_key->n), - BN_num_bits(public_key->n), - SSH_KEY_BITS_RESERVED); + "SSH_KEY_BITS_RESERVED %d", + BN_num_bits(host_key->n), + BN_num_bits(public_key->n), + SSH_KEY_BITS_RESERVED); } rsa_public_encrypt(key, key, public_key); rsa_public_encrypt(key, key, host_key); @@ -1039,10 +1039,10 @@ ssh_kex(char *host, struct sockaddr *hostaddr) if (BN_num_bits(public_key->n) < BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) { fatal("respond_to_rsa_challenge: public_key %d < host_key %d + " - "SSH_KEY_BITS_RESERVED %d", - BN_num_bits(public_key->n), - BN_num_bits(host_key->n), - SSH_KEY_BITS_RESERVED); + "SSH_KEY_BITS_RESERVED %d", + BN_num_bits(public_key->n), + BN_num_bits(host_key->n), + SSH_KEY_BITS_RESERVED); } rsa_public_encrypt(key, key, host_key); rsa_public_encrypt(key, key, public_key); @@ -1064,7 +1064,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr) /* Check that the selected cipher is supported. */ if (!(supported_ciphers & (1 << options.cipher))) fatal("Selected cipher type %.100s not supported by server.", - cipher_name(options.cipher)); + cipher_name(options.cipher)); debug("Encryption type: %.100s", cipher_name(options.cipher)); @@ -1117,7 +1117,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, #endif int i, type; int payload_len; - + if (supported_authentications == 0) fatal("ssh_userauth1: server supports no auth methods"); @@ -1139,12 +1139,12 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, goto success; if (type != SSH_SMSG_FAILURE) packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); - + #ifdef KRB5 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && - options.kerberos_authentication) { + options.kerberos_authentication) { debug("Trying Kerberos v5 authentication."); - + if (try_krb5_authentication(&context, &auth_context)) { type = packet_read(&payload_len); if (type == SSH_SMSG_SUCCESS) @@ -1154,12 +1154,12 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, } } #endif /* KRB5 */ - + #ifdef KRB4 if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && options.kerberos_authentication) { debug("Trying Kerberos v4 authentication."); - + if (try_krb4_authentication()) { type = packet_read(&payload_len); if (type == SSH_SMSG_SUCCESS) @@ -1169,7 +1169,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, } } #endif /* KRB4 */ - + /* * Use rhosts authentication if running in privileged socket and we * do not wish to remain anonymous. @@ -1254,7 +1254,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host, if (context) krb5_free_context(context); #endif - + #ifdef AFS /* Try Kerberos v4 TGT passing if the server supports it. */ if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 514637f2df0..8689da08706 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.87 2001/12/05 10:06:13 deraadt Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.88 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; } if (options.hostkeyalgorithms != NULL) - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.hostkeyalgorithms; /* start key exchange */ @@ -613,7 +613,7 @@ load_identity_file(char *filename) if (options.batch_mode) return NULL; snprintf(prompt, sizeof prompt, - "Enter passphrase for key '%.100s': ", filename); + "Enter passphrase for key '%.100s': ", filename); for (i = 0; i < options.number_of_password_prompts; i++) { passphrase = read_passphrase(prompt, 0); if (strcmp(passphrase, "") != 0) { @@ -646,7 +646,7 @@ identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp, return -1; /* private key is stored in external hardware */ - if (options.identity_keys[idx]->flags & KEY_FLAG_EXT) + if (options.identity_keys[idx]->flags & KEY_FLAG_EXT) return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen); private = load_identity_file(options.identity_files[idx]); diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index 4560ba38069..1051b31be5f 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.156 2001/12/06 13:30:06 markus Exp $ +.\" $OpenBSD: sshd.8,v 1.157 2001/12/19 07:18:56 deraadt Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -253,7 +253,7 @@ authentication, and termination of each connection is logged. .It Fl t Test mode. Only check the validity of the configuration file and sanity of the keys. -This is useful for updating +This is useful for updating .Nm reliably as configuration options may change. .It Fl u Ar len diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 67d4cb9d346..8ec6b764674 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.216 2001/12/10 16:45:04 stevesk Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.217 2001/12/19 07:18:56 deraadt Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -390,7 +390,7 @@ sshd_exchange_identification(int sock_in, int sock_out) fatal_cleanup(); } debug("Client protocol version %d.%d; client software version %.100s", - remote_major, remote_minor, remote_version); + remote_major, remote_minor, remote_version); compat_datafellows(remote_version); @@ -458,7 +458,7 @@ destroy_sensitive_data(void) key_free(sensitive_data.server_key); sensitive_data.server_key = NULL; } - for(i = 0; i < options.num_host_key_files; i++) { + for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { key_free(sensitive_data.host_keys[i]); sensitive_data.host_keys[i] = NULL; @@ -474,7 +474,7 @@ list_hostkey_types(void) static char buf[1024]; int i; buf[0] = '\0'; - for(i = 0; i < options.num_host_key_files; i++) { + for (i = 0; i < options.num_host_key_files; i++) { Key *key = sensitive_data.host_keys[i]; if (key == NULL) continue; @@ -497,7 +497,7 @@ static Key * get_hostkey_by_type(int type) { int i; - for(i = 0; i < options.num_host_key_files; i++) { + for (i = 0; i < options.num_host_key_files; i++) { Key *key = sensitive_data.host_keys[i]; if (key != NULL && key->type == type) return key; @@ -674,9 +674,9 @@ main(int ac, char **av) utmp_len = atoi(optarg); break; case 'o': - if (process_server_config_line(&options, optarg, + if (process_server_config_line(&options, optarg, "command-line", 0) != 0) - exit(1); + exit(1); break; case '?': default: @@ -712,14 +712,14 @@ main(int ac, char **av) /* load private host keys */ sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*)); - for(i = 0; i < options.num_host_key_files; i++) + for (i = 0; i < options.num_host_key_files; i++) sensitive_data.host_keys[i] = NULL; sensitive_data.server_key = NULL; sensitive_data.ssh1_host_key = NULL; sensitive_data.have_ssh1_key = 0; sensitive_data.have_ssh2_key = 0; - for(i = 0; i < options.num_host_key_files; i++) { + for (i = 0; i < options.num_host_key_files; i++) { key = key_load_private(options.host_key_files[i], "", NULL); sensitive_data.host_keys[i] = key; if (key == NULL) { @@ -816,7 +816,7 @@ main(int ac, char **av) /* Chdir to the root directory so that the current disk can be unmounted if desired. */ chdir("/"); - + /* ignore SIGPIPE */ signal(SIGPIPE, SIG_IGN); diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index 085ee14fe16..4e0e0661e8c 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $ +# $OpenBSD: sshd_config,v 1.43 2001/12/19 07:18:56 deraadt Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. @@ -48,7 +48,7 @@ HostbasedAuthentication no PasswordAuthentication yes PermitEmptyPasswords no -# Uncomment to disable s/key passwords +# Uncomment to disable s/key passwords #ChallengeResponseAuthentication no # To change Kerberos options diff --git a/usr.bin/ssh/sshlogin.c b/usr.bin/ssh/sshlogin.c index a8a76c6156d..c6e2ad4fe27 100644 --- a/usr.bin/ssh/sshlogin.c +++ b/usr.bin/ssh/sshlogin.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshlogin.c,v 1.2 2001/03/24 16:43:27 stevesk Exp $"); +RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $"); #include <util.h> #include <utmp.h> @@ -86,7 +86,7 @@ get_last_login_time(uid_t uid, const char *logname, void record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, - const char *host, struct sockaddr * addr) + const char *host, struct sockaddr * addr) { int fd; struct lastlog ll; diff --git a/usr.bin/ssh/sshpty.c b/usr.bin/ssh/sshpty.c index ef47fe4394c..b21d3cc1769 100644 --- a/usr.bin/ssh/sshpty.c +++ b/usr.bin/ssh/sshpty.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshpty.c,v 1.3 2001/07/22 21:32:27 markus Exp $"); +RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $"); #include <util.h> #include "sshpty.h" @@ -131,7 +131,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) *ttyfd = open(name, O_RDWR | O_NOCTTY); if (*ttyfd < 0) { error("Could not open pty slave side %.100s: %.100s", - name, strerror(errno)); + name, strerror(errno)); close(*ptyfd); return 0; } @@ -224,7 +224,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) fd = open(_PATH_TTY, O_WRONLY); if (fd < 0) error("open /dev/tty failed - could not set controlling tty: %.100s", - strerror(errno)); + strerror(errno)); else { close(fd); } @@ -234,7 +234,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) void pty_change_window_size(int ptyfd, int row, int col, - int xpixel, int ypixel) + int xpixel, int ypixel) { struct winsize w; w.ws_row = row; @@ -273,15 +273,15 @@ pty_setowner(struct passwd *pw, const char *ttyname) if (st.st_uid != pw->pw_uid || st.st_gid != gid) { if (chown(ttyname, pw->pw_uid, gid) < 0) { - if (errno == EROFS && + if (errno == EROFS && (st.st_uid == pw->pw_uid || st.st_uid == 0)) error("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, - strerror(errno)); + ttyname, pw->pw_uid, gid, + strerror(errno)); else fatal("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, - strerror(errno)); + ttyname, pw->pw_uid, gid, + strerror(errno)); } } @@ -290,10 +290,10 @@ pty_setowner(struct passwd *pw, const char *ttyname) if (errno == EROFS && (st.st_mode & (S_IRGRP | S_IROTH)) == 0) error("chmod(%.100s, 0%o) failed: %.100s", - ttyname, mode, strerror(errno)); + ttyname, mode, strerror(errno)); else fatal("chmod(%.100s, 0%o) failed: %.100s", - ttyname, mode, strerror(errno)); + ttyname, mode, strerror(errno)); } } } diff --git a/usr.bin/ssh/sshtty.c b/usr.bin/ssh/sshtty.c index 78498908fc6..eed8cfdc21b 100644 --- a/usr.bin/ssh/sshtty.c +++ b/usr.bin/ssh/sshtty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshtty.c,v 1.1 2001/04/14 16:33:20 stevesk Exp $ */ +/* $OpenBSD: sshtty.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -46,7 +46,7 @@ static int _in_raw_mode = 0; int in_raw_mode(void) { - return _in_raw_mode; + return _in_raw_mode; } struct termios diff --git a/usr.bin/ssh/ttymodes.c b/usr.bin/ssh/ttymodes.c index c0bb0b1f898..ada3a1481e5 100644 --- a/usr.bin/ssh/ttymodes.c +++ b/usr.bin/ssh/ttymodes.c @@ -43,7 +43,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ttymodes.c,v 1.14 2001/06/24 17:18:31 markus Exp $"); +RCSID("$OpenBSD: ttymodes.c,v 1.15 2001/12/19 07:18:56 deraadt Exp $"); #include "packet.h" #include "log.h" @@ -396,7 +396,7 @@ tty_parse_modes(int fd, int *n_bytes_ptr) default: debug("Ignoring unsupported tty mode opcode %d (0x%x)", - opcode, opcode); + opcode, opcode); if (!compat20) { /* * SSH1: diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c index e823d37a8b5..e794facd770 100644 --- a/usr.bin/ssh/uidswap.c +++ b/usr.bin/ssh/uidswap.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: uidswap.c,v 1.18 2001/08/08 21:34:19 markus Exp $"); +RCSID("$OpenBSD: uidswap.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $"); #include "log.h" #include "uidswap.h" @@ -54,8 +54,8 @@ temporarily_use_uid(struct passwd *pw) } privileged = 1; temporarily_use_uid_effective = 1; - saved_egid = getegid(); - saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); + saved_egid = getegid(); + saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); if (saved_egroupslen < 0) fatal("getgroups: %.100s", strerror(errno)); @@ -64,7 +64,7 @@ temporarily_use_uid(struct passwd *pw) if (initgroups(pw->pw_name, pw->pw_gid) < 0) fatal("initgroups: %s: %.100s", pw->pw_name, strerror(errno)); - user_groupslen = getgroups(NGROUPS_MAX, user_groups); + user_groupslen = getgroups(NGROUPS_MAX, user_groups); if (user_groupslen < 0) fatal("getgroups: %.100s", strerror(errno)); } |