Project import
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a0699aa
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,114 @@
+#
+# Copyright (c) 2010-2011 Nest, Inc.
+# All rights reserved.
+#
+# This document is the property of Nest. It is considered
+# confidential and proprietary information.
+#
+# This document may not be reproduced or transmitted in any form,
+# in whole or in part, without the express written permission of
+# Nest.
+#
+# Description:
+# This file is the makefile for the Open Secure Shell (SSH)
+# client and server.
+#
+
+BuildConfigSpecialized := No
+BuildProductSpecialized := No
+
+include pre.mak
+
+PackageName := openssh
+
+PackageExtension := tar.gz
+PackageSeparator := -
+
+PackagePatchArgs :=
+
+PackageArchive := $(PackageName).$(PackageExtension)
+PackageSourceDir := $(PackageName)$(PackageSeparator)$(PackageVersion)
+
+PackageBuildMakefile = $(call GenerateBuildPaths,Makefile)
+
+CleanPaths += $(PackageLicenseFile)
+
+OpenSSLDir := sw/tps/openssl
+OpenSSLSearchPath := $(call GenerateResultPaths,$(OpenSSLDir),usr)
+TcpWrappersDir := sw/tps/tcp_wrappers
+TcpWrappersSearchPath := $(call GenerateResultPaths,$(TcpWrappersDir),usr)
+ZlibDir := sw/tps/zlib
+ZlibSearchPath := $(call GenerateResultPaths,$(ZlibDir),usr)
+
+all: $(PackageDefaultGoal)
+
+# Generate the package license contents.
+
+$(PackageSourceDir)/LICENCE: source
+
+$(PackageLicenseFile): $(PackageSourceDir)/LICENCE
+ $(copy-result)
+
+# Extract the source from the archive and apply patches, if any.
+
+$(PackageSourceDir): $(PackageArchive) $(PackagePatchPaths)
+ $(expand-and-patch-package)
+
+# Prepare the sources.
+
+.PHONY: source
+source: | $(PackageSourceDir)
+
+# Patch the sources, if necessary.
+
+.PHONY: patch
+patch: source
+
+# Generate the package's build makefile
+
+$(PackageBuildMakefile): | $(PackageSourceDir) $(BuildDirectory)
+ $(Verbose)cd $(BuildDirectory) && \
+ $(CURDIR)/$(PackageSourceDir)/configure \
+ CC="$(CC)" AR=$(AR) RANLIB=$(RANLIB) STRIP=$(STRIP) \
+ INSTALL="$(INSTALL) $(INSTALLFLAGS)" \
+ --build=$(HostTuple) \
+ --host=$(TargetTuple) \
+ --prefix=/usr \
+ --sysconfdir=/etc/ssh \
+ --disable-strip \
+ --with-ssl-dir=$(OpenSSLSearchPath) \
+ --with-tcp-wrappers=$(TcpWrappersSearchPath) \
+ --with-zlib=$(ZlibSearchPath)
+
+# Configure the source for building.
+
+.PHONY: configure
+configure: source $(PackageBuildMakefile)
+
+# Build the source.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: build
+build: configure
+ $(Verbose)unset MAKEFLAGS && \
+ $(MAKE) $(JOBSFLAG) -C $(BuildDirectory) \
+ all
+
+# Stage the build to a temporary installation area.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: stage
+stage: build | $(ResultDirectory)
+ $(Verbose)unset MAKEFLAGS && \
+ $(MAKE) $(JOBSFLAG) -C $(BuildDirectory) \
+ DESTDIR=$(ResultDirectory) \
+ install-nokeys
+
+clean:
+ $(Verbose)$(RM) $(RMFLAGS) -r $(PackageSourceDir)
+ $(Verbose)$(RM) $(RMFLAGS) -r $(BuildDirectory)
+ $(Verbose)$(RM) $(RMFLAGS) -r $(ResultDirectory)
+
+include post.mak
diff --git a/openssh-6.0p1/CREDITS b/openssh-6.0p1/CREDITS
new file mode 100644
index 0000000..eaf105a
--- /dev/null
+++ b/openssh-6.0p1/CREDITS
@@ -0,0 +1,105 @@
+Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
+
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
+Theo de Raadt, and Dug Song - Creators of OpenSSH
+
+Ahsan Rashid <arms@sco.com> - UnixWare long passwords
+Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
+Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
+Andre Lucas <andre@ae-35.com> - new login code, many fixes
+Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support
+Andrew McGill <andrewm@datrix.co.za> - SCO fixes
+Andrew Morgan <morgan@transmeta.com> - PAM bugfixes
+Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes
+Andy Sloane <andy@guildsoftware.com> - bugfixes
+Aran Cox <acox@cv.telegroup.com> - SCO bugfixes
+Arkadiusz Miskiewicz <misiek@pld.org.pl> - IPv6 compat fixes
+Ben Lindstrom <mouring@eviladmin.org> - NeXT support
+Ben Taylor <bent@clark.net> - Solaris debugging and fixes
+Bratislav ILICH <bilic@zepter.ru> - Configure fix
+Charles Levert <charles@comm.polymtl.ca> - SunOS 4 & bug fixes
+Chip Salzenberg <chip@valinux.com> - Assorted patches
+Chris Adams <cmadams@hiwaay.net> - OSF SIA support
+Chris Saia <csaia@wtower.com> - SuSE packaging
+Chris, the Young One <cky@pobox.com> - Password auth fixes
+Christos Zoulas <christos@zoulas.com> - Autoconf fixes
+Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes
+Corinna Vinschen <vinschen@redhat.com> - Cygwin support
+Chad Mynhier <mynhier@interstel.net> - Solaris Process Contract support
+Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes
+Darren Hall <dhall@virage.org> - AIX patches
+Darren Tucker <dtucker@zip.com.au> - AIX BFF package scripts
+David Agraz <dagraz@jahoopa.com> - Build fixes
+David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
+David Hesprich <darkgrue@gue-tech.org> - Configure fixes
+David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
+Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
+Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
+Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
+Garrick James <garrick@james.net> - configure fixes
+Gary E. Miller <gem@rellim.com> - SCO support
+Ged Lodder <lodder@yacc.com.au> - HPUX fixes and enhancements
+Gert Doering <gd@hilb1.medat.de> - bug and portability fixes
+HARUYAMA Seigo <haruyama@unixuser.org> - Translations & doc fixes
+Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp> - IPv6 and bug fixes
+Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp> - Configure fixes
+Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE> - KRB4/AFS config patch
+IWAMURO Motonori <iwa@mmp.fujitsu.co.jp> - bugfixes
+Jani Hakala <jahakala@cc.jyu.fi> - Patches
+Jarno Huuskonen <jhuuskon@hytti.uku.fi> - Bugfixes
+Jim Knoble <jmknoble@pobox.com> - Many patches
+Jonchen (email unknown) - the original author of PAM support of SSH
+Juergen Keil <jk@tools.de> - scp bugfixing
+KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes
+Kees Cook <cook@cpoint.net> - scp fixes
+Kenji Miyake <kenji@miyake.org> - Configure fixes
+Kevin Cawlfield <cawlfiel@us.ibm.com> - AIX fixes.
+Kevin O'Connor <kevin_oconnor@standardandpoors.com> - RSAless operation
+Kevin Steves <stevesk@pobox.com> - HP support, bugfixes, improvements
+Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes
+Larry Jones <larry.jones@sdrc.com> - Bugfixes
+Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - Bugfixes
+Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches
+Mark D. Baushke <mdb@juniper.net> - bug fixes
+Martin Johansson <fatbob@acc.umu.se> - Linux fixes
+Mark D. Roth <roth+openssh@feep.net> - Features, bug fixes
+Mark Miller <markm@swoon.net> - Bugfixes
+Matt Richards <v2matt@btv.ibm.com> - AIX patches
+Michael Steffens <michael_steffens at hp.com> - HP-UX fixes
+Michael Stone <mstone@cs.loyola.edu> - Irix enhancements
+Nakaji Hiroyuki <nakaji@tutrp.tut.ac.jp> - Sony News-OS patch
+Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch
+Nate Itkin <nitkin@europa.com> - SunOS 4.1.x fixes
+Niels Kristian Bech Jensen <nkbj@image.dk> - Assorted patches
+Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> - Security fixes
+Pavel Troller <patrol@omni.sinus.cz> - Bugfixes
+Pekka Savola <pekkas@netcore.fi> - Bugfixes
+Peter Kocks <peter.kocks@baygate.com> - Makefile fixes
+Peter Stuge <stuge@cdy.org> - mdoc2man.awk script
+Phil Hands <phil@hands.com> - Debian scripts, assorted patches
+Phil Karn <karn@ka9q.ampr.org> - Autoconf fixes
+Philippe WILLEM <Philippe.WILLEM@urssaf.fr> - Bugfixes
+Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix
+Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes
+Robert Dahlem <Robert.Dahlem at siemens.com> - Reliant Unix fixes
+Roumen Petrov <openssh@roumenpetrov.info> - Compile & configure fixes
+SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes
+Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes, Compat with MIT KrbV
+Solar Designer <solar@openwall.com> - many patches and technical assistance
+Svante Signell <svante.signell@telia.com> - Bugfixes
+Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords
+Tim Rice <tim@multitalents.net> - Portability & SCO fixes
+Tobias Oetiker <oetiker@ee.ethz.ch> - Bugfixes
+Tom Bertelson's <tbert@abac.com> - AIX auth fixes
+Tor-Ake Fransson <torake@hotmail.com> - AIX support
+Tudor Bosman <tudorb@jm.nu> - MD5 password support
+Udo Schweigert <ust@cert.siemens.de> - ReliantUNIX support
+Wendy Palm <wendyp at cray.com> - Cray support.
+Zack Weinberg <zack@wolery.cumb.org> - GNOME askpass enhancement
+
+Apologies to anyone I have missed.
+
+Damien Miller <djm@mindrot.org>
+
+$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $
+
diff --git a/openssh-6.0p1/ChangeLog b/openssh-6.0p1/ChangeLog
new file mode 100644
index 0000000..5df7618
--- /dev/null
+++ b/openssh-6.0p1/ChangeLog
@@ -0,0 +1,2054 @@
+20120420
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update for release 6.0
+ - (djm) [README] Update URL to release notes.
+ - (djm) Release openssh-6.0
+
+20120419
+ - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
+ contains openpty() but not login()
+
+20120404
+ - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
+ mode for Linux's new seccomp filter; patch from Will Drewry; feedback
+ and ok dtucker@
+
+20120330
+ - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING
+ file from spec file. From crighter at nuclioss com.
+ - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
+ openssh binaries on a newer fix release than they were compiled on.
+ with and ok dtucker@
+ - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
+ assumptions when building on Cygwin; patch from Corinna Vinschen
+
+20120309
+ - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
+ systems where sshd is run in te wrong context. Patch from Sven
+ Vermeulen; ok dtucker@
+ - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
+ addressed connections. ok dtucker@
+
+20120224
+ - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
+ audit breakage in Solaris 11. Patch from Magnus Johansson.
+
+20120215
+ - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
+ unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
+ ok dtucker@
+ - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
+ it actually works.
+ - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
+ to work. Spotted by Angel Gonzalez
+
+20120214
+ - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
+ preserved Cygwin environment variables; from Corinna Vinschen
+
+20120211
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2012/01/05 00:16:56
+ [monitor.c]
+ memleak on error path
+ - djm@cvs.openbsd.org 2012/01/07 21:11:36
+ [mux.c]
+ fix double-free in new session handler
+ - miod@cvs.openbsd.org 2012/01/08 13:17:11
+ [ssh-ecdsa.c]
+ Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
+ ok markus@
+ - miod@cvs.openbsd.org 2012/01/16 20:34:09
+ [ssh-pkcs11-client.c]
+ Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
+ While there, be sure to buffer_clear() between send_msg() and recv_msg().
+ ok markus@
+ - dtucker@cvs.openbsd.org 2012/01/18 21:46:43
+ [clientloop.c]
+ Ensure that $DISPLAY contains only valid characters before using it to
+ extract xauth data so that it can't be used to play local shell
+ metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
+ - markus@cvs.openbsd.org 2012/01/25 19:26:43
+ [packet.c]
+ do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
+ ok dtucker@, djm@
+ - markus@cvs.openbsd.org 2012/01/25 19:36:31
+ [authfile.c]
+ memleak in key_load_file(); from Jan Klemkow
+ - markus@cvs.openbsd.org 2012/01/25 19:40:09
+ [packet.c packet.h]
+ packet_read_poll() is not used anymore.
+ - markus@cvs.openbsd.org 2012/02/09 20:00:18
+ [version.h]
+ move from 6.0-beta to 6.0
+
+20120206
+ - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
+ that don't support ECC. Patch from Phil Oleson
+
+20111219
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/12/02 00:41:56
+ [mux.c]
+ fix bz#1948: ssh -f doesn't fork for multiplexed connection.
+ ok dtucker@
+ - djm@cvs.openbsd.org 2011/12/02 00:43:57
+ [mac.c]
+ fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
+ HMAC_init (this change in policy seems insane to me)
+ ok dtucker@
+ - djm@cvs.openbsd.org 2011/12/04 23:16:12
+ [mux.c]
+ revert:
+ > revision 1.32
+ > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
+ > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
+ > ok dtucker@
+ it interacts badly with ControlPersist
+ - djm@cvs.openbsd.org 2011/12/07 05:44:38
+ [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
+ fix some harmless and/or unreachable int overflows;
+ reported Xi Wang, ok markus@
+
+20111125
+ - OpenBSD CVS Sync
+ - oga@cvs.openbsd.org 2011/11/16 12:24:28
+ [sftp.c]
+ Don't leak list in complete_cmd_parse if there are no commands found.
+ Discovered when I was ``borrowing'' this code for something else.
+ ok djm@
+
+20111121
+ - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
+
+20111104
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/10/18 05:15:28
+ [ssh.c]
+ ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
+ - djm@cvs.openbsd.org 2011/10/18 23:37:42
+ [ssh-add.c]
+ add -k to usage(); reminded by jmc@
+ - djm@cvs.openbsd.org 2011/10/19 00:06:10
+ [moduli.c]
+ s/tmpfile/tmp/ to make this -Wshadow clean
+ - djm@cvs.openbsd.org 2011/10/19 10:39:48
+ [umac.c]
+ typo in comment; patch from Michael W. Bombardieri
+ - djm@cvs.openbsd.org 2011/10/24 02:10:46
+ [ssh.c]
+ bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
+ was incorrectly requesting the forward in both the control master and
+ slave. skip requesting it in the master to fix. ok markus@
+ - djm@cvs.openbsd.org 2011/10/24 02:13:13
+ [session.c]
+ bz#1859: send tty break to pty master instead of (probably already
+ closed) slave side; "looks good" markus@
+ - dtucker@cvs.openbsd.org 011/11/04 00:09:39
+ [moduli]
+ regenerated moduli file; ok deraadt
+ - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
+ bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
+ which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
+ with some rework from myself and djm. ok djm.
+
+20111025
+ - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
+ fails. Patch from Corinna Vinschen.
+
+20111018
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/10/04 14:17:32
+ [sftp-glob.c]
+ silence error spam for "ls */foo" in directory with files; bz#1683
+ - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
+ [moduli.c ssh-keygen.1 ssh-keygen.c]
+ Add optional checkpoints for moduli screening. feedback & ok deraadt
+ - jmc@cvs.openbsd.org 2011/10/16 15:02:41
+ [ssh-keygen.c]
+ put -K in the right place (usage());
+ - stsp@cvs.openbsd.org 2011/10/16 15:51:39
+ [moduli.c]
+ add missing includes to unbreak tree; fix from rpointel
+ - djm@cvs.openbsd.org 2011/10/18 04:58:26
+ [auth-options.c key.c]
+ remove explict search for \0 in packet strings, this job is now done
+ implicitly by buffer_get_cstring; ok markus
+ - djm@cvs.openbsd.org 2011/10/18 05:00:48
+ [ssh-add.1 ssh-add.c]
+ new "ssh-add -k" option to load plain keys (skipping certificates);
+ "looks ok" markus@
+
+20111001
+ - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2011/09/23 00:22:04
+ [channels.c auth-options.c servconf.c channels.h sshd.8]
+ Add wildcard support to PermitOpen, allowing things like "PermitOpen
+ localhost:*". bz #1857, ok djm markus.
+ - markus@cvs.openbsd.org 2011/09/23 07:45:05
+ [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c
+ version.h]
+ unbreak remote portforwarding with dynamic allocated listen ports:
+ 1) send the actual listen port in the open message (instead of 0).
+ this allows multiple forwardings with a dynamic listen port
+ 2) update the matching permit-open entry, so we can identify where
+ to connect to
+ report: den at skbkontur.ru and P. Szczygielski
+ feedback and ok djm@
+ - djm@cvs.openbsd.org 2011/09/25 05:44:47
+ [auth2-pubkey.c]
+ improve the AuthorizedPrincipalsFile debug log message to include
+ file and line number
+ - dtucker@cvs.openbsd.org 2011/09/30 00:47:37
+ [sshd.c]
+ don't attempt privsep cleanup when not using privsep; ok markus@
+ - djm@cvs.openbsd.org 2011/09/30 21:22:49
+ [sshd.c]
+ fix inverted test that caused logspam; spotted by henning@
+
+20110929
+ - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
+ from des AT des.no
+ - (dtucker) [configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/strnlen.c] Add strnlen to the compat library.
+
+20110923
+ - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
+ longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
+ want this longhand version)
+ - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the
+ upstream version is YPified and we don't want this
+ - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version.
+ The file was totally rewritten between what we had in tree and -current.
+ - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
+ marker. The upstream API has changed (function and structure names)
+ enough to put it out of sync with other providers of this interface.
+ - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
+ of static __findenv() function from upstream setenv.c
+ - OpenBSD CVS Sync
+ - millert@cvs.openbsd.org 2006/05/05 15:27:38
+ [openbsd-compat/strlcpy.c]
+ Convert do {} while loop -> while {} for clarity. No binary change
+ on most architectures. From Oliver Smith. OK deraadt@ and henning@
+ - tobias@cvs.openbsd.org 2007/10/21 11:09:30
+ [openbsd-compat/mktemp.c]
+ Comment fix about time consumption of _gettemp.
+ FreeBSD did this in revision 1.20.
+ OK deraadt@, krw@
+ - deraadt@cvs.openbsd.org 2008/07/22 21:47:45
+ [openbsd-compat/mktemp.c]
+ use arc4random_uniform(); ok djm millert
+ - millert@cvs.openbsd.org 2008/08/21 16:54:44
+ [openbsd-compat/mktemp.c]
+ Remove useless code, the kernel will set errno appropriately if an
+ element in the path does not exist. OK deraadt@ pvalchev@
+ - otto@cvs.openbsd.org 2008/12/09 19:38:38
+ [openbsd-compat/inet_ntop.c]
+ fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
+
+20110922
+ - OpenBSD CVS Sync
+ - pyr@cvs.openbsd.org 2011/05/12 07:15:10
+ [openbsd-compat/glob.c]
+ When the max number of items for a directory has reached GLOB_LIMIT_READDIR
+ an error is returned but closedir() is not called.
+ spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
+ ok otto@, millert@
+ - stsp@cvs.openbsd.org 2011/09/20 10:18:46
+ [glob.c]
+ In glob(3), limit recursion during matching attempts. Similar to
+ fnmatch fix. Also collapse consecutive '*' (from NetBSD).
+ ok miod deraadt
+ - djm@cvs.openbsd.org 2011/09/22 06:27:29
+ [glob.c]
+ fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
+ applied only to the gl_pathv vector and not the corresponding gl_statv
+ array. reported in OpenSSH bz#1935; feedback and okay matthew@
+ - djm@cvs.openbsd.org 2011/08/26 01:45:15
+ [ssh.1]
+ Add some missing ssh_config(5) options that can be used in ssh(1)'s
+ -o argument. Patch from duclare AT guu.fi
+ - djm@cvs.openbsd.org 2011/09/05 05:56:13
+ [scp.1 sftp.1]
+ mention ControlPersist and KbdInteractiveAuthentication in the -o
+ verbiage in these pages too (prompted by jmc@)
+ - djm@cvs.openbsd.org 2011/09/05 05:59:08
+ [misc.c]
+ fix typo in IPQoS parsing: there is no "AF14" class, but there is
+ an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
+ - jmc@cvs.openbsd.org 2011/09/05 07:01:44
+ [scp.1]
+ knock out a useless Ns;
+ - deraadt@cvs.openbsd.org 2011/09/07 02:18:31
+ [ssh-keygen.1]
+ typo (they vs the) found by Lawrence Teo
+ - djm@cvs.openbsd.org 2011/09/09 00:43:00
+ [ssh_config.5 sshd_config.5]
+ fix typo in IPQoS parsing: there is no "AF14" class, but there is
+ an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
+ - djm@cvs.openbsd.org 2011/09/09 00:44:07
+ [PROTOCOL.mux]
+ MUX_C_CLOSE_FWD includes forward type in message (though it isn't
+ implemented anyway)
+ - djm@cvs.openbsd.org 2011/09/09 22:37:01
+ [scp.c]
+ suppress adding '--' to remote commandlines when the first argument
+ does not start with '-'. saves breakage on some difficult-to-upgrade
+ embedded/router platforms; feedback & ok dtucker ok markus
+ - djm@cvs.openbsd.org 2011/09/09 22:38:21
+ [sshd.c]
+ kill the preauth privsep child on fatal errors in the monitor;
+ ok markus@
+ - djm@cvs.openbsd.org 2011/09/09 22:46:44
+ [channels.c channels.h clientloop.h mux.c ssh.c]
+ support for cancelling local and remote port forwards via the multiplex
+ socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
+ the cancellation of the specified forwardings; ok markus@
+ - markus@cvs.openbsd.org 2011/09/10 22:26:34
+ [channels.c channels.h clientloop.c ssh.1]
+ support cancellation of local/dynamic forwardings from ~C commandline;
+ ok & feedback djm@
+ - okan@cvs.openbsd.org 2011/09/11 06:59:05
+ [ssh.1]
+ document new -O cancel command; ok djm@
+ - markus@cvs.openbsd.org 2011/09/11 16:07:26
+ [sftp-client.c]
+ fix leaks in do_hardlink() and do_readlink(); bz#1921
+ from Loganaden Velvindron
+ - markus@cvs.openbsd.org 2011/09/12 08:46:15
+ [sftp-client.c]
+ fix leak in do_lsreaddir(); ok djm
+ - djm@cvs.openbsd.org 2011/09/22 06:29:03
+ [sftp.c]
+ don't let remote_glob() implicitly sort its results in do_globbed_ls() -
+ in all likelihood, they will be resorted anyway
+
+20110909
+ - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From
+ Colin Watson.
+
+20110906
+ - (djm) [README version.h] Correct version
+ - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
+ - (djm) Respin OpenSSH-5.9p1 release
+
+20110905
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update version numbers.
+
+20110904
+ - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
+ regress errors for the sandbox to warnings. ok tim dtucker
+ - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
+ ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
+ support.
+
+20110829
+ - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
+ to switch SELinux context away from unconfined_t, based on patch from
+ Jan Chadima; bz#1919 ok dtucker@
+
+20110827
+ - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
+
+20110818
+ - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
+
+20110817
+ - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
+ OpenSSL 0.9.7. ok djm
+ - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
+ binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
+ - (djm) [configure.ac] error out if the host lacks the necessary bits for
+ an explicitly requested sandbox type
+ - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
+ bisson AT archlinux.org
+ - (djm) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2011/06/03 05:35:10
+ [regress/cfgmatch.sh]
+ use OBJ to find test configs, patch from Tim Rice
+ - markus@cvs.openbsd.org 2011/06/30 22:44:43
+ [regress/connect-privsep.sh]
+ test with sandbox enabled; ok djm@
+ - djm@cvs.openbsd.org 2011/08/02 01:23:41
+ [regress/cipher-speed.sh regress/try-ciphers.sh]
+ add SHA256/SHA512 based HMAC modes
+ - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
+ MAC tests for platforms that hack EVP_SHA2 support
+
+20110812
+ - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
+ change error by reporting old and new context names Patch from
+ jchadima at redhat.
+ - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
+ [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
+ init scrips from imorgan AT nas.nasa.gov; bz#1920
+ - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
+ identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
+ AT gmail.com; ok dtucker@
+
+20110807
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2008/06/26 06:59:39
+ [moduli.5]
+ tweak previous;
+ - sobrado@cvs.openbsd.org 2009/10/28 08:56:54
+ [moduli.5]
+ "Diffie-Hellman" is the usual spelling for the cryptographic protocol
+ first published by Whitfield Diffie and Martin Hellman in 1976.
+ ok jmc@
+ - jmc@cvs.openbsd.org 2010/10/14 20:41:28
+ [moduli.5]
+ probabalistic -> probabilistic; from naddy
+ - dtucker@cvs.openbsd.org 2011/08/07 12:55:30
+ [sftp.1]
+ typo, fix from Laurent Gautrot
+
+20110805
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/06/23 23:35:42
+ [monitor.c]
+ ignore EINTR errors from poll()
+ - tedu@cvs.openbsd.org 2011/07/06 18:09:21
+ [authfd.c]
+ bzero the agent address. the kernel was for a while very cranky about
+ these things. evne though that's fixed, always good to initialize
+ memory. ok deraadt djm
+ - djm@cvs.openbsd.org 2011/07/29 14:42:45
+ [sandbox-systrace.c]
+ fail open(2) with EPERM rather than SIGKILLing the whole process. libc
+ will call open() to do strerror() when NLS is enabled;
+ feedback and ok markus@
+ - markus@cvs.openbsd.org 2011/08/01 19:18:15
+ [gss-serv.c]
+ prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
+ report Adam Zabrock; ok djm@, deraadt@
+ - djm@cvs.openbsd.org 2011/08/02 01:22:11
+ [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
+ Add new SHA256 and SHA512 based HMAC modes from
+ http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
+ Patch from mdb AT juniper.net; feedback and ok markus@
+ - djm@cvs.openbsd.org 2011/08/02 23:13:01
+ [version.h]
+ crank now, release later
+ - djm@cvs.openbsd.org 2011/08/02 23:15:03
+ [ssh.c]
+ typo in comment
+
+20110624
+ - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
+ Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
+ markus@
+
+20110623
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/06/22 21:47:28
+ [servconf.c]
+ reuse the multistate option arrays to pretty-print options for "sshd -T"
+ - djm@cvs.openbsd.org 2011/06/22 21:57:01
+ [servconf.c servconf.h sshd.c sshd_config.5]
+ [configure.ac Makefile.in]
+ introduce sandboxing of the pre-auth privsep child using systrace(4).
+
+ This introduces a new "UsePrivilegeSeparation=sandbox" option for
+ sshd_config that applies mandatory restrictions on the syscalls the
+ privsep child can perform. This prevents a compromised privsep child
+ from being used to attack other hosts (by opening sockets and proxying)
+ or probing local kernel attack surface.
+
+ The sandbox is implemented using systrace(4) in unsupervised "fast-path"
+ mode, where a list of permitted syscalls is supplied. Any syscall not
+ on the list results in SIGKILL being sent to the privsep child. Note
+ that this requires a kernel with the new SYSTR_POLICY_KILL option.
+
+ UsePrivilegeSeparation=sandbox will become the default in the future
+ so please start testing it now.
+
+ feedback dtucker@; ok markus@
+ - djm@cvs.openbsd.org 2011/06/22 22:08:42
+ [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
+ hook up a channel confirm callback to warn the user then requested X11
+ forwarding was refused by the server; ok markus@
+ - djm@cvs.openbsd.org 2011/06/23 09:34:13
+ [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
+ [sandbox-null.c]
+ rename sandbox.h => ssh-sandbox.h to make things easier for portable
+ - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
+ setrlimit(2)
+
+20110620
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/06/04 00:10:26
+ [ssh_config.5]
+ explain IdentifyFile's semantics a little better, prompted by bz#1898
+ ok dtucker jmc
+ - markus@cvs.openbsd.org 2011/06/14 22:49:18
+ [authfile.c]
+ make sure key_parse_public/private_rsa1() no longer consumes its input
+ buffer. fixes ssh-add for passphrase-protected ssh1-keys;
+ noted by naddy@; ok djm@
+ - djm@cvs.openbsd.org 2011/06/17 21:44:31
+ [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
+ make the pre-auth privsep slave log via a socketpair shared with the
+ monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
+ - djm@cvs.openbsd.org 2011/06/17 21:46:16
+ [sftp-server.c]
+ the protocol version should be unsigned; bz#1913 reported by mb AT
+ smartftp.com
+ - djm@cvs.openbsd.org 2011/06/17 21:47:35
+ [servconf.c]
+ factor out multi-choice option parsing into a parse_multistate label
+ and some support structures; ok dtucker@
+ - djm@cvs.openbsd.org 2011/06/17 21:57:25
+ [clientloop.c]
+ setproctitle for a mux master that has been gracefully stopped;
+ bz#1911 from Bert.Wesarg AT googlemail.com
+
+20110603
+ - (dtucker) [README version.h contrib/caldera/openssh.spec
+ contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
+ bumps from the 5.8p2 branch into HEAD. ok djm.
+ - (tim) [configure.ac defines.h] Run test program to detect system mail
+ directory. Add --with-maildir option to override. Fixed OpenServer 6
+ getting it wrong. Fixed many systems having MAIL=/var/mail//username
+ ok dtucker
+ - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair
+ unconditionally in other places and the survey data we have does not show
+ any systems that use it. "nuke it" djm@
+ - (djm) [configure.ac] enable setproctitle emulation for OS X
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/06/03 00:54:38
+ [ssh.c]
+ bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
+ AT googlemail.com; ok dtucker@
+ NB. includes additional portability code to enable setproctitle emulation
+ on platforms that don't support it.
+ - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
+ [ssh-agent.c]
+ Check current parent process ID against saved one to determine if the parent
+ has exited, rather than attempting to send a zero signal, since the latter
+ won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn
+ Gillmor, ok djm@
+ - dtucker@cvs.openbsd.org 2011/05/31 02:01:58
+ [regress/dynamic-forward.sh]
+ back out revs 1.6 and 1.5 since it's not reliable
+ - dtucker@cvs.openbsd.org 2011/05/31 02:03:34
+ [regress/dynamic-forward.sh]
+ work around startup and teardown races; caught by deraadt
+ - dtucker@cvs.openbsd.org 2011/06/03 00:29:52
+ [regress/dynamic-forward.sh]
+ Retry establishing the port forwarding after a small delay, should make
+ the tests less flaky when the previous test is slow to shut down and free
+ up the port.
+ - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
+
+20110529
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/05/23 03:30:07
+ [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
+ [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
+ allow AuthorizedKeysFile to specify multiple files, separated by spaces.
+ Bring back authorized_keys2 as a default search path (to avoid breaking
+ existing users of this file), but override this in sshd_config so it will
+ be no longer used on fresh installs. Maybe in 2015 we can remove it
+ entierly :)
+
+ feedback and ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2011/05/23 03:33:38
+ [auth.c]
+ make secure_filename() spam debug logs less
+ - djm@cvs.openbsd.org 2011/05/23 03:52:55
+ [sshconnect.c]
+ remove extra newline
+ - jmc@cvs.openbsd.org 2011/05/23 07:10:21
+ [sshd.8 sshd_config.5]
+ tweak previous; ok djm
+ - djm@cvs.openbsd.org 2011/05/23 07:24:57
+ [authfile.c]
+ read in key comments for v.2 keys (though note that these are not
+ passed over the agent protocol); bz#439, based on patch from binder
+ AT arago.de; ok markus@
+ - djm@cvs.openbsd.org 2011/05/24 07:15:47
+ [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
+ Remove undocumented legacy options UserKnownHostsFile2 and
+ GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
+ accept multiple paths per line and making their defaults include
+ known_hosts2; ok markus
+ - djm@cvs.openbsd.org 2011/05/23 03:31:31
+ [regress/cfgmatch.sh]
+ include testing of multiple/overridden AuthorizedKeysFiles
+ refactor to simply daemon start/stop and get rid of racy constructs
+
+20110520
+ - (djm) [session.c] call setexeccon() before executing passwd for pw
+ changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
+ - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
+ options, we should corresponding -W-option when trying to determine
+ whether it is accepted. Also includes a warning fix on the program
+ fragment uses (bad main() return type).
+ bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
+ - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/05/15 08:09:01
+ [authfd.c monitor.c serverloop.c]
+ use FD_CLOEXEC consistently; patch from zion AT x96.org
+ - djm@cvs.openbsd.org 2011/05/17 07:13:31
+ [key.c]
+ fatal() if asked to generate a legacy ECDSA cert (these don't exist)
+ and fix the regress test that was trying to generate them :)
+ - djm@cvs.openbsd.org 2011/05/20 00:55:02
+ [servconf.c]
+ the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
+ and AuthorizedPrincipalsFile were not being correctly applied in
+ Match blocks, despite being overridable there; ok dtucker@
+ - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
+ [servconf.c]
+ Add comment documenting what should be after the preauth check. ok djm
+ - djm@cvs.openbsd.org 2011/05/20 03:25:45
+ [monitor.c monitor_wrap.c servconf.c servconf.h]
+ use a macro to define which string options to copy between configs
+ for Match. This avoids problems caused by forgetting to keep three
+ code locations in perfect sync and ordering
+
+ "this is at once beautiful and horrible" + ok dtucker@
+ - djm@cvs.openbsd.org 2011/05/17 07:13:31
+ [regress/cert-userkey.sh]
+ fatal() if asked to generate a legacy ECDSA cert (these don't exist)
+ and fix the regress test that was trying to generate them :)
+ - djm@cvs.openbsd.org 2011/05/20 02:43:36
+ [cert-hostkey.sh]
+ another attempt to generate a v00 ECDSA key that broke the test
+ ID sync only - portable already had this somehow
+ - dtucker@cvs.openbsd.org 2011/05/20 05:19:50
+ [dynamic-forward.sh]
+ Prevent races in dynamic forwarding test; ok djm
+ - dtucker@cvs.openbsd.org 2011/05/20 06:32:30
+ [dynamic-forward.sh]
+ fix dumb error in dynamic-forward test
+
+20110515
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/05/05 05:12:08
+ [mux.c]
+ gracefully fall back when ControlPath is too large for a
+ sockaddr_un. ok markus@ as part of a larger diff
+ - dtucker@cvs.openbsd.org 2011/05/06 01:03:35
+ [sshd_config]
+ clarify language about overriding defaults. bz#1892, from Petr Cerny
+ - djm@cvs.openbsd.org 2011/05/06 01:09:53
+ [sftp.1]
+ mention that IPv6 addresses must be enclosed in square brackets;
+ bz#1845
+ - djm@cvs.openbsd.org 2011/05/06 02:05:41
+ [sshconnect2.c]
+ fix memory leak; bz#1849 ok dtucker@
+ - djm@cvs.openbsd.org 2011/05/06 21:14:05
+ [packet.c packet.h]
+ set traffic class for IPv6 traffic as we do for IPv4 TOS;
+ patch from lionel AT mamane.lu via Colin Watson in bz#1855;
+ ok markus@
+ - djm@cvs.openbsd.org 2011/05/06 21:18:02
+ [ssh.c ssh_config.5]
+ add a %L expansion (short-form of the local host name) for ControlPath;
+ sync some more expansions with LocalCommand; ok markus@
+ - djm@cvs.openbsd.org 2011/05/06 21:31:38
+ [readconf.c ssh_config.5]
+ support negated Host matching, e.g.
+
+ Host *.example.org !c.example.org
+ User mekmitasdigoat
+
+ Will match "a.example.org", "b.example.org", but not "c.example.org"
+ ok markus@
+ - djm@cvs.openbsd.org 2011/05/06 21:34:32
+ [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
+ Add a RequestTTY ssh_config option to allow configuration-based
+ control over tty allocation (like -t/-T); ok markus@
+ - djm@cvs.openbsd.org 2011/05/06 21:38:58
+ [ssh.c]
+ fix dropping from previous diff
+ - djm@cvs.openbsd.org 2011/05/06 22:20:10
+ [PROTOCOL.mux]
+ fix numbering; from bert.wesarg AT googlemail.com
+ - jmc@cvs.openbsd.org 2011/05/07 23:19:39
+ [ssh_config.5]
+ - tweak previous
+ - come consistency fixes
+ ok djm
+ - jmc@cvs.openbsd.org 2011/05/07 23:20:25
+ [ssh.1]
+ +.It RequestTTY
+ - djm@cvs.openbsd.org 2011/05/08 12:52:01
+ [PROTOCOL.mux clientloop.c clientloop.h mux.c]
+ improve our behaviour when TTY allocation fails: if we are in
+ RequestTTY=auto mode (the default), then do not treat at TTY
+ allocation error as fatal but rather just restore the local TTY
+ to cooked mode and continue. This is more graceful on devices that
+ never allocate TTYs.
+
+ If RequestTTY is set to "yes" or "force", then failure to allocate
+ a TTY is fatal.
+
+ ok markus@
+ - djm@cvs.openbsd.org 2011/05/10 05:46:46
+ [authfile.c]
+ despam debug() logs by detecting that we are trying to load a private key
+ in key_try_load_public() and returning early; ok markus@
+ - djm@cvs.openbsd.org 2011/05/11 04:47:06
+ [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
+ remove support for authorized_keys2; it is a relic from the early days
+ of protocol v.2 support and has been undocumented for many years;
+ ok markus@
+ - djm@cvs.openbsd.org 2011/05/13 00:05:36
+ [authfile.c]
+ warn on unexpected key type in key_parse_private_type()
+ - (djm) [packet.c] unbreak portability #endif
+
+20110510
+ - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
+ --with-ssl-engine which was broken with the change from deprecated
+ SSLeay_add_all_algorithms(). ok djm
+
+20110506
+ - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
+ for closefrom() in test code. Report from Dan Wallis via Gentoo.
+
+20110505
+ - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
+ definitions. From des AT des.no
+ - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
+ [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
+ [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
+ [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
+ [regress/README.regress] Remove ssh-rand-helper and all its
+ tentacles. PRNGd seeding has been rolled into entropy.c directly.
+ Thanks to tim@ for testing on affected platforms.
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/03/10 02:52:57
+ [auth2-gss.c auth2.c auth.h]
+ allow GSSAPI authentication to detect when a server-side failure causes
+ authentication failure and don't count such failures against MaxAuthTries;
+ bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
+ - okan@cvs.openbsd.org 2011/03/15 10:36:02
+ [ssh-keyscan.c]
+ use timerclear macro
+ ok djm@
+ - stevesk@cvs.openbsd.org 2011/03/23 15:16:22
+ [ssh-keygen.1 ssh-keygen.c]
+ Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
+ for which host keys do not exist, generate the host keys with the
+ default key file path, an empty passphrase, default bits for the key
+ type, and default comment. This will be used by /etc/rc to generate
+ new host keys. Idea from deraadt.
+ ok deraadt
+ - stevesk@cvs.openbsd.org 2011/03/23 16:24:56
+ [ssh-keygen.1]
+ -q not used in /etc/rc now so remove statement.
+ - stevesk@cvs.openbsd.org 2011/03/23 16:50:04
+ [ssh-keygen.c]
+ remove -d, documentation removed >10 years ago; ok markus
+ - jmc@cvs.openbsd.org 2011/03/24 15:29:30
+ [ssh-keygen.1]
+ zap trailing whitespace;
+ - stevesk@cvs.openbsd.org 2011/03/24 22:14:54
+ [ssh-keygen.c]
+ use strcasecmp() for "clear" cert permission option also; ok djm
+ - stevesk@cvs.openbsd.org 2011/03/29 18:54:17
+ [misc.c misc.h servconf.c]
+ print ipqos friendly string for sshd -T; ok markus
+ # sshd -Tf sshd_config|grep ipqos
+ ipqos lowdelay throughput
+ - djm@cvs.openbsd.org 2011/04/12 04:23:50
+ [ssh-keygen.c]
+ fix -Wshadow
+ - djm@cvs.openbsd.org 2011/04/12 05:32:49
+ [sshd.c]
+ exit with 0 status on SIGTERM; bz#1879
+ - djm@cvs.openbsd.org 2011/04/13 04:02:48
+ [ssh-keygen.1]
+ improve wording; bz#1861
+ - djm@cvs.openbsd.org 2011/04/13 04:09:37
+ [ssh-keygen.1]
+ mention valid -b sizes for ECDSA keys; bz#1862
+ - djm@cvs.openbsd.org 2011/04/17 22:42:42
+ [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
+ allow graceful shutdown of multiplexing: request that a mux server
+ removes its listener socket and refuse future multiplexing requests;
+ ok markus@
+ - djm@cvs.openbsd.org 2011/04/18 00:46:05
+ [ssh-keygen.c]
+ certificate options are supposed to be packed in lexical order of
+ option name (though we don't actually enforce this at present).
+ Move one up that was out of sequence
+ - djm@cvs.openbsd.org 2011/05/04 21:15:29
+ [authfile.c authfile.h ssh-add.c]
+ allow "ssh-add - < key"; feedback and ok markus@
+ - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
+ so autoreconf 2.68 is happy.
+ - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
+
+20110221
+ - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
+ Cygwin-specific service installer script ssh-host-config. The actual
+ functionality is the same, the revisited version is just more
+ exact when it comes to check for problems which disallow to run
+ certain aspects of the script. So, part of this script and the also
+ rearranged service helper script library "csih" is to check if all
+ the tools required to run the script are available on the system.
+ The new script also is more thorough to inform the user why the
+ script failed. Patch from vinschen at redhat com.
+
+20110218
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/02/16 00:31:14
+ [ssh-keysign.c]
+ make hostbased auth with ECDSA keys work correctly. Based on patch
+ by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
+
+20110206
+ - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
+ selinux code. Patch from Leonardo Chiquitto
+ - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
+ generation and simplify. Patch from Corinna Vinschen.
+
+20110204
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/01/31 21:42:15
+ [PROTOCOL.mux]
+ cut'n'pasto; from bert.wesarg AT googlemail.com
+ - djm@cvs.openbsd.org 2011/02/04 00:44:21
+ [key.c]
+ fix uninitialised nonce variable; reported by Mateusz Kocielski
+ - djm@cvs.openbsd.org 2011/02/04 00:44:43
+ [version.h]
+ openssh-5.8
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] update versions in docs and spec files.
+ - Release OpenSSH 5.8p1
+
+20110128
+ - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
+ before attempting setfscreatecon(). Check whether matchpathcon()
+ succeeded before using its result. Patch from cjwatson AT debian.org;
+ bz#1851
+
+20110127
+ - (tim) [config.guess config.sub] Sync with upstream.
+ - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
+ AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
+ AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
+ space changes for consistency/readability. Makes autoconf 2.68 happy.
+ "Nice work" djm
+
+20110125
+ - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
+ openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
+ port-linux.c to avoid compilation errors. Add -lselinux to ssh when
+ building with SELinux support to avoid linking failure; report from
+ amk AT spamfence.net; ok dtucker
+
+20110122
+ - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
+ RSA_get_default_method() for the benefit of openssl versions that don't
+ have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
+ ok djm@.
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/01/22 09:18:53
+ [version.h]
+ crank to OpenSSH-5.7
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] update versions in docs and spec files.
+ - (djm) Release 5.7p1
+
+20110119
+ - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
+ of RPM so build completes. Signatures were changed to .asc since 4.1p1.
+ - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
+ 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
+ release testing (random crashes and failure to load ECC keys).
+ ok dtucker@
+
+20110117
+ - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
+ $PATH, fix cleanup of droppings; reported by openssh AT
+ roumenpetrov.info; ok dtucker@
+ - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
+ its unique snowflake of a gdb error to the ones we look for.
+ - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
+ ssh-add to avoid $SUDO failures on Linux
+ - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
+ Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
+ to the old values. Feedback from vapier at gentoo org and djm, ok djm.
+ - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
+ [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
+ disabled on platforms that do not support them; add a "config_defined()"
+ shell function that greps for defines in config.h and use them to decide
+ on feature tests.
+ Convert a couple of existing grep's over config.h to use the new function
+ Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
+ backslash characters in filenames, enable it for Cygwin and use it to turn
+ of tests for quotes backslashes in sftp-glob.sh.
+ based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
+ - (tim) [regress/agent-getpeereid.sh] shell portability fix.
+ - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
+ the tinderbox.
+ - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
+ configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
+ support, based on patches from Tomas Mraz and jchadima at redhat.
+
+20110116
+ - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
+ on configurations that don't have it.
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/01/16 11:50:05
+ [clientloop.c]
+ Use atomicio when flushing protocol 1 std{out,err} buffers at
+ session close. This was a latent bug exposed by setting a SIGCHLD
+ handler and spotted by kevin.brott AT gmail.com; ok dtucker@
+ - djm@cvs.openbsd.org 2011/01/16 11:50:36
+ [sshconnect.c]
+ reset the SIGPIPE handler when forking to execute child processes;
+ ok dtucker@
+ - djm@cvs.openbsd.org 2011/01/16 12:05:59
+ [clientloop.c]
+ a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
+ now that we use atomicio(), convert them from while loops to if statements
+ add test and cast to compile cleanly with -Wsigned
+
+20110114
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/01/13 21:54:53
+ [mux.c]
+ correct error messages; patch from bert.wesarg AT googlemail.com
+ - djm@cvs.openbsd.org 2011/01/13 21:55:25
+ [PROTOCOL.mux]
+ correct protocol names and add a couple of missing protocol number
+ defines; patch from bert.wesarg AT googlemail.com
+ - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
+ host-key-force target rather than a substitution that is replaced with a
+ comment so that the Makefile.in is still a syntactically valid Makefile
+ (useful to run the distprep target)
+ - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
+ - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
+ ecdsa bits.
+
+20110113
+ - (djm) [misc.c] include time.h for nanosleep() prototype
+ - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
+ - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
+ ecdsa keys. ok djm.
+ - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
+ gcc warning on platforms where it defaults to int
+ - (djm) [regress/Makefile] add a few more generated files to the clean
+ target
+ - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
+ #define that was causing diffie-hellman-group-exchange-sha256 to be
+ incorrectly disabled
+ - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
+ should not depend on ECC support
+
+20110112
+ - OpenBSD CVS Sync
+ - nicm@cvs.openbsd.org 2010/10/08 21:48:42
+ [openbsd-compat/glob.c]
+ Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
+ from ARG_MAX to 64K.
+ Fixes glob-using programs (notably ftp) able to be triggered to hit
+ resource limits.
+ Idea from a similar NetBSD change, original problem reported by jasper@.
+ ok millert tedu jasper
+ - djm@cvs.openbsd.org 2011/01/12 01:53:14
+ avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
+ and sanity check arguments (these will be unnecessary when we switch
+ struct glob members from being type into to size_t in the future);
+ "looks ok" tedu@ feedback guenther@
+ - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
+ silly warnings on write() calls we don't care succeed or not.
+ - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
+ flag tests that don't depend on gcc version at all; suggested by and
+ ok dtucker@
+
+20110111
+ - (tim) [regress/host-expand.sh] Fix for building outside of read only
+ source tree.
+ - (djm) [platform.c] Some missing includes that show up under -Werror
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/01/08 10:51:51
+ [clientloop.c]
+ use host and not options.hostname, as the latter may have unescaped
+ substitution characters
+ - djm@cvs.openbsd.org 2011/01/11 06:06:09
+ [sshlogin.c]
+ fd leak on error paths; from zinovik@
+ NB. Id sync only; we use loginrec.c that was also audited and fixed
+ recently
+ - djm@cvs.openbsd.org 2011/01/11 06:13:10
+ [clientloop.c ssh-keygen.c sshd.c]
+ some unsigned long long casts that make things a bit easier for
+ portable without resorting to dropping PRIu64 formats everywhere
+
+20110109
+ - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
+ openssh AT roumenpetrov.info
+
+20110108
+ - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
+ test on OSX and others. Reported by imorgan AT nas.nasa.gov
+
+20110107
+ - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
+ for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
+ - djm@cvs.openbsd.org 2011/01/06 22:23:53
+ [ssh.c]
+ unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
+ googlemail.com; ok markus@
+ - djm@cvs.openbsd.org 2011/01/06 22:23:02
+ [clientloop.c]
+ when exiting due to ServerAliveTimeout, mention the hostname that caused
+ it (useful with backgrounded controlmaster)
+ - djm@cvs.openbsd.org 2011/01/06 22:46:21
+ [regress/Makefile regress/host-expand.sh]
+ regress test for LocalCommand %n expansion from bert.wesarg AT
+ googlemail.com; ok markus@
+ - djm@cvs.openbsd.org 2011/01/06 23:01:35
+ [sshconnect.c]
+ reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
+ ok markus@
+
+20110106
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2010/12/08 22:46:03
+ [scp.1 scp.c]
+ add a new -3 option to scp: Copies between two remote hosts are
+ transferred through the local host. Without this option the data
+ is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
+ - jmc@cvs.openbsd.org 2010/12/09 14:13:33
+ [scp.1 scp.c]
+ scp.1: grammer fix
+ scp.c: add -3 to usage()
+ - markus@cvs.openbsd.org 2010/12/14 11:59:06
+ [sshconnect.c]
+ don't mention key type in key-changed-warning, since we also print
+ this warning if a new key type appears. ok djm@
+ - djm@cvs.openbsd.org 2010/12/15 00:49:27
+ [readpass.c]
+ fix ControlMaster=ask regression
+ reset SIGCHLD handler before fork (and restore it after) so we don't miss
+ the the askpass child's exit status. Correct test for exit status/signal to
+ account for waitpid() failure; with claudio@ ok claudio@ markus@
+ - djm@cvs.openbsd.org 2010/12/24 21:41:48
+ [auth-options.c]
+ don't send the actual forced command in a debug message; ok markus deraadt
+ - otto@cvs.openbsd.org 2011/01/04 20:44:13
+ [ssh-keyscan.c]
+ handle ecdsa-sha2 with various key lengths; hint and ok djm@
+
+20110104
+ - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
+ formatter if it is present, followed by nroff and groff respectively.
+ Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
+ in favour of mandoc). feedback and ok tim
+
+20110103
+ - (djm) [Makefile.in] revert local hack I didn't intend to commit
+
+20110102
+ - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
+ - (djm) [configure.ac] Check whether libdes is needed when building
+ with Heimdal krb5 support. On OpenBSD this library no longer exists,
+ so linking it unconditionally causes a build failure; ok dtucker
+
+20101226
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/12/08 04:02:47
+ [ssh_config.5 sshd_config.5]
+ explain that IPQoS arguments are separated by whitespace; iirc requested
+ by jmc@ a while back
+
+20101205
+ - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
+ debugging. Spotted by djm.
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/12/03 23:49:26
+ [schnorr.c]
+ check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
+ (this code is still disabled, but apprently people are treating it as
+ a reference implementation)
+ - djm@cvs.openbsd.org 2010/12/03 23:55:27
+ [auth-rsa.c]
+ move check for revoked keys to run earlier (in auth_rsa_key_allowed)
+ bz#1829; patch from ldv AT altlinux.org; ok markus@
+ - djm@cvs.openbsd.org 2010/12/04 00:18:01
+ [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
+ add a protocol extension to support a hard link operation. It is
+ available through the "ln" command in the client. The old "ln"
+ behaviour of creating a symlink is available using its "-s" option
+ or through the preexisting "symlink" command; based on a patch from
+ miklos AT szeredi.hu in bz#1555; ok markus@
+ - djm@cvs.openbsd.org 2010/12/04 13:31:37
+ [hostfile.c]
+ fix fd leak; spotted and ok dtucker
+ - djm@cvs.openbsd.org 2010/12/04 00:21:19
+ [regress/sftp-cmds.sh]
+ adjust for hard-link support
+ - (dtucker) [regress/Makefile] Id sync.
+
+20101204
+ - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
+ instead of (arc4random() % range)
+ - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
+ shims for the new, non-deprecated OpenSSL key generation functions for
+ platforms that don't have the new interfaces.
+
+20101201
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
+ [auth2-pubkey.c]
+ clean up cases of ;;
+ - djm@cvs.openbsd.org 2010/11/21 01:01:13
+ [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
+ honour $TMPDIR for client xauth and ssh-agent temporary directories;
+ feedback and ok markus@
+ - djm@cvs.openbsd.org 2010/11/21 10:57:07
+ [authfile.c]
+ Refactor internals of private key loading and saving to work on memory
+ buffers rather than directly on files. This will make a few things
+ easier to do in the future; ok markus@
+ - djm@cvs.openbsd.org 2010/11/23 02:35:50
+ [auth.c]
+ use strict_modes already passed as function argument over referencing
+ global options.strict_modes
+ - djm@cvs.openbsd.org 2010/11/23 23:57:24
+ [clientloop.c]
+ avoid NULL deref on receiving a channel request on an unknown or invalid
+ channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
+ - djm@cvs.openbsd.org 2010/11/24 01:24:14
+ [channels.c]
+ remove a debug() that pollutes stderr on client connecting to a server
+ in debug mode (channel_close_fds is called transitively from the session
+ code post-fork); bz#1719, ok dtucker
+ - djm@cvs.openbsd.org 2010/11/25 04:10:09
+ [session.c]
+ replace close() loop for fds 3->64 with closefrom();
+ ok markus deraadt dtucker
+ - djm@cvs.openbsd.org 2010/11/26 05:52:49
+ [scp.c]
+ Pass through ssh command-line flags and options when doing remote-remote
+ transfers, e.g. to enable agent forwarding which is particularly useful
+ in this case; bz#1837 ok dtucker@
+ - markus@cvs.openbsd.org 2010/11/29 18:57:04
+ [authfile.c]
+ correctly load comment for encrypted rsa1 keys;
+ report/fix Joachim Schipper; ok djm@
+ - djm@cvs.openbsd.org 2010/11/29 23:45:51
+ [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
+ [sshconnect.h sshconnect2.c]
+ automatically order the hostkeys requested by the client based on
+ which hostkeys are already recorded in known_hosts. This avoids
+ hostkey warnings when connecting to servers with new ECDSA keys
+ that are preferred by default; with markus@
+
+20101124
+ - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
+ into the platform-specific code Only affects SCO, tested by and ok tim@.
+ - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
+ group read/write. ok dtucker@
+ - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
+ - (djm) [defines.h] Add IP DSCP defines
+
+20101122
+ - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
+ from vapier at gentoo org.
+
+20101120
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/11/05 02:46:47
+ [packet.c]
+ whitespace KNF
+ - djm@cvs.openbsd.org 2010/11/10 01:33:07
+ [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
+ use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
+ these have been around for years by this time. ok markus
+ - djm@cvs.openbsd.org 2010/11/13 23:27:51
+ [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
+ [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
+ allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
+ hardcoding lowdelay/throughput.
+
+ bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
+ - jmc@cvs.openbsd.org 2010/11/15 07:40:14
+ [ssh_config.5]
+ libary -> library;
+ - jmc@cvs.openbsd.org 2010/11/18 15:01:00
+ [scp.1 sftp.1 ssh.1 sshd_config.5]
+ add IPQoS to the various -o lists, and zap some trailing whitespace;
+
+20101111
+ - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
+ platforms that don't support ECC. Fixes some spurious warnings reported
+ by tim@
+
+20101109
+ - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
+ Feedback from dtucker@
+ - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
+ support for platforms missing isblank(). ok djm@
+
+20101108
+ - (tim) [regress/Makefile] Fixes to allow building/testing outside source
+ tree.
+ - (tim) [regress/kextype.sh] Shell portability fix.
+
+20101107
+ - (dtucker) [platform.c] includes.h instead of defines.h so that we get
+ the correct typedefs.
+
+20101105
+ - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
+ int. Should fix bz#1817 cleanly; ok dtucker@
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/09/22 12:26:05
+ [regress/Makefile regress/kextype.sh]
+ regress test for each of the key exchange algorithms that we support
+ - djm@cvs.openbsd.org 2010/10/28 11:22:09
+ [authfile.c key.c key.h ssh-keygen.c]
+ fix a possible NULL deref on loading a corrupt ECDH key
+
+ store ECDH group information in private keys files as "named groups"
+ rather than as a set of explicit group parameters (by setting
+ the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
+ retrieves the group's OpenSSL NID that we need for various things.
+ - jmc@cvs.openbsd.org 2010/10/28 18:33:28
+ [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
+ knock out some "-*- nroff -*-" lines;
+ - djm@cvs.openbsd.org 2010/11/04 02:45:34
+ [sftp-server.c]
+ umask should be parsed as octal. reported by candland AT xmission.com;
+ ok markus@
+ - (dtucker) [configure.ac platform.{c,h} session.c
+ openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
+ Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
+ ok djm@
+ - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
+ after the user's groups are established and move the selinux calls into it.
+ - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
+ platform.c
+ - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
+ - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
+ retain previous behavior.
+ - (dtucker) [platform.c session.c] Move the PAM credential establishment for
+ the LOGIN_CAP case into platform.c.
+ - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
+ platform.c
+ - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
+ - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
+ platform.c.
+ - (dtucker) [platform.c session.c] Move PAM credential establishment for the
+ non-LOGIN_CAP case into platform.c.
+ - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
+ check into platform.c
+ - (dtucker) [regress/keytype.sh] Import new test.
+ - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
+ Import recent changes to regress/Makefile, pass a flag to enable ECC tests
+ from configure through to regress/Makefile and use it in the tests.
+ - (dtucker) [regress/kextype.sh] Add missing "test".
+ - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
+ strictly correct since while ECC requires sha256 the reverse is not true
+ however it does prevent spurious test failures.
+ - (dtucker) [platform.c] Need servconf.h and extern options.
+
+20101025
+ - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
+ 1.12 to unbreak Solaris build.
+ ok djm@
+ - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
+ native one.
+
+20101024
+ - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
+ - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
+ which don't have ECC support in libcrypto.
+ - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
+ which don't have ECC support in libcrypto.
+ - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
+ have it.
+ - (dtucker) OpenBSD CVS Sync
+ - sthen@cvs.openbsd.org 2010/10/23 22:06:12
+ [sftp.c]
+ escape '[' in filename tab-completion; fix a type while there.
+ ok djm@
+
+20101021
+ - OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
+ [mux.c]
+ Typo in confirmation message. bz#1827, patch from imorgan at
+ nas nasa gov
+ - djm@cvs.openbsd.org 2010/08/31 12:24:09
+ [regress/cert-hostkey.sh regress/cert-userkey.sh]
+ tests for ECDSA certificates
+
+20101011
+ - (djm) [canohost.c] Zero a4 instead of addr to better match type.
+ bz#1825, reported by foo AT mailinator.com
+ - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
+
+20101011
+ - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
+ dr AT vasco.com
+
+20101007
+ - (djm) [ssh-agent.c] Fix type for curve name.
+ - (djm) OpenBSD CVS Sync
+ - matthew@cvs.openbsd.org 2010/09/24 13:33:00
+ [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
+ [openbsd-compat/timingsafe_bcmp.c]
+ Add timingsafe_bcmp(3) to libc, mention that it's already in the
+ kernel in kern(9), and remove it from OpenSSH.
+ ok deraadt@, djm@
+ NB. re-added under openbsd-compat/ for portable OpenSSH
+ - djm@cvs.openbsd.org 2010/09/25 09:30:16
+ [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
+ make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
+ rountrips to fetch per-file stat(2) information.
+ NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
+ match.
+ - djm@cvs.openbsd.org 2010/09/26 22:26:33
+ [sftp.c]
+ when performing an "ls" in columnated (short) mode, only call
+ ioctl(TIOCGWINSZ) once to get the window width instead of per-
+ filename
+ - djm@cvs.openbsd.org 2010/09/30 11:04:51
+ [servconf.c]
+ prevent free() of string in .rodata when overriding AuthorizedKeys in
+ a Match block; patch from rein AT basefarm.no
+ - djm@cvs.openbsd.org 2010/10/01 23:05:32
+ [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
+ adapt to API changes in openssl-1.0.0a
+ NB. contains compat code to select correct API for older OpenSSL
+ - djm@cvs.openbsd.org 2010/10/05 05:13:18
+ [sftp.c sshconnect.c]
+ use default shell /bin/sh if $SHELL is ""; ok markus@
+ - djm@cvs.openbsd.org 2010/10/06 06:39:28
+ [clientloop.c ssh.c sshconnect.c sshconnect.h]
+ kill proxy command on fatal() (we already kill it on clean exit);
+ ok markus@
+ - djm@cvs.openbsd.org 2010/10/06 21:10:21
+ [sshconnect.c]
+ swapped args to kill(2)
+ - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
+ - (djm) [cipher-acss.c] Add missing header.
+ - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
+
+20100924
+ - (djm) OpenBSD CVS Sync
+ - naddy@cvs.openbsd.org 2010/09/10 15:19:29
+ [ssh-keygen.1]
+ * mention ECDSA in more places
+ * less repetition in FILES section
+ * SSHv1 keys are still encrypted with 3DES
+ help and ok jmc@
+ - djm@cvs.openbsd.org 2010/09/11 21:44:20
+ [ssh.1]
+ mention RFC 5656 for ECC stuff
+ - jmc@cvs.openbsd.org 2010/09/19 21:30:05
+ [sftp.1]
+ more wacky macro fixing;
+ - djm@cvs.openbsd.org 2010/09/20 04:41:47
+ [ssh.c]
+ install a SIGCHLD handler to reap expiried child process; ok markus@
+ - djm@cvs.openbsd.org 2010/09/20 04:50:53
+ [jpake.c schnorr.c]
+ check that received values are smaller than the group size in the
+ disabled and unfinished J-PAKE code.
+ avoids catastrophic security failure found by Sebastien Martini
+ - djm@cvs.openbsd.org 2010/09/20 04:54:07
+ [jpake.c]
+ missing #include
+ - djm@cvs.openbsd.org 2010/09/20 07:19:27
+ [mux.c]
+ "atomically" create the listening mux socket by binding it on a temorary
+ name and then linking it into position after listen() has succeeded.
+ this allows the mux clients to determine that the server socket is
+ either ready or stale without races. stale server sockets are now
+ automatically removed
+ ok deraadt
+ - djm@cvs.openbsd.org 2010/09/22 05:01:30
+ [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
+ [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
+ add a KexAlgorithms knob to the client and server configuration to allow
+ selection of which key exchange methods are used by ssh(1) and sshd(8)
+ and their order of preference.
+ ok markus@
+ - jmc@cvs.openbsd.org 2010/09/22 08:30:08
+ [ssh.1 ssh_config.5]
+ ssh.1: add kexalgorithms to the -o list
+ ssh_config.5: format the kexalgorithms in a more consistent
+ (prettier!) way
+ ok djm
+ - djm@cvs.openbsd.org 2010/09/22 22:58:51
+ [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
+ [sftp-client.h sftp.1 sftp.c]
+ add an option per-read/write callback to atomicio
+
+ factor out bandwidth limiting code from scp(1) into a generic bandwidth
+ limiter that can be attached using the atomicio callback mechanism
+
+ add a bandwidth limit option to sftp(1) using the above
+ "very nice" markus@
+ - jmc@cvs.openbsd.org 2010/09/23 13:34:43
+ [sftp.c]
+ add [-l limit] to usage();
+ - jmc@cvs.openbsd.org 2010/09/23 13:36:46
+ [scp.1 sftp.1]
+ add KexAlgorithms to the -o list;
+
+20100910
+ - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
+ return code since it can apparently return -1 under some conditions. From
+ openssh bugs werbittewas de, ok djm@
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/08/31 12:33:38
+ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
+ reintroduce commit from tedu@, which I pulled out for release
+ engineering:
+ OpenSSL_add_all_algorithms is the name of the function we have a
+ man page for, so use that. ok djm
+ - jmc@cvs.openbsd.org 2010/08/31 17:40:54
+ [ssh-agent.1]
+ fix some macro abuse;
+ - jmc@cvs.openbsd.org 2010/08/31 21:14:58
+ [ssh.1]
+ small text tweak to accommodate previous;
+ - naddy@cvs.openbsd.org 2010/09/01 15:21:35
+ [servconf.c]
+ pick up ECDSA host key by default; ok djm@
+ - markus@cvs.openbsd.org 2010/09/02 16:07:25
+ [ssh-keygen.c]
+ permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
+ - markus@cvs.openbsd.org 2010/09/02 16:08:39
+ [ssh.c]
+ unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
+ - naddy@cvs.openbsd.org 2010/09/02 17:21:50
+ [ssh-keygen.c]
+ Switch ECDSA default key size to 256 bits, which according to RFC5656
+ should still be better than our current RSA-2048 default.
+ ok djm@, markus@
+ - jmc@cvs.openbsd.org 2010/09/03 11:09:29
+ [scp.1]
+ add an EXIT STATUS section for /usr/bin;
+ - jmc@cvs.openbsd.org 2010/09/04 09:38:34
+ [ssh-add.1 ssh.1]
+ two more EXIT STATUS sections;
+ - naddy@cvs.openbsd.org 2010/09/06 17:10:19
+ [sshd_config]
+ add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
+ <mattieu.b@gmail.com>
+ ok deraadt@
+ - djm@cvs.openbsd.org 2010/09/08 03:54:36
+ [authfile.c]
+ typo
+ - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
+ [compress.c]
+ work around name-space collisions some buggy compilers (looking at you
+ gcc, at least in earlier versions, but this does not forgive your current
+ transgressions) seen between zlib and openssl
+ ok djm
+ - djm@cvs.openbsd.org 2010/09/09 10:45:45
+ [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
+ ECDH/ECDSA compliance fix: these methods vary the hash function they use
+ (SHA256/384/512) depending on the length of the curve in use. The previous
+ code incorrectly used SHA256 in all cases.
+
+ This fix will cause authentication failure when using 384 or 521-bit curve
+ keys if one peer hasn't been upgraded and the other has. (256-bit curve
+ keys work ok). In particular you may need to specify HostkeyAlgorithms
+ when connecting to a server that has not been upgraded from an upgraded
+ client.
+
+ ok naddy@
+ - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
+ [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
+ [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
+ platforms that don't have the requisite OpenSSL support. ok dtucker@
+ - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
+ for missing headers and compiler warnings.
+
+20100831
+ - OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2010/08/08 19:36:30
+ [ssh-keysign.8 ssh.1 sshd.8]
+ use the same template for all FILES sections; i.e. -compact/.Pp where we
+ have multiple items, and .Pa for path names;
+ - tedu@cvs.openbsd.org 2010/08/12 23:34:39
+ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
+ OpenSSL_add_all_algorithms is the name of the function we have a man page
+ for, so use that. ok djm
+ - djm@cvs.openbsd.org 2010/08/16 04:06:06
+ [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
+ backout previous temporarily; discussed with deraadt@
+ - djm@cvs.openbsd.org 2010/08/31 09:58:37
+ [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
+ [packet.h ssh-dss.c ssh-rsa.c]
+ Add buffer_get_cstring() and related functions that verify that the
+ string extracted from the buffer contains no embedded \0 characters*
+ This prevents random (possibly malicious) crap from being appended to
+ strings where it would not be noticed if the string is used with
+ a string(3) function.
+
+ Use the new API in a few sensitive places.
+
+ * actually, we allow a single one at the end of the string for now because
+ we don't know how many deployed implementations get this wrong, but don't
+ count on this to remain indefinitely.
+ - djm@cvs.openbsd.org 2010/08/31 11:54:45
+ [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
+ [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
+ [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
+ [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
+ [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
+ [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
+ [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
+ Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
+ host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
+ better performance than plain DH and DSA at the same equivalent symmetric
+ key length, as well as much shorter keys.
+
+ Only the mandatory sections of RFC5656 are implemented, specifically the
+ three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
+ ECDSA. Point compression (optional in RFC5656 is NOT implemented).
+
+ Certificate host and user keys using the new ECDSA key types are supported.
+
+ Note that this code has not been tested for interoperability and may be
+ subject to change.
+
+ feedback and ok markus@
+ - (djm) [Makefile.in] Add new ECC files
+ - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
+ includes.h
+
+20100827
+ - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
+ remove. Patch from martynas at venck us
+
+20100823
+ - (djm) Release OpenSSH-5.6p1
+
+20100816
+ - (dtucker) [configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
+ the compat library which helps on platforms like old IRIX. Based on work
+ by djm, tested by Tom Christensen.
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/08/12 21:49:44
+ [ssh.c]
+ close any extra file descriptors inherited from parent at start and
+ reopen stdin/stdout to /dev/null when forking for ControlPersist.
+
+ prevents tools that fork and run a captive ssh for communication from
+ failing to exit when the ssh completes while they wait for these fds to
+ close. The inherited fds may persist arbitrarily long if a background
+ mux master has been started by ControlPersist. cvs and scp were effected
+ by this.
+
+ "please commit" markus@
+ - (djm) [regress/README.regress] typo
+
+20100812
+ - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
+ regress/test-exec.sh] Under certain conditions when testing with sudo
+ tests would fail because the pidfile could not be read by a regular user.
+ "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
+ Make sure cat is run by $SUDO. no objection from me. djm@
+ - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
+
+20100809
+ - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
+ already set. Makes FreeBSD user openable tunnels useful; patch from
+ richard.burakowski+ossh AT mrburak.net, ok dtucker@
+ - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
+ based in part on a patch from Colin Watson, ok djm@
+
+20100809
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/08/08 16:26:42
+ [version.h]
+ crank to 5.6
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank version numbers
+
+20100805
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/08/04 05:37:01
+ [ssh.1 ssh_config.5 sshd.8]
+ Remove mentions of weird "addr/port" alternate address format for IPv6
+ addresses combinations. It hasn't worked for ages and we have supported
+ the more commen "[addr]:port" format for a long time. ok jmc@ markus@
+ - djm@cvs.openbsd.org 2010/08/04 05:40:39
+ [PROTOCOL.certkeys ssh-keygen.c]
+ tighten the rules for certificate encoding by requiring that options
+ appear in lexical order and make our ssh-keygen comply. ok markus@
+ - djm@cvs.openbsd.org 2010/08/04 05:42:47
+ [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
+ [ssh-keysign.c ssh.c]
+ enable certificates for hostbased authentication, from Iain Morgan;
+ "looks ok" markus@
+ - djm@cvs.openbsd.org 2010/08/04 05:49:22
+ [authfile.c]
+ commited the wrong version of the hostbased certificate diff; this
+ version replaces some strlc{py,at} verbosity with xasprintf() at
+ the request of markus@
+ - djm@cvs.openbsd.org 2010/08/04 06:07:11
+ [ssh-keygen.1 ssh-keygen.c]
+ Support CA keys in PKCS#11 tokens; feedback and ok markus@
+ - djm@cvs.openbsd.org 2010/08/04 06:08:40
+ [ssh-keysign.c]
+ clean for -Wuninitialized (Id sync only; portable had this change)
+ - djm@cvs.openbsd.org 2010/08/05 13:08:42
+ [channels.c]
+ Fix a trio of bugs in the local/remote window calculation for datagram
+ data channels (i.e. TunnelForward):
+
+ Calculate local_consumed correctly in channel_handle_wfd() by measuring
+ the delta to buffer_len(c->output) from when we start to when we finish.
+ The proximal problem here is that the output_filter we use in portable
+ modified the length of the dequeued datagram (to futz with the headers
+ for !OpenBSD).
+
+ In channel_output_poll(), don't enqueue datagrams that won't fit in the
+ peer's advertised packet size (highly unlikely to ever occur) or which
+ won't fit in the peer's remaining window (more likely).
+
+ In channel_input_data(), account for the 4-byte string header in
+ datagram packets that we accept from the peer and enqueue in c->output.
+
+ report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
+ "looks good" markus@
+
+20100803
+ - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
+ PAM to sane values in case the PAM method doesn't write to them. Spotted by
+ Bitman Zhou, ok djm@.
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/07/16 04:45:30
+ [ssh-keygen.c]
+ avoid bogus compiler warning
+ - djm@cvs.openbsd.org 2010/07/16 14:07:35
+ [ssh-rsa.c]
+ more timing paranoia - compare all parts of the expected decrypted
+ data before returning. AFAIK not exploitable in the SSH protocol.
+ "groovy" deraadt@
+ - djm@cvs.openbsd.org 2010/07/19 03:16:33
+ [sftp-client.c]
+ bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
+ upload depth checks and causing verbose printing of transfers to always
+ be turned on; patch from imorgan AT nas.nasa.gov
+ - djm@cvs.openbsd.org 2010/07/19 09:15:12
+ [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
+ add a "ControlPersist" option that automatically starts a background
+ ssh(1) multiplex master when connecting. This connection can stay alive
+ indefinitely, or can be set to automatically close after a user-specified
+ duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
+ further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
+ martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
+ - djm@cvs.openbsd.org 2010/07/21 02:10:58
+ [misc.c]
+ sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
+ - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
+ [ssh.1]
+ Ciphers is documented in ssh_config(5) these days
+
+20100819
+ - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
+ details about its behaviour WRT existing directories. Patch from
+ asguthrie at gmail com, ok djm.
+
+20100716
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/07/02 04:32:44
+ [misc.c]
+ unbreak strdelim() skipping past quoted strings, e.g.
+ AllowUsers "blah blah" blah
+ was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
+ ok dtucker;
+ - djm@cvs.openbsd.org 2010/07/12 22:38:52
+ [ssh.c]
+ Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
+ for protocol 2. ok markus@
+ - djm@cvs.openbsd.org 2010/07/12 22:41:13
+ [ssh.c ssh_config.5]
+ expand %h to the hostname in ssh_config Hostname options. While this
+ sounds useless, it is actually handy for working with unqualified
+ hostnames:
+
+ Host *.*
+ Hostname %h
+ Host *
+ Hostname %h.example.org
+
+ "I like it" markus@
+ - djm@cvs.openbsd.org 2010/07/13 11:52:06
+ [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
+ [packet.c ssh-rsa.c]
+ implement a timing_safe_cmp() function to compare memory without leaking
+ timing information by short-circuiting like memcmp() and use it for
+ some of the more sensitive comparisons (though nothing high-value was
+ readily attackable anyway); "looks ok" markus@
+ - djm@cvs.openbsd.org 2010/07/13 23:13:16
+ [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
+ [ssh-rsa.c]
+ s/timing_safe_cmp/timingsafe_bcmp/g
+ - jmc@cvs.openbsd.org 2010/07/14 17:06:58
+ [ssh.1]
+ finally ssh synopsis looks nice again! this commit just removes a ton of
+ hacks we had in place to make it work with old groff;
+ - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
+ [ssh-keygen.1]
+ repair incorrect block nesting, which screwed up indentation;
+ problem reported and fix OK by jmc@
+
+20100714
+ - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
+ (line 77) should have been for no_x11_askpass.
+
+20100702
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2010/06/26 00:57:07
+ [ssh_config.5]
+ tweak previous;
+ - djm@cvs.openbsd.org 2010/06/26 23:04:04
+ [ssh.c]
+ oops, forgot to #include <canohost.h>; spotted and patch from chl@
+ - djm@cvs.openbsd.org 2010/06/29 23:15:30
+ [ssh-keygen.1 ssh-keygen.c]
+ allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
+ bz#1749; ok markus@
+ - djm@cvs.openbsd.org 2010/06/29 23:16:46
+ [auth2-pubkey.c sshd_config.5]
+ allow key options (command="..." and friends) in AuthorizedPrincipals;
+ ok markus@
+ - jmc@cvs.openbsd.org 2010/06/30 07:24:25
+ [ssh-keygen.1]
+ tweak previous;
+ - jmc@cvs.openbsd.org 2010/06/30 07:26:03
+ [ssh-keygen.c]
+ sort usage();
+ - jmc@cvs.openbsd.org 2010/06/30 07:28:34
+ [sshd_config.5]
+ tweak previous;
+ - millert@cvs.openbsd.org 2010/07/01 13:06:59
+ [scp.c]
+ Fix a longstanding problem where if you suspend scp at the
+ password/passphrase prompt the terminal mode is not restored.
+ OK djm@
+ - phessler@cvs.openbsd.org 2010/06/27 19:19:56
+ [regress/Makefile]
+ fix how we run the tests so we can successfully use SUDO='sudo -E'
+ in our env
+ - djm@cvs.openbsd.org 2010/06/29 23:59:54
+ [cert-userkey.sh]
+ regress tests for key options in AuthorizedPrincipals
+
+20100627
+ - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
+ key.h.
+
+20100626
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/05/21 05:00:36
+ [misc.c]
+ colon() returns char*, so s/return (0)/return NULL/
+ - markus@cvs.openbsd.org 2010/06/08 21:32:19
+ [ssh-pkcs11.c]
+ check length of value returned C_GetAttributValue for != 0
+ from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
+ - djm@cvs.openbsd.org 2010/06/17 07:07:30
+ [mux.c]
+ Correct sizing of object to be allocated by calloc(), replacing
+ sizeof(state) with sizeof(*state). This worked by accident since
+ the struct contained a single int at present, but could have broken
+ in the future. patch from hyc AT symas.com
+ - djm@cvs.openbsd.org 2010/06/18 00:58:39
+ [sftp.c]
+ unbreak ls in working directories that contains globbing characters in
+ their pathnames. bz#1655 reported by vgiffin AT apple.com
+ - djm@cvs.openbsd.org 2010/06/18 03:16:03
+ [session.c]
+ Missing check for chroot_director == "none" (we already checked against
+ NULL); bz#1564 from Jan.Pechanec AT Sun.COM
+ - djm@cvs.openbsd.org 2010/06/18 04:43:08
+ [sftp-client.c]
+ fix memory leak in do_realpath() error path; bz#1771, patch from
+ anicka AT suse.cz
+ - djm@cvs.openbsd.org 2010/06/22 04:22:59
+ [servconf.c sshd_config.5]
+ expose some more sshd_config options inside Match blocks:
+ AuthorizedKeysFile AuthorizedPrincipalsFile
+ HostbasedUsesNameFromPacketOnly PermitTunnel
+ bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
+ - djm@cvs.openbsd.org 2010/06/22 04:32:06
+ [ssh-keygen.c]
+ standardise error messages when attempting to open private key
+ files to include "progname: filename: error reason"
+ bz#1783; ok dtucker@
+ - djm@cvs.openbsd.org 2010/06/22 04:49:47
+ [auth.c]
+ queue auth debug messages for bad ownership or permissions on the user's
+ keyfiles. These messages will be sent after the user has successfully
+ authenticated (where our client will display them with LogLevel=debug).
+ bz#1554; ok dtucker@
+ - djm@cvs.openbsd.org 2010/06/22 04:54:30
+ [ssh-keyscan.c]
+ replace verbose and overflow-prone Linebuf code with read_keyfile_line()
+ based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
+ - djm@cvs.openbsd.org 2010/06/22 04:59:12
+ [session.c]
+ include the user name on "subsystem request for ..." log messages;
+ bz#1571; ok dtucker@
+ - djm@cvs.openbsd.org 2010/06/23 02:59:02
+ [ssh-keygen.c]
+ fix printing of extensions in v01 certificates that I broke in r1.190
+ - djm@cvs.openbsd.org 2010/06/25 07:14:46
+ [channels.c mux.c readconf.c readconf.h ssh.h]
+ bz#1327: remove hardcoded limit of 100 permitopen clauses and port
+ forwards per direction; ok markus@ stevesk@
+ - djm@cvs.openbsd.org 2010/06/25 07:20:04
+ [channels.c session.c]
+ bz#1750: fix requirement for /dev/null inside ChrootDirectory for
+ internal-sftp accidentally introduced in r1.253 by removing the code
+ that opens and dup /dev/null to stderr and modifying the channels code
+ to read stderr but discard it instead; ok markus@
+ - djm@cvs.openbsd.org 2010/06/25 08:46:17
+ [auth1.c auth2-none.c]
+ skip the initial check for access with an empty password when
+ PermitEmptyPasswords=no; bz#1638; ok markus@
+ - djm@cvs.openbsd.org 2010/06/25 23:10:30
+ [ssh.c]
+ log the hostname and address that we connected to at LogLevel=verbose
+ after authentication is successful to mitigate "phishing" attacks by
+ servers with trusted keys that accept authentication silently and
+ automatically before presenting fake password/passphrase prompts;
+ "nice!" markus@
+ - djm@cvs.openbsd.org 2010/06/25 23:10:30
+ [ssh.c]
+ log the hostname and address that we connected to at LogLevel=verbose
+ after authentication is successful to mitigate "phishing" attacks by
+ servers with trusted keys that accept authentication silently and
+ automatically before presenting fake password/passphrase prompts;
+ "nice!" markus@
+
+20100622
+ - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
+ bz#1579; ok dtucker
+
+20100618
+ - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
+ rather than assuming that $CWD == $HOME. bz#1500, patch from
+ timothy AT gelter.com
+
+20100617
+ - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
+ minires-devel package, and to add the reference to the libedit-devel
+ package since CYgwin now provides libedit. Patch from Corinna Vinschen.
+
+20100521
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/05/07 11:31:26
+ [regress/Makefile regress/cert-userkey.sh]
+ regress tests for AuthorizedPrincipalsFile and "principals=" key option.
+ feedback and ok markus@
+ - djm@cvs.openbsd.org 2010/05/11 02:58:04
+ [auth-rsa.c]
+ don't accept certificates marked as "cert-authority" here; ok markus@
+ - djm@cvs.openbsd.org 2010/05/14 00:47:22
+ [ssh-add.c]
+ check that the certificate matches the corresponding private key before
+ grafting it on
+ - djm@cvs.openbsd.org 2010/05/14 23:29:23
+ [channels.c channels.h mux.c ssh.c]
+ Pause the mux channel while waiting for reply from aynch callbacks.
+ Prevents misordering of replies if new requests arrive while waiting.
+
+ Extend channel open confirm callback to allow signalling failure
+ conditions as well as success. Use this to 1) fix a memory leak, 2)
+ start using the above pause mechanism and 3) delay sending a success/
+ failure message on mux slave session open until we receive a reply from
+ the server.
+
+ motivated by and with feedback from markus@
+ - markus@cvs.openbsd.org 2010/05/16 12:55:51
+ [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
+ mux support for remote forwarding with dynamic port allocation,
+ use with
+ LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
+ feedback and ok djm@
+ - djm@cvs.openbsd.org 2010/05/20 11:25:26
+ [auth2-pubkey.c]
+ fix logspam when key options (from="..." especially) deny non-matching
+ keys; reported by henning@ also bz#1765; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2010/05/20 23:46:02
+ [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
+ Move the permit-* options to the non-critical "extensions" field for v01
+ certificates. The logic is that if another implementation fails to
+ implement them then the connection just loses features rather than fails
+ outright.
+
+ ok markus@
+
+20100511
+ - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
+ circular dependency problem on old or odd platforms. From Tom Lane, ok
+ djm@.
+ - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
+ libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
+ already. ok dtucker@
+
+20100510
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/04/23 01:47:41
+ [ssh-keygen.c]
+ bz#1740: display a more helpful error message when $HOME is
+ inaccessible while trying to create .ssh directory. Based on patch
+ from jchadima AT redhat.com; ok dtucker@
+ - djm@cvs.openbsd.org 2010/04/23 22:27:38
+ [mux.c]
+ set "detach_close" flag when registering channel cleanup callbacks.
+ This causes the channel to close normally when its fds close and
+ hangs when terminating a mux slave using ~. bz#1758; ok markus@
+ - djm@cvs.openbsd.org 2010/04/23 22:42:05
+ [session.c]
+ set stderr to /dev/null for subsystems rather than just closing it.
+ avoids hangs if a subsystem or shell initialisation writes to stderr.
+ bz#1750; ok markus@
+ - djm@cvs.openbsd.org 2010/04/23 22:48:31
+ [ssh-keygen.c]
+ refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
+ since we would refuse to use them anyway. bz#1516; ok dtucker@
+ - djm@cvs.openbsd.org 2010/04/26 22:28:24
+ [sshconnect2.c]
+ bz#1502: authctxt.success is declared as an int, but passed by
+ reference to function that accepts sig_atomic_t*. Convert it to
+ the latter; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2010/05/01 02:50:50
+ [PROTOCOL.certkeys]
+ typo; jmeltzer@
+ - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
+ [sftp.c]
+ restore mput and mget which got lost in the tab-completion changes.
+ found by Kenneth Whitaker, ok djm@
+ - djm@cvs.openbsd.org 2010/05/07 11:30:30
+ [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
+ [key.c servconf.c servconf.h sshd.8 sshd_config.5]
+ add some optional indirection to matching of principal names listed
+ in certificates. Currently, a certificate must include the a user's name
+ to be accepted for authentication. This change adds the ability to
+ specify a list of certificate principal names that are acceptable.
+
+ When authenticating using a CA trusted through ~/.ssh/authorized_keys,
+ this adds a new principals="name1[,name2,...]" key option.
+
+ For CAs listed through sshd_config's TrustedCAKeys option, a new config
+ option "AuthorizedPrincipalsFile" specifies a per-user file containing
+ the list of acceptable names.
+
+ If either option is absent, the current behaviour of requiring the
+ username to appear in principals continues to apply.
+
+ These options are useful for role accounts, disjoint account namespaces
+ and "user@realm"-style naming policies in certificates.
+
+ feedback and ok markus@
+ - jmc@cvs.openbsd.org 2010/05/07 12:49:17
+ [sshd_config.5]
+ tweak previous;
+
+20100423
+ - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
+ in the openssl install directory (some newer openssl versions do this on at
+ least some amd64 platforms).
+
+20100418
+ - OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2010/04/16 06:45:01
+ [ssh_config.5]
+ tweak previous; ok djm
+ - jmc@cvs.openbsd.org 2010/04/16 06:47:04
+ [ssh-keygen.1 ssh-keygen.c]
+ tweak previous; ok djm
+ - djm@cvs.openbsd.org 2010/04/16 21:14:27
+ [sshconnect.c]
+ oops, %r => remote username, not %u
+ - djm@cvs.openbsd.org 2010/04/16 01:58:45
+ [regress/cert-hostkey.sh regress/cert-userkey.sh]
+ regression tests for v01 certificate format
+ includes interop tests for v00 certs
+ - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
+ file.
+
+20100416
+ - (djm) Release openssh-5.5p1
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/03/26 03:13:17
+ [bufaux.c]
+ allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
+ argument to allow skipping past values in a buffer
+ - jmc@cvs.openbsd.org 2010/03/26 06:54:36
+ [ssh.1]
+ tweak previous;
+ - jmc@cvs.openbsd.org 2010/03/27 14:26:55
+ [ssh_config.5]
+ tweak previous; ok dtucker
+ - djm@cvs.openbsd.org 2010/04/10 00:00:16
+ [ssh.c]
+ bz#1746 - suppress spurious tty warning when using -O and stdin
+ is not a tty; ok dtucker@ markus@
+ - djm@cvs.openbsd.org 2010/04/10 00:04:30
+ [sshconnect.c]
+ fix terminology: we didn't find a certificate in known_hosts, we found
+ a CA key
+ - djm@cvs.openbsd.org 2010/04/10 02:08:44
+ [clientloop.c]
+ bz#1698: kill channel when pty allocation requests fail. Fixed
+ stuck client if the server refuses pty allocation.
+ ok dtucker@ "think so" markus@
+ - djm@cvs.openbsd.org 2010/04/10 02:10:56
+ [sshconnect2.c]
+ show the key type that we are offering in debug(), helps distinguish
+ between certs and plain keys as the path to the private key is usually
+ the same.
+ - djm@cvs.openbsd.org 2010/04/10 05:48:16
+ [mux.c]
+ fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
+ - djm@cvs.openbsd.org 2010/04/14 22:27:42
+ [ssh_config.5 sshconnect.c]
+ expand %r => remote username in ssh_config:ProxyCommand;
+ ok deraadt markus
+ - markus@cvs.openbsd.org 2010/04/15 20:32:55
+ [ssh-pkcs11.c]
+ retry lookup for private key if there's no matching key with CKA_SIGN
+ attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
+ ok djm@
+ - djm@cvs.openbsd.org 2010/04/16 01:47:26
+ [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
+ [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
+ [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
+ [sshconnect.c sshconnect2.c sshd.c]
+ revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
+ following changes:
+
+ move the nonce field to the beginning of the certificate where it can
+ better protect against chosen-prefix attacks on the signature hash
+
+ Rename "constraints" field to "critical options"
+
+ Add a new non-critical "extensions" field
+
+ Add a serial number
+
+ The older format is still support for authentication and cert generation
+ (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
+
+ ok markus@
diff --git a/openssh-6.0p1/INSTALL b/openssh-6.0p1/INSTALL
new file mode 100644
index 0000000..7c60469
--- /dev/null
+++ b/openssh-6.0p1/INSTALL
@@ -0,0 +1,269 @@
+1. Prerequisites
+----------------
+
+You will need working installations of Zlib and OpenSSL.
+
+Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems):
+http://www.gzip.org/zlib/
+
+OpenSSL 0.9.6 or greater:
+http://www.openssl.org/
+
+(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
+Blowfish) do not work correctly.)
+
+The remaining items are optional.
+
+NB. If you operating system supports /dev/random, you should configure
+OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
+/dev/random, or failing that, either prngd or egd
+
+PRNGD:
+
+If your system lacks kernel-based random collection, the use of Lutz
+Jaenicke's PRNGd is recommended.
+
+http://prngd.sourceforge.net/
+
+EGD:
+
+The Entropy Gathering Daemon (EGD) is supported if you have a system which
+lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
+
+http://www.lothar.com/tech/crypto/
+
+PAM:
+
+OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
+system supports it. PAM is standard most Linux distributions, Solaris,
+HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD.
+
+Information about the various PAM implementations are available:
+
+Solaris PAM: http://www.sun.com/software/solaris/pam/
+Linux PAM: http://www.kernel.org/pub/linux/libs/pam/
+OpenPAM: http://www.openpam.org/
+
+If you wish to build the GNOME passphrase requester, you will need the GNOME
+libraries and headers.
+
+GNOME:
+http://www.gnome.org/
+
+Alternatively, Jim Knoble <jmknoble@pobox.com> has written an excellent X11
+passphrase requester. This is maintained separately at:
+
+http://www.jmknoble.net/software/x11-ssh-askpass/
+
+TCP Wrappers:
+
+If you wish to use the TCP wrappers functionality you will need at least
+tcpd.h and libwrap.a, either in the standard include and library paths,
+or in the directory specified by --with-tcp-wrappers. Version 7.6 is
+known to work.
+
+http://ftp.porcupine.org/pub/security/index.html
+
+S/Key Libraries:
+
+If you wish to use --with-skey then you will need the library below
+installed. No other S/Key library is currently known to be supported.
+
+http://www.sparc.spb.su/solaris/skey/
+
+LibEdit:
+
+sftp supports command-line editing via NetBSD's libedit. If your platform
+has it available natively you can use that, alternatively you might try
+these multi-platform ports:
+
+http://www.thrysoee.dk/editline/
+http://sourceforge.net/projects/libedit/
+
+LDNS:
+
+LDNS is a DNS BSD-licensed resolver library which supports DNSSEC.
+
+http://nlnetlabs.nl/projects/ldns/
+
+Autoconf:
+
+If you modify configure.ac or configure doesn't exist (eg if you checked
+the code out of CVS yourself) then you will need autoconf-2.61 to rebuild
+the automatically generated files by running "autoreconf". Earlier
+versions may also work but this is not guaranteed.
+
+http://www.gnu.org/software/autoconf/
+
+Basic Security Module (BSM):
+
+Native BSM support is know to exist in Solaris from at least 2.5.1,
+FreeBSD 6.1 and OS X. Alternatively, you may use the OpenBSM
+implementation (http://www.openbsm.org).
+
+
+2. Building / Installation
+--------------------------
+
+To install OpenSSH with default options:
+
+./configure
+make
+make install
+
+This will install the OpenSSH binaries in /usr/local/bin, configuration files
+in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different
+installation prefix, use the --prefix option to configure:
+
+./configure --prefix=/opt
+make
+make install
+
+Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override
+specific paths, for example:
+
+./configure --prefix=/opt --sysconfdir=/etc/ssh
+make
+make install
+
+This will install the binaries in /opt/{bin,lib,sbin}, but will place the
+configuration files in /etc/ssh.
+
+If you are using Privilege Separation (which is enabled by default)
+then you will also need to create the user, group and directory used by
+sshd for privilege separation. See README.privsep for details.
+
+If you are using PAM, you may need to manually install a PAM control
+file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
+them). Note that the service name used to start PAM is __progname,
+which is the basename of the path of your sshd (e.g., the service name
+for /usr/sbin/osshd will be osshd). If you have renamed your sshd
+executable, your PAM configuration may need to be modified.
+
+A generic PAM configuration is included as "contrib/sshd.pam.generic",
+you may need to edit it before using it on your system. If you are
+using a recent version of Red Hat Linux, the config file in
+contrib/redhat/sshd.pam should be more useful. Failure to install a
+valid PAM file may result in an inability to use password
+authentication. On HP-UX 11 and Solaris, the standard /etc/pam.conf
+configuration will work with sshd (sshd will match the other service
+name).
+
+There are a few other options to the configure script:
+
+--with-audit=[module] enable additional auditing via the specified module.
+Currently, drivers for "debug" (additional info via syslog) and "bsm"
+(Sun's Basic Security Module) are supported.
+
+--with-pam enables PAM support. If PAM support is compiled in, it must
+also be enabled in sshd_config (refer to the UsePAM directive).
+
+--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
+support and to specify a PRNGd socket. Use this if your Unix lacks
+/dev/random and you don't want to use OpenSSH's builtin entropy
+collection support.
+
+--with-prngd-port=portnum allows you to enable EGD or PRNGD support
+and to specify a EGD localhost TCP port. Use this if your Unix lacks
+/dev/random and you don't want to use OpenSSH's builtin entropy
+collection support.
+
+--with-lastlog=FILE will specify the location of the lastlog file.
+./configure searches a few locations for lastlog, but may not find
+it if lastlog is installed in a different place.
+
+--without-lastlog will disable lastlog support entirely.
+
+--with-osfsia, --without-osfsia will enable or disable OSF1's Security
+Integration Architecture. The default for OSF1 machines is enable.
+
+--with-skey=PATH will enable S/Key one time password support. You will
+need the S/Key libraries and header files installed for this to work.
+
+--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
+support.
+
+--with-md5-passwords will enable the use of MD5 passwords. Enable this
+if your operating system uses MD5 passwords and the system crypt() does
+not support them directly (see the crypt(3/3c) man page). If enabled, the
+resulting binary will support both MD5 and traditional crypt passwords.
+
+--with-utmpx enables utmpx support. utmpx support is automatic for
+some platforms.
+
+--without-shadow disables shadow password support.
+
+--with-ipaddr-display forces the use of a numeric IP address in the
+$DISPLAY environment variable. Some broken systems need this.
+
+--with-default-path=PATH allows you to specify a default $PATH for sessions
+started by sshd. This replaces the standard path entirely.
+
+--with-pid-dir=PATH specifies the directory in which the sshd.pid file is
+created.
+
+--with-xauth=PATH specifies the location of the xauth binary
+
+--with-ssl-dir=DIR allows you to specify where your OpenSSL libraries
+are installed.
+
+--with-ssl-engine enables OpenSSL's (hardware) ENGINE support
+
+--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
+real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
+
+If you need to pass special options to the compiler or linker, you
+can specify these as environment variables before running ./configure.
+For example:
+
+CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
+
+3. Configuration
+----------------
+
+The runtime configuration files are installed by in ${prefix}/etc or
+whatever you specified as your --sysconfdir (/usr/local/etc by default).
+
+The default configuration should be instantly usable, though you should
+review it to ensure that it matches your security requirements.
+
+To generate a host key, run "make host-key". Alternately you can do so
+manually using the following commands:
+
+ ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ""
+ ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
+ ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""
+
+Replacing /etc/ssh with the correct path to the configuration directory.
+(${prefix}/etc or whatever you specified with --sysconfdir during
+configuration)
+
+If you have configured OpenSSH with EGD support, ensure that EGD is
+running and has collected some Entropy.
+
+For more information on configuration, please refer to the manual pages
+for sshd, ssh and ssh-agent.
+
+4. (Optional) Send survey
+-------------------------
+
+$ make survey
+[check the contents of the file "survey" to ensure there's no information
+that you consider sensitive]
+$ make send-survey
+
+This will send configuration information for the currently configured
+host to a survey address. This will help determine which configurations
+are actually in use, and what valid combinations of configure options
+exist. The raw data is available only to the OpenSSH developers, however
+summary data may be published.
+
+5. Problems?
+------------
+
+If you experience problems compiling, installing or running OpenSSH.
+Please refer to the "reporting bugs" section of the webpage at
+http://www.openssh.com/
+
+
+$Id: INSTALL,v 1.87 2011/11/04 00:25:25 dtucker Exp $
diff --git a/openssh-6.0p1/LICENCE b/openssh-6.0p1/LICENCE
new file mode 100644
index 0000000..f523871
--- /dev/null
+++ b/openssh-6.0p1/LICENCE
@@ -0,0 +1,340 @@
+This file is part of the OpenSSH software.
+
+The licences which components of this software fall under are as
+follows. First, we will summarize and say that all components
+are under a BSD licence, or a licence more free than that.
+
+OpenSSH contains no GPL code.
+
+1)
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+
+ [Tatu continues]
+ * However, I am not implying to give any licenses to any patents or
+ * copyrights held by third parties, and the software includes parts that
+ * are not under my direct control. As far as I know, all included
+ * source code is used in accordance with the relevant license agreements
+ * and can be used freely for any purpose (the GNU license being the most
+ * restrictive); see below for details.
+
+ [However, none of that term is relevant at this point in time. All of
+ these restrictively licenced software components which he talks about
+ have been removed from OpenSSH, i.e.,
+
+ - RSA is no longer included, found in the OpenSSL library
+ - IDEA is no longer included, its use is deprecated
+ - DES is now external, in the OpenSSL library
+ - GMP is no longer used, and instead we call BN code from OpenSSL
+ - Zlib is now external, in a library
+ - The make-ssh-known-hosts script is no longer included
+ - TSS has been removed
+ - MD5 is now external, in the OpenSSL library
+ - RC4 support has been replaced with ARC4 support from OpenSSL
+ - Blowfish is now external, in the OpenSSL library
+
+ [The licence continues]
+
+ Note that any information and cryptographic algorithms used in this
+ software are publicly available on the Internet and at any major
+ bookstore, scientific library, and patent office worldwide. More
+ information can be found e.g. at "http://www.cs.hut.fi/crypto".
+
+ The legal status of this program is some combination of all these
+ permissions and restrictions. Use only at your own responsibility.
+ You will be responsible for any legal consequences yourself; I am not
+ making any claims whether possessing or using this is legal or not in
+ your country, and I am not taking any responsibility on your behalf.
+
+
+ NO WARRANTY
+
+ BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+ FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+ OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+ PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+ OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+ TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+ PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+ REPAIR OR CORRECTION.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+ WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+ REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+ INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+ OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+ TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGES.
+
+2)
+ The 32-bit CRC compensation attack detector in deattack.c was
+ contributed by CORE SDI S.A. under a BSD-style license.
+
+ * Cryptographic attack detector for ssh - source code
+ *
+ * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina.
+ *
+ * All rights reserved. Redistribution and use in source and binary
+ * forms, with or without modification, are permitted provided that
+ * this copyright notice is retained.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR
+ * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS
+ * SOFTWARE.
+ *
+ * Ariel Futoransky <futo@core-sdi.com>
+ * <http://www.core-sdi.com>
+
+3)
+ ssh-keyscan was contributed by David Mazieres under a BSD-style
+ license.
+
+ * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
+ *
+ * Modification and redistribution in source and binary forms is
+ * permitted provided that due credit is given to the author and the
+ * OpenBSD project by leaving this copyright notice intact.
+
+4)
+ The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers
+ and Paulo Barreto is in the public domain and distributed
+ with the following license:
+
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+5)
+ One component of the ssh source code is under a 3-clause BSD license,
+ held by the University of California, since we pulled these parts from
+ original Berkeley code.
+
+ * Copyright (c) 1983, 1990, 1992, 1993, 1995
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+
+6)
+ Remaining components of the software are provided under a standard
+ 2-term BSD licence with the following names as copyright holders:
+
+ Markus Friedl
+ Theo de Raadt
+ Niels Provos
+ Dug Song
+ Aaron Campbell
+ Damien Miller
+ Kevin Steves
+ Daniel Kouril
+ Wesley Griffin
+ Per Allansson
+ Nils Nordman
+ Simon Wilkinson
+
+ Portable OpenSSH additionally includes code from the following copyright
+ holders, also under the 2-term BSD license:
+
+ Ben Lindstrom
+ Tim Rice
+ Andre Lucas
+ Chris Adams
+ Corinna Vinschen
+ Cray Inc.
+ Denis Parker
+ Gert Doering
+ Jakob Schlyter
+ Jason Downs
+ Juha Yrjölä
+ Michael Stone
+ Networks Associates Technology, Inc.
+ Solar Designer
+ Todd C. Miller
+ Wayne Schroeder
+ William Jones
+ Darren Tucker
+ Sun Microsystems
+ The SCO Group
+ Daniel Walsh
+ Red Hat, Inc
+ Simon Vallet / Genoscope
+
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+8) Portable OpenSSH contains the following additional licenses:
+
+ a) md5crypt.c, md5crypt.h
+
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file. As long as you retain this
+ * notice you can do whatever you want with this stuff. If we meet
+ * some day, and you think this stuff is worth it, you can buy me a
+ * beer in return. Poul-Henning Kamp
+
+ b) snprintf replacement
+
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell
+ * (papowell@astart.com) It may be used for any purpose as long as this
+ * notice remains intact on all source code distributions
+
+ c) Compatibility code (openbsd-compat)
+
+ Apart from the previously mentioned licenses, various pieces of code
+ in the openbsd-compat/ subdirectory are licensed as follows:
+
+ Some code is licensed under a 3-term BSD license, to the following
+ copyright holders:
+
+ Todd C. Miller
+ Theo de Raadt
+ Damien Miller
+ Eric P. Allman
+ The Regents of the University of California
+ Constantin S. Svintsoff
+
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+
+ Some code is licensed under an ISC-style license, to the following
+ copyright holders:
+
+ Internet Software Consortium.
+ Todd C. Miller
+ Reyk Floeter
+ Chad Mynhier
+
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TODD C. MILLER BE LIABLE
+ * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+ Some code is licensed under a MIT-style license to the following
+ copyright holders:
+
+ Free Software Foundation, Inc.
+
+ * Permission is hereby granted, free of charge, to any person obtaining a *
+ * copy of this software and associated documentation files (the *
+ * "Software"), to deal in the Software without restriction, including *
+ * without limitation the rights to use, copy, modify, merge, publish, *
+ * distribute, distribute with modifications, sublicense, and/or sell *
+ * copies of the Software, and to permit persons to whom the Software is *
+ * furnished to do so, subject to the following conditions: *
+ * *
+ * The above copyright notice and this permission notice shall be included *
+ * in all copies or substantial portions of the Software. *
+ * *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS *
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF *
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. *
+ * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, *
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR *
+ * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR *
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE. *
+ * *
+ * Except as contained in this notice, the name(s) of the above copyright *
+ * holders shall not be used in advertising or otherwise to promote the *
+ * sale, use or other dealings in this Software without prior written *
+ * authorization. *
+ ****************************************************************************/
+
+
+------
+$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $
diff --git a/openssh-6.0p1/Makefile.in b/openssh-6.0p1/Makefile.in
new file mode 100644
index 0000000..566f58f
--- /dev/null
+++ b/openssh-6.0p1/Makefile.in
@@ -0,0 +1,443 @@
+# $Id: Makefile.in,v 1.326 2012/04/04 01:27:57 djm Exp $
+
+# uncomment if you run a non bourne compatable shell. Ie. csh
+#SHELL = @SH@
+
+AUTORECONF=autoreconf
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+bindir=@bindir@
+sbindir=@sbindir@
+libexecdir=@libexecdir@
+datadir=@datadir@
+datarootdir=@datarootdir@
+mandir=@mandir@
+mansubdir=@mansubdir@
+sysconfdir=@sysconfdir@
+piddir=@piddir@
+srcdir=@srcdir@
+top_srcdir=@top_srcdir@
+
+DESTDIR=
+VPATH=@srcdir@
+SSH_PROGRAM=@bindir@/ssh
+ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
+SFTP_SERVER=$(libexecdir)/sftp-server
+SSH_KEYSIGN=$(libexecdir)/ssh-keysign
+SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
+PRIVSEP_PATH=@PRIVSEP_PATH@
+SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+STRIP_OPT=@STRIP_OPT@
+
+PATHS= -DSSHDIR=\"$(sysconfdir)\" \
+ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
+ -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
+ -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
+ -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
+ -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
+ -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
+ -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \
+
+CC=@CC@
+LD=@LD@
+CFLAGS=@CFLAGS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+LIBS=@LIBS@
+SSHLIBS=@SSHLIBS@
+SSHDLIBS=@SSHDLIBS@
+LIBEDIT=@LIBEDIT@
+AR=@AR@
+AWK=@AWK@
+RANLIB=@RANLIB@
+INSTALL=@INSTALL@
+PERL=@PERL@
+SED=@SED@
+ENT=@ENT@
+XAUTH_PATH=@XAUTH_PATH@
+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
+EXEEXT=@EXEEXT@
+MANFMT=@MANFMT@
+
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
+
+LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
+ cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
+ compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
+ log.o match.o md-sha256.o moduli.o nchan.o packet.o \
+ readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
+ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
+ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
+ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \
+ schnorr.o ssh-pkcs11.o
+
+SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+ sshconnect.o sshconnect1.o sshconnect2.o mux.o \
+ roaming_common.o roaming_client.o
+
+SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+ audit.o audit-bsm.o audit-linux.o platform.o \
+ sshpty.o sshlogin.o servconf.o serverloop.o \
+ auth.o auth1.o auth2.o auth-options.o session.o \
+ auth-chall.o auth2-chall.o groupaccess.o \
+ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
+ auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
+ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
+ auth-krb5.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o \
+ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+ sftp-server.o sftp-common.o \
+ roaming_common.o roaming_serv.o \
+ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
+ sandbox-seccomp-filter.o
+
+MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
+MANTYPE = @MANTYPE@
+
+CONFIGFILES=sshd_config.out ssh_config.out moduli.out
+CONFIGFILES_IN=sshd_config ssh_config moduli
+
+PATHSUBS = \
+ -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \
+ -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \
+ -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \
+ -e 's|/usr/libexec|$(libexecdir)|g' \
+ -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \
+ -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \
+ -e 's|/etc/ssh/ssh_host_ecdsa_key|$(sysconfdir)/ssh_host_ecdsa_key|g' \
+ -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
+ -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
+ -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
+ -e 's|/etc/moduli|$(sysconfdir)/moduli|g' \
+ -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
+ -e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \
+ -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
+ -e 's|/var/empty|$(PRIVSEP_PATH)|g' \
+ -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
+
+FIXPATHSCMD = $(SED) $(PATHSUBS)
+
+all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
+
+$(LIBSSH_OBJS): Makefile.in config.h
+$(SSHOBJS): Makefile.in config.h
+$(SSHDOBJS): Makefile.in config.h
+
+.c.o:
+ $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+
+LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
+$(LIBCOMPAT): always
+ (cd openbsd-compat && $(MAKE))
+always:
+
+libssh.a: $(LIBSSH_OBJS)
+ $(AR) rv $@ $(LIBSSH_OBJS)
+ $(RANLIB) $@
+
+ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
+
+sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
+
+scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
+ $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
+ $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
+ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o
+ $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
+ $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
+ $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+
+sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
+ $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
+ $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
+
+# test driver for the loginrec code - not built by default
+logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
+ $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
+
+$(MANPAGES): $(MANPAGES_IN)
+ if test "$(MANTYPE)" = "cat"; then \
+ manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \
+ else \
+ manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \
+ fi; \
+ if test "$(MANTYPE)" = "man"; then \
+ $(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
+ else \
+ $(FIXPATHSCMD) $${manpage} > $@; \
+ fi
+
+$(CONFIGFILES): $(CONFIGFILES_IN)
+ conffile=`echo $@ | sed 's/.out$$//'`; \
+ $(FIXPATHSCMD) $(srcdir)/$${conffile} > $@
+
+# fake rule to stop make trying to compile moduli.o into a binary "moduli.o"
+moduli:
+ echo
+
+clean: regressclean
+ rm -f *.o *.a $(TARGETS) logintest config.cache config.log
+ rm -f *.out core survey
+ (cd openbsd-compat && $(MAKE) clean)
+
+distclean: regressclean
+ rm -f *.o *.a $(TARGETS) logintest config.cache config.log
+ rm -f *.out core opensshd.init openssh.xml
+ rm -f Makefile buildpkg.sh config.h config.status
+ rm -f survey.sh openbsd-compat/regress/Makefile *~
+ rm -rf autom4te.cache
+ (cd openbsd-compat && $(MAKE) distclean)
+ if test -d pkg ; then \
+ rm -fr pkg ; \
+ fi
+
+veryclean: distclean
+ rm -f configure config.h.in *.0
+
+cleandir: veryclean
+
+mrproper: veryclean
+
+realclean: veryclean
+
+catman-do:
+ @for f in $(MANPAGES_IN) ; do \
+ base=`echo $$f | sed 's/\..*$$//'` ; \
+ echo "$$f -> $$base.0" ; \
+ $(MANFMT) $$f | cat -v | sed -e 's/.\^H//g' \
+ >$$base.0 ; \
+ done
+
+distprep: catman-do
+ $(AUTORECONF)
+ -rm -rf autom4te.cache
+
+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
+install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
+install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
+
+check-config:
+ -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
+
+install-files:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+ (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
+ $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+ $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+ $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
+ $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
+ $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
+ $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
+ $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
+ $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
+ $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
+ $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
+ $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
+ $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+ $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+ $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+ $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ -rm -f $(DESTDIR)$(bindir)/slogin
+ ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+ ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+
+install-sysconf:
+ if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
+ fi
+ @if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \
+ $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
+ else \
+ echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \
+ fi
+ @if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
+ $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \
+ else \
+ echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
+ fi
+ @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \
+ if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \
+ echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \
+ mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \
+ else \
+ $(INSTALL) -m 644 moduli.out $(DESTDIR)$(sysconfdir)/moduli; \
+ fi ; \
+ else \
+ echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
+ fi
+
+host-key: ssh-keygen$(EXEEXT)
+ @if [ -z "$(DESTDIR)" ] ; then \
+ if [ -f "$(sysconfdir)/ssh_host_key" ] ; then \
+ echo "$(sysconfdir)/ssh_host_key already exists, skipping." ; \
+ else \
+ ./ssh-keygen -t rsa1 -f $(sysconfdir)/ssh_host_key -N "" ; \
+ fi ; \
+ if [ -f $(sysconfdir)/ssh_host_dsa_key ] ; then \
+ echo "$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \
+ else \
+ ./ssh-keygen -t dsa -f $(sysconfdir)/ssh_host_dsa_key -N "" ; \
+ fi ; \
+ if [ -f $(sysconfdir)/ssh_host_rsa_key ] ; then \
+ echo "$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \
+ else \
+ ./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \
+ fi ; \
+ if [ -z "@COMMENT_OUT_ECC@" ] ; then \
+ if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \
+ echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \
+ else \
+ ./ssh-keygen -t ecdsa -f $(sysconfdir)/ssh_host_ecdsa_key -N "" ; \
+ fi ; \
+ fi ; \
+ fi ;
+
+host-key-force: ssh-keygen$(EXEEXT)
+ ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
+ ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
+ ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
+ test -z "@COMMENT_OUT_ECC@" && ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N ""
+
+uninstallall: uninstall
+ -rm -f $(DESTDIR)$(sysconfdir)/ssh_config
+ -rm -f $(DESTDIR)$(sysconfdir)/sshd_config
+ -rmdir $(DESTDIR)$(sysconfdir)
+ -rmdir $(DESTDIR)$(bindir)
+ -rmdir $(DESTDIR)$(sbindir)
+ -rmdir $(DESTDIR)$(mandir)/$(mansubdir)1
+ -rmdir $(DESTDIR)$(mandir)/$(mansubdir)8
+ -rmdir $(DESTDIR)$(mandir)
+ -rmdir $(DESTDIR)$(libexecdir)
+
+uninstall:
+ -rm -f $(DESTDIR)$(bindir)/slogin
+ -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+ -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
+ -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+ -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
+ -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+
+tests interop-tests: $(TARGETS)
+ BUILDDIR=`pwd`; \
+ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \
+ [ -f `pwd`/regress/Makefile ] || \
+ ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \
+ TEST_SHELL="@TEST_SHELL@"; \
+ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
+ TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
+ TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
+ TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \
+ TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \
+ TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \
+ TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
+ TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
+ TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
+ TEST_SSH_PLINK="plink"; \
+ TEST_SSH_PUTTYGEN="puttygen"; \
+ TEST_SSH_CONCH="conch"; \
+ TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
+ TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
+ TEST_SSH_SHA256="@TEST_SSH_SHA256@" ; \
+ cd $(srcdir)/regress || exit $$?; \
+ $(MAKE) \
+ .OBJDIR="$${BUILDDIR}/regress" \
+ .CURDIR="`pwd`" \
+ BUILDDIR="$${BUILDDIR}" \
+ OBJ="$${BUILDDIR}/regress/" \
+ PATH="$${BUILDDIR}:$${PATH}" \
+ TEST_SHELL="$${TEST_SHELL}" \
+ TEST_SSH_SSH="$${TEST_SSH_SSH}" \
+ TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
+ TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
+ TEST_SSH_SSHADD="$${TEST_SSH_SSHADD}" \
+ TEST_SSH_SSHKEYGEN="$${TEST_SSH_SSHKEYGEN}" \
+ TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \
+ TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
+ TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
+ TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
+ TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \
+ TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \
+ TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
+ TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
+ TEST_SSH_ECC="$${TEST_SSH_ECC}" \
+ TEST_SSH_SHA256="$${TEST_SSH_SHA256}" \
+ EXEEXT="$(EXEEXT)" \
+ $@ && echo all tests passed
+
+compat-tests: $(LIBCOMPAT)
+ (cd openbsd-compat/regress && $(MAKE))
+
+regressclean:
+ if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \
+ (cd regress && $(MAKE) clean) \
+ fi
+
+survey: survey.sh ssh
+ @$(SHELL) ./survey.sh > survey
+ @echo 'The survey results have been placed in the file "survey" in the'
+ @echo 'current directory. Please review the file then send with'
+ @echo '"make send-survey".'
+
+send-survey: survey
+ mail portable-survey@mindrot.org <survey
+
+package: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
+ if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \
+ sh buildpkg.sh; \
+ fi
+
diff --git a/openssh-6.0p1/OVERVIEW b/openssh-6.0p1/OVERVIEW
new file mode 100644
index 0000000..2e1cc0b
--- /dev/null
+++ b/openssh-6.0p1/OVERVIEW
@@ -0,0 +1,168 @@
+[Note: This file has not been updated for OpenSSH versions after
+OpenSSH-1.2 and should be considered OBSOLETE. It has been left in
+the distribution because some of its information may still be useful
+to developers.]
+
+This document is intended for those who wish to read the ssh source
+code. This tries to give an overview of the structure of the code.
+
+Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>
+Updated 17 Nov 1995.
+Updated 19 Oct 1999 for OpenSSH-1.2
+Updated 20 May 2001 note obsolete for > OpenSSH-1.2
+
+The software consists of ssh (client), sshd (server), scp, sdist, and
+the auxiliary programs ssh-keygen, ssh-agent, ssh-add, and
+make-ssh-known-hosts. The main program for each of these is in a .c
+file with the same name.
+
+There are some subsystems/abstractions that are used by a number of
+these programs.
+
+ Buffer manipulation routines
+
+ - These provide an arbitrary size buffer, where data can be appended.
+ Data can be consumed from either end. The code is used heavily
+ throughout ssh. The basic buffer manipulation functions are in
+ buffer.c (header buffer.h), and additional code to manipulate specific
+ data types is in bufaux.c.
+
+ Compression Library
+
+ - Ssh uses the GNU GZIP compression library (ZLIB).
+
+ Encryption/Decryption
+
+ - Ssh contains several encryption algorithms. These are all
+ accessed through the cipher.h interface. The interface code is
+ in cipher.c, and the implementations are in libc.
+
+ Multiple Precision Integer Library
+
+ - Uses the SSLeay BIGNUM sublibrary.
+
+ Random Numbers
+
+ - Uses arc4random() and such.
+
+ RSA key generation, encryption, decryption
+
+ - Ssh uses the RSA routines in libssl.
+
+ RSA key files
+
+ - RSA keys are stored in files with a special format. The code to
+ read/write these files is in authfile.c. The files are normally
+ encrypted with a passphrase. The functions to read passphrases
+ are in readpass.c (the same code is used to read passwords).
+
+ Binary packet protocol
+
+ - The ssh binary packet protocol is implemented in packet.c. The
+ code in packet.c does not concern itself with packet types or their
+ execution; it contains code to build packets, to receive them and
+ extract data from them, and the code to compress and/or encrypt
+ packets. CRC code comes from crc32.c.
+
+ - The code in packet.c calls the buffer manipulation routines
+ (buffer.c, bufaux.c), compression routines (compress.c, zlib),
+ and the encryption routines.
+
+ X11, TCP/IP, and Agent forwarding
+
+ - Code for various types of channel forwarding is in channels.c.
+ The file defines a generic framework for arbitrary communication
+ channels inside the secure channel, and uses this framework to
+ implement X11 forwarding, TCP/IP forwarding, and authentication
+ agent forwarding.
+ The new, Protocol 1.5, channel close implementation is in nchan.c
+
+ Authentication agent
+
+ - Code to communicate with the authentication agent is in authfd.c.
+
+ Authentication methods
+
+ - Code for various authentication methods resides in auth-*.c
+ (auth-passwd.c, auth-rh-rsa.c, auth-rhosts.c, auth-rsa.c). This
+ code is linked into the server. The routines also manipulate
+ known hosts files using code in hostfile.c. Code in canohost.c
+ is used to retrieve the canonical host name of the remote host.
+ Code in match.c is used to match host names.
+
+ - In the client end, authentication code is in sshconnect.c. It
+ reads Passwords/passphrases using code in readpass.c. It reads
+ RSA key files with authfile.c. It communicates the
+ authentication agent using authfd.c.
+
+ The ssh client
+
+ - The client main program is in ssh.c. It first parses arguments
+ and reads configuration (readconf.c), then calls ssh_connect (in
+ sshconnect.c) to open a connection to the server (possibly via a
+ proxy), and performs authentication (ssh_login in sshconnect.c).
+ It then makes any pty, forwarding, etc. requests. It may call
+ code in ttymodes.c to encode current tty modes. Finally it
+ calls client_loop in clientloop.c. This does the real work for
+ the session.
+
+ - The client is suid root. It tries to temporarily give up this
+ rights while reading the configuration data. The root
+ privileges are only used to make the connection (from a
+ privileged socket). Any extra privileges are dropped before
+ calling ssh_login.
+
+ Pseudo-tty manipulation and tty modes
+
+ - Code to allocate and use a pseudo tty is in pty.c. Code to
+ encode and set terminal modes is in ttymodes.c.
+
+ Logging in (updating utmp, lastlog, etc.)
+
+ - The code to do things that are done when a user logs in are in
+ login.c. This includes things such as updating the utmp, wtmp,
+ and lastlog files. Some of the code is in sshd.c.
+
+ Writing to the system log and terminal
+
+ - The programs use the functions fatal(), log(), debug(), error()
+ in many places to write messages to system log or user's
+ terminal. The implementation that logs to system log is in
+ log-server.c; it is used in the server program. The other
+ programs use an implementation that sends output to stderr; it
+ is in log-client.c. The definitions are in ssh.h.
+
+ The sshd server (daemon)
+
+ - The sshd daemon starts by processing arguments and reading the
+ configuration file (servconf.c). It then reads the host key,
+ starts listening for connections, and generates the server key.
+ The server key will be regenerated every hour by an alarm.
+
+ - When the server receives a connection, it forks, disables the
+ regeneration alarm, and starts communicating with the client.
+ They first perform identification string exchange, then
+ negotiate encryption, then perform authentication, preparatory
+ operations, and finally the server enters the normal session
+ mode by calling server_loop in serverloop.c. This does the real
+ work, calling functions in other modules.
+
+ - The code for the server is in sshd.c. It contains a lot of
+ stuff, including:
+ - server main program
+ - waiting for connections
+ - processing new connection
+ - authentication
+ - preparatory operations
+ - building up the execution environment for the user program
+ - starting the user program.
+
+ Auxiliary files
+
+ - There are several other files in the distribution that contain
+ various auxiliary routines:
+ ssh.h the main header file for ssh (various definitions)
+ uidswap.c uid-swapping
+ xmalloc.c "safe" malloc routines
+
+$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $
diff --git a/openssh-6.0p1/PROTOCOL b/openssh-6.0p1/PROTOCOL
new file mode 100644
index 0000000..c281960
--- /dev/null
+++ b/openssh-6.0p1/PROTOCOL
@@ -0,0 +1,294 @@
+This documents OpenSSH's deviations and extensions to the published SSH
+protocol.
+
+Note that OpenSSH's sftp and sftp-server implement revision 3 of the SSH
+filexfer protocol described in:
+
+http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt
+
+Newer versions of the draft will not be supported, though some features
+are individually implemented as extensions described below.
+
+The protocol used by OpenSSH's ssh-agent is described in the file
+PROTOCOL.agent
+
+1. Transport protocol changes
+
+1.1. transport: Protocol 2 MAC algorithm "umac-64@openssh.com"
+
+This is a new transport-layer MAC method using the UMAC algorithm
+(rfc4418). This method is identical to the "umac-64" method documented
+in:
+
+http://www.openssh.com/txt/draft-miller-secsh-umac-01.txt
+
+1.2. transport: Protocol 2 compression algorithm "zlib@openssh.com"
+
+This transport-layer compression method uses the zlib compression
+algorithm (identical to the "zlib" method in rfc4253), but delays the
+start of compression until after authentication has completed. This
+avoids exposing compression code to attacks from unauthenticated users.
+
+The method is documented in:
+
+http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt
+
+1.3. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com",
+ "ssh-dsa-cert-v00@openssh.com",
+ "ecdsa-sha2-nistp256-cert-v01@openssh.com",
+ "ecdsa-sha2-nistp384-cert-v01@openssh.com" and
+ "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+
+OpenSSH introduces new public key algorithms to support certificate
+authentication for users and hostkeys. These methods are documented in
+the file PROTOCOL.certkeys
+
+1.4. transport: Elliptic Curve cryptography
+
+OpenSSH supports ECC key exchange and public key authentication as
+specified in RFC5656. Only the ecdsa-sha2-nistp256, ecdsa-sha2-nistp384
+and ecdsa-sha2-nistp521 curves over GF(p) are supported. Elliptic
+curve points encoded using point compression are NOT accepted or
+generated.
+
+2. Connection protocol changes
+
+2.1. connection: Channel write close extension "eow@openssh.com"
+
+The SSH connection protocol (rfc4254) provides the SSH_MSG_CHANNEL_EOF
+message to allow an endpoint to signal its peer that it will send no
+more data over a channel. Unfortunately, there is no symmetric way for
+an endpoint to request that its peer should cease sending data to it
+while still keeping the channel open for the endpoint to send data to
+the peer.
+
+This is desirable, since it saves the transmission of data that would
+otherwise need to be discarded and it allows an endpoint to signal local
+processes of the condition, e.g. by closing the corresponding file
+descriptor.
+
+OpenSSH implements a channel extension message to perform this
+signalling: "eow@openssh.com" (End Of Write). This message is sent by
+an endpoint when the local output of a session channel is closed or
+experiences a write error. The message is formatted as follows:
+
+ byte SSH_MSG_CHANNEL_REQUEST
+ uint32 recipient channel
+ string "eow@openssh.com"
+ boolean FALSE
+
+On receiving this message, the peer SHOULD cease sending data of
+the channel and MAY signal the process from which the channel data
+originates (e.g. by closing its read file descriptor).
+
+As with the symmetric SSH_MSG_CHANNEL_EOF message, the channel does
+remain open after a "eow@openssh.com" has been sent and more data may
+still be sent in the other direction. This message does not consume
+window space and may be sent even if no window space is available.
+
+NB. due to certain broken SSH implementations aborting upon receipt
+of this message (in contravention of RFC4254 section 5.4), this
+message is only sent to OpenSSH peers (identified by banner).
+Other SSH implementations may be whitelisted to receive this message
+upon request.
+
+2.2. connection: disallow additional sessions extension
+ "no-more-sessions@openssh.com"
+
+Most SSH connections will only ever request a single session, but a
+attacker may abuse a running ssh client to surreptitiously open
+additional sessions under their control. OpenSSH provides a global
+request "no-more-sessions@openssh.com" to mitigate this attack.
+
+When an OpenSSH client expects that it will never open another session
+(i.e. it has been started with connection multiplexing disabled), it
+will send the following global request:
+
+ byte SSH_MSG_GLOBAL_REQUEST
+ string "no-more-sessions@openssh.com"
+ char want-reply
+
+On receipt of such a message, an OpenSSH server will refuse to open
+future channels of type "session" and instead immediately abort the
+connection.
+
+Note that this is not a general defence against compromised clients
+(that is impossible), but it thwarts a simple attack.
+
+NB. due to certain broken SSH implementations aborting upon receipt
+of this message, the no-more-sessions request is only sent to OpenSSH
+servers (identified by banner). Other SSH implementations may be
+whitelisted to receive this message upon request.
+
+2.3. connection: Tunnel forward extension "tun@openssh.com"
+
+OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
+channel type. This channel type supports forwarding of network packets
+with datagram boundaries intact between endpoints equipped with
+interfaces like the BSD tun(4) device. Tunnel forwarding channels are
+requested by the client with the following packet:
+
+ byte SSH_MSG_CHANNEL_OPEN
+ string "tun@openssh.com"
+ uint32 sender channel
+ uint32 initial window size
+ uint32 maximum packet size
+ uint32 tunnel mode
+ uint32 remote unit number
+
+The "tunnel mode" parameter specifies whether the tunnel should forward
+layer 2 frames or layer 3 packets. It may take one of the following values:
+
+ SSH_TUNMODE_POINTOPOINT 1 /* layer 3 packets */
+ SSH_TUNMODE_ETHERNET 2 /* layer 2 frames */
+
+The "tunnel unit number" specifies the remote interface number, or may
+be 0x7fffffff to allow the server to automatically chose an interface. A
+server that is not willing to open a client-specified unit should refuse
+the request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful
+open, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
+
+Once established the client and server may exchange packet or frames
+over the tunnel channel by encapsulating them in SSH protocol strings
+and sending them as channel data. This ensures that packet boundaries
+are kept intact. Specifically, packets are transmitted using normal
+SSH_MSG_CHANNEL_DATA packets:
+
+ byte SSH_MSG_CHANNEL_DATA
+ uint32 recipient channel
+ string data
+
+The contents of the "data" field for layer 3 packets is:
+
+ uint32 packet length
+ uint32 address family
+ byte[packet length - 4] packet data
+
+The "address family" field identifies the type of packet in the message.
+It may be one of:
+
+ SSH_TUN_AF_INET 2 /* IPv4 */
+ SSH_TUN_AF_INET6 24 /* IPv6 */
+
+The "packet data" field consists of the IPv4/IPv6 datagram itself
+without any link layer header.
+
+The contents of the "data" field for layer 2 packets is:
+
+ uint32 packet length
+ byte[packet length] frame
+
+The "frame" field contains an IEEE 802.3 Ethernet frame, including
+header.
+
+3. SFTP protocol changes
+
+3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK
+
+When OpenSSH's sftp-server was implemented, the order of the arguments
+to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately,
+the reversal was not noticed until the server was widely deployed. Since
+fixing this to follow the specification would cause incompatibility, the
+current order was retained. For correct operation, clients should send
+SSH_FXP_SYMLINK as follows:
+
+ uint32 id
+ string targetpath
+ string linkpath
+
+3.2. sftp: Server extension announcement in SSH_FXP_VERSION
+
+OpenSSH's sftp-server lists the extensions it supports using the
+standard extension announcement mechanism in the SSH_FXP_VERSION server
+hello packet:
+
+ uint32 3 /* protocol version */
+ string ext1-name
+ string ext1-version
+ string ext2-name
+ string ext2-version
+ ...
+ string extN-name
+ string extN-version
+
+Each extension reports its integer version number as an ASCII encoded
+string, e.g. "1". The version will be incremented if the extension is
+ever changed in an incompatible way. The server MAY advertise the same
+extension with multiple versions (though this is unlikely). Clients MUST
+check the version number before attempting to use the extension.
+
+3.3. sftp: Extension request "posix-rename@openssh.com"
+
+This operation provides a rename operation with POSIX semantics, which
+are different to those provided by the standard SSH_FXP_RENAME in
+draft-ietf-secsh-filexfer-02.txt. This request is implemented as a
+SSH_FXP_EXTENDED request with the following format:
+
+ uint32 id
+ string "posix-rename@openssh.com"
+ string oldpath
+ string newpath
+
+On receiving this request the server will perform the POSIX operation
+rename(oldpath, newpath) and will respond with a SSH_FXP_STATUS message.
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+3.4. sftp: Extension requests "statvfs@openssh.com" and
+ "fstatvfs@openssh.com"
+
+These requests correspond to the statvfs and fstatvfs POSIX system
+interfaces. The "statvfs@openssh.com" request operates on an explicit
+pathname, and is formatted as follows:
+
+ uint32 id
+ string "statvfs@openssh.com"
+ string path
+
+The "fstatvfs@openssh.com" operates on an open file handle:
+
+ uint32 id
+ string "fstatvfs@openssh.com"
+ string handle
+
+These requests return a SSH_FXP_STATUS reply on failure. On success they
+return the following SSH_FXP_EXTENDED_REPLY reply:
+
+ uint32 id
+ uint64 f_bsize /* file system block size */
+ uint64 f_frsize /* fundamental fs block size */
+ uint64 f_blocks /* number of blocks (unit f_frsize) */
+ uint64 f_bfree /* free blocks in file system */
+ uint64 f_bavail /* free blocks for non-root */
+ uint64 f_files /* total file inodes */
+ uint64 f_ffree /* free file inodes */
+ uint64 f_favail /* free file inodes for to non-root */
+ uint64 f_fsid /* file system id */
+ uint64 f_flag /* bit mask of f_flag values */
+ uint64 f_namemax /* maximum filename length */
+
+The values of the f_flag bitmask are as follows:
+
+ #define SSH_FXE_STATVFS_ST_RDONLY 0x1 /* read-only */
+ #define SSH_FXE_STATVFS_ST_NOSUID 0x2 /* no setuid */
+
+Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are
+advertised in the SSH_FXP_VERSION hello with version "2".
+
+10. sftp: Extension request "hardlink@openssh.com"
+
+This request is for creating a hard link to a regular file. This
+request is implemented as a SSH_FXP_EXTENDED request with the
+following format:
+
+ uint32 id
+ string "hardlink@openssh.com"
+ string oldpath
+ string newpath
+
+On receiving this request the server will perform the operation
+link(oldpath, newpath) and will respond with a SSH_FXP_STATUS message.
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+$OpenBSD: PROTOCOL,v 1.17 2010/12/04 00:18:01 djm Exp $
diff --git a/openssh-6.0p1/PROTOCOL.agent b/openssh-6.0p1/PROTOCOL.agent
new file mode 100644
index 0000000..de94d03
--- /dev/null
+++ b/openssh-6.0p1/PROTOCOL.agent
@@ -0,0 +1,560 @@
+This describes the protocol used by OpenSSH's ssh-agent.
+
+OpenSSH's agent supports managing keys for the standard SSH protocol
+2 as well as the legacy SSH protocol 1. Support for these key types
+is almost completely disjoint - in all but a few cases, operations on
+protocol 2 keys cannot see or affect protocol 1 keys and vice-versa.
+
+Protocol 1 and protocol 2 keys are separated because of the differing
+cryptographic usage: protocol 1 private RSA keys are used to decrypt
+challenges that were encrypted with the corresponding public key,
+whereas protocol 2 RSA private keys are used to sign challenges with
+a private key for verification with the corresponding public key. It
+is considered unsound practice to use the same key for signing and
+encryption.
+
+With a couple of exceptions, the protocol message names used in this
+document indicate which type of key the message relates to. SSH_*
+messages refer to protocol 1 keys only. SSH2_* messages refer to
+protocol 2 keys. Furthermore, the names also indicate whether the
+message is a request to the agent (*_AGENTC_*) or a reply from the
+agent (*_AGENT_*). Section 3 below contains the mapping of the
+protocol message names to their integer values.
+
+1. Data types
+
+Because of support for legacy SSH protocol 1 keys, OpenSSH's agent
+protocol makes use of some data types not defined in RFC 4251.
+
+1.1 uint16
+
+The "uint16" data type is a simple MSB-first 16 bit unsigned integer
+encoded in two bytes.
+
+1.2 mpint1
+
+The "mpint1" type represents an arbitrary precision integer (bignum).
+Its format is as follows:
+
+ uint16 bits
+ byte[(bits + 7) / 8] bignum
+
+"bignum" contains an unsigned arbitrary precision integer encoded as
+eight bits per byte in big-endian (MSB first) format.
+
+Note the difference between the "mpint1" encoding and the "mpint"
+encoding defined in RFC 4251. Also note that the length of the encoded
+integer is specified in bits, not bytes and that the byte length of
+the integer must be calculated by rounding up the number of bits to the
+nearest eight.
+
+2. Protocol Messages
+
+All protocol messages are prefixed with their length in bytes, encoded
+as a 32 bit unsigned integer. Specifically:
+
+ uint32 message_length
+ byte[message_length] message
+
+The following message descriptions refer only to the content the
+"message" field.
+
+2.1 Generic server responses
+
+The following generic messages may be sent by the server in response to
+requests from the client. On success the agent may reply either with:
+
+ byte SSH_AGENT_SUCCESS
+
+or a request-specific success message.
+
+On failure, the agent may reply with:
+
+ byte SSH_AGENT_FAILURE
+
+SSH_AGENT_FAILURE messages are also sent in reply to unknown request
+types.
+
+2.2 Adding keys to the agent
+
+Keys are added to the agent using the SSH_AGENTC_ADD_RSA_IDENTITY and
+SSH2_AGENTC_ADD_IDENTITY requests for protocol 1 and protocol 2 keys
+respectively.
+
+Two variants of these requests are SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
+and SSH2_AGENTC_ADD_ID_CONSTRAINED - these add keys with optional
+"constraints" on their usage.
+
+OpenSSH may be built with support for keys hosted on a smartcard
+or other hardware security module. These keys may be added
+to the agent using the SSH_AGENTC_ADD_SMARTCARD_KEY and
+SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED requests.
+
+2.2.1 Key constraints
+
+The OpenSSH agent supports some basic optional constraints on key usage.
+At present there are two constraints defined.
+
+The first constraint limits the validity duration of a key. It is
+encoded as:
+
+ byte SSH_AGENT_CONSTRAIN_LIFETIME
+ uint32 seconds
+
+Where "seconds" contains the number of seconds that the key shall remain
+valid measured from the moment that the agent receives it. After the
+validity period has expired, OpenSSH's agent will erase these keys from
+memory.
+
+The second constraint requires the agent to seek explicit user
+confirmation before performing private key operations with the loaded
+key. This constraint is encoded as:
+
+ byte SSH_AGENT_CONSTRAIN_CONFIRM
+
+Zero or more constraints may be specified when adding a key with one
+of the *_CONSTRAINED requests. Multiple constraints are appended
+consecutively to the end of the request:
+
+ byte constraint1_type
+ .... constraint1_data
+ byte constraint2_type
+ .... constraint2_data
+ ....
+ byte constraintN_type
+ .... constraintN_data
+
+Such a sequence of zero or more constraints will be referred to below
+as "constraint[]". Agents may determine whether there are constraints
+by checking whether additional data exists in the "add key" request
+after the key data itself. OpenSSH will refuse to add a key if it
+contains unknown constraints.
+
+2.2.2 Add protocol 1 key
+
+A client may add a protocol 1 key to an agent with the following
+request:
+
+ byte SSH_AGENTC_ADD_RSA_IDENTITY or
+ SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
+ uint32 ignored
+ mpint1 rsa_n
+ mpint1 rsa_e
+ mpint1 rsa_d
+ mpint1 rsa_iqmp
+ mpint1 rsa_q
+ mpint1 rsa_p
+ string key_comment
+ constraint[] key_constraints
+
+Note that there is some redundancy in the key parameters; a key could be
+fully specified using just rsa_q, rsa_p and rsa_e at the cost of extra
+computation.
+
+"key_constraints" may only be present if the request type is
+SSH_AGENTC_ADD_RSA_IDENTITY.
+
+The agent will reply with a SSH_AGENT_SUCCESS if the key has been
+successfully added or a SSH_AGENT_FAILURE if an error occurred.
+
+2.2.3 Add protocol 2 key
+
+The OpenSSH agent supports DSA, ECDSA and RSA keys for protocol 2. DSA
+keys may be added using the following request
+
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-dss"
+ mpint dsa_p
+ mpint dsa_q
+ mpint dsa_g
+ mpint dsa_public_key
+ mpint dsa_private_key
+ string key_comment
+ constraint[] key_constraints
+
+DSA certificates may be added with:
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-dss-cert-v00@openssh.com"
+ string certificate
+ mpint dsa_private_key
+ string key_comment
+ constraint[] key_constraints
+
+ECDSA keys may be added using the following request
+
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ecdsa-sha2-nistp256" |
+ "ecdsa-sha2-nistp384" |
+ "ecdsa-sha2-nistp521"
+ string ecdsa_curve_name
+ string ecdsa_public_key
+ mpint ecdsa_private
+ string key_comment
+ constraint[] key_constraints
+
+ECDSA certificates may be added with:
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ecdsa-sha2-nistp256-cert-v01@openssh.com" |
+ "ecdsa-sha2-nistp384-cert-v01@openssh.com" |
+ "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+ string certificate
+ mpint ecdsa_private_key
+ string key_comment
+ constraint[] key_constraints
+
+RSA keys may be added with this request:
+
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-rsa"
+ mpint rsa_n
+ mpint rsa_e
+ mpint rsa_d
+ mpint rsa_iqmp
+ mpint rsa_p
+ mpint rsa_q
+ string key_comment
+ constraint[] key_constraints
+
+RSA certificates may be added with this request:
+
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-rsa-cert-v00@openssh.com"
+ string certificate
+ mpint rsa_d
+ mpint rsa_iqmp
+ mpint rsa_p
+ mpint rsa_q
+ string key_comment
+ constraint[] key_constraints
+
+Note that the 'rsa_p' and 'rsa_q' parameters are sent in the reverse
+order to the protocol 1 add keys message. As with the corresponding
+protocol 1 "add key" request, the private key is overspecified to avoid
+redundant processing.
+
+For DSA, ECDSA and RSA key add requests, "key_constraints" may only be
+present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED.
+
+The agent will reply with a SSH_AGENT_SUCCESS if the key has been
+successfully added or a SSH_AGENT_FAILURE if an error occurred.
+
+2.2.4 Loading keys from a smartcard
+
+The OpenSSH agent may have optional smartcard support built in to it. If
+so, it supports an operation to load keys from a smartcard. Technically,
+only the public components of the keys are loaded into the agent so
+this operation really arranges for future private key operations to be
+delegated to the smartcard.
+
+ byte SSH_AGENTC_ADD_SMARTCARD_KEY or
+ SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED
+ string reader_id
+ string pin
+ constraint[] key_constraints
+
+"reader_id" is an identifier to a smartcard reader and "pin"
+is a PIN or passphrase used to unlock the private key(s) on the
+device. "key_constraints" may only be present if the request type is
+SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED.
+
+This operation may load all SSH keys that are unlocked using the
+"pin" on the specified reader. The type of key loaded (protocol 1
+or protocol 2) will be specified by the smartcard itself, it is not
+client-specified.
+
+The agent will reply with a SSH_AGENT_SUCCESS if one or more keys have
+been successfully loaded or a SSH_AGENT_FAILURE if an error occurred.
+The agent will also return SSH_AGENT_FAILURE if it does not support
+smartcards.
+
+2.3 Removing multiple keys
+
+A client may request that an agent delete all protocol 1 keys using the
+following request:
+
+ byte SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES
+
+This message requests the deletion of all protocol 2 keys:
+
+ byte SSH2_AGENTC_REMOVE_ALL_IDENTITIES
+
+On success, the agent will delete all keys of the requested type and
+reply with a SSH_AGENT_SUCCESS message. If an error occurred, the agent
+will reply with SSH_AGENT_FAILURE.
+
+Note that, to delete all keys (both protocol 1 and 2), a client
+must send both a SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES and a
+SSH2_AGENTC_REMOVE_ALL_IDENTITIES request.
+
+2.4 Removing specific keys
+
+2.4.1 Removing a protocol 1 key
+
+Removal of a protocol 1 key may be requested with the following message:
+
+ byte SSH_AGENTC_REMOVE_RSA_IDENTITY
+ uint32 key_bits
+ mpint1 rsa_e
+ mpint1 rsa_n
+
+Note that key_bits is strictly redundant, as it may be inferred by the
+length of rsa_n.
+
+The agent will delete any private key matching the specified public key
+and return SSH_AGENT_SUCCESS. If no such key was found, the agent will
+return SSH_AGENT_FAILURE.
+
+2.4.2 Removing a protocol 2 key
+
+Protocol 2 keys may be removed with the following request:
+
+ byte SSH2_AGENTC_REMOVE_IDENTITY
+ string key_blob
+
+Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key
+Algorithms" for any of the supported protocol 2 key types.
+
+The agent will delete any private key matching the specified public key
+and return SSH_AGENT_SUCCESS. If no such key was found, the agent will
+return SSH_AGENT_FAILURE.
+
+2.4.3 Removing keys loaded from a smartcard
+
+A client may request that a server remove one or more smartcard-hosted
+keys using this message:
+
+ byte SSH_AGENTC_REMOVE_SMARTCARD_KEY
+ string reader_id
+ string pin
+
+"reader_id" the an identifier to a smartcard reader and "pin" is a PIN
+or passphrase used to unlock the private key(s) on the device.
+
+When this message is received, and if the agent supports
+smartcard-hosted keys, it will delete all keys that are hosted on the
+specified smartcard that may be accessed with the given "pin".
+
+The agent will reply with a SSH_AGENT_SUCCESS if one or more keys have
+been successfully removed or a SSH_AGENT_FAILURE if an error occurred.
+The agent will also return SSH_AGENT_FAILURE if it does not support
+smartcards.
+
+2.5 Requesting a list of known keys
+
+An agent may be requested to list which keys it holds. Different
+requests exist for protocol 1 and protocol 2 keys.
+
+2.5.1 Requesting a list of protocol 1 keys
+
+To request a list of protocol 1 keys that are held in the agent, a
+client may send the following message:
+
+ byte SSH_AGENTC_REQUEST_RSA_IDENTITIES
+
+The agent will reply with the following message:
+
+ byte SSH_AGENT_RSA_IDENTITIES_ANSWER
+ uint32 num_keys
+
+Followed by zero or more consecutive keys, encoded as:
+
+ uint32 bits
+ mpint1 rsa_e
+ mpint1 rsa_n
+ string key_comment
+
+2.5.2 Requesting a list of protocol 2 keys
+
+A client may send the following message to request a list of
+protocol 2 keys that are stored in the agent:
+
+ byte SSH2_AGENTC_REQUEST_IDENTITIES
+
+The agent will reply with the following message header:
+
+ byte SSH2_AGENT_IDENTITIES_ANSWER
+ uint32 num_keys
+
+Followed by zero or more consecutive keys, encoded as:
+
+ string key_blob
+ string key_comment
+
+Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key
+Algorithms" for any of the supported protocol 2 key types.
+
+2.6 Private key operations
+
+The purpose of the agent is to perform private key operations, such as
+signing and encryption without requiring a passphrase to unlock the
+key and without allowing the private key itself to be exposed. There
+are separate requests for the protocol 1 and protocol 2 private key
+operations.
+
+2.6.1 Protocol 1 private key challenge
+
+The private key operation used in version 1 of the SSH protocol is
+decrypting a challenge that has been encrypted with a public key.
+It may be requested using this message:
+
+ byte SSH_AGENTC_RSA_CHALLENGE
+ uint32 ignored
+ mpint1 rsa_e
+ mpint1 rsa_n
+ mpint1 encrypted_challenge
+ byte[16] session_id
+ uint32 response_type /* must be 1 */
+
+"rsa_e" and "rsa_n" are used to identify which private key to use.
+"encrypted_challenge" is a challenge blob that has (presumably)
+been encrypted with the public key and must be in the range
+1 <= encrypted_challenge < 2^256. "session_id" is the SSH protocol 1
+session ID (computed from the server host key, the server semi-ephemeral
+key and the session cookie).
+
+"ignored" and "response_type" exist for compatibility with legacy
+implementations. "response_type" must be equal to 1; other response
+types are not supported.
+
+On receiving this request, the server decrypts the "encrypted_challenge"
+using the private key matching the supplied (rsa_e, rsa_n) values. For
+the response derivation, the decrypted challenge is represented as an
+unsigned, big-endian integer encoded in a 32 byte buffer (i.e. values
+smaller than 2^248 will have leading 0 bytes).
+
+The response value is then calculated as:
+
+ response = MD5(decrypted_challenge || session_id)
+
+and returned in the following message
+
+ byte SSH_AGENT_RSA_RESPONSE
+ byte[16] response
+
+If the agent cannot find the key specified by the supplied (rsa_e,
+rsa_n) then it will return SSH_AGENT_FAILURE.
+
+2.6.2 Protocol 2 private key signature request
+
+A client may use the following message to request signing of data using
+a protocol 2 key:
+
+ byte SSH2_AGENTC_SIGN_REQUEST
+ string key_blob
+ string data
+ uint32 flags
+
+Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key
+Algorithms" for any of the supported protocol 2 key types. "flags" is
+a bit-mask, but at present only one possible value is defined (see below
+for its meaning):
+
+ SSH_AGENT_OLD_SIGNATURE 1
+
+Upon receiving this request, the agent will look up the private key that
+corresponds to the public key contained in key_blob. It will use this
+private key to sign the "data" and produce a signature blob using the
+key type-specific method described in RFC 4253 section 6.6 "Public Key
+Algorithms".
+
+An exception to this is for "ssh-dss" keys where the "flags" word
+contains the value SSH_AGENT_OLD_SIGNATURE. In this case, a legacy
+signature encoding is used in lieu of the standard one. In this case,
+the DSA signature blob is encoded as:
+
+ byte[40] signature
+
+The signature will be returned in the response message:
+
+ byte SSH2_AGENT_SIGN_RESPONSE
+ string signature_blob
+
+If the agent cannot find the key specified by the supplied key_blob then
+it will return SSH_AGENT_FAILURE.
+
+2.7 Locking or unlocking an agent
+
+The agent supports temporary locking with a passphrase to suspend
+processing of sensitive operations until it has been unlocked with the
+same passphrase. To lock an agent, a client send the following request:
+
+ byte SSH_AGENTC_LOCK
+ string passphrase
+
+Upon receipt of this message and if the agent is not already locked,
+it will suspend processing requests and return a SSH_AGENT_SUCCESS
+reply. If the agent is already locked, it will return SSH_AGENT_FAILURE.
+
+While locked, the agent will refuse all requests except
+SSH_AGENTC_UNLOCK, SSH_AGENTC_REQUEST_RSA_IDENTITIES and
+SSH2_AGENTC_REQUEST_IDENTITIES. The "request identities" requests are
+treated specially by a locked agent: it will always return an empty list
+of keys.
+
+To unlock an agent, a client may request:
+
+ byte SSH_AGENTC_UNLOCK
+ string passphrase
+
+If the passphrase matches and the agent is locked, then it will resume
+processing all requests and return SSH_AGENT_SUCCESS. If the agent
+is not locked or the passphrase does not match then it will return
+SSH_AGENT_FAILURE.
+
+Locking and unlocking affects both protocol 1 and protocol 2 keys.
+
+3. Protocol message numbers
+
+3.1 Requests from client to agent for protocol 1 key operations
+
+ SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
+ SSH_AGENTC_RSA_CHALLENGE 3
+ SSH_AGENTC_ADD_RSA_IDENTITY 7
+ SSH_AGENTC_REMOVE_RSA_IDENTITY 8
+ SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9
+ SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24
+
+3.2 Requests from client to agent for protocol 2 key operations
+
+ SSH2_AGENTC_REQUEST_IDENTITIES 11
+ SSH2_AGENTC_SIGN_REQUEST 13
+ SSH2_AGENTC_ADD_IDENTITY 17
+ SSH2_AGENTC_REMOVE_IDENTITY 18
+ SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
+ SSH2_AGENTC_ADD_ID_CONSTRAINED 25
+
+3.3 Key-type independent requests from client to agent
+
+ SSH_AGENTC_ADD_SMARTCARD_KEY 20
+ SSH_AGENTC_REMOVE_SMARTCARD_KEY 21
+ SSH_AGENTC_LOCK 22
+ SSH_AGENTC_UNLOCK 23
+ SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
+
+3.4 Generic replies from agent to client
+
+ SSH_AGENT_FAILURE 5
+ SSH_AGENT_SUCCESS 6
+
+3.5 Replies from agent to client for protocol 1 key operations
+
+ SSH_AGENT_RSA_IDENTITIES_ANSWER 2
+ SSH_AGENT_RSA_RESPONSE 4
+
+3.6 Replies from agent to client for protocol 2 key operations
+
+ SSH2_AGENT_IDENTITIES_ANSWER 12
+ SSH2_AGENT_SIGN_RESPONSE 14
+
+3.7 Key constraint identifiers
+
+ SSH_AGENT_CONSTRAIN_LIFETIME 1
+ SSH_AGENT_CONSTRAIN_CONFIRM 2
+
+$OpenBSD: PROTOCOL.agent,v 1.6 2010/08/31 11:54:45 djm Exp $
diff --git a/openssh-6.0p1/PROTOCOL.certkeys b/openssh-6.0p1/PROTOCOL.certkeys
new file mode 100644
index 0000000..2f97649
--- /dev/null
+++ b/openssh-6.0p1/PROTOCOL.certkeys
@@ -0,0 +1,256 @@
+This document describes a simple public-key certificate authentication
+system for use by SSH.
+
+Background
+----------
+
+The SSH protocol currently supports a simple public key authentication
+mechanism. Unlike other public key implementations, SSH eschews the use
+of X.509 certificates and uses raw keys. This approach has some benefits
+relating to simplicity of configuration and minimisation of attack
+surface, but it does not support the important use-cases of centrally
+managed, passwordless authentication and centrally certified host keys.
+
+These protocol extensions build on the simple public key authentication
+system already in SSH to allow certificate-based authentication. The
+certificates used are not traditional X.509 certificates, with numerous
+options and complex encoding rules, but something rather more minimal: a
+key, some identity information and usage options that have been signed
+with some other trusted key.
+
+A sshd server may be configured to allow authentication via certified
+keys, by extending the existing ~/.ssh/authorized_keys mechanism to
+allow specification of certification authority keys in addition to
+raw user keys. The ssh client will support automatic verification of
+acceptance of certified host keys, by adding a similar ability to
+specify CA keys in ~/.ssh/known_hosts.
+
+Certified keys are represented using new key types:
+
+ ssh-rsa-cert-v01@openssh.com
+ ssh-dss-cert-v01@openssh.com
+ ecdsa-sha2-nistp256-cert-v01@openssh.com
+ ecdsa-sha2-nistp384-cert-v01@openssh.com
+ ecdsa-sha2-nistp521-cert-v01@openssh.com
+
+These include certification information along with the public key
+that is used to sign challenges. ssh-keygen performs the CA signing
+operation.
+
+Protocol extensions
+-------------------
+
+The SSH wire protocol includes several extensibility mechanisms.
+These modifications shall take advantage of namespaced public key
+algorithm names to add support for certificate authentication without
+breaking the protocol - implementations that do not support the
+extensions will simply ignore them.
+
+Authentication using the new key formats described below proceeds
+using the existing SSH "publickey" authentication method described
+in RFC4252 section 7.
+
+New public key formats
+----------------------
+
+The certificate key types take a similar high-level format (note: data
+types and encoding are as per RFC4251 section 5). The serialised wire
+encoding of these certificates is also used for storing them on disk.
+
+#define SSH_CERT_TYPE_USER 1
+#define SSH_CERT_TYPE_HOST 2
+
+RSA certificate
+
+ string "ssh-rsa-cert-v01@openssh.com"
+ string nonce
+ mpint e
+ mpint n
+ uint64 serial
+ uint32 type
+ string key id
+ string valid principals
+ uint64 valid after
+ uint64 valid before
+ string critical options
+ string extensions
+ string reserved
+ string signature key
+ string signature
+
+DSA certificate
+
+ string "ssh-dss-cert-v01@openssh.com"
+ string nonce
+ mpint p
+ mpint q
+ mpint g
+ mpint y
+ uint64 serial
+ uint32 type
+ string key id
+ string valid principals
+ uint64 valid after
+ uint64 valid before
+ string critical options
+ string extensions
+ string reserved
+ string signature key
+ string signature
+
+ECDSA certificate
+
+ string "ecdsa-sha2-nistp256@openssh.com" |
+ "ecdsa-sha2-nistp384@openssh.com" |
+ "ecdsa-sha2-nistp521@openssh.com"
+ string nonce
+ string curve
+ string public_key
+ uint64 serial
+ uint32 type
+ string key id
+ string valid principals
+ uint64 valid after
+ uint64 valid before
+ string critical options
+ string extensions
+ string reserved
+ string signature key
+ string signature
+
+The nonce field is a CA-provided random bitstring of arbitrary length
+(but typically 16 or 32 bytes) included to make attacks that depend on
+inducing collisions in the signature hash infeasible.
+
+e and n are the RSA exponent and public modulus respectively.
+
+p, q, g, y are the DSA parameters as described in FIPS-186-2.
+
+curve and public key are respectively the ECDSA "[identifier]" and "Q"
+defined in section 3.1 of RFC5656.
+
+serial is an optional certificate serial number set by the CA to
+provide an abbreviated way to refer to certificates from that CA.
+If a CA does not wish to number its certificates it must set this
+field to zero.
+
+type specifies whether this certificate is for identification of a user
+or a host using a SSH_CERT_TYPE_... value.
+
+key id is a free-form text field that is filled in by the CA at the time
+of signing; the intention is that the contents of this field are used to
+identify the identity principal in log messages.
+
+"valid principals" is a string containing zero or more principals as
+strings packed inside it. These principals list the names for which this
+certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and
+usernames for SSH_CERT_TYPE_USER certificates. As a special case, a
+zero-length "valid principals" field means the certificate is valid for
+any principal of the specified type. XXX DNS wildcards?
+
+"valid after" and "valid before" specify a validity period for the
+certificate. Each represents a time in seconds since 1970-01-01
+00:00:00. A certificate is considered valid if:
+
+ valid after <= current time < valid before
+
+criticial options is a set of zero or more key options encoded as
+below. All such options are "critical" in the sense that an implementation
+must refuse to authorise a key that has an unrecognised option.
+
+extensions is a set of zero or more optional extensions. These extensions
+are not critical, and an implementation that encounters one that it does
+not recognise may safely ignore it.
+
+The reserved field is currently unused and is ignored in this version of
+the protocol.
+
+signature key contains the CA key used to sign the certificate.
+The valid key types for CA keys are ssh-rsa, ssh-dss and the ECDSA types
+ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521. "Chained"
+certificates, where the signature key type is a certificate type itself
+are NOT supported. Note that it is possible for a RSA certificate key to
+be signed by a DSS or ECDSA CA key and vice-versa.
+
+signature is computed over all preceding fields from the initial string
+up to, and including the signature key. Signatures are computed and
+encoded according to the rules defined for the CA's public key algorithm
+(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA
+types).
+
+Critical options
+----------------
+
+The critical options section of the certificate specifies zero or more
+options on the certificates validity. The format of this field
+is a sequence of zero or more tuples:
+
+ string name
+ string data
+
+Options must be lexically ordered by "name" if they appear in the
+sequence.
+
+The name field identifies the option and the data field encodes
+option-specific information (see below). All options are
+"critical", if an implementation does not recognise a option
+then the validating party should refuse to accept the certificate.
+
+The supported options and the contents and structure of their
+data fields are:
+
+Name Format Description
+-----------------------------------------------------------------------------
+force-command string Specifies a command that is executed
+ (replacing any the user specified on the
+ ssh command-line) whenever this key is
+ used for authentication.
+
+source-address string Comma-separated list of source addresses
+ from which this certificate is accepted
+ for authentication. Addresses are
+ specified in CIDR format (nn.nn.nn.nn/nn
+ or hhhh::hhhh/nn).
+ If this option is not present then
+ certificates may be presented from any
+ source address.
+
+Extensions
+----------
+
+The extensions section of the certificate specifies zero or more
+non-critical certificate extensions. The encoding and ordering of
+extensions in this field is identical to that of the critical options.
+If an implementation does not recognise an extension, then it should
+ignore it.
+
+The supported extensions and the contents and structure of their data
+fields are:
+
+Name Format Description
+-----------------------------------------------------------------------------
+permit-X11-forwarding empty Flag indicating that X11 forwarding
+ should be permitted. X11 forwarding will
+ be refused if this option is absent.
+
+permit-agent-forwarding empty Flag indicating that agent forwarding
+ should be allowed. Agent forwarding
+ must not be permitted unless this
+ option is present.
+
+permit-port-forwarding empty Flag indicating that port-forwarding
+ should be allowed. If this option is
+ not present then no port forwarding will
+ be allowed.
+
+permit-pty empty Flag indicating that PTY allocation
+ should be permitted. In the absence of
+ this option PTY allocation will be
+ disabled.
+
+permit-user-rc empty Flag indicating that execution of
+ ~/.ssh/rc should be permitted. Execution
+ of this script will not be permitted if
+ this option is not present.
+
+$OpenBSD: PROTOCOL.certkeys,v 1.8 2010/08/31 11:54:45 djm Exp $
diff --git a/openssh-6.0p1/PROTOCOL.mux b/openssh-6.0p1/PROTOCOL.mux
new file mode 100644
index 0000000..49cbe5b
--- /dev/null
+++ b/openssh-6.0p1/PROTOCOL.mux
@@ -0,0 +1,222 @@
+This document describes the multiplexing protocol used by ssh(1)'s
+ControlMaster connection-sharing.
+
+Most messages from the client to the server contain a "request id" field.
+This field is returned in replies as "client request id" to facilitate
+matching of responses to requests.
+
+1. Connection setup
+
+When a multiplexing connection is made to a ssh(1) operating as a
+ControlMaster from a ssh(1) in multiplex slave mode, the first
+action of each is to exchange hello messages:
+
+ uint32 MUX_MSG_HELLO
+ uint32 protocol version
+ string extension name [optional]
+ string extension value [optional]
+ ...
+
+The current version of the mux protocol is 4. A slave should refuse
+to connect to a master that speaks an unsupported protocol version.
+Following the version identifier are zero or more extensions
+represented as a name/value pair. No extensions are currently
+defined.
+
+2. Opening sessions
+
+To open a new multiplexed session, a client may send the following
+request:
+
+ uint32 MUX_C_NEW_SESSION
+ uint32 request id
+ string reserved
+ bool want tty flag
+ bool want X11 forwarding flag
+ bool want agent flag
+ bool subsystem flag
+ uint32 escape char
+ string terminal type
+ string command
+ string environment string 0 [optional]
+ ...
+
+To disable the use of an escape character, "escape char" may be set
+to 0xffffffff. "terminal type" is generally set to the value of
+$TERM. zero or more environment strings may follow the command.
+
+The client then sends its standard input, output and error file
+descriptors (in that order) using Unix domain socket control messages.
+
+The contents of "reserved" are currently ignored.
+
+If successful, the server will reply with MUX_S_SESSION_OPENED
+
+ uint32 MUX_S_SESSION_OPENED
+ uint32 client request id
+ uint32 session id
+
+Otherwise it will reply with an error: MUX_S_PERMISSION_DENIED or
+MUX_S_FAILURE.
+
+Once the server has received the fds, it will respond with MUX_S_OK
+indicating that the session is up. The client now waits for the
+session to end. When it does, the server will send an exit status
+message:
+
+ uint32 MUX_S_EXIT_MESSAGE
+ uint32 session id
+ uint32 exit value
+
+The client should exit with this value to mimic the behaviour of a
+non-multiplexed ssh(1) connection. Two additional cases that the
+client must cope with are it receiving a signal itself and the
+server disconnecting without sending an exit message.
+
+A master may also send a MUX_S_TTY_ALLOC_FAIL before MUX_S_EXIT_MESSAGE
+if remote TTY allocation was unsuccessful. The client may use this to
+return its local tty to "cooked" mode.
+
+ uint32 MUX_S_TTY_ALLOC_FAIL
+ uint32 session id
+
+3. Health checks
+
+The client may request a health check/PID report from a server:
+
+ uint32 MUX_C_ALIVE_CHECK
+ uint32 request id
+
+The server replies with:
+
+ uint32 MUX_S_ALIVE
+ uint32 client request id
+ uint32 server pid
+
+4. Remotely terminating a master
+
+A client may request that a master terminate immediately:
+
+ uint32 MUX_C_TERMINATE
+ uint32 request id
+
+The server will reply with one of MUX_S_OK or MUX_S_PERMISSION_DENIED.
+
+5. Requesting establishment of port forwards
+
+A client may request the master to establish a port forward:
+
+ uint32 MUX_C_OPEN_FWD
+ uint32 request id
+ uint32 forwarding type
+ string listen host
+ string listen port
+ string connect host
+ string connect port
+
+forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC.
+
+A server may reply with a MUX_S_OK, a MUX_S_REMOTE_PORT, a
+MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE.
+
+For dynamically allocated listen port the server replies with
+
+ uint32 MUX_S_REMOTE_PORT
+ uint32 client request id
+ uint32 allocated remote listen port
+
+6. Requesting closure of port forwards
+
+Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
+
+A client may request the master to close a port forward:
+
+ uint32 MUX_C_CLOSE_FWD
+ uint32 request id
+ uint32 forwarding type
+ string listen host
+ string listen port
+ string connect host
+ string connect port
+
+A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
+MUX_S_FAILURE.
+
+7. Requesting stdio forwarding
+
+A client may request the master to establish a stdio forwarding:
+
+ uint32 MUX_C_NEW_STDIO_FWD
+ uint32 request id
+ string reserved
+ string connect host
+ string connect port
+
+The client then sends its standard input and output file descriptors
+(in that order) using Unix domain socket control messages.
+
+The contents of "reserved" are currently ignored.
+
+A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED
+or a MUX_S_FAILURE.
+
+8. Requesting shutdown of mux listener
+
+A client may request the master to stop accepting new multiplexing requests
+and remove its listener socket.
+
+ uint32 MUX_C_STOP_LISTENING
+ uint32 request id
+
+A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
+MUX_S_FAILURE.
+
+9. Status messages
+
+The MUX_S_OK message is empty:
+
+ uint32 MUX_S_OK
+ uint32 client request id
+
+The MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason:
+
+ uint32 MUX_S_PERMISSION_DENIED
+ uint32 client request id
+ string reason
+
+ uint32 MUX_S_FAILURE
+ uint32 client request id
+ string reason
+
+10. Protocol numbers
+
+#define MUX_MSG_HELLO 0x00000001
+#define MUX_C_NEW_SESSION 0x10000002
+#define MUX_C_ALIVE_CHECK 0x10000004
+#define MUX_C_TERMINATE 0x10000005
+#define MUX_C_OPEN_FWD 0x10000006
+#define MUX_C_CLOSE_FWD 0x10000007
+#define MUX_C_NEW_STDIO_FWD 0x10000008
+#define MUX_C_STOP_LISTENING 0x10000009
+#define MUX_S_OK 0x80000001
+#define MUX_S_PERMISSION_DENIED 0x80000002
+#define MUX_S_FAILURE 0x80000003
+#define MUX_S_EXIT_MESSAGE 0x80000004
+#define MUX_S_ALIVE 0x80000005
+#define MUX_S_SESSION_OPENED 0x80000006
+#define MUX_S_REMOTE_PORT 0x80000007
+#define MUX_S_TTY_ALLOC_FAIL 0x80000008
+
+#define MUX_FWD_LOCAL 1
+#define MUX_FWD_REMOTE 2
+#define MUX_FWD_DYNAMIC 3
+
+XXX TODO
+XXX extended status (e.g. report open channels / forwards)
+XXX lock (maybe)
+XXX watch in/out traffic (pre/post crypto)
+XXX inject packet (what about replies)
+XXX server->client error/warning notifications
+XXX send signals via mux
+
+$OpenBSD: PROTOCOL.mux,v 1.8 2011/09/09 00:44:07 djm Exp $
diff --git a/openssh-6.0p1/README b/openssh-6.0p1/README
new file mode 100644
index 0000000..ad2adc4
--- /dev/null
+++ b/openssh-6.0p1/README
@@ -0,0 +1,65 @@
+See http://www.openssh.com/txt/release-6.0 for the release notes.
+
+- A Japanese translation of this document and of the OpenSSH FAQ is
+- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
+- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>
+
+This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
+Unices.
+
+OpenSSH is based on the last free version of Tatu Ylonen's sample
+implementation with all patent-encumbered algorithms removed (to
+external libraries), all known security bugs fixed, new features
+reintroduced and many other clean-ups. OpenSSH has been created by
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
+and Dug Song. It has a homepage at http://www.openssh.com/
+
+This port consists of the re-introduction of autoconf support, PAM
+support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
+functions that are (regrettably) absent from other unices. This port
+has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
+NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare.
+
+This version actively tracks changes in the OpenBSD CVS repository.
+
+The PAM support is now more functional than the popular packages of
+commercial ssh-1.2.x. It checks "account" and "session" modules for
+all logins, not just when using password authentication.
+
+OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].
+
+There is now several mailing lists for this port of OpenSSH. Please
+refer to http://www.openssh.com/list.html for details on how to join.
+
+Please send bug reports and patches to the mailing list
+openssh-unix-dev@mindrot.org. The list is open to posting by
+unsubscribed users.Code contribution are welcomed, but please follow the
+OpenBSD style guidelines[6].
+
+Please refer to the INSTALL document for information on how to install
+OpenSSH on your system. There are a number of differences between this
+port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
+for details and general tips.
+
+Damien Miller <djm@mindrot.org>
+
+Miscellania -
+
+This version of OpenSSH is based upon code retrieved from the OpenBSD
+CVS repository which in turn was based on the last free sample
+implementation released by Tatu Ylonen.
+
+References -
+
+[0] http://www.openssh.com/faq.html
+[1] http://www.lothar.com/tech/crypto/
+[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
+[3] http://www.gzip.org/zlib/
+[4] http://www.openssl.org/
+[5] http://www.openpam.org
+ http://www.kernel.org/pub/linux/libs/pam/
+ (PAM also is standard on Solaris and HP-UX 11)
+[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
+[7] http://www.openssh.com/faq.html
+
+$Id: README,v 1.80 2012/04/20 04:11:04 djm Exp $
diff --git a/openssh-6.0p1/README.dns b/openssh-6.0p1/README.dns
new file mode 100644
index 0000000..9787918
--- /dev/null
+++ b/openssh-6.0p1/README.dns
@@ -0,0 +1,47 @@
+How to verify host keys using OpenSSH and DNS
+---------------------------------------------
+
+OpenSSH contains support for verifying host keys using DNS as described in
+draft-ietf-secsh-dns-05.txt. The document contains very brief instructions
+on how to use this feature. Configuring DNS is out of the scope of this
+document.
+
+
+(1) Server: Generate and publish the DNS RR
+
+To create a DNS resource record (RR) containing a fingerprint of the
+public host key, use the following command:
+
+ ssh-keygen -r hostname -f keyfile -g
+
+where "hostname" is your fully qualified hostname and "keyfile" is the
+file containing the public host key file. If you have multiple keys,
+you should generate one RR for each key.
+
+In the example above, ssh-keygen will print the fingerprint in a
+generic DNS RR format parsable by most modern name server
+implementations. If your nameserver has support for the SSHFP RR
+you can omit the -g flag and ssh-keygen will print a standard SSHFP RR.
+
+To publish the fingerprint using the DNS you must add the generated RR
+to your DNS zone file and sign your zone.
+
+
+(2) Client: Enable ssh to verify host keys using DNS
+
+To enable the ssh client to verify host keys using DNS, you have to
+add the following option to the ssh configuration file
+($HOME/.ssh/config or /etc/ssh/ssh_config):
+
+ VerifyHostKeyDNS yes
+
+Upon connection the client will try to look up the fingerprint RR
+using DNS. If the fingerprint received from the DNS server matches
+the remote host key, the user will be notified.
+
+
+ Jakob Schlyter
+ Wesley Griffin
+
+
+$OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $
diff --git a/openssh-6.0p1/README.platform b/openssh-6.0p1/README.platform
new file mode 100644
index 0000000..d198232
--- /dev/null
+++ b/openssh-6.0p1/README.platform
@@ -0,0 +1,96 @@
+This file contains notes about OpenSSH on specific platforms.
+
+AIX
+---
+As of OpenSSH 3.8p1, sshd will now honour an accounts password expiry
+settings, where previously it did not. Because of this, it's possible for
+sites that have used OpenSSH's sshd exclusively to have accounts which
+have passwords expired longer than the inactive time (ie the "Weeks between
+password EXPIRATION and LOCKOUT" setting in SMIT or the maxexpired
+chuser attribute).
+
+Accounts in this state must have their passwords reset manually by the
+administrator. As a precaution, it is recommended that the administrative
+passwords be reset before upgrading from OpenSSH <3.8.
+
+As of OpenSSH 4.0, configure will attempt to detect if your version
+and maintenance level of AIX has a working getaddrinfo, and will use it
+if found. This will enable IPv6 support. If for some reason configure
+gets it wrong, or if you want to build binaries to work on earlier MLs
+than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS
+to force the previous IPv4-only behaviour.
+
+IPv6 known to work: 5.1ML7 5.2ML2 5.2ML5
+IPv6 known broken: 4.3.3ML11 5.1ML4
+
+If you wish to use dynamic libraries that aren't in the normal system
+locations (eg IBM's OpenSSL and zlib packages) then you will need to
+define the environment variable blibpath before running configure, eg
+
+blibpath=/lib:/usr/lib:/opt/freeware/lib ./configure \
+ --with-ssl-dir=/opt/freeware --with-zlib=/opt/freeware
+
+If sshd is built with the WITH_AIXAUTHENTICATE option (which is enabled
+by default) then sshd checks that users are permitted via the
+loginrestrictions() function, in particular that the user has the
+"rlogin" attribute set. This check is not done for the root account,
+instead the PermitRootLogin setting in sshd_config is used.
+
+
+Cygwin
+------
+To build on Cygwin, OpenSSH requires the following packages:
+gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl,
+openssl-devel, zlib, minres, minires-devel.
+
+
+Darwin and MacOS X
+------------------
+Darwin does not provide a tun(4) driver required for OpenSSH-based
+virtual private networks. The BSD manpage still exists, but the driver
+has been removed in recent releases of Darwin and MacOS X.
+
+Nevertheless, tunnel support is known to work with Darwin 8 and
+MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode
+using a third party driver. More information is available at:
+ http://www-user.rhrk.uni-kl.de/~nissler/tuntap/
+
+
+Linux
+-----
+
+Some Linux distributions (including Red Hat/Fedora/CentOS) include
+headers and library links in the -devel RPMs rather than the main
+binary RPMs. If you get an error about headers, or complaining about a
+missing prerequisite then you may need to install the equivalent
+development packages. On Redhat based distros these may be openssl-devel,
+zlib-devel and pam-devel, on Debian based distros these may be
+libssl-dev, libz-dev and libpam-dev.
+
+
+Solaris
+-------
+If you enable BSM auditing on Solaris, you need to update audit_event(4)
+for praudit(1m) to give sensible output. The following line needs to be
+added to /etc/security/audit_event:
+
+ 32800:AUE_openssh:OpenSSH login:lo
+
+The BSM audit event range available for third party TCB applications is
+32768 - 65535. Event number 32800 has been choosen for AUE_openssh.
+There is no official registry of 3rd party event numbers, so if this
+number is already in use on your system, you may change it at build time
+by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
+
+
+Platforms using PAM
+-------------------
+As of OpenSSH 4.3p1, sshd will no longer check /etc/nologin itself when
+PAM is enabled. To maintain existing behaviour, pam_nologin should be
+added to sshd's session stack which will prevent users from starting shell
+sessions. Alternatively, pam_nologin can be added to either the auth or
+account stacks which will prevent authentication entirely, but will still
+return the output from pam_nologin to the client.
+
+
+$Id: README.platform,v 1.10 2009/08/28 23:14:48 dtucker Exp $
diff --git a/openssh-6.0p1/README.privsep b/openssh-6.0p1/README.privsep
new file mode 100644
index 0000000..f565e72
--- /dev/null
+++ b/openssh-6.0p1/README.privsep
@@ -0,0 +1,63 @@
+Privilege separation, or privsep, is method in OpenSSH by which
+operations that require root privilege are performed by a separate
+privileged monitor process. Its purpose is to prevent privilege
+escalation by containing corruption to an unprivileged process.
+More information is available at:
+ http://www.citi.umich.edu/u/provos/ssh/privsep.html
+
+Privilege separation is now enabled by default; see the
+UsePrivilegeSeparation option in sshd_config(5).
+
+On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
+compression must be disabled in order for privilege separation to
+function.
+
+When privsep is enabled, during the pre-authentication phase sshd will
+chroot(2) to "/var/empty" and change its privileges to the "sshd" user
+and its primary group. sshd is a pseudo-account that should not be
+used by other daemons, and must be locked and should contain a
+"nologin" or invalid shell.
+
+You should do something like the following to prepare the privsep
+preauth environment:
+
+ # mkdir /var/empty
+ # chown root:sys /var/empty
+ # chmod 755 /var/empty
+ # groupadd sshd
+ # useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
+
+/var/empty should not contain any files.
+
+configure supports the following options to change the default
+privsep user and chroot directory:
+
+ --with-privsep-path=xxx Path for privilege separation chroot
+ --with-privsep-user=user Specify non-privileged user for privilege separation
+
+Privsep requires operating system support for file descriptor passing.
+Compression will be disabled on systems without a working mmap MAP_ANON.
+
+PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD,
+HP-UX (including Trusted Mode), Linux, NetBSD and Solaris.
+
+On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
+part of privsep is supported. Post-authentication privsep is disabled
+automatically (so you won't see the additional process mentioned below).
+
+Note that for a normal interactive login with a shell, enabling privsep
+will require 1 additional process per login session.
+
+Given the following process listing (from HP-UX):
+
+ UID PID PPID C STIME TTY TIME COMMAND
+ root 1005 1 0 10:45:17 ? 0:08 /opt/openssh/sbin/sshd -u0
+ root 6917 1005 0 15:19:16 ? 0:00 sshd: stevesk [priv]
+ stevesk 6919 6917 0 15:19:17 ? 0:03 sshd: stevesk@2
+ stevesk 6921 6919 0 15:19:17 pts/2 0:00 -bash
+
+process 1005 is the sshd process listening for new connections.
+process 6917 is the privileged monitor process, 6919 is the user owned
+sshd process and 6921 is the shell process.
+
+$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $
diff --git a/openssh-6.0p1/README.tun b/openssh-6.0p1/README.tun
new file mode 100644
index 0000000..5e1cb07
--- /dev/null
+++ b/openssh-6.0p1/README.tun
@@ -0,0 +1,132 @@
+How to use OpenSSH-based virtual private networks
+-------------------------------------------------
+
+OpenSSH contains support for VPN tunneling using the tun(4) network
+tunnel pseudo-device which is available on most platforms, either for
+layer 2 or 3 traffic.
+
+The following brief instructions on how to use this feature use
+a network configuration specific to the OpenBSD operating system.
+
+(1) Server: Enable support for SSH tunneling
+
+To enable the ssh server to accept tunnel requests from the client, you
+have to add the following option to the ssh server configuration file
+(/etc/ssh/sshd_config):
+
+ PermitTunnel yes
+
+Restart the server or send the hangup signal (SIGHUP) to let the server
+reread it's configuration.
+
+(2) Server: Restrict client access and assign the tunnel
+
+The OpenSSH server simply uses the file /root/.ssh/authorized_keys to
+restrict the client to connect to a specified tunnel and to
+automatically start the related interface configuration command. These
+settings are optional but recommended:
+
+ tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... reyk@openbsd.org
+
+(3) Client: Configure the local network tunnel interface
+
+Use the hostname.if(5) interface-specific configuration file to set up
+the network tunnel configuration with OpenBSD. For example, use the
+following configuration in /etc/hostname.tun0 to set up the layer 3
+tunnel on the client:
+
+ inet 192.168.5.1 255.255.255.252 192.168.5.2
+
+OpenBSD also supports layer 2 tunneling over the tun device by adding
+the link0 flag:
+
+ inet 192.168.1.78 255.255.255.0 192.168.1.255 link0
+
+Layer 2 tunnels can be used in combination with an Ethernet bridge(4)
+interface, like the following example for /etc/bridgename.bridge0:
+
+ add tun0
+ add sis0
+ up
+
+(4) Client: Configure the OpenSSH client
+
+To establish tunnel forwarding for connections to a specified
+remote host by default, use the following ssh client configuration for
+the privileged user (in /root/.ssh/config):
+
+ Host sshgateway
+ Tunnel yes
+ TunnelDevice 0:any
+ PermitLocalCommand yes
+ LocalCommand sh /etc/netstart tun0
+
+A more complicated configuration is possible to establish a tunnel to
+a remote host which is not directly accessible by the client.
+The following example describes a client configuration to connect to
+the remote host over two ssh hops in between. It uses the OpenSSH
+ProxyCommand in combination with the nc(1) program to forward the final
+ssh tunnel destination over multiple ssh sessions.
+
+ Host access.somewhere.net
+ User puffy
+ Host dmzgw
+ User puffy
+ ProxyCommand ssh access.somewhere.net nc dmzgw 22
+ Host sshgateway
+ Tunnel Ethernet
+ TunnelDevice 0:any
+ PermitLocalCommand yes
+ LocalCommand sh /etc/netstart tun0
+ ProxyCommand ssh dmzgw nc sshgateway 22
+
+The following network plan illustrates the previous configuration in
+combination with layer 2 tunneling and Ethernet bridging.
+
++--------+ ( ) +----------------------+
+| Client |------( Internet )-----| access.somewhere.net |
++--------+ ( ) +----------------------+
+ : 192.168.1.78 |
+ :............................. +-------+
+ Forwarded ssh connection : | dmzgw |
+ Layer 2 tunnel : +-------+
+ : |
+ : |
+ : +------------+
+ :......| sshgateway |
+ | +------------+
+--- real connection Bridge -> | +----------+
+... "virtual connection" [ X ]--------| somehost |
+[X] switch +----------+
+ 192.168.1.25
+
+(5) Client: Connect to the server and establish the tunnel
+
+Finally connect to the OpenSSH server to establish the tunnel by using
+the following command:
+
+ ssh sshgateway
+
+It is also possible to tell the client to fork into the background after
+the connection has been successfully established:
+
+ ssh -f sshgateway true
+
+Without the ssh configuration done in step (4), it is also possible
+to use the following command lines:
+
+ ssh -fw 0:1 sshgateway true
+ ifconfig tun0 192.168.5.1 192.168.5.2 netmask 255.255.255.252
+
+Using OpenSSH tunnel forwarding is a simple way to establish secure
+and ad hoc virtual private networks. Possible fields of application
+could be wireless networks or administrative VPN tunnels.
+
+Nevertheless, ssh tunneling requires some packet header overhead and
+runs on top of TCP. It is still suggested to use the IP Security
+Protocol (IPSec) for robust and permanent VPN connections and to
+interconnect corporate networks.
+
+ Reyk Floeter
+
+$OpenBSD: README.tun,v 1.4 2006/03/28 00:12:31 deraadt Exp $
diff --git a/openssh-6.0p1/TODO b/openssh-6.0p1/TODO
new file mode 100644
index 0000000..e8aaa4b
--- /dev/null
+++ b/openssh-6.0p1/TODO
@@ -0,0 +1,86 @@
+Documentation:
+
+- Update the docs
+ - Update README
+ - Update INSTALL
+ - Merge INSTALL & README.privsep
+
+- Install FAQ?
+
+- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
+ would be best to use them.
+
+- Create a Documentation/ directory?
+
+Programming:
+
+- Grep for 'XXX' comments and fix
+
+- Link order is incorrect for some systems using Kerberos 4 and AFS. Result
+ is multiple inclusion of DES symbols. Holger Trapp
+ <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure
+ generated link order from:
+ -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto
+ to:
+ -lresolv -lkrb -lz -lnsl -lutil -lcrypto -lkafs -lkrb -ldes
+ fixing the problem.
+
+- Write a test program that calls stat() to search for EGD/PRNGd socket
+ rather than use the (non-portable) "test -S".
+
+- More platforms for for setproctitle() emulation (testing needed)
+
+- Improve PAM ChallengeResponseAuthentication
+ - Informational messages
+ - Use different PAM service name for kbdint vs regular auth (suggest from
+ Solar Designer)
+ - Ability to select which ChallengeResponseAuthentications may be used
+ and order to try them in e.g. "ChallengeResponseAuthentication skey, pam"
+
+- Complete Tru64 SIA support
+ - It looks like we could merge it into the password auth code to cut down
+ on diff size. Maybe PAM password auth too?
+
+- Finish integrating kernel-level auditing code for IRIX and SOLARIS
+ (Gilbert.r.loomis@saic.com)
+
+- 64-bit builds on HP-UX 11.X (stevesk@pobox.com):
+ - utmp/wtmp get corrupted (something in loginrec?)
+ - can't build with PAM (no 64-bit libpam yet)
+
+Clean up configure/makefiles:
+- Clean up configure.ac - There are a few double #defined variables
+ left to do. HAVE_LOGIN is one of them. Consider NOT looking for
+ information in wtmpx or utmpx or any of that stuff if it's not detected
+ from the start
+
+- Replace the whole u_intXX_t evilness in acconfig.h with something better???
+ - Do it in configure.ac
+
+- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test
+ to allow people to (right/wrongfully) link against Bind directly.
+
+- Consider splitting configure.ac into seperate files which do logically
+ similar tests. E.g move all the type detection stuff into one file,
+ entropy related stuff into another.
+
+Packaging:
+- HP-UX: Provide DEPOT package scripts.
+ (gilbert.r.loomis@saic.com)
+
+PrivSep Issues:
+- mmap() issues.
+ + /dev/zero solution (Solaris)
+ + No/broken MAP_ANON (Irix)
+ + broken /dev/zero parse (Linux)
+- PAM
+ + See above PAM notes
+- AIX
+ + usrinfo() does not set TTY, but only required for legacy systems. Works
+ with PrivSep.
+- OSF
+ + SIA is broken
+- Cygwin
+ + Privsep for Pre-auth only (no fd passing)
+
+$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $
diff --git a/openssh-6.0p1/aclocal.m4 b/openssh-6.0p1/aclocal.m4
new file mode 100644
index 0000000..9bdea5e
--- /dev/null
+++ b/openssh-6.0p1/aclocal.m4
@@ -0,0 +1,94 @@
+dnl $Id: aclocal.m4,v 1.8 2011/05/20 01:45:25 djm Exp $
+dnl
+dnl OpenSSH-specific autoconf macros
+dnl
+
+dnl OSSH_CHECK_CFLAG_COMPILE(check_flag[, define_flag])
+dnl Check that $CC accepts a flag 'check_flag'. If it is supported append
+dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append
+dnl 'check_flag'.
+AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
+ AC_MSG_CHECKING([if $CC supports $1])
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $1"
+ _define_flag="$2"
+ test "x$_define_flag" = "x" && _define_flag="$1"
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
+ [ AC_MSG_RESULT([yes])
+ CFLAGS="$saved_CFLAGS $_define_flag"],
+ [ AC_MSG_RESULT([no])
+ CFLAGS="$saved_CFLAGS" ]
+ )
+}])
+
+
+dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol)
+dnl Does AC_EGREP_HEADER on 'header' for the string 'field'
+dnl If found, set 'symbol' to be defined. Cache the result.
+dnl TODO: This is not foolproof, better to compile and read from there
+AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [
+# look for field '$1' in header '$2'
+ dnl This strips characters illegal to m4 from the header filename
+ ossh_safe=`echo "$2" | sed 'y%./+-%__p_%'`
+ dnl
+ ossh_varname="ossh_cv_$ossh_safe""_has_"$1
+ AC_MSG_CHECKING(for $1 field in $2)
+ AC_CACHE_VAL($ossh_varname, [
+ AC_EGREP_HEADER($1, $2, [ dnl
+ eval "$ossh_varname=yes" dnl
+ ], [ dnl
+ eval "$ossh_varname=no" dnl
+ ]) dnl
+ ])
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ AC_MSG_RESULT($ossh_result)
+ if test "x$ossh_result" = "xyes"; then
+ AC_DEFINE($3, 1, [Define if you have $1 in $2])
+ fi
+ else
+ AC_MSG_RESULT(no)
+ fi
+])
+
+dnl Check for socklen_t: historically on BSD it is an int, and in
+dnl POSIX 1g it is a type of its own, but some platforms use different
+dnl types for the argument to getsockopt, getpeername, etc. So we
+dnl have to test to find something that will work.
+AC_DEFUN([TYPE_SOCKLEN_T],
+[
+ AC_CHECK_TYPE([socklen_t], ,[
+ AC_MSG_CHECKING([for socklen_t equivalent])
+ AC_CACHE_VAL([curl_cv_socklen_t_equiv],
+ [
+ # Systems have either "struct sockaddr *" or
+ # "void *" as the second argument to getpeername
+ curl_cv_socklen_t_equiv=
+ for arg2 in "struct sockaddr" void; do
+ for t in int size_t unsigned long "unsigned long"; do
+ AC_TRY_COMPILE([
+ #include <sys/types.h>
+ #include <sys/socket.h>
+
+ int getpeername (int, $arg2 *, $t *);
+ ],[
+ $t len;
+ getpeername(0,0,&len);
+ ],[
+ curl_cv_socklen_t_equiv="$t"
+ break
+ ])
+ done
+ done
+
+ if test "x$curl_cv_socklen_t_equiv" = x; then
+ AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
+ fi
+ ])
+ AC_MSG_RESULT($curl_cv_socklen_t_equiv)
+ AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
+ [type to use in place of socklen_t if not defined])],
+ [#include <sys/types.h>
+#include <sys/socket.h>])
+])
+
diff --git a/openssh-6.0p1/acss.c b/openssh-6.0p1/acss.c
new file mode 100644
index 0000000..86e2c01
--- /dev/null
+++ b/openssh-6.0p1/acss.c
@@ -0,0 +1,267 @@
+/* $Id: acss.c,v 1.4 2006/07/24 04:51:01 djm Exp $ */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <string.h>
+
+#include <openssl/evp.h>
+
+#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L)
+
+#include "acss.h"
+
+/* decryption sbox */
+static unsigned char sboxdec[] = {
+ 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
+ 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
+ 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
+ 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
+ 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
+ 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
+ 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
+ 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
+ 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
+ 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
+ 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
+ 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
+ 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
+ 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
+ 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
+ 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
+ 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
+ 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
+ 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
+ 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
+ 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
+ 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
+ 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
+ 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
+ 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
+ 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
+ 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
+ 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
+ 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
+ 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
+ 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
+ 0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
+};
+
+/* encryption sbox */
+static unsigned char sboxenc[] = {
+ 0x33, 0x3b, 0x73, 0x15, 0x53, 0x5b, 0x13, 0x75,
+ 0x3d, 0x35, 0x7d, 0x1b, 0x5d, 0x55, 0x1d, 0x7b,
+ 0x67, 0x6f, 0x27, 0x81, 0xc7, 0xcf, 0x87, 0x21,
+ 0x69, 0x61, 0x29, 0x8f, 0xc9, 0xc1, 0x89, 0x2f,
+ 0xe3, 0xeb, 0xa3, 0x05, 0x43, 0x4b, 0x03, 0xa5,
+ 0xed, 0xe5, 0xad, 0x0b, 0x4d, 0x45, 0x0d, 0xab,
+ 0xea, 0xe2, 0xaa, 0x00, 0x4a, 0x42, 0x0a, 0xa0,
+ 0xe8, 0xe0, 0xa8, 0x02, 0x48, 0x40, 0x08, 0xa2,
+ 0x3e, 0x36, 0x7e, 0x14, 0x5e, 0x56, 0x1e, 0x74,
+ 0x3c, 0x34, 0x7c, 0x16, 0x5c, 0x54, 0x1c, 0x76,
+ 0x6a, 0x62, 0x2a, 0x80, 0xca, 0xc2, 0x8a, 0x20,
+ 0x68, 0x60, 0x28, 0x82, 0xc8, 0xc0, 0x88, 0x22,
+ 0xee, 0xe6, 0xae, 0x04, 0x4e, 0x46, 0x0e, 0xa4,
+ 0xec, 0xe4, 0xac, 0x06, 0x4c, 0x44, 0x0c, 0xa6,
+ 0xe7, 0xef, 0xa7, 0x01, 0x47, 0x4f, 0x07, 0xa1,
+ 0xe9, 0xe1, 0xa9, 0x0f, 0x49, 0x41, 0x09, 0xaf,
+ 0x63, 0x6b, 0x23, 0x85, 0xc3, 0xcb, 0x83, 0x25,
+ 0x6d, 0x65, 0x2d, 0x8b, 0xcd, 0xc5, 0x8d, 0x2b,
+ 0x37, 0x3f, 0x77, 0x11, 0x57, 0x5f, 0x17, 0x71,
+ 0x39, 0x31, 0x79, 0x1f, 0x59, 0x51, 0x19, 0x7f,
+ 0xb3, 0xbb, 0xf3, 0x95, 0xd3, 0xdb, 0x93, 0xf5,
+ 0xbd, 0xb5, 0xfd, 0x9b, 0xdd, 0xd5, 0x9d, 0xfb,
+ 0xba, 0xb2, 0xfa, 0x90, 0xda, 0xd2, 0x9a, 0xf0,
+ 0xb8, 0xb0, 0xf8, 0x92, 0xd8, 0xd0, 0x98, 0xf2,
+ 0x6e, 0x66, 0x2e, 0x84, 0xce, 0xc6, 0x8e, 0x24,
+ 0x6c, 0x64, 0x2c, 0x86, 0xcc, 0xc4, 0x8c, 0x26,
+ 0x3a, 0x32, 0x7a, 0x10, 0x5a, 0x52, 0x1a, 0x70,
+ 0x38, 0x30, 0x78, 0x12, 0x58, 0x50, 0x18, 0x72,
+ 0xbe, 0xb6, 0xfe, 0x94, 0xde, 0xd6, 0x9e, 0xf4,
+ 0xbc, 0xb4, 0xfc, 0x96, 0xdc, 0xd4, 0x9c, 0xf6,
+ 0xb7, 0xbf, 0xf7, 0x91, 0xd7, 0xdf, 0x97, 0xf1,
+ 0xb9, 0xb1, 0xf9, 0x9f, 0xd9, 0xd1, 0x99, 0xff
+};
+
+static unsigned char reverse[] = {
+ 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
+ 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
+ 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
+ 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
+ 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
+ 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
+ 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
+ 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
+ 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
+ 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
+ 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
+ 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
+ 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
+ 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
+ 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
+ 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
+ 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
+ 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
+ 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
+ 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
+ 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
+ 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
+ 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
+ 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
+ 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
+ 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
+ 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
+ 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
+ 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
+ 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
+ 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
+ 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
+};
+
+/*
+ * Two linear feedback shift registers are used:
+ *
+ * lfsr17: polynomial of degree 17, primitive modulo 2 (listed in Schneier)
+ * x^15 + x + 1
+ * lfsr25: polynomial of degree 25, not know if primitive modulo 2
+ * x^13 + x^5 + x^4 + x^1 + 1
+ *
+ * Output bits are discarded, instead the feedback bits are added to produce
+ * the cipher stream. Depending on the mode, feedback bytes may be inverted
+ * bit-wise before addition.
+ *
+ * The lfsrs are seeded with bytes from the raw key:
+ *
+ * lfsr17: byte 0[0:7] at bit 9
+ * byte 1[0:7] at bit 0
+ *
+ * lfsr25: byte 2[0:4] at bit 16
+ * byte 2[5:7] at bit 22
+ * byte 3[0:7] at bit 8
+ * byte 4[0:7] at bit 0
+ *
+ * To prevent 0 cycles, 1's are inject at bit 8 in lfrs17 and bit 21 in
+ * lfsr25.
+ *
+ */
+
+int
+acss(ACSS_KEY *key, unsigned long len, const unsigned char *in,
+ unsigned char *out)
+{
+ unsigned long i;
+ unsigned long lfsr17tmp, lfsr25tmp, lfsrsumtmp;
+
+ lfsrsumtmp = lfsr17tmp = lfsr25tmp = 0;
+
+ /* keystream is sum of lfsrs */
+ for (i = 0; i < len; i++) {
+ lfsr17tmp = key->lfsr17 ^ (key->lfsr17 >> 14);
+ key->lfsr17 = (key->lfsr17 >> 8)
+ ^ (lfsr17tmp << 9)
+ ^ (lfsr17tmp << 12)
+ ^ (lfsr17tmp << 15);
+ key->lfsr17 &= 0x1ffff; /* 17 bit LFSR */
+
+ lfsr25tmp = key->lfsr25
+ ^ (key->lfsr25 >> 3)
+ ^ (key->lfsr25 >> 4)
+ ^ (key->lfsr25 >> 12);
+ key->lfsr25 = (key->lfsr25 >> 8) ^ (lfsr25tmp << 17);
+ key->lfsr25 &= 0x1ffffff; /* 25 bit LFSR */
+
+ lfsrsumtmp = key->lfsrsum;
+
+ /* addition */
+ switch (key->mode) {
+ case ACSS_AUTHENTICATE:
+ case ACSS_DATA:
+ key->lfsrsum = 0xff & ~(key->lfsr17 >> 9);
+ key->lfsrsum += key->lfsr25 >> 17;
+ break;
+ case ACSS_SESSIONKEY:
+ key->lfsrsum = key->lfsr17 >> 9;
+ key->lfsrsum += key->lfsr25 >> 17;
+ break;
+ case ACSS_TITLEKEY:
+ key->lfsrsum = key->lfsr17 >> 9;
+ key->lfsrsum += 0xff & ~(key->lfsr25 >> 17);
+ break;
+ default:
+ return 1;
+ }
+ key->lfsrsum += (lfsrsumtmp >> 8);
+
+ if (key->encrypt) {
+ out[i] = sboxenc[(in[i] ^ key->lfsrsum) & 0xff];
+ } else {
+ out[i] = (sboxdec[in[i]] ^ key->lfsrsum) & 0xff;
+ }
+ }
+
+ return 0;
+}
+
+static void
+acss_seed(ACSS_KEY *key)
+{
+ int i;
+
+ /* if available, mangle with subkey */
+ if (key->subkey_avilable) {
+ for (i = 0; i < ACSS_KEYSIZE; i++)
+ key->seed[i] = reverse[key->data[i] ^ key->subkey[i]];
+ } else {
+ for (i = 0; i < ACSS_KEYSIZE; i++)
+ key->seed[i] = reverse[key->data[i]];
+ }
+
+ /* seed lfsrs */
+ key->lfsr17 = key->seed[1]
+ | (key->seed[0] << 9)
+ | (1 << 8); /* inject 1 at bit 9 */
+ key->lfsr25 = key->seed[4]
+ | (key->seed[3] << 8)
+ | ((key->seed[2] & 0x1f) << 16)
+ | ((key->seed[2] & 0xe0) << 17)
+ | (1 << 21); /* inject 1 at bit 22 */
+
+ key->lfsrsum = 0;
+}
+
+void
+acss_setkey(ACSS_KEY *key, const unsigned char *data, int enc, int mode)
+{
+ memcpy(key->data, data, sizeof(key->data));
+ memset(key->subkey, 0, sizeof(key->subkey));
+
+ if (enc != -1)
+ key->encrypt = enc;
+ key->mode = mode;
+ key->subkey_avilable = 0;
+
+ acss_seed(key);
+}
+
+void
+acss_setsubkey(ACSS_KEY *key, const unsigned char *subkey)
+{
+ memcpy(key->subkey, subkey, sizeof(key->subkey));
+ key->subkey_avilable = 1;
+ acss_seed(key);
+}
+#endif
diff --git a/openssh-6.0p1/acss.h b/openssh-6.0p1/acss.h
new file mode 100644
index 0000000..91b4895
--- /dev/null
+++ b/openssh-6.0p1/acss.h
@@ -0,0 +1,47 @@
+/* $Id: acss.h,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _ACSS_H_
+#define _ACSS_H_
+
+/* 40bit key */
+#define ACSS_KEYSIZE 5
+
+/* modes of acss */
+#define ACSS_AUTHENTICATE 0
+#define ACSS_SESSIONKEY 1
+#define ACSS_TITLEKEY 2
+#define ACSS_DATA 3
+
+typedef struct acss_key_st {
+ unsigned int lfsr17; /* current state of lfsrs */
+ unsigned int lfsr25;
+ unsigned int lfsrsum;
+ unsigned char seed[ACSS_KEYSIZE];
+ unsigned char data[ACSS_KEYSIZE];
+ unsigned char subkey[ACSS_KEYSIZE];
+ int encrypt; /* XXX make these bit flags? */
+ int mode;
+ int seeded;
+ int subkey_avilable;
+} ACSS_KEY;
+
+void acss_setkey(ACSS_KEY *, const unsigned char *, int, int);
+void acss_setsubkey(ACSS_KEY *, const unsigned char *);
+int acss(ACSS_KEY *, unsigned long, const unsigned char *, unsigned char *);
+
+#endif /* ifndef _ACSS_H_ */
diff --git a/openssh-6.0p1/addrmatch.c b/openssh-6.0p1/addrmatch.c
new file mode 100644
index 0000000..5b6773c
--- /dev/null
+++ b/openssh-6.0p1/addrmatch.c
@@ -0,0 +1,500 @@
+/* $OpenBSD: addrmatch.c,v 1.5 2010/02/26 20:29:54 djm Exp $ */
+
+/*
+ * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "match.h"
+#include "log.h"
+#include "xmalloc.h"
+
+struct xaddr {
+ sa_family_t af;
+ union {
+ struct in_addr v4;
+ struct in6_addr v6;
+ u_int8_t addr8[16];
+ u_int32_t addr32[4];
+ } xa; /* 128-bit address */
+ u_int32_t scope_id; /* iface scope id for v6 */
+#define v4 xa.v4
+#define v6 xa.v6
+#define addr8 xa.addr8
+#define addr32 xa.addr32
+};
+
+static int
+addr_unicast_masklen(int af)
+{
+ switch (af) {
+ case AF_INET:
+ return 32;
+ case AF_INET6:
+ return 128;
+ default:
+ return -1;
+ }
+}
+
+static inline int
+masklen_valid(int af, u_int masklen)
+{
+ switch (af) {
+ case AF_INET:
+ return masklen <= 32 ? 0 : -1;
+ case AF_INET6:
+ return masklen <= 128 ? 0 : -1;
+ default:
+ return -1;
+ }
+}
+
+/*
+ * Convert struct sockaddr to struct xaddr
+ * Returns 0 on success, -1 on failure.
+ */
+static int
+addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
+{
+ struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
+ struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
+
+ memset(xa, '\0', sizeof(*xa));
+
+ switch (sa->sa_family) {
+ case AF_INET:
+ if (slen < sizeof(*in4))
+ return -1;
+ xa->af = AF_INET;
+ memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
+ break;
+ case AF_INET6:
+ if (slen < sizeof(*in6))
+ return -1;
+ xa->af = AF_INET6;
+ memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
+#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
+ xa->scope_id = in6->sin6_scope_id;
+#endif
+ break;
+ default:
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Calculate a netmask of length 'l' for address family 'af' and
+ * store it in 'n'.
+ * Returns 0 on success, -1 on failure.
+ */
+static int
+addr_netmask(int af, u_int l, struct xaddr *n)
+{
+ int i;
+
+ if (masklen_valid(af, l) != 0 || n == NULL)
+ return -1;
+
+ memset(n, '\0', sizeof(*n));
+ switch (af) {
+ case AF_INET:
+ n->af = AF_INET;
+ if (l == 0)
+ return 0;
+ n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
+ return 0;
+ case AF_INET6:
+ n->af = AF_INET6;
+ for (i = 0; i < 4 && l >= 32; i++, l -= 32)
+ n->addr32[i] = 0xffffffffU;
+ if (i < 4 && l != 0)
+ n->addr32[i] = htonl((0xffffffff << (32 - l)) &
+ 0xffffffff);
+ return 0;
+ default:
+ return -1;
+ }
+}
+
+/*
+ * Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
+ * Returns 0 on success, -1 on failure.
+ */
+static int
+addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
+{
+ int i;
+
+ if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
+ return -1;
+
+ memcpy(dst, a, sizeof(*dst));
+ switch (a->af) {
+ case AF_INET:
+ dst->v4.s_addr &= b->v4.s_addr;
+ return 0;
+ case AF_INET6:
+ dst->scope_id = a->scope_id;
+ for (i = 0; i < 4; i++)
+ dst->addr32[i] &= b->addr32[i];
+ return 0;
+ default:
+ return -1;
+ }
+}
+
+/*
+ * Compare addresses 'a' and 'b'
+ * Return 0 if addresses are identical, -1 if (a < b) or 1 if (a > b)
+ */
+static int
+addr_cmp(const struct xaddr *a, const struct xaddr *b)
+{
+ int i;
+
+ if (a->af != b->af)
+ return a->af == AF_INET6 ? 1 : -1;
+
+ switch (a->af) {
+ case AF_INET:
+ if (a->v4.s_addr == b->v4.s_addr)
+ return 0;
+ return ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1;
+ case AF_INET6:
+ for (i = 0; i < 16; i++)
+ if (a->addr8[i] - b->addr8[i] != 0)
+ return a->addr8[i] > b->addr8[i] ? 1 : -1;
+ if (a->scope_id == b->scope_id)
+ return 0;
+ return a->scope_id > b->scope_id ? 1 : -1;
+ default:
+ return -1;
+ }
+}
+
+/*
+ * Parse string address 'p' into 'n'
+ * Returns 0 on success, -1 on failure.
+ */
+static int
+addr_pton(const char *p, struct xaddr *n)
+{
+ struct addrinfo hints, *ai;
+
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_flags = AI_NUMERICHOST;
+
+ if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
+ return -1;
+
+ if (ai == NULL || ai->ai_addr == NULL)
+ return -1;
+
+ if (n != NULL &&
+ addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1) {
+ freeaddrinfo(ai);
+ return -1;
+ }
+
+ freeaddrinfo(ai);
+ return 0;
+}
+
+/*
+ * Perform bitwise negation of address
+ * Returns 0 on success, -1 on failure.
+ */
+static int
+addr_invert(struct xaddr *n)
+{
+ int i;
+
+ if (n == NULL)
+ return (-1);
+
+ switch (n->af) {
+ case AF_INET:
+ n->v4.s_addr = ~n->v4.s_addr;
+ return (0);
+ case AF_INET6:
+ for (i = 0; i < 4; i++)
+ n->addr32[i] = ~n->addr32[i];
+ return (0);
+ default:
+ return (-1);
+ }
+}
+
+/*
+ * Calculate a netmask of length 'l' for address family 'af' and
+ * store it in 'n'.
+ * Returns 0 on success, -1 on failure.
+ */
+static int
+addr_hostmask(int af, u_int l, struct xaddr *n)
+{
+ if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1)
+ return (-1);
+ return (0);
+}
+
+/*
+ * Test whether address 'a' is all zeros (i.e. 0.0.0.0 or ::)
+ * Returns 0 on if address is all-zeros, -1 if not all zeros or on failure.
+ */
+static int
+addr_is_all0s(const struct xaddr *a)
+{
+ int i;
+
+ switch (a->af) {
+ case AF_INET:
+ return (a->v4.s_addr == 0 ? 0 : -1);
+ case AF_INET6:;
+ for (i = 0; i < 4; i++)
+ if (a->addr32[i] != 0)
+ return (-1);
+ return (0);
+ default:
+ return (-1);
+ }
+}
+
+/*
+ * Test whether host portion of address 'a', as determined by 'masklen'
+ * is all zeros.
+ * Returns 0 on if host portion of address is all-zeros,
+ * -1 if not all zeros or on failure.
+ */
+static int
+addr_host_is_all0s(const struct xaddr *a, u_int masklen)
+{
+ struct xaddr tmp_addr, tmp_mask, tmp_result;
+
+ memcpy(&tmp_addr, a, sizeof(tmp_addr));
+ if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
+ return (-1);
+ if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1)
+ return (-1);
+ return (addr_is_all0s(&tmp_result));
+}
+
+/*
+ * Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z).
+ * Return -1 on parse error, -2 on inconsistency or 0 on success.
+ */
+static int
+addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
+{
+ struct xaddr tmp;
+ long unsigned int masklen = 999;
+ char addrbuf[64], *mp, *cp;
+
+ /* Don't modify argument */
+ if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) > sizeof(addrbuf))
+ return -1;
+
+ if ((mp = strchr(addrbuf, '/')) != NULL) {
+ *mp = '\0';
+ mp++;
+ masklen = strtoul(mp, &cp, 10);
+ if (*mp == '\0' || *cp != '\0' || masklen > 128)
+ return -1;
+ }
+
+ if (addr_pton(addrbuf, &tmp) == -1)
+ return -1;
+
+ if (mp == NULL)
+ masklen = addr_unicast_masklen(tmp.af);
+ if (masklen_valid(tmp.af, masklen) == -1)
+ return -2;
+ if (addr_host_is_all0s(&tmp, masklen) != 0)
+ return -2;
+
+ if (n != NULL)
+ memcpy(n, &tmp, sizeof(*n));
+ if (l != NULL)
+ *l = masklen;
+
+ return 0;
+}
+
+static int
+addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen)
+{
+ struct xaddr tmp_mask, tmp_result;
+
+ if (host->af != net->af)
+ return -1;
+
+ if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
+ return -1;
+ if (addr_and(&tmp_result, host, &tmp_mask) == -1)
+ return -1;
+ return addr_cmp(&tmp_result, net);
+}
+
+/*
+ * Match "addr" against list pattern list "_list", which may contain a
+ * mix of CIDR addresses and old-school wildcards.
+ *
+ * If addr is NULL, then no matching is performed, but _list is parsed
+ * and checked for well-formedness.
+ *
+ * Returns 1 on match found (never returned when addr == NULL).
+ * Returns 0 on if no match found, or no errors found when addr == NULL.
+ * Returns -1 on negated match found (never returned when addr == NULL).
+ * Returns -2 on invalid list entry.
+ */
+int
+addr_match_list(const char *addr, const char *_list)
+{
+ char *list, *cp, *o;
+ struct xaddr try_addr, match_addr;
+ u_int masklen, neg;
+ int ret = 0, r;
+
+ if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
+ debug2("%s: couldn't parse address %.100s", __func__, addr);
+ return 0;
+ }
+ if ((o = list = strdup(_list)) == NULL)
+ return -1;
+ while ((cp = strsep(&list, ",")) != NULL) {
+ neg = *cp == '!';
+ if (neg)
+ cp++;
+ if (*cp == '\0') {
+ ret = -2;
+ break;
+ }
+ /* Prefer CIDR address matching */
+ r = addr_pton_cidr(cp, &match_addr, &masklen);
+ if (r == -2) {
+ error("Inconsistent mask length for "
+ "network \"%.100s\"", cp);
+ ret = -2;
+ break;
+ } else if (r == 0) {
+ if (addr != NULL && addr_netmatch(&try_addr,
+ &match_addr, masklen) == 0) {
+ foundit:
+ if (neg) {
+ ret = -1;
+ break;
+ }
+ ret = 1;
+ }
+ continue;
+ } else {
+ /* If CIDR parse failed, try wildcard string match */
+ if (addr != NULL && match_pattern(addr, cp) == 1)
+ goto foundit;
+ }
+ }
+ xfree(o);
+
+ return ret;
+}
+
+/*
+ * Match "addr" against list CIDR list "_list". Lexical wildcards and
+ * negation are not supported. If "addr" == NULL, will verify structure
+ * of "_list".
+ *
+ * Returns 1 on match found (never returned when addr == NULL).
+ * Returns 0 on if no match found, or no errors found when addr == NULL.
+ * Returns -1 on error
+ */
+int
+addr_match_cidr_list(const char *addr, const char *_list)
+{
+ char *list, *cp, *o;
+ struct xaddr try_addr, match_addr;
+ u_int masklen;
+ int ret = 0, r;
+
+ if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
+ debug2("%s: couldn't parse address %.100s", __func__, addr);
+ return 0;
+ }
+ if ((o = list = strdup(_list)) == NULL)
+ return -1;
+ while ((cp = strsep(&list, ",")) != NULL) {
+ if (*cp == '\0') {
+ error("%s: empty entry in list \"%.100s\"",
+ __func__, o);
+ ret = -1;
+ break;
+ }
+
+ /*
+ * NB. This function is called in pre-auth with untrusted data,
+ * so be extra paranoid about junk reaching getaddrino (via
+ * addr_pton_cidr).
+ */
+
+ /* Stop junk from reaching getaddrinfo. +3 is for masklen */
+ if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
+ error("%s: list entry \"%.100s\" too long",
+ __func__, cp);
+ ret = -1;
+ break;
+ }
+#define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/"
+ if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
+ error("%s: list entry \"%.100s\" contains invalid "
+ "characters", __func__, cp);
+ ret = -1;
+ }
+
+ /* Prefer CIDR address matching */
+ r = addr_pton_cidr(cp, &match_addr, &masklen);
+ if (r == -1) {
+ error("Invalid network entry \"%.100s\"", cp);
+ ret = -1;
+ break;
+ } else if (r == -2) {
+ error("Inconsistent mask length for "
+ "network \"%.100s\"", cp);
+ ret = -1;
+ break;
+ } else if (r == 0 && addr != NULL) {
+ if (addr_netmatch(&try_addr, &match_addr,
+ masklen) == 0)
+ ret = 1;
+ continue;
+ }
+ }
+ xfree(o);
+
+ return ret;
+}
diff --git a/openssh-6.0p1/atomicio.c b/openssh-6.0p1/atomicio.c
new file mode 100644
index 0000000..601b3c3
--- /dev/null
+++ b/openssh-6.0p1/atomicio.c
@@ -0,0 +1,165 @@
+/* $OpenBSD: atomicio.c,v 1.26 2010/09/22 22:58:51 djm Exp $ */
+/*
+ * Copyright (c) 2006 Damien Miller. All rights reserved.
+ * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
+ * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/param.h>
+#include <sys/uio.h>
+
+#include <errno.h>
+#ifdef HAVE_POLL_H
+#include <poll.h>
+#else
+# ifdef HAVE_SYS_POLL_H
+# include <sys/poll.h>
+# endif
+#endif
+#include <string.h>
+#include <unistd.h>
+
+#include "atomicio.h"
+
+/*
+ * ensure all of data on socket comes through. f==read || f==vwrite
+ */
+size_t
+atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
+ int (*cb)(void *, size_t), void *cb_arg)
+{
+ char *s = _s;
+ size_t pos = 0;
+ ssize_t res;
+ struct pollfd pfd;
+
+ pfd.fd = fd;
+ pfd.events = f == read ? POLLIN : POLLOUT;
+ while (n > pos) {
+ res = (f) (fd, s + pos, n - pos);
+ switch (res) {
+ case -1:
+ if (errno == EINTR)
+ continue;
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ (void)poll(&pfd, 1, -1);
+ continue;
+ }
+ return 0;
+ case 0:
+ errno = EPIPE;
+ return pos;
+ default:
+ pos += (size_t)res;
+ if (cb != NULL && cb(cb_arg, (size_t)res) == -1) {
+ errno = EINTR;
+ return pos;
+ }
+ }
+ }
+ return pos;
+}
+
+size_t
+atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n)
+{
+ return atomicio6(f, fd, _s, n, NULL, NULL);
+}
+
+/*
+ * ensure all of data on socket comes through. f==readv || f==writev
+ */
+size_t
+atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
+ const struct iovec *_iov, int iovcnt,
+ int (*cb)(void *, size_t), void *cb_arg)
+{
+ size_t pos = 0, rem;
+ ssize_t res;
+ struct iovec iov_array[IOV_MAX], *iov = iov_array;
+ struct pollfd pfd;
+
+ if (iovcnt > IOV_MAX) {
+ errno = EINVAL;
+ return 0;
+ }
+ /* Make a copy of the iov array because we may modify it below */
+ memcpy(iov, _iov, iovcnt * sizeof(*_iov));
+
+#ifndef BROKEN_READV_COMPARISON
+ pfd.fd = fd;
+ pfd.events = f == readv ? POLLIN : POLLOUT;
+#endif
+ for (; iovcnt > 0 && iov[0].iov_len > 0;) {
+ res = (f) (fd, iov, iovcnt);
+ switch (res) {
+ case -1:
+ if (errno == EINTR)
+ continue;
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+#ifndef BROKEN_READV_COMPARISON
+ (void)poll(&pfd, 1, -1);
+#endif
+ continue;
+ }
+ return 0;
+ case 0:
+ errno = EPIPE;
+ return pos;
+ default:
+ rem = (size_t)res;
+ pos += rem;
+ /* skip completed iov entries */
+ while (iovcnt > 0 && rem >= iov[0].iov_len) {
+ rem -= iov[0].iov_len;
+ iov++;
+ iovcnt--;
+ }
+ /* This shouldn't happen... */
+ if (rem > 0 && (iovcnt <= 0 || rem > iov[0].iov_len)) {
+ errno = EFAULT;
+ return 0;
+ }
+ if (iovcnt == 0)
+ break;
+ /* update pointer in partially complete iov */
+ iov[0].iov_base = ((char *)iov[0].iov_base) + rem;
+ iov[0].iov_len -= rem;
+ }
+ if (cb != NULL && cb(cb_arg, (size_t)res) == -1) {
+ errno = EINTR;
+ return pos;
+ }
+ }
+ return pos;
+}
+
+size_t
+atomiciov(ssize_t (*f) (int, const struct iovec *, int), int fd,
+ const struct iovec *_iov, int iovcnt)
+{
+ return atomiciov6(f, fd, _iov, iovcnt, NULL, NULL);
+}
diff --git a/openssh-6.0p1/atomicio.h b/openssh-6.0p1/atomicio.h
new file mode 100644
index 0000000..0d728ac
--- /dev/null
+++ b/openssh-6.0p1/atomicio.h
@@ -0,0 +1,51 @@
+/* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */
+
+/*
+ * Copyright (c) 2006 Damien Miller. All rights reserved.
+ * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _ATOMICIO_H
+#define _ATOMICIO_H
+
+/*
+ * Ensure all of data on socket comes through. f==read || f==vwrite
+ */
+size_t
+atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
+ int (*cb)(void *, size_t), void *);
+size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
+
+#define vwrite (ssize_t (*)(int, void *, size_t))write
+
+/*
+ * ensure all of data on socket comes through. f==readv || f==writev
+ */
+size_t
+atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
+ const struct iovec *_iov, int iovcnt, int (*cb)(void *, size_t), void *);
+size_t atomiciov(ssize_t (*)(int, const struct iovec *, int),
+ int, const struct iovec *, int);
+
+#endif /* _ATOMICIO_H */
diff --git a/openssh-6.0p1/audit-bsm.c b/openssh-6.0p1/audit-bsm.c
new file mode 100644
index 0000000..6135591
--- /dev/null
+++ b/openssh-6.0p1/audit-bsm.c
@@ -0,0 +1,457 @@
+/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */
+
+/*
+ * TODO
+ *
+ * - deal with overlap between this and sys_auth_allowed_user
+ * sys_auth_record_login and record_failed_login.
+ */
+
+/*
+ * Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */
+
+#include "includes.h"
+#if defined(USE_BSM_AUDIT)
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <netdb.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
+
+#ifdef BROKEN_BSM_API
+#include <libscf.h>
+#endif
+
+#include "ssh.h"
+#include "log.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "xmalloc.h"
+
+#ifndef AUE_openssh
+# define AUE_openssh 32800
+#endif
+#include <bsm/audit.h>
+#include <bsm/libbsm.h>
+#include <bsm/audit_uevents.h>
+#include <bsm/audit_record.h>
+#include <locale.h>
+
+#if defined(HAVE_GETAUDIT_ADDR)
+#define AuditInfoStruct auditinfo_addr
+#define AuditInfoTermID au_tid_addr_t
+#define SetAuditFunc(a,b) setaudit_addr((a),(b))
+#define SetAuditFuncText "setaudit_addr"
+#define AUToSubjectFunc au_to_subject_ex
+#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
+#else
+#define AuditInfoStruct auditinfo
+#define AuditInfoTermID au_tid_t
+#define SetAuditFunc(a,b) setaudit(a)
+#define SetAuditFuncText "setaudit"
+#define AUToSubjectFunc au_to_subject
+#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
+#endif
+
+#ifndef cannot_audit
+extern int cannot_audit(int);
+#endif
+extern void aug_init(void);
+extern void aug_save_auid(au_id_t);
+extern void aug_save_uid(uid_t);
+extern void aug_save_euid(uid_t);
+extern void aug_save_gid(gid_t);
+extern void aug_save_egid(gid_t);
+extern void aug_save_pid(pid_t);
+extern void aug_save_asid(au_asid_t);
+extern void aug_save_tid(dev_t, unsigned int);
+extern void aug_save_tid_ex(dev_t, u_int32_t *, u_int32_t);
+extern int aug_save_me(void);
+extern int aug_save_namask(void);
+extern void aug_save_event(au_event_t);
+extern void aug_save_sorf(int);
+extern void aug_save_text(char *);
+extern void aug_save_text1(char *);
+extern void aug_save_text2(char *);
+extern void aug_save_na(int);
+extern void aug_save_user(char *);
+extern void aug_save_path(char *);
+extern int aug_save_policy(void);
+extern void aug_save_afunc(int (*)(int));
+extern int aug_audit(void);
+extern int aug_na_selected(void);
+extern int aug_selected(void);
+extern int aug_daemon_session(void);
+
+#ifndef HAVE_GETTEXT
+# define gettext(a) (a)
+#endif
+
+extern Authctxt *the_authctxt;
+static AuditInfoTermID ssh_bsm_tid;
+
+#ifdef BROKEN_BSM_API
+/* For some reason this constant is no longer defined
+ in Solaris 11. */
+#define BSM_TEXTBUFSZ 256
+#endif
+
+/* Below is the low-level BSM interface code */
+
+/*
+ * aug_get_machine is only required on IPv6 capable machines, we use a
+ * different mechanism in audit_connection_from() for IPv4-only machines.
+ * getaudit_addr() is only present on IPv6 capable machines.
+ */
+#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
+extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
+#else
+static int
+aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
+{
+ struct addrinfo *ai;
+ struct sockaddr_in *in4;
+ struct sockaddr_in6 *in6;
+ int ret = 0, r;
+
+ if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
+ error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
+ r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
+ return -1;
+ }
+
+ switch (ai->ai_family) {
+ case AF_INET:
+ in4 = (struct sockaddr_in *)ai->ai_addr;
+ *type = AU_IPv4;
+ memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
+ break;
+#ifdef AU_IPv6
+ case AF_INET6:
+ in6 = (struct sockaddr_in6 *)ai->ai_addr;
+ *type = AU_IPv6;
+ memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
+ break;
+#endif
+ default:
+ error("BSM audit: unknown address family for %.100s: %d",
+ host, ai->ai_family);
+ ret = -1;
+ }
+ freeaddrinfo(ai);
+ return ret;
+}
+#endif
+
+#ifdef BROKEN_BSM_API
+/*
+ In Solaris 11 the audit daemon has been moved to SMF. In the process
+ they simply dropped getacna() from the API, since it read from a now
+ non-existent config file. This function re-implements getacna() to
+ read from the SMF repository instead.
+ */
+int
+getacna(char *auditstring, int len)
+{
+ scf_handle_t *handle = NULL;
+ scf_property_t *property = NULL;
+ scf_value_t *value = NULL;
+ int ret = 0;
+
+ handle = scf_handle_create(SCF_VERSION);
+ if (handle == NULL)
+ return -2; /* The man page for getacna on Solaris 10 states
+ we should return -2 in case of error and set
+ errno to indicate the error. We don't bother
+ with errno here, though, since the only use
+ of this function below doesn't check for errors
+ anyway.
+ */
+
+ ret = scf_handle_bind(handle);
+ if (ret == -1)
+ return -2;
+
+ property = scf_property_create(handle);
+ if (property == NULL)
+ return -2;
+
+ ret = scf_handle_decode_fmri(handle,
+ "svc:/system/auditd:default/:properties/preselection/naflags",
+ NULL, NULL, NULL, NULL, property, 0);
+ if (ret == -1)
+ return -2;
+
+ value = scf_value_create(handle);
+ if (value == NULL)
+ return -2;
+
+ ret = scf_property_get_value(property, value);
+ if (ret == -1)
+ return -2;
+
+ ret = scf_value_get_astring(value, auditstring, len);
+ if (ret == -1)
+ return -2;
+
+ scf_value_destroy(value);
+ scf_property_destroy(property);
+ scf_handle_destroy(handle);
+
+ return 0;
+}
+#endif
+
+/*
+ * Check if the specified event is selected (enabled) for auditing.
+ * Returns 1 if the event is selected, 0 if not and -1 on failure.
+ */
+static int
+selected(char *username, uid_t uid, au_event_t event, int sf)
+{
+ int rc, sorf;
+ char naflags[512];
+ struct au_mask mask;
+
+ mask.am_success = mask.am_failure = 0;
+ if (uid < 0) {
+ /* get flags for non-attributable (to a real user) events */
+ rc = getacna(naflags, sizeof(naflags));
+ if (rc == 0)
+ (void) getauditflagsbin(naflags, &mask);
+ } else
+ rc = au_user_mask(username, &mask);
+
+ sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE;
+ return(au_preselect(event, &mask, sorf, AU_PRS_REREAD));
+}
+
+static void
+bsm_audit_record(int typ, char *string, au_event_t event_no)
+{
+ int ad, rc, sel;
+ uid_t uid = -1;
+ gid_t gid = -1;
+ pid_t pid = getpid();
+ AuditInfoTermID tid = ssh_bsm_tid;
+
+ if (the_authctxt != NULL && the_authctxt->valid) {
+ uid = the_authctxt->pw->pw_uid;
+ gid = the_authctxt->pw->pw_gid;
+ }
+
+ rc = (typ == 0) ? 0 : -1;
+ sel = selected(the_authctxt->user, uid, event_no, rc);
+ debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string);
+ if (!sel)
+ return; /* audit event does not match mask, do not write */
+
+ debug3("BSM audit: writing audit new record");
+ ad = au_open();
+
+ (void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid,
+ pid, pid, &tid));
+ (void) au_write(ad, au_to_text(string));
+ (void) au_write(ad, AUToReturnFunc(typ, rc));
+
+#ifdef BROKEN_BSM_API
+ /* The last argument is the event modifier flags. For
+ some seemingly undocumented reason it was added in
+ Solaris 11. */
+ rc = au_close(ad, AU_TO_WRITE, event_no, 0);
+#else
+ rc = au_close(ad, AU_TO_WRITE, event_no);
+#endif
+
+ if (rc < 0)
+ error("BSM audit: %s failed to write \"%s\" record: %s",
+ __func__, string, strerror(errno));
+}
+
+static void
+bsm_audit_session_setup(void)
+{
+ int rc;
+ struct AuditInfoStruct info;
+ au_mask_t mask;
+
+ if (the_authctxt == NULL) {
+ error("BSM audit: session setup internal error (NULL ctxt)");
+ return;
+ }
+
+ if (the_authctxt->valid)
+ info.ai_auid = the_authctxt->pw->pw_uid;
+ else
+ info.ai_auid = -1;
+ info.ai_asid = getpid();
+ mask.am_success = 0;
+ mask.am_failure = 0;
+
+ (void) au_user_mask(the_authctxt->user, &mask);
+
+ info.ai_mask.am_success = mask.am_success;
+ info.ai_mask.am_failure = mask.am_failure;
+
+ info.ai_termid = ssh_bsm_tid;
+
+ rc = SetAuditFunc(&info, sizeof(info));
+ if (rc < 0)
+ error("BSM audit: %s: %s failed: %s", __func__,
+ SetAuditFuncText, strerror(errno));
+}
+
+static void
+bsm_audit_bad_login(const char *what)
+{
+ char textbuf[BSM_TEXTBUFSZ];
+
+ if (the_authctxt->valid) {
+ (void) snprintf(textbuf, sizeof (textbuf),
+ gettext("invalid %s for user %s"),
+ what, the_authctxt->user);
+ bsm_audit_record(4, textbuf, AUE_openssh);
+ } else {
+ (void) snprintf(textbuf, sizeof (textbuf),
+ gettext("invalid user name \"%s\""),
+ the_authctxt->user);
+ bsm_audit_record(3, textbuf, AUE_openssh);
+ }
+}
+
+/* Below is the sshd audit API code */
+
+void
+audit_connection_from(const char *host, int port)
+{
+ AuditInfoTermID *tid = &ssh_bsm_tid;
+ char buf[1024];
+
+ if (cannot_audit(0))
+ return;
+ debug3("BSM audit: connection from %.100s port %d", host, port);
+
+ /* populate our terminal id structure */
+#if defined(HAVE_GETAUDIT_ADDR)
+ tid->at_port = (dev_t)port;
+ aug_get_machine((char *)host, &(tid->at_addr[0]), &(tid->at_type));
+ snprintf(buf, sizeof(buf), "%08x %08x %08x %08x", tid->at_addr[0],
+ tid->at_addr[1], tid->at_addr[2], tid->at_addr[3]);
+ debug3("BSM audit: iptype %d machine ID %s", (int)tid->at_type, buf);
+#else
+ /* this is used on IPv4-only machines */
+ tid->port = (dev_t)port;
+ tid->machine = inet_addr(host);
+ snprintf(buf, sizeof(buf), "%08x", tid->machine);
+ debug3("BSM audit: machine ID %s", buf);
+#endif
+}
+
+void
+audit_run_command(const char *command)
+{
+ /* not implemented */
+}
+
+void
+audit_session_open(struct logininfo *li)
+{
+ /* not implemented */
+}
+
+void
+audit_session_close(struct logininfo *li)
+{
+ /* not implemented */
+}
+
+void
+audit_event(ssh_audit_event_t event)
+{
+ char textbuf[BSM_TEXTBUFSZ];
+ static int logged_in = 0;
+ const char *user = the_authctxt ? the_authctxt->user : "(unknown user)";
+
+ if (cannot_audit(0))
+ return;
+
+ switch(event) {
+ case SSH_AUTH_SUCCESS:
+ logged_in = 1;
+ bsm_audit_session_setup();
+ snprintf(textbuf, sizeof(textbuf),
+ gettext("successful login %s"), user);
+ bsm_audit_record(0, textbuf, AUE_openssh);
+ break;
+
+ case SSH_CONNECTION_CLOSE:
+ /*
+ * We can also get a close event if the user attempted auth
+ * but never succeeded.
+ */
+ if (logged_in) {
+ snprintf(textbuf, sizeof(textbuf),
+ gettext("sshd logout %s"), the_authctxt->user);
+ bsm_audit_record(0, textbuf, AUE_logout);
+ } else {
+ debug("%s: connection closed without authentication",
+ __func__);
+ }
+ break;
+
+ case SSH_NOLOGIN:
+ bsm_audit_record(1,
+ gettext("logins disabled by /etc/nologin"), AUE_openssh);
+ break;
+
+ case SSH_LOGIN_EXCEED_MAXTRIES:
+ snprintf(textbuf, sizeof(textbuf),
+ gettext("too many tries for user %s"), the_authctxt->user);
+ bsm_audit_record(1, textbuf, AUE_openssh);
+ break;
+
+ case SSH_LOGIN_ROOT_DENIED:
+ bsm_audit_record(2, gettext("not_console"), AUE_openssh);
+ break;
+
+ case SSH_AUTH_FAIL_PASSWD:
+ bsm_audit_bad_login("password");
+ break;
+
+ case SSH_AUTH_FAIL_KBDINT:
+ bsm_audit_bad_login("interactive password entry");
+ break;
+
+ default:
+ debug("%s: unhandled event %d", __func__, event);
+ }
+}
+#endif /* BSM */
diff --git a/openssh-6.0p1/audit-linux.c b/openssh-6.0p1/audit-linux.c
new file mode 100644
index 0000000..b3ee2f4
--- /dev/null
+++ b/openssh-6.0p1/audit-linux.c
@@ -0,0 +1,126 @@
+/* $Id: audit-linux.c,v 1.1 2011/01/17 10:15:30 dtucker Exp $ */
+
+/*
+ * Copyright 2010 Red Hat, Inc. All rights reserved.
+ * Use is subject to license terms.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Red Hat author: Jan F. Chadima <jchadima@redhat.com>
+ */
+
+#include "includes.h"
+#if defined(USE_LINUX_AUDIT)
+#include <libaudit.h>
+#include <unistd.h>
+#include <string.h>
+
+#include "log.h"
+#include "audit.h"
+#include "canohost.h"
+
+const char* audit_username(void);
+
+int
+linux_audit_record_event(int uid, const char *username,
+ const char *hostname, const char *ip, const char *ttyn, int success)
+{
+ int audit_fd, rc, saved_errno;
+
+ audit_fd = audit_open();
+ if (audit_fd < 0) {
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+ errno == EAFNOSUPPORT)
+ return 1; /* No audit support in kernel */
+ else
+ return 0; /* Must prevent login */
+ }
+ rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
+ NULL, "login", username ? username : "(unknown)",
+ username == NULL ? uid : -1, hostname, ip, ttyn, success);
+ saved_errno = errno;
+ close(audit_fd);
+ /*
+ * Do not report error if the error is EPERM and sshd is run as non
+ * root user.
+ */
+ if ((rc == -EPERM) && (geteuid() != 0))
+ rc = 0;
+ errno = saved_errno;
+ return (rc >= 0);
+}
+
+/* Below is the sshd audit API code */
+
+void
+audit_connection_from(const char *host, int port)
+{
+}
+ /* not implemented */
+
+void
+audit_run_command(const char *command)
+{
+ /* not implemented */
+}
+
+void
+audit_session_open(struct logininfo *li)
+{
+ if (linux_audit_record_event(li->uid, NULL, li->hostname,
+ NULL, li->line, 1) == 0)
+ fatal("linux_audit_write_entry failed: %s", strerror(errno));
+}
+
+void
+audit_session_close(struct logininfo *li)
+{
+ /* not implemented */
+}
+
+void
+audit_event(ssh_audit_event_t event)
+{
+ switch(event) {
+ case SSH_AUTH_SUCCESS:
+ case SSH_CONNECTION_CLOSE:
+ case SSH_NOLOGIN:
+ case SSH_LOGIN_EXCEED_MAXTRIES:
+ case SSH_LOGIN_ROOT_DENIED:
+ break;
+
+ case SSH_AUTH_FAIL_NONE:
+ case SSH_AUTH_FAIL_PASSWD:
+ case SSH_AUTH_FAIL_KBDINT:
+ case SSH_AUTH_FAIL_PUBKEY:
+ case SSH_AUTH_FAIL_HOSTBASED:
+ case SSH_AUTH_FAIL_GSSAPI:
+ case SSH_INVALID_USER:
+ linux_audit_record_event(-1, audit_username(), NULL,
+ get_remote_ipaddr(), "sshd", 0);
+ break;
+
+ default:
+ debug("%s: unhandled event %d", __func__, event);
+ }
+}
+
+#endif /* USE_LINUX_AUDIT */
diff --git a/openssh-6.0p1/audit.c b/openssh-6.0p1/audit.c
new file mode 100644
index 0000000..ced57fa
--- /dev/null
+++ b/openssh-6.0p1/audit.c
@@ -0,0 +1,186 @@
+/* $Id: audit.c,v 1.6 2011/01/17 10:15:30 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <stdarg.h>
+#include <string.h>
+
+#ifdef SSH_AUDIT_EVENTS
+
+#include "audit.h"
+#include "log.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+
+/*
+ * Care must be taken when using this since it WILL NOT be initialized when
+ * audit_connection_from() is called and MAY NOT be initialized when
+ * audit_event(CONNECTION_ABANDON) is called. Test for NULL before using.
+ */
+extern Authctxt *the_authctxt;
+
+/* Maybe add the audit class to struct Authmethod? */
+ssh_audit_event_t
+audit_classify_auth(const char *method)
+{
+ if (strcmp(method, "none") == 0)
+ return SSH_AUTH_FAIL_NONE;
+ else if (strcmp(method, "password") == 0)
+ return SSH_AUTH_FAIL_PASSWD;
+ else if (strcmp(method, "publickey") == 0 ||
+ strcmp(method, "rsa") == 0)
+ return SSH_AUTH_FAIL_PUBKEY;
+ else if (strncmp(method, "keyboard-interactive", 20) == 0 ||
+ strcmp(method, "challenge-response") == 0)
+ return SSH_AUTH_FAIL_KBDINT;
+ else if (strcmp(method, "hostbased") == 0 ||
+ strcmp(method, "rhosts-rsa") == 0)
+ return SSH_AUTH_FAIL_HOSTBASED;
+ else if (strcmp(method, "gssapi-with-mic") == 0)
+ return SSH_AUTH_FAIL_GSSAPI;
+ else
+ return SSH_AUDIT_UNKNOWN;
+}
+
+/* helper to return supplied username */
+const char *
+audit_username(void)
+{
+ static const char unknownuser[] = "(unknown user)";
+ static const char invaliduser[] = "(invalid user)";
+
+ if (the_authctxt == NULL || the_authctxt->user == NULL)
+ return (unknownuser);
+ if (!the_authctxt->valid)
+ return (invaliduser);
+ return (the_authctxt->user);
+}
+
+const char *
+audit_event_lookup(ssh_audit_event_t ev)
+{
+ int i;
+ static struct event_lookup_struct {
+ ssh_audit_event_t event;
+ const char *name;
+ } event_lookup[] = {
+ {SSH_LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"},
+ {SSH_LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"},
+ {SSH_AUTH_SUCCESS, "AUTH_SUCCESS"},
+ {SSH_AUTH_FAIL_NONE, "AUTH_FAIL_NONE"},
+ {SSH_AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"},
+ {SSH_AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"},
+ {SSH_AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"},
+ {SSH_AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"},
+ {SSH_AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"},
+ {SSH_INVALID_USER, "INVALID_USER"},
+ {SSH_NOLOGIN, "NOLOGIN"},
+ {SSH_CONNECTION_CLOSE, "CONNECTION_CLOSE"},
+ {SSH_CONNECTION_ABANDON, "CONNECTION_ABANDON"},
+ {SSH_AUDIT_UNKNOWN, "AUDIT_UNKNOWN"}
+ };
+
+ for (i = 0; event_lookup[i].event != SSH_AUDIT_UNKNOWN; i++)
+ if (event_lookup[i].event == ev)
+ break;
+ return(event_lookup[i].name);
+}
+
+# ifndef CUSTOM_SSH_AUDIT_EVENTS
+/*
+ * Null implementations of audit functions.
+ * These get used if SSH_AUDIT_EVENTS is defined but no audit module is enabled.
+ */
+
+/*
+ * Called after a connection has been accepted but before any authentication
+ * has been attempted.
+ */
+void
+audit_connection_from(const char *host, int port)
+{
+ debug("audit connection from %s port %d euid %d", host, port,
+ (int)geteuid());
+}
+
+/*
+ * Called when various events occur (see audit.h for a list of possible
+ * events and what they mean).
+ */
+void
+audit_event(ssh_audit_event_t event)
+{
+ debug("audit event euid %d user %s event %d (%s)", geteuid(),
+ audit_username(), event, audit_event_lookup(event));
+}
+
+/*
+ * Called when a user session is started. Argument is the tty allocated to
+ * the session, or NULL if no tty was allocated.
+ *
+ * Note that this may be called multiple times if multiple sessions are used
+ * within a single connection.
+ */
+void
+audit_session_open(struct logininfo *li)
+{
+ const char *t = li->line ? li->line : "(no tty)";
+
+ debug("audit session open euid %d user %s tty name %s", geteuid(),
+ audit_username(), t);
+}
+
+/*
+ * Called when a user session is closed. Argument is the tty allocated to
+ * the session, or NULL if no tty was allocated.
+ *
+ * Note that this may be called multiple times if multiple sessions are used
+ * within a single connection.
+ */
+void
+audit_session_close(struct logininfo *li)
+{
+ const char *t = li->line ? li->line : "(no tty)";
+
+ debug("audit session close euid %d user %s tty name %s", geteuid(),
+ audit_username(), t);
+}
+
+/*
+ * This will be called when a user runs a non-interactive command. Note that
+ * it may be called multiple times for a single connection since SSH2 allows
+ * multiple sessions within a single connection.
+ */
+void
+audit_run_command(const char *command)
+{
+ debug("audit run command euid %d user %s command '%.200s'", geteuid(),
+ audit_username(), command);
+}
+# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
+#endif /* SSH_AUDIT_EVENTS */
diff --git a/openssh-6.0p1/audit.h b/openssh-6.0p1/audit.h
new file mode 100644
index 0000000..92ede5b
--- /dev/null
+++ b/openssh-6.0p1/audit.h
@@ -0,0 +1,57 @@
+/* $Id: audit.h,v 1.4 2011/01/17 10:15:30 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _SSH_AUDIT_H
+# define _SSH_AUDIT_H
+
+#include "loginrec.h"
+
+enum ssh_audit_event_type {
+ SSH_LOGIN_EXCEED_MAXTRIES,
+ SSH_LOGIN_ROOT_DENIED,
+ SSH_AUTH_SUCCESS,
+ SSH_AUTH_FAIL_NONE,
+ SSH_AUTH_FAIL_PASSWD,
+ SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */
+ SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */
+ SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */
+ SSH_AUTH_FAIL_GSSAPI,
+ SSH_INVALID_USER,
+ SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */
+ SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */
+ SSH_CONNECTION_ABANDON, /* closed without completing auth */
+ SSH_AUDIT_UNKNOWN
+};
+typedef enum ssh_audit_event_type ssh_audit_event_t;
+
+void audit_connection_from(const char *, int);
+void audit_event(ssh_audit_event_t);
+void audit_session_open(struct logininfo *);
+void audit_session_close(struct logininfo *);
+void audit_run_command(const char *);
+ssh_audit_event_t audit_classify_auth(const char *);
+
+#endif /* _SSH_AUDIT_H */
diff --git a/openssh-6.0p1/auth-bsdauth.c b/openssh-6.0p1/auth-bsdauth.c
new file mode 100644
index 0000000..0b3262b
--- /dev/null
+++ b/openssh-6.0p1/auth-bsdauth.c
@@ -0,0 +1,138 @@
+/* $OpenBSD: auth-bsdauth.c,v 1.11 2007/09/21 08:15:29 djm Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+
+#ifdef BSD_AUTH
+#include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "log.h"
+#include "buffer.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+
+static void *
+bsdauth_init_ctx(Authctxt *authctxt)
+{
+ return authctxt;
+}
+
+int
+bsdauth_query(void *ctx, char **name, char **infotxt,
+ u_int *numprompts, char ***prompts, u_int **echo_on)
+{
+ Authctxt *authctxt = ctx;
+ char *challenge = NULL;
+
+ if (authctxt->as != NULL) {
+ debug2("bsdauth_query: try reuse session");
+ challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
+ if (challenge == NULL) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+ }
+
+ if (challenge == NULL) {
+ debug2("bsdauth_query: new bsd auth session");
+ debug3("bsdauth_query: style %s",
+ authctxt->style ? authctxt->style : "<default>");
+ authctxt->as = auth_userchallenge(authctxt->user,
+ authctxt->style, "auth-ssh", &challenge);
+ if (authctxt->as == NULL)
+ challenge = NULL;
+ debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
+ }
+
+ if (challenge == NULL)
+ return -1;
+
+ *name = xstrdup("");
+ *infotxt = xstrdup("");
+ *numprompts = 1;
+ *prompts = xcalloc(*numprompts, sizeof(char *));
+ *echo_on = xcalloc(*numprompts, sizeof(u_int));
+ (*prompts)[0] = xstrdup(challenge);
+
+ return 0;
+}
+
+int
+bsdauth_respond(void *ctx, u_int numresponses, char **responses)
+{
+ Authctxt *authctxt = ctx;
+ int authok;
+
+ if (!authctxt->valid)
+ return -1;
+
+ if (authctxt->as == 0)
+ error("bsdauth_respond: no bsd auth session");
+
+ if (numresponses != 1)
+ return -1;
+
+ authok = auth_userresponse(authctxt->as, responses[0], 0);
+ authctxt->as = NULL;
+ debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
+
+ return (authok == 0) ? -1 : 0;
+}
+
+static void
+bsdauth_free_ctx(void *ctx)
+{
+ Authctxt *authctxt = ctx;
+
+ if (authctxt && authctxt->as) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+}
+
+KbdintDevice bsdauth_device = {
+ "bsdauth",
+ bsdauth_init_ctx,
+ bsdauth_query,
+ bsdauth_respond,
+ bsdauth_free_ctx
+};
+
+KbdintDevice mm_bsdauth_device = {
+ "bsdauth",
+ bsdauth_init_ctx,
+ mm_bsdauth_query,
+ mm_bsdauth_respond,
+ bsdauth_free_ctx
+};
+#endif
diff --git a/openssh-6.0p1/auth-chall.c b/openssh-6.0p1/auth-chall.c
new file mode 100644
index 0000000..919b1ea
--- /dev/null
+++ b/openssh-6.0p1/auth-chall.c
@@ -0,0 +1,123 @@
+/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+
+#include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "log.h"
+#include "servconf.h"
+
+/* limited protocol v1 interface to kbd-interactive authentication */
+
+extern KbdintDevice *devices[];
+static KbdintDevice *device;
+extern ServerOptions options;
+
+char *
+get_challenge(Authctxt *authctxt)
+{
+ char *challenge, *name, *info, **prompts;
+ u_int i, numprompts;
+ u_int *echo_on;
+
+#ifdef USE_PAM
+ if (!options.use_pam)
+ remove_kbdint_device("pam");
+#endif
+
+ device = devices[0]; /* we always use the 1st device for protocol 1 */
+ if (device == NULL)
+ return NULL;
+ if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL)
+ return NULL;
+ if (device->query(authctxt->kbdintctxt, &name, &info,
+ &numprompts, &prompts, &echo_on)) {
+ device->free_ctx(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ return NULL;
+ }
+ if (numprompts < 1)
+ fatal("get_challenge: numprompts < 1");
+ challenge = xstrdup(prompts[0]);
+ for (i = 0; i < numprompts; i++)
+ xfree(prompts[i]);
+ xfree(prompts);
+ xfree(name);
+ xfree(echo_on);
+ xfree(info);
+
+ return (challenge);
+}
+int
+verify_response(Authctxt *authctxt, const char *response)
+{
+ char *resp[1], *name, *info, **prompts;
+ u_int i, numprompts, *echo_on;
+ int authenticated = 0;
+
+ if (device == NULL)
+ return 0;
+ if (authctxt->kbdintctxt == NULL)
+ return 0;
+ resp[0] = (char *)response;
+ switch (device->respond(authctxt->kbdintctxt, 1, resp)) {
+ case 0: /* Success */
+ authenticated = 1;
+ break;
+ case 1: /* Postponed - retry with empty query for PAM */
+ if ((device->query(authctxt->kbdintctxt, &name, &info,
+ &numprompts, &prompts, &echo_on)) != 0)
+ break;
+ if (numprompts == 0 &&
+ device->respond(authctxt->kbdintctxt, 0, resp) == 0)
+ authenticated = 1;
+
+ for (i = 0; i < numprompts; i++)
+ xfree(prompts[i]);
+ xfree(prompts);
+ xfree(name);
+ xfree(echo_on);
+ xfree(info);
+ break;
+ }
+ device->free_ctx(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ return authenticated;
+}
+void
+abandon_challenge_response(Authctxt *authctxt)
+{
+ if (authctxt->kbdintctxt != NULL) {
+ device->free_ctx(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ }
+}
diff --git a/openssh-6.0p1/auth-krb5.c b/openssh-6.0p1/auth-krb5.c
new file mode 100644
index 0000000..d019fe2
--- /dev/null
+++ b/openssh-6.0p1/auth-krb5.c
@@ -0,0 +1,256 @@
+/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */
+/*
+ * Kerberos v5 authentication and ticket-passing routines.
+ *
+ * $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $
+ */
+/*
+ * Copyright (c) 2002 Daniel Kouril. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdarg.h>
+
+#include "xmalloc.h"
+#include "ssh.h"
+#include "ssh1.h"
+#include "packet.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+#include "uidswap.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+
+#ifdef KRB5
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#include <krb5.h>
+
+extern ServerOptions options;
+
+static int
+krb5_init(void *context)
+{
+ Authctxt *authctxt = (Authctxt *)context;
+ krb5_error_code problem;
+
+ if (authctxt->krb5_ctx == NULL) {
+ problem = krb5_init_context(&authctxt->krb5_ctx);
+ if (problem)
+ return (problem);
+ }
+ return (0);
+}
+
+int
+auth_krb5_password(Authctxt *authctxt, const char *password)
+{
+#ifndef HEIMDAL
+ krb5_creds creds;
+ krb5_principal server;
+#endif
+ krb5_error_code problem;
+ krb5_ccache ccache = NULL;
+ int len;
+ char *client, *platform_client;
+
+ /* get platform-specific kerberos client principal name (if it exists) */
+ platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name);
+ client = platform_client ? platform_client : authctxt->pw->pw_name;
+
+ temporarily_use_uid(authctxt->pw);
+
+ problem = krb5_init(authctxt);
+ if (problem)
+ goto out;
+
+ problem = krb5_parse_name(authctxt->krb5_ctx, client,
+ &authctxt->krb5_user);
+ if (problem)
+ goto out;
+
+#ifdef HEIMDAL
+ problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
+ if (problem)
+ goto out;
+
+ problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache,
+ authctxt->krb5_user);
+ if (problem)
+ goto out;
+
+ restore_uid();
+
+ problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user,
+ ccache, password, 1, NULL);
+
+ temporarily_use_uid(authctxt->pw);
+
+ if (problem)
+ goto out;
+
+ problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
+ &authctxt->krb5_fwd_ccache);
+ if (problem)
+ goto out;
+
+ problem = krb5_cc_copy_cache(authctxt->krb5_ctx, ccache,
+ authctxt->krb5_fwd_ccache);
+ krb5_cc_destroy(authctxt->krb5_ctx, ccache);
+ ccache = NULL;
+ if (problem)
+ goto out;
+
+#else
+ problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
+ authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL, NULL);
+ if (problem)
+ goto out;
+
+ problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL,
+ KRB5_NT_SRV_HST, &server);
+ if (problem)
+ goto out;
+
+ restore_uid();
+ problem = krb5_verify_init_creds(authctxt->krb5_ctx, &creds, server,
+ NULL, NULL, NULL);
+ krb5_free_principal(authctxt->krb5_ctx, server);
+ temporarily_use_uid(authctxt->pw);
+ if (problem)
+ goto out;
+
+ if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
+ problem = -1;
+ goto out;
+ }
+
+ problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
+ if (problem)
+ goto out;
+
+ problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
+ authctxt->krb5_user);
+ if (problem)
+ goto out;
+
+ problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
+ &creds);
+ if (problem)
+ goto out;
+#endif
+
+ authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
+
+ len = strlen(authctxt->krb5_ticket_file) + 6;
+ authctxt->krb5_ccname = xmalloc(len);
+ snprintf(authctxt->krb5_ccname, len, "FILE:%s",
+ authctxt->krb5_ticket_file);
+
+#ifdef USE_PAM
+ if (options.use_pam)
+ do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname);
+#endif
+
+ out:
+ restore_uid();
+
+ if (platform_client != NULL)
+ xfree(platform_client);
+
+ if (problem) {
+ if (ccache)
+ krb5_cc_destroy(authctxt->krb5_ctx, ccache);
+
+ if (authctxt->krb5_ctx != NULL && problem!=-1)
+ debug("Kerberos password authentication failed: %s",
+ krb5_get_err_text(authctxt->krb5_ctx, problem));
+ else
+ debug("Kerberos password authentication failed: %d",
+ problem);
+
+ krb5_cleanup_proc(authctxt);
+
+ if (options.kerberos_or_local_passwd)
+ return (-1);
+ else
+ return (0);
+ }
+ return (authctxt->valid ? 1 : 0);
+}
+
+void
+krb5_cleanup_proc(Authctxt *authctxt)
+{
+ debug("krb5_cleanup_proc called");
+ if (authctxt->krb5_fwd_ccache) {
+ krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
+ authctxt->krb5_fwd_ccache = NULL;
+ }
+ if (authctxt->krb5_user) {
+ krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user);
+ authctxt->krb5_user = NULL;
+ }
+ if (authctxt->krb5_ctx) {
+ krb5_free_context(authctxt->krb5_ctx);
+ authctxt->krb5_ctx = NULL;
+ }
+}
+
+#ifndef HEIMDAL
+krb5_error_code
+ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+ int tmpfd, ret;
+ char ccname[40];
+ mode_t old_umask;
+
+ ret = snprintf(ccname, sizeof(ccname),
+ "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
+ if (ret < 0 || (size_t)ret >= sizeof(ccname))
+ return ENOMEM;
+
+ old_umask = umask(0177);
+ tmpfd = mkstemp(ccname + strlen("FILE:"));
+ umask(old_umask);
+ if (tmpfd == -1) {
+ logit("mkstemp(): %.100s", strerror(errno));
+ return errno;
+ }
+
+ if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
+ logit("fchmod(): %.100s", strerror(errno));
+ close(tmpfd);
+ return errno;
+ }
+ close(tmpfd);
+
+ return (krb5_cc_resolve(ctx, ccname, ccache));
+}
+#endif /* !HEIMDAL */
+#endif /* KRB5 */
diff --git a/openssh-6.0p1/auth-options.c b/openssh-6.0p1/auth-options.c
new file mode 100644
index 0000000..0e67bd8
--- /dev/null
+++ b/openssh-6.0p1/auth-options.c
@@ -0,0 +1,635 @@
+/* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <netdb.h>
+#include <pwd.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "openbsd-compat/sys-queue.h"
+#include "xmalloc.h"
+#include "match.h"
+#include "log.h"
+#include "canohost.h"
+#include "buffer.h"
+#include "channels.h"
+#include "servconf.h"
+#include "misc.h"
+#include "key.h"
+#include "auth-options.h"
+#include "hostfile.h"
+#include "auth.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+
+/* Flags set authorized_keys flags */
+int no_port_forwarding_flag = 0;
+int no_agent_forwarding_flag = 0;
+int no_x11_forwarding_flag = 0;
+int no_pty_flag = 0;
+int no_user_rc = 0;
+int key_is_cert_authority = 0;
+
+/* "command=" option. */
+char *forced_command = NULL;
+
+/* "environment=" options. */
+struct envstring *custom_environment = NULL;
+
+/* "tunnel=" option. */
+int forced_tun_device = -1;
+
+/* "principals=" option. */
+char *authorized_principals = NULL;
+
+extern ServerOptions options;
+
+void
+auth_clear_options(void)
+{
+ no_agent_forwarding_flag = 0;
+ no_port_forwarding_flag = 0;
+ no_pty_flag = 0;
+ no_x11_forwarding_flag = 0;
+ no_user_rc = 0;
+ key_is_cert_authority = 0;
+ while (custom_environment) {
+ struct envstring *ce = custom_environment;
+ custom_environment = ce->next;
+ xfree(ce->s);
+ xfree(ce);
+ }
+ if (forced_command) {
+ xfree(forced_command);
+ forced_command = NULL;
+ }
+ if (authorized_principals) {
+ xfree(authorized_principals);
+ authorized_principals = NULL;
+ }
+ forced_tun_device = -1;
+ channel_clear_permitted_opens();
+}
+
+/*
+ * return 1 if access is granted, 0 if not.
+ * side effect: sets key option flags
+ */
+int
+auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
+{
+ const char *cp;
+ int i;
+
+ /* reset options */
+ auth_clear_options();
+
+ if (!opts)
+ return 1;
+
+ while (*opts && *opts != ' ' && *opts != '\t') {
+ cp = "cert-authority";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ key_is_cert_authority = 1;
+ opts += strlen(cp);
+ goto next_option;
+ }
+ cp = "no-port-forwarding";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ auth_debug_add("Port forwarding disabled.");
+ no_port_forwarding_flag = 1;
+ opts += strlen(cp);
+ goto next_option;
+ }
+ cp = "no-agent-forwarding";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ auth_debug_add("Agent forwarding disabled.");
+ no_agent_forwarding_flag = 1;
+ opts += strlen(cp);
+ goto next_option;
+ }
+ cp = "no-X11-forwarding";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ auth_debug_add("X11 forwarding disabled.");
+ no_x11_forwarding_flag = 1;
+ opts += strlen(cp);
+ goto next_option;
+ }
+ cp = "no-pty";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ auth_debug_add("Pty allocation disabled.");
+ no_pty_flag = 1;
+ opts += strlen(cp);
+ goto next_option;
+ }
+ cp = "no-user-rc";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ auth_debug_add("User rc file execution disabled.");
+ no_user_rc = 1;
+ opts += strlen(cp);
+ goto next_option;
+ }
+ cp = "command=\"";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ opts += strlen(cp);
+ if (forced_command != NULL)
+ xfree(forced_command);
+ forced_command = xmalloc(strlen(opts) + 1);
+ i = 0;
+ while (*opts) {
+ if (*opts == '"')
+ break;
+ if (*opts == '\\' && opts[1] == '"') {
+ opts += 2;
+ forced_command[i++] = '"';
+ continue;
+ }
+ forced_command[i++] = *opts++;
+ }
+ if (!*opts) {
+ debug("%.100s, line %lu: missing end quote",
+ file, linenum);
+ auth_debug_add("%.100s, line %lu: missing end quote",
+ file, linenum);
+ xfree(forced_command);
+ forced_command = NULL;
+ goto bad_option;
+ }
+ forced_command[i] = '\0';
+ auth_debug_add("Forced command.");
+ opts++;
+ goto next_option;
+ }
+ cp = "principals=\"";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ opts += strlen(cp);
+ if (authorized_principals != NULL)
+ xfree(authorized_principals);
+ authorized_principals = xmalloc(strlen(opts) + 1);
+ i = 0;
+ while (*opts) {
+ if (*opts == '"')
+ break;
+ if (*opts == '\\' && opts[1] == '"') {
+ opts += 2;
+ authorized_principals[i++] = '"';
+ continue;
+ }
+ authorized_principals[i++] = *opts++;
+ }
+ if (!*opts) {
+ debug("%.100s, line %lu: missing end quote",
+ file, linenum);
+ auth_debug_add("%.100s, line %lu: missing end quote",
+ file, linenum);
+ xfree(authorized_principals);
+ authorized_principals = NULL;
+ goto bad_option;
+ }
+ authorized_principals[i] = '\0';
+ auth_debug_add("principals: %.900s",
+ authorized_principals);
+ opts++;
+ goto next_option;
+ }
+ cp = "environment=\"";
+ if (options.permit_user_env &&
+ strncasecmp(opts, cp, strlen(cp)) == 0) {
+ char *s;
+ struct envstring *new_envstring;
+
+ opts += strlen(cp);
+ s = xmalloc(strlen(opts) + 1);
+ i = 0;
+ while (*opts) {
+ if (*opts == '"')
+ break;
+ if (*opts == '\\' && opts[1] == '"') {
+ opts += 2;
+ s[i++] = '"';
+ continue;
+ }
+ s[i++] = *opts++;
+ }
+ if (!*opts) {
+ debug("%.100s, line %lu: missing end quote",
+ file, linenum);
+ auth_debug_add("%.100s, line %lu: missing end quote",
+ file, linenum);
+ xfree(s);
+ goto bad_option;
+ }
+ s[i] = '\0';
+ auth_debug_add("Adding to environment: %.900s", s);
+ debug("Adding to environment: %.900s", s);
+ opts++;
+ new_envstring = xmalloc(sizeof(struct envstring));
+ new_envstring->s = s;
+ new_envstring->next = custom_environment;
+ custom_environment = new_envstring;
+ goto next_option;
+ }
+ cp = "from=\"";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ const char *remote_ip = get_remote_ipaddr();
+ const char *remote_host = get_canonical_hostname(
+ options.use_dns);
+ char *patterns = xmalloc(strlen(opts) + 1);
+
+ opts += strlen(cp);
+ i = 0;
+ while (*opts) {
+ if (*opts == '"')
+ break;
+ if (*opts == '\\' && opts[1] == '"') {
+ opts += 2;
+ patterns[i++] = '"';
+ continue;
+ }
+ patterns[i++] = *opts++;
+ }
+ if (!*opts) {
+ debug("%.100s, line %lu: missing end quote",
+ file, linenum);
+ auth_debug_add("%.100s, line %lu: missing end quote",
+ file, linenum);
+ xfree(patterns);
+ goto bad_option;
+ }
+ patterns[i] = '\0';
+ opts++;
+ switch (match_host_and_ip(remote_host, remote_ip,
+ patterns)) {
+ case 1:
+ xfree(patterns);
+ /* Host name matches. */
+ goto next_option;
+ case -1:
+ debug("%.100s, line %lu: invalid criteria",
+ file, linenum);
+ auth_debug_add("%.100s, line %lu: "
+ "invalid criteria", file, linenum);
+ /* FALLTHROUGH */
+ case 0:
+ xfree(patterns);
+ logit("Authentication tried for %.100s with "
+ "correct key but not from a permitted "
+ "host (host=%.200s, ip=%.200s).",
+ pw->pw_name, remote_host, remote_ip);
+ auth_debug_add("Your host '%.200s' is not "
+ "permitted to use this key for login.",
+ remote_host);
+ break;
+ }
+ /* deny access */
+ return 0;
+ }
+ cp = "permitopen=\"";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ char *host, *p;
+ int port;
+ char *patterns = xmalloc(strlen(opts) + 1);
+
+ opts += strlen(cp);
+ i = 0;
+ while (*opts) {
+ if (*opts == '"')
+ break;
+ if (*opts == '\\' && opts[1] == '"') {
+ opts += 2;
+ patterns[i++] = '"';
+ continue;
+ }
+ patterns[i++] = *opts++;
+ }
+ if (!*opts) {
+ debug("%.100s, line %lu: missing end quote",
+ file, linenum);
+ auth_debug_add("%.100s, line %lu: missing "
+ "end quote", file, linenum);
+ xfree(patterns);
+ goto bad_option;
+ }
+ patterns[i] = '\0';
+ opts++;
+ p = patterns;
+ host = hpdelim(&p);
+ if (host == NULL || strlen(host) >= NI_MAXHOST) {
+ debug("%.100s, line %lu: Bad permitopen "
+ "specification <%.100s>", file, linenum,
+ patterns);
+ auth_debug_add("%.100s, line %lu: "
+ "Bad permitopen specification", file,
+ linenum);
+ xfree(patterns);
+ goto bad_option;
+ }
+ host = cleanhostname(host);
+ if (p == NULL || (port = permitopen_port(p)) < 0) {
+ debug("%.100s, line %lu: Bad permitopen port "
+ "<%.100s>", file, linenum, p ? p : "");
+ auth_debug_add("%.100s, line %lu: "
+ "Bad permitopen port", file, linenum);
+ xfree(patterns);
+ goto bad_option;
+ }
+ if (options.allow_tcp_forwarding)
+ channel_add_permitted_opens(host, port);
+ xfree(patterns);
+ goto next_option;
+ }
+ cp = "tunnel=\"";
+ if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+ char *tun = NULL;
+ opts += strlen(cp);
+ tun = xmalloc(strlen(opts) + 1);
+ i = 0;
+ while (*opts) {
+ if (*opts == '"')
+ break;
+ tun[i++] = *opts++;
+ }
+ if (!*opts) {
+ debug("%.100s, line %lu: missing end quote",
+ file, linenum);
+ auth_debug_add("%.100s, line %lu: missing end quote",
+ file, linenum);
+ xfree(tun);
+ forced_tun_device = -1;
+ goto bad_option;
+ }
+ tun[i] = '\0';
+ forced_tun_device = a2tun(tun, NULL);
+ xfree(tun);
+ if (forced_tun_device == SSH_TUNID_ERR) {
+ debug("%.100s, line %lu: invalid tun device",
+ file, linenum);
+ auth_debug_add("%.100s, line %lu: invalid tun device",
+ file, linenum);
+ forced_tun_device = -1;
+ goto bad_option;
+ }
+ auth_debug_add("Forced tun device: %d", forced_tun_device);
+ opts++;
+ goto next_option;
+ }
+next_option:
+ /*
+ * Skip the comma, and move to the next option
+ * (or break out if there are no more).
+ */
+ if (!*opts)
+ fatal("Bugs in auth-options.c option processing.");
+ if (*opts == ' ' || *opts == '\t')
+ break; /* End of options. */
+ if (*opts != ',')
+ goto bad_option;
+ opts++;
+ /* Process the next option. */
+ }
+
+ /* grant access */
+ return 1;
+
+bad_option:
+ logit("Bad options in %.100s file, line %lu: %.50s",
+ file, linenum, opts);
+ auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
+ file, linenum, opts);
+
+ /* deny access */
+ return 0;
+}
+
+#define OPTIONS_CRITICAL 1
+#define OPTIONS_EXTENSIONS 2
+static int
+parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
+ u_int which, int crit,
+ int *cert_no_port_forwarding_flag,
+ int *cert_no_agent_forwarding_flag,
+ int *cert_no_x11_forwarding_flag,
+ int *cert_no_pty_flag,
+ int *cert_no_user_rc,
+ char **cert_forced_command,
+ int *cert_source_address_done)
+{
+ char *command, *allowed;
+ const char *remote_ip;
+ u_char *name = NULL, *data_blob = NULL;
+ u_int nlen, dlen, clen;
+ Buffer c, data;
+ int ret = -1, found;
+
+ buffer_init(&data);
+
+ /* Make copy to avoid altering original */
+ buffer_init(&c);
+ buffer_append(&c, optblob, optblob_len);
+
+ while (buffer_len(&c) > 0) {
+ if ((name = buffer_get_cstring_ret(&c, &nlen)) == NULL ||
+ (data_blob = buffer_get_string_ret(&c, &dlen)) == NULL) {
+ error("Certificate options corrupt");
+ goto out;
+ }
+ buffer_append(&data, data_blob, dlen);
+ debug3("found certificate option \"%.100s\" len %u",
+ name, dlen);
+ found = 0;
+ if ((which & OPTIONS_EXTENSIONS) != 0) {
+ if (strcmp(name, "permit-X11-forwarding") == 0) {
+ *cert_no_x11_forwarding_flag = 0;
+ found = 1;
+ } else if (strcmp(name,
+ "permit-agent-forwarding") == 0) {
+ *cert_no_agent_forwarding_flag = 0;
+ found = 1;
+ } else if (strcmp(name,
+ "permit-port-forwarding") == 0) {
+ *cert_no_port_forwarding_flag = 0;
+ found = 1;
+ } else if (strcmp(name, "permit-pty") == 0) {
+ *cert_no_pty_flag = 0;
+ found = 1;
+ } else if (strcmp(name, "permit-user-rc") == 0) {
+ *cert_no_user_rc = 0;
+ found = 1;
+ }
+ }
+ if (!found && (which & OPTIONS_CRITICAL) != 0) {
+ if (strcmp(name, "force-command") == 0) {
+ if ((command = buffer_get_cstring_ret(&data,
+ &clen)) == NULL) {
+ error("Certificate constraint \"%s\" "
+ "corrupt", name);
+ goto out;
+ }
+ if (*cert_forced_command != NULL) {
+ error("Certificate has multiple "
+ "force-command options");
+ xfree(command);
+ goto out;
+ }
+ *cert_forced_command = command;
+ found = 1;
+ }
+ if (strcmp(name, "source-address") == 0) {
+ if ((allowed = buffer_get_cstring_ret(&data,
+ &clen)) == NULL) {
+ error("Certificate constraint "
+ "\"%s\" corrupt", name);
+ goto out;
+ }
+ if ((*cert_source_address_done)++) {
+ error("Certificate has multiple "
+ "source-address options");
+ xfree(allowed);
+ goto out;
+ }
+ remote_ip = get_remote_ipaddr();
+ switch (addr_match_cidr_list(remote_ip,
+ allowed)) {
+ case 1:
+ /* accepted */
+ xfree(allowed);
+ break;
+ case 0:
+ /* no match */
+ logit("Authentication tried for %.100s "
+ "with valid certificate but not "
+ "from a permitted host "
+ "(ip=%.200s).", pw->pw_name,
+ remote_ip);
+ auth_debug_add("Your address '%.200s' "
+ "is not permitted to use this "
+ "certificate for login.",
+ remote_ip);
+ xfree(allowed);
+ goto out;
+ case -1:
+ error("Certificate source-address "
+ "contents invalid");
+ xfree(allowed);
+ goto out;
+ }
+ found = 1;
+ }
+ }
+
+ if (!found) {
+ if (crit) {
+ error("Certificate critical option \"%s\" "
+ "is not supported", name);
+ goto out;
+ } else {
+ logit("Certificate extension \"%s\" "
+ "is not supported", name);
+ }
+ } else if (buffer_len(&data) != 0) {
+ error("Certificate option \"%s\" corrupt "
+ "(extra data)", name);
+ goto out;
+ }
+ buffer_clear(&data);
+ xfree(name);
+ xfree(data_blob);
+ name = data_blob = NULL;
+ }
+ /* successfully parsed all options */
+ ret = 0;
+
+ out:
+ if (ret != 0 &&
+ cert_forced_command != NULL &&
+ *cert_forced_command != NULL) {
+ xfree(*cert_forced_command);
+ *cert_forced_command = NULL;
+ }
+ if (name != NULL)
+ xfree(name);
+ if (data_blob != NULL)
+ xfree(data_blob);
+ buffer_free(&data);
+ buffer_free(&c);
+ return ret;
+}
+
+/*
+ * Set options from critical certificate options. These supersede user key
+ * options so this must be called after auth_parse_options().
+ */
+int
+auth_cert_options(Key *k, struct passwd *pw)
+{
+ int cert_no_port_forwarding_flag = 1;
+ int cert_no_agent_forwarding_flag = 1;
+ int cert_no_x11_forwarding_flag = 1;
+ int cert_no_pty_flag = 1;
+ int cert_no_user_rc = 1;
+ char *cert_forced_command = NULL;
+ int cert_source_address_done = 0;
+
+ if (key_cert_is_legacy(k)) {
+ /* All options are in the one field for v00 certs */
+ if (parse_option_list(buffer_ptr(&k->cert->critical),
+ buffer_len(&k->cert->critical), pw,
+ OPTIONS_CRITICAL|OPTIONS_EXTENSIONS, 1,
+ &cert_no_port_forwarding_flag,
+ &cert_no_agent_forwarding_flag,
+ &cert_no_x11_forwarding_flag,
+ &cert_no_pty_flag,
+ &cert_no_user_rc,
+ &cert_forced_command,
+ &cert_source_address_done) == -1)
+ return -1;
+ } else {
+ /* Separate options and extensions for v01 certs */
+ if (parse_option_list(buffer_ptr(&k->cert->critical),
+ buffer_len(&k->cert->critical), pw,
+ OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
+ &cert_forced_command,
+ &cert_source_address_done) == -1)
+ return -1;
+ if (parse_option_list(buffer_ptr(&k->cert->extensions),
+ buffer_len(&k->cert->extensions), pw,
+ OPTIONS_EXTENSIONS, 1,
+ &cert_no_port_forwarding_flag,
+ &cert_no_agent_forwarding_flag,
+ &cert_no_x11_forwarding_flag,
+ &cert_no_pty_flag,
+ &cert_no_user_rc,
+ NULL, NULL) == -1)
+ return -1;
+ }
+
+ no_port_forwarding_flag |= cert_no_port_forwarding_flag;
+ no_agent_forwarding_flag |= cert_no_agent_forwarding_flag;
+ no_x11_forwarding_flag |= cert_no_x11_forwarding_flag;
+ no_pty_flag |= cert_no_pty_flag;
+ no_user_rc |= cert_no_user_rc;
+ /* CA-specified forced command supersedes key option */
+ if (cert_forced_command != NULL) {
+ if (forced_command != NULL)
+ xfree(forced_command);
+ forced_command = cert_forced_command;
+ }
+ return 0;
+}
+
diff --git a/openssh-6.0p1/auth-options.h b/openssh-6.0p1/auth-options.h
new file mode 100644
index 0000000..7455c94
--- /dev/null
+++ b/openssh-6.0p1/auth-options.h
@@ -0,0 +1,40 @@
+/* $OpenBSD: auth-options.h,v 1.20 2010/05/07 11:30:29 djm Exp $ */
+
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#ifndef AUTH_OPTIONS_H
+#define AUTH_OPTIONS_H
+
+/* Linked list of custom environment strings */
+struct envstring {
+ struct envstring *next;
+ char *s;
+};
+
+/* Flags that may be set in authorized_keys options. */
+extern int no_port_forwarding_flag;
+extern int no_agent_forwarding_flag;
+extern int no_x11_forwarding_flag;
+extern int no_pty_flag;
+extern int no_user_rc;
+extern char *forced_command;
+extern struct envstring *custom_environment;
+extern int forced_tun_device;
+extern int key_is_cert_authority;
+extern char *authorized_principals;
+
+int auth_parse_options(struct passwd *, char *, char *, u_long);
+void auth_clear_options(void);
+int auth_cert_options(Key *, struct passwd *);
+
+#endif
diff --git a/openssh-6.0p1/auth-pam.c b/openssh-6.0p1/auth-pam.c
new file mode 100644
index 0000000..675006e
--- /dev/null
+++ b/openssh-6.0p1/auth-pam.c
@@ -0,0 +1,1221 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright (c) 2003,2004 Damien Miller <djm@mindrot.org>
+ * Copyright (c) 2003,2004 Darren Tucker <dtucker@zip.com.au>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+
+#include <errno.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
+
+#ifdef USE_PAM
+#if defined(HAVE_SECURITY_PAM_APPL_H)
+#include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+
+/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */
+#ifdef PAM_SUN_CODEBASE
+# define sshpam_const /* Solaris, HP-UX, AIX */
+#else
+# define sshpam_const const /* LinuxPAM, OpenPAM */
+#endif
+
+/* Ambiguity in spec: is it an array of pointers or a pointer to an array? */
+#ifdef PAM_SUN_CODEBASE
+# define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member)
+#else
+# define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member)
+#endif
+
+#include "xmalloc.h"
+#include "buffer.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "auth-pam.h"
+#include "canohost.h"
+#include "log.h"
+#include "msg.h"
+#include "packet.h"
+#include "misc.h"
+#include "servconf.h"
+#include "ssh2.h"
+#include "auth-options.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+
+extern ServerOptions options;
+extern Buffer loginmsg;
+extern int compat20;
+extern u_int utmp_len;
+
+/* so we don't silently change behaviour */
+#ifdef USE_POSIX_THREADS
+# error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK"
+#endif
+
+/*
+ * Formerly known as USE_POSIX_THREADS, using this is completely unsupported
+ * and generally a bad idea. Use at own risk and do not expect support if
+ * this breaks.
+ */
+#ifdef UNSUPPORTED_POSIX_THREADS_HACK
+#include <pthread.h>
+/*
+ * Avoid namespace clash when *not* using pthreads for systems *with*
+ * pthreads, which unconditionally define pthread_t via sys/types.h
+ * (e.g. Linux)
+ */
+typedef pthread_t sp_pthread_t;
+#else
+typedef pid_t sp_pthread_t;
+#endif
+
+struct pam_ctxt {
+ sp_pthread_t pam_thread;
+ int pam_psock;
+ int pam_csock;
+ int pam_done;
+};
+
+static void sshpam_free_ctx(void *);
+static struct pam_ctxt *cleanup_ctxt;
+
+#ifndef UNSUPPORTED_POSIX_THREADS_HACK
+/*
+ * Simulate threads with processes.
+ */
+
+static int sshpam_thread_status = -1;
+static mysig_t sshpam_oldsig;
+
+static void
+sshpam_sigchld_handler(int sig)
+{
+ signal(SIGCHLD, SIG_DFL);
+ if (cleanup_ctxt == NULL)
+ return; /* handler called after PAM cleanup, shouldn't happen */
+ if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
+ <= 0) {
+ /* PAM thread has not exitted, privsep slave must have */
+ kill(cleanup_ctxt->pam_thread, SIGTERM);
+ if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
+ <= 0)
+ return; /* could not wait */
+ }
+ if (WIFSIGNALED(sshpam_thread_status) &&
+ WTERMSIG(sshpam_thread_status) == SIGTERM)
+ return; /* terminated by pthread_cancel */
+ if (!WIFEXITED(sshpam_thread_status))
+ sigdie("PAM: authentication thread exited unexpectedly");
+ if (WEXITSTATUS(sshpam_thread_status) != 0)
+ sigdie("PAM: authentication thread exited uncleanly");
+}
+
+/* ARGSUSED */
+static void
+pthread_exit(void *value)
+{
+ _exit(0);
+}
+
+/* ARGSUSED */
+static int
+pthread_create(sp_pthread_t *thread, const void *attr,
+ void *(*thread_start)(void *), void *arg)
+{
+ pid_t pid;
+ struct pam_ctxt *ctx = arg;
+
+ sshpam_thread_status = -1;
+ switch ((pid = fork())) {
+ case -1:
+ error("fork(): %s", strerror(errno));
+ return (-1);
+ case 0:
+ close(ctx->pam_psock);
+ ctx->pam_psock = -1;
+ thread_start(arg);
+ _exit(1);
+ default:
+ *thread = pid;
+ close(ctx->pam_csock);
+ ctx->pam_csock = -1;
+ sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
+ return (0);
+ }
+}
+
+static int
+pthread_cancel(sp_pthread_t thread)
+{
+ signal(SIGCHLD, sshpam_oldsig);
+ return (kill(thread, SIGTERM));
+}
+
+/* ARGSUSED */
+static int
+pthread_join(sp_pthread_t thread, void **value)
+{
+ int status;
+
+ if (sshpam_thread_status != -1)
+ return (sshpam_thread_status);
+ signal(SIGCHLD, sshpam_oldsig);
+ waitpid(thread, &status, 0);
+ return (status);
+}
+#endif
+
+
+static pam_handle_t *sshpam_handle = NULL;
+static int sshpam_err = 0;
+static int sshpam_authenticated = 0;
+static int sshpam_session_open = 0;
+static int sshpam_cred_established = 0;
+static int sshpam_account_status = -1;
+static char **sshpam_env = NULL;
+static Authctxt *sshpam_authctxt = NULL;
+static const char *sshpam_password = NULL;
+static char badpw[] = "\b\n\r\177INCORRECT";
+
+/* Some PAM implementations don't implement this */
+#ifndef HAVE_PAM_GETENVLIST
+static char **
+pam_getenvlist(pam_handle_t *pamh)
+{
+ /*
+ * XXX - If necessary, we can still support envrionment passing
+ * for platforms without pam_getenvlist by searching for known
+ * env vars (e.g. KRB5CCNAME) from the PAM environment.
+ */
+ return NULL;
+}
+#endif
+
+/*
+ * Some platforms, notably Solaris, do not enforce password complexity
+ * rules during pam_chauthtok() if the real uid of the calling process
+ * is 0, on the assumption that it's being called by "passwd" run by root.
+ * This wraps pam_chauthtok and sets/restore the real uid so PAM will do
+ * the right thing.
+ */
+#ifdef SSHPAM_CHAUTHTOK_NEEDS_RUID
+static int
+sshpam_chauthtok_ruid(pam_handle_t *pamh, int flags)
+{
+ int result;
+
+ if (sshpam_authctxt == NULL)
+ fatal("PAM: sshpam_authctxt not initialized");
+ if (setreuid(sshpam_authctxt->pw->pw_uid, -1) == -1)
+ fatal("%s: setreuid failed: %s", __func__, strerror(errno));
+ result = pam_chauthtok(pamh, flags);
+ if (setreuid(0, -1) == -1)
+ fatal("%s: setreuid failed: %s", __func__, strerror(errno));
+ return result;
+}
+# define pam_chauthtok(a,b) (sshpam_chauthtok_ruid((a), (b)))
+#endif
+
+void
+sshpam_password_change_required(int reqd)
+{
+ debug3("%s %d", __func__, reqd);
+ if (sshpam_authctxt == NULL)
+ fatal("%s: PAM authctxt not initialized", __func__);
+ sshpam_authctxt->force_pwchange = reqd;
+ if (reqd) {
+ no_port_forwarding_flag |= 2;
+ no_agent_forwarding_flag |= 2;
+ no_x11_forwarding_flag |= 2;
+ } else {
+ no_port_forwarding_flag &= ~2;
+ no_agent_forwarding_flag &= ~2;
+ no_x11_forwarding_flag &= ~2;
+ }
+}
+
+/* Import regular and PAM environment from subprocess */
+static void
+import_environments(Buffer *b)
+{
+ char *env;
+ u_int i, num_env;
+ int err;
+
+ debug3("PAM: %s entering", __func__);
+
+#ifndef UNSUPPORTED_POSIX_THREADS_HACK
+ /* Import variables set by do_pam_account */
+ sshpam_account_status = buffer_get_int(b);
+ sshpam_password_change_required(buffer_get_int(b));
+
+ /* Import environment from subprocess */
+ num_env = buffer_get_int(b);
+ if (num_env > 1024)
+ fatal("%s: received %u environment variables, expected <= 1024",
+ __func__, num_env);
+ sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env));
+ debug3("PAM: num env strings %d", num_env);
+ for(i = 0; i < num_env; i++)
+ sshpam_env[i] = buffer_get_string(b, NULL);
+
+ sshpam_env[num_env] = NULL;
+
+ /* Import PAM environment from subprocess */
+ num_env = buffer_get_int(b);
+ debug("PAM: num PAM env strings %d", num_env);
+ for(i = 0; i < num_env; i++) {
+ env = buffer_get_string(b, NULL);
+
+#ifdef HAVE_PAM_PUTENV
+ /* Errors are not fatal here */
+ if ((err = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) {
+ error("PAM: pam_putenv: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ }
+#endif
+ }
+#endif
+}
+
+/*
+ * Conversation function for authentication thread.
+ */
+static int
+sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ Buffer buffer;
+ struct pam_ctxt *ctxt;
+ struct pam_response *reply;
+ int i;
+
+ debug3("PAM: %s entering, %d messages", __func__, n);
+ *resp = NULL;
+
+ if (data == NULL) {
+ error("PAM: conversation function passed a null context");
+ return (PAM_CONV_ERR);
+ }
+ ctxt = data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
+
+ if ((reply = calloc(n, sizeof(*reply))) == NULL)
+ return (PAM_CONV_ERR);
+
+ buffer_init(&buffer);
+ for (i = 0; i < n; ++i) {
+ switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
+ case PAM_PROMPT_ECHO_OFF:
+ buffer_put_cstring(&buffer,
+ PAM_MSG_MEMBER(msg, i, msg));
+ if (ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
+ goto fail;
+ if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
+ goto fail;
+ if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+ goto fail;
+ reply[i].resp = buffer_get_string(&buffer, NULL);
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ buffer_put_cstring(&buffer,
+ PAM_MSG_MEMBER(msg, i, msg));
+ if (ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
+ goto fail;
+ if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
+ goto fail;
+ if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+ goto fail;
+ reply[i].resp = buffer_get_string(&buffer, NULL);
+ break;
+ case PAM_ERROR_MSG:
+ buffer_put_cstring(&buffer,
+ PAM_MSG_MEMBER(msg, i, msg));
+ if (ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
+ goto fail;
+ break;
+ case PAM_TEXT_INFO:
+ buffer_put_cstring(&buffer,
+ PAM_MSG_MEMBER(msg, i, msg));
+ if (ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
+ goto fail;
+ break;
+ default:
+ goto fail;
+ }
+ buffer_clear(&buffer);
+ }
+ buffer_free(&buffer);
+ *resp = reply;
+ return (PAM_SUCCESS);
+
+ fail:
+ for(i = 0; i < n; i++) {
+ if (reply[i].resp != NULL)
+ xfree(reply[i].resp);
+ }
+ xfree(reply);
+ buffer_free(&buffer);
+ return (PAM_CONV_ERR);
+}
+
+/*
+ * Authentication thread.
+ */
+static void *
+sshpam_thread(void *ctxtp)
+{
+ struct pam_ctxt *ctxt = ctxtp;
+ Buffer buffer;
+ struct pam_conv sshpam_conv;
+ int flags = (options.permit_empty_passwd == 0 ?
+ PAM_DISALLOW_NULL_AUTHTOK : 0);
+#ifndef UNSUPPORTED_POSIX_THREADS_HACK
+ extern char **environ;
+ char **env_from_pam;
+ u_int i;
+ const char *pam_user;
+ const char **ptr_pam_user = &pam_user;
+ char *tz = getenv("TZ");
+
+ pam_get_item(sshpam_handle, PAM_USER,
+ (sshpam_const void **)ptr_pam_user);
+
+ environ[0] = NULL;
+ if (tz != NULL)
+ if (setenv("TZ", tz, 1) == -1)
+ error("PAM: could not set TZ environment: %s",
+ strerror(errno));
+
+ if (sshpam_authctxt != NULL) {
+ setproctitle("%s [pam]",
+ sshpam_authctxt->valid ? pam_user : "unknown");
+ }
+#endif
+
+ sshpam_conv.conv = sshpam_thread_conv;
+ sshpam_conv.appdata_ptr = ctxt;
+
+ if (sshpam_authctxt == NULL)
+ fatal("%s: PAM authctxt not initialized", __func__);
+
+ buffer_init(&buffer);
+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ (const void *)&sshpam_conv);
+ if (sshpam_err != PAM_SUCCESS)
+ goto auth_fail;
+ sshpam_err = pam_authenticate(sshpam_handle, flags);
+ if (sshpam_err != PAM_SUCCESS)
+ goto auth_fail;
+
+ if (compat20) {
+ if (!do_pam_account()) {
+ sshpam_err = PAM_ACCT_EXPIRED;
+ goto auth_fail;
+ }
+ if (sshpam_authctxt->force_pwchange) {
+ sshpam_err = pam_chauthtok(sshpam_handle,
+ PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (sshpam_err != PAM_SUCCESS)
+ goto auth_fail;
+ sshpam_password_change_required(0);
+ }
+ }
+
+ buffer_put_cstring(&buffer, "OK");
+
+#ifndef UNSUPPORTED_POSIX_THREADS_HACK
+ /* Export variables set by do_pam_account */
+ buffer_put_int(&buffer, sshpam_account_status);
+ buffer_put_int(&buffer, sshpam_authctxt->force_pwchange);
+
+ /* Export any environment strings set in child */
+ for(i = 0; environ[i] != NULL; i++)
+ ; /* Count */
+ buffer_put_int(&buffer, i);
+ for(i = 0; environ[i] != NULL; i++)
+ buffer_put_cstring(&buffer, environ[i]);
+
+ /* Export any environment strings set by PAM in child */
+ env_from_pam = pam_getenvlist(sshpam_handle);
+ for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++)
+ ; /* Count */
+ buffer_put_int(&buffer, i);
+ for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++)
+ buffer_put_cstring(&buffer, env_from_pam[i]);
+#endif /* UNSUPPORTED_POSIX_THREADS_HACK */
+
+ /* XXX - can't do much about an error here */
+ ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
+ buffer_free(&buffer);
+ pthread_exit(NULL);
+
+ auth_fail:
+ buffer_put_cstring(&buffer,
+ pam_strerror(sshpam_handle, sshpam_err));
+ /* XXX - can't do much about an error here */
+ if (sshpam_err == PAM_ACCT_EXPIRED)
+ ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer);
+ else
+ ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
+ buffer_free(&buffer);
+ pthread_exit(NULL);
+
+ return (NULL); /* Avoid warning for non-pthread case */
+}
+
+void
+sshpam_thread_cleanup(void)
+{
+ struct pam_ctxt *ctxt = cleanup_ctxt;
+
+ debug3("PAM: %s entering", __func__);
+ if (ctxt != NULL && ctxt->pam_thread != 0) {
+ pthread_cancel(ctxt->pam_thread);
+ pthread_join(ctxt->pam_thread, NULL);
+ close(ctxt->pam_psock);
+ close(ctxt->pam_csock);
+ memset(ctxt, 0, sizeof(*ctxt));
+ cleanup_ctxt = NULL;
+ }
+}
+
+static int
+sshpam_null_conv(int n, sshpam_const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ debug3("PAM: %s entering, %d messages", __func__, n);
+ return (PAM_CONV_ERR);
+}
+
+static struct pam_conv null_conv = { sshpam_null_conv, NULL };
+
+static int
+sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ struct pam_response *reply;
+ int i;
+ size_t len;
+
+ debug3("PAM: %s called with %d messages", __func__, n);
+ *resp = NULL;
+
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
+
+ if ((reply = calloc(n, sizeof(*reply))) == NULL)
+ return (PAM_CONV_ERR);
+
+ for (i = 0; i < n; ++i) {
+ switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ len = strlen(PAM_MSG_MEMBER(msg, i, msg));
+ buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len);
+ buffer_append(&loginmsg, "\n", 1 );
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ default:
+ goto fail;
+ }
+ }
+ *resp = reply;
+ return (PAM_SUCCESS);
+
+ fail:
+ for(i = 0; i < n; i++) {
+ if (reply[i].resp != NULL)
+ xfree(reply[i].resp);
+ }
+ xfree(reply);
+ return (PAM_CONV_ERR);
+}
+
+static struct pam_conv store_conv = { sshpam_store_conv, NULL };
+
+void
+sshpam_cleanup(void)
+{
+ if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
+ return;
+ debug("PAM: cleanup");
+ pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
+ if (sshpam_session_open) {
+ debug("PAM: closing session");
+ pam_close_session(sshpam_handle, PAM_SILENT);
+ sshpam_session_open = 0;
+ }
+ if (sshpam_cred_established) {
+ debug("PAM: deleting credentials");
+ pam_setcred(sshpam_handle, PAM_DELETE_CRED);
+ sshpam_cred_established = 0;
+ }
+ sshpam_authenticated = 0;
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
+}
+
+static int
+sshpam_init(Authctxt *authctxt)
+{
+ extern char *__progname;
+ const char *pam_rhost, *pam_user, *user = authctxt->user;
+ const char **ptr_pam_user = &pam_user;
+
+ if (sshpam_handle != NULL) {
+ /* We already have a PAM context; check if the user matches */
+ sshpam_err = pam_get_item(sshpam_handle,
+ PAM_USER, (sshpam_const void **)ptr_pam_user);
+ if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
+ return (0);
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
+ }
+ debug("PAM: initializing for \"%s\"", user);
+ sshpam_err =
+ pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
+ sshpam_authctxt = authctxt;
+
+ if (sshpam_err != PAM_SUCCESS) {
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
+ return (-1);
+ }
+ pam_rhost = get_remote_name_or_ip(utmp_len, options.use_dns);
+ debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
+ sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
+ if (sshpam_err != PAM_SUCCESS) {
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
+ return (-1);
+ }
+#ifdef PAM_TTY_KLUDGE
+ /*
+ * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
+ * sshd doesn't set the tty until too late in the auth process and
+ * may not even set one (for tty-less connections)
+ */
+ debug("PAM: setting PAM_TTY to \"ssh\"");
+ sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
+ if (sshpam_err != PAM_SUCCESS) {
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
+ return (-1);
+ }
+#endif
+ return (0);
+}
+
+static void *
+sshpam_init_ctx(Authctxt *authctxt)
+{
+ struct pam_ctxt *ctxt;
+ int socks[2];
+
+ debug3("PAM: %s entering", __func__);
+ /*
+ * Refuse to start if we don't have PAM enabled or do_pam_account
+ * has previously failed.
+ */
+ if (!options.use_pam || sshpam_account_status == 0)
+ return NULL;
+
+ /* Initialize PAM */
+ if (sshpam_init(authctxt) == -1) {
+ error("PAM: initialization failed");
+ return (NULL);
+ }
+
+ ctxt = xcalloc(1, sizeof *ctxt);
+
+ /* Start the authentication thread */
+ if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
+ error("PAM: failed create sockets: %s", strerror(errno));
+ xfree(ctxt);
+ return (NULL);
+ }
+ ctxt->pam_psock = socks[0];
+ ctxt->pam_csock = socks[1];
+ if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
+ error("PAM: failed to start authentication thread: %s",
+ strerror(errno));
+ close(socks[0]);
+ close(socks[1]);
+ xfree(ctxt);
+ return (NULL);
+ }
+ cleanup_ctxt = ctxt;
+ return (ctxt);
+}
+
+static int
+sshpam_query(void *ctx, char **name, char **info,
+ u_int *num, char ***prompts, u_int **echo_on)
+{
+ Buffer buffer;
+ struct pam_ctxt *ctxt = ctx;
+ size_t plen;
+ u_char type;
+ char *msg;
+ size_t len, mlen;
+
+ debug3("PAM: %s entering", __func__);
+ buffer_init(&buffer);
+ *name = xstrdup("");
+ *info = xstrdup("");
+ *prompts = xmalloc(sizeof(char *));
+ **prompts = NULL;
+ plen = 0;
+ *echo_on = xmalloc(sizeof(u_int));
+ while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) {
+ type = buffer_get_char(&buffer);
+ msg = buffer_get_string(&buffer, NULL);
+ mlen = strlen(msg);
+ switch (type) {
+ case PAM_PROMPT_ECHO_ON:
+ case PAM_PROMPT_ECHO_OFF:
+ *num = 1;
+ len = plen + mlen + 1;
+ **prompts = xrealloc(**prompts, 1, len);
+ strlcpy(**prompts + plen, msg, len - plen);
+ plen += mlen;
+ **echo_on = (type == PAM_PROMPT_ECHO_ON);
+ xfree(msg);
+ return (0);
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ /* accumulate messages */
+ len = plen + mlen + 2;
+ **prompts = xrealloc(**prompts, 1, len);
+ strlcpy(**prompts + plen, msg, len - plen);
+ plen += mlen;
+ strlcat(**prompts + plen, "\n", len - plen);
+ plen++;
+ xfree(msg);
+ break;
+ case PAM_ACCT_EXPIRED:
+ sshpam_account_status = 0;
+ /* FALLTHROUGH */
+ case PAM_AUTH_ERR:
+ debug3("PAM: %s", pam_strerror(sshpam_handle, type));
+ if (**prompts != NULL && strlen(**prompts) != 0) {
+ *info = **prompts;
+ **prompts = NULL;
+ *num = 0;
+ **echo_on = 0;
+ ctxt->pam_done = -1;
+ xfree(msg);
+ return 0;
+ }
+ /* FALLTHROUGH */
+ case PAM_SUCCESS:
+ if (**prompts != NULL) {
+ /* drain any accumulated messages */
+ debug("PAM: %s", **prompts);
+ buffer_append(&loginmsg, **prompts,
+ strlen(**prompts));
+ xfree(**prompts);
+ **prompts = NULL;
+ }
+ if (type == PAM_SUCCESS) {
+ if (!sshpam_authctxt->valid ||
+ (sshpam_authctxt->pw->pw_uid == 0 &&
+ options.permit_root_login != PERMIT_YES))
+ fatal("Internal error: PAM auth "
+ "succeeded when it should have "
+ "failed");
+ import_environments(&buffer);
+ *num = 0;
+ **echo_on = 0;
+ ctxt->pam_done = 1;
+ xfree(msg);
+ return (0);
+ }
+ error("PAM: %s for %s%.100s from %.100s", msg,
+ sshpam_authctxt->valid ? "" : "illegal user ",
+ sshpam_authctxt->user,
+ get_remote_name_or_ip(utmp_len, options.use_dns));
+ /* FALLTHROUGH */
+ default:
+ *num = 0;
+ **echo_on = 0;
+ xfree(msg);
+ ctxt->pam_done = -1;
+ return (-1);
+ }
+ }
+ return (-1);
+}
+
+/* XXX - see also comment in auth-chall.c:verify_response */
+static int
+sshpam_respond(void *ctx, u_int num, char **resp)
+{
+ Buffer buffer;
+ struct pam_ctxt *ctxt = ctx;
+
+ debug2("PAM: %s entering, %u responses", __func__, num);
+ switch (ctxt->pam_done) {
+ case 1:
+ sshpam_authenticated = 1;
+ return (0);
+ case 0:
+ break;
+ default:
+ return (-1);
+ }
+ if (num != 1) {
+ error("PAM: expected one response, got %u", num);
+ return (-1);
+ }
+ buffer_init(&buffer);
+ if (sshpam_authctxt->valid &&
+ (sshpam_authctxt->pw->pw_uid != 0 ||
+ options.permit_root_login == PERMIT_YES))
+ buffer_put_cstring(&buffer, *resp);
+ else
+ buffer_put_cstring(&buffer, badpw);
+ if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
+ buffer_free(&buffer);
+ return (-1);
+ }
+ buffer_free(&buffer);
+ return (1);
+}
+
+static void
+sshpam_free_ctx(void *ctxtp)
+{
+ struct pam_ctxt *ctxt = ctxtp;
+
+ debug3("PAM: %s entering", __func__);
+ sshpam_thread_cleanup();
+ xfree(ctxt);
+ /*
+ * We don't call sshpam_cleanup() here because we may need the PAM
+ * handle at a later stage, e.g. when setting up a session. It's
+ * still on the cleanup list, so pam_end() *will* be called before
+ * the server process terminates.
+ */
+}
+
+KbdintDevice sshpam_device = {
+ "pam",
+ sshpam_init_ctx,
+ sshpam_query,
+ sshpam_respond,
+ sshpam_free_ctx
+};
+
+KbdintDevice mm_sshpam_device = {
+ "pam",
+ mm_sshpam_init_ctx,
+ mm_sshpam_query,
+ mm_sshpam_respond,
+ mm_sshpam_free_ctx
+};
+
+/*
+ * This replaces auth-pam.c
+ */
+void
+start_pam(Authctxt *authctxt)
+{
+ if (!options.use_pam)
+ fatal("PAM: initialisation requested when UsePAM=no");
+
+ if (sshpam_init(authctxt) == -1)
+ fatal("PAM: initialisation failed");
+}
+
+void
+finish_pam(void)
+{
+ sshpam_cleanup();
+}
+
+u_int
+do_pam_account(void)
+{
+ debug("%s: called", __func__);
+ if (sshpam_account_status != -1)
+ return (sshpam_account_status);
+
+ sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
+ debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err,
+ pam_strerror(sshpam_handle, sshpam_err));
+
+ if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
+ sshpam_account_status = 0;
+ return (sshpam_account_status);
+ }
+
+ if (sshpam_err == PAM_NEW_AUTHTOK_REQD)
+ sshpam_password_change_required(1);
+
+ sshpam_account_status = 1;
+ return (sshpam_account_status);
+}
+
+void
+do_pam_set_tty(const char *tty)
+{
+ if (tty != NULL) {
+ debug("PAM: setting PAM_TTY to \"%s\"", tty);
+ sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_TTY: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ }
+}
+
+void
+do_pam_setcred(int init)
+{
+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ (const void *)&store_conv);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_CONV: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ if (init) {
+ debug("PAM: establishing credentials");
+ sshpam_err = pam_setcred(sshpam_handle, PAM_ESTABLISH_CRED);
+ } else {
+ debug("PAM: reinitializing credentials");
+ sshpam_err = pam_setcred(sshpam_handle, PAM_REINITIALIZE_CRED);
+ }
+ if (sshpam_err == PAM_SUCCESS) {
+ sshpam_cred_established = 1;
+ return;
+ }
+ if (sshpam_authenticated)
+ fatal("PAM: pam_setcred(): %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ else
+ debug("PAM: pam_setcred(): %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+}
+
+static int
+sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ char input[PAM_MAX_MSG_SIZE];
+ struct pam_response *reply;
+ int i;
+
+ debug3("PAM: %s called with %d messages", __func__, n);
+
+ *resp = NULL;
+
+ if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO))
+ return (PAM_CONV_ERR);
+
+ if ((reply = calloc(n, sizeof(*reply))) == NULL)
+ return (PAM_CONV_ERR);
+
+ for (i = 0; i < n; ++i) {
+ switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
+ case PAM_PROMPT_ECHO_OFF:
+ reply[i].resp =
+ read_passphrase(PAM_MSG_MEMBER(msg, i, msg),
+ RP_ALLOW_STDIN);
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg));
+ if (fgets(input, sizeof input, stdin) == NULL)
+ input[0] = '\0';
+ if ((reply[i].resp = strdup(input)) == NULL)
+ goto fail;
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg));
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ default:
+ goto fail;
+ }
+ }
+ *resp = reply;
+ return (PAM_SUCCESS);
+
+ fail:
+ for(i = 0; i < n; i++) {
+ if (reply[i].resp != NULL)
+ xfree(reply[i].resp);
+ }
+ xfree(reply);
+ return (PAM_CONV_ERR);
+}
+
+static struct pam_conv tty_conv = { sshpam_tty_conv, NULL };
+
+/*
+ * XXX this should be done in the authentication phase, but ssh1 doesn't
+ * support that
+ */
+void
+do_pam_chauthtok(void)
+{
+ if (use_privsep)
+ fatal("Password expired (unable to change with privsep)");
+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ (const void *)&tty_conv);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_CONV: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ debug("PAM: changing password");
+ sshpam_err = pam_chauthtok(sshpam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: pam_chauthtok(): %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+}
+
+void
+do_pam_session(void)
+{
+ debug3("PAM: opening session");
+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ (const void *)&store_conv);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_CONV: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ sshpam_err = pam_open_session(sshpam_handle, 0);
+ if (sshpam_err == PAM_SUCCESS)
+ sshpam_session_open = 1;
+ else {
+ sshpam_session_open = 0;
+ disable_forwarding();
+ error("PAM: pam_open_session(): %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ }
+
+}
+
+int
+is_pam_session_open(void)
+{
+ return sshpam_session_open;
+}
+
+/*
+ * Set a PAM environment string. We need to do this so that the session
+ * modules can handle things like Kerberos/GSI credentials that appear
+ * during the ssh authentication process.
+ */
+int
+do_pam_putenv(char *name, char *value)
+{
+ int ret = 1;
+#ifdef HAVE_PAM_PUTENV
+ char *compound;
+ size_t len;
+
+ len = strlen(name) + strlen(value) + 2;
+ compound = xmalloc(len);
+
+ snprintf(compound, len, "%s=%s", name, value);
+ ret = pam_putenv(sshpam_handle, compound);
+ xfree(compound);
+#endif
+
+ return (ret);
+}
+
+char **
+fetch_pam_child_environment(void)
+{
+ return sshpam_env;
+}
+
+char **
+fetch_pam_environment(void)
+{
+ return (pam_getenvlist(sshpam_handle));
+}
+
+void
+free_pam_environment(char **env)
+{
+ char **envp;
+
+ if (env == NULL)
+ return;
+
+ for (envp = env; *envp; envp++)
+ xfree(*envp);
+ xfree(env);
+}
+
+/*
+ * "Blind" conversation function for password authentication. Assumes that
+ * echo-off prompts are for the password and stores messages for later
+ * display.
+ */
+static int
+sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ struct pam_response *reply;
+ int i;
+ size_t len;
+
+ debug3("PAM: %s called with %d messages", __func__, n);
+
+ *resp = NULL;
+
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
+
+ if ((reply = calloc(n, sizeof(*reply))) == NULL)
+ return (PAM_CONV_ERR);
+
+ for (i = 0; i < n; ++i) {
+ switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
+ case PAM_PROMPT_ECHO_OFF:
+ if (sshpam_password == NULL)
+ goto fail;
+ if ((reply[i].resp = strdup(sshpam_password)) == NULL)
+ goto fail;
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ len = strlen(PAM_MSG_MEMBER(msg, i, msg));
+ if (len > 0) {
+ buffer_append(&loginmsg,
+ PAM_MSG_MEMBER(msg, i, msg), len);
+ buffer_append(&loginmsg, "\n", 1);
+ }
+ if ((reply[i].resp = strdup("")) == NULL)
+ goto fail;
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ default:
+ goto fail;
+ }
+ }
+ *resp = reply;
+ return (PAM_SUCCESS);
+
+ fail:
+ for(i = 0; i < n; i++) {
+ if (reply[i].resp != NULL)
+ xfree(reply[i].resp);
+ }
+ xfree(reply);
+ return (PAM_CONV_ERR);
+}
+
+static struct pam_conv passwd_conv = { sshpam_passwd_conv, NULL };
+
+/*
+ * Attempt password authentication via PAM
+ */
+int
+sshpam_auth_passwd(Authctxt *authctxt, const char *password)
+{
+ int flags = (options.permit_empty_passwd == 0 ?
+ PAM_DISALLOW_NULL_AUTHTOK : 0);
+
+ if (!options.use_pam || sshpam_handle == NULL)
+ fatal("PAM: %s called when PAM disabled or failed to "
+ "initialise.", __func__);
+
+ sshpam_password = password;
+ sshpam_authctxt = authctxt;
+
+ /*
+ * If the user logging in is invalid, or is root but is not permitted
+ * by PermitRootLogin, use an invalid password to prevent leaking
+ * information via timing (eg if the PAM config has a delay on fail).
+ */
+ if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
+ options.permit_root_login != PERMIT_YES))
+ sshpam_password = badpw;
+
+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ (const void *)&passwd_conv);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: %s: failed to set PAM_CONV: %s", __func__,
+ pam_strerror(sshpam_handle, sshpam_err));
+
+ sshpam_err = pam_authenticate(sshpam_handle, flags);
+ sshpam_password = NULL;
+ if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
+ debug("PAM: password authentication accepted for %.100s",
+ authctxt->user);
+ return 1;
+ } else {
+ debug("PAM: password authentication failed for %.100s: %s",
+ authctxt->valid ? authctxt->user : "an illegal user",
+ pam_strerror(sshpam_handle, sshpam_err));
+ return 0;
+ }
+}
+#endif /* USE_PAM */
diff --git a/openssh-6.0p1/auth-pam.h b/openssh-6.0p1/auth-pam.h
new file mode 100644
index 0000000..a1a2b52
--- /dev/null
+++ b/openssh-6.0p1/auth-pam.h
@@ -0,0 +1,50 @@
+/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2000 Damien Miller. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifdef USE_PAM
+
+#if !defined(SSHD_PAM_SERVICE)
+# define SSHD_PAM_SERVICE __progname
+#endif
+
+void start_pam(Authctxt *);
+void finish_pam(void);
+u_int do_pam_account(void);
+void do_pam_session(void);
+void do_pam_set_tty(const char *);
+void do_pam_setcred(int );
+void do_pam_chauthtok(void);
+int do_pam_putenv(char *, char *);
+char ** fetch_pam_environment(void);
+char ** fetch_pam_child_environment(void);
+void free_pam_environment(char **);
+void sshpam_thread_cleanup(void);
+void sshpam_cleanup(void);
+int sshpam_auth_passwd(Authctxt *, const char *);
+int is_pam_session_open(void);
+
+#endif /* USE_PAM */
diff --git a/openssh-6.0p1/auth-passwd.c b/openssh-6.0p1/auth-passwd.c
new file mode 100644
index 0000000..b1c6ce0
--- /dev/null
+++ b/openssh-6.0p1/auth-passwd.c
@@ -0,0 +1,214 @@
+/* $OpenBSD: auth-passwd.c,v 1.43 2007/09/21 08:15:29 djm Exp $ */
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ * Password authentication. This file contains the functions to check whether
+ * the password is valid for the user.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ *
+ * Copyright (c) 1999 Dug Song. All rights reserved.
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <pwd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+
+#include "packet.h"
+#include "buffer.h"
+#include "log.h"
+#include "servconf.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "auth-options.h"
+
+extern Buffer loginmsg;
+extern ServerOptions options;
+
+#ifdef HAVE_LOGIN_CAP
+extern login_cap_t *lc;
+#endif
+
+
+#define DAY (24L * 60 * 60) /* 1 day in seconds */
+#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */
+
+void
+disable_forwarding(void)
+{
+ no_port_forwarding_flag = 1;
+ no_agent_forwarding_flag = 1;
+ no_x11_forwarding_flag = 1;
+}
+
+/*
+ * Tries to authenticate the user using password. Returns true if
+ * authentication succeeds.
+ */
+int
+auth_password(Authctxt *authctxt, const char *password)
+{
+ struct passwd * pw = authctxt->pw;
+ int result, ok = authctxt->valid;
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+ static int expire_checked = 0;
+#endif
+
+#ifndef HAVE_CYGWIN
+ if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+ ok = 0;
+#endif
+ if (*password == '\0' && options.permit_empty_passwd == 0)
+ return 0;
+
+#ifdef KRB5
+ if (options.kerberos_authentication == 1) {
+ int ret = auth_krb5_password(authctxt, password);
+ if (ret == 1 || ret == 0)
+ return ret && ok;
+ /* Fall back to ordinary passwd authentication. */
+ }
+#endif
+#ifdef HAVE_CYGWIN
+ {
+ HANDLE hToken = cygwin_logon_user(pw, password);
+
+ if (hToken == INVALID_HANDLE_VALUE)
+ return 0;
+ cygwin_set_impersonation_token(hToken);
+ return ok;
+ }
+#endif
+#ifdef USE_PAM
+ if (options.use_pam)
+ return (sshpam_auth_passwd(authctxt, password) && ok);
+#endif
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+ if (!expire_checked) {
+ expire_checked = 1;
+ if (auth_shadow_pwexpired(authctxt))
+ authctxt->force_pwchange = 1;
+ }
+#endif
+ result = sys_auth_passwd(authctxt, password);
+ if (authctxt->force_pwchange)
+ disable_forwarding();
+ return (result && ok);
+}
+
+#ifdef BSD_AUTH
+static void
+warn_expiry(Authctxt *authctxt, auth_session_t *as)
+{
+ char buf[256];
+ quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime;
+
+ pwwarntime = acwarntime = TWO_WEEKS;
+
+ pwtimeleft = auth_check_change(as);
+ actimeleft = auth_check_expire(as);
+#ifdef HAVE_LOGIN_CAP
+ if (authctxt->valid) {
+ pwwarntime = login_getcaptime(lc, "password-warn", TWO_WEEKS,
+ TWO_WEEKS);
+ acwarntime = login_getcaptime(lc, "expire-warn", TWO_WEEKS,
+ TWO_WEEKS);
+ }
+#endif
+ if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
+ daysleft = pwtimeleft / DAY + 1;
+ snprintf(buf, sizeof(buf),
+ "Your password will expire in %lld day%s.\n",
+ daysleft, daysleft == 1 ? "" : "s");
+ buffer_append(&loginmsg, buf, strlen(buf));
+ }
+ if (actimeleft != 0 && actimeleft < acwarntime) {
+ daysleft = actimeleft / DAY + 1;
+ snprintf(buf, sizeof(buf),
+ "Your account will expire in %lld day%s.\n",
+ daysleft, daysleft == 1 ? "" : "s");
+ buffer_append(&loginmsg, buf, strlen(buf));
+ }
+}
+
+int
+sys_auth_passwd(Authctxt *authctxt, const char *password)
+{
+ struct passwd *pw = authctxt->pw;
+ auth_session_t *as;
+ static int expire_checked = 0;
+
+ as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
+ (char *)password);
+ if (as == NULL)
+ return (0);
+ if (auth_getstate(as) & AUTH_PWEXPIRED) {
+ auth_close(as);
+ disable_forwarding();
+ authctxt->force_pwchange = 1;
+ return (1);
+ } else {
+ if (!expire_checked) {
+ expire_checked = 1;
+ warn_expiry(authctxt, as);
+ }
+ return (auth_close(as));
+ }
+}
+#elif !defined(CUSTOM_SYS_AUTH_PASSWD)
+int
+sys_auth_passwd(Authctxt *authctxt, const char *password)
+{
+ struct passwd *pw = authctxt->pw;
+ char *encrypted_password;
+
+ /* Just use the supplied fake password if authctxt is invalid */
+ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
+
+ /* Check for users with no password. */
+ if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
+ return (1);
+
+ /* Encrypt the candidate password using the proper salt. */
+ encrypted_password = xcrypt(password,
+ (pw_password[0] && pw_password[1]) ? pw_password : "xx");
+
+ /*
+ * Authentication is accepted if the encrypted passwords
+ * are identical.
+ */
+ return (strcmp(encrypted_password, pw_password) == 0);
+}
+#endif
diff --git a/openssh-6.0p1/auth-rh-rsa.c b/openssh-6.0p1/auth-rh-rsa.c
new file mode 100644
index 0000000..b21a0f4
--- /dev/null
+++ b/openssh-6.0p1/auth-rh-rsa.c
@@ -0,0 +1,103 @@
+/* $OpenBSD: auth-rh-rsa.c,v 1.43 2010/03/04 10:36:03 djm Exp $ */
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ * Rhosts or /etc/hosts.equiv authentication combined with RSA host
+ * authentication.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <pwd.h>
+#include <stdarg.h>
+
+#include "packet.h"
+#include "uidswap.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+#include "key.h"
+#include "hostfile.h"
+#include "pathnames.h"
+#include "auth.h"
+#include "canohost.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+
+/* import */
+extern ServerOptions options;
+
+int
+auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
+ Key *client_host_key)
+{
+ HostStatus host_status;
+
+ if (auth_key_is_revoked(client_host_key))
+ return 0;
+
+ /* Check if we would accept it using rhosts authentication. */
+ if (!auth_rhosts(pw, cuser))
+ return 0;
+
+ host_status = check_key_in_hostfiles(pw, client_host_key,
+ chost, _PATH_SSH_SYSTEM_HOSTFILE,
+ options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
+
+ return (host_status == HOST_OK);
+}
+
+/*
+ * Tries to authenticate the user using the .rhosts file and the host using
+ * its host key. Returns true if authentication succeeds.
+ */
+int
+auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
+{
+ char *chost;
+ struct passwd *pw = authctxt->pw;
+
+ debug("Trying rhosts with RSA host authentication for client user %.100s",
+ cuser);
+
+ if (!authctxt->valid || client_host_key == NULL ||
+ client_host_key->rsa == NULL)
+ return 0;
+
+ chost = (char *)get_canonical_hostname(options.use_dns);
+ debug("Rhosts RSA authentication: canonical host %.900s", chost);
+
+ if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) {
+ debug("Rhosts with RSA host authentication denied: unknown or invalid host key");
+ packet_send_debug("Your host key cannot be verified: unknown or invalid host key.");
+ return 0;
+ }
+ /* A matching host key was found and is known. */
+
+ /* Perform the challenge-response dialog with the client for the host key. */
+ if (!auth_rsa_challenge_dialog(client_host_key)) {
+ logit("Client on %.800s failed to respond correctly to host authentication.",
+ chost);
+ return 0;
+ }
+ /*
+ * We have authenticated the user using .rhosts or /etc/hosts.equiv,
+ * and the host using RSA. We accept the authentication.
+ */
+
+ verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
+ pw->pw_name, cuser, chost);
+ packet_send_debug("Rhosts with RSA host authentication accepted.");
+ return 1;
+}
diff --git a/openssh-6.0p1/auth-rhosts.c b/openssh-6.0p1/auth-rhosts.c
new file mode 100644
index 0000000..06ae7f0
--- /dev/null
+++ b/openssh-6.0p1/auth-rhosts.c
@@ -0,0 +1,321 @@
+/* $OpenBSD: auth-rhosts.c,v 1.44 2010/03/07 11:57:13 dtucker Exp $ */
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ * Rhosts authentication. This file contains code to check whether to admit
+ * the login based on rhosts authentication. This file also processes
+ * /etc/hosts.equiv.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#ifdef HAVE_NETGROUP_H
+# include <netgroup.h>
+#endif
+#include <pwd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "packet.h"
+#include "buffer.h"
+#include "uidswap.h"
+#include "pathnames.h"
+#include "log.h"
+#include "servconf.h"
+#include "canohost.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "misc.h"
+
+/* import */
+extern ServerOptions options;
+extern int use_privsep;
+
+/*
+ * This function processes an rhosts-style file (.rhosts, .shosts, or
+ * /etc/hosts.equiv). This returns true if authentication can be granted
+ * based on the file, and returns zero otherwise.
+ */
+
+static int
+check_rhosts_file(const char *filename, const char *hostname,
+ const char *ipaddr, const char *client_user,
+ const char *server_user)
+{
+ FILE *f;
+ char buf[1024]; /* Must not be larger than host, user, dummy below. */
+ int fd;
+ struct stat st;
+
+ /* Open the .rhosts file, deny if unreadable */
+ if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1)
+ return 0;
+ if (fstat(fd, &st) == -1) {
+ close(fd);
+ return 0;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ logit("User %s hosts file %s is not a regular file",
+ server_user, filename);
+ close(fd);
+ return 0;
+ }
+ unset_nonblock(fd);
+ if ((f = fdopen(fd, "r")) == NULL) {
+ close(fd);
+ return 0;
+ }
+ while (fgets(buf, sizeof(buf), f)) {
+ /* All three must be at least as big as buf to avoid overflows. */
+ char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp;
+ int negated;
+
+ for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
+ ;
+ if (*cp == '#' || *cp == '\n' || !*cp)
+ continue;
+
+ /*
+ * NO_PLUS is supported at least on OSF/1. We skip it (we
+ * don't ever support the plus syntax).
+ */
+ if (strncmp(cp, "NO_PLUS", 7) == 0)
+ continue;
+
+ /*
+ * This should be safe because each buffer is as big as the
+ * whole string, and thus cannot be overwritten.
+ */
+ switch (sscanf(buf, "%1023s %1023s %1023s", hostbuf, userbuf,
+ dummy)) {
+ case 0:
+ auth_debug_add("Found empty line in %.100s.", filename);
+ continue;
+ case 1:
+ /* Host name only. */
+ strlcpy(userbuf, server_user, sizeof(userbuf));
+ break;
+ case 2:
+ /* Got both host and user name. */
+ break;
+ case 3:
+ auth_debug_add("Found garbage in %.100s.", filename);
+ continue;
+ default:
+ /* Weird... */
+ continue;
+ }
+
+ host = hostbuf;
+ user = userbuf;
+ negated = 0;
+
+ /* Process negated host names, or positive netgroups. */
+ if (host[0] == '-') {
+ negated = 1;
+ host++;
+ } else if (host[0] == '+')
+ host++;
+
+ if (user[0] == '-') {
+ negated = 1;
+ user++;
+ } else if (user[0] == '+')
+ user++;
+
+ /* Check for empty host/user names (particularly '+'). */
+ if (!host[0] || !user[0]) {
+ /* We come here if either was '+' or '-'. */
+ auth_debug_add("Ignoring wild host/user names in %.100s.",
+ filename);
+ continue;
+ }
+ /* Verify that host name matches. */
+ if (host[0] == '@') {
+ if (!innetgr(host + 1, hostname, NULL, NULL) &&
+ !innetgr(host + 1, ipaddr, NULL, NULL))
+ continue;
+ } else if (strcasecmp(host, hostname) && strcmp(host, ipaddr) != 0)
+ continue; /* Different hostname. */
+
+ /* Verify that user name matches. */
+ if (user[0] == '@') {
+ if (!innetgr(user + 1, NULL, client_user, NULL))
+ continue;
+ } else if (strcmp(user, client_user) != 0)
+ continue; /* Different username. */
+
+ /* Found the user and host. */
+ fclose(f);
+
+ /* If the entry was negated, deny access. */
+ if (negated) {
+ auth_debug_add("Matched negative entry in %.100s.",
+ filename);
+ return 0;
+ }
+ /* Accept authentication. */
+ return 1;
+ }
+
+ /* Authentication using this file denied. */
+ fclose(f);
+ return 0;
+}
+
+/*
+ * Tries to authenticate the user using the .shosts or .rhosts file. Returns
+ * true if authentication succeeds. If ignore_rhosts is true, only
+ * /etc/hosts.equiv will be considered (.rhosts and .shosts are ignored).
+ */
+
+int
+auth_rhosts(struct passwd *pw, const char *client_user)
+{
+ const char *hostname, *ipaddr;
+
+ hostname = get_canonical_hostname(options.use_dns);
+ ipaddr = get_remote_ipaddr();
+ return auth_rhosts2(pw, client_user, hostname, ipaddr);
+}
+
+static int
+auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostname,
+ const char *ipaddr)
+{
+ char buf[1024];
+ struct stat st;
+ static const char *rhosts_files[] = {".shosts", ".rhosts", NULL};
+ u_int rhosts_file_index;
+
+ debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
+ client_user, hostname, ipaddr);
+
+ /* Switch to the user's uid. */
+ temporarily_use_uid(pw);
+ /*
+ * Quick check: if the user has no .shosts or .rhosts files, return
+ * failure immediately without doing costly lookups from name
+ * servers.
+ */
+ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
+ rhosts_file_index++) {
+ /* Check users .rhosts or .shosts. */
+ snprintf(buf, sizeof buf, "%.500s/%.100s",
+ pw->pw_dir, rhosts_files[rhosts_file_index]);
+ if (stat(buf, &st) >= 0)
+ break;
+ }
+ /* Switch back to privileged uid. */
+ restore_uid();
+
+ /* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
+ if (!rhosts_files[rhosts_file_index] &&
+ stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
+ stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
+ return 0;
+
+ /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
+ if (pw->pw_uid != 0) {
+ if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
+ client_user, pw->pw_name)) {
+ auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
+ hostname, ipaddr);
+ return 1;
+ }
+ if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr,
+ client_user, pw->pw_name)) {
+ auth_debug_add("Accepted for %.100s [%.100s] by %.100s.",
+ hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
+ return 1;
+ }
+ }
+ /*
+ * Check that the home directory is owned by root or the user, and is
+ * not group or world writable.
+ */
+ if (stat(pw->pw_dir, &st) < 0) {
+ logit("Rhosts authentication refused for %.100s: "
+ "no home directory %.200s", pw->pw_name, pw->pw_dir);
+ auth_debug_add("Rhosts authentication refused for %.100s: "
+ "no home directory %.200s", pw->pw_name, pw->pw_dir);
+ return 0;
+ }
+ if (options.strict_modes &&
+ ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+ (st.st_mode & 022) != 0)) {
+ logit("Rhosts authentication refused for %.100s: "
+ "bad ownership or modes for home directory.", pw->pw_name);
+ auth_debug_add("Rhosts authentication refused for %.100s: "
+ "bad ownership or modes for home directory.", pw->pw_name);
+ return 0;
+ }
+ /* Temporarily use the user's uid. */
+ temporarily_use_uid(pw);
+
+ /* Check all .rhosts files (currently .shosts and .rhosts). */
+ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
+ rhosts_file_index++) {
+ /* Check users .rhosts or .shosts. */
+ snprintf(buf, sizeof buf, "%.500s/%.100s",
+ pw->pw_dir, rhosts_files[rhosts_file_index]);
+ if (stat(buf, &st) < 0)
+ continue;
+
+ /*
+ * Make sure that the file is either owned by the user or by
+ * root, and make sure it is not writable by anyone but the
+ * owner. This is to help avoid novices accidentally
+ * allowing access to their account by anyone.
+ */
+ if (options.strict_modes &&
+ ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+ (st.st_mode & 022) != 0)) {
+ logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
+ pw->pw_name, buf);
+ auth_debug_add("Bad file modes for %.200s", buf);
+ continue;
+ }
+ /* Check if we have been configured to ignore .rhosts and .shosts files. */
+ if (options.ignore_rhosts) {
+ auth_debug_add("Server has been configured to ignore %.100s.",
+ rhosts_files[rhosts_file_index]);
+ continue;
+ }
+ /* Check if authentication is permitted by the file. */
+ if (check_rhosts_file(buf, hostname, ipaddr, client_user, pw->pw_name)) {
+ auth_debug_add("Accepted by %.100s.",
+ rhosts_files[rhosts_file_index]);
+ /* Restore the privileged uid. */
+ restore_uid();
+ auth_debug_add("Accepted host %s ip %s client_user %s server_user %s",
+ hostname, ipaddr, client_user, pw->pw_name);
+ return 1;
+ }
+ }
+
+ /* Restore the privileged uid. */
+ restore_uid();
+ return 0;
+}
+
+int
+auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
+ const char *ipaddr)
+{
+ return auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
+}
diff --git a/openssh-6.0p1/auth-rsa.c b/openssh-6.0p1/auth-rsa.c
new file mode 100644
index 0000000..4ab46cd
--- /dev/null
+++ b/openssh-6.0p1/auth-rsa.c
@@ -0,0 +1,337 @@
+/* $OpenBSD: auth-rsa.c,v 1.80 2011/05/23 03:30:07 djm Exp $ */
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ * RSA-based authentication. This code determines whether to admit a login
+ * based on RSA authentication. This file also contains functions to check
+ * validity of the host key.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <openssl/rsa.h>
+#include <openssl/md5.h>
+
+#include <pwd.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include "xmalloc.h"
+#include "rsa.h"
+#include "packet.h"
+#include "ssh1.h"
+#include "uidswap.h"
+#include "match.h"
+#include "buffer.h"
+#include "pathnames.h"
+#include "log.h"
+#include "servconf.h"
+#include "key.h"
+#include "auth-options.h"
+#include "hostfile.h"
+#include "auth.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+#include "ssh.h"
+#include "misc.h"
+
+/* import */
+extern ServerOptions options;
+
+/*
+ * Session identifier that is used to bind key exchange and authentication
+ * responses to a particular session.
+ */
+extern u_char session_id[16];
+
+/*
+ * The .ssh/authorized_keys file contains public keys, one per line, in the
+ * following format:
+ * options bits e n comment
+ * where bits, e and n are decimal numbers,
+ * and comment is any string of characters up to newline. The maximum
+ * length of a line is SSH_MAX_PUBKEY_BYTES characters. See sshd(8) for a
+ * description of the options.
+ */
+
+BIGNUM *
+auth_rsa_generate_challenge(Key *key)
+{
+ BIGNUM *challenge;
+ BN_CTX *ctx;
+
+ if ((challenge = BN_new()) == NULL)
+ fatal("auth_rsa_generate_challenge: BN_new() failed");
+ /* Generate a random challenge. */
+ if (BN_rand(challenge, 256, 0, 0) == 0)
+ fatal("auth_rsa_generate_challenge: BN_rand failed");
+ if ((ctx = BN_CTX_new()) == NULL)
+ fatal("auth_rsa_generate_challenge: BN_CTX_new failed");
+ if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0)
+ fatal("auth_rsa_generate_challenge: BN_mod failed");
+ BN_CTX_free(ctx);
+
+ return challenge;
+}
+
+int
+auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
+{
+ u_char buf[32], mdbuf[16];
+ MD5_CTX md;
+ int len;
+
+ /* don't allow short keys */
+ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+ error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits",
+ BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
+ return (0);
+ }
+
+ /* The response is MD5 of decrypted challenge plus session id. */
+ len = BN_num_bytes(challenge);
+ if (len <= 0 || len > 32)
+ fatal("auth_rsa_verify_response: bad challenge length %d", len);
+ memset(buf, 0, 32);
+ BN_bn2bin(challenge, buf + 32 - len);
+ MD5_Init(&md);
+ MD5_Update(&md, buf, 32);
+ MD5_Update(&md, session_id, 16);
+ MD5_Final(mdbuf, &md);
+
+ /* Verify that the response is the original challenge. */
+ if (timingsafe_bcmp(response, mdbuf, 16) != 0) {
+ /* Wrong answer. */
+ return (0);
+ }
+ /* Correct answer. */
+ return (1);
+}
+
+/*
+ * Performs the RSA authentication challenge-response dialog with the client,
+ * and returns true (non-zero) if the client gave the correct answer to
+ * our challenge; returns zero if the client gives a wrong answer.
+ */
+
+int
+auth_rsa_challenge_dialog(Key *key)
+{
+ BIGNUM *challenge, *encrypted_challenge;
+ u_char response[16];
+ int i, success;
+
+ if ((encrypted_challenge = BN_new()) == NULL)
+ fatal("auth_rsa_challenge_dialog: BN_new() failed");
+
+ challenge = PRIVSEP(auth_rsa_generate_challenge(key));
+
+ /* Encrypt the challenge with the public key. */
+ rsa_public_encrypt(encrypted_challenge, challenge, key->rsa);
+
+ /* Send the encrypted challenge to the client. */
+ packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE);
+ packet_put_bignum(encrypted_challenge);
+ packet_send();
+ BN_clear_free(encrypted_challenge);
+ packet_write_wait();
+
+ /* Wait for a response. */
+ packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE);
+ for (i = 0; i < 16; i++)
+ response[i] = (u_char)packet_get_char();
+ packet_check_eom();
+
+ success = PRIVSEP(auth_rsa_verify_response(key, challenge, response));
+ BN_clear_free(challenge);
+ return (success);
+}
+
+static int
+rsa_key_allowed_in_file(struct passwd *pw, char *file,
+ const BIGNUM *client_n, Key **rkey)
+{
+ char line[SSH_MAX_PUBKEY_BYTES];
+ int allowed = 0;
+ u_int bits;
+ FILE *f;
+ u_long linenum = 0;
+ Key *key;
+
+ debug("trying public RSA key file %s", file);
+ if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
+ return 0;
+
+ /*
+ * Go though the accepted keys, looking for the current key. If
+ * found, perform a challenge-response dialog to verify that the
+ * user really has the corresponding private key.
+ */
+ key = key_new(KEY_RSA1);
+ while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+ char *cp;
+ char *key_options;
+ int keybits;
+
+ /* Skip leading whitespace, empty and comment lines. */
+ for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+ ;
+ if (!*cp || *cp == '\n' || *cp == '#')
+ continue;
+
+ /*
+ * Check if there are options for this key, and if so,
+ * save their starting address and skip the option part
+ * for now. If there are no options, set the starting
+ * address to NULL.
+ */
+ if (*cp < '0' || *cp > '9') {
+ int quoted = 0;
+ key_options = cp;
+ for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+ if (*cp == '\\' && cp[1] == '"')
+ cp++; /* Skip both */
+ else if (*cp == '"')
+ quoted = !quoted;
+ }
+ } else
+ key_options = NULL;
+
+ /* Parse the key from the line. */
+ if (hostfile_read_key(&cp, &bits, key) == 0) {
+ debug("%.100s, line %lu: non ssh1 key syntax",
+ file, linenum);
+ continue;
+ }
+ /* cp now points to the comment part. */
+
+ /*
+ * Check if the we have found the desired key (identified
+ * by its modulus).
+ */
+ if (BN_cmp(key->rsa->n, client_n) != 0)
+ continue;
+
+ /* check the real bits */
+ keybits = BN_num_bits(key->rsa->n);
+ if (keybits < 0 || bits != (u_int)keybits)
+ logit("Warning: %s, line %lu: keysize mismatch: "
+ "actual %d vs. announced %d.",
+ file, linenum, BN_num_bits(key->rsa->n), bits);
+
+ /* Never accept a revoked key */
+ if (auth_key_is_revoked(key))
+ break;
+
+ /* We have found the desired key. */
+ /*
+ * If our options do not allow this key to be used,
+ * do not send challenge.
+ */
+ if (!auth_parse_options(pw, key_options, file, linenum))
+ continue;
+ if (key_is_cert_authority)
+ continue;
+ /* break out, this key is allowed */
+ allowed = 1;
+ break;
+ }
+
+ /* Close the file. */
+ fclose(f);
+
+ /* return key if allowed */
+ if (allowed && rkey != NULL)
+ *rkey = key;
+ else
+ key_free(key);
+
+ return allowed;
+}
+
+/*
+ * check if there's user key matching client_n,
+ * return key if login is allowed, NULL otherwise
+ */
+
+int
+auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
+{
+ char *file;
+ u_int i, allowed = 0;
+
+ temporarily_use_uid(pw);
+
+ for (i = 0; !allowed && i < options.num_authkeys_files; i++) {
+ file = expand_authorized_keys(
+ options.authorized_keys_files[i], pw);
+ allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
+ xfree(file);
+ }
+
+ restore_uid();
+
+ return allowed;
+}
+
+/*
+ * Performs the RSA authentication dialog with the client. This returns
+ * 0 if the client could not be authenticated, and 1 if authentication was
+ * successful. This may exit if there is a serious protocol violation.
+ */
+int
+auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
+{
+ Key *key;
+ char *fp;
+ struct passwd *pw = authctxt->pw;
+
+ /* no user given */
+ if (!authctxt->valid)
+ return 0;
+
+ if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
+ auth_clear_options();
+ return (0);
+ }
+
+ /* Perform the challenge-response dialog for this key. */
+ if (!auth_rsa_challenge_dialog(key)) {
+ /* Wrong response. */
+ verbose("Wrong response to RSA authentication challenge.");
+ packet_send_debug("Wrong response to RSA authentication challenge.");
+ /*
+ * Break out of the loop. Otherwise we might send
+ * another challenge and break the protocol.
+ */
+ key_free(key);
+ return (0);
+ }
+ /*
+ * Correct response. The client has been successfully
+ * authenticated. Note that we have not yet processed the
+ * options; this will be reset if the options cause the
+ * authentication to be rejected.
+ */
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ verbose("Found matching %s key: %s",
+ key_type(key), fp);
+ xfree(fp);
+ key_free(key);
+
+ packet_send_debug("RSA authentication accepted.");
+ return (1);
+}
diff --git a/openssh-6.0p1/auth-shadow.c b/openssh-6.0p1/auth-shadow.c
new file mode 100644
index 0000000..2190916
--- /dev/null
+++ b/openssh-6.0p1/auth-shadow.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 2004 Darren Tucker. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+#include <shadow.h>
+#include <stdarg.h>
+#include <string.h>
+#include <time.h>
+
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "buffer.h"
+#include "log.h"
+
+#ifdef DAY
+# undef DAY
+#endif
+#define DAY (24L * 60 * 60) /* 1 day in seconds */
+
+extern Buffer loginmsg;
+
+/*
+ * For the account and password expiration functions, we assume the expiry
+ * occurs the day after the day specified.
+ */
+
+/*
+ * Check if specified account is expired. Returns 1 if account is expired,
+ * 0 otherwise.
+ */
+int
+auth_shadow_acctexpired(struct spwd *spw)
+{
+ time_t today;
+ int daysleft;
+ char buf[256];
+
+ today = time(NULL) / DAY;
+ daysleft = spw->sp_expire - today;
+ debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today,
+ (int)spw->sp_expire, daysleft);
+
+ if (spw->sp_expire == -1) {
+ debug3("account expiration disabled");
+ } else if (daysleft < 0) {
+ logit("Account %.100s has expired", spw->sp_namp);
+ return 1;
+ } else if (daysleft <= spw->sp_warn) {
+ debug3("account will expire in %d days", daysleft);
+ snprintf(buf, sizeof(buf),
+ "Your account will expire in %d day%s.\n", daysleft,
+ daysleft == 1 ? "" : "s");
+ buffer_append(&loginmsg, buf, strlen(buf));
+ }
+
+ return 0;
+}
+
+/*
+ * Checks password expiry for platforms that use shadow passwd files.
+ * Returns: 1 = password expired, 0 = password not expired
+ */
+int
+auth_shadow_pwexpired(Authctxt *ctxt)
+{
+ struct spwd *spw = NULL;
+ const char *user = ctxt->pw->pw_name;
+ char buf[256];
+ time_t today;
+ int daysleft, disabled = 0;
+
+ if ((spw = getspnam((char *)user)) == NULL) {
+ error("Could not get shadow information for %.100s", user);
+ return 0;
+ }
+
+ today = time(NULL) / DAY;
+ debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today,
+ (int)spw->sp_lstchg, (int)spw->sp_max);
+
+#if defined(__hpux) && !defined(HAVE_SECUREWARE)
+ if (iscomsec()) {
+ struct pr_passwd *pr;
+
+ pr = getprpwnam((char *)user);
+
+ /* Test for Trusted Mode expiry disabled */
+ if (pr != NULL && pr->ufld.fd_min == 0 &&
+ pr->ufld.fd_lifetime == 0 && pr->ufld.fd_expire == 0 &&
+ pr->ufld.fd_pw_expire_warning == 0 &&
+ pr->ufld.fd_schange != 0)
+ disabled = 1;
+ }
+#endif
+
+ /* TODO: check sp_inact */
+ daysleft = spw->sp_lstchg + spw->sp_max - today;
+ if (disabled) {
+ debug3("password expiration disabled");
+ } else if (spw->sp_lstchg == 0) {
+ logit("User %.100s password has expired (root forced)", user);
+ return 1;
+ } else if (spw->sp_max == -1) {
+ debug3("password expiration disabled");
+ } else if (daysleft < 0) {
+ logit("User %.100s password has expired (password aged)", user);
+ return 1;
+ } else if (daysleft <= spw->sp_warn) {
+ debug3("password will expire in %d days", daysleft);
+ snprintf(buf, sizeof(buf),
+ "Your password will expire in %d day%s.\n", daysleft,
+ daysleft == 1 ? "" : "s");
+ buffer_append(&loginmsg, buf, strlen(buf));
+ }
+
+ return 0;
+}
+#endif /* USE_SHADOW && HAS_SHADOW_EXPIRE */
diff --git a/openssh-6.0p1/auth-sia.c b/openssh-6.0p1/auth-sia.c
new file mode 100644
index 0000000..a9e1c25
--- /dev/null
+++ b/openssh-6.0p1/auth-sia.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2002 Chris Adams. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef HAVE_OSF_SIA
+#include <sia.h>
+#include <siad.h>
+#include <pwd.h>
+#include <signal.h>
+#include <setjmp.h>
+#include <sys/resource.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include "ssh.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "auth-sia.h"
+#include "log.h"
+#include "servconf.h"
+#include "canohost.h"
+#include "uidswap.h"
+
+extern ServerOptions options;
+extern int saved_argc;
+extern char **saved_argv;
+
+int
+sys_auth_passwd(Authctxt *authctxt, const char *pass)
+{
+ int ret;
+ SIAENTITY *ent = NULL;
+ const char *host;
+
+ host = get_canonical_hostname(options.use_dns);
+
+ if (!authctxt->user || pass == NULL || pass[0] == '\0')
+ return (0);
+
+ if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,
+ NULL, 0, NULL) != SIASUCCESS)
+ return (0);
+
+ if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
+ error("Couldn't authenticate %s from %s",
+ authctxt->user, host);
+ if (ret & SIASTOP)
+ sia_ses_release(&ent);
+
+ return (0);
+ }
+
+ sia_ses_release(&ent);
+
+ return (1);
+}
+
+void
+session_setup_sia(struct passwd *pw, char *tty)
+{
+ SIAENTITY *ent = NULL;
+ const char *host;
+
+ host = get_canonical_hostname(options.use_dns);
+
+ if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name,
+ tty, 0, NULL) != SIASUCCESS)
+ fatal("sia_ses_init failed");
+
+ if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
+ sia_ses_release(&ent);
+ fatal("sia_make_entity_pwd failed");
+ }
+
+ ent->authtype = SIA_A_NONE;
+ if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
+ fatal("Couldn't establish session for %s from %s",
+ pw->pw_name, host);
+
+ if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
+ fatal("Couldn't launch session for %s from %s",
+ pw->pw_name, host);
+
+ sia_ses_release(&ent);
+
+ setuid(0);
+ permanently_set_uid(pw);
+}
+
+#endif /* HAVE_OSF_SIA */
diff --git a/openssh-6.0p1/auth-sia.h b/openssh-6.0p1/auth-sia.h
new file mode 100644
index 0000000..27cbb93
--- /dev/null
+++ b/openssh-6.0p1/auth-sia.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2002 Chris Adams. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef HAVE_OSF_SIA
+
+void session_setup_sia(struct passwd *, char *);
+
+#endif /* HAVE_OSF_SIA */
diff --git a/openssh-6.0p1/auth-skey.c b/openssh-6.0p1/auth-skey.c
new file mode 100644
index 0000000..3536ec8
--- /dev/null
+++ b/openssh-6.0p1/auth-skey.c
@@ -0,0 +1,108 @@
+/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef SKEY
+
+#include <sys/types.h>
+
+#include <pwd.h>
+#include <stdio.h>
+
+#include <skey.h>
+
+#include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "ssh-gss.h"
+#include "log.h"
+#include "monitor_wrap.h"
+
+static void *
+skey_init_ctx(Authctxt *authctxt)
+{
+ return authctxt;
+}
+
+int
+skey_query(void *ctx, char **name, char **infotxt,
+ u_int* numprompts, char ***prompts, u_int **echo_on)
+{
+ Authctxt *authctxt = ctx;
+ char challenge[1024];
+ struct skey skey;
+
+ if (_compat_skeychallenge(&skey, authctxt->user, challenge,
+ sizeof(challenge)) == -1)
+ return -1;
+
+ *name = xstrdup("");
+ *infotxt = xstrdup("");
+ *numprompts = 1;
+ *prompts = xcalloc(*numprompts, sizeof(char *));
+ *echo_on = xcalloc(*numprompts, sizeof(u_int));
+
+ xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
+
+ return 0;
+}
+
+int
+skey_respond(void *ctx, u_int numresponses, char **responses)
+{
+ Authctxt *authctxt = ctx;
+
+ if (authctxt->valid &&
+ numresponses == 1 &&
+ skey_haskey(authctxt->pw->pw_name) == 0 &&
+ skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1)
+ return 0;
+ return -1;
+}
+
+static void
+skey_free_ctx(void *ctx)
+{
+ /* we don't have a special context */
+}
+
+KbdintDevice skey_device = {
+ "skey",
+ skey_init_ctx,
+ skey_query,
+ skey_respond,
+ skey_free_ctx
+};
+
+KbdintDevice mm_skey_device = {
+ "skey",
+ skey_init_ctx,
+ mm_skey_query,
+ mm_skey_respond,
+ skey_free_ctx
+};
+#endif /* SKEY */
diff --git a/openssh-6.0p1/auth.c b/openssh-6.0p1/auth.c
new file mode 100644
index 0000000..cd95da9
--- /dev/null
+++ b/openssh-6.0p1/auth.c
@@ -0,0 +1,695 @@
+/* $OpenBSD: auth.c,v 1.94 2011/05/23 03:33:38 djm Exp $ */
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+
+#include <netinet/in.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#include <pwd.h>
+#ifdef HAVE_LOGIN_H
+#include <login.h>
+#endif
+#ifdef USE_SHADOW
+#include <shadow.h>
+#endif
+#ifdef HAVE_LIBGEN_H
+#include <libgen.h>
+#endif
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "xmalloc.h"
+#include "match.h"
+#include "groupaccess.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "auth-options.h"
+#include "canohost.h"
+#include "uidswap.h"
+#include "misc.h"
+#include "packet.h"
+#include "loginrec.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "authfile.h"
+#include "monitor_wrap.h"
+
+/* import */
+extern ServerOptions options;
+extern int use_privsep;
+extern Buffer loginmsg;
+extern struct passwd *privsep_pw;
+
+/* Debugging messages */
+Buffer auth_debug;
+int auth_debug_init;
+
+/*
+ * Check if the user is allowed to log in via ssh. If user is listed
+ * in DenyUsers or one of user's groups is listed in DenyGroups, false
+ * will be returned. If AllowUsers isn't empty and user isn't listed
+ * there, or if AllowGroups isn't empty and one of user's groups isn't
+ * listed there, false will be returned.
+ * If the user's shell is not executable, false will be returned.
+ * Otherwise true is returned.
+ */
+int
+allowed_user(struct passwd * pw)
+{
+ struct stat st;
+ const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
+ u_int i;
+#ifdef USE_SHADOW
+ struct spwd *spw = NULL;
+#endif
+
+ /* Shouldn't be called if pw is NULL, but better safe than sorry... */
+ if (!pw || !pw->pw_name)
+ return 0;
+
+#ifdef USE_SHADOW
+ if (!options.use_pam)
+ spw = getspnam(pw->pw_name);
+#ifdef HAS_SHADOW_EXPIRE
+ if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
+ return 0;
+#endif /* HAS_SHADOW_EXPIRE */
+#endif /* USE_SHADOW */
+
+ /* grab passwd field for locked account check */
+ passwd = pw->pw_passwd;
+#ifdef USE_SHADOW
+ if (spw != NULL)
+#ifdef USE_LIBIAF
+ passwd = get_iaf_password(pw);
+#else
+ passwd = spw->sp_pwdp;
+#endif /* USE_LIBIAF */
+#endif
+
+ /* check for locked account */
+ if (!options.use_pam && passwd && *passwd) {
+ int locked = 0;
+
+#ifdef LOCKED_PASSWD_STRING
+ if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
+ locked = 1;
+#endif
+#ifdef LOCKED_PASSWD_PREFIX
+ if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
+ strlen(LOCKED_PASSWD_PREFIX)) == 0)
+ locked = 1;
+#endif
+#ifdef LOCKED_PASSWD_SUBSTR
+ if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
+ locked = 1;
+#endif
+#ifdef USE_LIBIAF
+ free((void *) passwd);
+#endif /* USE_LIBIAF */
+ if (locked) {
+ logit("User %.100s not allowed because account is locked",
+ pw->pw_name);
+ return 0;
+ }
+ }
+
+ /*
+ * Deny if shell does not exist or is not executable unless we
+ * are chrooting.
+ */
+ if (options.chroot_directory == NULL ||
+ strcasecmp(options.chroot_directory, "none") == 0) {
+ char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
+ _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
+
+ if (stat(shell, &st) != 0) {
+ logit("User %.100s not allowed because shell %.100s "
+ "does not exist", pw->pw_name, shell);
+ xfree(shell);
+ return 0;
+ }
+ if (S_ISREG(st.st_mode) == 0 ||
+ (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
+ logit("User %.100s not allowed because shell %.100s "
+ "is not executable", pw->pw_name, shell);
+ xfree(shell);
+ return 0;
+ }
+ xfree(shell);
+ }
+
+ if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
+ options.num_deny_groups > 0 || options.num_allow_groups > 0) {
+ hostname = get_canonical_hostname(options.use_dns);
+ ipaddr = get_remote_ipaddr();
+ }
+
+ /* Return false if user is listed in DenyUsers */
+ if (options.num_deny_users > 0) {
+ for (i = 0; i < options.num_deny_users; i++)
+ if (match_user(pw->pw_name, hostname, ipaddr,
+ options.deny_users[i])) {
+ logit("User %.100s from %.100s not allowed "
+ "because listed in DenyUsers",
+ pw->pw_name, hostname);
+ return 0;
+ }
+ }
+ /* Return false if AllowUsers isn't empty and user isn't listed there */
+ if (options.num_allow_users > 0) {
+ for (i = 0; i < options.num_allow_users; i++)
+ if (match_user(pw->pw_name, hostname, ipaddr,
+ options.allow_users[i]))
+ break;
+ /* i < options.num_allow_users iff we break for loop */
+ if (i >= options.num_allow_users) {
+ logit("User %.100s from %.100s not allowed because "
+ "not listed in AllowUsers", pw->pw_name, hostname);
+ return 0;
+ }
+ }
+ if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
+ /* Get the user's group access list (primary and supplementary) */
+ if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
+ logit("User %.100s from %.100s not allowed because "
+ "not in any group", pw->pw_name, hostname);
+ return 0;
+ }
+
+ /* Return false if one of user's groups is listed in DenyGroups */
+ if (options.num_deny_groups > 0)
+ if (ga_match(options.deny_groups,
+ options.num_deny_groups)) {
+ ga_free();
+ logit("User %.100s from %.100s not allowed "
+ "because a group is listed in DenyGroups",
+ pw->pw_name, hostname);
+ return 0;
+ }
+ /*
+ * Return false if AllowGroups isn't empty and one of user's groups
+ * isn't listed there
+ */
+ if (options.num_allow_groups > 0)
+ if (!ga_match(options.allow_groups,
+ options.num_allow_groups)) {
+ ga_free();
+ logit("User %.100s from %.100s not allowed "
+ "because none of user's groups are listed "
+ "in AllowGroups", pw->pw_name, hostname);
+ return 0;
+ }
+ ga_free();
+ }
+
+#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
+ if (!sys_auth_allowed_user(pw, &loginmsg))
+ return 0;
+#endif
+
+ /* We found no reason not to let this user try to log on... */
+ return 1;
+}
+
+void
+auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
+{
+ void (*authlog) (const char *fmt,...) = verbose;
+ char *authmsg;
+
+ if (use_privsep && !mm_is_monitor() && !authctxt->postponed)
+ return;
+
+ /* Raise logging level */
+ if (authenticated == 1 ||
+ !authctxt->valid ||
+ authctxt->failures >= options.max_authtries / 2 ||
+ strcmp(method, "password") == 0)
+ authlog = logit;
+
+ if (authctxt->postponed)
+ authmsg = "Postponed";
+ else
+ authmsg = authenticated ? "Accepted" : "Failed";
+
+ authlog("%s %s for %s%.100s from %.200s port %d%s",
+ authmsg,
+ method,
+ authctxt->valid ? "" : "invalid user ",
+ authctxt->user,
+ get_remote_ipaddr(),
+ get_remote_port(),
+ info);
+
+#ifdef CUSTOM_FAILED_LOGIN
+ if (authenticated == 0 && !authctxt->postponed &&
+ (strcmp(method, "password") == 0 ||
+ strncmp(method, "keyboard-interactive", 20) == 0 ||
+ strcmp(method, "challenge-response") == 0))
+ record_failed_login(authctxt->user,
+ get_canonical_hostname(options.use_dns), "ssh");
+# ifdef WITH_AIXAUTHENTICATE
+ if (authenticated)
+ sys_auth_record_login(authctxt->user,
+ get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
+# endif
+#endif
+#ifdef SSH_AUDIT_EVENTS
+ if (authenticated == 0 && !authctxt->postponed)
+ audit_event(audit_classify_auth(method));
+#endif
+}
+
+/*
+ * Check whether root logins are disallowed.
+ */
+int
+auth_root_allowed(char *method)
+{
+ switch (options.permit_root_login) {
+ case PERMIT_YES:
+ return 1;
+ case PERMIT_NO_PASSWD:
+ if (strcmp(method, "password") != 0)
+ return 1;
+ break;
+ case PERMIT_FORCED_ONLY:
+ if (forced_command) {
+ logit("Root login accepted for forced command.");
+ return 1;
+ }
+ break;
+ }
+ logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
+ return 0;
+}
+
+
+/*
+ * Given a template and a passwd structure, build a filename
+ * by substituting % tokenised options. Currently, %% becomes '%',
+ * %h becomes the home directory and %u the username.
+ *
+ * This returns a buffer allocated by xmalloc.
+ */
+char *
+expand_authorized_keys(const char *filename, struct passwd *pw)
+{
+ char *file, ret[MAXPATHLEN];
+ int i;
+
+ file = percent_expand(filename, "h", pw->pw_dir,
+ "u", pw->pw_name, (char *)NULL);
+
+ /*
+ * Ensure that filename starts anchored. If not, be backward
+ * compatible and prepend the '%h/'
+ */
+ if (*file == '/')
+ return (file);
+
+ i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
+ if (i < 0 || (size_t)i >= sizeof(ret))
+ fatal("expand_authorized_keys: path too long");
+ xfree(file);
+ return (xstrdup(ret));
+}
+
+char *
+authorized_principals_file(struct passwd *pw)
+{
+ if (options.authorized_principals_file == NULL)
+ return NULL;
+ return expand_authorized_keys(options.authorized_principals_file, pw);
+}
+
+/* return ok if key exists in sysfile or userfile */
+HostStatus
+check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+ const char *sysfile, const char *userfile)
+{
+ char *user_hostfile;
+ struct stat st;
+ HostStatus host_status;
+ struct hostkeys *hostkeys;
+ const struct hostkey_entry *found;
+
+ hostkeys = init_hostkeys();
+ load_hostkeys(hostkeys, host, sysfile);
+ if (userfile != NULL) {
+ user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
+ if (options.strict_modes &&
+ (stat(user_hostfile, &st) == 0) &&
+ ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
+ (st.st_mode & 022) != 0)) {
+ logit("Authentication refused for %.100s: "
+ "bad owner or modes for %.200s",
+ pw->pw_name, user_hostfile);
+ auth_debug_add("Ignored %.200s: bad ownership or modes",
+ user_hostfile);
+ } else {
+ temporarily_use_uid(pw);
+ load_hostkeys(hostkeys, host, user_hostfile);
+ restore_uid();
+ }
+ xfree(user_hostfile);
+ }
+ host_status = check_key_in_hostkeys(hostkeys, key, &found);
+ if (host_status == HOST_REVOKED)
+ error("WARNING: revoked key for %s attempted authentication",
+ found->host);
+ else if (host_status == HOST_OK)
+ debug("%s: key for %s found at %s:%ld", __func__,
+ found->host, found->file, found->line);
+ else
+ debug("%s: key for host %s not found", __func__, host);
+
+ free_hostkeys(hostkeys);
+
+ return host_status;
+}
+
+
+/*
+ * Check a given file for security. This is defined as all components
+ * of the path to the file must be owned by either the owner of
+ * of the file or root and no directories must be group or world writable.
+ *
+ * XXX Should any specific check be done for sym links ?
+ *
+ * Takes an open file descriptor, the file name, a uid and and
+ * error buffer plus max size as arguments.
+ *
+ * Returns 0 on success and -1 on failure
+ */
+static int
+secure_filename(FILE *f, const char *file, struct passwd *pw,
+ char *err, size_t errlen)
+{
+ uid_t uid = pw->pw_uid;
+ char buf[MAXPATHLEN], homedir[MAXPATHLEN];
+ char *cp;
+ int comparehome = 0;
+ struct stat st;
+
+ if (realpath(file, buf) == NULL) {
+ snprintf(err, errlen, "realpath %s failed: %s", file,
+ strerror(errno));
+ return -1;
+ }
+ if (realpath(pw->pw_dir, homedir) != NULL)
+ comparehome = 1;
+
+ /* check the open file to avoid races */
+ if (fstat(fileno(f), &st) < 0 ||
+ (st.st_uid != 0 && st.st_uid != uid) ||
+ (st.st_mode & 022) != 0) {
+ snprintf(err, errlen, "bad ownership or modes for file %s",
+ buf);
+ return -1;
+ }
+
+ /* for each component of the canonical path, walking upwards */
+ for (;;) {
+ if ((cp = dirname(buf)) == NULL) {
+ snprintf(err, errlen, "dirname() failed");
+ return -1;
+ }
+ strlcpy(buf, cp, sizeof(buf));
+
+ if (stat(buf, &st) < 0 ||
+ (st.st_uid != 0 && st.st_uid != uid) ||
+ (st.st_mode & 022) != 0) {
+ snprintf(err, errlen,
+ "bad ownership or modes for directory %s", buf);
+ return -1;
+ }
+
+ /* If are past the homedir then we can stop */
+ if (comparehome && strcmp(homedir, buf) == 0)
+ break;
+
+ /*
+ * dirname should always complete with a "/" path,
+ * but we can be paranoid and check for "." too
+ */
+ if ((strcmp("/", buf) == 0) || (strcmp(".", buf) == 0))
+ break;
+ }
+ return 0;
+}
+
+static FILE *
+auth_openfile(const char *file, struct passwd *pw, int strict_modes,
+ int log_missing, char *file_type)
+{
+ char line[1024];
+ struct stat st;
+ int fd;
+ FILE *f;
+
+ if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
+ if (log_missing || errno != ENOENT)
+ debug("Could not open %s '%s': %s", file_type, file,
+ strerror(errno));
+ return NULL;
+ }
+
+ if (fstat(fd, &st) < 0) {
+ close(fd);
+ return NULL;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ logit("User %s %s %s is not a regular file",
+ pw->pw_name, file_type, file);
+ close(fd);
+ return NULL;
+ }
+ unset_nonblock(fd);
+ if ((f = fdopen(fd, "r")) == NULL) {
+ close(fd);
+ return NULL;
+ }
+ if (strict_modes &&
+ secure_filename(f, file, pw, line, sizeof(line)) != 0) {
+ fclose(f);
+ logit("Authentication refused: %s", line);
+ auth_debug_add("Ignored %s: %s", file_type, line);
+ return NULL;
+ }
+
+ return f;
+}
+
+
+FILE *
+auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)
+{
+ return auth_openfile(file, pw, strict_modes, 1, "authorized keys");
+}
+
+FILE *
+auth_openprincipals(const char *file, struct passwd *pw, int strict_modes)
+{
+ return auth_openfile(file, pw, strict_modes, 0,
+ "authorized principals");
+}
+
+struct passwd *
+getpwnamallow(const char *user)
+{
+#ifdef HAVE_LOGIN_CAP
+ extern login_cap_t *lc;
+#ifdef BSD_AUTH
+ auth_session_t *as;
+#endif
+#endif
+ struct passwd *pw;
+
+ parse_server_match_config(&options, user,
+ get_canonical_hostname(options.use_dns), get_remote_ipaddr());
+
+#if defined(_AIX) && defined(HAVE_SETAUTHDB)
+ aix_setauthdb(user);
+#endif
+
+ pw = getpwnam(user);
+
+#if defined(_AIX) && defined(HAVE_SETAUTHDB)
+ aix_restoreauthdb();
+#endif
+#ifdef HAVE_CYGWIN
+ /*
+ * Windows usernames are case-insensitive. To avoid later problems
+ * when trying to match the username, the user is only allowed to
+ * login if the username is given in the same case as stored in the
+ * user database.
+ */
+ if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
+ logit("Login name %.100s does not match stored username %.100s",
+ user, pw->pw_name);
+ pw = NULL;
+ }
+#endif
+ if (pw == NULL) {
+ logit("Invalid user %.100s from %.100s",
+ user, get_remote_ipaddr());
+#ifdef CUSTOM_FAILED_LOGIN
+ record_failed_login(user,
+ get_canonical_hostname(options.use_dns), "ssh");
+#endif
+#ifdef SSH_AUDIT_EVENTS
+ audit_event(SSH_INVALID_USER);
+#endif /* SSH_AUDIT_EVENTS */
+ return (NULL);
+ }
+ if (!allowed_user(pw))
+ return (NULL);
+#ifdef HAVE_LOGIN_CAP
+ if ((lc = login_getclass(pw->pw_class)) == NULL) {
+ debug("unable to get login class: %s", user);
+ return (NULL);
+ }
+#ifdef BSD_AUTH
+ if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 ||
+ auth_approval(as, lc, pw->pw_name, "ssh") <= 0) {
+ debug("Approval failure for %s", user);
+ pw = NULL;
+ }
+ if (as != NULL)
+ auth_close(as);
+#endif
+#endif
+ if (pw != NULL)
+ return (pwcopy(pw));
+ return (NULL);
+}
+
+/* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
+int
+auth_key_is_revoked(Key *key)
+{
+ char *key_fp;
+
+ if (options.revoked_keys_file == NULL)
+ return 0;
+
+ switch (key_in_file(key, options.revoked_keys_file, 0)) {
+ case 0:
+ /* key not revoked */
+ return 0;
+ case -1:
+ /* Error opening revoked_keys_file: refuse all keys */
+ error("Revoked keys file is unreadable: refusing public key "
+ "authentication");
+ return 1;
+ case 1:
+ /* Key revoked */
+ key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ error("WARNING: authentication attempt with a revoked "
+ "%s key %s ", key_type(key), key_fp);
+ xfree(key_fp);
+ return 1;
+ }
+ fatal("key_in_file returned junk");
+}
+
+void
+auth_debug_add(const char *fmt,...)
+{
+ char buf[1024];
+ va_list args;
+
+ if (!auth_debug_init)
+ return;
+
+ va_start(args, fmt);
+ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+ buffer_put_cstring(&auth_debug, buf);
+}
+
+void
+auth_debug_send(void)
+{
+ char *msg;
+
+ if (!auth_debug_init)
+ return;
+ while (buffer_len(&auth_debug)) {
+ msg = buffer_get_string(&auth_debug, NULL);
+ packet_send_debug("%s", msg);
+ xfree(msg);
+ }
+}
+
+void
+auth_debug_reset(void)
+{
+ if (auth_debug_init)
+ buffer_clear(&auth_debug);
+ else {
+ buffer_init(&auth_debug);
+ auth_debug_init = 1;
+ }
+}
+
+struct passwd *
+fakepw(void)
+{
+ static struct passwd fake;
+
+ memset(&fake, 0, sizeof(fake));
+ fake.pw_name = "NOUSER";
+ fake.pw_passwd =
+ "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
+ fake.pw_gecos = "NOUSER";
+ fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
+ fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
+#ifdef HAVE_PW_CLASS_IN_PASSWD
+ fake.pw_class = "";
+#endif
+ fake.pw_dir = "/nonexist";
+ fake.pw_shell = "/nonexist";
+
+ return (&fake);
+}
diff --git a/openssh-6.0p1/auth.h b/openssh-6.0p1/auth.h
new file mode 100644
index 0000000..0d786c4
--- /dev/null
+++ b/openssh-6.0p1/auth.h
@@ -0,0 +1,206 @@
+/* $OpenBSD: auth.h,v 1.69 2011/05/23 03:30:07 djm Exp $ */
+
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef AUTH_H
+#define AUTH_H
+
+#include <signal.h>
+
+#include <openssl/rsa.h>
+
+#ifdef HAVE_LOGIN_CAP
+#include <login_cap.h>
+#endif
+#ifdef BSD_AUTH
+#include <bsd_auth.h>
+#endif
+#ifdef KRB5
+#include <krb5.h>
+#endif
+
+typedef struct Authctxt Authctxt;
+typedef struct Authmethod Authmethod;
+typedef struct KbdintDevice KbdintDevice;
+
+struct Authctxt {
+ sig_atomic_t success;
+ int authenticated; /* authenticated and alarms cancelled */
+ int postponed; /* authentication needs another step */
+ int valid; /* user exists and is allowed to login */
+ int attempt;
+ int failures;
+ int server_caused_failure;
+ int force_pwchange;
+ char *user; /* username sent by the client */
+ char *service;
+ struct passwd *pw; /* set if 'valid' */
+ char *style;
+ void *kbdintctxt;
+ void *jpake_ctx;
+#ifdef BSD_AUTH
+ auth_session_t *as;
+#endif
+#ifdef KRB5
+ krb5_context krb5_ctx;
+ krb5_ccache krb5_fwd_ccache;
+ krb5_principal krb5_user;
+ char *krb5_ticket_file;
+ char *krb5_ccname;
+#endif
+ Buffer *loginmsg;
+ void *methoddata;
+};
+/*
+ * Every authentication method has to handle authentication requests for
+ * non-existing users, or for users that are not allowed to login. In this
+ * case 'valid' is set to 0, but 'user' points to the username requested by
+ * the client.
+ */
+
+struct Authmethod {
+ char *name;
+ int (*userauth)(Authctxt *authctxt);
+ int *enabled;
+};
+
+/*
+ * Keyboard interactive device:
+ * init_ctx returns: non NULL upon success
+ * query returns: 0 - success, otherwise failure
+ * respond returns: 0 - success, 1 - need further interaction,
+ * otherwise - failure
+ */
+struct KbdintDevice
+{
+ const char *name;
+ void* (*init_ctx)(Authctxt*);
+ int (*query)(void *ctx, char **name, char **infotxt,
+ u_int *numprompts, char ***prompts, u_int **echo_on);
+ int (*respond)(void *ctx, u_int numresp, char **responses);
+ void (*free_ctx)(void *ctx);
+};
+
+int auth_rhosts(struct passwd *, const char *);
+int
+auth_rhosts2(struct passwd *, const char *, const char *, const char *);
+
+int auth_rhosts_rsa(Authctxt *, char *, Key *);
+int auth_password(Authctxt *, const char *);
+int auth_rsa(Authctxt *, BIGNUM *);
+int auth_rsa_challenge_dialog(Key *);
+BIGNUM *auth_rsa_generate_challenge(Key *);
+int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);
+int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
+
+int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
+int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
+int user_key_allowed(struct passwd *, Key *);
+
+#ifdef KRB5
+int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
+int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
+int auth_krb5_password(Authctxt *authctxt, const char *password);
+void krb5_cleanup_proc(Authctxt *authctxt);
+#endif /* KRB5 */
+
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+#include <shadow.h>
+int auth_shadow_acctexpired(struct spwd *);
+int auth_shadow_pwexpired(Authctxt *);
+#endif
+
+#include "auth-pam.h"
+#include "audit.h"
+void remove_kbdint_device(const char *);
+
+void disable_forwarding(void);
+
+void do_authentication(Authctxt *);
+void do_authentication2(Authctxt *);
+
+void auth_log(Authctxt *, int, char *, char *);
+void userauth_finish(Authctxt *, int, char *);
+void userauth_send_banner(const char *);
+int auth_root_allowed(char *);
+
+char *auth2_read_banner(void);
+
+void privsep_challenge_enable(void);
+
+int auth2_challenge(Authctxt *, char *);
+void auth2_challenge_stop(Authctxt *);
+int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
+int bsdauth_respond(void *, u_int, char **);
+int skey_query(void *, char **, char **, u_int *, char ***, u_int **);
+int skey_respond(void *, u_int, char **);
+
+void auth2_jpake_get_pwdata(Authctxt *, BIGNUM **, char **, char **);
+void auth2_jpake_stop(Authctxt *);
+
+int allowed_user(struct passwd *);
+struct passwd * getpwnamallow(const char *user);
+
+char *get_challenge(Authctxt *);
+int verify_response(Authctxt *, const char *);
+void abandon_challenge_response(Authctxt *);
+
+char *expand_authorized_keys(const char *, struct passwd *pw);
+char *authorized_principals_file(struct passwd *);
+
+FILE *auth_openkeyfile(const char *, struct passwd *, int);
+FILE *auth_openprincipals(const char *, struct passwd *, int);
+int auth_key_is_revoked(Key *);
+
+HostStatus
+check_key_in_hostfiles(struct passwd *, Key *, const char *,
+ const char *, const char *);
+
+/* hostkey handling */
+Key *get_hostkey_by_index(int);
+Key *get_hostkey_public_by_type(int);
+Key *get_hostkey_private_by_type(int);
+int get_hostkey_index(Key *);
+int ssh1_session_key(BIGNUM *);
+
+/* debug messages during authentication */
+void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void auth_debug_send(void);
+void auth_debug_reset(void);
+
+struct passwd *fakepw(void);
+
+int sys_auth_passwd(Authctxt *, const char *);
+
+#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
+
+#define SKEY_PROMPT "\nS/Key Password: "
+
+#if defined(KRB5) && !defined(HEIMDAL)
+#include <krb5.h>
+krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
+#endif
+#endif
diff --git a/openssh-6.0p1/auth1.c b/openssh-6.0p1/auth1.c
new file mode 100644
index 0000000..cc85aec
--- /dev/null
+++ b/openssh-6.0p1/auth1.c
@@ -0,0 +1,437 @@
+/* $OpenBSD: auth1.c,v 1.75 2010/08/31 09:58:37 djm Exp $ */
+/*
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
+
+#include "openbsd-compat/sys-queue.h"
+#include "xmalloc.h"
+#include "rsa.h"
+#include "ssh1.h"
+#include "packet.h"
+#include "buffer.h"
+#include "log.h"
+#include "servconf.h"
+#include "compat.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "channels.h"
+#include "session.h"
+#include "uidswap.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+#include "buffer.h"
+
+/* import */
+extern ServerOptions options;
+extern Buffer loginmsg;
+
+static int auth1_process_password(Authctxt *, char *, size_t);
+static int auth1_process_rsa(Authctxt *, char *, size_t);
+static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t);
+static int auth1_process_tis_challenge(Authctxt *, char *, size_t);
+static int auth1_process_tis_response(Authctxt *, char *, size_t);
+
+static char *client_user = NULL; /* Used to fill in remote user for PAM */
+
+struct AuthMethod1 {
+ int type;
+ char *name;
+ int *enabled;
+ int (*method)(Authctxt *, char *, size_t);
+};
+
+const struct AuthMethod1 auth1_methods[] = {
+ {
+ SSH_CMSG_AUTH_PASSWORD, "password",
+ &options.password_authentication, auth1_process_password
+ },
+ {
+ SSH_CMSG_AUTH_RSA, "rsa",
+ &options.rsa_authentication, auth1_process_rsa
+ },
+ {
+ SSH_CMSG_AUTH_RHOSTS_RSA, "rhosts-rsa",
+ &options.rhosts_rsa_authentication, auth1_process_rhosts_rsa
+ },
+ {
+ SSH_CMSG_AUTH_TIS, "challenge-response",
+ &options.challenge_response_authentication,
+ auth1_process_tis_challenge
+ },
+ {
+ SSH_CMSG_AUTH_TIS_RESPONSE, "challenge-response",
+ &options.challenge_response_authentication,
+ auth1_process_tis_response
+ },
+ { -1, NULL, NULL, NULL}
+};
+
+static const struct AuthMethod1
+*lookup_authmethod1(int type)
+{
+ int i;
+
+ for (i = 0; auth1_methods[i].name != NULL; i++)
+ if (auth1_methods[i].type == type)
+ return (&(auth1_methods[i]));
+
+ return (NULL);
+}
+
+static char *
+get_authname(int type)
+{
+ const struct AuthMethod1 *a;
+ static char buf[64];
+
+ if ((a = lookup_authmethod1(type)) != NULL)
+ return (a->name);
+ snprintf(buf, sizeof(buf), "bad-auth-msg-%d", type);
+ return (buf);
+}
+
+/*ARGSUSED*/
+static int
+auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
+{
+ int authenticated = 0;
+ char *password;
+ u_int dlen;
+
+ /*
+ * Read user password. It is in plain text, but was
+ * transmitted over the encrypted channel so it is
+ * not visible to an outside observer.
+ */
+ password = packet_get_string(&dlen);
+ packet_check_eom();
+
+ /* Try authentication with the password. */
+ authenticated = PRIVSEP(auth_password(authctxt, password));
+
+ memset(password, 0, dlen);
+ xfree(password);
+
+ return (authenticated);
+}
+
+/*ARGSUSED*/
+static int
+auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
+{
+ int authenticated = 0;
+ BIGNUM *n;
+
+ /* RSA authentication requested. */
+ if ((n = BN_new()) == NULL)
+ fatal("do_authloop: BN_new failed");
+ packet_get_bignum(n);
+ packet_check_eom();
+ authenticated = auth_rsa(authctxt, n);
+ BN_clear_free(n);
+
+ return (authenticated);
+}
+
+/*ARGSUSED*/
+static int
+auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
+{
+ int keybits, authenticated = 0;
+ u_int bits;
+ Key *client_host_key;
+ u_int ulen;
+
+ /*
+ * Get client user name. Note that we just have to
+ * trust the client; root on the client machine can
+ * claim to be any user.
+ */
+ client_user = packet_get_cstring(&ulen);
+
+ /* Get the client host key. */
+ client_host_key = key_new(KEY_RSA1);
+ bits = packet_get_int();
+ packet_get_bignum(client_host_key->rsa->e);
+ packet_get_bignum(client_host_key->rsa->n);
+
+ keybits = BN_num_bits(client_host_key->rsa->n);
+ if (keybits < 0 || bits != (u_int)keybits) {
+ verbose("Warning: keysize mismatch for client_host_key: "
+ "actual %d, announced %d",
+ BN_num_bits(client_host_key->rsa->n), bits);
+ }
+ packet_check_eom();
+
+ authenticated = auth_rhosts_rsa(authctxt, client_user,
+ client_host_key);
+ key_free(client_host_key);
+
+ snprintf(info, infolen, " ruser %.100s", client_user);
+
+ return (authenticated);
+}
+
+/*ARGSUSED*/
+static int
+auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
+{
+ char *challenge;
+
+ if ((challenge = get_challenge(authctxt)) == NULL)
+ return (0);
+
+ debug("sending challenge '%s'", challenge);
+ packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
+ packet_put_cstring(challenge);
+ xfree(challenge);
+ packet_send();
+ packet_write_wait();
+
+ return (-1);
+}
+
+/*ARGSUSED*/
+static int
+auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
+{
+ int authenticated = 0;
+ char *response;
+ u_int dlen;
+
+ response = packet_get_string(&dlen);
+ packet_check_eom();
+ authenticated = verify_response(authctxt, response);
+ memset(response, 'r', dlen);
+ xfree(response);
+
+ return (authenticated);
+}
+
+/*
+ * read packets, try to authenticate the user and
+ * return only if authentication is successful
+ */
+static void
+do_authloop(Authctxt *authctxt)
+{
+ int authenticated = 0;
+ char info[1024];
+ int prev = 0, type = 0;
+ const struct AuthMethod1 *meth;
+
+ debug("Attempting authentication for %s%.100s.",
+ authctxt->valid ? "" : "invalid user ", authctxt->user);
+
+ /* If the user has no password, accept authentication immediately. */
+ if (options.permit_empty_passwd && options.password_authentication &&
+#ifdef KRB5
+ (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
+#endif
+ PRIVSEP(auth_password(authctxt, ""))) {
+#ifdef USE_PAM
+ if (options.use_pam && (PRIVSEP(do_pam_account())))
+#endif
+ {
+ auth_log(authctxt, 1, "without authentication", "");
+ return;
+ }
+ }
+
+ /* Indicate that authentication is needed. */
+ packet_start(SSH_SMSG_FAILURE);
+ packet_send();
+ packet_write_wait();
+
+ for (;;) {
+ /* default to fail */
+ authenticated = 0;
+
+ info[0] = '\0';
+
+ /* Get a packet from the client. */
+ prev = type;
+ type = packet_read();
+
+ /*
+ * If we started challenge-response authentication but the
+ * next packet is not a response to our challenge, release
+ * the resources allocated by get_challenge() (which would
+ * normally have been released by verify_response() had we
+ * received such a response)
+ */
+ if (prev == SSH_CMSG_AUTH_TIS &&
+ type != SSH_CMSG_AUTH_TIS_RESPONSE)
+ abandon_challenge_response(authctxt);
+
+ if (authctxt->failures >= options.max_authtries)
+ goto skip;
+ if ((meth = lookup_authmethod1(type)) == NULL) {
+ logit("Unknown message during authentication: "
+ "type %d", type);
+ goto skip;
+ }
+
+ if (!*(meth->enabled)) {
+ verbose("%s authentication disabled.", meth->name);
+ goto skip;
+ }
+
+ authenticated = meth->method(authctxt, info, sizeof(info));
+ if (authenticated == -1)
+ continue; /* "postponed" */
+
+#ifdef BSD_AUTH
+ if (authctxt->as) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+#endif
+ if (!authctxt->valid && authenticated)
+ fatal("INTERNAL ERROR: authenticated invalid user %s",
+ authctxt->user);
+
+#ifdef _UNICOS
+ if (authenticated && cray_access_denied(authctxt->user)) {
+ authenticated = 0;
+ fatal("Access denied for user %s.",authctxt->user);
+ }
+#endif /* _UNICOS */
+
+#ifndef HAVE_CYGWIN
+ /* Special handling for root */
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
+ !auth_root_allowed(meth->name)) {
+ authenticated = 0;
+# ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
+# endif
+ }
+#endif
+
+#ifdef USE_PAM
+ if (options.use_pam && authenticated &&
+ !PRIVSEP(do_pam_account())) {
+ char *msg;
+ size_t len;
+
+ error("Access denied for user %s by PAM account "
+ "configuration", authctxt->user);
+ len = buffer_len(&loginmsg);
+ buffer_append(&loginmsg, "\0", 1);
+ msg = buffer_ptr(&loginmsg);
+ /* strip trailing newlines */
+ if (len > 0)
+ while (len > 0 && msg[--len] == '\n')
+ msg[len] = '\0';
+ else
+ msg = "Access denied.";
+ packet_disconnect("%s", msg);
+ }
+#endif
+
+ skip:
+ /* Log before sending the reply */
+ auth_log(authctxt, authenticated, get_authname(type), info);
+
+ if (client_user != NULL) {
+ xfree(client_user);
+ client_user = NULL;
+ }
+
+ if (authenticated)
+ return;
+
+ if (++authctxt->failures >= options.max_authtries) {
+#ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
+#endif
+ packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ }
+
+ packet_start(SSH_SMSG_FAILURE);
+ packet_send();
+ packet_write_wait();
+ }
+}
+
+/*
+ * Performs authentication of an incoming connection. Session key has already
+ * been exchanged and encryption is enabled.
+ */
+void
+do_authentication(Authctxt *authctxt)
+{
+ u_int ulen;
+ char *user, *style = NULL;
+
+ /* Get the name of the user that we wish to log in as. */
+ packet_read_expect(SSH_CMSG_USER);
+
+ /* Get the user name. */
+ user = packet_get_cstring(&ulen);
+ packet_check_eom();
+
+ if ((style = strchr(user, ':')) != NULL)
+ *style++ = '\0';
+
+ authctxt->user = user;
+ authctxt->style = style;
+
+ /* Verify that the user is a valid user. */
+ if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
+ authctxt->valid = 1;
+ else {
+ debug("do_authentication: invalid user %s", user);
+ authctxt->pw = fakepw();
+ }
+
+ setproctitle("%s%s", authctxt->valid ? user : "unknown",
+ use_privsep ? " [net]" : "");
+
+#ifdef USE_PAM
+ if (options.use_pam)
+ PRIVSEP(start_pam(authctxt));
+#endif
+
+ /*
+ * If we are not running as root, the user must have the same uid as
+ * the server.
+ */
+#ifndef HAVE_CYGWIN
+ if (!use_privsep && getuid() != 0 && authctxt->pw &&
+ authctxt->pw->pw_uid != getuid())
+ packet_disconnect("Cannot change user when server not running as root.");
+#endif
+
+ /*
+ * Loop until the user has been authenticated or the connection is
+ * closed, do_authloop() returns only if authentication is successful
+ */
+ do_authloop(authctxt);
+
+ /* The user has been authenticated and accepted. */
+ packet_start(SSH_SMSG_SUCCESS);
+ packet_send();
+ packet_write_wait();
+}
diff --git a/openssh-6.0p1/auth2-chall.c b/openssh-6.0p1/auth2-chall.c
new file mode 100644
index 0000000..e6dbffe
--- /dev/null
+++ b/openssh-6.0p1/auth2-chall.c
@@ -0,0 +1,374 @@
+/* $OpenBSD: auth2-chall.c,v 1.34 2008/12/09 04:32:22 djm Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ * Copyright (c) 2001 Per Allansson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "xmalloc.h"
+#include "ssh2.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "buffer.h"
+#include "packet.h"
+#include "dispatch.h"
+#include "log.h"
+#include "servconf.h"
+
+/* import */
+extern ServerOptions options;
+
+static int auth2_challenge_start(Authctxt *);
+static int send_userauth_info_request(Authctxt *);
+static void input_userauth_info_response(int, u_int32_t, void *);
+
+#ifdef BSD_AUTH
+extern KbdintDevice bsdauth_device;
+#else
+#ifdef USE_PAM
+extern KbdintDevice sshpam_device;
+#endif
+#ifdef SKEY
+extern KbdintDevice skey_device;
+#endif
+#endif
+
+KbdintDevice *devices[] = {
+#ifdef BSD_AUTH
+ &bsdauth_device,
+#else
+#ifdef USE_PAM
+ &sshpam_device,
+#endif
+#ifdef SKEY
+ &skey_device,
+#endif
+#endif
+ NULL
+};
+
+typedef struct KbdintAuthctxt KbdintAuthctxt;
+struct KbdintAuthctxt
+{
+ char *devices;
+ void *ctxt;
+ KbdintDevice *device;
+ u_int nreq;
+};
+
+#ifdef USE_PAM
+void
+remove_kbdint_device(const char *devname)
+{
+ int i, j;
+
+ for (i = 0; devices[i] != NULL; i++)
+ if (strcmp(devices[i]->name, devname) == 0) {
+ for (j = i; devices[j] != NULL; j++)
+ devices[j] = devices[j+1];
+ i--;
+ }
+}
+#endif
+
+static KbdintAuthctxt *
+kbdint_alloc(const char *devs)
+{
+ KbdintAuthctxt *kbdintctxt;
+ Buffer b;
+ int i;
+
+#ifdef USE_PAM
+ if (!options.use_pam)
+ remove_kbdint_device("pam");
+#endif
+
+ kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
+ if (strcmp(devs, "") == 0) {
+ buffer_init(&b);
+ for (i = 0; devices[i]; i++) {
+ if (buffer_len(&b) > 0)
+ buffer_append(&b, ",", 1);
+ buffer_append(&b, devices[i]->name,
+ strlen(devices[i]->name));
+ }
+ buffer_append(&b, "\0", 1);
+ kbdintctxt->devices = xstrdup(buffer_ptr(&b));
+ buffer_free(&b);
+ } else {
+ kbdintctxt->devices = xstrdup(devs);
+ }
+ debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
+ kbdintctxt->ctxt = NULL;
+ kbdintctxt->device = NULL;
+ kbdintctxt->nreq = 0;
+
+ return kbdintctxt;
+}
+static void
+kbdint_reset_device(KbdintAuthctxt *kbdintctxt)
+{
+ if (kbdintctxt->ctxt) {
+ kbdintctxt->device->free_ctx(kbdintctxt->ctxt);
+ kbdintctxt->ctxt = NULL;
+ }
+ kbdintctxt->device = NULL;
+}
+static void
+kbdint_free(KbdintAuthctxt *kbdintctxt)
+{
+ if (kbdintctxt->device)
+ kbdint_reset_device(kbdintctxt);
+ if (kbdintctxt->devices) {
+ xfree(kbdintctxt->devices);
+ kbdintctxt->devices = NULL;
+ }
+ xfree(kbdintctxt);
+}
+/* get next device */
+static int
+kbdint_next_device(KbdintAuthctxt *kbdintctxt)
+{
+ size_t len;
+ char *t;
+ int i;
+
+ if (kbdintctxt->device)
+ kbdint_reset_device(kbdintctxt);
+ do {
+ len = kbdintctxt->devices ?
+ strcspn(kbdintctxt->devices, ",") : 0;
+
+ if (len == 0)
+ break;
+ for (i = 0; devices[i]; i++)
+ if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
+ kbdintctxt->device = devices[i];
+ t = kbdintctxt->devices;
+ kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
+ xfree(t);
+ debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
+ kbdintctxt->devices : "<empty>");
+ } while (kbdintctxt->devices && !kbdintctxt->device);
+
+ return kbdintctxt->device ? 1 : 0;
+}
+
+/*
+ * try challenge-response, set authctxt->postponed if we have to
+ * wait for the response.
+ */
+int
+auth2_challenge(Authctxt *authctxt, char *devs)
+{
+ debug("auth2_challenge: user=%s devs=%s",
+ authctxt->user ? authctxt->user : "<nouser>",
+ devs ? devs : "<no devs>");
+
+ if (authctxt->user == NULL || !devs)
+ return 0;
+ if (authctxt->kbdintctxt == NULL)
+ authctxt->kbdintctxt = kbdint_alloc(devs);
+ return auth2_challenge_start(authctxt);
+}
+
+/* unregister kbd-int callbacks and context */
+void
+auth2_challenge_stop(Authctxt *authctxt)
+{
+ /* unregister callback */
+ dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
+ if (authctxt->kbdintctxt != NULL) {
+ kbdint_free(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ }
+}
+
+/* side effect: sets authctxt->postponed if a reply was sent*/
+static int
+auth2_challenge_start(Authctxt *authctxt)
+{
+ KbdintAuthctxt *kbdintctxt = authctxt->kbdintctxt;
+
+ debug2("auth2_challenge_start: devices %s",
+ kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
+
+ if (kbdint_next_device(kbdintctxt) == 0) {
+ auth2_challenge_stop(authctxt);
+ return 0;
+ }
+ debug("auth2_challenge_start: trying authentication method '%s'",
+ kbdintctxt->device->name);
+
+ if ((kbdintctxt->ctxt = kbdintctxt->device->init_ctx(authctxt)) == NULL) {
+ auth2_challenge_stop(authctxt);
+ return 0;
+ }
+ if (send_userauth_info_request(authctxt) == 0) {
+ auth2_challenge_stop(authctxt);
+ return 0;
+ }
+ dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
+ &input_userauth_info_response);
+
+ authctxt->postponed = 1;
+ return 0;
+}
+
+static int
+send_userauth_info_request(Authctxt *authctxt)
+{
+ KbdintAuthctxt *kbdintctxt;
+ char *name, *instr, **prompts;
+ u_int i, *echo_on;
+
+ kbdintctxt = authctxt->kbdintctxt;
+ if (kbdintctxt->device->query(kbdintctxt->ctxt,
+ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
+ return 0;
+
+ packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
+ packet_put_cstring(name);
+ packet_put_cstring(instr);
+ packet_put_cstring(""); /* language not used */
+ packet_put_int(kbdintctxt->nreq);
+ for (i = 0; i < kbdintctxt->nreq; i++) {
+ packet_put_cstring(prompts[i]);
+ packet_put_char(echo_on[i]);
+ }
+ packet_send();
+ packet_write_wait();
+
+ for (i = 0; i < kbdintctxt->nreq; i++)
+ xfree(prompts[i]);
+ xfree(prompts);
+ xfree(echo_on);
+ xfree(name);
+ xfree(instr);
+ return 1;
+}
+
+static void
+input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ KbdintAuthctxt *kbdintctxt;
+ int authenticated = 0, res;
+ u_int i, nresp;
+ char **response = NULL, *method;
+
+ if (authctxt == NULL)
+ fatal("input_userauth_info_response: no authctxt");
+ kbdintctxt = authctxt->kbdintctxt;
+ if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
+ fatal("input_userauth_info_response: no kbdintctxt");
+ if (kbdintctxt->device == NULL)
+ fatal("input_userauth_info_response: no device");
+
+ authctxt->postponed = 0; /* reset */
+ nresp = packet_get_int();
+ if (nresp != kbdintctxt->nreq)
+ fatal("input_userauth_info_response: wrong number of replies");
+ if (nresp > 100)
+ fatal("input_userauth_info_response: too many replies");
+ if (nresp > 0) {
+ response = xcalloc(nresp, sizeof(char *));
+ for (i = 0; i < nresp; i++)
+ response[i] = packet_get_string(NULL);
+ }
+ packet_check_eom();
+
+ res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
+
+ for (i = 0; i < nresp; i++) {
+ memset(response[i], 'r', strlen(response[i]));
+ xfree(response[i]);
+ }
+ if (response)
+ xfree(response);
+
+ switch (res) {
+ case 0:
+ /* Success! */
+ authenticated = authctxt->valid ? 1 : 0;
+ break;
+ case 1:
+ /* Authentication needs further interaction */
+ if (send_userauth_info_request(authctxt) == 1)
+ authctxt->postponed = 1;
+ break;
+ default:
+ /* Failure! */
+ break;
+ }
+
+ xasprintf(&method, "keyboard-interactive/%s", kbdintctxt->device->name);
+
+ if (!authctxt->postponed) {
+ if (authenticated) {
+ auth2_challenge_stop(authctxt);
+ } else {
+ /* start next device */
+ /* may set authctxt->postponed */
+ auth2_challenge_start(authctxt);
+ }
+ }
+ userauth_finish(authctxt, authenticated, method);
+ xfree(method);
+}
+
+void
+privsep_challenge_enable(void)
+{
+#if defined(BSD_AUTH) || defined(USE_PAM) || defined(SKEY)
+ int n = 0;
+#endif
+#ifdef BSD_AUTH
+ extern KbdintDevice mm_bsdauth_device;
+#endif
+#ifdef USE_PAM
+ extern KbdintDevice mm_sshpam_device;
+#endif
+#ifdef SKEY
+ extern KbdintDevice mm_skey_device;
+#endif
+
+#ifdef BSD_AUTH
+ devices[n++] = &mm_bsdauth_device;
+#else
+#ifdef USE_PAM
+ devices[n++] = &mm_sshpam_device;
+#endif
+#ifdef SKEY
+ devices[n++] = &mm_skey_device;
+#endif
+#endif
+}
diff --git a/openssh-6.0p1/auth2-gss.c b/openssh-6.0p1/auth2-gss.c
new file mode 100644
index 0000000..0d59b21
--- /dev/null
+++ b/openssh-6.0p1/auth2-gss.c
@@ -0,0 +1,303 @@
+/* $OpenBSD: auth2-gss.c,v 1.17 2011/03/10 02:52:57 djm Exp $ */
+
+/*
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef GSSAPI
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+
+#include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "ssh2.h"
+#include "log.h"
+#include "dispatch.h"
+#include "buffer.h"
+#include "servconf.h"
+#include "packet.h"
+#include "ssh-gss.h"
+#include "monitor_wrap.h"
+
+extern ServerOptions options;
+
+static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
+static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
+static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
+static void input_gssapi_errtok(int, u_int32_t, void *);
+
+/*
+ * We only support those mechanisms that we know about (ie ones that we know
+ * how to check local user kuserok and the like)
+ */
+static int
+userauth_gssapi(Authctxt *authctxt)
+{
+ gss_OID_desc goid = {0, NULL};
+ Gssctxt *ctxt = NULL;
+ int mechs;
+ gss_OID_set supported;
+ int present;
+ OM_uint32 ms;
+ u_int len;
+ u_char *doid = NULL;
+
+ if (!authctxt->valid || authctxt->user == NULL)
+ return (0);
+
+ mechs = packet_get_int();
+ if (mechs == 0) {
+ debug("Mechanism negotiation is not supported");
+ return (0);
+ }
+
+ ssh_gssapi_supported_oids(&supported);
+ do {
+ mechs--;
+
+ if (doid)
+ xfree(doid);
+
+ present = 0;
+ doid = packet_get_string(&len);
+
+ if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
+ doid[1] == len - 2) {
+ goid.elements = doid + 2;
+ goid.length = len - 2;
+ gss_test_oid_set_member(&ms, &goid, supported,
+ &present);
+ } else {
+ logit("Badly formed OID received");
+ }
+ } while (mechs > 0 && !present);
+
+ gss_release_oid_set(&ms, &supported);
+
+ if (!present) {
+ xfree(doid);
+ authctxt->server_caused_failure = 1;
+ return (0);
+ }
+
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
+ if (ctxt != NULL)
+ ssh_gssapi_delete_ctx(&ctxt);
+ xfree(doid);
+ authctxt->server_caused_failure = 1;
+ return (0);
+ }
+
+ authctxt->methoddata = (void *)ctxt;
+
+ packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
+
+ /* Return the OID that we received */
+ packet_put_string(doid, len);
+
+ packet_send();
+ xfree(doid);
+
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
+ authctxt->postponed = 1;
+
+ return (0);
+}
+
+static void
+input_gssapi_token(int type, u_int32_t plen, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ Gssctxt *gssctxt;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok;
+ OM_uint32 maj_status, min_status, flags;
+ u_int len;
+
+ if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ fatal("No authentication or GSSAPI context");
+
+ gssctxt = authctxt->methoddata;
+ recv_tok.value = packet_get_string(&len);
+ recv_tok.length = len; /* u_int vs. size_t */
+
+ packet_check_eom();
+
+ maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
+ &send_tok, &flags));
+
+ xfree(recv_tok.value);
+
+ if (GSS_ERROR(maj_status)) {
+ if (send_tok.length != 0) {
+ packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
+ packet_put_string(send_tok.value, send_tok.length);
+ packet_send();
+ }
+ authctxt->postponed = 0;
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ userauth_finish(authctxt, 0, "gssapi-with-mic");
+ } else {
+ if (send_tok.length != 0) {
+ packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
+ packet_put_string(send_tok.value, send_tok.length);
+ packet_send();
+ }
+ if (maj_status == GSS_S_COMPLETE) {
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ if (flags & GSS_C_INTEG_FLAG)
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC,
+ &input_gssapi_mic);
+ else
+ dispatch_set(
+ SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
+ &input_gssapi_exchange_complete);
+ }
+ }
+
+ gss_release_buffer(&min_status, &send_tok);
+}
+
+static void
+input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ Gssctxt *gssctxt;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok;
+ OM_uint32 maj_status;
+ u_int len;
+
+ if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ fatal("No authentication or GSSAPI context");
+
+ gssctxt = authctxt->methoddata;
+ recv_tok.value = packet_get_string(&len);
+ recv_tok.length = len;
+
+ packet_check_eom();
+
+ /* Push the error token into GSSAPI to see what it says */
+ maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
+ &send_tok, NULL));
+
+ xfree(recv_tok.value);
+
+ /* We can't return anything to the client, even if we wanted to */
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+
+ /* The client will have already moved on to the next auth */
+
+ gss_release_buffer(&maj_status, &send_tok);
+}
+
+/*
+ * This is called when the client thinks we've completed authentication.
+ * It should only be enabled in the dispatch handler by the function above,
+ * which only enables it once the GSSAPI exchange is complete.
+ */
+
+static void
+input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ Gssctxt *gssctxt;
+ int authenticated;
+
+ if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ fatal("No authentication or GSSAPI context");
+
+ gssctxt = authctxt->methoddata;
+
+ /*
+ * We don't need to check the status, because we're only enabled in
+ * the dispatcher once the exchange is complete
+ */
+
+ packet_check_eom();
+
+ authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
+
+ authctxt->postponed = 0;
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+ userauth_finish(authctxt, authenticated, "gssapi-with-mic");
+}
+
+static void
+input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ Gssctxt *gssctxt;
+ int authenticated = 0;
+ Buffer b;
+ gss_buffer_desc mic, gssbuf;
+ u_int len;
+
+ if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ fatal("No authentication or GSSAPI context");
+
+ gssctxt = authctxt->methoddata;
+
+ mic.value = packet_get_string(&len);
+ mic.length = len;
+
+ ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
+ "gssapi-with-mic");
+
+ gssbuf.value = buffer_ptr(&b);
+ gssbuf.length = buffer_len(&b);
+
+ if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
+ authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
+ else
+ logit("GSSAPI MIC check failed");
+
+ buffer_free(&b);
+ xfree(mic.value);
+
+ authctxt->postponed = 0;
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+ userauth_finish(authctxt, authenticated, "gssapi-with-mic");
+}
+
+Authmethod method_gssapi = {
+ "gssapi-with-mic",
+ userauth_gssapi,
+ &options.gss_authentication
+};
+
+#endif /* GSSAPI */
diff --git a/openssh-6.0p1/auth2-hostbased.c b/openssh-6.0p1/auth2-hostbased.c
new file mode 100644
index 0000000..cdf442f
--- /dev/null
+++ b/openssh-6.0p1/auth2-hostbased.c
@@ -0,0 +1,220 @@
+/* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <pwd.h>
+#include <string.h>
+#include <stdarg.h>
+
+#include "xmalloc.h"
+#include "ssh2.h"
+#include "packet.h"
+#include "buffer.h"
+#include "log.h"
+#include "servconf.h"
+#include "compat.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "canohost.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+#include "pathnames.h"
+
+/* import */
+extern ServerOptions options;
+extern u_char *session_id2;
+extern u_int session_id2_len;
+
+static int
+userauth_hostbased(Authctxt *authctxt)
+{
+ Buffer b;
+ Key *key = NULL;
+ char *pkalg, *cuser, *chost, *service;
+ u_char *pkblob, *sig;
+ u_int alen, blen, slen;
+ int pktype;
+ int authenticated = 0;
+
+ if (!authctxt->valid) {
+ debug2("userauth_hostbased: disabled because of invalid user");
+ return 0;
+ }
+ pkalg = packet_get_string(&alen);
+ pkblob = packet_get_string(&blen);
+ chost = packet_get_string(NULL);
+ cuser = packet_get_string(NULL);
+ sig = packet_get_string(&slen);
+
+ debug("userauth_hostbased: cuser %s chost %s pkalg %s slen %d",
+ cuser, chost, pkalg, slen);
+#ifdef DEBUG_PK
+ debug("signature:");
+ buffer_init(&b);
+ buffer_append(&b, sig, slen);
+ buffer_dump(&b);
+ buffer_free(&b);
+#endif
+ pktype = key_type_from_name(pkalg);
+ if (pktype == KEY_UNSPEC) {
+ /* this is perfectly legal */
+ logit("userauth_hostbased: unsupported "
+ "public key algorithm: %s", pkalg);
+ goto done;
+ }
+ key = key_from_blob(pkblob, blen);
+ if (key == NULL) {
+ error("userauth_hostbased: cannot decode key: %s", pkalg);
+ goto done;
+ }
+ if (key->type != pktype) {
+ error("userauth_hostbased: type mismatch for decoded key "
+ "(received %d, expected %d)", key->type, pktype);
+ goto done;
+ }
+ service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
+ authctxt->service;
+ buffer_init(&b);
+ buffer_put_string(&b, session_id2, session_id2_len);
+ /* reconstruct packet */
+ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+ buffer_put_cstring(&b, authctxt->user);
+ buffer_put_cstring(&b, service);
+ buffer_put_cstring(&b, "hostbased");
+ buffer_put_string(&b, pkalg, alen);
+ buffer_put_string(&b, pkblob, blen);
+ buffer_put_cstring(&b, chost);
+ buffer_put_cstring(&b, cuser);
+#ifdef DEBUG_PK
+ buffer_dump(&b);
+#endif
+ /* test for allowed key and correct signature */
+ authenticated = 0;
+ if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
+ PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
+ buffer_len(&b))) == 1)
+ authenticated = 1;
+
+ buffer_free(&b);
+done:
+ debug2("userauth_hostbased: authenticated %d", authenticated);
+ if (key != NULL)
+ key_free(key);
+ xfree(pkalg);
+ xfree(pkblob);
+ xfree(cuser);
+ xfree(chost);
+ xfree(sig);
+ return authenticated;
+}
+
+/* return 1 if given hostkey is allowed */
+int
+hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
+ Key *key)
+{
+ const char *resolvedname, *ipaddr, *lookup, *reason;
+ HostStatus host_status;
+ int len;
+ char *fp;
+
+ if (auth_key_is_revoked(key))
+ return 0;
+
+ resolvedname = get_canonical_hostname(options.use_dns);
+ ipaddr = get_remote_ipaddr();
+
+ debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
+ chost, resolvedname, ipaddr);
+
+ if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
+ debug2("stripping trailing dot from chost %s", chost);
+ chost[len - 1] = '\0';
+ }
+
+ if (options.hostbased_uses_name_from_packet_only) {
+ if (auth_rhosts2(pw, cuser, chost, chost) == 0)
+ return 0;
+ lookup = chost;
+ } else {
+ if (strcasecmp(resolvedname, chost) != 0)
+ logit("userauth_hostbased mismatch: "
+ "client sends %s, but we resolve %s to %s",
+ chost, ipaddr, resolvedname);
+ if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0)
+ return 0;
+ lookup = resolvedname;
+ }
+ debug2("userauth_hostbased: access allowed by auth_rhosts2");
+
+ if (key_is_cert(key) &&
+ key_cert_check_authority(key, 1, 0, lookup, &reason)) {
+ error("%s", reason);
+ auth_debug_add("%s", reason);
+ return 0;
+ }
+
+ host_status = check_key_in_hostfiles(pw, key, lookup,
+ _PATH_SSH_SYSTEM_HOSTFILE,
+ options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE);
+
+ /* backward compat if no key has been found. */
+ if (host_status == HOST_NEW) {
+ host_status = check_key_in_hostfiles(pw, key, lookup,
+ _PATH_SSH_SYSTEM_HOSTFILE2,
+ options.ignore_user_known_hosts ? NULL :
+ _PATH_SSH_USER_HOSTFILE2);
+ }
+
+ if (host_status == HOST_OK) {
+ if (key_is_cert(key)) {
+ fp = key_fingerprint(key->cert->signature_key,
+ SSH_FP_MD5, SSH_FP_HEX);
+ verbose("Accepted certificate ID \"%s\" signed by "
+ "%s CA %s from %s@%s", key->cert->key_id,
+ key_type(key->cert->signature_key), fp,
+ cuser, lookup);
+ } else {
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ verbose("Accepted %s public key %s from %s@%s",
+ key_type(key), fp, cuser, lookup);
+ }
+ xfree(fp);
+ }
+
+ return (host_status == HOST_OK);
+}
+
+Authmethod method_hostbased = {
+ "hostbased",
+ userauth_hostbased,
+ &options.hostbased_authentication
+};
diff --git a/openssh-6.0p1/auth2-jpake.c b/openssh-6.0p1/auth2-jpake.c
new file mode 100644
index 0000000..a460e82
--- /dev/null
+++ b/openssh-6.0p1/auth2-jpake.c
@@ -0,0 +1,563 @@
+/* $OpenBSD: auth2-jpake.c,v 1.4 2010/08/31 11:54:45 djm Exp $ */
+/*
+ * Copyright (c) 2008 Damien Miller. All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Server side of zero-knowledge password auth using J-PAKE protocol
+ * as described in:
+ *
+ * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling",
+ * 16th Workshop on Security Protocols, Cambridge, April 2008
+ *
+ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
+ */
+
+#ifdef JPAKE
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include <pwd.h>
+#include <stdio.h>
+#include <string.h>
+#include <login_cap.h>
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+
+#include "xmalloc.h"
+#include "ssh2.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "buffer.h"
+#include "packet.h"
+#include "dispatch.h"
+#include "log.h"
+#include "servconf.h"
+#include "auth-options.h"
+#include "canohost.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+
+#include "schnorr.h"
+#include "jpake.h"
+
+/*
+ * XXX options->permit_empty_passwd (at the moment, they will be refused
+ * anyway because they will mismatch on fake salt.
+ */
+
+/* Dispatch handlers */
+static void input_userauth_jpake_client_step1(int, u_int32_t, void *);
+static void input_userauth_jpake_client_step2(int, u_int32_t, void *);
+static void input_userauth_jpake_client_confirm(int, u_int32_t, void *);
+
+static int auth2_jpake_start(Authctxt *);
+
+/* import */
+extern ServerOptions options;
+extern u_char *session_id2;
+extern u_int session_id2_len;
+
+/*
+ * Attempt J-PAKE authentication.
+ */
+static int
+userauth_jpake(Authctxt *authctxt)
+{
+ int authenticated = 0;
+
+ packet_check_eom();
+
+ debug("jpake-01@openssh.com requested");
+
+ if (authctxt->user != NULL) {
+ if (authctxt->jpake_ctx == NULL)
+ authctxt->jpake_ctx = jpake_new();
+ if (options.zero_knowledge_password_authentication)
+ authenticated = auth2_jpake_start(authctxt);
+ }
+
+ return authenticated;
+}
+
+Authmethod method_jpake = {
+ "jpake-01@openssh.com",
+ userauth_jpake,
+ &options.zero_knowledge_password_authentication
+};
+
+/* Clear context and callbacks */
+void
+auth2_jpake_stop(Authctxt *authctxt)
+{
+ /* unregister callbacks */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL);
+ if (authctxt->jpake_ctx != NULL) {
+ jpake_free(authctxt->jpake_ctx);
+ authctxt->jpake_ctx = NULL;
+ }
+}
+
+/* Returns 1 if 'c' is a valid crypt(3) salt character, 0 otherwise */
+static int
+valid_crypt_salt(int c)
+{
+ if (c >= 'A' && c <= 'Z')
+ return 1;
+ if (c >= 'a' && c <= 'z')
+ return 1;
+ if (c >= '.' && c <= '9')
+ return 1;
+ return 0;
+}
+
+/*
+ * Derive fake salt as H(username || first_private_host_key)
+ * This provides relatively stable fake salts for non-existent
+ * users and avoids the jpake method becoming an account validity
+ * oracle.
+ */
+static void
+derive_rawsalt(const char *username, u_char *rawsalt, u_int len)
+{
+ u_char *digest;
+ u_int digest_len;
+ Buffer b;
+ Key *k;
+
+ buffer_init(&b);
+ buffer_put_cstring(&b, username);
+ if ((k = get_hostkey_by_index(0)) == NULL ||
+ (k->flags & KEY_FLAG_EXT))
+ fatal("%s: no hostkeys", __func__);
+ switch (k->type) {
+ case KEY_RSA1:
+ case KEY_RSA:
+ if (k->rsa->p == NULL || k->rsa->q == NULL)
+ fatal("%s: RSA key missing p and/or q", __func__);
+ buffer_put_bignum2(&b, k->rsa->p);
+ buffer_put_bignum2(&b, k->rsa->q);
+ break;
+ case KEY_DSA:
+ if (k->dsa->priv_key == NULL)
+ fatal("%s: DSA key missing priv_key", __func__);
+ buffer_put_bignum2(&b, k->dsa->priv_key);
+ break;
+ case KEY_ECDSA:
+ if (EC_KEY_get0_private_key(k->ecdsa) == NULL)
+ fatal("%s: ECDSA key missing priv_key", __func__);
+ buffer_put_bignum2(&b, EC_KEY_get0_private_key(k->ecdsa));
+ break;
+ default:
+ fatal("%s: unknown key type %d", __func__, k->type);
+ }
+ if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
+ &digest, &digest_len) != 0)
+ fatal("%s: hash_buffer", __func__);
+ buffer_free(&b);
+ if (len > digest_len)
+ fatal("%s: not enough bytes for rawsalt (want %u have %u)",
+ __func__, len, digest_len);
+ memcpy(rawsalt, digest, len);
+ bzero(digest, digest_len);
+ xfree(digest);
+}
+
+/* ASCII an integer [0, 64) for inclusion in a password/salt */
+static char
+pw_encode64(u_int i64)
+{
+ const u_char e64[] =
+ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+ return e64[i64 % 64];
+}
+
+/* Generate ASCII salt bytes for user */
+static char *
+makesalt(u_int want, const char *user)
+{
+ u_char rawsalt[32];
+ static char ret[33];
+ u_int i;
+
+ if (want > sizeof(ret) - 1)
+ fatal("%s: want %u", __func__, want);
+
+ derive_rawsalt(user, rawsalt, sizeof(rawsalt));
+ bzero(ret, sizeof(ret));
+ for (i = 0; i < want; i++)
+ ret[i] = pw_encode64(rawsalt[i]);
+ bzero(rawsalt, sizeof(rawsalt));
+
+ return ret;
+}
+
+/*
+ * Select the system's default password hashing scheme and generate
+ * a stable fake salt under it for use by a non-existent account.
+ * Prevents jpake method being used to infer the validity of accounts.
+ */
+static void
+fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme)
+{
+ char *rounds_s, *style;
+ long long rounds;
+ login_cap_t *lc;
+
+
+ if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL &&
+ (lc = login_getclass(NULL)) == NULL)
+ fatal("%s: login_getclass failed", __func__);
+ style = login_getcapstr(lc, "localcipher", NULL, NULL);
+ if (style == NULL)
+ style = xstrdup("blowfish,6");
+ login_close(lc);
+
+ if ((rounds_s = strchr(style, ',')) != NULL)
+ *rounds_s++ = '\0';
+ rounds = strtonum(rounds_s, 1, 1<<31, NULL);
+
+ if (strcmp(style, "md5") == 0) {
+ xasprintf(salt, "$1$%s$", makesalt(8, authctxt->user));
+ *scheme = xstrdup("md5");
+ } else if (strcmp(style, "old") == 0) {
+ *salt = xstrdup(makesalt(2, authctxt->user));
+ *scheme = xstrdup("crypt");
+ } else if (strcmp(style, "newsalt") == 0) {
+ rounds = MAX(rounds, 7250);
+ rounds = MIN(rounds, (1<<24) - 1);
+ xasprintf(salt, "_%c%c%c%c%s",
+ pw_encode64(rounds), pw_encode64(rounds >> 6),
+ pw_encode64(rounds >> 12), pw_encode64(rounds >> 18),
+ makesalt(4, authctxt->user));
+ *scheme = xstrdup("crypt-extended");
+ } else {
+ /* Default to blowfish */
+ rounds = MAX(rounds, 3);
+ rounds = MIN(rounds, 31);
+ xasprintf(salt, "$2a$%02lld$%s", rounds,
+ makesalt(22, authctxt->user));
+ *scheme = xstrdup("bcrypt");
+ }
+ xfree(style);
+ debug3("%s: fake %s salt for user %s: %s",
+ __func__, *scheme, authctxt->user, *salt);
+}
+
+/*
+ * Fetch password hashing scheme, password salt and derive shared secret
+ * for user. If user does not exist, a fake but stable and user-unique
+ * salt will be returned.
+ */
+void
+auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
+ char **hash_scheme, char **salt)
+{
+ char *cp;
+ u_char *secret;
+ u_int secret_len, salt_len;
+
+#ifdef JPAKE_DEBUG
+ debug3("%s: valid %d pw %.5s...", __func__,
+ authctxt->valid, authctxt->pw->pw_passwd);
+#endif
+
+ *salt = NULL;
+ *hash_scheme = NULL;
+ if (authctxt->valid) {
+ if (strncmp(authctxt->pw->pw_passwd, "$2$", 3) == 0 &&
+ strlen(authctxt->pw->pw_passwd) > 28) {
+ /*
+ * old-variant bcrypt:
+ * "$2$", 2 digit rounds, "$", 22 bytes salt
+ */
+ salt_len = 3 + 2 + 1 + 22 + 1;
+ *salt = xmalloc(salt_len);
+ strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
+ *hash_scheme = xstrdup("bcrypt");
+ } else if (strncmp(authctxt->pw->pw_passwd, "$2a$", 4) == 0 &&
+ strlen(authctxt->pw->pw_passwd) > 29) {
+ /*
+ * current-variant bcrypt:
+ * "$2a$", 2 digit rounds, "$", 22 bytes salt
+ */
+ salt_len = 4 + 2 + 1 + 22 + 1;
+ *salt = xmalloc(salt_len);
+ strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
+ *hash_scheme = xstrdup("bcrypt");
+ } else if (strncmp(authctxt->pw->pw_passwd, "$1$", 3) == 0 &&
+ strlen(authctxt->pw->pw_passwd) > 5) {
+ /*
+ * md5crypt:
+ * "$1$", salt until "$"
+ */
+ cp = strchr(authctxt->pw->pw_passwd + 3, '$');
+ if (cp != NULL) {
+ salt_len = (cp - authctxt->pw->pw_passwd) + 1;
+ *salt = xmalloc(salt_len);
+ strlcpy(*salt, authctxt->pw->pw_passwd,
+ salt_len);
+ *hash_scheme = xstrdup("md5crypt");
+ }
+ } else if (strncmp(authctxt->pw->pw_passwd, "_", 1) == 0 &&
+ strlen(authctxt->pw->pw_passwd) > 9) {
+ /*
+ * BSDI extended crypt:
+ * "_", 4 digits count, 4 chars salt
+ */
+ salt_len = 1 + 4 + 4 + 1;
+ *salt = xmalloc(salt_len);
+ strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
+ *hash_scheme = xstrdup("crypt-extended");
+ } else if (strlen(authctxt->pw->pw_passwd) == 13 &&
+ valid_crypt_salt(authctxt->pw->pw_passwd[0]) &&
+ valid_crypt_salt(authctxt->pw->pw_passwd[1])) {
+ /*
+ * traditional crypt:
+ * 2 chars salt
+ */
+ salt_len = 2 + 1;
+ *salt = xmalloc(salt_len);
+ strlcpy(*salt, authctxt->pw->pw_passwd, salt_len);
+ *hash_scheme = xstrdup("crypt");
+ }
+ if (*salt == NULL) {
+ debug("%s: unrecognised crypt scheme for user %s",
+ __func__, authctxt->pw->pw_name);
+ }
+ }
+ if (*salt == NULL)
+ fake_salt_and_scheme(authctxt, salt, hash_scheme);
+
+ if (hash_buffer(authctxt->pw->pw_passwd,
+ strlen(authctxt->pw->pw_passwd), EVP_sha256(),
+ &secret, &secret_len) != 0)
+ fatal("%s: hash_buffer", __func__);
+ if ((*s = BN_bin2bn(secret, secret_len, NULL)) == NULL)
+ fatal("%s: BN_bin2bn (secret)", __func__);
+#ifdef JPAKE_DEBUG
+ debug3("%s: salt = %s (len %u)", __func__,
+ *salt, (u_int)strlen(*salt));
+ debug3("%s: scheme = %s", __func__, *hash_scheme);
+ JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
+#endif
+ bzero(secret, secret_len);
+ xfree(secret);
+}
+
+/*
+ * Begin authentication attempt.
+ * Note, sets authctxt->postponed while in subprotocol
+ */
+static int
+auth2_jpake_start(Authctxt *authctxt)
+{
+ struct jpake_ctx *pctx = authctxt->jpake_ctx;
+ u_char *x3_proof, *x4_proof;
+ u_int x3_proof_len, x4_proof_len;
+ char *salt, *hash_scheme;
+
+ debug("%s: start", __func__);
+
+ PRIVSEP(jpake_step1(pctx->grp,
+ &pctx->server_id, &pctx->server_id_len,
+ &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
+ &x3_proof, &x3_proof_len,
+ &x4_proof, &x4_proof_len));
+
+ PRIVSEP(auth2_jpake_get_pwdata(authctxt, &pctx->s,
+ &hash_scheme, &salt));
+
+ if (!use_privsep)
+ JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
+
+ packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1);
+ packet_put_cstring(hash_scheme);
+ packet_put_cstring(salt);
+ packet_put_string(pctx->server_id, pctx->server_id_len);
+ packet_put_bignum2(pctx->g_x3);
+ packet_put_bignum2(pctx->g_x4);
+ packet_put_string(x3_proof, x3_proof_len);
+ packet_put_string(x4_proof, x4_proof_len);
+ packet_send();
+ packet_write_wait();
+
+ bzero(hash_scheme, strlen(hash_scheme));
+ bzero(salt, strlen(salt));
+ xfree(hash_scheme);
+ xfree(salt);
+ bzero(x3_proof, x3_proof_len);
+ bzero(x4_proof, x4_proof_len);
+ xfree(x3_proof);
+ xfree(x4_proof);
+
+ /* Expect step 1 packet from peer */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1,
+ input_userauth_jpake_client_step1);
+
+ authctxt->postponed = 1;
+ return 0;
+}
+
+/* ARGSUSED */
+static void
+input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ struct jpake_ctx *pctx = authctxt->jpake_ctx;
+ u_char *x1_proof, *x2_proof, *x4_s_proof;
+ u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
+
+ /* Disable this message */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL);
+
+ /* Fetch step 1 values */
+ if ((pctx->g_x1 = BN_new()) == NULL ||
+ (pctx->g_x2 = BN_new()) == NULL)
+ fatal("%s: BN_new", __func__);
+ pctx->client_id = packet_get_string(&pctx->client_id_len);
+ packet_get_bignum2(pctx->g_x1);
+ packet_get_bignum2(pctx->g_x2);
+ x1_proof = packet_get_string(&x1_proof_len);
+ x2_proof = packet_get_string(&x2_proof_len);
+ packet_check_eom();
+
+ if (!use_privsep)
+ JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
+
+ PRIVSEP(jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
+ pctx->g_x1, pctx->g_x2, pctx->x4,
+ pctx->client_id, pctx->client_id_len,
+ pctx->server_id, pctx->server_id_len,
+ x1_proof, x1_proof_len,
+ x2_proof, x2_proof_len,
+ &pctx->b,
+ &x4_s_proof, &x4_s_proof_len));
+
+ bzero(x1_proof, x1_proof_len);
+ bzero(x2_proof, x2_proof_len);
+ xfree(x1_proof);
+ xfree(x2_proof);
+
+ if (!use_privsep)
+ JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
+
+ /* Send values for step 2 */
+ packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2);
+ packet_put_bignum2(pctx->b);
+ packet_put_string(x4_s_proof, x4_s_proof_len);
+ packet_send();
+ packet_write_wait();
+
+ bzero(x4_s_proof, x4_s_proof_len);
+ xfree(x4_s_proof);
+
+ /* Expect step 2 packet from peer */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2,
+ input_userauth_jpake_client_step2);
+}
+
+/* ARGSUSED */
+static void
+input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ struct jpake_ctx *pctx = authctxt->jpake_ctx;
+ u_char *x2_s_proof;
+ u_int x2_s_proof_len;
+
+ /* Disable this message */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL);
+
+ if ((pctx->a = BN_new()) == NULL)
+ fatal("%s: BN_new", __func__);
+
+ /* Fetch step 2 values */
+ packet_get_bignum2(pctx->a);
+ x2_s_proof = packet_get_string(&x2_s_proof_len);
+ packet_check_eom();
+
+ if (!use_privsep)
+ JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
+
+ /* Derive shared key and calculate confirmation hash */
+ PRIVSEP(jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
+ pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
+ pctx->server_id, pctx->server_id_len,
+ pctx->client_id, pctx->client_id_len,
+ session_id2, session_id2_len,
+ x2_s_proof, x2_s_proof_len,
+ &pctx->k,
+ &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
+
+ bzero(x2_s_proof, x2_s_proof_len);
+ xfree(x2_s_proof);
+
+ if (!use_privsep)
+ JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
+
+ /* Send key confirmation proof */
+ packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM);
+ packet_put_string(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
+ packet_send();
+ packet_write_wait();
+
+ /* Expect confirmation from peer */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM,
+ input_userauth_jpake_client_confirm);
+}
+
+/* ARGSUSED */
+static void
+input_userauth_jpake_client_confirm(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ struct jpake_ctx *pctx = authctxt->jpake_ctx;
+ int authenticated = 0;
+
+ /* Disable this message */
+ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL);
+
+ pctx->h_k_cid_sessid = packet_get_string(&pctx->h_k_cid_sessid_len);
+ packet_check_eom();
+
+ if (!use_privsep)
+ JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
+
+ /* Verify expected confirmation hash */
+ if (PRIVSEP(jpake_check_confirm(pctx->k,
+ pctx->client_id, pctx->client_id_len,
+ session_id2, session_id2_len,
+ pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len)) == 1)
+ authenticated = authctxt->valid ? 1 : 0;
+ else
+ debug("%s: confirmation mismatch", __func__);
+
+ /* done */
+ authctxt->postponed = 0;
+ jpake_free(authctxt->jpake_ctx);
+ authctxt->jpake_ctx = NULL;
+ userauth_finish(authctxt, authenticated, method_jpake.name);
+}
+
+#endif /* JPAKE */
+
diff --git a/openssh-6.0p1/auth2-kbdint.c b/openssh-6.0p1/auth2-kbdint.c
new file mode 100644
index 0000000..fae67da
--- /dev/null
+++ b/openssh-6.0p1/auth2-kbdint.c
@@ -0,0 +1,68 @@
+/* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+
+#include "xmalloc.h"
+#include "packet.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+
+/* import */
+extern ServerOptions options;
+
+static int
+userauth_kbdint(Authctxt *authctxt)
+{
+ int authenticated = 0;
+ char *lang, *devs;
+
+ lang = packet_get_string(NULL);
+ devs = packet_get_string(NULL);
+ packet_check_eom();
+
+ debug("keyboard-interactive devs %s", devs);
+
+ if (options.challenge_response_authentication)
+ authenticated = auth2_challenge(authctxt, devs);
+
+ xfree(devs);
+ xfree(lang);
+ return authenticated;
+}
+
+Authmethod method_kbdint = {
+ "keyboard-interactive",
+ userauth_kbdint,
+ &options.kbd_interactive_authentication
+};
diff --git a/openssh-6.0p1/auth2-none.c b/openssh-6.0p1/auth2-none.c
new file mode 100644
index 0000000..c8c6c74
--- /dev/null
+++ b/openssh-6.0p1/auth2-none.c
@@ -0,0 +1,73 @@
+/* $OpenBSD: auth2-none.c,v 1.16 2010/06/25 08:46:17 djm Exp $ */
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/uio.h>
+
+#include <fcntl.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "atomicio.h"
+#include "xmalloc.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "packet.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+#include "compat.h"
+#include "ssh2.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+
+/* import */
+extern ServerOptions options;
+
+/* "none" is allowed only one time */
+static int none_enabled = 1;
+
+static int
+userauth_none(Authctxt *authctxt)
+{
+ none_enabled = 0;
+ packet_check_eom();
+ if (options.permit_empty_passwd && options.password_authentication)
+ return (PRIVSEP(auth_password(authctxt, "")));
+ return (0);
+}
+
+Authmethod method_none = {
+ "none",
+ userauth_none,
+ &none_enabled
+};
diff --git a/openssh-6.0p1/auth2-passwd.c b/openssh-6.0p1/auth2-passwd.c
new file mode 100644
index 0000000..5f1f363
--- /dev/null
+++ b/openssh-6.0p1/auth2-passwd.c
@@ -0,0 +1,80 @@
+/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <string.h>
+#include <stdarg.h>
+
+#include "xmalloc.h"
+#include "packet.h"
+#include "log.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "buffer.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+#include "servconf.h"
+
+/* import */
+extern ServerOptions options;
+
+static int
+userauth_passwd(Authctxt *authctxt)
+{
+ char *password, *newpass;
+ int authenticated = 0;
+ int change;
+ u_int len, newlen;
+
+ change = packet_get_char();
+ password = packet_get_string(&len);
+ if (change) {
+ /* discard new password from packet */
+ newpass = packet_get_string(&newlen);
+ memset(newpass, 0, newlen);
+ xfree(newpass);
+ }
+ packet_check_eom();
+
+ if (change)
+ logit("password change not supported");
+ else if (PRIVSEP(auth_password(authctxt, password)) == 1)
+ authenticated = 1;
+ memset(password, 0, len);
+ xfree(password);
+ return authenticated;
+}
+
+Authmethod method_passwd = {
+ "password",
+ userauth_passwd,
+ &options.password_authentication
+};
diff --git a/openssh-6.0p1/auth2-pubkey.c b/openssh-6.0p1/auth2-pubkey.c
new file mode 100644
index 0000000..5bccb5d
--- /dev/null
+++ b/openssh-6.0p1/auth2-pubkey.c
@@ -0,0 +1,466 @@
+/* $OpenBSD: auth2-pubkey.c,v 1.30 2011/09/25 05:44:47 djm Exp $ */
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <fcntl.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "xmalloc.h"
+#include "ssh.h"
+#include "ssh2.h"
+#include "packet.h"
+#include "buffer.h"
+#include "log.h"
+#include "servconf.h"
+#include "compat.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "pathnames.h"
+#include "uidswap.h"
+#include "auth-options.h"
+#include "canohost.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+#include "misc.h"
+#include "authfile.h"
+#include "match.h"
+
+/* import */
+extern ServerOptions options;
+extern u_char *session_id2;
+extern u_int session_id2_len;
+
+static int
+userauth_pubkey(Authctxt *authctxt)
+{
+ Buffer b;
+ Key *key = NULL;
+ char *pkalg;
+ u_char *pkblob, *sig;
+ u_int alen, blen, slen;
+ int have_sig, pktype;
+ int authenticated = 0;
+
+ if (!authctxt->valid) {
+ debug2("userauth_pubkey: disabled because of invalid user");
+ return 0;
+ }
+ have_sig = packet_get_char();
+ if (datafellows & SSH_BUG_PKAUTH) {
+ debug2("userauth_pubkey: SSH_BUG_PKAUTH");
+ /* no explicit pkalg given */
+ pkblob = packet_get_string(&blen);
+ buffer_init(&b);
+ buffer_append(&b, pkblob, blen);
+ /* so we have to extract the pkalg from the pkblob */
+ pkalg = buffer_get_string(&b, &alen);
+ buffer_free(&b);
+ } else {
+ pkalg = packet_get_string(&alen);
+ pkblob = packet_get_string(&blen);
+ }
+ pktype = key_type_from_name(pkalg);
+ if (pktype == KEY_UNSPEC) {
+ /* this is perfectly legal */
+ logit("userauth_pubkey: unsupported public key algorithm: %s",
+ pkalg);
+ goto done;
+ }
+ key = key_from_blob(pkblob, blen);
+ if (key == NULL) {
+ error("userauth_pubkey: cannot decode key: %s", pkalg);
+ goto done;
+ }
+ if (key->type != pktype) {
+ error("userauth_pubkey: type mismatch for decoded key "
+ "(received %d, expected %d)", key->type, pktype);
+ goto done;
+ }
+ if (have_sig) {
+ sig = packet_get_string(&slen);
+ packet_check_eom();
+ buffer_init(&b);
+ if (datafellows & SSH_OLD_SESSIONID) {
+ buffer_append(&b, session_id2, session_id2_len);
+ } else {
+ buffer_put_string(&b, session_id2, session_id2_len);
+ }
+ /* reconstruct packet */
+ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+ buffer_put_cstring(&b, authctxt->user);
+ buffer_put_cstring(&b,
+ datafellows & SSH_BUG_PKSERVICE ?
+ "ssh-userauth" :
+ authctxt->service);
+ if (datafellows & SSH_BUG_PKAUTH) {
+ buffer_put_char(&b, have_sig);
+ } else {
+ buffer_put_cstring(&b, "publickey");
+ buffer_put_char(&b, have_sig);
+ buffer_put_cstring(&b, pkalg);
+ }
+ buffer_put_string(&b, pkblob, blen);
+#ifdef DEBUG_PK
+ buffer_dump(&b);
+#endif
+ /* test for correct signature */
+ authenticated = 0;
+ if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
+ PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
+ buffer_len(&b))) == 1)
+ authenticated = 1;
+ buffer_free(&b);
+ xfree(sig);
+ } else {
+ debug("test whether pkalg/pkblob are acceptable");
+ packet_check_eom();
+
+ /* XXX fake reply and always send PK_OK ? */
+ /*
+ * XXX this allows testing whether a user is allowed
+ * to login: if you happen to have a valid pubkey this
+ * message is sent. the message is NEVER sent at all
+ * if a user is not allowed to login. is this an
+ * issue? -markus
+ */
+ if (PRIVSEP(user_key_allowed(authctxt->pw, key))) {
+ packet_start(SSH2_MSG_USERAUTH_PK_OK);
+ packet_put_string(pkalg, alen);
+ packet_put_string(pkblob, blen);
+ packet_send();
+ packet_write_wait();
+ authctxt->postponed = 1;
+ }
+ }
+ if (authenticated != 1)
+ auth_clear_options();
+done:
+ debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
+ if (key != NULL)
+ key_free(key);
+ xfree(pkalg);
+ xfree(pkblob);
+ return authenticated;
+}
+
+static int
+match_principals_option(const char *principal_list, struct KeyCert *cert)
+{
+ char *result;
+ u_int i;
+
+ /* XXX percent_expand() sequences for authorized_principals? */
+
+ for (i = 0; i < cert->nprincipals; i++) {
+ if ((result = match_list(cert->principals[i],
+ principal_list, NULL)) != NULL) {
+ debug3("matched principal from key options \"%.100s\"",
+ result);
+ xfree(result);
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static int
+match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
+{
+ FILE *f;
+ char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
+ u_long linenum = 0;
+ u_int i;
+
+ temporarily_use_uid(pw);
+ debug("trying authorized principals file %s", file);
+ if ((f = auth_openprincipals(file, pw, options.strict_modes)) == NULL) {
+ restore_uid();
+ return 0;
+ }
+ while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+ /* Skip leading whitespace. */
+ for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+ ;
+ /* Skip blank and comment lines. */
+ if ((ep = strchr(cp, '#')) != NULL)
+ *ep = '\0';
+ if (!*cp || *cp == '\n')
+ continue;
+ /* Trim trailing whitespace. */
+ ep = cp + strlen(cp) - 1;
+ while (ep > cp && (*ep == '\n' || *ep == ' ' || *ep == '\t'))
+ *ep-- = '\0';
+ /*
+ * If the line has internal whitespace then assume it has
+ * key options.
+ */
+ line_opts = NULL;
+ if ((ep = strrchr(cp, ' ')) != NULL ||
+ (ep = strrchr(cp, '\t')) != NULL) {
+ for (; *ep == ' ' || *ep == '\t'; ep++)
+ ;
+ line_opts = cp;
+ cp = ep;
+ }
+ for (i = 0; i < cert->nprincipals; i++) {
+ if (strcmp(cp, cert->principals[i]) == 0) {
+ debug3("matched principal \"%.100s\" "
+ "from file \"%s\" on line %lu",
+ cert->principals[i], file, linenum);
+ if (auth_parse_options(pw, line_opts,
+ file, linenum) != 1)
+ continue;
+ fclose(f);
+ restore_uid();
+ return 1;
+ }
+ }
+ }
+ fclose(f);
+ restore_uid();
+ return 0;
+}
+
+/* return 1 if user allows given key */
+static int
+user_key_allowed2(struct passwd *pw, Key *key, char *file)
+{
+ char line[SSH_MAX_PUBKEY_BYTES];
+ const char *reason;
+ int found_key = 0;
+ FILE *f;
+ u_long linenum = 0;
+ Key *found;
+ char *fp;
+
+ /* Temporarily use the user's uid. */
+ temporarily_use_uid(pw);
+
+ debug("trying public key file %s", file);
+ f = auth_openkeyfile(file, pw, options.strict_modes);
+
+ if (!f) {
+ restore_uid();
+ return 0;
+ }
+
+ found_key = 0;
+ found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
+
+ while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+ char *cp, *key_options = NULL;
+
+ auth_clear_options();
+
+ /* Skip leading whitespace, empty and comment lines. */
+ for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+ ;
+ if (!*cp || *cp == '\n' || *cp == '#')
+ continue;
+
+ if (key_read(found, &cp) != 1) {
+ /* no key? check if there are options for this key */
+ int quoted = 0;
+ debug2("user_key_allowed: check options: '%s'", cp);
+ key_options = cp;
+ for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+ if (*cp == '\\' && cp[1] == '"')
+ cp++; /* Skip both */
+ else if (*cp == '"')
+ quoted = !quoted;
+ }
+ /* Skip remaining whitespace. */
+ for (; *cp == ' ' || *cp == '\t'; cp++)
+ ;
+ if (key_read(found, &cp) != 1) {
+ debug2("user_key_allowed: advance: '%s'", cp);
+ /* still no key? advance to next line*/
+ continue;
+ }
+ }
+ if (key_is_cert(key)) {
+ if (!key_equal(found, key->cert->signature_key))
+ continue;
+ if (auth_parse_options(pw, key_options, file,
+ linenum) != 1)
+ continue;
+ if (!key_is_cert_authority)
+ continue;
+ fp = key_fingerprint(found, SSH_FP_MD5,
+ SSH_FP_HEX);
+ debug("matching CA found: file %s, line %lu, %s %s",
+ file, linenum, key_type(found), fp);
+ /*
+ * If the user has specified a list of principals as
+ * a key option, then prefer that list to matching
+ * their username in the certificate principals list.
+ */
+ if (authorized_principals != NULL &&
+ !match_principals_option(authorized_principals,
+ key->cert)) {
+ reason = "Certificate does not contain an "
+ "authorized principal";
+ fail_reason:
+ xfree(fp);
+ error("%s", reason);
+ auth_debug_add("%s", reason);
+ continue;
+ }
+ if (key_cert_check_authority(key, 0, 0,
+ authorized_principals == NULL ? pw->pw_name : NULL,
+ &reason) != 0)
+ goto fail_reason;
+ if (auth_cert_options(key, pw) != 0) {
+ xfree(fp);
+ continue;
+ }
+ verbose("Accepted certificate ID \"%s\" "
+ "signed by %s CA %s via %s", key->cert->key_id,
+ key_type(found), fp, file);
+ xfree(fp);
+ found_key = 1;
+ break;
+ } else if (key_equal(found, key)) {
+ if (auth_parse_options(pw, key_options, file,
+ linenum) != 1)
+ continue;
+ if (key_is_cert_authority)
+ continue;
+ found_key = 1;
+ debug("matching key found: file %s, line %lu",
+ file, linenum);
+ fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+ verbose("Found matching %s key: %s",
+ key_type(found), fp);
+ xfree(fp);
+ break;
+ }
+ }
+ restore_uid();
+ fclose(f);
+ key_free(found);
+ if (!found_key)
+ debug2("key not found");
+ return found_key;
+}
+
+/* Authenticate a certificate key against TrustedUserCAKeys */
+static int
+user_cert_trusted_ca(struct passwd *pw, Key *key)
+{
+ char *ca_fp, *principals_file = NULL;
+ const char *reason;
+ int ret = 0;
+
+ if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
+ return 0;
+
+ ca_fp = key_fingerprint(key->cert->signature_key,
+ SSH_FP_MD5, SSH_FP_HEX);
+
+ if (key_in_file(key->cert->signature_key,
+ options.trusted_user_ca_keys, 1) != 1) {
+ debug2("%s: CA %s %s is not listed in %s", __func__,
+ key_type(key->cert->signature_key), ca_fp,
+ options.trusted_user_ca_keys);
+ goto out;
+ }
+ /*
+ * If AuthorizedPrincipals is in use, then compare the certificate
+ * principals against the names in that file rather than matching
+ * against the username.
+ */
+ if ((principals_file = authorized_principals_file(pw)) != NULL) {
+ if (!match_principals_file(principals_file, pw, key->cert)) {
+ reason = "Certificate does not contain an "
+ "authorized principal";
+ fail_reason:
+ error("%s", reason);
+ auth_debug_add("%s", reason);
+ goto out;
+ }
+ }
+ if (key_cert_check_authority(key, 0, 1,
+ principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
+ goto fail_reason;
+ if (auth_cert_options(key, pw) != 0)
+ goto out;
+
+ verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s",
+ key->cert->key_id, key_type(key->cert->signature_key), ca_fp,
+ options.trusted_user_ca_keys);
+ ret = 1;
+
+ out:
+ if (principals_file != NULL)
+ xfree(principals_file);
+ if (ca_fp != NULL)
+ xfree(ca_fp);
+ return ret;
+}
+
+/* check whether given key is in .ssh/authorized_keys* */
+int
+user_key_allowed(struct passwd *pw, Key *key)
+{
+ u_int success, i;
+ char *file;
+
+ if (auth_key_is_revoked(key))
+ return 0;
+ if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
+ return 0;
+
+ success = user_cert_trusted_ca(pw, key);
+ if (success)
+ return success;
+
+ for (i = 0; !success && i < options.num_authkeys_files; i++) {
+ file = expand_authorized_keys(
+ options.authorized_keys_files[i], pw);
+ success = user_key_allowed2(pw, key, file);
+ xfree(file);
+ }
+
+ return success;
+}
+
+Authmethod method_pubkey = {
+ "publickey",
+ userauth_pubkey,
+ &options.pubkey_authentication
+};
diff --git a/openssh-6.0p1/auth2.c b/openssh-6.0p1/auth2.c
new file mode 100644
index 0000000..b66bef6
--- /dev/null
+++ b/openssh-6.0p1/auth2.c
@@ -0,0 +1,409 @@
+/* $OpenBSD: auth2.c,v 1.124 2011/12/07 05:44:38 djm Exp $ */
+/*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/uio.h>
+
+#include <fcntl.h>
+#include <pwd.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "atomicio.h"
+#include "xmalloc.h"
+#include "ssh2.h"
+#include "packet.h"
+#include "log.h"
+#include "buffer.h"
+#include "servconf.h"
+#include "compat.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "dispatch.h"
+#include "pathnames.h"
+#include "buffer.h"
+
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+
+/* import */
+extern ServerOptions options;
+extern u_char *session_id2;
+extern u_int session_id2_len;
+extern Buffer loginmsg;
+
+/* methods */
+
+extern Authmethod method_none;
+extern Authmethod method_pubkey;
+extern Authmethod method_passwd;
+extern Authmethod method_kbdint;
+extern Authmethod method_hostbased;
+#ifdef GSSAPI
+extern Authmethod method_gssapi;
+#endif
+#ifdef JPAKE
+extern Authmethod method_jpake;
+#endif
+
+Authmethod *authmethods[] = {
+ &method_none,
+ &method_pubkey,
+#ifdef GSSAPI
+ &method_gssapi,
+#endif
+#ifdef JPAKE
+ &method_jpake,
+#endif
+ &method_passwd,
+ &method_kbdint,
+ &method_hostbased,
+ NULL
+};
+
+/* protocol */
+
+static void input_service_request(int, u_int32_t, void *);
+static void input_userauth_request(int, u_int32_t, void *);
+
+/* helper */
+static Authmethod *authmethod_lookup(const char *);
+static char *authmethods_get(void);
+
+char *
+auth2_read_banner(void)
+{
+ struct stat st;
+ char *banner = NULL;
+ size_t len, n;
+ int fd;
+
+ if ((fd = open(options.banner, O_RDONLY)) == -1)
+ return (NULL);
+ if (fstat(fd, &st) == -1) {
+ close(fd);
+ return (NULL);
+ }
+ if (st.st_size <= 0 || st.st_size > 1*1024*1024) {
+ close(fd);
+ return (NULL);
+ }
+
+ len = (size_t)st.st_size; /* truncate */
+ banner = xmalloc(len + 1);
+ n = atomicio(read, fd, banner, len);
+ close(fd);
+
+ if (n != len) {
+ xfree(banner);
+ return (NULL);
+ }
+ banner[n] = '\0';
+
+ return (banner);
+}
+
+void
+userauth_send_banner(const char *msg)
+{
+ if (datafellows & SSH_BUG_BANNER)
+ return;
+
+ packet_start(SSH2_MSG_USERAUTH_BANNER);
+ packet_put_cstring(msg);
+ packet_put_cstring(""); /* language, unused */
+ packet_send();
+ debug("%s: sent", __func__);
+}
+
+static void
+userauth_banner(void)
+{
+ char *banner = NULL;
+
+ if (options.banner == NULL ||
+ strcasecmp(options.banner, "none") == 0 ||
+ (datafellows & SSH_BUG_BANNER) != 0)
+ return;
+
+ if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
+ goto done;
+ userauth_send_banner(banner);
+
+done:
+ if (banner)
+ xfree(banner);
+}
+
+/*
+ * loop until authctxt->success == TRUE
+ */
+void
+do_authentication2(Authctxt *authctxt)
+{
+ dispatch_init(&dispatch_protocol_error);
+ dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
+ dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
+}
+
+/*ARGSUSED*/
+static void
+input_service_request(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ u_int len;
+ int acceptit = 0;
+ char *service = packet_get_cstring(&len);
+ packet_check_eom();
+
+ if (authctxt == NULL)
+ fatal("input_service_request: no authctxt");
+
+ if (strcmp(service, "ssh-userauth") == 0) {
+ if (!authctxt->success) {
+ acceptit = 1;
+ /* now we can handle user-auth requests */
+ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
+ }
+ }
+ /* XXX all other service requests are denied */
+
+ if (acceptit) {
+ packet_start(SSH2_MSG_SERVICE_ACCEPT);
+ packet_put_cstring(service);
+ packet_send();
+ packet_write_wait();
+ } else {
+ debug("bad service request %s", service);
+ packet_disconnect("bad service request %s", service);
+ }
+ xfree(service);
+}
+
+/*ARGSUSED*/
+static void
+input_userauth_request(int type, u_int32_t seq, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ Authmethod *m = NULL;
+ char *user, *service, *method, *style = NULL;
+ int authenticated = 0;
+
+ if (authctxt == NULL)
+ fatal("input_userauth_request: no authctxt");
+
+ user = packet_get_cstring(NULL);
+ service = packet_get_cstring(NULL);
+ method = packet_get_cstring(NULL);
+ debug("userauth-request for user %s service %s method %s", user, service, method);
+ debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
+
+ if ((style = strchr(user, ':')) != NULL)
+ *style++ = 0;
+
+ if (authctxt->attempt++ == 0) {
+ /* setup auth context */
+ authctxt->pw = PRIVSEP(getpwnamallow(user));
+ authctxt->user = xstrdup(user);
+ if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
+ authctxt->valid = 1;
+ debug2("input_userauth_request: setting up authctxt for %s", user);
+ } else {
+ logit("input_userauth_request: invalid user %s", user);
+ authctxt->pw = fakepw();
+#ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_INVALID_USER));
+#endif
+ }
+#ifdef USE_PAM
+ if (options.use_pam)
+ PRIVSEP(start_pam(authctxt));
+#endif
+ setproctitle("%s%s", authctxt->valid ? user : "unknown",
+ use_privsep ? " [net]" : "");
+ authctxt->service = xstrdup(service);
+ authctxt->style = style ? xstrdup(style) : NULL;
+ if (use_privsep)
+ mm_inform_authserv(service, style);
+ userauth_banner();
+ } else if (strcmp(user, authctxt->user) != 0 ||
+ strcmp(service, authctxt->service) != 0) {
+ packet_disconnect("Change of username or service not allowed: "
+ "(%s,%s) -> (%s,%s)",
+ authctxt->user, authctxt->service, user, service);
+ }
+ /* reset state */
+ auth2_challenge_stop(authctxt);
+#ifdef JPAKE
+ auth2_jpake_stop(authctxt);
+#endif
+
+#ifdef GSSAPI
+ /* XXX move to auth2_gssapi_stop() */
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+#endif
+
+ authctxt->postponed = 0;
+ authctxt->server_caused_failure = 0;
+
+ /* try to authenticate user */
+ m = authmethod_lookup(method);
+ if (m != NULL && authctxt->failures < options.max_authtries) {
+ debug2("input_userauth_request: try method %s", method);
+ authenticated = m->userauth(authctxt);
+ }
+ userauth_finish(authctxt, authenticated, method);
+
+ xfree(service);
+ xfree(user);
+ xfree(method);
+}
+
+void
+userauth_finish(Authctxt *authctxt, int authenticated, char *method)
+{
+ char *methods;
+
+ if (!authctxt->valid && authenticated)
+ fatal("INTERNAL ERROR: authenticated invalid user %s",
+ authctxt->user);
+
+ /* Special handling for root */
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
+ !auth_root_allowed(method)) {
+ authenticated = 0;
+#ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
+#endif
+ }
+
+#ifdef USE_PAM
+ if (options.use_pam && authenticated) {
+ if (!PRIVSEP(do_pam_account())) {
+ /* if PAM returned a message, send it to the user */
+ if (buffer_len(&loginmsg) > 0) {
+ buffer_append(&loginmsg, "\0", 1);
+ userauth_send_banner(buffer_ptr(&loginmsg));
+ packet_write_wait();
+ }
+ fatal("Access denied for user %s by PAM account "
+ "configuration", authctxt->user);
+ }
+ }
+#endif
+
+#ifdef _UNICOS
+ if (authenticated && cray_access_denied(authctxt->user)) {
+ authenticated = 0;
+ fatal("Access denied for user %s.",authctxt->user);
+ }
+#endif /* _UNICOS */
+
+ /* Log before sending the reply */
+ auth_log(authctxt, authenticated, method, " ssh2");
+
+ if (authctxt->postponed)
+ return;
+
+ /* XXX todo: check if multiple auth methods are needed */
+ if (authenticated == 1) {
+ /* turn off userauth */
+ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
+ packet_start(SSH2_MSG_USERAUTH_SUCCESS);
+ packet_send();
+ packet_write_wait();
+ /* now we can break out */
+ authctxt->success = 1;
+ } else {
+
+ /* Allow initial try of "none" auth without failure penalty */
+ if (!authctxt->server_caused_failure &&
+ (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+ authctxt->failures++;
+ if (authctxt->failures >= options.max_authtries) {
+#ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
+#endif
+ packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ }
+ methods = authmethods_get();
+ packet_start(SSH2_MSG_USERAUTH_FAILURE);
+ packet_put_cstring(methods);
+ packet_put_char(0); /* XXX partial success, unused */
+ packet_send();
+ packet_write_wait();
+ xfree(methods);
+ }
+}
+
+static char *
+authmethods_get(void)
+{
+ Buffer b;
+ char *list;
+ int i;
+
+ buffer_init(&b);
+ for (i = 0; authmethods[i] != NULL; i++) {
+ if (strcmp(authmethods[i]->name, "none") == 0)
+ continue;
+ if (authmethods[i]->enabled != NULL &&
+ *(authmethods[i]->enabled) != 0) {
+ if (buffer_len(&b) > 0)
+ buffer_append(&b, ",", 1);
+ buffer_append(&b, authmethods[i]->name,
+ strlen(authmethods[i]->name));
+ }
+ }
+ buffer_append(&b, "\0", 1);
+ list = xstrdup(buffer_ptr(&b));
+ buffer_free(&b);
+ return list;
+}
+
+static Authmethod *
+authmethod_lookup(const char *name)
+{
+ int i;
+
+ if (name != NULL)
+ for (i = 0; authmethods[i] != NULL; i++)
+ if (authmethods[i]->enabled != NULL &&
+ *(authmethods[i]->enabled) != 0 &&
+ strcmp(name, authmethods[i]->name) == 0)
+ return authmethods[i];
+ debug2("Unrecognized authentication method name: %s",
+ name ? name : "NULL");
+ return NULL;
+}
+
diff --git a/openssh-6.0p1/authfd.c b/openssh-6.0p1/authfd.c
new file mode 100644
index 0000000..f037e83
--- /dev/null
+++ b/openssh-6.0p1/authfd.c
@@ -0,0 +1,708 @@
+/* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ * Functions for connecting the local authentication agent.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ *
+ * SSH2 implementation,
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/un.h>
+#include <sys/socket.h>
+
+#include <openssl/evp.h>
+
+#include <openssl/crypto.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "xmalloc.h"
+#include "ssh.h"
+#include "rsa.h"
+#include "buffer.h"
+#include "key.h"
+#include "authfd.h"
+#include "cipher.h"
+#include "kex.h"
+#include "compat.h"
+#include "log.h"
+#include "atomicio.h"
+#include "misc.h"
+
+static int agent_present = 0;
+
+/* helper */
+int decode_reply(int type);
+
+/* macro to check for "agent failure" message */
+#define agent_failed(x) \
+ ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \
+ (x == SSH2_AGENT_FAILURE))
+
+int
+ssh_agent_present(void)
+{
+ int authfd;
+
+ if (agent_present)
+ return 1;
+ if ((authfd = ssh_get_authentication_socket()) == -1)
+ return 0;
+ else {
+ ssh_close_authentication_socket(authfd);
+ return 1;
+ }
+}
+
+/* Returns the number of the authentication fd, or -1 if there is none. */
+
+int
+ssh_get_authentication_socket(void)
+{
+ const char *authsocket;
+ int sock;
+ struct sockaddr_un sunaddr;
+
+ authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
+ if (!authsocket)
+ return -1;
+
+ bzero(&sunaddr, sizeof(sunaddr));
+ sunaddr.sun_family = AF_UNIX;
+ strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
+
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sock < 0)
+ return -1;
+
+ /* close on exec */
+ if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1) {
+ close(sock);
+ return -1;
+ }
+ if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
+ close(sock);
+ return -1;
+ }
+ agent_present = 1;
+ return sock;
+}
+
+static int
+ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
+{
+ u_int l, len;
+ char buf[1024];
+
+ /* Get the length of the message, and format it in the buffer. */
+ len = buffer_len(request);
+ put_u32(buf, len);
+
+ /* Send the length and then the packet to the agent. */
+ if (atomicio(vwrite, auth->fd, buf, 4) != 4 ||
+ atomicio(vwrite, auth->fd, buffer_ptr(request),
+ buffer_len(request)) != buffer_len(request)) {
+ error("Error writing to authentication socket.");
+ return 0;
+ }
+ /*
+ * Wait for response from the agent. First read the length of the
+ * response packet.
+ */
+ if (atomicio(read, auth->fd, buf, 4) != 4) {
+ error("Error reading response length from authentication socket.");
+ return 0;
+ }
+
+ /* Extract the length, and check it for sanity. */
+ len = get_u32(buf);
+ if (len > 256 * 1024)
+ fatal("Authentication response too long: %u", len);
+
+ /* Read the rest of the response in to the buffer. */
+ buffer_clear(reply);
+ while (len > 0) {
+ l = len;
+ if (l > sizeof(buf))
+ l = sizeof(buf);
+ if (atomicio(read, auth->fd, buf, l) != l) {
+ error("Error reading response from authentication socket.");
+ return 0;
+ }
+ buffer_append(reply, buf, l);
+ len -= l;
+ }
+ return 1;
+}
+
+/*
+ * Closes the agent socket if it should be closed (depends on how it was
+ * obtained). The argument must have been returned by
+ * ssh_get_authentication_socket().
+ */
+
+void
+ssh_close_authentication_socket(int sock)
+{
+ if (getenv(SSH_AUTHSOCKET_ENV_NAME))
+ close(sock);
+}
+
+/*
+ * Opens and connects a private socket for communication with the
+ * authentication agent. Returns the file descriptor (which must be
+ * shut down and closed by the caller when no longer needed).
+ * Returns NULL if an error occurred and the connection could not be
+ * opened.
+ */
+
+AuthenticationConnection *
+ssh_get_authentication_connection(void)
+{
+ AuthenticationConnection *auth;
+ int sock;
+
+ sock = ssh_get_authentication_socket();
+
+ /*
+ * Fail if we couldn't obtain a connection. This happens if we
+ * exited due to a timeout.
+ */
+ if (sock < 0)
+ return NULL;
+
+ auth = xmalloc(sizeof(*a