Azure
/
sonic-openssh
зеркало из https://github.com/Azure/sonic-openssh.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

- Integrated patch from Dan Brosemer <odin@linuxfreak.com> 

- Build fixes
   - Autoconf
   - Change binary names to open*

 - Fixed autoconf script to detect PAM on RH6.1
 - Added tests for libpwdb, and OpenBSD functions to autoconf (not used yet)
This commit is contained in:
Damien Miller 1999-10-28 13:25:17 +10:00
Родитель 3d112efc67
Коммит 7f6ea0264d
22 изменённых файлов: 413 добавлений и 676 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

608
ChangeLog
Просмотреть файл

@ -1,578 +1,30 @@
Fri Nov 17 16:19:20 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
* Released 1.2.12.
* channels.c: Commented out debugging messages about output draining.
* Added file OVERVIEW to give some idea about the structure of the
ssh software.
Thu Nov 16 16:40:17 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
* canohost.c (get_remote_hostname): Don't ever return NULL (causes
segmentation violation).
* sshconnect.c: Host ip address printed incorrectly with -v.
* Implemented SSH_TTY environment variable.
Wed Nov 15 01:47:40 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi>
* Implemented server and client option KeepAlive to specify
whether to set SO_KEEPALIVE. Both default to "yes"; to disable
keepalives, set the value to "no" in both the server and the
client configuration files. Updated manual pages.
* sshd.c: Fixed Solaris utmp problem: wrong pid stored in utmp
(patch from Petri Virkkula <argon@bat.cs.hut.fi>).
* login.c (record_logout): Fixed removing user from utmp on BSD
(with HAVE_LIBUTIL_LOGIN).
* Added cleanup functions to be called from fatal(). Arranged for
utmp to be cleaned if sshd terminates by calling fatal (e.g.,
after dropping connection). Eliminated separate client-side
fatal() functions and moved fatal() to log-client.c. Made all
cleanups, including channel_stop_listening() and packet_close()
be called using this mechanism.
Thu Nov 9 09:58:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* sshd.c: Permit immediate login with empty password only if
password authentication is allowed.
Wed Nov 8 00:43:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* Eliminated unix-domain X11 forwarding. Inet-domain forwarding is
now the only supported form. Renamed server option
X11InetForwarding to X11Forwarding, and eliminated
X11UnixForwarding. Updated documentation. Updated RFC (marked
the SSH_CMSG_X11_REQUEST_FORWARDING message (code 26) as
obsolete, and removed all references to it). Increased protocol
version number to 1.3.
* scp.c (main): Added -B (BatchMode). Updated manual page.
* Cleaned up and updated all manual pages.
* clientloop.c: Added new escape sequences ~# (lists forwarded
connections), ~& (background ssh when waiting for forwarded
connections to terminate), ~? (list available escapes).
Polished the output of the connection listing. Updated
documentation.
* uidswap.c: If _POSIX_SAVED_IDS is defined, don't change the real
uid. Assume that _POSIX_SAVED_IDS also applies to seteuid.
This may solve problems with tcp_wrappers (libwrap) showing
connections as coming from root.
Tue Nov 7 20:28:57 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* Added RandomSeed server configuration option. The argument
specifies the location of the random seed file. Updated
documentation.
* Locate perl5 in configure. Generate make-ssh-known-hosts (with
the correct path for perl5) in Makefile.in, and install it with
the other programs. Updated manual page.
* sshd.c (main): Added a call to umask to set the umask to a
reasonable value.
* compress.c (buffer_compress): Fixed to follow the zlib
documentation (which is slightly confusing).
* INSTALL: Added information about Linux libc.so.4 problem.
Mon Nov 6 15:42:36 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* (Actually autoconf fix) Installed patch to AC_ARG_PROGRAM.
* sshd.c, sshd.8.in: Renamed $HOME/.environment ->
$HOME/.ssh/environment.
* configure.in: Disable shadow password checking on convex.
Convex has /etc/shadow, but sets pw_passwd automatically if
running as root.
* Eliminated HAVE_ETC_MASTER_PASSWD (NetBSD, FreeBSD); the
pw_passwd field is automatically filled if running as root.
Put explicit code in configure.in to prevent shadow password
checking on FreeBSD and NetBSD.
* serverloop.c (signchld_handler): Don't print error if wait
returns -1.
* Makefile.in (install): Fixed modes of data files.
* Makefile.in (install): Make links for slogin.1.
* make-ssh-known-hosts: Merged a patch from melo@ci.uminho.pt to
fix the ping command.
Fri Nov 3 16:25:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* ssh.1.in: Added more information about X11 forwarding.
Thu Nov 2 18:42:13 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* Changes to use O_NONBLOCK_BROKEN consistently.
* pty.c (pty_make_controlling_tty): Use setpgid instead of
setsid() on Ultrix.
* includes.h: Removed redundant #undefs for Ultrix and Sony News;
these are already handled in configure.in.
Tue Oct 31 13:31:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* configure.in: Define SSH_WTMP to /var/adm/wtmp is wtmp not found.
* configure.in: Disable vhangup on Ultrix. I am told this fixes
the server problems.
Sat Oct 28 14:22:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* sshconnect.c: Fixed a bug in connecting to a multi-homed host.
Restructured the connecting code to never try to use the same
socket a second time after a failed connection.
* Makefile.in: Added explicit -m option to install, and umask 022
when creating directories and the host key.
Fri Oct 27 01:05:10 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* Makefile.in: Added cleaning of $(ZLIBDIR) to clean and distclean.
* login.c (get_last_login_time): Fixed a typo (define -> defined).
Thu Oct 26 01:28:07 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* configure.in: Moved testing for ANSI C compiler after the host
specific code (problems on HPUX).
* Minor fixes to /etc/default/login stuff from Bryan O'Sullivan.
* Fixed .SH NAME sections in manual pages.
* compress.c: Trying to fix a mysterious bug in the compression
glue.
* ssh-1.2.11.
* scp.c: disable agent forwarding when running ssh from scp.
* Added compression of plaintext packets using the gzip library
(zlib). Client configuration options Compression and
CompressionLevel (1-9 as in gzip). New ssh and scp option -C
(to enable compression). Updated RFC.
Wed Oct 25 05:11:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* Implemented ProxyCommand stuff based on patches from Bryan
O'Sullivan <bos@serpentine.com>.
* Merged BSD login/logout/lastlog patches from Mark Treacy
<mark@labtam.oz.au>.
* sshd.c: Added chdir("/").
Tue Oct 24 00:29:01 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* Merged RSA environment= patches from Felix Leitner
<leitner@prz.tu-berlin.de> with some changes.
* sshd.c: Made the packet code use two separate descriptors for
the connection (one for input, the other for output). This will
make future extensions easier (e.g., non-socket transports, etc.).
sshd -i now uses both stdin and stdout separately.
Mon Oct 23 21:29:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* sshd.c: Merged execle -> execve patches from Mark Martinec
<Mark.Martinec@nsc.ijs.si>. This may help with execle bugs on
Convex (environment not getting passed properly). This might
also solve similar problems on Sonys; please test!
* Removed all compatibility code for protocol version 1.0.
THIS MEANS THAT WE ARE NO LONGER COMPATIBLE WITH SSH VERSIONS
PRIOR TO 1.1.0.
* randoms.c (random_acquire_light_environmental_noise): If
/dev/random is available, read up to 32 bytes (256 bits) from
there in non-blocking mode, and mix the new random bytes into
the pool.
* Added client configuration option StrictHostKeyChecking
(disabled by default). If this is enabled, the client will not
automatically add new host keys to $HOME/.ssh/known_hosts;
instead the connection will be refused if the host key is not
known. Similarly, if the host key has changed, the connection
will be refused instead if just issuing a warning. This
provides additional security against man-in-the-middle/trojan
horse attacks (especially in scripts where there is no-one to
see the warnings), but may be quite inconvenient in everyday
interactive use unless /etc/ssh_known_hosts is very complete,
because new host keys must now be added manually.
* sshconnect.c (ssh_connect): Use the user's uid when creating the
socket and connecting it. I am hoping that this might help with
tcp_wrappers showing the remote user as root.
* ssh.c: Try inet-domain X11 forwarding regardless of whether we
can get local authorization information. If we don't, we just
come up with fake information; the forwarding code will anyway
generate its own fake information and validate that the client
knows that information. It will then substitute our fake
information for that, but that info should get ignored by the
server if it doesn't support it.
* Added option BatchMode to disable password/passphrase querying
in scripts.
* auth-rh-rsa.c: Changed to use uid-swapping when reading
.ssh/known_hosts.
* sshd.8.in (command): Improved documentation of file permissions
on the manual pages.
Thu Oct 19 21:05:51 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi>
* ssh-add.c (add_file): Fixed a bug causing ssh to sometimes refer
to freed memory (comment -> saved_comment).
* log-server.c: Added a prefix to debug/warning/error/fatal
messages describing message types. Syslog does not include that
information automatically.
Sun Oct 8 01:56:01 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Merged /etc/default/login and MAIL environment variable changes
from Bryan O'Sullivan <bos@serpentine.com>.
- mail spool file location
- process /etc/default/login
- add HAVE_ETC_DEFAULT_LOGIN
- new function child_get_env and read_etc_default_login (sshd.c)
* ssh-add.c (add_file): Fixed asking for passphrase.
* Makefile.in: Fixed installing configure-generated man pages when
compiling in a separate object directory.
* sshd.c (main): Moved RSA key generation until after allocating
the port number. (Actually, the code got duplicated because we
never listen when run from inetd.)
* ssh.c: Fixed a problem that caused scp to hang when called with
stdin closed.
Sat Oct 7 03:08:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Added server config option StrictModes. It specifies whether to
check ownership and modes of home directory and .rhosts files.
* ssh.c: If ssh is renamed/linked to a host name, connect to that
host.
* serverloop.c, clientloop.c: Ignore EAGAIN reported on read from
connection. Solaris has a kernel bug which causes select() to
sometimes wake up even though there is no data available.
* Display all open connections when printing the "Waiting for
forwarded connections to terminate" message.
* sshd.c, readconf.c: Added X11InetForwarding and
X11UnixForwarding server config options.
Thu Oct 5 17:41:16 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Some more SCO fixes.
Tue Oct 3 01:04:34 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Fixes and cleanups in README, INSTALL, COPYING.
Mon Oct 2 03:36:08 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* ssh-add.c (add_file): Fixed a bug in ssh-add (xfree: NULL ...).
* Removed .BR from ".SH NAME" in man pages.
Sun Oct 1 04:16:07 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* ssh-1.2.10.
* configure.in: When checking that the compiler works, check that
it understands ANSI C prototypes.
* Made uidswap error message a debug() to avoid confusing errors
on AIX (AIX geteuid is brain-damaged and fails even for root).
* Fixed an error in sshd.8 (FacistLogging -> FascistLogging).
* Fixed distribution in Makefile.in (missing manual page .in files).
Sat Sep 30 17:38:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* auth-rhosts.c: Fixed serious security problem in
/etc/hosts.equiv authentication.
Fri Sep 29 00:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Include machine/endian.h on Paragon.
* ssh-add.c (add_file): Made ssh-add keep asking for the
passphrase until the user just types return or cancels.
Make the dialog display the comment of the key.
* Read use shosts.equiv in addition to /etc/hosts.equiv.
* sshd.8 is now sshd.8.in and is processed by configure to
substitute the proper paths for various files. Ditto for ssh.1.
Ditto for make-ssh-known-hosts.1.
* configure.in: Moved /etc/sshd_pid to PIDDIR/sshd.pid. PIDDIR
will be /var/run if it exists, and ETCDIR otherwise.
Thu Sep 28 21:52:42 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* On Ultrix, check if sys/syslog.h needs to be included in
addition to syslog.h.
* make-ssh-known-hosts.pl: Merged Kivinen's fixes for HPUX.
* configure.in: Put -lwrap, -lsocks, etc. at the head of LIBS.
* Fixed case-insensitivity in auth-rhosts.c.
* Added missing socketpair.c to EXTRA_SRCS (needed on SCO), plus
other SCO fixes.
* Makefile.in: Fixed missing install_prefixes.
Wed Sep 27 03:57:00 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* ssh-1.2.9.
* Added SOCKS support.
* Fixed default setting of IgnoreRhosts option.
* Pass the magic cookie to xauth in stdin instead of command line;
the command line is visible in ps.
* Added processing $HOME/.ssh/rc and /etc/sshrc.
* Added a section to sshd.8 on what happens at login time.
Tue Sep 26 01:27:40 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Don't define speed_t on SunOS 4.1.1; it conflicts with system
headers.
* Added support for .hushlogin.
* Added --with-etcdir.
* Read $HOME/.environment after /etc/environment.
Mon Sep 25 03:26:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Merged patches for SCO Unix (from Michael Henits).
Sun Sep 24 22:28:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Added ssh option ConnectionAttempts.
Sat Sep 23 12:30:15 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* sshd.c: Don't print last login time and /etc/motd if a command
has been specified (with ssh -t host command).
* Added support for passing the screen number in X11 forwarding.
It is implemented as a compatible protocol extension, signalled
by SSH_PROTOFLAG_SCREEN_NUMBER by the child.
* clientloop.c: Fixed bugs in the order in which things were
processed. This may solve problems with some data not getting
sent to the server as soon as possible (probably solves the TCP
forwarding delayed close problem). Also, it looked like window
changes might not get transmitted as early as possible in some
cases.
* clientloop.c: Changed to detect window size change that
happened while ssh was suspended.
* ssh.c: Moved the do_session function (client main loop) to
clientloop.c. Divided it into smaller functions. General cleanup.
* ssh-1.2.8
Fri Sep 22 22:07:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* sshconnect.c (ssh_login): Made ssh_login take the options
structure as argument, instead of the individual arguments.
* auth-rhosts.c (check_rhosts_file): Added support for netgroups.
* auth-rhosts.c (check_rhosts_file): Added support for negated
entries.
Thu Sep 21 00:07:56 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* auth-rhosts.c: Restructured rhosts authentication code.
Hosts.equiv now has same format as .rhosts: user names are allowed.
* Added support for the Intel Paragon.
* sshd.c: Don't use X11 forwarding with spoofing if no xauth
program. Changed configure.in to not define XAUTH_PATH if
there is no xauth program.
* ssh-1.2.7
* sshd.c: Rewrote the code to build the environment. Now also reads
/etc/environment.
* sshd.c: Fixed problems in libwrap code. --with-libwrap now
takes optional library name/path.
* ssh-1.2.6
* Define USE_PIPES by default.
* Added support for Univel Unixware and MachTen.
* Added IgnoreRhosts server option.
* Added USE_STRLEN_FOR_AF_UNIX; it is needed at least on MachTen.
Wed Sep 20 02:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* sshd.c (do_child): don't call packet_close when /etc/nologin,
because packet_close does shutdown, and the message does not get
sent.
* pty.c (pty_allocate): Push ttcompat streams module.
* randoms.c (random_acquire_light_environmental_noise): Don't use
the second argument to gettimeofday as it is not supported on
all systems.
* login.c (record_login): Added NULL second argument to gettimeofday.
Tue Sep 19 13:25:48 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* fixed pclose wait() in sshd key regeneration (now only collects
easily available noise).
* configure.in: test for bsdi before bsd*.
* ssh.c: Don't print "Connection closed" if -q.
Wed Sep 13 04:19:52 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Released ssh-1.2.5.
* Hopefully fixed "Waiting for forwarded connections to terminate"
message.
* randoms.c, md5.c: Large modifications to make these work on Cray
(which has no 32 bit integer type).
* Fixed a problem with forwarded connection closes not being
reported immediately.
* ssh.c: fixed rhosts authentication (broken by uid-swapping).
* scp.c: Don't use -l if server user not specified (it made
setting User in the configuration file not work).
* configure.in: don't use -pipe on BSDI.
* randoms.c: Major modifications to make it work without 32 bit
integers (e.g. Cray).
* md5.c: Major modifications to make it work without 32 bit
integers (e.g. Cray).
* Eliminated HPSUX_BROKEN_PTYS. The code is now enabled by
default on all systems.
Mon Sep 11 00:53:12 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* sshd.c: don't include sshd pathname in log messages.
* Added libwrap stuff (includes support for identd).
* Added OSF/1 C2 extended security stuff.
* Fixed interactions between getuid() and uid-swap stuff.
Sun Sep 10 00:29:27 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* serverloop.c: Don't send stdout data to client until after a few
milliseconds if there is very little data. This is because some
systems give data from pty one character at a time, which would
multiply data size by about 16.
* serverloop.c: Moved server do_session to a separate file and
renamed it server_loop. Split it into several functions and
partially rewrote it. Fixed "cat /etc/termcap | ssh foo cat" hangup.
* Screwed up something while checking stuff in under cvs. No harm,
but bogus log entries...
Sat Sep 9 02:24:51 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* minfd.c (_get_permanent_fd): Use SHELL environment variable.
* channels.c (x11_create_display_inet): Created
HPSUX_NONSTANDARD_X11_KLUDGE; it causes DISPLAY to contain the
IP address of the host instead of the name, because HPSUX uses
some magic shared memory communication for local connections.
* Changed SIGHUP processing in server; it should now work multiple
times.
* Added length limits in many debug/log/error/fatal calls just in
case.
* login.c (get_last_login_time): Fixed location of lastlog.
* Rewrote all uid-swapping code. New files uidswap.h, uidswap.c.
* Fixed several security problems involving chmod and chgrp (race
conditions). Added warnings about dubious modes for /tmp/.X11-unix.
Fri Sep 8 20:03:36 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi>
* Changed readconf.c to never display anything from the config
file. This should now be prevented otherwise, but let's play safe.
* log-server.c: Use %.500s in syslog() just to be sure (they
should already be shorter than 1024 though).
* sshd.c: Moved setuid in child a little earlier (just to be
conservative, there was no security problem that I could detect).
* README, INSTALL: Added info about mailing list and WWW page.
* sshd.c: Added code to use SIGCHLD and wait zombies immediately.
* Merged patch to set ut_addr in utmp.
* Created ChangeLog and added it to Makefile.in.
* Use read_passphrase instead of getpass().
* Added SSH_FALLBACK_CIPHER. Fixed a bug in default cipher
selection (IDEA used to be selected even if not supported by the
server).
* Use no encryption for key files if empty passphrase.
* Added section about --without-idea in INSTALL.
* Version 1.2.0 was released a couple of days ago.
19991028
- Further PAM enhancements.
- Much cleaner
- Now uses account and session modules for all logins.
- Integrated patch from Dan Brosemer <odin@linuxfreak.com>
- Build fixes
- Autoconf
- Change binary names to open*
- Fixed autoconf script to detect PAM on RH6.1
- Added tests for libpwdb, and OpenBSD functions to autoconf
19991027
- Adapted PAM patch.
- Released 1.0pre2
- Excised my buggy replacements for strlcpy and mkdtemp
- Imported correct OpenBSD strlcpy and mkdtemp routines.
- Reduced arc4random_stir entropy read to 32 bytes (256 bits)
- Picked up correct version number from OpenBSD
- Added sshd.pam PAM configuration file
- Added sshd.init Redhat init script
- Added openssh.spec RPM spec file
- Released 1.2pre3
19991026
- Fixed include paths of OpenSSL functions
- Use OpenSSL MD5 routines
- Imported RC4 code from nanocrypt
- Wrote replacements for OpenBSD arc4random* functions
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1

20
ChangeLog.linux
Просмотреть файл

@ -1,20 +0,0 @@
19991027
- Adapted PAM patch.
- Released 1.0pre2
- Excised my buggy replacements for strlcpy and mkdtemp
- Imported correct OpenBSD strlcpy and mkdtemp routines.
- Reduced arc4random_stir entropy read to 32 bytes (256 bits)
- Picked up correct version number from OpenBSD
- Added sshd.pam PAM configuration file
- Added sshd.init Redhat init script
- Added openssh.spec RPM spec file
- Released 1.2pre3
19991026
- Fixed include paths of OpenSSL functions
- Use OpenSSL MD5 routines
- Imported RC4 code from nanocrypt
- Wrote replacements for OpenBSD arc4random* functions
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1

50
Makefile.GNU
Просмотреть файл

@ -1,50 +0,0 @@
OPT_FLAGS=-g
CFLAGS=$(OPT_FLAGS) -Wall -DETCDIR=\"/etc/ssh\" -DHAVE_PAM -DHAVE_PWDB
TARGETS=bin/libssh.a bin/ssh bin/sshd bin/ssh-add bin/ssh-keygen bin/ssh-agent bin/scp
LFLAGS=-L./bin
LIBS=-lssh -lcrypto -lz -lutil -lpwdb -lpam -ldl
AR=ar
RANLIB=ranlib
OBJS= authfd.o authfile.o auth-passwd.o auth-rhosts.o auth-rh-rsa.o \
auth-rsa.o bufaux.o buffer.o canohost.o channels.o cipher.o \
clientloop.o compress.o crc32.o deattack.o hostfile.o \
log-client.o login.o log-server.o match.o mpaux.o packet.o pty.o \
readconf.o readpass.o rsa.o servconf.o serverloop.o \
sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \
helper.o mktemp.o strlcpy.o rc4.o
all: $(OBJS) $(TARGETS)
bin/libssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o hostfile.o match.o mpaux.o nchan.o packet.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o helper.o rc4.o mktemp.o strlcpy.o
[ -d bin ] || mkdir bin
$(AR) rv $@ $^
$(RANLIB) $@
bin/ssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/sshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/scp: scp.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/ssh-add: ssh-add.o log-client.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/ssh-agent: ssh-agent.o log-client.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/ssh-keygen: ssh-keygen.o log-client.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
clean:
rm -f *.o core bin/*

73
Makefile.in Normal file
Просмотреть файл

@ -0,0 +1,73 @@
prefix=@prefix@
exec_prefix=@exec_prefix@
bindir=@bindir@
sbindir=@sbindir@
libdir=@libdir@
CC=@CC@
CFLAGS=-g -Wall -DETCDIR=\"/etc/ssh\" @DEFS@
TARGETS=bin/libopenssh.a bin/openssh bin/opensshd bin/openssh-add bin/openssh-keygen bin/openssh-agent bin/openscp
LFLAGS=-L./bin
LIBS=-lopenssh @LIBS@
AR=@AR@
RANLIB=@RANLIB@
OBJS= authfd.o authfile.o auth-passwd.o auth-rhosts.o auth-rh-rsa.o \
auth-rsa.o bufaux.o buffer.o canohost.o channels.o cipher.o \
clientloop.o compress.o crc32.o deattack.o helper.o hostfile.o \
log-client.o login.o log-server.o match.o mpaux.o packet.o pty.o \
readconf.o readpass.o rsa.o servconf.o serverloop.o \
sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \
helper.o mktemp.o strlcpy.o rc4.o
all: $(OBJS) $(TARGETS)
bin/libopenssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o hostfile.o match.o mpaux.o nchan.o packet.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o helper.o rc4.o mktemp.o strlcpy.o
[ -d bin ] || mkdir bin
$(AR) rv $@ $^
$(RANLIB) $@
bin/openssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/opensshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/openscp: scp.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/openssh-add: ssh-add.o log-client.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/openssh-agent: ssh-agent.o log-client.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
bin/openssh-keygen: ssh-keygen.o log-client.o
[ -d bin ] || mkdir bin
$(CC) -o $@ $^ $(LFLAGS) $(LIBS)
clean:
rm -f *.o core bin/* config.status config.cache config.log
install:
install -d $(bindir)
install -d $(sbindir)
install -d $(libdir)
install -c bin/openssh $(bindir)/openssh
install -c bin/openscp $(bindir)/openscp
install -c bin/openssh-add $(bindir)/openssh-add
install -c bin/openssh-agent $(bindir)/openssh-agent
install -c bin/openssh-keygen $(bindir)/openssh-keygen
install -c bin/opensshd $(sbindir)/opensshd
install -c bin/libopenssh.a $(libdir)/libopenssh.a
distclean: clean
rm -f Makefile config.h *~
rm -rf bin
mrproper: distclean

11
Makefile.inc
Просмотреть файл

@ -1,11 +0,0 @@
CFLAGS+= -I${.CURDIR}/..
.include <bsd.obj.mk>
.if exists(${.CURDIR}/../lib/${__objdir})
LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh
DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a
.else
LDADD+= -L${.CURDIR}/../lib -lssh
DPADD+= ${.CURDIR}/../lib/libssh.a
.endif

4
README.openssh
Просмотреть файл

@ -33,8 +33,8 @@ The OpenBSD team
Miscellania -
This version of SSH is based upon code retrieved from the OpenBSD CVS
repository on 1999-10-26, which in turn was based on the last free
version of SSH released by Tatu Ylonen.
repository on 1999-10-26 patched by Damien Miller <djm@ibs.com.au>, which
in turn was based on the last free version of SSH released by Tatu Ylonen.
Code in helper.[ch] is Copyright 1999 Internet Business Solutions and
is released under a X11-style license (see source file for details).

7
acconfig.h Normal file
Просмотреть файл

@ -0,0 +1,7 @@
/* config.h.in. Generated by hand, don't use autoheader. */
/* Define if your ssl headers are included with #include <ssl/header.h> */
#undef HAVE_SSL
/* Define if your ssl headers are included with #include <openssl/header.h> */
#undef HAVE_OPENSSL

9
auth-rsa.c
Просмотреть файл

@ -15,8 +15,9 @@ validity of the host key.
*/
#include "config.h"
#include "includes.h"
RCSID("$Id: auth-rsa.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
RCSID("$Id: auth-rsa.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
#include "rsa.h"
#include "packet.h"
@ -25,8 +26,14 @@ RCSID("$Id: auth-rsa.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
#include "mpaux.h"
#include "uidswap.h"
#ifdef HAVE_OPENSSL
#include <openssl/rsa.h>
#include <openssl/md5.h>
#endif
#ifdef HAVE_SSL
#include <ssl/rsa.h>
#include <ssl/md5.h>
#endif
/* Flags that may be set in authorized_keys options. */
extern int no_port_forwarding_flag;

8
authfd.c
Просмотреть файл

@ -13,8 +13,9 @@ Functions for connecting the local authentication agent.
*/
#include "config.h"
#include "includes.h"
RCSID("$Id: authfd.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
RCSID("$Id: authfd.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
#include "ssh.h"
#include "rsa.h"
@ -24,7 +25,12 @@ RCSID("$Id: authfd.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
#include "xmalloc.h"
#include "getput.h"
#ifdef HAVE_OPENSSL
#include <openssl/rsa.h>
#endif
#ifdef HAVE_SSL
#include <ssl/rsa.h>
#endif
/* Returns the number of the authentication fd, or -1 if there is none. */

9
authfile.c
Просмотреть файл

@ -14,10 +14,17 @@ for reading the passphrase from the user.
*/
#include "config.h"
#include "includes.h"
RCSID("$Id: authfile.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
RCSID("$Id: authfile.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
#endif
#ifdef HAVE_SSL
#include <ssl/bn.h>
#endif
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"

10
bufaux.c
Просмотреть файл

@ -14,11 +14,19 @@ Buffers.
*/
#include "config.h"
#include "includes.h"
RCSID("$Id: bufaux.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
RCSID("$Id: bufaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
#include "ssh.h"
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
#endif
#ifdef HAVE_SSL
#include <ssl/bn.h>
#endif
#include "bufaux.h"
#include "xmalloc.h"
#include "getput.h"

8
cipher.c
Просмотреть файл

@ -11,13 +11,19 @@ Created: Wed Apr 19 17:41:39 1995 ylo
*/
#include "config.h"
#include "includes.h"
RCSID("$Id: cipher.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
RCSID("$Id: cipher.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
#include "ssh.h"
#include "cipher.h"
#ifdef HAVE_OPENSSL
#include <openssl/md5.h>
#endif
#ifdef HAVE_SSL
#include <ssl/md5.h>
#endif
/*
* What kind of tripple DES are these 2 routines?

10
cipher.h
Просмотреть файл

@ -11,13 +11,21 @@ Created: Wed Apr 19 16:50:42 1995 ylo
*/
/* RCSID("$Id: cipher.h,v 1.1 1999/10/27 03:42:44 damien Exp $"); */
/* RCSID("$Id: cipher.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */
#include "config.h"
#ifndef CIPHER_H
#define CIPHER_H
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#include <openssl/blowfish.h>
#endif
#ifdef HAVE_SSL
#include <ssl/des.h>
#include <ssl/blowfish.h>
#endif
/* Cipher types. New types can be added, but old types should not be removed
for compatibility. The maximum allowed value is 31. */

139
config.h.in Normal file
Просмотреть файл

@ -0,0 +1,139 @@
/* config.h.in. Generated automatically from configure.in by autoheader. */
/* Define to empty if the keyword does not work. */
#undef const
/* Define to `int' if <sys/types.h> doesn't define. */
#undef gid_t
/* Define if you don't have vprintf but do have _doprnt. */
#undef HAVE_DOPRNT
/* Define if your struct stat has st_blksize. */
#undef HAVE_ST_BLKSIZE
/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */
#undef HAVE_SYS_WAIT_H
/* Define if utime(file, NULL) sets file's timestamp to the present. */
#undef HAVE_UTIME_NULL
/* Define if you have the vprintf function. */
#undef HAVE_VPRINTF
/* Define as __inline if that's what the C compiler calls it. */
#undef inline
/* Define to `int' if <sys/types.h> doesn't define. */
#undef mode_t
/* Define to `long' if <sys/types.h> doesn't define. */
#undef off_t
/* Define as the return type of signal handlers (int or void). */
#undef RETSIGTYPE
/* Define to `unsigned' if <sys/types.h> doesn't define. */
#undef size_t
/* Define if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Define to `int' if <sys/types.h> doesn't define. */
#undef uid_t
/* Define if your ssl headers are included with #include <ssl/header.h> */
#undef HAVE_SSL
/* Define if your ssl headers are included with #include <openssl/header.h> */
#undef HAVE_OPENSSL
/* Define if you have the arc4random function. */
#undef HAVE_ARC4RANDOM
/* Define if you have the gethostname function. */
#undef HAVE_GETHOSTNAME
/* Define if you have the gettimeofday function. */
#undef HAVE_GETTIMEOFDAY
/* Define if you have the mkdir function. */
#undef HAVE_MKDIR
/* Define if you have the mkdtemp function. */
#undef HAVE_MKDTEMP
/* Define if you have the rmdir function. */
#undef HAVE_RMDIR
/* Define if you have the select function. */
#undef HAVE_SELECT
/* Define if you have the setproctitle function. */
#undef HAVE_SETPROCTITLE
/* Define if you have the socket function. */
#undef HAVE_SOCKET
/* Define if you have the strerror function. */
#undef HAVE_STRERROR
/* Define if you have the strlcpy function. */
#undef HAVE_STRLCPY
/* Define if you have the strspn function. */
#undef HAVE_STRSPN
/* Define if you have the strtol function. */
#undef HAVE_STRTOL
/* Define if you have the <dirent.h> header file. */
#undef HAVE_DIRENT_H
/* Define if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
/* Define if you have the <ndir.h> header file. */
#undef HAVE_NDIR_H
/* Define if you have the <paths.h> header file. */
#undef HAVE_PATHS_H
/* Define if you have the <sys/dir.h> header file. */
#undef HAVE_SYS_DIR_H
/* Define if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H
/* Define if you have the <sys/ndir.h> header file. */
#undef HAVE_SYS_NDIR_H
/* Define if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
/* Define if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
/* Define if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define if you have the crypto library (-lcrypto). */
#undef HAVE_LIBCRYPTO
/* Define if you have the dl library (-ldl). */
#undef HAVE_LIBDL
/* Define if you have the pam library (-lpam). */
#undef HAVE_LIBPAM
/* Define if you have the pwdb library (-lpwdb). */
#undef HAVE_LIBPWDB
/* Define if you have the util library (-lutil). */
#undef HAVE_LIBUTIL
/* Define if you have the z library (-lz). */
#undef HAVE_LIBZ

54
configure.in Normal file
Просмотреть файл

@ -0,0 +1,54 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT(auth-krb4.c)
AC_CONFIG_HEADER(config.h)
dnl Checks for programs.
AC_PROG_CC
AC_PROG_RANLIB
dnl Checks for libraries.
dnl Replace `main' with a function in -lcrypto:
AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***]))
dnl Replace `main' with a function in -lutil:
AC_CHECK_LIB(util, logout, ,AC_MSG_ERROR([*** -lutil missing - this is part of libc. ***]))
dnl Replace `main' with a function in -lz:
AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***]))
dnl check for pwdb
AC_CHECK_LIB(pwdb, pwdb_new, ,AC_MSG_ERROR([*** libpwdb missing - please install first ***]))
dnl check for dl
AC_CHECK_LIB(dl, dlopen, ,AC_MSG_ERROR([*** libdl missing - please install first ***]))
dnl check for pam
AC_CHECK_LIB(pam, pam_authenticate, ,AC_MSG_ERROR([*** PAM missing - please install first ***]))
dnl Check for stuff in path.
AC_CHECK_PROG(AR, ar, ar)
dnl Check for ssl headers
AC_CHECK_HEADER(openssl/bn.h, [AC_DEFINE(HAVE_OPENSSL)], [AC_CHECK_HEADER(ssl/bn.h, [AC_DEFINE(HAVE_SSL)], [AC_MSG_ERROR([*** ssl library missing - please install first ***])])])
dnl Checks for header files.
AC_HEADER_DIRENT
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(fcntl.h paths.h sys/ioctl.h sys/time.h syslog.h unistd.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_UID_T
AC_C_INLINE
AC_TYPE_MODE_T
AC_TYPE_OFF_T
AC_TYPE_SIZE_T
AC_STRUCT_ST_BLKSIZE
AC_HEADER_TIME
dnl Checks for library functions.
AC_PROG_GCC_TRADITIONAL
AC_FUNC_MEMCMP
AC_TYPE_SIGNAL
AC_FUNC_UTIME_NULL
AC_FUNC_VPRINTF
AC_CHECK_FUNCS(gethostname gettimeofday mkdir rmdir select socket strerror strspn strtol strlcpy mkdtemp arc4random setproctitle)
AC_OUTPUT(Makefile)

12
mpaux.c
Просмотреть файл

@ -14,14 +14,22 @@ precision integers.
*/
#include "config.h"
#include "includes.h"
RCSID("$Id: mpaux.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
RCSID("$Id: mpaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
#include <openssl/md5.h>
#endif
#ifdef HAVE_SSL
#include <ssl/bn.h>
#include <ssl/md5.h>
#endif
#include "getput.h"
#include "xmalloc.h"
#include <openssl/md5.h>
void
compute_session_id(unsigned char session_id[16],

8
packet.h
Просмотреть файл

@ -13,12 +13,18 @@ Interface for the packet protocol functions.
*/
/* RCSID("$Id: packet.h,v 1.1 1999/10/27 03:42:44 damien Exp $"); */
/* RCSID("$Id: packet.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */
#include "config.h"
#ifndef PACKET_H
#define PACKET_H
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
#endif
#ifdef HAVE_SSL
#include <ssl/bn.h>
#endif
/* Sets the socket used for communication. Disables encryption until
packet_set_encryption_key is called. It is permissible that fd_in

10
rsa.h
Просмотреть файл

@ -13,13 +13,21 @@ RSA key generation, encryption and decryption.
*/
/* RCSID("$Id: rsa.h,v 1.1 1999/10/27 03:42:44 damien Exp $"); */
/* RCSID("$Id: rsa.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */
#include "config.h"
#ifndef RSA_H
#define RSA_H
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
#include <openssl/rsa.h>
#endif
#ifdef HAVE_SSL
#include <ssl/bn.h>
#include <ssl/rsa.h>
#endif
/* Calls SSL RSA_generate_key, only copies to prv and pub */
void rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits);

8
ssh-agent.c
Просмотреть файл

@ -13,8 +13,9 @@ The authentication agent program.
*/
#include "config.h"
#include "includes.h"
RCSID("$Id: ssh-agent.c,v 1.1 1999/10/27 03:42:45 damien Exp $");
RCSID("$Id: ssh-agent.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
#include "ssh.h"
#include "rsa.h"
@ -26,7 +27,12 @@ RCSID("$Id: ssh-agent.c,v 1.1 1999/10/27 03:42:45 damien Exp $");
#include "getput.h"
#include "mpaux.h"
#ifdef HAVE_OPENSSL
#include <openssl/md5.h>
#endif
#ifdef HAVE_SSL
#include <ssl/md5.h>
#endif
typedef struct
{

3
ssh.c
Просмотреть файл

@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
*/
#include "includes.h"
RCSID("$Id: ssh.c,v 1.1 1999/10/27 03:42:45 damien Exp $");
RCSID("$Id: ssh.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
#include "xmalloc.h"
#include "ssh.h"
@ -215,6 +215,7 @@ main(int ac, char **av)
else
cp = av0;
if (strcmp(cp, "rsh") != 0 && strcmp(cp, "ssh") != 0 &&
strcmp(cp, "openssh") != 0 && strcmp(cp, "openlogin") != 0 &&
strcmp(cp, "rlogin") != 0 && strcmp(cp, "slogin") != 0)
host = cp;

16
ssh.h
Просмотреть файл

@ -13,11 +13,25 @@ Generic header file for ssh.
*/
/* RCSID("$Id: ssh.h,v 1.1 1999/10/27 03:42:45 damien Exp $"); */
/* RCSID("$Id: ssh.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */
#ifndef SSH_H
#define SSH_H
/* Added by Dan */
#ifndef SHUT_RDWR
enum
{
SHUT_RD = 0, /* No more receptions. */
#define SHUT_RD SHUT_RD
SHUT_WR, /* No more transmissions. */
#define SHUT_WR SHUT_WR
SHUT_RDWR /* No more receptions or transmissions. */
#define SHUT_RDWR SHUT_RDWR
};
#endif
#include "rsa.h"
#include "cipher.h"

12
sshconnect.c
Просмотреть файл

@ -14,10 +14,19 @@ login (authentication) dialog.
*/
#include "config.h"
#include "includes.h"
RCSID("$Id: sshconnect.c,v 1.1 1999/10/27 03:42:45 damien Exp $");
RCSID("$Id: sshconnect.c,v 1.2 1999/10/28 03:25:17 damien Exp $");
#ifdef HAVE_OPENSSL
#include <openssl/bn.h>
#include <openssl/md5.h>
#endif
#ifdef HAVE_SSL
#include <ssl/bn.h>
#include <ssl/md5.h>
#endif
#include "xmalloc.h"
#include "rsa.h"
#include "ssh.h"
@ -28,7 +37,6 @@ RCSID("$Id: sshconnect.c,v 1.1 1999/10/27 03:42:45 damien Exp $");
#include "uidswap.h"
#include "compat.h"
#include <openssl/md5.h>
/* Session id for the current session. */
unsigned char session_id[16];