diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | acconfig.h | 2 | ||||
| -rw-r--r-- | auth-chall.c | 2 | ||||
| -rw-r--r-- | auth-pam.c | 60 | ||||
| -rw-r--r-- | auth-passwd.c | 10 | ||||
| -rw-r--r-- | auth.c | 8 | ||||
| -rw-r--r-- | auth1.c | 18 | ||||
| -rw-r--r-- | auth2.c | 26 | ||||
| -rw-r--r-- | authfd.c | 2 | ||||
| -rw-r--r-- | canohost.c | 2 | ||||
| -rw-r--r-- | channels.c | 16 | ||||
| -rw-r--r-- | cipher.c | 6 | ||||
| -rw-r--r-- | cli.c | 10 | ||||
| -rw-r--r-- | cli.h | 2 | ||||
| -rw-r--r-- | defines.h | 28 | ||||
| -rw-r--r-- | dispatch.c | 2 | ||||
| -rw-r--r-- | entropy.c | 130 | ||||
| -rw-r--r-- | includes.h | 6 | ||||
| -rw-r--r-- | kex.c | 10 | ||||
| -rw-r--r-- | kex.h | 2 | ||||
| -rw-r--r-- | key.c | 26 | ||||
| -rw-r--r-- | log.h | 2 | ||||
| -rw-r--r-- | loginrec.c | 104 | ||||
| -rw-r--r-- | loginrec.h | 8 | ||||
| -rw-r--r-- | logintest.c | 30 | ||||
| -rw-r--r-- | md5crypt.c | 12 | ||||
| -rw-r--r-- | nchan.c | 2 | ||||
| -rw-r--r-- | packet.c | 4 | ||||
| -rw-r--r-- | pty.c | 8 | ||||
| -rw-r--r-- | rijndael.c | 114 | ||||
| -rw-r--r-- | rsa.c | 2 | ||||
| -rw-r--r-- | scp.c | 4 | ||||
| -rw-r--r-- | servconf.c | 8 | ||||
| -rw-r--r-- | serverloop.c | 6 | ||||
| -rw-r--r-- | session.c | 16 | ||||
| -rw-r--r-- | sftp-client.c | 2 | ||||
| -rw-r--r-- | sftp-int.c | 12 | ||||
| -rw-r--r-- | sftp-server.c | 8 | ||||
| -rw-r--r-- | sftp.c | 4 | ||||
| -rw-r--r-- | ssh-add.c | 2 | ||||
| -rw-r--r-- | ssh-agent.c | 2 | ||||
| -rw-r--r-- | ssh-dss.c | 2 | ||||
| -rw-r--r-- | ssh-keygen.c | 2 | ||||
| -rw-r--r-- | ssh-keyscan.c | 2 | ||||
| -rw-r--r-- | ssh.c | 4 | ||||
| -rw-r--r-- | sshconnect.c | 4 | ||||
| -rw-r--r-- | sshconnect2.c | 20 | ||||
| -rw-r--r-- | sshd.c | 8 | ||||
| -rw-r--r-- | xmalloc.c | 2 |
49 files changed, 386 insertions, 382 deletions
@@ -1,7 +1,11 @@ 20010105 - - (bal) Disable groupaccess by setting NGROUP_MAX to 0 for platforms + - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms that don't have NGROUPS_MAX. - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu> + - (stevesk) OpenBSD sync: + - stevesk@cvs.openbsd.org 2001/02/04 08:32:27 + [many files; did this manually to our top-level source dir] + unexpand and remove end-of-line whitespace; ok markus@ 20010104 - (bal) I think this is the last of the bsd-*.h that don't belong. @@ -225,7 +225,7 @@ /* Define if you are using Solaris-derived PAM which passes pam_messages */ /* to the conversation function with an extra level of indirection */ #undef PAM_SUN_CODEBASE - + /* Set this to your mail directory if you don't have maillock.h */ #undef MAIL_DIRECTORY diff --git a/auth-chall.c b/auth-chall.c index b8b0c5d1..9f5a151f 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -34,7 +34,7 @@ char * get_challenge(Authctxt *authctxt, char *devs) { static char challenge[1024]; - struct skey skey; + struct skey skey; if (skeychallenge(&skey, authctxt->user, challenge) == -1) return NULL; strlcat(challenge, "\nS/Key Password: ", sizeof challenge); @@ -32,7 +32,7 @@ #include "canohost.h" #include "readpass.h" -RCSID("$Id: auth-pam.c,v 1.23 2001/02/04 12:20:19 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.24 2001/02/05 12:42:17 stevesk Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -97,7 +97,7 @@ static int pamconv(int num_msg, const struct pam_message **msg, /* PAM will free this later */ reply = malloc(num_msg * sizeof(*reply)); if (reply == NULL) - return PAM_CONV_ERR; + return PAM_CONV_ERR; for (count = 0; count < num_msg; count++) { switch(PAM_MSG_MEMBER(msg, count, msg_style)) { @@ -120,7 +120,7 @@ static int pamconv(int num_msg, const struct pam_message **msg, } reply[count].resp = xstrdup(pampasswd); } else { - reply[count].resp = + reply[count].resp = xstrdup(read_passphrase(PAM_MSG_MEMBER(msg, count, msg), 1)); } reply[count].resp_retcode = PAM_SUCCESS; @@ -158,19 +158,19 @@ void pam_cleanup_proc(void *context) { pam_retval = pam_close_session(pamh, 0); if (pam_retval != PAM_SUCCESS) { - log("Cannot close PAM session[%d]: %.200s", + log("Cannot close PAM session[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); if (pam_retval != PAM_SUCCESS) { - debug("Cannot delete credentials[%d]: %.200s", + debug("Cannot delete credentials[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } pam_retval = pam_end(pamh, pam_retval); if (pam_retval != PAM_SUCCESS) { - log("Cannot release PAM authentication[%d]: %.200s", + log("Cannot release PAM authentication[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } } @@ -193,15 +193,15 @@ int auth_pam_password(struct passwd *pw, const char *password) return 0; pampasswd = password; - + pamstate = INITIAL_LOGIN; pam_retval = do_pam_authenticate(0); if (pam_retval == PAM_SUCCESS) { - debug("PAM Password authentication accepted for user \"%.100s\"", + debug("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name); return 1; } else { - debug("PAM Password authentication for \"%.100s\" failed[%d]: %s", + debug("PAM Password authentication for \"%.100s\" failed[%d]: %s", pw->pw_name, pam_retval, PAM_STRERROR(pamh, pam_retval)); return 0; } @@ -212,13 +212,13 @@ int do_pam_account(char *username, char *remote_user) { int pam_retval; extern ServerOptions options; - - debug("PAM setting rhost to \"%.200s\"", + + debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname(options.reverse_mapping_check)); - pam_retval = pam_set_item(pamh, PAM_RHOST, + pam_retval = pam_set_item(pamh, PAM_RHOST, get_canonical_hostname(options.reverse_mapping_check)); if (pam_retval != PAM_SUCCESS) { - fatal("PAM set rhost failed[%d]: %.200s", + fatal("PAM set rhost failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } @@ -226,7 +226,7 @@ int do_pam_account(char *username, char *remote_user) debug("PAM setting ruser to \"%.200s\"", remote_user); pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user); if (pam_retval != PAM_SUCCESS) { - fatal("PAM set ruser failed[%d]: %.200s", + fatal("PAM set ruser failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } } @@ -242,11 +242,11 @@ int do_pam_account(char *username, char *remote_user) password_change_required = 1; break; default: - log("PAM rejected by account configuration[%d]: %.200s", + log("PAM rejected by account configuration[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); return(0); } - + return(1); } @@ -259,31 +259,31 @@ void do_pam_session(char *username, const char *ttyname) debug("PAM setting tty to \"%.200s\"", ttyname); pam_retval = pam_set_item(pamh, PAM_TTY, ttyname); if (pam_retval != PAM_SUCCESS) { - fatal("PAM set tty failed[%d]: %.200s", + fatal("PAM set tty failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } } pam_retval = pam_open_session(pamh, 0); if (pam_retval != PAM_SUCCESS) { - fatal("PAM session setup failed[%d]: %.200s", + fatal("PAM session setup failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } } -/* Set PAM credentials */ +/* Set PAM credentials */ void do_pam_setcred(void) { int pam_retval; - + debug("PAM establishing creds"); pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED); if (pam_retval != PAM_SUCCESS) { if(was_authenticated) { - fatal("PAM setcred failed[%d]: %.200s", + fatal("PAM setcred failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } else { - debug("PAM setcred failed[%d]: %.200s", + debug("PAM setcred failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } } @@ -295,7 +295,7 @@ int pam_password_change_required(void) return password_change_required; } -/* +/* * Have user change authentication token if pam_acct_mgmt() indicated * it was expired. This needs to be called after an interactive * session is established and the user's pty is connected to @@ -313,7 +313,7 @@ void do_pam_chauthtok(void) do { pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_retval != PAM_SUCCESS) { - log("PAM pam_chauthtok failed[%d]: %.200s", + log("PAM pam_chauthtok failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } } while (pam_retval != PAM_SUCCESS); @@ -337,21 +337,21 @@ void start_pam(const char *user) pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh); if (pam_retval != PAM_SUCCESS) { - fatal("PAM initialisation failed[%d]: %.200s", + fatal("PAM initialisation failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } #ifdef PAM_TTY_KLUDGE /* * Some PAM modules (e.g. pam_time) require a TTY to operate, - * and will fail in various stupid ways if they don't get one. + * and will fail in various stupid ways if they don't get one. * sshd doesn't set the tty until too late in the auth process and may * not even need one (for tty-less connections) - * Kludge: Set a fake PAM_TTY + * Kludge: Set a fake PAM_TTY */ pam_retval = pam_set_item(pamh, PAM_TTY, "ssh"); if (pam_retval != PAM_SUCCESS) { - fatal("PAM set tty failed[%d]: %.200s", + fatal("PAM set tty failed[%d]: %.200s", pam_retval, PAM_STRERROR(pamh, pam_retval)); } #endif /* PAM_TTY_KLUDGE */ @@ -383,9 +383,9 @@ void pam_msg_cat(const char *msg) char *p; size_t new_msg_len; size_t pam_msg_len; - + new_msg_len = strlen(msg); - + if (pam_msg) { pam_msg_len = strlen(pam_msg); pam_msg = xrealloc(pam_msg, new_msg_len + pam_msg_len + 2); diff --git a/auth-passwd.c b/auth-passwd.c index 541aca60..9f763267 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -118,7 +118,7 @@ auth_password(struct passwd * pw, const char *password) * Empty password is only possible on NT if the user has _really_ * an empty password and authentication is done, though. */ - if (!is_winnt) + if (!is_winnt) #endif if (*password == '\0' && options.permit_empty_passwd == 0) return 0; @@ -155,13 +155,13 @@ auth_password(struct passwd * pw, const char *password) */ #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); - if (spw != NULL) + if (spw != NULL) pw_password = spw->sp_pwdp; #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ #ifdef HAVE_SCO_PROTECTED_PW spw = getprpwnam(pw->pw_name); - if (spw != NULL) + if (spw != NULL) pw_password = spw->ufld.fd_encrypt; #endif /* HAVE_SCO_PROTECTED_PW */ @@ -189,7 +189,7 @@ auth_password(struct passwd * pw, const char *password) encrypted_password = md5_crypt(password, salt); else encrypted_password = crypt(password, salt); -#else /* HAVE_MD5_PASSWORDS */ +#else /* HAVE_MD5_PASSWORDS */ # ifdef __hpux if (iscomsec()) encrypted_password = bigcrypt(password, salt); @@ -198,7 +198,7 @@ auth_password(struct passwd * pw, const char *password) # else encrypted_password = crypt(password, salt); # endif /* __hpux */ -#endif /* HAVE_MD5_PASSWORDS */ +#endif /* HAVE_MD5_PASSWORDS */ /* Authentication is accepted if the encrypted passwords are identical. */ return (strcmp(encrypted_password, pw_password) == 0); @@ -79,7 +79,7 @@ allowed_user(struct passwd * pw) return 0; /* Check password expiry */ - if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) && + if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) && (days > (spw->sp_lstchg + spw->sp_max))) return 0; } @@ -165,9 +165,9 @@ allowed_user(struct passwd * pw) Authctxt * authctxt_new(void) { - Authctxt *authctxt = xmalloc(sizeof(*authctxt)); - memset(authctxt, 0, sizeof(*authctxt)); - return authctxt; + Authctxt *authctxt = xmalloc(sizeof(*authctxt)); + memset(authctxt, 0, sizeof(*authctxt)); + return authctxt; } struct passwd * @@ -265,8 +265,8 @@ do_authloop(Authctxt *authctxt) authenticated = auth_pam_password(pw, password); #elif defined(HAVE_OSF_SIA) /* Do SIA auth with password */ - if (sia_validate_user(NULL, saved_argc, saved_argv, - get_canonical_hostname(options.reverse_mapping_check), + if (sia_validate_user(NULL, saved_argc, saved_argv, + get_canonical_hostname(options.reverse_mapping_check), pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) { authenticated = 1; } @@ -317,8 +317,8 @@ do_authloop(Authctxt *authctxt) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); -#ifdef HAVE_CYGWIN - if (authenticated && +#ifdef HAVE_CYGWIN + if (authenticated && !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { packet_disconnect("Authentication rejected for uid %d.", (int)pw->pw_uid); @@ -329,7 +329,7 @@ do_authloop(Authctxt *authctxt) if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed()) authenticated = 0; #endif -#ifdef USE_PAM +#ifdef USE_PAM if (authenticated && !do_pam_account(pw->pw_name, client_user)) authenticated = 0; #endif @@ -346,9 +346,9 @@ do_authloop(Authctxt *authctxt) return; if (authctxt->failures++ > AUTH_FAIL_MAX) { -#ifdef WITH_AIXAUTHENTICATE - loginfailed(authctxt->user, - get_canonical_hostname(options.reverse_mapping_check), +#ifdef WITH_AIXAUTHENTICATE + loginfailed(authctxt->user, + get_canonical_hostname(options.reverse_mapping_check), "ssh"); #endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, authctxt->user); @@ -435,7 +435,7 @@ do_authentication() #ifdef WITH_AIXAUTHENTICATE /* We don't have a pty yet, so just label the line as "ssh" */ - if (loginsuccess(authctxt->user, + if (loginsuccess(authctxt->user, get_canonical_hostname(options.reverse_mapping_check), "ssh", &aixloginmsg) < 0) aixloginmsg = NULL; @@ -203,7 +203,7 @@ input_userauth_request(int type, int plen, void *ctxt) if ((style = strchr(user, ':')) != NULL) *style++ = 0; - if (authctxt->attempt++ == 0) { + if (authctxt->attempt++ == 0) { /* setup auth context */ struct passwd *pw = NULL; setproctitle("%s", user); @@ -300,7 +300,7 @@ done: return; } -void +void userauth_reply(Authctxt *authctxt, int authenticated) { char *methods; @@ -309,8 +309,8 @@ userauth_reply(Authctxt *authctxt, int authenticated) if (authenticated) { #ifdef WITH_AIXAUTHENTICATE /* We don't have a pty yet, so just label the line as "ssh" */ - if (loginsuccess(authctxt->user?authctxt->user:"NOUSER", - get_canonical_hostname(options.reverse_mapping_check), + if (loginsuccess(authctxt->user?authctxt->user:"NOUSER", + get_canonical_hostname(options.reverse_mapping_check), "ssh", &aixloginmsg) < 0) aixloginmsg = NULL; #endif /* WITH_AIXAUTHENTICATE */ @@ -323,7 +323,7 @@ userauth_reply(Authctxt *authctxt, int authenticated) authctxt->success = 1; } else { if (authctxt->failures++ > AUTH_FAIL_MAX) - packet_disconnect(AUTH_FAIL_MSG, authctxt->user); + packet_disconnect(AUTH_FAIL_MSG, authctxt->user); methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); @@ -342,11 +342,11 @@ userauth_none(Authctxt *authctxt) if (m != NULL) m->enabled = NULL; packet_done(); - userauth_banner(); + userauth_banner(); if (authctxt->valid == 0) return(0); - + #ifdef HAVE_CYGWIN if (check_nt_auth(1, authctxt->pw->pw_uid) == 0) return(0); @@ -354,9 +354,9 @@ userauth_none(Authctxt *authctxt) #ifdef USE_PAM return auth_pam_password(authctxt->pw, ""); #elif defined(HAVE_OSF_SIA) - return (sia_validate_user(NULL, saved_argc, saved_argv, - get_canonical_hostname(options.reverse_mapping_check), - authctxt->user?authctxt->user:"NOUSER", NULL, 0, + return (sia_validate_user(NULL, saved_argc, saved_argv, + get_canonical_hostname(options.reverse_mapping_check), + authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL, "") == SIASUCCESS); #else /* !HAVE_OSF_SIA && !USE_PAM */ return auth_password(authctxt->pw, ""); @@ -382,9 +382,9 @@ userauth_passwd(Authctxt *authctxt) #ifdef USE_PAM auth_pam_password(authctxt->pw, password) == 1) #elif defined(HAVE_OSF_SIA) - sia_validate_user(NULL, saved_argc, saved_argv, - get_canonical_hostname(options.reverse_mapping_check), - authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL, + sia_validate_user(NULL, saved_argc, saved_argv, + get_canonical_hostname(options.reverse_mapping_check), + authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL, password) == SIASUCCESS) #else /* !USE_PAM && !HAVE_OSF_SIA */ auth_password(authctxt->pw, password) == 1) @@ -558,7 +558,7 @@ ssh_remove_all_identities(AuthenticationConnection *auth, int version) return decode_reply(type); } -int +int decode_reply(int type) { switch (type) { @@ -56,7 +56,7 @@ get_remote_hostname(int socket, int reverse_mapping_check) port = from6->sin6_port; memset(&from, 0, sizeof(from)); - + from4->sin_family = AF_INET; memcpy(&from4->sin_addr, &addr, sizeof(addr)); from4->sin_port = port; @@ -704,7 +704,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset) int err = 0; int sz = sizeof(err); c->type = SSH_CHANNEL_OPEN; - if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, (char *)&err, &sz) < 0) { + if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, (char *)&err, &sz) < 0) { debug("getsockopt SO_ERROR failed"); } else { if (err == 0) { @@ -1553,7 +1553,7 @@ channel_request_forwarding( if (remote_fwd) { host = listen_address; - ctype = SSH_CHANNEL_RPORT_LISTENER; + ctype = SSH_CHANNEL_RPORT_LISTENER; } else { host = host_to_connect; ctype =SSH_CHANNEL_PORT_LISTENER; @@ -1608,7 +1608,7 @@ channel_request_forwarding( error("bind: %.100s", strerror(errno)); else verbose("bind: %.100s", strerror(errno)); - + close(sock); continue; } @@ -1762,14 +1762,14 @@ channel_connect_to(const char *host, u_short host_port) error("connect %.100s port %s: %.100s", ntop, strport, strerror(errno)); close(sock); - continue; /* fail -- try next */ + continue; /* fail -- try next */ } break; /* success */ } freeaddrinfo(aitop); if (!ai) { - error("connect %.100s port %d: failed.", host, host_port); + error("connect %.100s port %d: failed.", host, host_port); return -1; } /* success */ @@ -1954,7 +1954,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset) fatal("gethostname: %.100s", strerror(errno)); #ifdef IPADDR_IN_DISPLAY - /* + /* * HPUX detects the local hostname in the DISPLAY variable and tries * to set up a shared memory connection to the server, which it * incorrectly supposes to be local. @@ -1983,7 +1983,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset) memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); /* Set DISPLAY to <ip address>:screen.display */ - snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr), + snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr), display_number, screen_number); } #else /* IPADDR_IN_DISPLAY */ @@ -2501,7 +2501,7 @@ channel_cancel_cleanup(int id) } c->dettach_user = NULL; } -void +void channel_register_filter(int id, channel_filter_fn *fn) { Channel *c = channel_lookup(id); @@ -266,7 +266,7 @@ cast_setkey(CipherContext *cc, const u_char *key, u_int keylen) void cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen) { - if (iv == NULL) + if (iv == NULL) fatal("no IV for %s.", cc->cipher->name); memcpy(cc->u.cast.iv, (char *)iv, 8); } @@ -295,7 +295,7 @@ rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen) void rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen) { - if (iv == NULL) + if (iv == NULL) fatal("no IV for %s.", cc->cipher->name); memcpy((u_char *)cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE); } @@ -415,7 +415,7 @@ Cipher ciphers[] = { SSH_CIPHER_SSH2, 16, 32, rijndael_setkey, rijndael_setiv, rijndael_cbc_encrypt, rijndael_cbc_decrypt }, - { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL } + { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL } }; /*--*/ @@ -136,11 +136,11 @@ cli_write(const char* buf, int size) output = xmalloc(4*size); for (p = output, i = 0; i < size; i++) { - if (buf[i] == '\n') - *p++ = buf[i]; - else - p = vis(p, buf[i], 0, 0); - } + if (buf[i] == '\n') + *p++ = buf[i]; + else + p = vis(p, buf[i], 0, 0); + } len = p - output; for (pos = 0; pos < len; pos += ret) { @@ -9,7 +9,7 @@ * of response depending on arg. Tries to ensure that no other userland * buffer is storing the response. */ -char* cli_read_passphrase(const char* prompt, int from_stdin, +char* cli_read_passphrase(const char* prompt, int from_stdin, int echo_enable); char* cli_prompt(char* prompt, int echo_enable); void cli_mesg(char* mesg); @@ -19,13 +19,13 @@ #endif #ifdef HAVE_SYS_BITYPES_H # include <sys/bitypes.h> /* For u_intXX_t */ -#endif +#endif #ifdef HAVE_PATHS_H # include <paths.h> /* For _PATH_XXX */ -#endif +#endif #ifdef HAVE_LIMITS_H # include <limits.h> /* For PATH_MAX */ -#endif +#endif #ifdef HAVE_SYS_TIME_H # include <sys/time.h> /* For timersub */ #endif @@ -34,7 +34,7 @@ #endif #ifdef HAVE_SYS_CDEFS_H # include <sys/cdefs.h> /* For __P() */ -#endif +#endif #ifdef HAVE_SYS_SYSMACROS_H # include <sys/sysmacros.h> /* For MIN, MAX, etc */ #endif @@ -79,22 +79,22 @@ enum # endif /* PATH_MAX */ #endif /* MAXPATHLEN */ -#ifndef STDIN_FILENO +#ifndef STDIN_FILENO # define STDIN_FILENO 0 -#endif -#ifndef STDOUT_FILENO +#endif +#ifndef STDOUT_FILENO # define STDOUT_FILENO 1 -#endif -#ifndef STDERR_FILENO +#endif +#ifndef STDERR_FILENO # define STDERR_FILENO 2 -#endif +#endif #ifndef NGROUPS_MAX /* Disable groupaccess if NGROUP_MAX is not set */ #define NGROUPS_MAX 0 #endif #ifndef O_NONBLOCK /* Non Blocking Open */ -# define O_NONBLOCK 00004 +# define O_NONBLOCK 00004 #endif #ifndef S_ISREG @@ -318,8 +318,8 @@ struct winsize { (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \ (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \ if ((result)->tv_usec < 0) { \ - --(result)->tv_sec; \ - (result)->tv_usec += 1000000; \ + --(result)->tv_sec; \ + (result)->tv_usec += 1000000; \ } \ } while (0) #endif @@ -340,7 +340,7 @@ struct winsize { #ifndef SUN_LEN #define SUN_LEN(su) \ - (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path)) + (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path)) #endif /* SUN_LEN */ /* Function replacement / compatibility hacks */ @@ -72,7 +72,7 @@ dispatch_run(int mode, int *done, void *ctxt) if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL) (*dispatch[type])(type, plen, ctxt); else - packet_disconnect("protocol error: rcvd type %d", type); + packet_disconnect("protocol error: rcvd type %d", type); if (done != NULL && *done) return; } @@ -38,7 +38,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: entropy.c,v 1.25 2001/01/22 21:06:20 mouring Exp $"); +RCSID("$Id: entropy.c,v 1.26 2001/02/05 12:42:17 stevesk Exp $"); #ifndef offsetof # define offsetof(type, member) ((size_t) &((type *)0)->member) @@ -83,7 +83,7 @@ int get_random_bytes(unsigned char *buf, int len) addr.sun_family = AF_UNIX; strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path)); addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET); - + fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) { error("Couldn't create AF_UNIX socket: %s", strerror(errno)); @@ -91,7 +91,7 @@ int get_random_bytes(unsigned char *buf, int len) } if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) { - error("Couldn't connect to EGD socket \"%s\": %s", + error("Couldn't connect to EGD socket \"%s\": %s", addr.sun_path, strerror(errno)); close(fd); return(0); @@ -102,21 +102,21 @@ int get_random_bytes(unsigned char *buf, int len) msg[1] = len; if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) { - error("Couldn't write to EGD socket \"%s\": %s", + error("Couldn't write to EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); close(fd); return(0); } if (atomicio(read, fd, buf, len) != len) { - error("Couldn't read from EGD socket \"%s\": %s", + error("Couldn't read from EGD socket \"%s\": %s", EGD_SOCKET, strerror(errno)); close(fd); return(0); } - + close(fd); - + return(1); } #else /* !EGD_SOCKET */ @@ -128,20 +128,20 @@ int get_random_bytes(unsigned char *buf, int len) random_pool = open(RANDOM_POOL, O_RDONLY); if (random_pool == -1) { - error("Couldn't open random pool \"%s\": %s", + error("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); return(0); } - + if (atomicio(read, random_pool, buf, len) != len) { - error("Couldn't read from random pool \"%s\": %s", + error("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); close(random_pool); return(0); } - + close(random_pool); - + return(1); } #endif /* RANDOM_POOL */ @@ -155,7 +155,7 @@ void seed_rng(void) { char buf[32]; - + debug("Seeding random number generator"); if (!get_random_bytes(buf, sizeof(buf))) { @@ -164,7 +164,7 @@ seed_rng(void) } else { RAND_add(buf, sizeof(buf), sizeof(buf)); } - + memset(buf, '\0', sizeof(buf)); } @@ -173,7 +173,7 @@ void init_rng(void) {} #else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ -/* +/* * FIXME: proper entropy estimations. All current values are guesses * FIXME: (ATL) do estimates at compile time? * FIXME: More entropy sources @@ -213,18 +213,18 @@ double hash_output_from_command(entropy_source_t *src, char *hash); /* this is initialised from a file, by prng_read_commands() */ entropy_source_t *entropy_sources = NULL; -double +double stir_from_system(void) { double total_entropy_estimate; long int i; - + total_entropy_estimate = 0; - + i = getpid(); RAND_add(&i, sizeof(i), 0.5); total_entropy_estimate += 0.1; - + i = getppid(); RAND_add(&i, sizeof(i), 0.5); total_entropy_estimate += 0.1; @@ -241,7 +241,7 @@ stir_from_system(void) return(total_entropy_estimate); } -double +double stir_from_programs(void) { int i; @@ -261,18 +261,18 @@ stir_from_programs(void) /* Scale back entropy estimate according to command's rate */ entropy_estimate *= entropy_sources[c].rate; - + /* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */ if (entropy_estimate > SHA_DIGEST_LENGTH) entropy_estimate = SHA_DIGEST_LENGTH; - /* Scale back estimates for subsequent passes through list */ + /* Scale back estimates for subsequent passes through list */ entropy_estimate /= SCALE_PER_RUN * (i + 1.0); - + /* Stir it in */ RAND_add(hash, sizeof(hash), entropy_estimate); - debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate, + debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate, entropy_sources[c].cmdstring); total_entropy_estimate += entropy_estimate; @@ -293,7 +293,7 @@ stir_from_programs(void) c++; } } - + return(total_entropy_estimate); } @@ -301,12 +301,12 @@ double stir_gettimeofday(double entropy_estimate) { struct timeval tv; - + if (gettimeofday(&tv, NULL) == -1) fatal("Couldn't gettimeofday: %s", strerror(errno)); RAND_add(&tv, sizeof(tv), entropy_estimate); - + return(entropy_estimate); } @@ -315,10 +315,10 @@ stir_clock(double entropy_estimate) { #ifdef HAVE_CLOCK clock_t c; - + c = clock(); RAND_add(&c, sizeof(c), entropy_estimate); - + return(entropy_estimate); #else /* _HAVE_CLOCK */ return(0); @@ -330,7 +330,7 @@ stir_rusage(int who, double entropy_estimate) { #ifdef HAVE_GETRUSAGE struct rusage ru; - + if (getrusage(who, &ru) == -1) return(0); @@ -368,7 +368,7 @@ hash_output_from_command(entropy_source_t *src, char *hash) int bytes_read; int total_bytes_read; SHA_CTX sha; - + debug3("Reading output from \'%s\'", src->cmdstring); if (devnull == -1) { @@ -376,7 +376,7 @@ hash_output_from_command(entropy_source_t *src, char *hash) if (devnull == -1) fatal("Couldn't open /dev/null: %s", strerror(errno)); } - + if (pipe(p) == -1) fatal("Couldn't open pipe: %s", strerror(errno)); @@ -469,7 +469,7 @@ hash_output_from_command(entropy_source_t *src, char *hash) close(p[0]); debug3("Time elapsed: %d msec", msec_elapsed); - + if (waitpid(pid, &status, 0) == -1) { error("Couldn't wait for child '%s' completion: %s", src->cmdstring, strerror(errno)); @@ -492,13 +492,13 @@ hash_output_from_command(entropy_source_t *src, char *hash) if (WEXITSTATUS(status)==0) { return(total_bytes_read); } else { - debug2("Command '%s' exit status was %d", src->cmdstring, + debug2("Command '%s' exit status was %d", src->cmdstring, WEXITSTATUS(status)); src->badness = src->sticky_badness = 128; return (0.0); } } else if (WIFSIGNALED(status)) { - debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring, + debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring, status); src->badness = src->sticky_badness = 128; return(0.0); @@ -519,7 +519,7 @@ prng_check_seedfile(char *filename) { if (lstat(filename, &st) == -1) { /* Give up on hard errors */ if (errno != ENOENT) - debug("WARNING: Couldn't stat random seed file \"%s\": %s", + debug("WARNING: Couldn't stat random seed file \"%s\": %s", filename, strerror(errno)); return(0); @@ -535,7 +535,7 @@ prng_check_seedfile(char *filename) { filename, getuid()); return(0); } - + return(1); } @@ -549,22 +549,22 @@ prng_write_seedfile(void) { /* Don't bother if we have already saved a seed */ if (prng_seed_saved) return; - + setuid(original_uid); - + prng_seed_saved = 1; - + pw = getpwuid(original_uid); if (pw == NULL) - fatal("Couldn't get password entry for current user (%i): %s", + fatal("Couldn't get password entry for current user (%i): %s", original_uid, strerror(errno)); - + /* Try to ensure that the parent directory is there */ - snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, + snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); mkdir(filename, 0700); - snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, + snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); debug("writing PRNG seed to file %.100s", filename); @@ -573,13 +573,13 @@ prng_write_seedfile(void) { /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); - + if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) { - debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)", + debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)", filename, strerror(errno)); - } else { + } else { if (atomicio(write, fd, &seed, sizeof(seed)) != sizeof(seed)) - fatal("problem writing PRNG seedfile %.100s (%.100s)", filename, + fatal("problem writing PRNG seedfile %.100s (%.100s)", filename, strerror(errno)); close(fd); @@ -592,13 +592,13 @@ prng_read_seedfile(void) { char seed[1024]; char filename[1024]; struct passwd *pw; - + pw = getpwuid(original_uid); if (pw == NULL) - fatal("Couldn't get password entry for current user (%i): %s", + fatal("Couldn't get password entry for current user (%i): %s", original_uid, strerror(errno)); - - snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, + + snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, SSH_PRNG_SEED_FILE); debug("loading PRNG seed from file %.100s", filename); @@ -611,7 +611,7 @@ prng_read_seedfile(void) { /* open the file and read in the seed */ fd = open(filename, O_RDONLY); if (fd == -1) - fatal("could not open PRNG seedfile %.100s (%.100s)", filename, + fatal("could not open PRNG seedfile %.100s (%.100s)", filename, strerror(errno)); if (atomicio(read, fd, &seed, sizeof(seed)) != sizeof(seed)) { @@ -671,7 +671,7 @@ prng_read_commands(char *cmdfilename) error("bad entropy command, %.100s line %d", cmdfilename, linenum); continue; - } + } /* first token, command args (incl. argv[0]) in double quotes */ cp = strtok(cp, "\""); @@ -681,7 +681,7 @@ prng_read_commands(char *cmdfilename) continue; } strlcpy(cmd, cp, sizeof(cmd)); - + /* second token, full command path */ if ((cp = strtok(NULL, WHITESPACE)) == NULL) { error("missing command path, %.100s line %d -- ignored", @@ -693,7 +693,7 @@ prng_read_commands(char *cmdfilename) if (strncmp("undef", cp, 5) == 0) continue; - strlcpy(path, cp, sizeof(path)); + strlcpy(path, cp, sizeof(path)); /* third token, entropy rate estimate for this command */ if ((cp = strtok(NULL, WHITESPACE)) == NULL) { @@ -705,14 +705,14 @@ prng_read_commands(char *cmdfilename) /* end of line */ if ((cp = strtok(NULL, WHITESPACE)) != NULL) { - error("garbage at end of line %d in %.100s -- ignored", linenum, + error("garbage at end of line %d in %.100s -- ignored", linenum, cmdfilename); continue; } /* save the command for debug messages */ entcmd[cur_cmd].cmdstring = xstrdup(cmd); - + /* split the command args */ cp = strtok(cmd, WHITESPACE); arg = 0; @@ -723,7 +723,7 @@ prng_read_commands(char *cmdfilename) entcmd[cur_cmd].args[arg] = s; arg++; } while ((arg < 5) && (cp = strtok(NULL, WHITESPACE))); - + if (strtok(NULL, WHITESPACE)) error("ignored extra command elements (max 5), %.100s line %d", cmdfilename, linenum); @@ -759,7 +759,7 @@ prng_read_commands(char *cmdfilename) /* * Write a keyfile at exit - */ + */ void prng_seed_cleanup(void *junk) { @@ -777,7 +777,7 @@ seed_rng(void) if (!prng_initialised) fatal("RNG not initialised"); - + /* Make sure some other sigchld handler doesn't reap our entropy */ /* commands */ old_sigchld_handler = signal(SIGCHLD, SIG_DFL); @@ -794,10 +794,10 @@ seed_rng(void) fatal("Couldn't initialise builtin random number generator -- exiting."); } -void init_rng(void) +void init_rng(void) { int original_euid; - + original_uid = getuid(); original_euid = geteuid(); @@ -806,12 +806,12 @@ void init_rng(void) fatal("PRNG initialisation failed -- exiting."); /* Set ourselves up to save a seed upon exit */ - prng_seed_saved = 0; + prng_seed_saved = 0; /* Give up privs while reading seed file */ if ((original_uid != original_euid) && (seteuid(original_uid) == -1)) fatal("Couldn't give up privileges"); - + prng_read_seedfile(); if ((original_uid != original_euid) && (seteuid(original_euid) == -1)) @@ -50,13 +50,13 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } #endif #ifdef HAVE_BSTRING_H # include <bstring.h> -#endif +#endif #ifdef HAVE_NETGROUP_H # include <netgroup.h> -#endif +#endif #if defined(HAVE_NETDB_H) # include <netdb.h> -#endif +#endif #ifdef HAVE_ENDIAN_H # include <endian.h> #endif @@ -79,7 +79,7 @@ kex_exchange_kexinit( debug("send KEXINIT"); packet_start(SSH2_MSG_KEXINIT); - packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit)); + packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit)); packet_send(); packet_write_wait(); debug("done"); @@ -244,7 +244,7 @@ kex_hash( buffer_put_bignum2(&b, client_dh_pub); buffer_put_bignum2(&b, server_dh_pub); buffer_put_bignum2(&b, shared_secret); - + #ifdef DEBUG_KEX buffer_dump(&b); #endif @@ -297,7 +297,7 @@ kex_hash_gex( buffer_put_bignum2(&b, client_dh_pub); buffer_put_bignum2(&b, server_dh_pub); buffer_put_bignum2(&b, shared_secret); - + #ifdef DEBUG_KEX buffer_dump(&b); #endif @@ -366,7 +366,7 @@ get_match(char *client, char *server) c = cp = xstrdup(client); s = sp = xstrdup(server); - for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; + for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0'; (p = strsep(&sp, SEP)), i++) { if (i < MAX_PROP) sproposals[i] = p; @@ -375,7 +375,7 @@ get_match(char *client, char *server) } nproposals = i; - for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; + for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0'; (p = strsep(&cp, SEP)), i++) { for (j = 0; j < nproposals; j++) { if (strcmp(p, sproposals[j]) == 0) { @@ -54,7 +54,7 @@ enum kex_exchange { DH_GRP1_SHA1, DH_GEX_SHA1 }; - + typedef struct Kex Kex; typedef struct Mac Mac; typedef struct Comp Comp; @@ -452,11 +452,11 @@ key_size(Key *k){ RSA * rsa_generate_private_key(u_int bits) { - RSA *private; - private = RSA_generate_key(bits, 35, NULL, NULL); - if (private == NULL) - fatal("rsa_generate_private_key: key generation failed."); - return private; + RSA *private; + private = RSA_generate_key(bits, 35, NULL, NULL); + if (private == NULL) + fatal("rsa_generate_private_key: key generation failed."); + return private; } DSA* @@ -466,9 +466,9 @@ dsa_generate_private_key(u_int bits) if (private == NULL) fatal("dsa_generate_private_key: DSA_generate_parameters failed"); if (!DSA_generate_key(private)) - fatal("dsa_generate_private_key: DSA_generate_key failed."); - if (private == NULL) - fatal("dsa_generate_private_key: NULL."); + fatal("dsa_generate_private_key: DSA_generate_key failed."); + if (private == NULL) + fatal("dsa_generate_private_key: NULL."); return private; } @@ -477,7 +477,7 @@ key_generate(int type, u_int bits) { Key *k = key_new(KEY_UNSPEC); switch (type) { - case KEY_DSA: + case KEY_DSA: k->dsa = dsa_generate_private_key(bits); break; case KEY_RSA: @@ -485,9 +485,9 @@ key_generate(int type, u_int bits) k->rsa = rsa_generate_private_key(bits); break; default: - fatal("key_generate: unknown type %d", type); + fatal("key_generate: unknown type %d", type); } - k->type = type; + k->type = type; return k; } @@ -496,7 +496,7 @@ key_from_private(Key *k) { Key *n = NULL; switch (k->type) { - case KEY_DSA: + case KEY_DSA: n = key_new(k->type); BN_copy(n->dsa->p, k->dsa->p); BN_copy(n->dsa->q, k->dsa->q); @@ -510,7 +510,7 @@ key_from_private(Key *k) BN_copy(n->rsa->e, k->rsa->e); break; default: - fatal("key_from_private: unknown type %d", k->type); + fatal("key_from_private: unknown type %d", k->type); break; } return n; @@ -21,7 +21,7 @@ typedef enum { SYSLOG_FACILITY_USER, SYSLOG_FACILITY_AUTH, #ifdef LOG_AUTHPRIV - SYSLOG_FACILITY_AUTHPRIV, + SYSLOG_FACILITY_AUTHPRIV, #endif SYSLOG_FACILITY_LOCAL0, SYSLOG_FACILITY_LOCAL1, @@ -30,7 +30,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/** +/** ** loginrec.c: platform-independent login recording and lastlog retrieval **/ @@ -63,7 +63,7 @@ requires very thorough testing so we do not corrupt local auditing information. These files and their access methods are very system specific indeed. - + For utmpx systems, the corresponding library functions are setutxent() etc. To the author's knowledge, all utmpx systems have these library functions and so no direct write is attempted. If such @@ -82,14 +82,14 @@ Calling the new code -------------------- - + In OpenSSH all login recording and retrieval is performed in login.c. Here you'll find working examples. Also, in the logintest.c program there are more examples. Internal handler calling method ------------------------------- - + When a call is made to login_login() or login_logout(), both routines set a struct logininfo flag defining which action (log in, or log out) is to be taken. They both then call login_write(), which @@ -127,7 +127,7 @@ with 'make logintest' as it's not built by default.) Otherwise, patches to the specific method(s) are very helpful! - + */ /** @@ -163,7 +163,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.30 2001/01/22 05:34:42 mouring Exp $"); +RCSID("$Id: loginrec.c,v 1.31 2001/02/05 12:42:17 stevesk Exp $"); #ifdef HAVE_UTIL_H # include <util.h> @@ -207,7 +207,7 @@ int wtmpx_get_entry(struct logininfo *li); **/ /* login_login(struct logininfo *) -Record a login - * + * * Call with a pointer to a struct logininfo initialised with * login_init_entry() or login_alloc_entry() * @@ -287,17 +287,17 @@ login_get_lastlog(struct logininfo *li, const int uid) memset(li, '\0', sizeof(*li)); li->uid = uid; - /* + /* * If we don't have a 'real' lastlog, we need the username to * reliably search wtmp(x) for the last login (see - * wtmp_get_entry().) + * wtmp_get_entry().) */ pw = getpwuid(uid); if (pw == NULL) fatal("login_get_lastlog: Cannot find account for uid %i", uid); - + /* No MIN_SIZEOF here - we absolutely *must not* truncate the - * username */ + * username */ strlcpy(li->username, pw->pw_name, sizeof(li->username)); if (getlast_entry(li)) @@ -308,8 +308,8 @@ login_get_lastlog(struct logininfo *li, const int uid) /* login_alloc_entry(int, char*, char*, char*) - Allocate and initialise - * a logininfo structure - * + * a logininfo structure + * * This function creates a new struct logininfo, a data structure * meant to carry the information required to portably record login info. * @@ -338,20 +338,20 @@ login_free_entry(struct logininfo *li) /* login_init_entry(struct logininfo *, int, char*, char*, char*) * - initialise a struct logininfo - * + * * Populates a new struct logininfo, a data structure meant to carry * the information required to portably record login info. * * Returns: 1 */ int -login_init_entry(struct logininfo *li, int pid, const char *username, +login_init_entry(struct logininfo *li, int pid, const char *username, const char *hostname, const char *line) { struct passwd *pw; - + memset(li, 0, sizeof(*li)); - + li->pid = pid; /* set the line information */ @@ -384,7 +384,7 @@ login_set_current_time(struct logininfo *li) struct timeval tv; gettimeofday(&tv, NULL); - + li->tv_sec = tv.tv_sec; li->tv_usec = tv.tv_usec; } @@ -457,7 +457,7 @@ getlast_entry(struct logininfo *li) #else /* !USE_LASTLOG */ #ifdef DISABLE_LASTLOG - /* On some systems we shouldn't even try to obtain last login + /* On some systems we shouldn't even try to obtain last login * time, e.g. AIX */ return 0; # else /* DISABLE_LASTLOG */ @@ -475,7 +475,7 @@ getlast_entry(struct logininfo *li) return 0; # endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */ # endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */ -# endif /* DISABLE_LASTLOG */ +# endif /* DISABLE_LASTLOG */ #endif /* USE_LASTLOG */ } @@ -532,12 +532,12 @@ line_stripname(char *dst, const char *src, int dstsize) * NOTE: use strncpy because we do NOT necessarily want zero * termination */ char * -line_abbrevname(char *dst, const char *src, int dstsize) +line_abbrevname(char *dst, const char *src, int dstsize) { size_t len; - + memset(dst, '\0', dstsize); - + /* Always skip prefix if present */ #ifdef sgi if (strncmp(src, "/dev/tty", 8) == 0) @@ -546,7 +546,7 @@ line_abbrevname(char *dst, const char *src, int dstsize) if (strncmp(src, "/dev/", 5) == 0) src += 5; #endif - + len = strlen(src); if (len > 0) { @@ -554,9 +554,9 @@ line_abbrevname(char *dst, const char *src, int dstsize) src += ((int)len - dstsize); /* note: _don't_ change this to strlcpy */ - strncpy(dst, src, (size_t)dstsize); + strncpy(dst, src, (size_t)dstsize); } - + return dst; } @@ -620,7 +620,7 @@ construct_utmp(struct logininfo *li, /* * These fields are only used when logging in, and are blank - * for logouts. + * for logouts. */ /* Use strncpy because we don't necessarily want null termination */ @@ -632,7 +632,7 @@ construct_utmp(struct logininfo *li, /* this is just a 32-bit IP address */ if (li->hostaddr.sa.sa_family == AF_INET) ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; -# endif +# endif } #endif /* USE_UTMP || USE_WTMP || USE_LOGIN */ @@ -684,7 +684,7 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx) /* * These fields are only used when logging in, and are blank - * for logouts. + * for logouts. */ /* strncpy(): Don't necessarily want null termination */ @@ -774,18 +774,18 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) * If the new ut_line is empty but the old one is not * and ut_line and ut_name match, preserve the old ut_line. */ - if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) && - (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') && - (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) && + if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) && + (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') && + (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) && (strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) { (void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host)); } - + (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET); if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut)) log("utmp_write_direct: error writing %s: %s", UTMP_FILE, strerror(errno)); - + (void)close(fd); return 1; } else { @@ -887,7 +887,7 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx) /* write a utmp entry direct to the file */ static int utmpx_write_direct(struct logininfo *li, struct utmpx *utx) -{ +{ log("utmpx_write_direct: not implemented!"); return 0; } @@ -957,7 +957,7 @@ utmpx_write_entry(struct logininfo *li) ** Low-level wtmp functions **/ -#ifdef USE_WTMP +#ifdef USE_WTMP /* write a wtmp entry direct to the end of the file */ /* This is a slight modification of code in OpenBSD's logwtmp.c */ @@ -972,7 +972,7 @@ wtmp_write(struct logininfo *li, struct utmp *ut) WTMP_FILE, strerror(errno)); return 0; } - if (fstat(fd, &buf) == 0) + if (fstat(fd, &buf) == 0) if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut)) { ftruncate(fd, buf.st_size); log("wtmp_write: problem writing %s: %s", @@ -1019,7 +1019,7 @@ wtmp_write_entry(struct logininfo *li) /* Notes on fetching login data from wtmp/wtmpx - * + * * Logouts are usually recorded with (amongst other things) a blank * username on a given tty line. However, some systems (HP-UX is one) * leave all fields set, but change the ut_type field to DEAD_PROCESS. @@ -1038,7 +1038,7 @@ wtmp_write_entry(struct logininfo *li) static int wtmp_islogin(struct logininfo *li, struct utmp *ut) { - if (strncmp(li->username, ut->ut_name, + if (strncmp(li->username, ut->ut_name, MIN_SIZEOF(li->username, ut->ut_name)) == 0) { # ifdef HAVE_TYPE_IN_UTMP if (ut->ut_type & USER_PROCESS) @@ -1065,7 +1065,7 @@ wtmp_get_entry(struct logininfo *li) WTMP_FILE, strerror(errno)); return 0; } - if (fstat(fd, &st) != 0) { + if (fstat(fd, &st) != 0) { log("wtmp_get_entry: couldn't stat %s: %s", WTMP_FILE, strerror(errno)); close(fd); @@ -1139,7 +1139,7 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx) return 0; } - if (fstat(fd, &buf) == 0) + if (fstat(fd, &buf) == 0) if (atomicio(write, fd, utx, sizeof(*utx)) != sizeof(*utx)) { ftruncate(fd, buf.st_size); log("wtmpx_write: problem writing %s: %s", @@ -1221,13 +1221,13 @@ wtmpx_get_entry(struct logininfo *li) WTMPX_FILE, strerror(errno)); return 0; } - if (fstat(fd, &st) != 0) { + if (fstat(fd, &st) != 0) { log("wtmpx_get_entry: couldn't stat %s: %s", WTMP_FILE, strerror(errno)); close(fd); return 0; } - + /* Seek to the start of the last struct utmpx */ if (lseek(fd, (off_t)(0-sizeof(struct utmpx)), SEEK_END) == -1 ) { /* probably a newly rotated wtmpx file */ @@ -1295,7 +1295,7 @@ syslogin_perform_logout(struct logininfo *li) { # ifdef HAVE_LOGOUT char line[8]; - + (void)line_stripname(line, li->line, sizeof(line)); if (!logout(line)) { @@ -1344,7 +1344,7 @@ lastlog_construct(struct logininfo *li, struct lastlog *last) { /* clear the structure */ memset(last, '\0', sizeof(*last)); - + (void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line)); strlcpy(last->ll_host, li->hostname, MIN_SIZEOF(last->ll_host, li->hostname)); @@ -1357,7 +1357,7 @@ lastlog_filetype(char *filename) struct stat st; if (stat(LASTLOG_FILE, &st) != 0) { - log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE, + log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE, strerror(errno)); return 0; } @@ -1399,18 +1399,18 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) lastlog_file, strerror(errno)); return 0; } - + if (type == LL_FILE) { /* find this uid's offset in the lastlog file */ offset = (off_t) ( (long)li->uid * sizeof(struct lastlog)); if ( lseek(*fd, offset, SEEK_SET) != offset ) { log("lastlog_openseek: %s->lseek(): %s", - lastlog_file, strerror(errno)); + lastlog_file, strerror(errno)); return 0; } } - + return 1; } @@ -1425,7 +1425,7 @@ lastlog_perform_login(struct logininfo *li) if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT)) return(0); - + /* write the entry */ if (atomicio(write, fd, &last, sizeof(last)) != sizeof(last)) { close(fd); @@ -1454,7 +1454,7 @@ static void lastlog_populate_entry(struct logininfo *li, struct lastlog *last) { line_fullname(li->line, last->ll_line, sizeof(li->line)); - strlcpy(li->hostname, last->ll_host, + strlcpy(li->hostname, last->ll_host, MIN_SIZEOF(li->hostname, last->ll_host)); li->tv_sec = last->ll_time; } @@ -1475,7 +1475,7 @@ lastlog_get_entry(struct logininfo *li) return 1; } } else { - return 0; + return 0; } } #endif /* USE_LASTLOG */ @@ -30,7 +30,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/** +/** ** loginrec.h: platform-independent login recording and lastlog retrieval **/ @@ -40,7 +40,7 @@ #include <netinet/in.h> #include <sys/socket.h> -/* RCSID("$Id: loginrec.h,v 1.4 2000/06/27 01:18:27 djm Exp $"); */ +/* RCSID("$Id: loginrec.h,v 1.5 2001/02/05 12:42:18 stevesk Exp $"); */ /** ** you should use the login_* calls to work around platform dependencies @@ -86,7 +86,7 @@ struct logininfo { * use time_t's value as tv_sec and set tv_usec to 0 */ unsigned int tv_sec; - unsigned int tv_usec; + unsigned int tv_usec; union login_netinfo hostaddr; /* caller's host address(es) */ }; /* struct logininfo */ @@ -102,7 +102,7 @@ struct logininfo *login_alloc_entry(int pid, const char *username, /* free a structure */ void login_free_entry(struct logininfo *li); /* fill out a pre-allocated structure with useful information */ -int login_init_entry(struct logininfo *li, int pid, const char *username, +int login_init_entry(struct logininfo *li, int pid, const char *username, const char *hostname, const char *line); /* place the current time in a logininfo struct */ void login_set_current_time(struct logininfo *li); diff --git a/logintest.c b/logintest.c index 88605231..302034da 100644 --- a/logintest.c +++ b/logintest.c @@ -27,7 +27,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/** +/** ** logintest.c: simple test driver for platform-independent login recording ** and lastlog retrieval **/ @@ -48,7 +48,7 @@ #include "loginrec.h" -RCSID("$Id: logintest.c,v 1.6 2000/06/19 08:25:36 andre Exp $"); +RCSID("$Id: logintest.c,v 1.7 2001/02/05 12:42:18 stevesk Exp $"); #define PAUSE_BEFORE_LOGOUT 3 @@ -74,10 +74,10 @@ dump_logininfo(struct logininfo *li, char *descname) "\t\t\tfamily\t%d\n\t\t}\n" "\t}\n" "}\n", - descname, li->progname, li->type, + descname, li->progname, li->type, li->pid, li->uid, li->line, - li->username, li->hostname, li->exit, - li->termination, li->tv_sec, li->tv_usec, + li->username, li->hostname, li->exit, + li->termination, li->tv_sec, li->tv_usec, li->hostaddr.sa.sa_family); } @@ -134,7 +134,7 @@ testAPI() if (nologtest) return 1; - + line_stripname(stripline, li1->line, sizeof(stripline)); printf("Performing an invalid login attempt (no type field)\n--\n"); @@ -159,11 +159,11 @@ testAPI() #endif printf("--\n"); login_login(li1); - + snprintf(cmdstring, sizeof(cmdstring), "who | grep '%s '", stripline); system(cmdstring); - + printf("--\nPausing for %d second(s)...\n", PAUSE_BEFORE_LOGOUT); sleep(PAUSE_BEFORE_LOGOUT); @@ -205,12 +205,12 @@ testAPI() #endif printf("--\nThe output of 'last' shown next should have " - "an entry for root \n on %s for the time shown above:\n--\n", + "an entry for root \n on %s for the time shown above:\n--\n", stripline); snprintf(cmdstring, sizeof(cmdstring), "last | grep '%s ' | head -3", stripline); system(cmdstring); - + printf("--\nEnd of login test.\n"); login_free_entry(li1); @@ -255,9 +255,9 @@ testOutput() /* show which options got compiled in */ void showOptions(void) -{ +{ printf("**\n** Compile-time options\n**\n"); - + printf("login recording methods selected:\n"); #ifdef USE_LOGIN printf("\tUSE_LOGIN\n"); @@ -293,17 +293,17 @@ main(int argc, char *argv[]) else if (strncmp(argv[1], "-v", 3) == 0) be_verbose=1; } - + if (!compile_opts_only) { if (be_verbose && !testOutput()) return 1; - + if (!testAPI()) return 1; } showOptions(); - + return 0; } /* main() */ @@ -27,11 +27,11 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; static char *magic = "$1$"; /* - * This string is magic for - * this algorithm. Having - * it this way, we can get - * get better later on - */ + * This string is magic for + * this algorithm. Having + * it this way, we can get + * get better later on + */ static void to64(char *s, unsigned long v, int n) @@ -45,7 +45,7 @@ to64(char *s, unsigned long v, int n) int is_md5_salt(const char *salt) { - return (!strncmp(salt, magic, strlen(magic))); + return (!strncmp(salt, magic, strlen(magic))); } /* @@ -481,7 +481,7 @@ chan_shutdown_read(Channel *c) return; debug("channel %d: close_read", c->self); if (c->sock != -1) { - /* + /* * shutdown(sock, SHUT_READ) may return ENOTCONN if the * write side has been closed already. (bug on Linux) */ @@ -989,7 +989,7 @@ packet_read_poll(int *payload_len_ptr) default: return type; break; - } + } } else { switch(type) { case SSH_MSG_IGNORE: @@ -1011,7 +1011,7 @@ packet_read_poll(int *payload_len_ptr) DBG(debug("received packet type %d", type)); return type; break; - } + } } } } @@ -176,8 +176,8 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) *ptyfd = open(buf, O_RDWR | O_NOCTTY); if (*ptyfd < 0) continue; - } - + } + /* Open the slave side. */ *ttyfd = open(namebuf, O_RDWR | O_NOCTTY); if (*ttyfd < 0) { @@ -315,11 +315,11 @@ pty_setowner(struct passwd *pw, const char *ttyname) if (chown(ttyname, pw->pw_uid, gid) < 0) { if (errno == EROFS && st.st_uid == pw->pw_uid) error("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + ttyname, pw->pw_uid, gid, strerror(errno)); else fatal("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + ttyname, pw->pw_uid, gid, strerror(errno)); } } @@ -54,7 +54,7 @@ void gen_tabs __P((void)); #define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00)) -/* Extract byte from a 32 bit quantity (little endian notation) */ +/* Extract byte from a 32 bit quantity (little endian notation) */ #define byte(x,n) ((u1byte)((x) >> (8 * n))) @@ -89,15 +89,15 @@ u4byte tab_gen = 0; #define f_rn(bo, bi, n, k) \ bo[n] = ft_tab[0][byte(bi[n],0)] ^ \ - ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ - ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) + ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ + ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) #define i_rn(bo, bi, n, k) \ bo[n] = it_tab[0][byte(bi[n],0)] ^ \ - it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ - it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) + it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ + it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) #ifdef LARGE_TABLES @@ -109,15 +109,15 @@ u4byte tab_gen = 0; #define f_rl(bo, bi, n, k) \ bo[n] = fl_tab[0][byte(bi[n],0)] ^ \ - fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ - fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) + fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ + fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) #define i_rl(bo, bi, n, k) \ bo[n] = il_tab[0][byte(bi[n],0)] ^ \ - il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ - il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) + il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ + il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ + il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) #else @@ -129,15 +129,15 @@ u4byte tab_gen = 0; #define f_rl(bo, bi, n, k) \ bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \ - rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \ - rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ - rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n) + rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \ + rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ + rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n) #define i_rl(bo, bi, n, k) \ bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \ - rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \ - rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ - rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n) + rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \ + rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ + rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n) #endif @@ -160,7 +160,7 @@ gen_tabs(void) log_tab[1] = 0; p = 1; for(i = 0; i < 10; ++i) { - rco_tab[i] = p; + rco_tab[i] = p; p = (p << 1) ^ (p & 0x80 ? 0x1b : 0); } @@ -172,19 +172,19 @@ gen_tabs(void) /* least significant end of a byte. */ for(i = 0; i < 256; ++i) { - p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p; - q = (q >> 7) | (q << 1); p ^= q; - q = (q >> 7) | (q << 1); p ^= q; - q = (q >> 7) | (q << 1); p ^= q; - q = (q >> 7) | (q << 1); p ^= q ^ 0x63; + p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p; + q = (q >> 7) | (q << 1); p ^= q; + q = (q >> 7) | (q << 1); p ^= q; + q = (q >> 7) | (q << 1); p ^= q; + q = (q >> 7) | (q << 1); p ^= q ^ 0x63; sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i; } for(i = 0; i < 256; ++i) { - p = sbx_tab[i]; + p = sbx_tab[i]; + +#ifdef LARGE_TABLES -#ifdef LARGE_TABLES - t = p; fl_tab[0][i] = t; fl_tab[1][i] = rotl(t, 8); fl_tab[2][i] = rotl(t, 16); @@ -194,30 +194,30 @@ gen_tabs(void) ((u4byte)p << 8) | ((u4byte)p << 16) | ((u4byte)ff_mult(3, p) << 24); - + ft_tab[0][i] = t; ft_tab[1][i] = rotl(t, 8); ft_tab[2][i] = rotl(t, 16); ft_tab[3][i] = rotl(t, 24); - p = isb_tab[i]; + p = isb_tab[i]; -#ifdef LARGE_TABLES - - t = p; il_tab[0][i] = t; - il_tab[1][i] = rotl(t, 8); - il_tab[2][i] = rotl(t, 16); +#ifdef LARGE_TABLES + + t = p; il_tab[0][i] = t; + il_tab[1][i] = rotl(t, 8); + il_tab[2][i] = rotl(t, 16); il_tab[3][i] = rotl(t, 24); -#endif +#endif t = ((u4byte)ff_mult(14, p)) | ((u4byte)ff_mult( 9, p) << 8) | ((u4byte)ff_mult(13, p) << 16) | ((u4byte)ff_mult(11, p) << 24); - - it_tab[0][i] = t; - it_tab[1][i] = rotl(t, 8); - it_tab[2][i] = rotl(t, 16); - it_tab[3][i] = rotl(t, 24); + + it_tab[0][i] = t; + it_tab[1][i] = rotl(t, 8); + it_tab[2][i] = rotl(t, 16); + it_tab[3][i] = rotl(t, 24); } tab_gen = 1; @@ -232,8 +232,8 @@ gen_tabs(void) t = w ^ (x); \ (y) = u ^ v ^ w; \ (y) ^= rotr(u ^ t, 8) ^ \ - rotr(v ^ t, 16) ^ \ - rotr(t,24) + rotr(v ^ t, 16) ^ \ + rotr(t,24) /* initialise the key schedule from the user supplied key */ @@ -271,7 +271,7 @@ gen_tabs(void) rijndael_ctx * rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len, int encrypt) -{ +{ u4byte i, t, u, v, w; u4byte *e_key = ctx->e_key; u4byte *d_key = ctx->d_key; @@ -285,23 +285,23 @@ rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len, e_key[0] = io_swap(in_key[0]); e_key[1] = io_swap(in_key[1]); e_key[2] = io_swap(in_key[2]); e_key[3] = io_swap(in_key[3]); - + switch(ctx->k_len) { - case 4: t = e_key[3]; - for(i = 0; i < 10; ++i) + case 4: t = e_key[3]; + for(i = 0; i < 10; ++i) loop4(i); - break; + break; - case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]); - for(i = 0; i < 8; ++i) + case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]); + for(i = 0; i < 8; ++i) loop6(i); - break; + break; - case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]); - e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]); - for(i = 0; i < 7; ++i) + case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]); + e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]); + for(i = 0; i < 7; ++i) loop8(i); - break; + break; } if (!encrypt) { @@ -333,7 +333,7 @@ rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len, void rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk) -{ +{ u4byte k_len = ctx->k_len; u4byte *e_key = ctx->e_key; u4byte b0[4], b1[4], *kp; @@ -380,7 +380,7 @@ rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk) void rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk) -{ +{ u4byte b0[4], b1[4], *kp; u4byte k_len = ctx->k_len; u4byte *e_key = ctx->e_key; @@ -8,7 +8,7 @@ * software must be clearly marked as such, and if the derived work is * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". - * + * * * Copyright (c) 1999 Niels Provos. All rights reserved. * @@ -308,7 +308,7 @@ main(argc, argv) remin = STDIN_FILENO; remout = STDOUT_FILENO; - if (fflag) { + if (fflag) { /* Follow "protocol", send data. */ (void) response(); source(argc, argv); @@ -1060,7 +1060,7 @@ allocbuf(bp, fd, blksize) size = blksize + (stb.st_blksize - blksize % stb.st_blksize) % stb.st_blksize; #else /* HAVE_ST_BLKSIZE */ - size = blksize; + size = blksize; #endif /* HAVE_ST_BLKSIZE */ if (bp->cnt >= size) return (bp); @@ -222,7 +222,7 @@ static struct { { "port", sPort }, { "hostkey", sHostKeyFile }, { "hostdsakey", sHostKeyFile }, /* alias */ - { "pidfile", sPidFile }, + { "pidfile", sPidFile }, { "serverkeybits", sServerKeyBits }, { "logingracetime", sLoginGraceTime }, { "keyregenerationinterval", sKeyRegenerationTime }, @@ -560,7 +560,7 @@ parse_flag: case sXAuthLocation: charptr = &options->xauth_location; goto parse_filename; - + case sStrictModes: intptr = &options->strict_modes; goto parse_flag; @@ -716,14 +716,14 @@ parse_flag: case sBanner: charptr = &options->banner; goto parse_filename; - + default: fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n", filename, linenum, arg, opcode); exit(1); } if ((arg = strdelim(&cp)) != NULL && *arg != '\0') { - fprintf(stderr, + fprintf(stderr, "%s line %d: garbage at end of line; \"%.200s\".\n", filename, linenum, arg); exit(1); diff --git a/serverloop.c b/serverloop.c index 353733d3..5a567a25 100644 --- a/serverloop.c +++ b/serverloop.c @@ -162,7 +162,7 @@ make_packets_from_stdout_data() } else { /* Keep the packets at reasonable size. */ if (len > packet_get_maxsize()) - len = packet_get_maxsize(); + len = packet_get_maxsize(); } packet_start(SSH_SMSG_STDOUT_DATA); packet_put_string(buffer_ptr(&stdout_buffer), len); @@ -832,7 +832,7 @@ server_input_channel_open(int type, int plen, void *ctxt) xfree(ctype); } -void +void server_input_global_request(int type, int plen, void *ctxt) { char *rtype; @@ -842,7 +842,7 @@ server_input_global_request(int type, int plen, void *ctxt) rtype = packet_get_string(NULL); want_reply = packet_get_char(); debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply); - + if (strcmp(rtype, "tcpip-forward") == 0) { struct passwd *pw; char *listen_address; @@ -62,7 +62,7 @@ RCSID("$OpenBSD: session.c,v 1.52 2001/02/03 10:08:37 markus Exp $"); #endif /* WITH_IRIX_PROJECT */ #ifdef WITH_IRIX_JOBS #include <sys/resource.h> -#endif +#endif #ifdef WITH_IRIX_AUDIT #include <sat.h> #endif /* WITH_IRIX_AUDIT */ @@ -150,7 +150,7 @@ extern int startup_pipe; static char *xauthfile; /* original command from peer. */ -char *original_command = NULL; +char *original_command = NULL; /* data */ #define MAX_SESSIONS 10 @@ -874,11 +874,11 @@ void do_pam_environment(char ***env, int *envsize) if ((pam_env = fetch_pam_environment()) == NULL) return; - + for(i = 0; pam_env[i] != NULL; i++) { if ((equals = strstr(pam_env[i], "=")) == NULL) continue; - + if (strlen(pam_env[i]) < (sizeof(var_name) - 1)) { memset(var_name, '\0', sizeof(var_name)); memset(var_val, '\0', sizeof(var_val)); @@ -904,7 +904,7 @@ void copy_environment(char ***env, int *envsize) for(i = 0; environ[i] != NULL; i++) { if ((equals = strstr(environ[i], "=")) == NULL) continue; - + if (strlen(environ[i]) < (sizeof(var_name) - 1)) { memset(var_name, '\0', sizeof(var_name)); memset(var_val, '\0', sizeof(var_val)); @@ -1106,7 +1106,7 @@ do_child(const char *command, struct passwd * pw, const char *term, if (jid == -1) { fatal("Failed to create job container: %.100s", strerror(errno)); - } + } # endif /* WITH_IRIX_JOBS */ # ifdef WITH_IRIX_ARRAY /* initialize array session */ @@ -1384,7 +1384,7 @@ do_child(const char *command, struct passwd * pw, const char *term, fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data); #ifndef HAVE_CYGWIN /* Unix sockets are not supported */ - if (screen != NULL) + if (screen != NULL) fprintf(f, "add %.*s/unix%s %s %s\n", (int)(screen-display), display, screen, auth_proto, auth_data); @@ -1968,7 +1968,7 @@ session_close_by_channel(int id, void *arg) session_close(s); } else { /* notify child, delay session cleanup */ - if (s->pid <= 1) + if (s->pid <= 1) fatal("session_close_by_channel: Unsafe s->pid = %d", s->pid); if (kill(s->pid, (s->ttyfd == -1) ? SIGTERM : SIGHUP) < 0) error("session_close_by_channel: kill %d: %s", diff --git a/sftp-client.c b/sftp-client.c index 458d7364..c64a43f7 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -222,7 +222,7 @@ do_init(int fd_in, int fd_out) get_msg(fd_in, &msg); - /* Expecting a VERSION reply */ + /* Expecting a VERSION reply */ if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) { error("Invalid packet back from SSH2_FXP_INIT (type %d)", type); @@ -130,10 +130,10 @@ local_do_shell(const char *args) int ret, status; char *shell; pid_t pid; - + if (!*args) args = NULL; - + if ((shell = getenv("SHELL")) == NULL) shell = _PATH_BSHELL; @@ -149,7 +149,7 @@ local_do_shell(const char *args) debug3("Executing %s", shell); ret = execl(shell, shell, NULL); } - fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell, + fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell, strerror(errno)); _exit(1); } @@ -161,7 +161,7 @@ local_do_shell(const char *args) error("Shell exited with status %d", WEXITSTATUS(status)); } -void +void local_do_ls(const char *args) { if (!args || !*args) @@ -367,7 +367,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg, if (get_pathname(&cp, path1)) return(-1); if (*path1 == NULL) { - error("You must specify a path after a %s command.", + error("You must specify a path after a %s command.", cmd); return(-1); } @@ -403,7 +403,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg, if (get_pathname(&cp, path1)) return(-1); if (*path1 == NULL) { - error("You must specify a path after a %s command.", + error("You must specify a path after a %s command.", cmd); return(-1); } diff --git a/sftp-server.c b/sftp-server.c index 0e004009..51026de4 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -207,7 +207,7 @@ handle_to_dir(int handle) int handle_to_fd(int handle) { - if (handle_is_ok(handle, HANDLE_FILE)) + if (handle_is_ok(handle, HANDLE_FILE)) return handles[handle].fd; return -1; } @@ -616,7 +616,7 @@ process_opendir(void) id = get_int(); path = get_string(NULL); TRACE("opendir id %d path %s", id, path); - dirp = opendir(path); + dirp = opendir(path); if (dirp == NULL) { status = errno_to_portable(errno); } else { @@ -627,7 +627,7 @@ process_opendir(void) send_handle(id, handle); status = SSH2_FX_OK; } - + } if (status != SSH2_FX_OK) send_status(id, status); @@ -932,7 +932,7 @@ main(int ac, char **av) handle_init(); #ifdef DEBUG_SFTP_SERVER - log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); + log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); #endif in = dup(STDIN_FILENO); @@ -125,14 +125,14 @@ make_ssh_args(char *add_arg) return(args); } -void +void usage(void) { fprintf(stderr, "usage: sftp [-vC] [-osshopt=value] [user@]host\n"); exit(1); } -int +int main(int argc, char **argv) { int in, out, i, debug_level, compress_flag; @@ -253,7 +253,7 @@ main(int argc, char **argv) __progname = get_progname(argv[0]); init_rng(); - SSLeay_add_all_algorithms(); + SSLeay_add_all_algorithms(); /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); diff --git a/ssh-agent.c b/ssh-agent.c index deed3eca..c23d73b7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -728,7 +728,7 @@ main(int ac, char **av) __progname = get_progname(av[0]); init_rng(); - + #ifdef __GNU_LIBRARY__ while ((ch = getopt(ac, av, "+cks")) != -1) { #else /* __GNU_LIBRARY__ */ @@ -185,7 +185,7 @@ ssh_dss_verify( memset(sigblob, 0, len); xfree(sigblob); } - + /* sha1 the data */ dlen = evp_md->md_size; digest = xmalloc(dlen); diff --git a/ssh-keygen.c b/ssh-keygen.c index 9f519e59..1f7e9676 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -128,7 +128,7 @@ try_load_key(char *filename, Key *k) #define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" #define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----" #define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" -#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb +#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb void do_convert_to_ssh2(struct passwd *pw) diff --git a/ssh-keyscan.c b/ssh-keyscan.c index f753ce82..4c8fcc05 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -509,7 +509,7 @@ conloop(void) c = tq.tqh_first; while (c && (c->c_tv.tv_sec < now.tv_sec || - (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) { + (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) { int s = c->c_fd; c = c->c_link.tqe_next; conrecycle(s); @@ -156,7 +156,7 @@ usage() #ifdef AFS fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); #endif /* AFS */ - fprintf(stderr, " -X Enable X11 connection forwarding.\n"); + fprintf(stderr, " -X Enable X11 connection forwarding.\n"); fprintf(stderr, " -x Disable X11 connection forwarding.\n"); fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n"); fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); @@ -1035,7 +1035,7 @@ ssh_session2(void) /* XXX should be pre-session */ ssh_init_forwarding(); - + /* If requested, let ssh continue in the background. */ if (fork_after_authentication_flag) if (daemon(1, 1) < 0) diff --git a/sshconnect.c b/sshconnect.c index 2a2aa98e..a10a689d 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -328,7 +328,7 @@ ssh_exchange_identification() int remote_major, remote_minor, i, mismatch; int connection_in = packet_get_connection_in(); int connection_out = packet_get_connection_out(); - int minor1 = PROTOCOL_MINOR_1; + int minor1 = PROTOCOL_MINOR_1; /* Read other side\'s version identification. */ for (;;) { @@ -688,7 +688,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, error("X11 forwarding is disabled to avoid trojan horses."); options.forward_x11 = 0; } - if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) { + if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) { error("Port forwarding is disabled to avoid trojan horses."); options.num_local_forwards = options.num_remote_forwards = 0; } diff --git a/sshconnect2.c b/sshconnect2.c index 1d911b9b..6bd524e0 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -145,7 +145,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) /* diffie-hellman-group1-sha1 */ void -ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, +ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, Buffer *client_kexinit, Buffer *server_kexinit) { #ifdef DEBUG_KEXDH @@ -281,7 +281,7 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, int dh_estimate(int bits) { - + if (bits < 64) return (512); /* O(2**63) */ if (bits < 128) @@ -416,7 +416,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, buffer_ptr(client_kexinit), buffer_len(client_kexinit), buffer_ptr(server_kexinit), buffer_len(server_kexinit), server_host_key_blob, sbloblen, - nbits, dh->p, dh->g, + nbits, dh->p, dh->g, dh->pub_key, dh_server_pub, shared_secret @@ -608,7 +608,7 @@ input_userauth_failure(int type, int plen, void *ctxt) for (;;) { method = authmethod_get(authlist); if (method == NULL) - fatal("Unable to find an authentication method"); + fatal("Unable to find an authentication method"); authctxt->method = method; if (method->userauth(authctxt) != 0) { debug2("we sent a %s packet, wait for reply", method->name); @@ -617,7 +617,7 @@ input_userauth_failure(int type, int plen, void *ctxt) debug2("we did not send a packet, disable method"); method->enabled = NULL; } - } + } xfree(authlist); } @@ -683,7 +683,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) buffer_init(&b); if (datafellows & SSH_OLD_SESSIONID) { buffer_append(&b, session_id2, session_id2_len); - skip = session_id2_len; + skip = session_id2_len; } else { buffer_put_string(&b, session_id2, session_id2_len); skip = buffer_len(&b); @@ -699,7 +699,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) } else { buffer_put_cstring(&b, authctxt->method->name); buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, key_ssh_name(k)); + buffer_put_cstring(&b, key_ssh_name(k)); } buffer_put_string(&b, blob, bloblen); @@ -722,7 +722,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback) buffer_put_cstring(&b, authctxt->method->name); buffer_put_char(&b, have_sig); if (!(datafellows & SSH_BUG_PKAUTH)) - buffer_put_cstring(&b, key_ssh_name(k)); + buffer_put_cstring(&b, key_ssh_name(k)); buffer_put_string(&b, blob, bloblen); } xfree(blob); @@ -1011,14 +1011,14 @@ authmethod_lookup(const char *name) * use a built-in default list. If the server sends a nil list after * previously sending a valid list, continue using the list originally * sent. - */ + */ Authmethod * authmethod_get(char *authlist) { char *name = NULL, *authname_old; Authmethod *method = NULL; - + /* Use a suitable default if we're passed a nil list. */ if (authlist == NULL || strlen(authlist) == 0) authlist = def_authlist; @@ -429,7 +429,7 @@ destroy_sensitive_data(void) key_free(sensitive_data.server_key); sensitive_data.server_key = NULL; } - for(i = 0; i < options.num_host_key_files; i++) { + for(i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { key_free(sensitive_data.host_keys[i]); sensitive_data.host_keys[i] = NULL; @@ -983,7 +983,7 @@ main(int ac, char **av) startups++; break; } - + /* * Got connection. Fork a child to handle it, unless * we are in debugging mode. @@ -1507,7 +1507,7 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) fprintf(stderr, "\npub= "); BN_print_fp(stderr, dh->pub_key); fprintf(stderr, "\n"); - DHparams_print_fp(stderr, dh); + DHparams_print_fp(stderr, dh); #endif if (!dh_pub_is_valid(dh, dh_client_pub)) packet_disconnect("bad client public DH value"); @@ -1650,7 +1650,7 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) fprintf(stderr, "\npub= "); BN_print_fp(stderr, dh->pub_key); fprintf(stderr, "\n"); - DHparams_print_fp(stderr, dh); + DHparams_print_fp(stderr, dh); #endif if (!dh_pub_is_valid(dh, dh_client_pub)) packet_disconnect("bad client public DH value"); @@ -4,7 +4,7 @@ * All rights reserved * Versions of malloc and friends that check their results, and never return * failure (they call fatal if they encounter an error). - * + * * As far as I am concerned, the code I have written for this software * can be used freely for any purpose. Any derived versions of this * software must be clearly marked as such, and if the derived work is |