mirror of git://anongit.mindrot.org/openssh.git
20001123
- (bal) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/11/15 22:31:36 [auth-options.c] case insensitive key options; from stevesk@sweeden.hp.com - markus@cvs.openbsd.org 2000/11/16 17:55:43 [dh.c] do not use perror() in sshd, after child is forked() - markus@cvs.openbsd.org 2000/11/14 23:42:40 [auth-rsa.c] parse option only if key matches; fix some confusing seen by the client - markus@cvs.openbsd.org 2000/11/14 23:44:19 [session.c] check no_agent_forward_flag for ssh-2, too - markus@cvs.openbsd.org 2000/11/15 [ssh-agent.1] reorder SYNOPSIS; typo, use .It - markus@cvs.openbsd.org 2000/11/14 23:48:55 [ssh-agent.c] do not reorder keys if a key is removed - markus@cvs.openbsd.org 2000/11/15 19:58:08 [ssh.c] just ignore non existing user keys - millert@cvs.openbsd.org 200/11/15 20:24:43 [ssh-keygen.c] Add missing \n at end of error message.
This commit is contained in:
parent
4a1d91646d
commit
1492029371
27
ChangeLog
27
ChangeLog
|
@ -1,3 +1,30 @@
|
|||
20001123
|
||||
- (bal) Merge OpenBSD changes:
|
||||
- markus@cvs.openbsd.org 2000/11/15 22:31:36
|
||||
[auth-options.c]
|
||||
case insensitive key options; from stevesk@sweeden.hp.com
|
||||
- markus@cvs.openbsd.org 2000/11/16 17:55:43
|
||||
[dh.c]
|
||||
do not use perror() in sshd, after child is forked()
|
||||
- markus@cvs.openbsd.org 2000/11/14 23:42:40
|
||||
[auth-rsa.c]
|
||||
parse option only if key matches; fix some confusing seen by the client
|
||||
- markus@cvs.openbsd.org 2000/11/14 23:44:19
|
||||
[session.c]
|
||||
check no_agent_forward_flag for ssh-2, too
|
||||
- markus@cvs.openbsd.org 2000/11/15
|
||||
[ssh-agent.1]
|
||||
reorder SYNOPSIS; typo, use .It
|
||||
- markus@cvs.openbsd.org 2000/11/14 23:48:55
|
||||
[ssh-agent.c]
|
||||
do not reorder keys if a key is removed
|
||||
- markus@cvs.openbsd.org 2000/11/15 19:58:08
|
||||
[ssh.c]
|
||||
just ignore non existing user keys
|
||||
- millert@cvs.openbsd.org 200/11/15 20:24:43
|
||||
[ssh-keygen.c]
|
||||
Add missing \n at end of error message.
|
||||
|
||||
20001122
|
||||
- (bal) Minor patch to ensure platforms lacking IRIX job limit supports
|
||||
are compilable.
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-options.c,v 1.5 2000/10/09 21:32:34 markus Exp $");
|
||||
RCSID("$OpenBSD: auth-options.c,v 1.6 2000/11/15 22:31:36 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "packet.h"
|
||||
|
@ -65,35 +65,35 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
|
|||
|
||||
while (*options && *options != ' ' && *options != '\t') {
|
||||
cp = "no-port-forwarding";
|
||||
if (strncmp(options, cp, strlen(cp)) == 0) {
|
||||
if (strncasecmp(options, cp, strlen(cp)) == 0) {
|
||||
packet_send_debug("Port forwarding disabled.");
|
||||
no_port_forwarding_flag = 1;
|
||||
options += strlen(cp);
|
||||
goto next_option;
|
||||
}
|
||||
cp = "no-agent-forwarding";
|
||||
if (strncmp(options, cp, strlen(cp)) == 0) {
|
||||
if (strncasecmp(options, cp, strlen(cp)) == 0) {
|
||||
packet_send_debug("Agent forwarding disabled.");
|
||||
no_agent_forwarding_flag = 1;
|
||||
options += strlen(cp);
|
||||
goto next_option;
|
||||
}
|
||||
cp = "no-X11-forwarding";
|
||||
if (strncmp(options, cp, strlen(cp)) == 0) {
|
||||
if (strncasecmp(options, cp, strlen(cp)) == 0) {
|
||||
packet_send_debug("X11 forwarding disabled.");
|
||||
no_x11_forwarding_flag = 1;
|
||||
options += strlen(cp);
|
||||
goto next_option;
|
||||
}
|
||||
cp = "no-pty";
|
||||
if (strncmp(options, cp, strlen(cp)) == 0) {
|
||||
if (strncasecmp(options, cp, strlen(cp)) == 0) {
|
||||
packet_send_debug("Pty allocation disabled.");
|
||||
no_pty_flag = 1;
|
||||
options += strlen(cp);
|
||||
goto next_option;
|
||||
}
|
||||
cp = "command=\"";
|
||||
if (strncmp(options, cp, strlen(cp)) == 0) {
|
||||
if (strncasecmp(options, cp, strlen(cp)) == 0) {
|
||||
int i;
|
||||
options += strlen(cp);
|
||||
forced_command = xmalloc(strlen(options) + 1);
|
||||
|
@ -121,7 +121,7 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
|
|||
goto next_option;
|
||||
}
|
||||
cp = "environment=\"";
|
||||
if (strncmp(options, cp, strlen(cp)) == 0) {
|
||||
if (strncasecmp(options, cp, strlen(cp)) == 0) {
|
||||
int i;
|
||||
char *s;
|
||||
struct envstring *new_envstring;
|
||||
|
@ -156,7 +156,7 @@ auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
|
|||
goto next_option;
|
||||
}
|
||||
cp = "from=\"";
|
||||
if (strncmp(options, cp, strlen(cp)) == 0) {
|
||||
if (strncasecmp(options, cp, strlen(cp)) == 0) {
|
||||
int mname, mip;
|
||||
char *patterns = xmalloc(strlen(options) + 1);
|
||||
int i;
|
||||
|
|
14
auth-rsa.c
14
auth-rsa.c
|
@ -14,7 +14,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $");
|
||||
RCSID("$OpenBSD: auth-rsa.c,v 1.33 2000/11/14 23:42:40 markus Exp $");
|
||||
|
||||
#include "rsa.h"
|
||||
#include "packet.h"
|
||||
|
@ -231,12 +231,6 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
|
|||
}
|
||||
} else
|
||||
options = NULL;
|
||||
/*
|
||||
* If our options do not allow this key to be used,
|
||||
* do not send challenge.
|
||||
*/
|
||||
if (!auth_parse_options(pw, options, linenum))
|
||||
continue;
|
||||
|
||||
/* Parse the key from the line. */
|
||||
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
|
||||
|
@ -259,6 +253,12 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
|
|||
file, linenum, BN_num_bits(pk->n), bits);
|
||||
|
||||
/* We have found the desired key. */
|
||||
/*
|
||||
* If our options do not allow this key to be used,
|
||||
* do not send challenge.
|
||||
*/
|
||||
if (!auth_parse_options(pw, options, linenum))
|
||||
continue;
|
||||
|
||||
/* Perform the challenge-response dialog for this key. */
|
||||
if (!auth_rsa_challenge_dialog(pk)) {
|
||||
|
|
6
dh.c
6
dh.c
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: dh.c,v 1.2 2000/10/11 20:11:35 markus Exp $");
|
||||
RCSID("$OpenBSD: dh.c,v 1.3 2000/11/16 17:55:43 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
|
||||
|
@ -102,7 +102,6 @@ choose_dh(int minbits)
|
|||
|
||||
f = fopen(DH_PRIMES, "r");
|
||||
if (!f) {
|
||||
perror(DH_PRIMES);
|
||||
log("WARNING: %s does not exist, using old prime", DH_PRIMES);
|
||||
return (dh_new_group1());
|
||||
}
|
||||
|
@ -133,8 +132,7 @@ choose_dh(int minbits)
|
|||
|
||||
f = fopen(DH_PRIMES, "r");
|
||||
if (!f) {
|
||||
perror(DH_PRIMES);
|
||||
exit(1);
|
||||
fatal("WARNING: %s dissappeared, giving up", DH_PRIMES);
|
||||
}
|
||||
|
||||
linenum = 0;
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: session.c,v 1.43 2000/11/06 23:04:56 markus Exp $");
|
||||
RCSID("$OpenBSD: session.c,v 1.44 2000/11/14 23:44:19 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
|
@ -1745,6 +1745,10 @@ session_auth_agent_req(Session *s)
|
|||
{
|
||||
static int called = 0;
|
||||
packet_done();
|
||||
if (no_agent_forwarding_flag) {
|
||||
debug("session_auth_agent_req: no_agent_forwarding_flag");
|
||||
return 0;
|
||||
}
|
||||
if (called) {
|
||||
return 0;
|
||||
} else {
|
||||
|
|
18
ssh-agent.1
18
ssh-agent.1
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: ssh-agent.1,v 1.17 2000/11/10 05:10:40 aaron Exp $
|
||||
.\" $OpenBSD: ssh-agent.1,v 1.19 2000/11/15 20:09:01 markus Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -42,12 +42,12 @@
|
|||
.Nd authentication agent
|
||||
.Sh SYNOPSIS
|
||||
.Nm ssh-agent
|
||||
.Op Fl c Li | Fl s
|
||||
.Op Fl k
|
||||
.Oo
|
||||
.Ar command
|
||||
.Op Ar args ...
|
||||
.Oc
|
||||
.Ar args ...
|
||||
.Nm ssh-agent
|
||||
.Op Fl c Li | Fl s
|
||||
.Nm ssh-agent
|
||||
.Fl k
|
||||
.Sh DESCRIPTION
|
||||
.Nm
|
||||
is a program to hold private keys used for public key authentication
|
||||
|
@ -154,7 +154,7 @@ but is normally added to the agent using
|
|||
at login time.
|
||||
.It Pa $HOME/.ssh/id_dsa
|
||||
Contains the DSA authentication identity of the user.
|
||||
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
|
||||
.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
|
||||
Unix-domain sockets used to contain the connection to the
|
||||
authentication agent.
|
||||
These sockets should only be readable by the owner.
|
||||
|
@ -172,7 +172,7 @@ This version of OpenSSH
|
|||
.Bl -bullet
|
||||
.It
|
||||
has all components of a restrictive nature (i.e., patents, see
|
||||
.Xr crypto 3 )
|
||||
.Xr ssl 8 )
|
||||
directly removed from the source code; any licensed or patented components
|
||||
are chosen from
|
||||
external libraries.
|
||||
|
@ -191,4 +191,4 @@ supports one-time password authentication with
|
|||
.Xr ssh-add 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr sshd 8 ,
|
||||
.Xr crypto 3
|
||||
.Xr ssl 8
|
||||
|
|
18
ssh-agent.c
18
ssh-agent.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-agent.c,v 1.39 2000/11/12 19:50:38 markus Exp $ */
|
||||
/* $OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.39 2000/11/12 19:50:38 markus Exp $");
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "rsa.h"
|
||||
|
@ -308,8 +308,9 @@ process_remove_identity(SocketEntry *e, int version)
|
|||
/*
|
||||
* We have this key. Free the old key. Since we
|
||||
* don\'t want to leave empty slots in the middle of
|
||||
* the array, we actually free the key there and copy
|
||||
* data from the last entry.
|
||||
* the array, we actually free the key there and move
|
||||
* all the entries between the empty slot and the end
|
||||
* of the array.
|
||||
*/
|
||||
Idtab *tab = idtab_lookup(version);
|
||||
key_free(tab->identities[idx].key);
|
||||
|
@ -318,8 +319,13 @@ process_remove_identity(SocketEntry *e, int version)
|
|||
fatal("process_remove_identity: "
|
||||
"internal error: tab->nentries %d",
|
||||
tab->nentries);
|
||||
if (idx != tab->nentries - 1)
|
||||
tab->identities[idx] = tab->identities[tab->nentries - 1];
|
||||
if (idx != tab->nentries - 1) {
|
||||
int i;
|
||||
for (i = idx; i < tab->nentries - 1; i++)
|
||||
tab->identities[i] = tab->identities[i+1];
|
||||
}
|
||||
tab->identities[tab->nentries - 1].key = NULL;
|
||||
tab->identities[tab->nentries - 1].comment = NULL;
|
||||
tab->nentries--;
|
||||
success = 1;
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.33 2000/11/12 19:50:38 markus Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.34 2000/11/15 20:24:43 millert Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
|
@ -727,7 +727,7 @@ main(int ac, char **av)
|
|||
if (key_type_name != NULL) {
|
||||
type = key_type_from_name(key_type_name);
|
||||
if (type == KEY_UNSPEC) {
|
||||
fprintf(stderr, "unknown key type %s", key_type_name);
|
||||
fprintf(stderr, "unknown key type %s\n", key_type_name);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
|
4
ssh.c
4
ssh.c
|
@ -39,7 +39,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh.c,v 1.72 2000/11/12 19:50:38 markus Exp $");
|
||||
RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/dsa.h>
|
||||
|
@ -1049,7 +1049,7 @@ guess_identity_file_type(const char *filename)
|
|||
int type = KEY_RSA1; /* default */
|
||||
|
||||
if (stat(filename, &st) < 0) {
|
||||
perror(filename);
|
||||
/* ignore this key */
|
||||
return KEY_UNSPEC;
|
||||
}
|
||||
public = key_new(type);
|
||||
|
|
Loading…
Reference in New Issue