├── .travis.yml ├── CREDITS ├── ChangeLog ├── INSTALL ├── LICENCE ├── Makefile.in ├── OVERVIEW ├── PROTOCOL ├── PROTOCOL.agent ├── PROTOCOL.certkeys ├── PROTOCOL.chacha20poly1305 ├── PROTOCOL.key ├── PROTOCOL.krl ├── PROTOCOL.mux ├── README ├── README.dns ├── README.platform ├── README.privsep ├── README.tun ├── TODO ├── aclocal.m4 ├── addrmatch.c ├── atomicio.c ├── atomicio.h ├── audit-bsm.c ├── audit-linux.c ├── audit.c ├── audit.h ├── auth-bsdauth.c ├── auth-chall.c ├── auth-krb5.c ├── auth-options.c ├── auth-options.h ├── auth-pam.c ├── auth-pam.h ├── auth-passwd.c ├── auth-rh-rsa.c ├── auth-rhosts.c ├── auth-rsa.c ├── auth-shadow.c ├── auth-sia.c ├── auth-sia.h ├── auth-skey.c ├── auth.c ├── auth.h ├── auth1.c ├── auth2-chall.c ├── auth2-gss.c ├── auth2-hostbased.c ├── auth2-kbdint.c ├── auth2-none.c ├── auth2-passwd.c ├── auth2-pubkey.c ├── auth2.c ├── authfd.c ├── authfd.h ├── authfile.c ├── authfile.h ├── blocks.c ├── bufaux.c ├── bufbn.c ├── bufec.c ├── buffer.c ├── buffer.h ├── buildpkg.sh.in ├── canohost.c ├── canohost.h ├── chacha.c ├── chacha.h ├── channels.c ├── channels.h ├── cipher-3des1.c ├── cipher-aes.c ├── cipher-bf1.c ├── cipher-chachapoly.c ├── cipher-chachapoly.h ├── cipher-ctr.c ├── cipher.c ├── cipher.h ├── cleanup.c ├── clientloop.c ├── clientloop.h ├── compat.c ├── compat.h ├── compress.c ├── compress.h ├── config.guess ├── config.h.in ├── config.sub ├── configure ├── configure.ac ├── contrib ├── Makefile ├── README ├── aix │ ├── README │ ├── buildbff.sh │ ├── inventory.sh │ └── pam.conf ├── caldera │ ├── openssh.spec │ ├── ssh-host-keygen │ ├── sshd.init │ └── sshd.pam ├── cygwin │ ├── Makefile │ ├── README │ ├── ssh-host-config │ ├── ssh-user-config │ └── sshd-inetd ├── findssl.sh ├── gnome-ssh-askpass1.c ├── gnome-ssh-askpass2.c ├── hpux │ ├── README │ ├── egd │ ├── egd.rc │ ├── sshd │ └── sshd.rc ├── redhat │ ├── gnome-ssh-askpass.csh │ ├── gnome-ssh-askpass.sh │ ├── openssh.spec │ ├── sshd.init │ ├── sshd.init.old │ ├── sshd.pam │ └── sshd.pam.old ├── solaris │ └── README ├── ssh-copy-id ├── ssh-copy-id.1 ├── sshd.pam.freebsd ├── sshd.pam.generic └── suse │ ├── openssh.spec │ ├── rc.config.sshd │ ├── rc.sshd │ └── sysconfig.ssh ├── crc32.c ├── crc32.h ├── crypto_api.h ├── deattack.c ├── deattack.h ├── defines.h ├── dh.c ├── dh.h ├── digest-libc.c ├── digest-openssl.c ├── digest.h ├── dispatch.c ├── dispatch.h ├── dns.c ├── dns.h ├── ed25519.c ├── entropy.c ├── entropy.h ├── fatal.c ├── fe25519.c ├── fe25519.h ├── fixalgorithms ├── fixpaths ├── fixprogs ├── ge25519.c ├── ge25519.h ├── ge25519_base.data ├── groupaccess.c ├── groupaccess.h ├── gss-genr.c ├── gss-serv-krb5.c ├── gss-serv.c ├── hash.c ├── hmac.c ├── hmac.h ├── hostfile.c ├── hostfile.h ├── includes.h ├── install-sh ├── kex.c ├── kex.h ├── kexc25519.c ├── kexc25519c.c ├── kexc25519s.c ├── kexdh.c ├── kexdhc.c ├── kexdhs.c ├── kexecdh.c ├── kexecdhc.c ├── kexecdhs.c ├── kexgex.c ├── kexgexc.c ├── kexgexs.c ├── key.c ├── key.h ├── krl.c ├── krl.h ├── log.c ├── log.h ├── loginrec.c ├── loginrec.h ├── logintest.c ├── mac.c ├── mac.h ├── match.c ├── match.h ├── md-sha256.c ├── md5crypt.c ├── md5crypt.h ├── mdoc2man.awk ├── misc.c ├── misc.h ├── mkinstalldirs ├── moduli ├── moduli.0 ├── moduli.5 ├── moduli.c ├── monitor.c ├── monitor.h ├── monitor_fdpass.c ├── monitor_fdpass.h ├── monitor_mm.c ├── monitor_mm.h ├── monitor_wrap.c ├── monitor_wrap.h ├── msg.c ├── msg.h ├── mux.c ├── myproposal.h ├── nchan.c ├── nchan.ms ├── nchan2.ms ├── openbsd-compat ├── Makefile.in ├── arc4random.c ├── base64.c ├── base64.h ├── basename.c ├── bcrypt_pbkdf.c ├── bindresvport.c ├── blf.h ├── blowfish.c ├── bsd-asprintf.c ├── bsd-closefrom.c ├── bsd-cray.c ├── bsd-cray.h ├── bsd-cygwin_util.c ├── bsd-cygwin_util.h ├── bsd-getpeereid.c ├── bsd-misc.c ├── bsd-misc.h ├── bsd-nextstep.c ├── bsd-nextstep.h ├── bsd-openpty.c ├── bsd-poll.c ├── bsd-poll.h ├── bsd-setres_id.c ├── bsd-setres_id.h ├── bsd-snprintf.c ├── bsd-statvfs.c ├── bsd-statvfs.h ├── bsd-waitpid.c ├── bsd-waitpid.h ├── chacha_private.h ├── charclass.h ├── daemon.c ├── dirname.c ├── explicit_bzero.c ├── fake-rfc2553.c ├── fake-rfc2553.h ├── fmt_scaled.c ├── getcwd.c ├── getgrouplist.c ├── getopt.h ├── getopt_long.c ├── getrrsetbyname-ldns.c ├── getrrsetbyname.c ├── getrrsetbyname.h ├── glob.c ├── glob.h ├── inet_aton.c ├── inet_ntoa.c ├── inet_ntop.c ├── mktemp.c ├── openbsd-compat.h ├── openssl-compat.c ├── openssl-compat.h ├── port-aix.c ├── port-aix.h ├── port-irix.c ├── port-irix.h ├── port-linux.c ├── port-linux.h ├── port-solaris.c ├── port-solaris.h ├── port-tun.c ├── port-tun.h ├── port-uw.c ├── port-uw.h ├── pwcache.c ├── readpassphrase.c ├── readpassphrase.h ├── realpath.c ├── regress │ ├── Makefile.in │ ├── closefromtest.c │ ├── snprintftest.c │ ├── strduptest.c │ └── strtonumtest.c ├── rresvport.c ├── setenv.c ├── setproctitle.c ├── sha2.c ├── sha2.h ├── sigact.c ├── sigact.h ├── strlcat.c ├── strlcpy.c ├── strmode.c ├── strnlen.c ├── strptime.c ├── strsep.c ├── strtoll.c ├── strtonum.c ├── strtoul.c ├── strtoull.c ├── sys-queue.h ├── sys-tree.h ├── timingsafe_bcmp.c ├── vis.c ├── vis.h ├── xcrypt.c └── xmmap.c ├── openssh.xml.in ├── opensshd.init.in ├── packet.c ├── packet.h ├── pathnames.h ├── pkcs11.h ├── platform.c ├── platform.h ├── poly1305.c ├── poly1305.h ├── progressmeter.c ├── progressmeter.h ├── readconf.c ├── readconf.h ├── readpass.c ├── regress ├── Makefile ├── README.regress ├── addrmatch.sh ├── agent-getpeereid.sh ├── agent-pkcs11.sh ├── agent-ptrace.sh ├── agent-timeout.sh ├── agent.sh ├── banner.sh ├── broken-pipe.sh ├── brokenkeys.sh ├── cert-hostkey.sh ├── cert-userkey.sh ├── cfgmatch.sh ├── cipher-speed.sh ├── conch-ciphers.sh ├── connect-privsep.sh ├── connect.sh ├── dhgex.sh ├── dsa_ssh2.prv ├── dsa_ssh2.pub ├── dynamic-forward.sh ├── envpass.sh ├── exit-status.sh ├── forcecommand.sh ├── forward-control.sh ├── forwarding.sh ├── host-expand.sh ├── integrity.sh ├── kextype.sh ├── key-options.sh ├── keygen-change.sh ├── keygen-convert.sh ├── keys-command.sh ├── keyscan.sh ├── keytype.sh ├── krl.sh ├── localcommand.sh ├── login-timeout.sh ├── modpipe.c ├── multiplex.sh ├── portnum.sh ├── proto-mismatch.sh ├── proto-version.sh ├── proxy-connect.sh ├── putty-ciphers.sh ├── putty-kex.sh ├── putty-transfer.sh ├── reconfigure.sh ├── reexec.sh ├── rekey.sh ├── rsa_openssh.prv ├── rsa_openssh.pub ├── rsa_ssh2.prv ├── scp-ssh-wrapper.sh ├── scp.sh ├── setuid-allowed.c ├── sftp-badcmds.sh ├── sftp-batch.sh ├── sftp-chroot.sh ├── sftp-cmds.sh ├── sftp-glob.sh ├── sftp-perm.sh ├── sftp.sh ├── ssh-com-client.sh ├── ssh-com-keygen.sh ├── ssh-com-sftp.sh ├── ssh-com.sh ├── ssh2putty.sh ├── sshd-log-wrapper.sh ├── stderr-after-eof.sh ├── stderr-data.sh ├── t4.ok ├── t5.ok ├── test-exec.sh ├── transfer.sh ├── try-ciphers.sh └── yes-head.sh ├── rijndael.c ├── rijndael.h ├── roaming.h ├── roaming_client.c ├── roaming_common.c ├── roaming_dummy.c ├── roaming_serv.c ├── rsa.c ├── rsa.h ├── sandbox-capsicum.c ├── sandbox-darwin.c ├── sandbox-null.c ├── sandbox-rlimit.c ├── sandbox-seccomp-filter.c ├── sandbox-systrace.c ├── sc25519.c ├── sc25519.h ├── scp.0 ├── scp.1 ├── scp.c ├── servconf.c ├── servconf.h ├── serverloop.c ├── serverloop.h ├── session.c ├── session.h ├── sftp-client.c ├── sftp-client.h ├── sftp-common.c ├── sftp-common.h ├── sftp-glob.c ├── sftp-server-main.c ├── sftp-server.0 ├── sftp-server.8 ├── sftp-server.c ├── sftp.0 ├── sftp.1 ├── sftp.c ├── sftp.h ├── smult_curve25519_ref.c ├── ssh-add.0 ├── ssh-add.1 ├── ssh-add.c ├── ssh-agent.0 ├── ssh-agent.1 ├── ssh-agent.c ├── ssh-dss.c ├── ssh-ecdsa.c ├── ssh-ed25519.c ├── ssh-gss.h ├── ssh-keygen.0 ├── ssh-keygen.1 ├── ssh-keygen.c ├── ssh-keyscan.0 ├── ssh-keyscan.1 ├── ssh-keyscan.c ├── ssh-keysign.0 ├── ssh-keysign.8 ├── ssh-keysign.c ├── ssh-pkcs11-client.c ├── ssh-pkcs11-helper.0 ├── ssh-pkcs11-helper.8 ├── ssh-pkcs11-helper.c ├── ssh-pkcs11.c ├── ssh-pkcs11.h ├── ssh-rsa.c ├── ssh-sandbox.h ├── ssh.0 ├── ssh.1 ├── ssh.c ├── ssh.h ├── ssh1.h ├── ssh2.h ├── ssh_config ├── ssh_config.0 ├── ssh_config.5 ├── sshconnect.c ├── sshconnect.h ├── sshconnect1.c ├── sshconnect2.c ├── sshd.0 ├── sshd.8 ├── sshd.c ├── sshd_config ├── sshd_config.0 ├── sshd_config.5 ├── sshlogin.c ├── sshlogin.h ├── sshpty.c ├── sshpty.h ├── sshtty.c ├── survey.sh.in ├── ttymodes.c ├── ttymodes.h ├── uidswap.c ├── uidswap.h ├── umac.c ├── umac.h ├── uuencode.c ├── uuencode.h ├── verify.c ├── version.h ├── xmalloc.c └── xmalloc.h /.travis.yml: -------------------------------------------------------------------------------- 1 | language: c 2 | compiler: gcc 3 | # Change this to your needs 4 | script: ./configure && make 5 | -------------------------------------------------------------------------------- /CREDITS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapier1/hpn-ssh-archive/ad3ed96b630605bf48c26049d08fee0fc17d666b/CREDITS -------------------------------------------------------------------------------- /LICENCE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapier1/hpn-ssh-archive/ad3ed96b630605bf48c26049d08fee0fc17d666b/LICENCE -------------------------------------------------------------------------------- /PROTOCOL.key: -------------------------------------------------------------------------------- 1 | This document describes the private key format for OpenSSH. 2 | 3 | 1. Overall format 4 | 5 | The key consists of a header, a list of public keys, and 6 | an encrypted list of matching private keys. 7 | 8 | #define AUTH_MAGIC "openssh-key-v1" 9 | 10 | byte[] AUTH_MAGIC 11 | string ciphername 12 | string kdfname 13 | string kdfoptions 14 | int number of keys N 15 | string publickey1 16 | string publickey2 17 | ... 18 | string publickeyN 19 | string encrypted, padded list of private keys 20 | 21 | 2. KDF options for kdfname "bcrypt" 22 | 23 | The options: 24 | 25 | string salt 26 | uint32 rounds 27 | 28 | are concatenated and represented as a string. 29 | 30 | 3. Unencrypted list of N private keys 31 | 32 | The list of privatekey/comment pairs is padded with the 33 | bytes 1, 2, 3, ... until the total length is a multiple 34 | of the cipher block size. 35 | 36 | uint32 checkint 37 | uint32 checkint 38 | string privatekey1 39 | string comment1 40 | string privatekey2 41 | string comment2 42 | ... 43 | string privatekeyN 44 | string commentN 45 | char 1 46 | char 2 47 | char 3 48 | ... 49 | char padlen % 255 50 | 51 | Before the key is encrypted, a random integer is assigned 52 | to both checkint fields so successful decryption can be 53 | quickly checked by verifying that both checkint fields 54 | hold the same value. 55 | 56 | 4. Encryption 57 | 58 | The KDF is used to derive a key, IV (and other values required by 59 | the cipher) from the passphrase. These values are then used to 60 | encrypt the unencrypted list of private keys. 61 | 62 | 5. No encryption 63 | 64 | For unencrypted keys the cipher "none" and the KDF "none" 65 | are used with empty passphrases. The options if the KDF "none" 66 | are the empty string. 67 | 68 | $OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $ 69 | -------------------------------------------------------------------------------- /README.dns: -------------------------------------------------------------------------------- 1 | How to verify host keys using OpenSSH and DNS 2 | --------------------------------------------- 3 | 4 | OpenSSH contains support for verifying host keys using DNS as described in 5 | draft-ietf-secsh-dns-05.txt. The document contains very brief instructions 6 | on how to use this feature. Configuring DNS is out of the scope of this 7 | document. 8 | 9 | 10 | (1) Server: Generate and publish the DNS RR 11 | 12 | To create a DNS resource record (RR) containing a fingerprint of the 13 | public host key, use the following command: 14 | 15 | ssh-keygen -r hostname -f keyfile -g 16 | 17 | where "hostname" is your fully qualified hostname and "keyfile" is the 18 | file containing the public host key file. If you have multiple keys, 19 | you should generate one RR for each key. 20 | 21 | In the example above, ssh-keygen will print the fingerprint in a 22 | generic DNS RR format parsable by most modern name server 23 | implementations. If your nameserver has support for the SSHFP RR 24 | you can omit the -g flag and ssh-keygen will print a standard SSHFP RR. 25 | 26 | To publish the fingerprint using the DNS you must add the generated RR 27 | to your DNS zone file and sign your zone. 28 | 29 | 30 | (2) Client: Enable ssh to verify host keys using DNS 31 | 32 | To enable the ssh client to verify host keys using DNS, you have to 33 | add the following option to the ssh configuration file 34 | ($HOME/.ssh/config or /etc/ssh/ssh_config): 35 | 36 | VerifyHostKeyDNS yes 37 | 38 | Upon connection the client will try to look up the fingerprint RR 39 | using DNS. If the fingerprint received from the DNS server matches 40 | the remote host key, the user will be notified. 41 | 42 | 43 | Jakob Schlyter 44 | Wesley Griffin 45 | 46 | 47 | $OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $ 48 | -------------------------------------------------------------------------------- /atomicio.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2006 Damien Miller. All rights reserved. 5 | * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. 6 | * All rights reserved. 7 | * 8 | * Redistribution and use in source and binary forms, with or without 9 | * modification, are permitted provided that the following conditions 10 | * are met: 11 | * 1. Redistributions of source code must retain the above copyright 12 | * notice, this list of conditions and the following disclaimer. 13 | * 2. Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | #ifndef _ATOMICIO_H 30 | #define _ATOMICIO_H 31 | 32 | /* 33 | * Ensure all of data on socket comes through. f==read || f==vwrite 34 | */ 35 | size_t 36 | atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, 37 | int (*cb)(void *, size_t), void *); 38 | size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); 39 | 40 | #define vwrite (ssize_t (*)(int, void *, size_t))write 41 | 42 | /* 43 | * ensure all of data on socket comes through. f==readv || f==writev 44 | */ 45 | size_t 46 | atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, 47 | const struct iovec *_iov, int iovcnt, int (*cb)(void *, size_t), void *); 48 | size_t atomiciov(ssize_t (*)(int, const struct iovec *, int), 49 | int, const struct iovec *, int); 50 | 51 | #endif /* _ATOMICIO_H */ 52 | -------------------------------------------------------------------------------- /auth-options.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: auth-options.h,v 1.20 2010/05/07 11:30:29 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | 15 | #ifndef AUTH_OPTIONS_H 16 | #define AUTH_OPTIONS_H 17 | 18 | /* Linked list of custom environment strings */ 19 | struct envstring { 20 | struct envstring *next; 21 | char *s; 22 | }; 23 | 24 | /* Flags that may be set in authorized_keys options. */ 25 | extern int no_port_forwarding_flag; 26 | extern int no_agent_forwarding_flag; 27 | extern int no_x11_forwarding_flag; 28 | extern int no_pty_flag; 29 | extern int no_user_rc; 30 | extern char *forced_command; 31 | extern struct envstring *custom_environment; 32 | extern int forced_tun_device; 33 | extern int key_is_cert_authority; 34 | extern char *authorized_principals; 35 | 36 | int auth_parse_options(struct passwd *, char *, char *, u_long); 37 | void auth_clear_options(void); 38 | int auth_cert_options(Key *, struct passwd *); 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /auth-pam.h: -------------------------------------------------------------------------------- 1 | /* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2000 Damien Miller. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | #include "includes.h" 28 | #ifdef USE_PAM 29 | 30 | #if !defined(SSHD_PAM_SERVICE) 31 | # define SSHD_PAM_SERVICE __progname 32 | #endif 33 | 34 | void start_pam(Authctxt *); 35 | void finish_pam(void); 36 | u_int do_pam_account(void); 37 | void do_pam_session(void); 38 | void do_pam_set_tty(const char *); 39 | void do_pam_setcred(int ); 40 | void do_pam_chauthtok(void); 41 | int do_pam_putenv(char *, char *); 42 | char ** fetch_pam_environment(void); 43 | char ** fetch_pam_child_environment(void); 44 | void free_pam_environment(char **); 45 | void sshpam_thread_cleanup(void); 46 | void sshpam_cleanup(void); 47 | int sshpam_auth_passwd(Authctxt *, const char *); 48 | int is_pam_session_open(void); 49 | 50 | #endif /* USE_PAM */ 51 | -------------------------------------------------------------------------------- /auth-sia.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2002 Chris Adams. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 1. Redistributions of source code must retain the above copyright 8 | * notice, this list of conditions and the following disclaimer. 9 | * 2. Redistributions in binary form must reproduce the above copyright 10 | * notice, this list of conditions and the following disclaimer in the 11 | * documentation and/or other materials provided with the distribution. 12 | * 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #include "includes.h" 26 | 27 | #ifdef HAVE_OSF_SIA 28 | 29 | void session_setup_sia(struct passwd *, char *); 30 | 31 | #endif /* HAVE_OSF_SIA */ 32 | -------------------------------------------------------------------------------- /authfile.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: authfile.h,v 1.17 2013/12/06 13:34:54 markus Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | 15 | #ifndef AUTHFILE_H 16 | #define AUTHFILE_H 17 | 18 | int key_save_private(Key *, const char *, const char *, const char *, 19 | int, const char *, int); 20 | int key_load_file(int, const char *, Buffer *); 21 | Key *key_load_cert(const char *); 22 | Key *key_load_public(const char *, char **); 23 | Key *key_load_public_type(int, const char *, char **); 24 | Key *key_parse_private(Buffer *, const char *, const char *, char **); 25 | Key *key_load_private(const char *, const char *, char **); 26 | Key *key_load_private_cert(int, const char *, const char *, int *); 27 | Key *key_load_private_type(int, const char *, const char *, char **, int *); 28 | Key *key_load_private_pem(int, int, const char *, char **); 29 | int key_perm_ok(int, const char *); 30 | int key_in_file(Key *, const char *, int); 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /canohost.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: canohost.h,v 1.11 2009/05/27 06:31:25 andreas Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | 15 | const char *get_canonical_hostname(int); 16 | const char *get_remote_ipaddr(void); 17 | const char *get_remote_name_or_ip(u_int, int); 18 | 19 | char *get_peer_ipaddr(int); 20 | int get_peer_port(int); 21 | char *get_local_ipaddr(int); 22 | char *get_local_name(int); 23 | 24 | int get_remote_port(void); 25 | int get_local_port(void); 26 | int get_sock_port(int, int); 27 | void clear_cached_addr(void); 28 | 29 | void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); 30 | -------------------------------------------------------------------------------- /chacha.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: chacha.h,v 1.1 2013/11/21 00:45:44 djm Exp $ */ 2 | 3 | /* 4 | chacha-merged.c version 20080118 5 | D. J. Bernstein 6 | Public domain. 7 | */ 8 | 9 | #ifndef CHACHA_H 10 | #define CHACHA_H 11 | 12 | #include 13 | 14 | struct chacha_ctx { 15 | u_int input[16]; 16 | }; 17 | 18 | #define CHACHA_MINKEYLEN 16 19 | #define CHACHA_NONCELEN 8 20 | #define CHACHA_CTRLEN 8 21 | #define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) 22 | #define CHACHA_BLOCKLEN 64 23 | 24 | void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits) 25 | __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); 26 | void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr) 27 | __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) 28 | __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); 29 | void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, 30 | u_char *c, u_int bytes) 31 | __attribute__((__bounded__(__buffer__, 2, 4))) 32 | __attribute__((__bounded__(__buffer__, 3, 4))); 33 | 34 | #endif /* CHACHA_H */ 35 | 36 | -------------------------------------------------------------------------------- /cipher-chachapoly.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: cipher-chachapoly.h,v 1.1 2013/11/21 00:45:44 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) Damien Miller 2013 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | #ifndef CHACHA_POLY_AEAD_H 19 | #define CHACHA_POLY_AEAD_H 20 | 21 | #include 22 | #include "chacha.h" 23 | #include "poly1305.h" 24 | 25 | #define CHACHA_KEYLEN 32 /* Only 256 bit keys used here */ 26 | 27 | struct chachapoly_ctx { 28 | struct chacha_ctx main_ctx, header_ctx; 29 | }; 30 | 31 | void chachapoly_init(struct chachapoly_ctx *cpctx, 32 | const u_char *key, u_int keylen) 33 | __attribute__((__bounded__(__buffer__, 2, 3))); 34 | int chachapoly_crypt(struct chachapoly_ctx *cpctx, u_int seqnr, 35 | u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen, 36 | int do_encrypt); 37 | int chachapoly_get_length(struct chachapoly_ctx *cpctx, 38 | u_int *plenp, u_int seqnr, const u_char *cp, u_int len) 39 | __attribute__((__bounded__(__buffer__, 4, 5))); 40 | 41 | #endif /* CHACHA_POLY_AEAD_H */ 42 | -------------------------------------------------------------------------------- /cleanup.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: cleanup.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */ 2 | /* 3 | * Copyright (c) 2003 Markus Friedl 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "includes.h" 19 | 20 | #include 21 | 22 | #include 23 | #include 24 | 25 | #include "log.h" 26 | 27 | /* default implementation */ 28 | void 29 | cleanup_exit(int i) 30 | { 31 | _exit(i); 32 | } 33 | -------------------------------------------------------------------------------- /compress.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: compress.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * Interface to packet compression for ssh. 8 | * 9 | * As far as I am concerned, the code I have written for this software 10 | * can be used freely for any purpose. Any derived versions of this 11 | * software must be clearly marked as such, and if the derived work is 12 | * incompatible with the protocol description in the RFC file, it must be 13 | * called by a name other than "ssh" or "Secure Shell". 14 | */ 15 | 16 | #ifndef COMPRESS_H 17 | #define COMPRESS_H 18 | 19 | void buffer_compress_init_send(int); 20 | void buffer_compress_init_recv(void); 21 | void buffer_compress_uninit(void); 22 | void buffer_compress(Buffer *, Buffer *); 23 | void buffer_uncompress(Buffer *, Buffer *); 24 | 25 | #endif /* COMPRESS_H */ 26 | -------------------------------------------------------------------------------- /contrib/Makefile: -------------------------------------------------------------------------------- 1 | PKG_CONFIG = pkg-config 2 | 3 | all: 4 | @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2" 5 | 6 | gnome-ssh-askpass1: gnome-ssh-askpass1.c 7 | $(CC) `gnome-config --cflags gnome gnomeui` \ 8 | gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \ 9 | `gnome-config --libs gnome gnomeui` 10 | 11 | gnome-ssh-askpass2: gnome-ssh-askpass2.c 12 | $(CC) `$(PKG_CONFIG) --cflags gtk+-2.0` \ 13 | gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ 14 | `$(PKG_CONFIG) --libs gtk+-2.0 x11` 15 | 16 | clean: 17 | rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass 18 | -------------------------------------------------------------------------------- /contrib/README: -------------------------------------------------------------------------------- 1 | Other patches and addons for OpenSSH. Please send submissions to 2 | djm@mindrot.org 3 | 4 | Externally maintained 5 | --------------------- 6 | 7 | SSH Proxy Command -- connect.c 8 | 9 | Shun-ichi GOTO has written a very useful ProxyCommand 10 | which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or 11 | https CONNECT style proxy server. His page for connect.c has extensive 12 | documentation on its use as well as compiled versions for Win32. 13 | 14 | http://www.taiyo.co.jp/~gotoh/ssh/connect.html 15 | 16 | 17 | X11 SSH Askpass: 18 | 19 | Jim Knoble has written an excellent X11 20 | passphrase requester. This is highly recommended: 21 | 22 | http://www.jmknoble.net/software/x11-ssh-askpass/ 23 | 24 | 25 | In this directory 26 | ----------------- 27 | 28 | ssh-copy-id: 29 | 30 | Phil Hands' shell script to automate the process of adding 31 | your public key to a remote machine's ~/.ssh/authorized_keys file. 32 | 33 | gnome-ssh-askpass[12]: 34 | 35 | A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or 36 | "make gnome-ssh-askpass2" to build. 37 | 38 | sshd.pam.generic: 39 | 40 | A generic PAM config file which may be useful on your system. YMMV 41 | 42 | sshd.pam.freebsd: 43 | 44 | A PAM config file which works with FreeBSD's PAM port. Contributed by 45 | Dominik Brettnacher 46 | 47 | findssl.sh: 48 | 49 | Search for all instances of OpenSSL headers and libraries and print their 50 | versions. This is intended to help diagnose OpenSSH's "OpenSSL headers do not 51 | match your library" errors. 52 | 53 | aix: 54 | Files to build an AIX native (installp or SMIT installable) package. 55 | 56 | caldera: 57 | RPM spec file and scripts for building Caldera OpenLinuix packages 58 | 59 | cygwin: 60 | Support files for Cygwin 61 | 62 | hpux: 63 | Support files for HP-UX 64 | 65 | redhat: 66 | RPM spec file and scripts for building Redhat packages 67 | 68 | suse: 69 | RPM spec file and scripts for building SuSE packages 70 | 71 | -------------------------------------------------------------------------------- /contrib/aix/README: -------------------------------------------------------------------------------- 1 | Overview: 2 | 3 | This directory contains files to build an AIX native (installp or SMIT 4 | installable) openssh package. 5 | 6 | 7 | Directions: 8 | 9 | (optional) create config.local in your build dir 10 | ./configure [options] 11 | contrib/aix/buildbff.sh 12 | 13 | The file config.local or the environment is read to set the following options 14 | (default first): 15 | PERMIT_ROOT_LOGIN=[no|yes] 16 | X11_FORWARDING=[no|yes] 17 | AIX_SRC=[no|yes] 18 | 19 | Acknowledgements: 20 | 21 | The contents of this directory are based on Ben Lindstrom's Solaris 22 | buildpkg.sh. Ben also supplied inventory.sh. 23 | 24 | Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's 25 | and for comparison with the output from this script, however no code 26 | from lppbuild is included and it is not required for operation. 27 | 28 | SRC support based on examples provided by Sandor Sklar and Maarten Kreuger. 29 | PrivSep account handling fixes contributed by W. Earl Allen. 30 | 31 | 32 | Other notes: 33 | 34 | The script treats all packages as USR packages (not ROOT+USR when 35 | appropriate). It seems to work, though...... 36 | 37 | If there are any patches to this that have not yet been integrated they 38 | may be found at http://www.zip.com.au/~dtucker/openssh/. 39 | 40 | 41 | Disclaimer: 42 | 43 | It is hoped that it is useful but there is no warranty. If it breaks 44 | you get to keep both pieces. 45 | 46 | 47 | - Darren Tucker (dtucker at zip dot com dot au) 48 | 2002/03/01 49 | 50 | $Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $ 51 | -------------------------------------------------------------------------------- /contrib/aix/inventory.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # inventory.sh 4 | # $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $ 5 | # 6 | # Originally written by Ben Lindstrom, modified by Darren Tucker to use perl 7 | # This file is placed into the public domain. 8 | # 9 | # This will produce an AIX package inventory file, which looks like: 10 | # 11 | # /usr/local/bin: 12 | # class=apply,inventory,openssh 13 | # owner=root 14 | # group=system 15 | # mode=755 16 | # type=DIRECTORY 17 | # /usr/local/bin/slogin: 18 | # class=apply,inventory,openssh 19 | # owner=root 20 | # group=system 21 | # mode=777 22 | # type=SYMLINK 23 | # target=ssh 24 | # /usr/local/share/Ssh.bin: 25 | # class=apply,inventory,openssh 26 | # owner=root 27 | # group=system 28 | # mode=644 29 | # type=FILE 30 | # size=VOLATILE 31 | # checksum=VOLATILE 32 | 33 | find . ! -name . -print | perl -ne '{ 34 | chomp; 35 | if ( -l $_ ) { 36 | ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=lstat; 37 | } else { 38 | ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=stat; 39 | } 40 | 41 | # Start to display inventory information 42 | $name = $_; 43 | $name =~ s|^.||; # Strip leading dot from path 44 | print "$name:\n"; 45 | print "\tclass=apply,inventory,openssh\n"; 46 | print "\towner=root\n"; 47 | print "\tgroup=system\n"; 48 | printf "\tmode=%lo\n", $mod & 07777; # Mask perm bits 49 | 50 | if ( -l $_ ) { 51 | # Entry is SymLink 52 | print "\ttype=SYMLINK\n"; 53 | printf "\ttarget=%s\n", readlink($_); 54 | } elsif ( -f $_ ) { 55 | # Entry is File 56 | print "\ttype=FILE\n"; 57 | print "\tsize=$sz\n"; 58 | print "\tchecksum=VOLATILE\n"; 59 | } elsif ( -d $_ ) { 60 | # Entry is Directory 61 | print "\ttype=DIRECTORY\n"; 62 | } 63 | }' 64 | -------------------------------------------------------------------------------- /contrib/aix/pam.conf: -------------------------------------------------------------------------------- 1 | # 2 | # PAM configuration file /etc/pam.conf 3 | # Example for OpenSSH on AIX 5.2 4 | # 5 | 6 | # Authentication Management 7 | sshd auth required /usr/lib/security/pam_aix 8 | OTHER auth required /usr/lib/security/pam_aix 9 | 10 | # Account Management 11 | sshd account required /usr/lib/security/pam_aix 12 | OTHER account required /usr/lib/security/pam_aix 13 | 14 | # Password Management 15 | sshd password required /usr/lib/security/pam_aix 16 | OTHER password required /usr/lib/security/pam_aix 17 | 18 | # Session Management 19 | sshd session required /usr/lib/security/pam_aix 20 | OTHER session required /usr/lib/security/pam_aix 21 | -------------------------------------------------------------------------------- /contrib/caldera/openssh.spec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rapier1/hpn-ssh-archive/ad3ed96b630605bf48c26049d08fee0fc17d666b/contrib/caldera/openssh.spec -------------------------------------------------------------------------------- /contrib/caldera/ssh-host-keygen: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # 3 | # $Id: ssh-host-keygen,v 1.3 2008/11/03 09:16:01 djm Exp $ 4 | # 5 | # This script is normally run only *once* for a given host 6 | # (in a given period of time) -- on updates/upgrades/recovery 7 | # the ssh_host_key* files _should_ be retained! Otherwise false 8 | # "man-in-the-middle-attack" alerts will frighten unsuspecting 9 | # clients... 10 | 11 | keydir=@sysconfdir@ 12 | keygen=@sshkeygen@ 13 | 14 | if [ -f $keydir/ssh_host_key -o \ 15 | -f $keydir/ssh_host_key.pub ]; then 16 | echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." 17 | else 18 | echo "Generating SSH1 RSA host key." 19 | $keygen -t rsa1 -f $keydir/ssh_host_key -C '' -N '' 20 | fi 21 | 22 | if [ -f $keydir/ssh_host_rsa_key -o \ 23 | -f $keydir/ssh_host_rsa_key.pub ]; then 24 | echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." 25 | else 26 | echo "Generating SSH2 RSA host key." 27 | $keygen -t rsa -f $keydir/ssh_host_rsa_key -C '' -N '' 28 | fi 29 | 30 | if [ -f $keydir/ssh_host_dsa_key -o \ 31 | -f $keydir/ssh_host_dsa_key.pub ]; then 32 | echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key." 33 | else 34 | echo "Generating SSH2 DSA host key." 35 | $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N '' 36 | fi 37 | -------------------------------------------------------------------------------- /contrib/caldera/sshd.pam: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth required /lib/security/pam_pwdb.so shadow nodelay 3 | account required /lib/security/pam_nologin.so 4 | account required /lib/security/pam_pwdb.so 5 | password required /lib/security/pam_cracklib.so 6 | password required /lib/security/pam_pwdb.so shadow nullok use_authtok 7 | session required /lib/security/pam_pwdb.so 8 | session required /lib/security/pam_limits.so 9 | -------------------------------------------------------------------------------- /contrib/cygwin/sshd-inetd: -------------------------------------------------------------------------------- 1 | # This file can be used to enable sshd as a slave of the inetd service 2 | # To do so, the line below should be uncommented. 3 | @COMMENT@ ssh stream tcp nowait root /usr/sbin/sshd sshd -i 4 | 5 | -------------------------------------------------------------------------------- /contrib/hpux/README: -------------------------------------------------------------------------------- 1 | README for OpenSSH HP-UX contrib files 2 | Kevin Steves 3 | 4 | sshd: configuration file for sshd.rc 5 | sshd.rc: SSH startup script 6 | egd: configuration file for egd.rc 7 | egd.rc: EGD (entropy gathering daemon) startup script 8 | 9 | To install: 10 | 11 | sshd.rc: 12 | 13 | o Verify paths in sshd.rc match your local installation 14 | (WHAT_PATH and WHAT_PID) 15 | o Customize sshd if needed (SSHD_ARGS) 16 | o Install: 17 | 18 | # cp sshd /etc/rc.config.d 19 | # chmod 444 /etc/rc.config.d/sshd 20 | # cp sshd.rc /sbin/init.d 21 | # chmod 555 /sbin/init.d/sshd.rc 22 | # ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd 23 | # ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd 24 | 25 | egd.rc: 26 | 27 | o Verify egd.pl path in egd.rc matches your local installation 28 | (WHAT_PATH) 29 | o Customize egd if needed (EGD_ARGS and EGD_LOG) 30 | o Add pseudo account: 31 | 32 | # groupadd egd 33 | # useradd -g egd egd 34 | # mkdir -p /etc/opt/egd 35 | # chown egd:egd /etc/opt/egd 36 | # chmod 711 /etc/opt/egd 37 | 38 | o Install: 39 | 40 | # cp egd /etc/rc.config.d 41 | # chmod 444 /etc/rc.config.d/egd 42 | # cp egd.rc /sbin/init.d 43 | # chmod 555 /sbin/init.d/egd.rc 44 | # ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd 45 | # ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd 46 | -------------------------------------------------------------------------------- /contrib/hpux/egd: -------------------------------------------------------------------------------- 1 | # EGD_START: Set to 1 to start entropy gathering daemon 2 | # EGD_ARGS: Command line arguments to pass to egd 3 | # EGD_LOG: EGD stdout and stderr log file (default /etc/opt/egd/egd.log) 4 | # 5 | # To configure the egd environment: 6 | 7 | # groupadd egd 8 | # useradd -g egd egd 9 | # mkdir -p /etc/opt/egd 10 | # chown egd:egd /etc/opt/egd 11 | # chmod 711 /etc/opt/egd 12 | 13 | EGD_START=1 14 | EGD_ARGS='/etc/opt/egd/entropy' 15 | EGD_LOG= 16 | -------------------------------------------------------------------------------- /contrib/hpux/sshd: -------------------------------------------------------------------------------- 1 | # SSHD_START: Set to 1 to start SSH daemon 2 | # SSHD_ARGS: Command line arguments to pass to sshd 3 | # 4 | SSHD_START=1 5 | SSHD_ARGS= 6 | -------------------------------------------------------------------------------- /contrib/hpux/sshd.rc: -------------------------------------------------------------------------------- 1 | #!/sbin/sh 2 | 3 | # 4 | # sshd.rc: SSH daemon start-up and shutdown script 5 | # 6 | 7 | # Allowed exit values: 8 | # 0 = success; causes "OK" to show up in checklist. 9 | # 1 = failure; causes "FAIL" to show up in checklist. 10 | # 2 = skip; causes "N/A" to show up in the checklist. 11 | # Use this value if execution of this script is overridden 12 | # by the use of a control variable, or if this script is not 13 | # appropriate to execute for some other reason. 14 | # 3 = reboot; causes the system to be rebooted after execution. 15 | 16 | # Input and output: 17 | # stdin is redirected from /dev/null 18 | # 19 | # stdout and stderr are redirected to the /etc/rc.log file 20 | # during checklist mode, or to the console in raw mode. 21 | 22 | PATH=/usr/sbin:/usr/bin:/sbin 23 | export PATH 24 | 25 | WHAT='OpenSSH' 26 | WHAT_PATH=/opt/openssh/sbin/sshd 27 | WHAT_PID=/var/run/sshd.pid 28 | WHAT_CONFIG=/etc/rc.config.d/sshd 29 | 30 | # NOTE: If your script executes in run state 0 or state 1, then /usr might 31 | # not be available. Do not attempt to access commands or files in 32 | # /usr unless your script executes in run state 2 or greater. Other 33 | # file systems typically not mounted until run state 2 include /var 34 | # and /opt. 35 | 36 | rval=0 37 | 38 | # Check the exit value of a command run by this script. If non-zero, the 39 | # exit code is echoed to the log file and the return value of this script 40 | # is set to indicate failure. 41 | 42 | set_return() { 43 | x=$? 44 | if [ $x -ne 0 ]; then 45 | echo "EXIT CODE: $x" 46 | rval=1 # script FAILed 47 | fi 48 | } 49 | 50 | case $1 in 51 | 'start_msg') 52 | echo "Starting $WHAT" 53 | ;; 54 | 55 | 'stop_msg') 56 | echo "Stopping $WHAT" 57 | ;; 58 | 59 | 'start') 60 | if [ -f $WHAT_CONFIG ] ; then 61 | . $WHAT_CONFIG 62 | else 63 | echo "ERROR: $WHAT_CONFIG defaults file MISSING" 64 | fi 65 | 66 | if [ "$SSHD_START" -eq 1 -a -x "$WHAT_PATH" ]; then 67 | $WHAT_PATH $SSHD_ARGS && echo "$WHAT started" 68 | set_return 69 | else 70 | rval=2 71 | fi 72 | ;; 73 | 74 | 'stop') 75 | if kill `cat $WHAT_PID`; then 76 | echo "$WHAT stopped" 77 | else 78 | rval=1 79 | echo "Unable to stop $WHAT" 80 | fi 81 | set_return 82 | ;; 83 | 84 | *) 85 | echo "usage: $0 {start|stop|start_msg|stop_msg}" 86 | rval=1 87 | ;; 88 | esac 89 | 90 | exit $rval 91 | -------------------------------------------------------------------------------- /contrib/redhat/gnome-ssh-askpass.csh: -------------------------------------------------------------------------------- 1 | setenv SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass 2 | -------------------------------------------------------------------------------- /contrib/redhat/gnome-ssh-askpass.sh: -------------------------------------------------------------------------------- 1 | SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass 2 | export SSH_ASKPASS 3 | -------------------------------------------------------------------------------- /contrib/redhat/sshd.init: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Init file for OpenSSH server daemon 4 | # 5 | # chkconfig: 2345 55 25 6 | # description: OpenSSH server daemon 7 | # 8 | # processname: sshd 9 | # config: /etc/ssh/ssh_host_key 10 | # config: /etc/ssh/ssh_host_key.pub 11 | # config: /etc/ssh/ssh_random_seed 12 | # config: /etc/ssh/sshd_config 13 | # pidfile: /var/run/sshd.pid 14 | 15 | # source function library 16 | . /etc/rc.d/init.d/functions 17 | 18 | # pull in sysconfig settings 19 | [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd 20 | 21 | RETVAL=0 22 | prog="sshd" 23 | 24 | # Some functions to make the below more readable 25 | SSHD=/usr/sbin/sshd 26 | PID_FILE=/var/run/sshd.pid 27 | 28 | do_restart_sanity_check() 29 | { 30 | $SSHD -t 31 | RETVAL=$? 32 | if [ $RETVAL -ne 0 ]; then 33 | failure $"Configuration file or keys are invalid" 34 | echo 35 | fi 36 | } 37 | 38 | start() 39 | { 40 | # Create keys if necessary 41 | /usr/bin/ssh-keygen -A 42 | if [ -x /sbin/restorecon ]; then 43 | /sbin/restorecon /etc/ssh/ssh_host_key.pub 44 | /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub 45 | /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub 46 | /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub 47 | fi 48 | 49 | echo -n $"Starting $prog:" 50 | $SSHD $OPTIONS && success || failure 51 | RETVAL=$? 52 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd 53 | echo 54 | } 55 | 56 | stop() 57 | { 58 | echo -n $"Stopping $prog:" 59 | killproc $SSHD -TERM 60 | RETVAL=$? 61 | [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd 62 | echo 63 | } 64 | 65 | reload() 66 | { 67 | echo -n $"Reloading $prog:" 68 | killproc $SSHD -HUP 69 | RETVAL=$? 70 | echo 71 | } 72 | 73 | case "$1" in 74 | start) 75 | start 76 | ;; 77 | stop) 78 | stop 79 | ;; 80 | restart) 81 | stop 82 | start 83 | ;; 84 | reload) 85 | reload 86 | ;; 87 | condrestart) 88 | if [ -f /var/lock/subsys/sshd ] ; then 89 | do_restart_sanity_check 90 | if [ $RETVAL -eq 0 ] ; then 91 | stop 92 | # avoid race 93 | sleep 3 94 | start 95 | fi 96 | fi 97 | ;; 98 | status) 99 | status $SSHD 100 | RETVAL=$? 101 | ;; 102 | *) 103 | echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}" 104 | RETVAL=1 105 | esac 106 | exit $RETVAL 107 | -------------------------------------------------------------------------------- /contrib/redhat/sshd.pam: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth required pam_stack.so service=system-auth 3 | account required pam_nologin.so 4 | account required pam_stack.so service=system-auth 5 | password required pam_stack.so service=system-auth 6 | session required pam_stack.so service=system-auth 7 | -------------------------------------------------------------------------------- /contrib/redhat/sshd.pam.old: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth required /lib/security/pam_pwdb.so shadow nodelay 3 | auth required /lib/security/pam_nologin.so 4 | account required /lib/security/pam_pwdb.so 5 | password required /lib/security/pam_cracklib.so 6 | password required /lib/security/pam_pwdb.so shadow nullok use_authtok 7 | session required /lib/security/pam_pwdb.so 8 | session required /lib/security/pam_limits.so 9 | -------------------------------------------------------------------------------- /contrib/solaris/README: -------------------------------------------------------------------------------- 1 | The following is a new package build script for Solaris. This is being 2 | introduced into OpenSSH 3.0 and above in hopes of simplifying the build 3 | process. As of 3.1p2 the script should work on all platforms that have 4 | SVR4 style package tools. 5 | 6 | The build process is called a 'dummy install'.. Which means the software does 7 | a "make install-nokeys DESTDIR=[fakeroot]". This way all manpages should 8 | be handled correctly and key are defered until the first time the sshd 9 | is started. 10 | 11 | Directions: 12 | 13 | 1. make -F Makefile.in distprep (Only if you are getting from the CVS tree) 14 | 2. ./configure --with-pam [..any other options you want..] 15 | 3. look at the top of buildpkg.sh for the configurable options and put 16 | any changes you want in openssh-config.local. Additional customizations 17 | can be done to the build process by creating one or more of the following 18 | scripts that will be sourced by buildpkg.sh. 19 | pkg_post_make_install_fixes.sh pkg-post-prototype-edit.sh 20 | pkg-preinstall.local pkg-postinstall.local pkg-preremove.local 21 | pkg-postremove.local pkg-request.local 22 | 4. Run "make package" 23 | 24 | If all goes well you should have a solaris package ready to be installed. 25 | 26 | If you have any problems with this script please post them to 27 | openssh-unix-dev@mindrot.org and I will try to assist you as best as I can. 28 | 29 | - Ben Lindstrom 30 | 31 | -------------------------------------------------------------------------------- /contrib/sshd.pam.freebsd: -------------------------------------------------------------------------------- 1 | sshd auth required pam_unix.so try_first_pass 2 | sshd account required pam_unix.so 3 | sshd password required pam_permit.so 4 | sshd session required pam_permit.so 5 | 6 | -------------------------------------------------------------------------------- /contrib/sshd.pam.generic: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth required /lib/security/pam_unix.so shadow nodelay 3 | account required /lib/security/pam_nologin.so 4 | account required /lib/security/pam_unix.so 5 | password required /lib/security/pam_cracklib.so 6 | password required /lib/security/pam_unix.so shadow nullok use_authtok 7 | session required /lib/security/pam_unix.so 8 | session required /lib/security/pam_limits.so 9 | -------------------------------------------------------------------------------- /contrib/suse/rc.config.sshd: -------------------------------------------------------------------------------- 1 | # 2 | # Start the Secure Shell (SSH) Daemon? 3 | # 4 | START_SSHD="yes" 5 | 6 | -------------------------------------------------------------------------------- /contrib/suse/sysconfig.ssh: -------------------------------------------------------------------------------- 1 | ## Path: Network/Remote access/SSH 2 | ## Description: SSH server settings 3 | ## Type: string 4 | ## Default: "" 5 | ## ServiceRestart: sshd 6 | # 7 | # Options for sshd 8 | # 9 | SSHD_OPTS="" 10 | -------------------------------------------------------------------------------- /crc32.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2003 Markus Friedl. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | #ifndef SSH_CRC32_H 28 | #define SSH_CRC32_H 29 | u_int32_t ssh_crc32(const u_char *, u_int32_t); 30 | #endif 31 | -------------------------------------------------------------------------------- /crypto_api.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: crypto_api.h,v 1.3 2013/12/17 10:36:38 markus Exp $ */ 2 | 3 | /* 4 | * Assembled from generated headers and source files by Markus Friedl. 5 | * Placed in the public domain. 6 | */ 7 | 8 | #ifndef crypto_api_h 9 | #define crypto_api_h 10 | 11 | #ifdef HAVE_STDINT_H 12 | # include 13 | #endif 14 | #include 15 | 16 | typedef int32_t crypto_int32; 17 | typedef uint32_t crypto_uint32; 18 | 19 | #define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len)) 20 | 21 | #define crypto_hashblocks_sha512_STATEBYTES 64U 22 | #define crypto_hashblocks_sha512_BLOCKBYTES 128U 23 | 24 | int crypto_hashblocks_sha512(unsigned char *, const unsigned char *, 25 | unsigned long long); 26 | 27 | #define crypto_hash_sha512_BYTES 64U 28 | 29 | int crypto_hash_sha512(unsigned char *, const unsigned char *, 30 | unsigned long long); 31 | 32 | int crypto_verify_32(const unsigned char *, const unsigned char *); 33 | 34 | #define crypto_sign_ed25519_SECRETKEYBYTES 64U 35 | #define crypto_sign_ed25519_PUBLICKEYBYTES 32U 36 | #define crypto_sign_ed25519_BYTES 64U 37 | 38 | int crypto_sign_ed25519(unsigned char *, unsigned long long *, 39 | const unsigned char *, unsigned long long, const unsigned char *); 40 | int crypto_sign_ed25519_open(unsigned char *, unsigned long long *, 41 | const unsigned char *, unsigned long long, const unsigned char *); 42 | int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *); 43 | 44 | #endif /* crypto_api_h */ 45 | -------------------------------------------------------------------------------- /deattack.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: deattack.h,v 1.10 2006/09/16 19:53:37 djm Exp $ */ 2 | 3 | /* 4 | * Cryptographic attack detector for ssh - Header file 5 | * 6 | * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. 7 | * 8 | * All rights reserved. Redistribution and use in source and binary 9 | * forms, with or without modification, are permitted provided that 10 | * this copyright notice is retained. 11 | * 12 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 13 | * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE 14 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR 15 | * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS 16 | * SOFTWARE. 17 | * 18 | * Ariel Futoransky 19 | * 20 | */ 21 | 22 | #ifndef _DEATTACK_H 23 | #define _DEATTACK_H 24 | 25 | /* Return codes */ 26 | #define DEATTACK_OK 0 27 | #define DEATTACK_DETECTED 1 28 | #define DEATTACK_DOS_DETECTED 2 29 | 30 | int detect_attack(u_char *, u_int32_t); 31 | #endif 32 | -------------------------------------------------------------------------------- /dispatch.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: dispatch.h,v 1.11 2006/04/20 09:27:09 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | #include 28 | 29 | enum { 30 | DISPATCH_BLOCK, 31 | DISPATCH_NONBLOCK 32 | }; 33 | 34 | typedef void dispatch_fn(int, u_int32_t, void *); 35 | 36 | void dispatch_init(dispatch_fn *); 37 | void dispatch_set(int, dispatch_fn *); 38 | void dispatch_range(u_int, u_int, dispatch_fn *); 39 | void dispatch_run(int, volatile sig_atomic_t *, void *); 40 | void dispatch_protocol_error(int, u_int32_t, void *); 41 | void dispatch_protocol_ignore(int, u_int32_t, void *); 42 | -------------------------------------------------------------------------------- /dns.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: dns.h,v 1.12 2012/05/23 03:28:28 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. 5 | * Copyright (c) 2003 Jakob Schlyter. All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | #ifndef DNS_H 29 | #define DNS_H 30 | 31 | enum sshfp_types { 32 | SSHFP_KEY_RESERVED = 0, 33 | SSHFP_KEY_RSA = 1, 34 | SSHFP_KEY_DSA = 2, 35 | SSHFP_KEY_ECDSA = 3 36 | }; 37 | 38 | enum sshfp_hashes { 39 | SSHFP_HASH_RESERVED = 0, 40 | SSHFP_HASH_SHA1 = 1, 41 | SSHFP_HASH_SHA256 = 2, 42 | SSHFP_HASH_MAX = 3 43 | }; 44 | 45 | #define DNS_RDATACLASS_IN 1 46 | #define DNS_RDATATYPE_SSHFP 44 47 | 48 | #define DNS_VERIFY_FOUND 0x00000001 49 | #define DNS_VERIFY_MATCH 0x00000002 50 | #define DNS_VERIFY_SECURE 0x00000004 51 | 52 | int verify_host_key_dns(const char *, struct sockaddr *, Key *, int *); 53 | int export_dns_rr(const char *, Key *, FILE *, int); 54 | 55 | #endif /* DNS_H */ 56 | -------------------------------------------------------------------------------- /entropy.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1999-2000 Damien Miller. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 1. Redistributions of source code must retain the above copyright 8 | * notice, this list of conditions and the following disclaimer. 9 | * 2. Redistributions in binary form must reproduce the above copyright 10 | * notice, this list of conditions and the following disclaimer in the 11 | * documentation and/or other materials provided with the distribution. 12 | * 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | /* $Id: entropy.h,v 1.6 2011/09/09 01:29:41 dtucker Exp $ */ 26 | 27 | #ifndef _RANDOMS_H 28 | #define _RANDOMS_H 29 | 30 | #include "buffer.h" 31 | 32 | void seed_rng(void); 33 | 34 | void rexec_send_rng_seed(Buffer *); 35 | void rexec_recv_rng_seed(Buffer *); 36 | 37 | #endif /* _RANDOMS_H */ 38 | -------------------------------------------------------------------------------- /fatal.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ 2 | /* 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | */ 25 | 26 | #include "includes.h" 27 | 28 | #include 29 | 30 | #include 31 | 32 | #include "log.h" 33 | 34 | /* Fatal messages. This function never returns. */ 35 | 36 | void 37 | fatal(const char *fmt,...) 38 | { 39 | va_list args; 40 | 41 | va_start(args, fmt); 42 | do_log(SYSLOG_LEVEL_FATAL, fmt, args); 43 | va_end(args); 44 | cleanup_exit(255); 45 | } 46 | -------------------------------------------------------------------------------- /fixalgorithms: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # fixciphers - remove unsupported ciphers from man pages. 4 | # Usage: fixpaths /path/to/sed cipher1 [cipher2] outfile 5 | # 6 | # Author: Darren Tucker (dtucker at zip com.au). Placed in the public domain. 7 | 8 | die() { 9 | echo $* 10 | exit -1 11 | } 12 | 13 | SED=$1 14 | shift 15 | 16 | for c in $*; do 17 | subs="$subs -e /.Dq.$c.*$/d" 18 | subs="$subs -e s/$c,//g" 19 | done 20 | 21 | # now remove any entirely empty lines 22 | subs="$subs -e /^$/d" 23 | 24 | ${SED} $subs 25 | 26 | exit 0 27 | -------------------------------------------------------------------------------- /fixpaths: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # fixpaths - substitute makefile variables into text files 4 | # Usage: fixpaths -Dsomething=somethingelse ... 5 | 6 | die() { 7 | echo $* 8 | exit -1 9 | } 10 | 11 | test -n "`echo $1|grep -- -D`" || \ 12 | die $0: nothing to do - no substitutions listed! 13 | 14 | test -n "`echo $1|grep -- '-D[^=]\+=[^ ]\+'`" || \ 15 | die $0: error in command line arguments. 16 | 17 | test -n "`echo $*|grep -- ' [^-]'`" || \ 18 | die Usage: $0 '[-Dstring=replacement] [[infile] ...]' 19 | 20 | sed `echo $*|sed -e 's/-D\([^=]\+\)=\([^ ]*\)/-e s=\1=\2=g/g'` 21 | 22 | exit 0 23 | -------------------------------------------------------------------------------- /fixprogs: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # fixprogs - run through the list of entropy commands and 4 | # score out the losers 5 | # 6 | 7 | $entscale = 50; # divisor for optional entropy measurement 8 | 9 | sub usage { 10 | return("Usage: $0 \n"); 11 | } 12 | 13 | if (($#ARGV == -1) || ($#ARGV>1)) { 14 | die(&usage); 15 | } 16 | 17 | # 'undocumented' option - run ent (in second param) on the output 18 | if ($#ARGV==1) { 19 | $entcmd=$ARGV[1] 20 | } else { 21 | $entcmd = "" 22 | }; 23 | 24 | $infilename = $ARGV[0]; 25 | 26 | if (!open(IN, "<".$infilename)) { 27 | die("Couldn't open input file"); 28 | } 29 | $outfilename=$infilename.".out"; 30 | if (!open(OUT, ">$outfilename")) { 31 | die("Couldn't open output file $outfilename"); 32 | } 33 | @infile=; 34 | 35 | select(OUT); $|=1; select(STDOUT); 36 | 37 | foreach (@infile) { 38 | if (/^\s*\#/ || /^\s*$/) { 39 | print OUT; 40 | next; 41 | } 42 | ($cmd, $path, $est) = /^\"([^\"]+)\"\s+([\w\/_-]+)\s+([\d\.\-]+)/o; 43 | @args = split(/ /, $cmd); 44 | if (! ($pid = fork())) { 45 | # child 46 | close STDIN; close STDOUT; close STDERR; 47 | open (STDIN, "/dev/null"); 49 | open (STDERR, ">/dev/null"); 50 | exec $path @args; 51 | exit 1; # shouldn't be here 52 | } 53 | # parent 54 | waitpid ($pid, 0); $ret=$? >> 8; 55 | 56 | if ($ret != 0) { 57 | $path = "undef"; 58 | } else { 59 | if ($entcmd ne "") { 60 | # now try to run ent on the command 61 | $mostargs=join(" ", splice(@args,1)); 62 | print "Evaluating '$path $mostargs'\n"; 63 | @ent = qx{$path $mostargs | $entcmd -b -t}; 64 | @ent = grep(/^1,/, @ent); 65 | ($null, $null, $rate) = split(/,/, $ent[0]); 66 | $est = $rate / $entscale; # scale the estimate back 67 | } 68 | } 69 | print OUT "\"$cmd\" $path $est\n"; 70 | } 71 | 72 | close(IN); 73 | -------------------------------------------------------------------------------- /ge25519.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: ge25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ 2 | 3 | /* 4 | * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, 5 | * Peter Schwabe, Bo-Yin Yang. 6 | * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.h 7 | */ 8 | 9 | #ifndef GE25519_H 10 | #define GE25519_H 11 | 12 | #include "fe25519.h" 13 | #include "sc25519.h" 14 | 15 | #define ge25519 crypto_sign_ed25519_ref_ge25519 16 | #define ge25519_base crypto_sign_ed25519_ref_ge25519_base 17 | #define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime 18 | #define ge25519_pack crypto_sign_ed25519_ref_pack 19 | #define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime 20 | #define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime 21 | #define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base 22 | 23 | typedef struct 24 | { 25 | fe25519 x; 26 | fe25519 y; 27 | fe25519 z; 28 | fe25519 t; 29 | } ge25519; 30 | 31 | const ge25519 ge25519_base; 32 | 33 | int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); 34 | 35 | void ge25519_pack(unsigned char r[32], const ge25519 *p); 36 | 37 | int ge25519_isneutral_vartime(const ge25519 *p); 38 | 39 | void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); 40 | 41 | void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /groupaccess.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: groupaccess.h,v 1.8 2008/07/04 03:44:59 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2001 Kevin Steves. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | #ifndef GROUPACCESS_H 28 | #define GROUPACCESS_H 29 | 30 | int ga_init(const char *, gid_t); 31 | int ga_match(char * const *, int); 32 | int ga_match_pattern_list(const char *); 33 | void ga_free(void); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /hash.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: hash.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ 2 | 3 | /* Copied from nacl-20110221/crypto_hash/sha512/ref/hash.c */ 4 | 5 | /* 6 | 20080913 7 | D. J. Bernstein 8 | Public domain. 9 | */ 10 | 11 | #include "includes.h" 12 | 13 | #include "crypto_api.h" 14 | 15 | #define blocks crypto_hashblocks_sha512 16 | 17 | static const unsigned char iv[64] = { 18 | 0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08, 19 | 0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b, 20 | 0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b, 21 | 0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1, 22 | 0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1, 23 | 0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f, 24 | 0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b, 25 | 0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79 26 | } ; 27 | 28 | typedef unsigned long long uint64; 29 | 30 | int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen) 31 | { 32 | unsigned char h[64]; 33 | unsigned char padded[256]; 34 | unsigned int i; 35 | unsigned long long bytes = inlen; 36 | 37 | for (i = 0;i < 64;++i) h[i] = iv[i]; 38 | 39 | blocks(h,in,inlen); 40 | in += inlen; 41 | inlen &= 127; 42 | in -= inlen; 43 | 44 | for (i = 0;i < inlen;++i) padded[i] = in[i]; 45 | padded[inlen] = 0x80; 46 | 47 | if (inlen < 112) { 48 | for (i = inlen + 1;i < 119;++i) padded[i] = 0; 49 | padded[119] = bytes >> 61; 50 | padded[120] = bytes >> 53; 51 | padded[121] = bytes >> 45; 52 | padded[122] = bytes >> 37; 53 | padded[123] = bytes >> 29; 54 | padded[124] = bytes >> 21; 55 | padded[125] = bytes >> 13; 56 | padded[126] = bytes >> 5; 57 | padded[127] = bytes << 3; 58 | blocks(h,padded,128); 59 | } else { 60 | for (i = inlen + 1;i < 247;++i) padded[i] = 0; 61 | padded[247] = bytes >> 61; 62 | padded[248] = bytes >> 53; 63 | padded[249] = bytes >> 45; 64 | padded[250] = bytes >> 37; 65 | padded[251] = bytes >> 29; 66 | padded[252] = bytes >> 21; 67 | padded[253] = bytes >> 13; 68 | padded[254] = bytes >> 5; 69 | padded[255] = bytes << 3; 70 | blocks(h,padded,256); 71 | } 72 | 73 | for (i = 0;i < 64;++i) out[i] = h[i]; 74 | 75 | return 0; 76 | } 77 | -------------------------------------------------------------------------------- /hmac.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: hmac.h,v 1.6 2014/01/27 18:58:14 markus Exp $ */ 2 | /* 3 | * Copyright (c) 2014 Markus Friedl. All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #ifndef _HMAC_H 19 | #define _HMAC_H 20 | 21 | /* Returns the algorithm's digest length in bytes or 0 for invalid algorithm */ 22 | size_t ssh_hmac_bytes(int alg); 23 | 24 | struct ssh_hmac_ctx; 25 | struct ssh_hmac_ctx *ssh_hmac_start(int alg); 26 | 27 | /* Sets the state of the HMAC or resets the state if key == NULL */ 28 | int ssh_hmac_init(struct ssh_hmac_ctx *ctx, const void *key, size_t klen) 29 | __attribute__((__bounded__(__buffer__, 2, 3))); 30 | int ssh_hmac_update(struct ssh_hmac_ctx *ctx, const void *m, size_t mlen) 31 | __attribute__((__bounded__(__buffer__, 2, 3))); 32 | int ssh_hmac_update_buffer(struct ssh_hmac_ctx *ctx, const Buffer *b); 33 | int ssh_hmac_final(struct ssh_hmac_ctx *ctx, u_char *d, size_t dlen) 34 | __attribute__((__bounded__(__buffer__, 2, 3))); 35 | void ssh_hmac_free(struct ssh_hmac_ctx *ctx); 36 | 37 | #endif /* _HMAC_H */ 38 | -------------------------------------------------------------------------------- /hostfile.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: hostfile.h,v 1.20 2013/07/12 00:19:58 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | #ifndef HOSTFILE_H 15 | #define HOSTFILE_H 16 | 17 | typedef enum { 18 | HOST_OK, HOST_NEW, HOST_CHANGED, HOST_REVOKED, HOST_FOUND 19 | } HostStatus; 20 | 21 | typedef enum { 22 | MRK_ERROR, MRK_NONE, MRK_REVOKE, MRK_CA 23 | } HostkeyMarker; 24 | 25 | struct hostkey_entry { 26 | char *host; 27 | char *file; 28 | u_long line; 29 | Key *key; 30 | HostkeyMarker marker; 31 | }; 32 | struct hostkeys; 33 | 34 | struct hostkeys *init_hostkeys(void); 35 | void load_hostkeys(struct hostkeys *, const char *, const char *); 36 | void free_hostkeys(struct hostkeys *); 37 | 38 | HostStatus check_key_in_hostkeys(struct hostkeys *, Key *, 39 | const struct hostkey_entry **); 40 | int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, 41 | const struct hostkey_entry **); 42 | 43 | int hostfile_read_key(char **, int *, Key *); 44 | int add_host_to_hostfile(const char *, const char *, const Key *, int); 45 | 46 | #define HASH_MAGIC "|1|" 47 | #define HASH_DELIM '|' 48 | 49 | #define CA_MARKER "@cert-authority" 50 | #define REVOKE_MARKER "@revoked" 51 | 52 | char *host_hash(const char *, const char *, u_int); 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /mac.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: mac.h,v 1.8 2013/11/07 11:58:27 dtucker Exp $ */ 2 | /* 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | */ 25 | 26 | int mac_valid(const char *); 27 | char *mac_alg_list(char); 28 | int mac_setup(Mac *, char *); 29 | int mac_init(Mac *); 30 | u_char *mac_compute(Mac *, u_int32_t, u_char *, int); 31 | void mac_clear(Mac *); 32 | -------------------------------------------------------------------------------- /match.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: match.h,v 1.15 2010/02/26 20:29:54 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | #ifndef MATCH_H 15 | #define MATCH_H 16 | 17 | int match_pattern(const char *, const char *); 18 | int match_pattern_list(const char *, const char *, u_int, int); 19 | int match_hostname(const char *, const char *, u_int); 20 | int match_host_and_ip(const char *, const char *, const char *); 21 | int match_user(const char *, const char *, const char *, const char *); 22 | char *match_list(const char *, const char *, u_int *); 23 | 24 | /* addrmatch.c */ 25 | int addr_match_list(const char *, const char *); 26 | int addr_match_cidr_list(const char *, const char *); 27 | #endif 28 | -------------------------------------------------------------------------------- /md5crypt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * ---------------------------------------------------------------------------- 3 | * "THE BEER-WARE LICENSE" (Revision 42): 4 | * wrote this file. As long as you retain this notice you 5 | * can do whatever you want with this stuff. If we meet some day, and you think 6 | * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7 | * ---------------------------------------------------------------------------- 8 | */ 9 | 10 | /* $Id: md5crypt.h,v 1.4 2003/05/18 14:46:46 djm Exp $ */ 11 | 12 | #ifndef _MD5CRYPT_H 13 | #define _MD5CRYPT_H 14 | 15 | #include "config.h" 16 | 17 | #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) 18 | 19 | int is_md5_salt(const char *); 20 | char *md5_crypt(const char *, const char *); 21 | 22 | #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ 23 | 24 | #endif /* MD5CRYPT_H */ 25 | -------------------------------------------------------------------------------- /mkinstalldirs: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # mkinstalldirs --- make directory hierarchy 3 | # Author: Noah Friedman 4 | # Created: 1993-05-16 5 | # Public domain 6 | 7 | # $Id: mkinstalldirs,v 1.2 2003/11/21 12:48:55 djm Exp $ 8 | 9 | errstatus=0 10 | 11 | for file 12 | do 13 | set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` 14 | shift 15 | 16 | pathcomp= 17 | for d 18 | do 19 | pathcomp="$pathcomp$d" 20 | case "$pathcomp" in 21 | -* ) pathcomp=./$pathcomp ;; 22 | esac 23 | 24 | if test ! -d "$pathcomp"; then 25 | echo "mkdir $pathcomp" 26 | 27 | mkdir "$pathcomp" || lasterr=$? 28 | 29 | if test ! -d "$pathcomp"; then 30 | errstatus=$lasterr 31 | fi 32 | fi 33 | 34 | pathcomp="$pathcomp/" 35 | done 36 | done 37 | 38 | exit $errstatus 39 | 40 | # mkinstalldirs ends here 41 | -------------------------------------------------------------------------------- /monitor_fdpass.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: monitor_fdpass.h,v 1.4 2007/09/04 03:21:03 djm Exp $ */ 2 | 3 | /* 4 | * Copyright 2002 Niels Provos 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | #ifndef _MM_FDPASS_H_ 29 | #define _MM_FDPASS_H_ 30 | 31 | int mm_send_fd(int, int); 32 | int mm_receive_fd(int); 33 | 34 | #endif /* _MM_FDPASS_H_ */ 35 | -------------------------------------------------------------------------------- /msg.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: msg.h,v 1.4 2006/03/25 22:22:43 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | */ 25 | #ifndef SSH_MSG_H 26 | #define SSH_MSG_H 27 | 28 | int ssh_msg_send(int, u_char, Buffer *); 29 | int ssh_msg_recv(int, Buffer *); 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /openbsd-compat/Makefile.in: -------------------------------------------------------------------------------- 1 | # $Id: Makefile.in,v 1.55 2014/02/04 00:37:50 djm Exp $ 2 | 3 | sysconfdir=@sysconfdir@ 4 | piddir=@piddir@ 5 | srcdir=@srcdir@ 6 | top_srcdir=@top_srcdir@ 7 | 8 | VPATH=@srcdir@ 9 | CC=@CC@ 10 | LD=@LD@ 11 | CFLAGS=@CFLAGS@ 12 | CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ 13 | LIBS=@LIBS@ 14 | AR=@AR@ 15 | RANLIB=@RANLIB@ 16 | INSTALL=@INSTALL@ 17 | LDFLAGS=-L. @LDFLAGS@ 18 | 19 | OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o 20 | 21 | COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o 22 | 23 | PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o 24 | 25 | .c.o: 26 | $(CC) $(CFLAGS) $(CPPFLAGS) -c $< 27 | 28 | all: libopenbsd-compat.a 29 | 30 | $(COMPAT): ../config.h 31 | $(OPENBSD): ../config.h 32 | $(PORTS): ../config.h 33 | 34 | libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS) 35 | $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) 36 | $(RANLIB) $@ 37 | 38 | clean: 39 | rm -f *.o *.a core 40 | 41 | distclean: clean 42 | rm -f Makefile *~ 43 | -------------------------------------------------------------------------------- /openbsd-compat/basename.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: basename.c,v 1.14 2005/08/08 08:05:33 espie Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 1997, 2004 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /* OPENBSD ORIGINAL: lib/libc/gen/basename.c */ 20 | 21 | #include "includes.h" 22 | #ifndef HAVE_BASENAME 23 | #include 24 | #include 25 | 26 | char * 27 | basename(const char *path) 28 | { 29 | static char bname[MAXPATHLEN]; 30 | size_t len; 31 | const char *endp, *startp; 32 | 33 | /* Empty or NULL string gets treated as "." */ 34 | if (path == NULL || *path == '\0') { 35 | bname[0] = '.'; 36 | bname[1] = '\0'; 37 | return (bname); 38 | } 39 | 40 | /* Strip any trailing slashes */ 41 | endp = path + strlen(path) - 1; 42 | while (endp > path && *endp == '/') 43 | endp--; 44 | 45 | /* All slashes becomes "/" */ 46 | if (endp == path && *endp == '/') { 47 | bname[0] = '/'; 48 | bname[1] = '\0'; 49 | return (bname); 50 | } 51 | 52 | /* Find the start of the base */ 53 | startp = endp; 54 | while (startp > path && *(startp - 1) != '/') 55 | startp--; 56 | 57 | len = endp - startp + 1; 58 | if (len >= sizeof(bname)) { 59 | errno = ENAMETOOLONG; 60 | return (NULL); 61 | } 62 | memcpy(bname, startp, len); 63 | bname[len] = '\0'; 64 | return (bname); 65 | } 66 | 67 | #endif /* !defined(HAVE_BASENAME) */ 68 | -------------------------------------------------------------------------------- /openbsd-compat/bsd-getpeereid.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2002,2004 Damien Miller 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "includes.h" 18 | 19 | #if !defined(HAVE_GETPEEREID) 20 | 21 | #include 22 | #include 23 | 24 | #include 25 | 26 | #if defined(SO_PEERCRED) 27 | int 28 | getpeereid(int s, uid_t *euid, gid_t *gid) 29 | { 30 | struct ucred cred; 31 | socklen_t len = sizeof(cred); 32 | 33 | if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0) 34 | return (-1); 35 | *euid = cred.uid; 36 | *gid = cred.gid; 37 | 38 | return (0); 39 | } 40 | #elif defined(HAVE_GETPEERUCRED) 41 | 42 | #ifdef HAVE_UCRED_H 43 | # include 44 | #endif 45 | 46 | int 47 | getpeereid(int s, uid_t *euid, gid_t *gid) 48 | { 49 | ucred_t *ucred = NULL; 50 | 51 | if (getpeerucred(s, &ucred) == -1) 52 | return (-1); 53 | if ((*euid = ucred_geteuid(ucred)) == -1) 54 | return (-1); 55 | if ((*gid = ucred_getrgid(ucred)) == -1) 56 | return (-1); 57 | 58 | ucred_free(ucred); 59 | 60 | return (0); 61 | } 62 | #else 63 | int 64 | getpeereid(int s, uid_t *euid, gid_t *gid) 65 | { 66 | *euid = geteuid(); 67 | *gid = getgid(); 68 | 69 | return (0); 70 | } 71 | #endif /* defined(SO_PEERCRED) */ 72 | 73 | #endif /* !defined(HAVE_GETPEEREID) */ 74 | -------------------------------------------------------------------------------- /openbsd-compat/bsd-poll.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: poll.h,v 1.11 2003/12/10 23:10:08 millert Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 1996 Theo de Raadt 5 | * All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | /* OPENBSD ORIGINAL: sys/sys/poll.h */ 29 | 30 | #if !defined(HAVE_POLL) && !defined(HAVE_POLL_H) 31 | #ifndef _COMPAT_POLL_H_ 32 | #define _COMPAT_POLL_H_ 33 | 34 | typedef struct pollfd { 35 | int fd; 36 | short events; 37 | short revents; 38 | } pollfd_t; 39 | 40 | typedef unsigned int nfds_t; 41 | 42 | #define POLLIN 0x0001 43 | #define POLLOUT 0x0004 44 | #define POLLERR 0x0008 45 | #if 0 46 | /* the following are currently not implemented */ 47 | #define POLLPRI 0x0002 48 | #define POLLHUP 0x0010 49 | #define POLLNVAL 0x0020 50 | #define POLLRDNORM 0x0040 51 | #define POLLNORM POLLRDNORM 52 | #define POLLWRNORM POLLOUT 53 | #define POLLRDBAND 0x0080 54 | #define POLLWRBAND 0x0100 55 | #endif 56 | 57 | #define INFTIM (-1) /* not standard */ 58 | 59 | int poll(struct pollfd *, nfds_t, int); 60 | #endif /* !_COMPAT_POLL_H_ */ 61 | #endif /* !HAVE_POLL_H */ 62 | -------------------------------------------------------------------------------- /openbsd-compat/bsd-setres_id.h: -------------------------------------------------------------------------------- 1 | /* $Id: bsd-setres_id.h,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2012 Darren Tucker (dtucker at zip com au). 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #ifndef HAVE_SETRESGID 20 | int setresgid(gid_t, gid_t, gid_t); 21 | #endif 22 | #ifndef HAVE_SETRESUID 23 | int setresuid(uid_t, uid_t, uid_t); 24 | #endif 25 | -------------------------------------------------------------------------------- /openbsd-compat/bsd-waitpid.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2000 Ben Lindstrom. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 1. Redistributions of source code must retain the above copyright 8 | * notice, this list of conditions and the following disclaimer. 9 | * 2. Redistributions in binary form must reproduce the above copyright 10 | * notice, this list of conditions and the following disclaimer in the 11 | * documentation and/or other materials provided with the distribution. 12 | * 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #include "includes.h" 26 | 27 | #ifndef HAVE_WAITPID 28 | #include 29 | #include 30 | #include "bsd-waitpid.h" 31 | 32 | pid_t 33 | waitpid(int pid, int *stat_loc, int options) 34 | { 35 | union wait statusp; 36 | pid_t wait_pid; 37 | 38 | if (pid <= 0) { 39 | if (pid != -1) { 40 | errno = EINVAL; 41 | return (-1); 42 | } 43 | /* wait4() wants pid=0 for indiscriminate wait. */ 44 | pid = 0; 45 | } 46 | wait_pid = wait4(pid, &statusp, options, NULL); 47 | if (stat_loc) 48 | *stat_loc = (int) statusp.w_status; 49 | 50 | return (wait_pid); 51 | } 52 | 53 | #endif /* !HAVE_WAITPID */ 54 | -------------------------------------------------------------------------------- /openbsd-compat/bsd-waitpid.h: -------------------------------------------------------------------------------- 1 | /* $Id: bsd-waitpid.h,v 1.5 2003/08/29 16:59:52 mouring Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2000 Ben Lindstrom. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | * 26 | */ 27 | 28 | #ifndef _BSD_WAITPID_H 29 | #define _BSD_WAITPID_H 30 | 31 | #ifndef HAVE_WAITPID 32 | /* Clean out any potental issues */ 33 | #undef WIFEXITED 34 | #undef WIFSTOPPED 35 | #undef WIFSIGNALED 36 | 37 | /* Define required functions to mimic a POSIX look and feel */ 38 | #define _W_INT(w) (*(int*)&(w)) /* convert union wait to int */ 39 | #define WIFEXITED(w) (!((_W_INT(w)) & 0377)) 40 | #define WIFSTOPPED(w) ((_W_INT(w)) & 0100) 41 | #define WIFSIGNALED(w) (!WIFEXITED(w) && !WIFSTOPPED(w)) 42 | #define WEXITSTATUS(w) (int)(WIFEXITED(w) ? ((_W_INT(w) >> 8) & 0377) : -1) 43 | #define WTERMSIG(w) (int)(WIFSIGNALED(w) ? (_W_INT(w) & 0177) : -1) 44 | #define WCOREFLAG 0x80 45 | #define WCOREDUMP(w) ((_W_INT(w)) & WCOREFLAG) 46 | 47 | /* Prototype */ 48 | pid_t waitpid(int, int *, int); 49 | 50 | #endif /* !HAVE_WAITPID */ 51 | #endif /* _BSD_WAITPID_H */ 52 | -------------------------------------------------------------------------------- /openbsd-compat/charclass.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain, 2008, Todd C. Miller 3 | * 4 | * $OpenBSD: charclass.h,v 1.1 2008/10/01 23:04:13 millert Exp $ 5 | */ 6 | 7 | /* OPENBSD ORIGINAL: lib/libc/gen/charclass.h */ 8 | 9 | /* 10 | * POSIX character class support for fnmatch() and glob(). 11 | */ 12 | static struct cclass { 13 | const char *name; 14 | int (*isctype)(int); 15 | } cclasses[] = { 16 | { "alnum", isalnum }, 17 | { "alpha", isalpha }, 18 | { "blank", isblank }, 19 | { "cntrl", iscntrl }, 20 | { "digit", isdigit }, 21 | { "graph", isgraph }, 22 | { "lower", islower }, 23 | { "print", isprint }, 24 | { "punct", ispunct }, 25 | { "space", isspace }, 26 | { "upper", isupper }, 27 | { "xdigit", isxdigit }, 28 | { NULL, NULL } 29 | }; 30 | 31 | #define NCCLASSES (sizeof(cclasses) / sizeof(cclasses[0]) - 1) 32 | -------------------------------------------------------------------------------- /openbsd-compat/dirname.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: dirname.c,v 1.13 2005/08/08 08:05:33 espie Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 1997, 2004 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */ 20 | 21 | #include "includes.h" 22 | #ifndef HAVE_DIRNAME 23 | 24 | #include 25 | #include 26 | #include 27 | 28 | char * 29 | dirname(const char *path) 30 | { 31 | static char dname[MAXPATHLEN]; 32 | size_t len; 33 | const char *endp; 34 | 35 | /* Empty or NULL string gets treated as "." */ 36 | if (path == NULL || *path == '\0') { 37 | dname[0] = '.'; 38 | dname[1] = '\0'; 39 | return (dname); 40 | } 41 | 42 | /* Strip any trailing slashes */ 43 | endp = path + strlen(path) - 1; 44 | while (endp > path && *endp == '/') 45 | endp--; 46 | 47 | /* Find the start of the dir */ 48 | while (endp > path && *endp != '/') 49 | endp--; 50 | 51 | /* Either the dir is "/" or there are no slashes */ 52 | if (endp == path) { 53 | dname[0] = *endp == '/' ? '/' : '.'; 54 | dname[1] = '\0'; 55 | return (dname); 56 | } else { 57 | /* Move forward past the separating slashes */ 58 | do { 59 | endp--; 60 | } while (endp > path && *endp == '/'); 61 | } 62 | 63 | len = endp - path + 1; 64 | if (len >= sizeof(dname)) { 65 | errno = ENAMETOOLONG; 66 | return (NULL); 67 | } 68 | memcpy(dname, path, len); 69 | dname[len] = '\0'; 70 | return (dname); 71 | } 72 | #endif 73 | -------------------------------------------------------------------------------- /openbsd-compat/explicit_bzero.c: -------------------------------------------------------------------------------- 1 | /* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */ 2 | /* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */ 3 | /* 4 | * Public domain. 5 | * Written by Ted Unangst 6 | */ 7 | 8 | #include "includes.h" 9 | 10 | #ifndef HAVE_EXPLICIT_BZERO 11 | 12 | /* 13 | * explicit_bzero - don't let the compiler optimize away bzero 14 | */ 15 | void 16 | explicit_bzero(void *p, size_t n) 17 | { 18 | bzero(p, n); 19 | } 20 | #endif 21 | -------------------------------------------------------------------------------- /openbsd-compat/port-irix.h: -------------------------------------------------------------------------------- 1 | /* $Id: port-irix.h,v 1.4 2003/08/29 16:59:52 mouring Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2000 Denis Parker. All rights reserved. 5 | * Copyright (c) 2000 Michael Stone. All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | #ifndef _PORT_IRIX_H 29 | #define _PORT_IRIX_H 30 | 31 | #if defined(WITH_IRIX_PROJECT) || \ 32 | defined(WITH_IRIX_JOBS) || \ 33 | defined(WITH_IRIX_ARRAY) 34 | 35 | void irix_setusercontext(struct passwd *pw); 36 | 37 | #endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ 38 | 39 | #endif /* ! _PORT_IRIX_H */ 40 | -------------------------------------------------------------------------------- /openbsd-compat/port-linux.h: -------------------------------------------------------------------------------- 1 | /* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2006 Damien Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #ifndef _PORT_LINUX_H 20 | #define _PORT_LINUX_H 21 | 22 | #ifdef WITH_SELINUX 23 | int ssh_selinux_enabled(void); 24 | void ssh_selinux_setup_pty(char *, const char *); 25 | void ssh_selinux_setup_exec_context(char *); 26 | void ssh_selinux_change_context(const char *); 27 | void ssh_selinux_setfscreatecon(const char *); 28 | #endif 29 | 30 | #ifdef LINUX_OOM_ADJUST 31 | void oom_adjust_restore(void); 32 | void oom_adjust_setup(void); 33 | #endif 34 | 35 | #endif /* ! _PORT_LINUX_H */ 36 | -------------------------------------------------------------------------------- /openbsd-compat/port-solaris.h: -------------------------------------------------------------------------------- 1 | /* $Id: port-solaris.h,v 1.2 2010/11/05 01:03:05 dtucker Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2006 Chad Mynhier. 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #ifndef _PORT_SOLARIS_H 20 | 21 | #include 22 | 23 | #include 24 | 25 | void solaris_contract_pre_fork(void); 26 | void solaris_contract_post_fork_child(void); 27 | void solaris_contract_post_fork_parent(pid_t pid); 28 | void solaris_set_default_project(struct passwd *); 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /openbsd-compat/port-tun.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005 Reyk Floeter 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #ifndef _PORT_TUN_H 18 | #define _PORT_TUN_H 19 | 20 | struct Channel; 21 | 22 | #if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD) 23 | # define CUSTOM_SYS_TUN_OPEN 24 | int sys_tun_open(int, int); 25 | #endif 26 | 27 | #if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF) 28 | # define SSH_TUN_FILTER 29 | int sys_tun_infilter(struct Channel *, char *, int); 30 | u_char *sys_tun_outfilter(struct Channel *, u_char **, u_int *); 31 | #endif 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /openbsd-compat/port-uw.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005 Tim Rice. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 1. Redistributions of source code must retain the above copyright 8 | * notice, this list of conditions and the following disclaimer. 9 | * 2. Redistributions in binary form must reproduce the above copyright 10 | * notice, this list of conditions and the following disclaimer in the 11 | * documentation and/or other materials provided with the distribution. 12 | * 13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #include "includes.h" 26 | 27 | #ifdef USE_LIBIAF 28 | char * get_iaf_password(struct passwd *pw); 29 | #endif 30 | 31 | -------------------------------------------------------------------------------- /openbsd-compat/readpassphrase.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2000, 2002 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | * 18 | * Sponsored in part by the Defense Advanced Research Projects 19 | * Agency (DARPA) and Air Force Research Laboratory, Air Force 20 | * Materiel Command, USAF, under agreement number F39502-99-1-0512. 21 | */ 22 | 23 | /* OPENBSD ORIGINAL: include/readpassphrase.h */ 24 | 25 | #ifndef _READPASSPHRASE_H_ 26 | #define _READPASSPHRASE_H_ 27 | 28 | #include "includes.h" 29 | 30 | #ifndef HAVE_READPASSPHRASE 31 | 32 | #define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */ 33 | #define RPP_ECHO_ON 0x01 /* Leave echo on. */ 34 | #define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */ 35 | #define RPP_FORCELOWER 0x04 /* Force input to lower case. */ 36 | #define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ 37 | #define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ 38 | #define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */ 39 | 40 | char * readpassphrase(const char *, char *, size_t, int); 41 | 42 | #endif /* HAVE_READPASSPHRASE */ 43 | 44 | #endif /* !_READPASSPHRASE_H_ */ 45 | -------------------------------------------------------------------------------- /openbsd-compat/regress/Makefile.in: -------------------------------------------------------------------------------- 1 | # $Id: Makefile.in,v 1.4 2006/08/19 09:12:14 dtucker Exp $ 2 | 3 | sysconfdir=@sysconfdir@ 4 | piddir=@piddir@ 5 | srcdir=@srcdir@ 6 | top_srcdir=@top_srcdir@ 7 | 8 | VPATH=@srcdir@ 9 | CC=@CC@ 10 | LD=@LD@ 11 | CFLAGS=@CFLAGS@ 12 | CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ 13 | EXEEXT=@EXEEXT@ 14 | LIBCOMPAT=../libopenbsd-compat.a 15 | LIBS=@LIBS@ 16 | LDFLAGS=@LDFLAGS@ $(LIBCOMPAT) 17 | 18 | TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ 19 | strtonumtest$(EXEEXT) 20 | 21 | all: t-exec ${OTHERTESTS} 22 | 23 | %$(EXEEXT): %.c 24 | $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS) 25 | 26 | t-exec: $(TESTPROGS) 27 | @echo running compat regress tests 28 | @for TEST in ""$?; do \ 29 | echo "run test $${TEST}" ... 1>&2; \ 30 | ./$${TEST}$(EXEEXT) || exit $$? ; \ 31 | done 32 | @echo finished compat regress tests 33 | 34 | clean: 35 | rm -f *.o *.a core $(TESTPROGS) valid.out 36 | 37 | distclean: clean 38 | rm -f Makefile *~ 39 | -------------------------------------------------------------------------------- /openbsd-compat/regress/closefromtest.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2006 Darren Tucker 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | #define NUM_OPENS 10 26 | 27 | int closefrom(int); 28 | 29 | void 30 | fail(char *msg) 31 | { 32 | fprintf(stderr, "closefrom: %s\n", msg); 33 | exit(1); 34 | } 35 | 36 | int 37 | main(void) 38 | { 39 | int i, max, fds[NUM_OPENS]; 40 | char buf[512]; 41 | 42 | for (i = 0; i < NUM_OPENS; i++) 43 | if ((fds[i] = open("/dev/null", O_RDONLY)) == -1) 44 | exit(0); /* can't test */ 45 | max = i - 1; 46 | 47 | /* should close last fd only */ 48 | closefrom(fds[max]); 49 | if (close(fds[max]) != -1) 50 | fail("failed to close highest fd"); 51 | 52 | /* make sure we can still use remaining descriptors */ 53 | for (i = 0; i < max; i++) 54 | if (read(fds[i], buf, sizeof(buf)) == -1) 55 | fail("closed descriptors it should not have"); 56 | 57 | /* should close all fds */ 58 | closefrom(fds[0]); 59 | for (i = 0; i < NUM_OPENS; i++) 60 | if (close(fds[i]) != -1) 61 | fail("failed to close from lowest fd"); 62 | return 0; 63 | } 64 | -------------------------------------------------------------------------------- /openbsd-compat/regress/snprintftest.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005 Darren Tucker 3 | * Copyright (c) 2005 Damien Miller 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #define BUFSZ 2048 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | static int failed = 0; 27 | 28 | static void 29 | fail(const char *m) 30 | { 31 | fprintf(stderr, "snprintftest: %s\n", m); 32 | failed = 1; 33 | } 34 | 35 | int x_snprintf(char *str, size_t count, const char *fmt, ...) 36 | { 37 | size_t ret; 38 | va_list ap; 39 | 40 | va_start(ap, fmt); 41 | ret = vsnprintf(str, count, fmt, ap); 42 | va_end(ap); 43 | return ret; 44 | } 45 | 46 | int 47 | main(void) 48 | { 49 | char b[5]; 50 | char *src; 51 | 52 | snprintf(b,5,"123456789"); 53 | if (b[4] != '\0') 54 | fail("snprintf does not correctly terminate long strings"); 55 | 56 | /* check for read overrun on unterminated string */ 57 | if ((src = malloc(BUFSZ)) == NULL) { 58 | fail("malloc failed"); 59 | } else { 60 | memset(src, 'a', BUFSZ); 61 | snprintf(b, sizeof(b), "%.*s", 1, src); 62 | if (strcmp(b, "a") != 0) 63 | fail("failed with length limit '%%.s'"); 64 | } 65 | 66 | /* check that snprintf and vsnprintf return sane values */ 67 | if (snprintf(b, 1, "%s %d", "hello", 12345) != 11) 68 | fail("snprintf does not return required length"); 69 | if (x_snprintf(b, 1, "%s %d", "hello", 12345) != 11) 70 | fail("vsnprintf does not return required length"); 71 | 72 | return failed; 73 | } 74 | -------------------------------------------------------------------------------- /openbsd-compat/regress/strduptest.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005 Darren Tucker 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | static int fail = 0; 21 | 22 | void 23 | test(const char *a) 24 | { 25 | char *b; 26 | 27 | b = strdup(a); 28 | if (b == 0) { 29 | fail = 1; 30 | return; 31 | } 32 | if (strcmp(a, b) != 0) 33 | fail = 1; 34 | free(b); 35 | } 36 | 37 | int 38 | main(void) 39 | { 40 | test(""); 41 | test("a"); 42 | test("\0"); 43 | test("abcdefghijklmnopqrstuvwxyz"); 44 | return fail; 45 | } 46 | -------------------------------------------------------------------------------- /openbsd-compat/strlcat.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 1998 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */ 20 | 21 | #include "includes.h" 22 | #ifndef HAVE_STRLCAT 23 | 24 | #include 25 | #include 26 | 27 | /* 28 | * Appends src to string dst of size siz (unlike strncat, siz is the 29 | * full size of dst, not space left). At most siz-1 characters 30 | * will be copied. Always NUL terminates (unless siz <= strlen(dst)). 31 | * Returns strlen(src) + MIN(siz, strlen(initial dst)). 32 | * If retval >= siz, truncation occurred. 33 | */ 34 | size_t 35 | strlcat(char *dst, const char *src, size_t siz) 36 | { 37 | char *d = dst; 38 | const char *s = src; 39 | size_t n = siz; 40 | size_t dlen; 41 | 42 | /* Find the end of dst and adjust bytes left but don't go past end */ 43 | while (n-- != 0 && *d != '\0') 44 | d++; 45 | dlen = d - dst; 46 | n = siz - dlen; 47 | 48 | if (n == 0) 49 | return(dlen + strlen(s)); 50 | while (*s != '\0') { 51 | if (n != 1) { 52 | *d++ = *s; 53 | n--; 54 | } 55 | s++; 56 | } 57 | *d = '\0'; 58 | 59 | return(dlen + (s - src)); /* count does not include NUL */ 60 | } 61 | 62 | #endif /* !HAVE_STRLCAT */ 63 | -------------------------------------------------------------------------------- /openbsd-compat/strlcpy.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: strlcpy.c,v 1.11 2006/05/05 15:27:38 millert Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 1998 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ 20 | 21 | #include "includes.h" 22 | #ifndef HAVE_STRLCPY 23 | 24 | #include 25 | #include 26 | 27 | /* 28 | * Copy src to string dst of size siz. At most siz-1 characters 29 | * will be copied. Always NUL terminates (unless siz == 0). 30 | * Returns strlen(src); if retval >= siz, truncation occurred. 31 | */ 32 | size_t 33 | strlcpy(char *dst, const char *src, size_t siz) 34 | { 35 | char *d = dst; 36 | const char *s = src; 37 | size_t n = siz; 38 | 39 | /* Copy as many bytes as will fit */ 40 | if (n != 0) { 41 | while (--n != 0) { 42 | if ((*d++ = *s++) == '\0') 43 | break; 44 | } 45 | } 46 | 47 | /* Not enough room in dst, add NUL and traverse rest of src */ 48 | if (n == 0) { 49 | if (siz != 0) 50 | *d = '\0'; /* NUL-terminate dst */ 51 | while (*s++) 52 | ; 53 | } 54 | 55 | return(s - src - 1); /* count does not include NUL */ 56 | } 57 | 58 | #endif /* !HAVE_STRLCPY */ 59 | -------------------------------------------------------------------------------- /openbsd-compat/strnlen.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: strnlen.c,v 1.3 2010/06/02 12:58:12 millert Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2010 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | /* OPENBSD ORIGINAL: lib/libc/string/strnlen.c */ 20 | 21 | #include "config.h" 22 | #ifndef HAVE_STRNLEN 23 | #include 24 | 25 | #include 26 | 27 | size_t 28 | strnlen(const char *str, size_t maxlen) 29 | { 30 | const char *cp; 31 | 32 | for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) 33 | ; 34 | 35 | return (size_t)(cp - str); 36 | } 37 | #endif 38 | -------------------------------------------------------------------------------- /openbsd-compat/strtonum.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2004 Ted Unangst and Todd Miller 5 | * All rights reserved. 6 | * 7 | * Permission to use, copy, modify, and distribute this software for any 8 | * purpose with or without fee is hereby granted, provided that the above 9 | * copyright notice and this permission notice appear in all copies. 10 | * 11 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | */ 19 | 20 | /* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */ 21 | 22 | #include "includes.h" 23 | 24 | #ifndef HAVE_STRTONUM 25 | #include 26 | #include 27 | #include 28 | 29 | #define INVALID 1 30 | #define TOOSMALL 2 31 | #define TOOLARGE 3 32 | 33 | long long 34 | strtonum(const char *numstr, long long minval, long long maxval, 35 | const char **errstrp) 36 | { 37 | long long ll = 0; 38 | char *ep; 39 | int error = 0; 40 | struct errval { 41 | const char *errstr; 42 | int err; 43 | } ev[4] = { 44 | { NULL, 0 }, 45 | { "invalid", EINVAL }, 46 | { "too small", ERANGE }, 47 | { "too large", ERANGE }, 48 | }; 49 | 50 | ev[0].err = errno; 51 | errno = 0; 52 | if (minval > maxval) 53 | error = INVALID; 54 | else { 55 | ll = strtoll(numstr, &ep, 10); 56 | if (numstr == ep || *ep != '\0') 57 | error = INVALID; 58 | else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) 59 | error = TOOSMALL; 60 | else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) 61 | error = TOOLARGE; 62 | } 63 | if (errstrp != NULL) 64 | *errstrp = ev[error].errstr; 65 | errno = ev[error].err; 66 | if (error) 67 | ll = 0; 68 | 69 | return (ll); 70 | } 71 | 72 | #endif /* HAVE_STRTONUM */ 73 | -------------------------------------------------------------------------------- /openbsd-compat/timingsafe_bcmp.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $ */ 2 | /* 3 | * Copyright (c) 2010 Damien Miller. All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | /* OPENBSD ORIGINAL: lib/libc/string/timingsafe_bcmp.c */ 19 | 20 | #include "includes.h" 21 | #ifndef HAVE_TIMINGSAFE_BCMP 22 | 23 | int 24 | timingsafe_bcmp(const void *b1, const void *b2, size_t n) 25 | { 26 | const unsigned char *p1 = b1, *p2 = b2; 27 | int ret = 0; 28 | 29 | for (; n > 0; n--) 30 | ret |= *p1++ ^ *p2++; 31 | return (ret != 0); 32 | } 33 | 34 | #endif /* TIMINGSAFE_BCMP */ 35 | -------------------------------------------------------------------------------- /opensshd.init.in: -------------------------------------------------------------------------------- 1 | #!@STARTUP_SCRIPT_SHELL@ 2 | # Donated code that was put under PD license. 3 | # 4 | # Stripped PRNGd out of it for the time being. 5 | 6 | umask 022 7 | 8 | CAT=@CAT@ 9 | KILL=@KILL@ 10 | 11 | prefix=@prefix@ 12 | sysconfdir=@sysconfdir@ 13 | piddir=@piddir@ 14 | 15 | SSHD=$prefix/sbin/sshd 16 | PIDFILE=$piddir/sshd.pid 17 | PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'` 18 | [ X$PidFile = X ] || PIDFILE=$PidFile 19 | SSH_KEYGEN=$prefix/bin/ssh-keygen 20 | HOST_KEY_RSA1=$sysconfdir/ssh_host_key 21 | HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key 22 | HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key 23 | @COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key 24 | 25 | 26 | checkkeys() { 27 | if [ ! -f $HOST_KEY_RSA1 ]; then 28 | ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" 29 | fi 30 | if [ ! -f $HOST_KEY_DSA ]; then 31 | ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" 32 | fi 33 | if [ ! -f $HOST_KEY_RSA ]; then 34 | ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" 35 | fi 36 | @COMMENT_OUT_ECC@ if [ ! -f $HOST_KEY_ECDSA ]; then 37 | @COMMENT_OUT_ECC@ ${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N "" 38 | @COMMENT_OUT_ECC@ fi 39 | } 40 | 41 | stop_service() { 42 | if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then 43 | PID=`${CAT} ${PIDFILE}` 44 | fi 45 | if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then 46 | ${KILL} ${PID} 47 | else 48 | echo "Unable to read PID file" 49 | fi 50 | } 51 | 52 | start_service() { 53 | # XXX We really should check if the service is already going, but 54 | # XXX we will opt out at this time. - Bal 55 | 56 | # Check to see if we have keys that need to be made 57 | checkkeys 58 | 59 | # Start SSHD 60 | echo "starting $SSHD... \c" ; $SSHD 61 | 62 | sshd_rc=$? 63 | if [ $sshd_rc -ne 0 ]; then 64 | echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing." 65 | exit $sshd_rc 66 | fi 67 | echo done. 68 | } 69 | 70 | case $1 in 71 | 72 | 'start') 73 | start_service 74 | ;; 75 | 76 | 'stop') 77 | stop_service 78 | ;; 79 | 80 | 'restart') 81 | stop_service 82 | start_service 83 | ;; 84 | 85 | *) 86 | echo "$0: usage: $0 {start|stop|restart}" 87 | ;; 88 | esac 89 | -------------------------------------------------------------------------------- /platform.h: -------------------------------------------------------------------------------- 1 | /* $Id: platform.h,v 1.9 2013/09/22 09:02:40 dtucker Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2006 Darren Tucker. All rights reserved. 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #include 20 | 21 | #include 22 | 23 | void platform_pre_listen(void); 24 | void platform_pre_fork(void); 25 | void platform_pre_restart(void); 26 | void platform_post_fork_parent(pid_t child_pid); 27 | void platform_post_fork_child(void); 28 | int platform_privileged_uidswap(void); 29 | void platform_setusercontext(struct passwd *); 30 | void platform_setusercontext_post_groups(struct passwd *); 31 | char *platform_get_krb5_client(const char *); 32 | char *platform_krb5_get_principal_name(const char *); 33 | int platform_sys_dir_uid(uid_t); 34 | -------------------------------------------------------------------------------- /poly1305.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: poly1305.h,v 1.2 2013/12/19 22:57:13 djm Exp $ */ 2 | 3 | /* 4 | * Public Domain poly1305 from Andrew Moon 5 | * poly1305-donna-unrolled.c from https://github.com/floodyberry/poly1305-donna 6 | */ 7 | 8 | #ifndef POLY1305_H 9 | #define POLY1305_H 10 | 11 | #include 12 | 13 | #define POLY1305_KEYLEN 32 14 | #define POLY1305_TAGLEN 16 15 | 16 | void poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen, 17 | const u_char key[POLY1305_KEYLEN]) 18 | __attribute__((__bounded__(__minbytes__, 1, POLY1305_TAGLEN))) 19 | __attribute__((__bounded__(__buffer__, 2, 3))) 20 | __attribute__((__bounded__(__minbytes__, 4, POLY1305_KEYLEN))); 21 | 22 | #endif /* POLY1305_H */ 23 | -------------------------------------------------------------------------------- /progressmeter.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: progressmeter.h,v 1.2 2006/03/25 22:22:43 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2002 Nils Nordman. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | */ 25 | 26 | void start_progress_meter(char *, off_t, off_t *); 27 | void stop_progress_meter(void); 28 | -------------------------------------------------------------------------------- /regress/addrmatch.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: addrmatch.sh,v 1.4 2012/05/13 01:42:32 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="address match" 5 | 6 | mv $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7 | 8 | run_trial() 9 | { 10 | user="$1"; addr="$2"; host="$3"; laddr="$4"; lport="$5" 11 | expected="$6"; descr="$7" 12 | 13 | verbose "test $descr for $user $addr $host" 14 | result=`${SSHD} -f $OBJ/sshd_proxy -T \ 15 | -C user=${user},addr=${addr},host=${host},laddr=${laddr},lport=${lport} | \ 16 | awk '/^forcecommand/ {print $2}'` 17 | if [ "$result" != "$expected" ]; then 18 | fail "failed '$descr' expected $expected got $result" 19 | fi 20 | } 21 | 22 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 23 | cat >>$OBJ/sshd_proxy < /dev/null 23 | r=$? 24 | if [ $r -ne 0 ]; then 25 | fail "could not start ssh-agent: exit code $r" 26 | else 27 | chmod 644 ${SSH_AUTH_SOCK} 28 | 29 | ssh-add -l > /dev/null 2>&1 30 | r=$? 31 | if [ $r -ne 1 ]; then 32 | fail "ssh-add failed with $r != 1" 33 | fi 34 | 35 | < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null 36 | r=$? 37 | if [ $r -lt 2 ]; then 38 | fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 39 | fi 40 | 41 | trace "kill agent" 42 | ${SSHAGENT} -k > /dev/null 43 | fi 44 | 45 | rm -f ${OBJ}/agent 46 | -------------------------------------------------------------------------------- /regress/agent-pkcs11.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="pkcs11 agent test" 5 | 6 | TEST_SSH_PIN="" 7 | TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0 8 | 9 | # setup environment for soft-pkcs11 token 10 | SOFTPKCS11RC=$OBJ/pkcs11.info 11 | export SOFTPKCS11RC 12 | # prevent ssh-agent from calling ssh-askpass 13 | SSH_ASKPASS=/usr/bin/true 14 | export SSH_ASKPASS 15 | unset DISPLAY 16 | 17 | # start command w/o tty, so ssh-add accepts pin from stdin 18 | notty() { 19 | perl -e 'use POSIX; POSIX::setsid(); 20 | if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@" 21 | } 22 | 23 | trace "start agent" 24 | eval `${SSHAGENT} -s` > /dev/null 25 | r=$? 26 | if [ $r -ne 0 ]; then 27 | fail "could not start ssh-agent: exit code $r" 28 | else 29 | trace "generating key/cert" 30 | rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt 31 | openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1 32 | chmod 600 $OBJ/pkcs11.key 33 | openssl req -key $OBJ/pkcs11.key -new -x509 \ 34 | -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null 35 | printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC 36 | # add to authorized keys 37 | ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER 38 | 39 | trace "add pkcs11 key to agent" 40 | echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1 41 | r=$? 42 | if [ $r -ne 0 ]; then 43 | fail "ssh-add -s failed: exit code $r" 44 | fi 45 | 46 | trace "pkcs11 list via agent" 47 | ${SSHADD} -l > /dev/null 2>&1 48 | r=$? 49 | if [ $r -ne 0 ]; then 50 | fail "ssh-add -l failed: exit code $r" 51 | fi 52 | 53 | trace "pkcs11 connect via agent" 54 | ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5 55 | r=$? 56 | if [ $r -ne 5 ]; then 57 | fail "ssh connect failed (exit code $r)" 58 | fi 59 | 60 | trace "remove pkcs11 keys" 61 | echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1 62 | r=$? 63 | if [ $r -ne 0 ]; then 64 | fail "ssh-add -e failed: exit code $r" 65 | fi 66 | 67 | trace "kill agent" 68 | ${SSHAGENT} -k > /dev/null 69 | fi 70 | -------------------------------------------------------------------------------- /regress/agent-ptrace.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: agent-ptrace.sh,v 1.2 2014/02/27 21:21:25 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="disallow agent ptrace attach" 5 | 6 | if have_prog uname ; then 7 | case `uname` in 8 | AIX|CYGWIN*|OSF1) 9 | echo "skipped (not supported on this platform)" 10 | exit 0 11 | ;; 12 | esac 13 | fi 14 | 15 | if have_prog gdb ; then 16 | : ok 17 | else 18 | echo "skipped (gdb not found)" 19 | exit 0 20 | fi 21 | 22 | if $OBJ/setuid-allowed ${SSHAGENT} ; then 23 | : ok 24 | else 25 | echo "skipped (${SSHAGENT} is mounted on a no-setuid filesystem)" 26 | exit 0 27 | fi 28 | 29 | if test -z "$SUDO" ; then 30 | echo "skipped (SUDO not set)" 31 | exit 0 32 | else 33 | $SUDO chown 0 ${SSHAGENT} 34 | $SUDO chgrp 0 ${SSHAGENT} 35 | $SUDO chmod 2755 ${SSHAGENT} 36 | fi 37 | 38 | trace "start agent" 39 | eval `${SSHAGENT} -s` > /dev/null 40 | r=$? 41 | if [ $r -ne 0 ]; then 42 | fail "could not start ssh-agent: exit code $r" 43 | else 44 | # ls -l ${SSH_AUTH_SOCK} 45 | gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF 46 | quit 47 | EOF 48 | r=$? 49 | if [ $r -ne 0 ]; then 50 | fail "gdb failed: exit code $r" 51 | fi 52 | egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null ${OBJ}/gdb.out 53 | r=$? 54 | rm -f ${OBJ}/gdb.out 55 | if [ $r -ne 0 ]; then 56 | fail "ptrace succeeded?: exit code $r" 57 | fi 58 | 59 | trace "kill agent" 60 | ${SSHAGENT} -k > /dev/null 61 | fi 62 | -------------------------------------------------------------------------------- /regress/agent-timeout.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: agent-timeout.sh,v 1.2 2013/05/17 01:16:09 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="agent timeout test" 5 | 6 | SSHAGENT_TIMEOUT=10 7 | 8 | trace "start agent" 9 | eval `${SSHAGENT} -s` > /dev/null 10 | r=$? 11 | if [ $r -ne 0 ]; then 12 | fail "could not start ssh-agent: exit code $r" 13 | else 14 | trace "add keys with timeout" 15 | for t in rsa rsa1; do 16 | ${SSHADD} -t ${SSHAGENT_TIMEOUT} $OBJ/$t > /dev/null 2>&1 17 | if [ $? -ne 0 ]; then 18 | fail "ssh-add did succeed exit code 0" 19 | fi 20 | done 21 | n=`${SSHADD} -l 2> /dev/null | wc -l` 22 | trace "agent has $n keys" 23 | if [ $n -ne 2 ]; then 24 | fail "ssh-add -l did not return 2 keys: $n" 25 | fi 26 | trace "sleeping 2*${SSHAGENT_TIMEOUT} seconds" 27 | sleep ${SSHAGENT_TIMEOUT} 28 | sleep ${SSHAGENT_TIMEOUT} 29 | ${SSHADD} -l 2> /dev/null | grep 'The agent has no identities.' >/dev/null 30 | if [ $? -ne 0 ]; then 31 | fail "ssh-add -l still returns keys after timeout" 32 | fi 33 | 34 | trace "kill agent" 35 | ${SSHAGENT} -k > /dev/null 36 | fi 37 | -------------------------------------------------------------------------------- /regress/agent.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: agent.sh,v 1.10 2014/02/27 21:21:25 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="simple agent test" 5 | 6 | SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 7 | if [ $? -ne 2 ]; then 8 | fail "ssh-add -l did not fail with exit code 2" 9 | fi 10 | 11 | trace "start agent" 12 | eval `${SSHAGENT} -s` > /dev/null 13 | r=$? 14 | if [ $r -ne 0 ]; then 15 | fail "could not start ssh-agent: exit code $r" 16 | else 17 | ${SSHADD} -l > /dev/null 2>&1 18 | if [ $? -ne 1 ]; then 19 | fail "ssh-add -l did not fail with exit code 1" 20 | fi 21 | trace "overwrite authorized keys" 22 | printf '' > $OBJ/authorized_keys_$USER 23 | for t in ed25519 rsa rsa1; do 24 | # generate user key for agent 25 | rm -f $OBJ/$t-agent 26 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ 27 | fail "ssh-keygen for $t-agent failed" 28 | # add to authorized keys 29 | cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER 30 | # add privat key to agent 31 | ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 32 | if [ $? -ne 0 ]; then 33 | fail "ssh-add did succeed exit code 0" 34 | fi 35 | done 36 | ${SSHADD} -l > /dev/null 2>&1 37 | r=$? 38 | if [ $r -ne 0 ]; then 39 | fail "ssh-add -l failed: exit code $r" 40 | fi 41 | # the same for full pubkey output 42 | ${SSHADD} -L > /dev/null 2>&1 43 | r=$? 44 | if [ $r -ne 0 ]; then 45 | fail "ssh-add -L failed: exit code $r" 46 | fi 47 | 48 | trace "simple connect via agent" 49 | for p in 1 2; do 50 | ${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p 51 | r=$? 52 | if [ $r -ne 5$p ]; then 53 | fail "ssh connect with protocol $p failed (exit code $r)" 54 | fi 55 | done 56 | 57 | trace "agent forwarding" 58 | for p in 1 2; do 59 | ${SSH} -A -$p -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 60 | r=$? 61 | if [ $r -ne 0 ]; then 62 | fail "ssh-add -l via agent fwd proto $p failed (exit code $r)" 63 | fi 64 | ${SSH} -A -$p -F $OBJ/ssh_proxy somehost \ 65 | "${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p" 66 | r=$? 67 | if [ $r -ne 5$p ]; then 68 | fail "agent fwd proto $p failed (exit code $r)" 69 | fi 70 | done 71 | 72 | trace "delete all agent keys" 73 | ${SSHADD} -D > /dev/null 2>&1 74 | r=$? 75 | if [ $r -ne 0 ]; then 76 | fail "ssh-add -D failed: exit code $r" 77 | fi 78 | 79 | trace "kill agent" 80 | ${SSHAGENT} -k > /dev/null 81 | fi 82 | -------------------------------------------------------------------------------- /regress/banner.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: banner.sh,v 1.2 2003/10/11 11:49:49 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="banner" 5 | echo "Banner $OBJ/banner.in" >> $OBJ/sshd_proxy 6 | 7 | rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in 8 | touch $OBJ/empty.in 9 | 10 | trace "test missing banner file" 11 | verbose "test $tid: missing banner file" 12 | ( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ 13 | cmp $OBJ/empty.in $OBJ/banner.out ) || \ 14 | fail "missing banner file" 15 | 16 | for s in 0 10 100 1000 10000 100000 ; do 17 | if [ "$s" = "0" ]; then 18 | # create empty banner 19 | touch $OBJ/banner.in 20 | elif [ "$s" = "10" ]; then 21 | # create 10-byte banner file 22 | echo "abcdefghi" >$OBJ/banner.in 23 | else 24 | # increase size 10x 25 | cp $OBJ/banner.in $OBJ/banner.out 26 | for i in 0 1 2 3 4 5 6 7 8 ; do 27 | cat $OBJ/banner.out >> $OBJ/banner.in 28 | done 29 | fi 30 | 31 | trace "test banner size $s" 32 | verbose "test $tid: size $s" 33 | ( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ 34 | cmp $OBJ/banner.in $OBJ/banner.out ) || \ 35 | fail "banner size $s mismatch" 36 | done 37 | 38 | trace "test suppress banner (-q)" 39 | verbose "test $tid: suppress banner (-q)" 40 | ( ${SSH} -q -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ 41 | cmp $OBJ/empty.in $OBJ/banner.out ) || \ 42 | fail "suppress banner (-q)" 43 | 44 | rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in 45 | -------------------------------------------------------------------------------- /regress/broken-pipe.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: broken-pipe.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="broken pipe test" 5 | 6 | for p in 1 2; do 7 | trace "protocol $p" 8 | for i in 1 2 3 4; do 9 | ${SSH} -$p -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true 10 | r=$? 11 | if [ $r -ne 0 ]; then 12 | fail "broken pipe returns $r for protocol $p" 13 | fi 14 | done 15 | done 16 | -------------------------------------------------------------------------------- /regress/brokenkeys.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: brokenkeys.sh,v 1.1 2004/10/29 23:59:22 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="broken keys" 5 | 6 | KEYS="$OBJ/authorized_keys_${USER}" 7 | 8 | start_sshd 9 | 10 | mv ${KEYS} ${KEYS}.bak 11 | 12 | # Truncated key 13 | echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEABTM= bad key" > $KEYS 14 | cat ${KEYS}.bak >> ${KEYS} 15 | cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER 16 | 17 | ${SSH} -2 -F $OBJ/ssh_config somehost true 18 | if [ $? -ne 0 ]; then 19 | fail "ssh connect with protocol $p failed" 20 | fi 21 | 22 | mv ${KEYS}.bak ${KEYS} 23 | 24 | -------------------------------------------------------------------------------- /regress/cipher-speed.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: cipher-speed.sh,v 1.11 2013/11/21 03:18:51 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="cipher speed" 5 | 6 | getbytes () 7 | { 8 | sed -n -e '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' \ 9 | -e '/copied/s/.*s, \(.* MB.s\).*/\1/p' 10 | } 11 | 12 | tries="1 2" 13 | 14 | for c in `${SSH} -Q cipher`; do n=0; for m in `${SSH} -Q mac`; do 15 | trace "proto 2 cipher $c mac $m" 16 | for x in $tries; do 17 | printf "%-60s" "$c/$m:" 18 | ( ${SSH} -o 'compression no' \ 19 | -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ 20 | exec sh -c \'"dd of=/dev/null obs=32k"\' \ 21 | < ${DATA} ) 2>&1 | getbytes 22 | 23 | if [ $? -ne 0 ]; then 24 | fail "ssh -2 failed with mac $m cipher $c" 25 | fi 26 | done 27 | # No point trying all MACs for AEAD ciphers since they are ignored. 28 | if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then 29 | break 30 | fi 31 | n=`expr $n + 1` 32 | done; done 33 | 34 | ciphers="3des blowfish" 35 | for c in $ciphers; do 36 | trace "proto 1 cipher $c" 37 | for x in $tries; do 38 | printf "%-60s" "$c:" 39 | ( ${SSH} -o 'compression no' \ 40 | -F $OBJ/ssh_proxy -1 -c $c somehost \ 41 | exec sh -c \'"dd of=/dev/null obs=32k"\' \ 42 | < ${DATA} ) 2>&1 | getbytes 43 | if [ $? -ne 0 ]; then 44 | fail "ssh -1 failed with cipher $c" 45 | fi 46 | done 47 | done 48 | -------------------------------------------------------------------------------- /regress/conch-ciphers.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: conch-ciphers.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="conch ciphers" 5 | 6 | if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then 7 | echo "conch interop tests not enabled" 8 | exit 0 9 | fi 10 | 11 | start_sshd 12 | 13 | for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ 14 | cast128-cbc blowfish 3des-cbc ; do 15 | verbose "$tid: cipher $c" 16 | rm -f ${COPY} 17 | # XXX the 2nd "cat" seems to be needed because of buggy FD handling 18 | # in conch 19 | ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ 20 | --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ 21 | 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} 22 | if [ $? -ne 0 ]; then 23 | fail "ssh cat $DATA failed" 24 | fi 25 | cmp ${DATA} ${COPY} || fail "corrupted copy" 26 | done 27 | rm -f ${COPY} 28 | 29 | -------------------------------------------------------------------------------- /regress/connect-privsep.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: connect-privsep.sh,v 1.4 2012/07/02 14:37:06 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="proxy connect with privsep" 5 | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig 7 | echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy 8 | 9 | for p in 1 2; do 10 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 11 | if [ $? -ne 0 ]; then 12 | fail "ssh privsep+proxyconnect protocol $p failed" 13 | fi 14 | done 15 | 16 | cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy 17 | echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy 18 | 19 | for p in 1 2; do 20 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 21 | if [ $? -ne 0 ]; then 22 | # XXX replace this with fail once sandbox has stabilised 23 | warn "ssh privsep/sandbox+proxyconnect protocol $p failed" 24 | fi 25 | done 26 | 27 | # Because sandbox is sensitive to changes in libc, especially malloc, retest 28 | # with every malloc.conf option (and none). 29 | for m in '' A F G H J P R S X Z '<' '>'; do 30 | for p in 1 2; do 31 | env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 32 | if [ $? -ne 0 ]; then 33 | fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed" 34 | fi 35 | done 36 | done 37 | -------------------------------------------------------------------------------- /regress/connect.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="simple connect" 5 | 6 | start_sshd 7 | 8 | for p in 1 2; do 9 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true 10 | if [ $? -ne 0 ]; then 11 | fail "ssh connect with protocol $p failed" 12 | fi 13 | done 14 | -------------------------------------------------------------------------------- /regress/dhgex.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: dhgex.sh,v 1.1 2014/01/25 04:35:32 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="dhgex" 5 | 6 | LOG=${TEST_SSH_LOGFILE} 7 | rm -f ${LOG} 8 | 9 | kexs=`${SSH} -Q kex | grep diffie-hellman-group-exchange` 10 | 11 | ssh_test_dhgex() 12 | { 13 | bits="$1"; shift 14 | cipher="$1"; shift 15 | kex="$1"; shift 16 | 17 | rm -f ${LOG} 18 | opts="-oKexAlgorithms=$kex -oCiphers=$cipher" 19 | groupsz="1024<$bits<8192" 20 | verbose "$tid bits $bits $kex $cipher" 21 | ${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true 22 | if [ $? -ne 0 ]; then 23 | fail "ssh failed ($@)" 24 | fi 25 | # check what we request 26 | grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null 27 | if [ $? != 0 ]; then 28 | got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}` 29 | fail "$tid unexpected GEX sizes, expected $groupsz, got $got" 30 | fi 31 | # check what we got (depends on contents of system moduli file) 32 | gotbits="`awk '/bits set:/{print $4}' ${LOG} | head -1 | cut -f2 -d/`" 33 | if [ "$gotbits" -lt "$bits" ]; then 34 | fatal "$tid expected $bits bit group, got $gotbits" 35 | fi 36 | } 37 | 38 | check() 39 | { 40 | bits="$1"; shift 41 | 42 | for c in $@; do 43 | for k in $kexs; do 44 | ssh_test_dhgex $bits $c $k 45 | done 46 | done 47 | } 48 | 49 | #check 2048 3des-cbc 50 | check 3072 `${SSH} -Q cipher | grep 128` 51 | check 3072 arcfour blowfish-cbc 52 | check 7680 `${SSH} -Q cipher | grep 192` 53 | check 8192 `${SSH} -Q cipher | grep 256` 54 | check 8192 rijndael-cbc@lysator.liu.se chacha20-poly1305@openssh.com 55 | -------------------------------------------------------------------------------- /regress/dsa_ssh2.prv: -------------------------------------------------------------------------------- 1 | ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- 2 | Subject: ssh-keygen test 3 | Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100" 4 | P2/56wAAAgIAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA 5 | AEbm9uZQAAAcQAAAHAAAAAAAAABACwUfm3AxZTut3icBmwCcD48nY64HzuELlQ+vEqjIcR 6 | Lo49es/DQTeLNQ+kdKRCfouosGNv0WqxRtF0tUsWdXxS37oHGa4QPugBdHRd7YlZGZv8kg 7 | x7FsoepY7v7E683/97dv2zxL3AGagTEzWr7fl0yPexAaZoDvtQrrjX44BLmwAABACWQkvv 8 | MxnD8eFkS1konFfMJ1CkuRfTN34CBZ6dY7VTSGemy4QwtFdMKmoufD0eKgy3p5WOeWCYKt 9 | F4FhjHKZk/aaxFjjIbtkrnlvXg64QI11dSZyBN6/ViQkHPSkUDF+A6AAEhrNbQbAFSvao1 10 | kTvNtPCtL0AkUIduEMzGQfLCTAAAAKDeC043YVo9Zo0zAEeIA4uZh4LBCQAAA/9aj7Y5ik 11 | ehygJ4qTDSlVypsPuV+n59tMS0e2pfrSG87yf5r94AKBmJeho5OO6wYaXCxsVB7AFbSUD6 12 | 75AK8mHF4v1/+7SWKk5f8xlMCMSPZ9K0+j/W1d/q2qkhnnDZolOHDomLA+U00i5ya/jnTV 13 | zyDPWLFpWK8u3xGBPAYX324gAAAKDHFvooRnaXdZbeWGTTqmgHB1GU9A== 14 | ---- END SSH2 ENCRYPTED PRIVATE KEY ---- 15 | -------------------------------------------------------------------------------- /regress/dsa_ssh2.pub: -------------------------------------------------------------------------------- 1 | ---- BEGIN SSH2 PUBLIC KEY ---- 2 | Subject: ssh-keygen test 3 | Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100" 4 | AAAAB3NzaC1kc3MAAACBALBR+bcDFlO63eJwGbAJwPjydjrgfO4QuVD68SqMhxEujj16z8 5 | NBN4s1D6R0pEJ+i6iwY2/RarFG0XS1SxZ1fFLfugcZrhA+6AF0dF3tiVkZm/ySDHsWyh6l 6 | ju/sTrzf/3t2/bPEvcAZqBMTNavt+XTI97EBpmgO+1CuuNfjgEubAAAAFQDeC043YVo9Zo 7 | 0zAEeIA4uZh4LBCQAAAIEAlkJL7zMZw/HhZEtZKJxXzCdQpLkX0zd+AgWenWO1U0hnpsuE 8 | MLRXTCpqLnw9HioMt6eVjnlgmCrReBYYxymZP2msRY4yG7ZK55b14OuECNdXUmcgTev1Yk 9 | JBz0pFAxfgOgABIazW0GwBUr2qNZE7zbTwrS9AJFCHbhDMxkHywkwAAACAWo+2OYpHocoC 10 | eKkw0pVcqbD7lfp+fbTEtHtqX60hvO8n+a/eACgZiXoaOTjusGGlwsbFQewBW0lA+u+QCv 11 | JhxeL9f/u0lipOX/MZTAjEj2fStPo/1tXf6tqpIZ5w2aJThw6JiwPlNNIucmv4501c8gz1 12 | ixaVivLt8RgTwGF99uI= 13 | ---- END SSH2 PUBLIC KEY ---- 14 | -------------------------------------------------------------------------------- /regress/dynamic-forward.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: dynamic-forward.sh,v 1.10 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="dynamic forwarding" 5 | 6 | FWDPORT=`expr $PORT + 1` 7 | 8 | if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then 9 | proxycmd="nc -x 127.0.0.1:$FWDPORT -X" 10 | elif have_prog connect; then 11 | proxycmd="connect -S 127.0.0.1:$FWDPORT -" 12 | else 13 | echo "skipped (no suitable ProxyCommand found)" 14 | exit 0 15 | fi 16 | trace "will use ProxyCommand $proxycmd" 17 | 18 | start_sshd 19 | 20 | for p in 1 2; do 21 | n=0 22 | error="1" 23 | trace "start dynamic forwarding, fork to background" 24 | while [ "$error" -ne 0 -a "$n" -lt 3 ]; do 25 | n=`expr $n + 1` 26 | ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q \ 27 | -oExitOnForwardFailure=yes somehost exec sh -c \ 28 | \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' 29 | error=$? 30 | if [ "$error" -ne 0 ]; then 31 | trace "forward failed proto $p attempt $n err $error" 32 | sleep $n 33 | fi 34 | done 35 | if [ "$error" -ne 0 ]; then 36 | fatal "failed to start dynamic forwarding proto $p" 37 | fi 38 | 39 | for s in 4 5; do 40 | for h in 127.0.0.1 localhost; do 41 | trace "testing ssh protocol $p socks version $s host $h" 42 | ${SSH} -F $OBJ/ssh_config \ 43 | -o "ProxyCommand ${proxycmd}${s} $h $PORT" \ 44 | somehost cat $DATA > $OBJ/ls.copy 45 | test -f $OBJ/ls.copy || fail "failed copy $DATA" 46 | cmp $DATA $OBJ/ls.copy || fail "corrupted copy of $DATA" 47 | done 48 | done 49 | 50 | if [ -f $OBJ/remote_pid ]; then 51 | remote=`cat $OBJ/remote_pid` 52 | trace "terminate remote shell, pid $remote" 53 | if [ $remote -gt 1 ]; then 54 | kill -HUP $remote 55 | fi 56 | else 57 | fail "no pid file: $OBJ/remote_pid" 58 | fi 59 | done 60 | -------------------------------------------------------------------------------- /regress/envpass.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: envpass.sh,v 1.4 2005/03/04 08:48:46 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="environment passing" 5 | 6 | # NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST) 7 | 8 | # Prepare a custom config to test for a configuration parsing bug fixed in 4.0 9 | cat << EOF > $OBJ/ssh_proxy_envpass 10 | Host test-sendenv-confparse-bug 11 | SendEnv * 12 | EOF 13 | cat $OBJ/ssh_proxy >> $OBJ/ssh_proxy_envpass 14 | 15 | trace "pass env, don't accept" 16 | verbose "test $tid: pass env, don't accept" 17 | _TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy_envpass otherhost \ 18 | sh << 'EOF' 19 | test -z "$_TEST_ENV" 20 | EOF 21 | r=$? 22 | if [ $r -ne 0 ]; then 23 | fail "environment found" 24 | fi 25 | 26 | trace "don't pass env, accept" 27 | verbose "test $tid: don't pass env, accept" 28 | _XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -F $OBJ/ssh_proxy_envpass otherhost \ 29 | sh << 'EOF' 30 | test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B" 31 | EOF 32 | r=$? 33 | if [ $r -ne 0 ]; then 34 | fail "environment found" 35 | fi 36 | 37 | trace "pass single env, accept single env" 38 | verbose "test $tid: pass single env, accept single env" 39 | _XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy_envpass \ 40 | otherhost sh << 'EOF' 41 | test X"$_XXX_TEST" = X"blah" 42 | EOF 43 | r=$? 44 | if [ $r -ne 0 ]; then 45 | fail "environment not found" 46 | fi 47 | 48 | trace "pass multiple env, accept multiple env" 49 | verbose "test $tid: pass multiple env, accept multiple env" 50 | _XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \ 51 | -F $OBJ/ssh_proxy_envpass otherhost \ 52 | sh << 'EOF' 53 | test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2" 54 | EOF 55 | r=$? 56 | if [ $r -ne 0 ]; then 57 | fail "environment not found" 58 | fi 59 | 60 | rm -f $OBJ/ssh_proxy_envpass 61 | -------------------------------------------------------------------------------- /regress/exit-status.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: exit-status.sh,v 1.6 2002/03/15 13:08:56 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="remote exit status" 5 | 6 | for p in 1 2; do 7 | for s in 0 1 4 5 44; do 8 | trace "proto $p status $s" 9 | verbose "test $tid: proto $p status $s" 10 | ${SSH} -$p -F $OBJ/ssh_proxy otherhost exit $s 11 | r=$? 12 | if [ $r -ne $s ]; then 13 | fail "exit code mismatch for protocol $p: $r != $s" 14 | fi 15 | 16 | # same with early close of stdout/err 17 | ${SSH} -$p -F $OBJ/ssh_proxy -n otherhost \ 18 | exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' 19 | r=$? 20 | if [ $r -ne $s ]; then 21 | fail "exit code (with sleep) mismatch for protocol $p: $r != $s" 22 | fi 23 | done 24 | done 25 | -------------------------------------------------------------------------------- /regress/forcecommand.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: forcecommand.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="forced command" 5 | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7 | 8 | printf 'command="true" ' >$OBJ/authorized_keys_$USER 9 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER 10 | printf 'command="true" ' >>$OBJ/authorized_keys_$USER 11 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER 12 | 13 | for p in 1 2; do 14 | trace "forced command in key option proto $p" 15 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || 16 | fail "forced command in key proto $p" 17 | done 18 | 19 | printf 'command="false" ' >$OBJ/authorized_keys_$USER 20 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER 21 | printf 'command="false" ' >>$OBJ/authorized_keys_$USER 22 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER 23 | 24 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 25 | echo "ForceCommand true" >> $OBJ/sshd_proxy 26 | 27 | for p in 1 2; do 28 | trace "forced command in sshd_config overrides key option proto $p" 29 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || 30 | fail "forced command in key proto $p" 31 | done 32 | 33 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy 34 | echo "ForceCommand false" >> $OBJ/sshd_proxy 35 | echo "Match User $USER" >> $OBJ/sshd_proxy 36 | echo " ForceCommand true" >> $OBJ/sshd_proxy 37 | 38 | for p in 1 2; do 39 | trace "forced command with match proto $p" 40 | ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || 41 | fail "forced command in key proto $p" 42 | done 43 | -------------------------------------------------------------------------------- /regress/host-expand.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: host-expand.sh,v 1.3 2014/02/27 23:17:41 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="expand %h and %n" 5 | 6 | echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy 7 | printf 'LocalCommand printf "%%%%s\\n" "%%n" "%%h"\n' >> $OBJ/ssh_proxy 8 | 9 | cat >$OBJ/expect <$OBJ/actual 17 | diff $OBJ/expect $OBJ/actual || fail "$tid proto $p" 18 | done 19 | 20 | -------------------------------------------------------------------------------- /regress/kextype.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: kextype.sh,v 1.4 2013/11/07 04:26:56 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="login with different key exchange algorithms" 5 | 6 | TIME=/usr/bin/time 7 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 8 | cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 9 | 10 | tries="1 2 3 4" 11 | for k in `${SSH} -Q kex`; do 12 | verbose "kex $k" 13 | for i in $tries; do 14 | ${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true 15 | if [ $? -ne 0 ]; then 16 | fail "ssh kex $k" 17 | fi 18 | done 19 | done 20 | 21 | -------------------------------------------------------------------------------- /regress/key-options.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: key-options.sh,v 1.2 2008/06/30 08:07:34 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="key options" 5 | 6 | origkeys="$OBJ/authkeys_orig" 7 | authkeys="$OBJ/authorized_keys_${USER}" 8 | cp $authkeys $origkeys 9 | 10 | # Test command= forced command 11 | for p in 1 2; do 12 | for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do 13 | sed "s/.*/$c &/" $origkeys >$authkeys 14 | verbose "key option proto $p $c" 15 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo` 16 | if [ "$r" = "foo" ]; then 17 | fail "key option forced command not restricted" 18 | fi 19 | if [ "$r" != "bar" ]; then 20 | fail "key option forced command not executed" 21 | fi 22 | done 23 | done 24 | 25 | # Test no-pty 26 | sed 's/.*/no-pty &/' $origkeys >$authkeys 27 | for p in 1 2; do 28 | verbose "key option proto $p no-pty" 29 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty` 30 | if [ -f "$r" ]; then 31 | fail "key option failed proto $p no-pty (pty $r)" 32 | fi 33 | done 34 | 35 | # Test environment= 36 | echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy 37 | sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys 38 | for p in 1 2; do 39 | verbose "key option proto $p environment" 40 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'` 41 | if [ "$r" != "bar" ]; then 42 | fail "key option environment not set" 43 | fi 44 | done 45 | 46 | # Test from= restriction 47 | start_sshd 48 | for p in 1 2; do 49 | for f in 127.0.0.1 '127.0.0.0\/8'; do 50 | cat $origkeys >$authkeys 51 | ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true 52 | if [ $? -ne 0 ]; then 53 | fail "key option proto $p failed without restriction" 54 | fi 55 | 56 | sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys 57 | from=`head -1 $authkeys | cut -f1 -d ' '` 58 | verbose "key option proto $p $from" 59 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` 60 | if [ "$r" = "true" ]; then 61 | fail "key option proto $p $from not restricted" 62 | fi 63 | 64 | r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'` 65 | if [ "$r" != "true" ]; then 66 | fail "key option proto $p $from not allowed but should be" 67 | fi 68 | done 69 | done 70 | 71 | rm -f "$origkeys" 72 | -------------------------------------------------------------------------------- /regress/keygen-change.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="change passphrase for key" 5 | 6 | S1="secret1" 7 | S2="2secret" 8 | 9 | for t in rsa dsa rsa1; do 10 | # generate user key for agent 11 | trace "generating $t key" 12 | rm -f $OBJ/$t-key 13 | ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key 14 | if [ $? -eq 0 ]; then 15 | ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null 16 | if [ $? -ne 0 ]; then 17 | fail "ssh-keygen -p failed for $t-key" 18 | fi 19 | else 20 | fail "ssh-keygen for $t-key failed" 21 | fi 22 | rm -f $OBJ/$t-key $OBJ/$t-key.pub 23 | done 24 | -------------------------------------------------------------------------------- /regress/keygen-convert.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: keygen-convert.sh,v 1.1 2009/11/09 04:20:04 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="convert keys" 5 | 6 | for t in rsa dsa; do 7 | # generate user key for agent 8 | trace "generating $t key" 9 | rm -f $OBJ/$t-key 10 | ${SSHKEYGEN} -q -N "" -t $t -f $OBJ/$t-key 11 | 12 | trace "export $t private to rfc4716 public" 13 | ${SSHKEYGEN} -q -e -f $OBJ/$t-key >$OBJ/$t-key-rfc || \ 14 | fail "export $t private to rfc4716 public" 15 | 16 | trace "export $t public to rfc4716 public" 17 | ${SSHKEYGEN} -q -e -f $OBJ/$t-key.pub >$OBJ/$t-key-rfc.pub || \ 18 | fail "$t public to rfc4716 public" 19 | 20 | cmp $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub || \ 21 | fail "$t rfc4716 exports differ between public and private" 22 | 23 | trace "import $t rfc4716 public" 24 | ${SSHKEYGEN} -q -i -f $OBJ/$t-key-rfc >$OBJ/$t-rfc-imported || \ 25 | fail "$t import rfc4716 public" 26 | 27 | cut -f1,2 -d " " $OBJ/$t-key.pub >$OBJ/$t-key-nocomment.pub 28 | cmp $OBJ/$t-key-nocomment.pub $OBJ/$t-rfc-imported || \ 29 | fail "$t imported differs from original" 30 | 31 | rm -f $OBJ/$t-key $OBJ/$t-key.pub $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub \ 32 | $OBJ/$t-rfc-imported $OBJ/$t-key-nocomment.pub 33 | done 34 | -------------------------------------------------------------------------------- /regress/keys-command.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="authorized keys from command" 5 | 6 | if test -z "$SUDO" ; then 7 | echo "skipped (SUDO not set)" 8 | echo "need SUDO to create file in /var/run, test won't work without" 9 | exit 0 10 | fi 11 | 12 | # Establish a AuthorizedKeysCommand in /var/run where it will have 13 | # acceptable directory permissions. 14 | KEY_COMMAND="/var/run/keycommand_${LOGNAME}" 15 | cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'" 16 | #!/bin/sh 17 | test "x\$1" != "x${LOGNAME}" && exit 1 18 | exec cat "$OBJ/authorized_keys_${LOGNAME}" 19 | _EOF 20 | $SUDO chmod 0755 "$KEY_COMMAND" 21 | 22 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak 23 | ( 24 | grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak 25 | echo AuthorizedKeysFile none 26 | echo AuthorizedKeysCommand $KEY_COMMAND 27 | echo AuthorizedKeysCommandUser ${LOGNAME} 28 | ) > $OBJ/sshd_proxy 29 | 30 | if [ -x $KEY_COMMAND ]; then 31 | ${SSH} -F $OBJ/ssh_proxy somehost true 32 | if [ $? -ne 0 ]; then 33 | fail "connect failed" 34 | fi 35 | else 36 | echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)" 37 | fi 38 | 39 | $SUDO rm -f $KEY_COMMAND 40 | -------------------------------------------------------------------------------- /regress/keyscan.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: keyscan.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="keyscan" 5 | 6 | # remove DSA hostkey 7 | rm -f ${OBJ}/host.dsa 8 | 9 | start_sshd 10 | 11 | for t in rsa1 rsa dsa; do 12 | trace "keyscan type $t" 13 | ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \ 14 | > /dev/null 2>&1 15 | r=$? 16 | if [ $r -ne 0 ]; then 17 | fail "ssh-keyscan -t $t failed with: $r" 18 | fi 19 | done 20 | -------------------------------------------------------------------------------- /regress/keytype.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: keytype.sh,v 1.3 2013/12/06 13:52:46 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="login with different key types" 5 | 6 | TIME=`which time 2>/dev/null` 7 | if test ! -x "$TIME"; then 8 | TIME="" 9 | fi 10 | 11 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 12 | cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 13 | 14 | # Traditional and builtin key types. 15 | ktypes="dsa-1024 rsa-2048 rsa-3072 ed25519-512" 16 | # Types not present in all OpenSSL versions. 17 | for i in `$SSH -Q key`; do 18 | case "$i" in 19 | ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; 20 | ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; 21 | ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; 22 | esac 23 | done 24 | 25 | for kt in $ktypes; do 26 | rm -f $OBJ/key.$kt 27 | bits=`echo ${kt} | awk -F- '{print $2}'` 28 | type=`echo ${kt} | awk -F- '{print $1}'` 29 | printf "keygen $type, $bits bits:\t" 30 | ${TIME} ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\ 31 | fail "ssh-keygen for type $type, $bits bits failed" 32 | done 33 | 34 | tries="1 2 3" 35 | for ut in $ktypes; do 36 | htypes=$ut 37 | #htypes=$ktypes 38 | for ht in $htypes; do 39 | trace "ssh connect, userkey $ut, hostkey $ht" 40 | ( 41 | grep -v HostKey $OBJ/sshd_proxy_bak 42 | echo HostKey $OBJ/key.$ht 43 | ) > $OBJ/sshd_proxy 44 | ( 45 | grep -v IdentityFile $OBJ/ssh_proxy_bak 46 | echo IdentityFile $OBJ/key.$ut 47 | ) > $OBJ/ssh_proxy 48 | ( 49 | printf 'localhost-with-alias,127.0.0.1,::1 ' 50 | cat $OBJ/key.$ht.pub 51 | ) > $OBJ/known_hosts 52 | cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER 53 | for i in $tries; do 54 | printf "userkey $ut, hostkey ${ht}:\t" 55 | ${TIME} ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true 56 | if [ $? -ne 0 ]; then 57 | fail "ssh userkey $ut, hostkey $ht failed" 58 | fi 59 | done 60 | done 61 | done 62 | -------------------------------------------------------------------------------- /regress/localcommand.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: localcommand.sh,v 1.2 2013/05/17 10:24:48 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="localcommand" 5 | 6 | echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy 7 | echo 'LocalCommand echo foo' >> $OBJ/ssh_proxy 8 | 9 | for p in 1 2; do 10 | verbose "test $tid: proto $p localcommand" 11 | a=`${SSH} -F $OBJ/ssh_proxy -$p somehost true` 12 | if [ "$a" != "foo" ] ; then 13 | fail "$tid proto $p" 14 | fi 15 | done 16 | -------------------------------------------------------------------------------- /regress/login-timeout.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: login-timeout.sh,v 1.6 2014/02/27 20:04:16 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="connect after login grace timeout" 5 | 6 | trace "test login grace with privsep" 7 | cp $OBJ/sshd_config $OBJ/sshd_config.orig 8 | grep -vi LoginGraceTime $OBJ/sshd_config.orig > $OBJ/sshd_config 9 | echo "LoginGraceTime 10s" >> $OBJ/sshd_config 10 | echo "MaxStartups 1" >> $OBJ/sshd_config 11 | start_sshd 12 | 13 | (echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & 14 | sleep 15 15 | ${SSH} -F $OBJ/ssh_config somehost true 16 | if [ $? -ne 0 ]; then 17 | fail "ssh connect after login grace timeout failed with privsep" 18 | fi 19 | 20 | $SUDO kill `$SUDO cat $PIDFILE` 21 | 22 | trace "test login grace without privsep" 23 | echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config 24 | start_sshd 25 | 26 | (echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & 27 | sleep 15 28 | ${SSH} -F $OBJ/ssh_config somehost true 29 | if [ $? -ne 0 ]; then 30 | fail "ssh connect after login grace timeout failed without privsep" 31 | fi 32 | -------------------------------------------------------------------------------- /regress/portnum.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: portnum.sh,v 1.2 2013/05/17 10:34:30 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="port number parsing" 5 | 6 | badport() { 7 | port=$1 8 | verbose "$tid: invalid port $port" 9 | if ${SSH} -F $OBJ/ssh_proxy -p $port somehost true 2>/dev/null ; then 10 | fail "$tid accepted invalid port $port" 11 | fi 12 | } 13 | goodport() { 14 | port=$1 15 | verbose "$tid: valid port $port" 16 | if ${SSH} -F $OBJ/ssh_proxy -p $port somehost true 2>/dev/null ; then 17 | : 18 | else 19 | fail "$tid rejected valid port $port" 20 | fi 21 | } 22 | 23 | badport 0 24 | badport 65536 25 | badport 131073 26 | badport 2000blah 27 | badport blah2000 28 | 29 | goodport 1 30 | goodport 22 31 | goodport 2222 32 | goodport 22222 33 | goodport 65535 34 | 35 | -------------------------------------------------------------------------------- /regress/proto-mismatch.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: proto-mismatch.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="protocol version mismatch" 5 | 6 | mismatch () 7 | { 8 | server=$1 9 | client=$2 10 | banner=`echo ${client} | ${SSHD} -o "Protocol=${server}" -i -f ${OBJ}/sshd_proxy` 11 | r=$? 12 | trace "sshd prints ${banner}" 13 | if [ $r -ne 255 ]; then 14 | fail "sshd prints ${banner} and accepts connect with version ${client}" 15 | fi 16 | } 17 | 18 | mismatch 2 SSH-1.5-HALLO 19 | mismatch 1 SSH-2.0-HALLO 20 | -------------------------------------------------------------------------------- /regress/proto-version.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: proto-version.sh,v 1.4 2013/05/17 00:37:40 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="sshd version with different protocol combinations" 5 | 6 | # we just start sshd in inetd mode and check the banner 7 | check_version () 8 | { 9 | version=$1 10 | expect=$2 11 | banner=`printf '' | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` 12 | case ${banner} in 13 | SSH-1.99-*) 14 | proto=199 15 | ;; 16 | SSH-2.0-*) 17 | proto=20 18 | ;; 19 | SSH-1.5-*) 20 | proto=15 21 | ;; 22 | *) 23 | proto=0 24 | ;; 25 | esac 26 | if [ ${expect} -ne ${proto} ]; then 27 | fail "wrong protocol version ${banner} for ${version}" 28 | fi 29 | } 30 | 31 | check_version 2,1 199 32 | check_version 1,2 199 33 | check_version 2 20 34 | check_version 1 15 35 | -------------------------------------------------------------------------------- /regress/proxy-connect.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: proxy-connect.sh,v 1.6 2013/03/07 00:20:34 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="proxy connect" 5 | 6 | verbose "plain username" 7 | for p in 1 2; do 8 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true 9 | if [ $? -ne 0 ]; then 10 | fail "ssh proxyconnect protocol $p failed" 11 | fi 12 | SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'` 13 | if [ $? -ne 0 ]; then 14 | fail "ssh proxyconnect protocol $p failed" 15 | fi 16 | if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then 17 | fail "bad SSH_CONNECTION" 18 | fi 19 | done 20 | 21 | verbose "username with style" 22 | for p in 1 2; do 23 | ${SSH} -$p -F $OBJ/ssh_proxy ${USER}:style@999.999.999.999 true || \ 24 | fail "ssh proxyconnect protocol $p failed" 25 | done 26 | 27 | -------------------------------------------------------------------------------- /regress/putty-ciphers.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: putty-ciphers.sh,v 1.4 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="putty ciphers" 5 | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then 7 | echo "putty interop tests not enabled" 8 | exit 0 9 | fi 10 | 11 | for c in aes blowfish 3des arcfour aes128-ctr aes192-ctr aes256-ctr ; do 12 | verbose "$tid: cipher $c" 13 | cp ${OBJ}/.putty/sessions/localhost_proxy \ 14 | ${OBJ}/.putty/sessions/cipher_$c 15 | echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c 16 | 17 | rm -f ${COPY} 18 | env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \ 19 | 127.0.0.1 cat ${DATA} > ${COPY} 20 | if [ $? -ne 0 ]; then 21 | fail "ssh cat $DATA failed" 22 | fi 23 | cmp ${DATA} ${COPY} || fail "corrupted copy" 24 | done 25 | rm -f ${COPY} 26 | 27 | -------------------------------------------------------------------------------- /regress/putty-kex.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: putty-kex.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="putty KEX" 5 | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then 7 | echo "putty interop tests not enabled" 8 | exit 0 9 | fi 10 | 11 | for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do 12 | verbose "$tid: kex $k" 13 | cp ${OBJ}/.putty/sessions/localhost_proxy \ 14 | ${OBJ}/.putty/sessions/kex_$k 15 | echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k 16 | 17 | env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \ 18 | 127.0.0.1 true 19 | if [ $? -ne 0 ]; then 20 | fail "KEX $k failed" 21 | fi 22 | done 23 | 24 | -------------------------------------------------------------------------------- /regress/putty-transfer.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: putty-transfer.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="putty transfer data" 5 | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then 7 | echo "putty interop tests not enabled" 8 | exit 0 9 | fi 10 | 11 | # XXX support protocol 1 too 12 | for p in 2; do 13 | for c in 0 1 ; do 14 | verbose "$tid: proto $p compression $c" 15 | rm -f ${COPY} 16 | cp ${OBJ}/.putty/sessions/localhost_proxy \ 17 | ${OBJ}/.putty/sessions/compression_$c 18 | echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k 19 | env HOME=$PWD ${PLINK} -load compression_$c -batch \ 20 | -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY} 21 | if [ $? -ne 0 ]; then 22 | fail "ssh cat $DATA failed" 23 | fi 24 | cmp ${DATA} ${COPY} || fail "corrupted copy" 25 | 26 | for s in 10 100 1k 32k 64k 128k 256k; do 27 | trace "proto $p compression $c dd-size ${s}" 28 | rm -f ${COPY} 29 | dd if=$DATA obs=${s} 2> /dev/null | \ 30 | env HOME=$PWD ${PLINK} -load compression_$c \ 31 | -batch -i putty.rsa$p 127.0.0.1 \ 32 | "cat > ${COPY}" 33 | if [ $? -ne 0 ]; then 34 | fail "ssh cat $DATA failed" 35 | fi 36 | cmp $DATA ${COPY} || fail "corrupted copy" 37 | done 38 | done 39 | done 40 | rm -f ${COPY} 41 | 42 | -------------------------------------------------------------------------------- /regress/reconfigure.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: reconfigure.sh,v 1.2 2003/06/21 09:14:05 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="simple connect after reconfigure" 5 | 6 | # we need the full path to sshd for -HUP 7 | case $SSHD in 8 | /*) 9 | # full path is OK 10 | ;; 11 | *) 12 | # otherwise make fully qualified 13 | SSHD=$OBJ/$SSHD 14 | esac 15 | 16 | start_sshd 17 | 18 | PID=`$SUDO cat $PIDFILE` 19 | rm -f $PIDFILE 20 | $SUDO kill -HUP $PID 21 | 22 | trace "wait for sshd to restart" 23 | i=0; 24 | while [ ! -f $PIDFILE -a $i -lt 10 ]; do 25 | i=`expr $i + 1` 26 | sleep $i 27 | done 28 | 29 | test -f $PIDFILE || fatal "sshd did not restart" 30 | 31 | for p in 1 2; do 32 | ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true 33 | if [ $? -ne 0 ]; then 34 | fail "ssh connect with protocol $p failed after reconfigure" 35 | fi 36 | done 37 | -------------------------------------------------------------------------------- /regress/reexec.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: reexec.sh,v 1.7 2013/05/17 10:23:52 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="reexec tests" 5 | 6 | SSHD_ORIG=$SSHD 7 | SSHD_COPY=$OBJ/sshd 8 | 9 | # Start a sshd and then delete it 10 | start_sshd_copy () 11 | { 12 | cp $SSHD_ORIG $SSHD_COPY 13 | SSHD=$SSHD_COPY 14 | start_sshd 15 | SSHD=$SSHD_ORIG 16 | } 17 | 18 | # Do basic copy tests 19 | copy_tests () 20 | { 21 | rm -f ${COPY} 22 | for p in 1 2; do 23 | verbose "$tid: proto $p" 24 | ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ 25 | cat ${DATA} > ${COPY} 26 | if [ $? -ne 0 ]; then 27 | fail "ssh cat $DATA failed" 28 | fi 29 | cmp ${DATA} ${COPY} || fail "corrupted copy" 30 | rm -f ${COPY} 31 | done 32 | } 33 | 34 | verbose "test config passing" 35 | 36 | cp $OBJ/sshd_config $OBJ/sshd_config.orig 37 | start_sshd 38 | echo "InvalidXXX=no" >> $OBJ/sshd_config 39 | 40 | copy_tests 41 | 42 | $SUDO kill `$SUDO cat $PIDFILE` 43 | rm -f $PIDFILE 44 | 45 | cp $OBJ/sshd_config.orig $OBJ/sshd_config 46 | 47 | # cygwin can't fork a deleted binary 48 | if [ "$os" != "cygwin" ]; then 49 | 50 | verbose "test reexec fallback" 51 | 52 | start_sshd_copy 53 | rm -f $SSHD_COPY 54 | 55 | copy_tests 56 | 57 | $SUDO kill `$SUDO cat $PIDFILE` 58 | rm -f $PIDFILE 59 | 60 | verbose "test reexec fallback without privsep" 61 | 62 | cp $OBJ/sshd_config.orig $OBJ/sshd_config 63 | echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config 64 | 65 | start_sshd_copy 66 | rm -f $SSHD_COPY 67 | 68 | copy_tests 69 | 70 | $SUDO kill `$SUDO cat $PIDFILE` 71 | rm -f $PIDFILE 72 | 73 | fi 74 | -------------------------------------------------------------------------------- /regress/rsa_openssh.prv: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICWgIBAAKBgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko 3 | +dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3 4 | xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQIDAQAB 5 | An8nH5VzvHkMbSqJ6eOYDsVwomRvYbH5IEaYl1x6VATITNvAu9kUdQ4NsSpuMc+7 6 | Jj9gKZvmO1y2YCKc0P/iO+i/eV0L+yQh1Rw18jQZll+12T+LZrKRav03YNvMx0gN 7 | wqWY48Kt6hv2/N/ebQzKRe79+D0t2cTh92hT7xENFLIBAkEBGnoGKFjAUkJCwO1V 8 | mzpUqMHpRZVOrqP9hUmPjzNJ5oBPFGe4+h1hoSRFOAzaNuZt8ssbqaLCkzB8bfzj 9 | qhZqAQJBANZekuUpp8iBLeLSagw5FkcPwPzq6zfExbhvsZXb8Bo/4SflNs4JHXwI 10 | 7SD9Z8aJLvM4uQ/5M70lblDMQ40i3o0CQQDIJvBYBFL5tlOgakq/O7yi+wt0L5BZ 11 | 9H79w5rCSAA0IHRoK/qI1urHiHC3f3vbbLk5UStfrqEaND/mm0shyNIBAkBLsYdC 12 | /ctt5Bc0wUGK4Vl5bBmj9LtrrMJ4FpBpLwj/69BwCuKoK9XKZ0h73p6XHveCEGRg 13 | PIlFX4MtaoLrwgU9AkBV2k4dgIws+X8YX65EsyyFjnlDqX4x0nSOjQB1msIKfHBr 14 | dh5XLDBTTCxnKhMJ0Yx/opgOvf09XHBFwaQntR5i 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /regress/rsa_openssh.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko+dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQ== 2 | -------------------------------------------------------------------------------- /regress/rsa_ssh2.prv: -------------------------------------------------------------------------------- 1 | ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- 2 | Subject: ssh-keygen test 3 | Comment: "1024-bit rsa, Sat Jun 23 2001 12:21:26 -0400" 4 | P2/56wAAAi4AAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS 5 | 1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAB3wAAAdsAAAARAQABAAAD9icflXO8eQxtKonp 6 | 45gOxXCiZG9hsfkgRpiXXHpUBMhM28C72RR1Dg2xKm4xz7smP2Apm+Y7XLZgIpzQ/+I76L 7 | 95XQv7JCHVHDXyNBmWX7XZP4tmspFq/Tdg28zHSA3CpZjjwq3qG/b8395tDMpF7v34PS3Z 8 | xOH3aFPvEQ0UsgEAAAQA7IpcCnGijesEjDXdVoEPfh0akBJA9JAk1bba2sxrtDoQVN1JKP 9 | nRQ9SKdAsXV5jduSUFsTmBe4fznLvD948790U1/O8SkdGM5V0y1/ki7Rf8knm0t8Vj65X0 10 | VA4YdN4UeVfvMcb78vcInT2CsP6CLcBkrnjrBKtS03Mwg79nQI0AAAH/VdpOHYCMLPl/GF 11 | +uRLMshY55Q6l+MdJ0jo0AdZrCCnxwa3YeVywwU0wsZyoTCdGMf6KYDr39PVxwRcGkJ7Ue 12 | YgAAAgDWXpLlKafIgS3i0moMORZHD8D86us3xMW4b7GV2/AaP+En5TbOCR18CO0g/WfGiS 13 | 7zOLkP+TO9JW5QzEONIt6NAAACAQEaegYoWMBSQkLA7VWbOlSowelFlU6uo/2FSY+PM0nm 14 | gE8UZ7j6HWGhJEU4DNo25m3yyxuposKTMHxt/OOqFmoB 15 | ---- END SSH2 ENCRYPTED PRIVATE KEY ---- 16 | --- 17 | -------------------------------------------------------------------------------- /regress/scp-ssh-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # $OpenBSD: scp-ssh-wrapper.sh,v 1.3 2014/01/26 10:49:17 djm Exp $ 3 | # Placed in the Public Domain. 4 | 5 | printname () { 6 | NAME=$1 7 | save_IFS=$IFS 8 | IFS=/ 9 | set -- `echo "$NAME"` 10 | IFS="$save_IFS" 11 | while [ $# -ge 1 ] ; do 12 | if [ "x$1" != "x" ]; then 13 | echo "D0755 0 $1" 14 | fi 15 | shift; 16 | done 17 | } 18 | 19 | # Discard all but last argument. We use arg later. 20 | while test "x$1" != "x"; do 21 | arg="$1" 22 | shift 23 | done 24 | 25 | BAD="../../../../../../../../../../../../../${DIR}/dotpathdir" 26 | 27 | case "$SCPTESTMODE" in 28 | badserver_0) 29 | echo "D0755 0 /${DIR}/rootpathdir" 30 | echo "C755 2 rootpathfile" 31 | echo "X" 32 | ;; 33 | badserver_1) 34 | echo "D0755 0 $BAD" 35 | echo "C755 2 file" 36 | echo "X" 37 | ;; 38 | badserver_2) 39 | echo "D0755 0 $BAD" 40 | echo "C755 2 file" 41 | echo "X" 42 | ;; 43 | badserver_3) 44 | printname $BAD 45 | echo "C755 2 file" 46 | echo "X" 47 | ;; 48 | badserver_4) 49 | printname $BAD 50 | echo "D0755 0 .." 51 | echo "C755 2 file" 52 | echo "X" 53 | ;; 54 | *) 55 | set -- $arg 56 | shift 57 | exec $SCP "$@" 58 | ;; 59 | esac 60 | -------------------------------------------------------------------------------- /regress/setuid-allowed.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2013 Damien Miller 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | /* $OpenBSD$ */ 18 | 19 | #include "includes.h" 20 | 21 | #include 22 | #ifdef HAVE_SYS_STATVFS_H 23 | # include 24 | #endif 25 | #include 26 | #include 27 | #include 28 | 29 | void 30 | usage(void) 31 | { 32 | fprintf(stderr, "check-setuid [path]\n"); 33 | exit(1); 34 | } 35 | 36 | int 37 | main(int argc, char **argv) 38 | { 39 | const char *path = "."; 40 | struct statvfs sb; 41 | 42 | if (argc > 2) 43 | usage(); 44 | else if (argc == 2) 45 | path = argv[1]; 46 | 47 | if (statvfs(path, &sb) != 0) { 48 | /* Don't return an error if the host doesn't support statvfs */ 49 | if (errno == ENOSYS) 50 | return 0; 51 | fprintf(stderr, "statvfs for \"%s\" failed: %s\n", 52 | path, strerror(errno)); 53 | } 54 | return (sb.f_flag & ST_NOSUID) ? 1 : 0; 55 | } 56 | 57 | 58 | -------------------------------------------------------------------------------- /regress/sftp-batch.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sftp-batch.sh,v 1.5 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="sftp batchfile" 5 | 6 | BATCH=${OBJ}/sftp.bb 7 | 8 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* 9 | 10 | cat << EOF > ${BATCH}.pass.1 11 | get $DATA $COPY 12 | put ${COPY} ${COPY}.1 13 | rm ${COPY} 14 | -put ${COPY} ${COPY}.2 15 | EOF 16 | 17 | cat << EOF > ${BATCH}.pass.2 18 | # This is a comment 19 | 20 | # That was a blank line 21 | ls 22 | EOF 23 | 24 | cat << EOF > ${BATCH}.fail.1 25 | get $DATA $COPY 26 | put ${COPY} ${COPY}.3 27 | rm ${COPY}.* 28 | # The next command should fail 29 | put ${COPY}.3 ${COPY}.4 30 | EOF 31 | 32 | cat << EOF > ${BATCH}.fail.2 33 | # The next command should fail 34 | jajajajaja 35 | EOF 36 | 37 | verbose "$tid: good commands" 38 | ${SFTP} -b ${BATCH}.pass.1 -D ${SFTPSERVER} >/dev/null 2>&1 \ 39 | || fail "good commands failed" 40 | 41 | verbose "$tid: bad commands" 42 | ${SFTP} -b ${BATCH}.fail.1 -D ${SFTPSERVER} >/dev/null 2>&1 \ 43 | && fail "bad commands succeeded" 44 | 45 | verbose "$tid: comments and blanks" 46 | ${SFTP} -b ${BATCH}.pass.2 -D ${SFTPSERVER} >/dev/null 2>&1 \ 47 | || fail "comments & blanks failed" 48 | 49 | verbose "$tid: junk command" 50 | ${SFTP} -b ${BATCH}.fail.2 -D ${SFTPSERVER} >/dev/null 2>&1 \ 51 | && fail "junk command succeeded" 52 | 53 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* 54 | 55 | 56 | -------------------------------------------------------------------------------- /regress/sftp-chroot.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sftp-chroot.sh,v 1.4 2014/01/20 00:00:30 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="sftp in chroot" 5 | 6 | CHROOT=/var/run 7 | FILENAME=testdata_${USER} 8 | PRIVDATA=${CHROOT}/${FILENAME} 9 | 10 | if [ -z "$SUDO" ]; then 11 | echo "skipped: need SUDO to create file in /var/run, test won't work without" 12 | exit 0 13 | fi 14 | 15 | $SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \ 16 | fatal "create $PRIVDATA failed" 17 | 18 | start_sshd -oChrootDirectory=$CHROOT -oForceCommand="internal-sftp -d /" 19 | 20 | verbose "test $tid: get" 21 | ${SFTP} -S "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY \ 22 | >>$TEST_REGRESS_LOGFILE 2>&1 || \ 23 | fatal "Fetch ${FILENAME} failed" 24 | cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ" 25 | 26 | $SUDO rm $PRIVDATA 27 | -------------------------------------------------------------------------------- /regress/sftp.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sftp.sh,v 1.5 2013/05/17 10:28:11 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="basic sftp put/get" 5 | 6 | SFTPCMDFILE=${OBJ}/batch 7 | cat >$SFTPCMDFILE < /dev/null 2>&1 22 | r=$? 23 | if [ $r -ne 0 ]; then 24 | fail "sftp failed with $r" 25 | else 26 | cmp $DATA ${COPY}.1 || fail "corrupted copy after get" 27 | cmp $DATA ${COPY}.2 || fail "corrupted copy after put" 28 | fi 29 | done 30 | done 31 | rm -f ${COPY}.1 ${COPY}.2 32 | rm -f $SFTPCMDFILE 33 | -------------------------------------------------------------------------------- /regress/ssh-com-keygen.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: ssh-com-keygen.sh,v 1.4 2004/02/24 17:06:52 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="ssh.com key import" 5 | 6 | #TEST_COMBASE=/path/to/ssh/com/binaries 7 | if [ "X${TEST_COMBASE}" = "X" ]; then 8 | fatal '$TEST_COMBASE is not set' 9 | fi 10 | 11 | VERSIONS=" 12 | 2.0.10 13 | 2.0.12 14 | 2.0.13 15 | 2.1.0 16 | 2.2.0 17 | 2.3.0 18 | 2.3.1 19 | 2.4.0 20 | 3.0.0 21 | 3.1.0 22 | 3.2.0 23 | 3.2.2 24 | 3.2.3 25 | 3.2.5 26 | 3.2.9 27 | 3.2.9.1 28 | 3.3.0" 29 | 30 | COMPRV=${OBJ}/comkey 31 | COMPUB=${COMPRV}.pub 32 | OPENSSHPRV=${OBJ}/opensshkey 33 | OPENSSHPUB=${OPENSSHPRV}.pub 34 | 35 | # go for it 36 | for v in ${VERSIONS}; do 37 | keygen=${TEST_COMBASE}/${v}/ssh-keygen2 38 | if [ ! -x ${keygen} ]; then 39 | continue 40 | fi 41 | types="dss" 42 | case $v in 43 | 2.3.1|3.*) 44 | types="$types rsa" 45 | ;; 46 | esac 47 | for t in $types; do 48 | verbose "ssh-keygen $v/$t" 49 | rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB 50 | ${keygen} -q -P -t $t ${COMPRV} > /dev/null 2>&1 51 | if [ $? -ne 0 ]; then 52 | fail "${keygen} -t $t failed" 53 | continue 54 | fi 55 | ${SSHKEYGEN} -if ${COMPUB} > ${OPENSSHPUB} 56 | if [ $? -ne 0 ]; then 57 | fail "import public key ($v/$t) failed" 58 | continue 59 | fi 60 | ${SSHKEYGEN} -if ${COMPRV} > ${OPENSSHPRV} 61 | if [ $? -ne 0 ]; then 62 | fail "import private key ($v/$t) failed" 63 | continue 64 | fi 65 | chmod 600 ${OPENSSHPRV} 66 | ${SSHKEYGEN} -yf ${OPENSSHPRV} |\ 67 | diff - ${OPENSSHPUB} 68 | if [ $? -ne 0 ]; then 69 | fail "public keys ($v/$t) differ" 70 | fi 71 | done 72 | done 73 | 74 | rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB 75 | -------------------------------------------------------------------------------- /regress/ssh-com-sftp.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: ssh-com-sftp.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="basic sftp put/get with ssh.com server" 5 | 6 | SFTPCMDFILE=${OBJ}/batch 7 | 8 | cat >$SFTPCMDFILE < /dev/null 2>&1 54 | r=$? 55 | if [ $r -ne 0 ]; then 56 | fail "sftp failed with $r" 57 | else 58 | cmp $DATA ${COPY}.1 || fail "corrupted copy after get" 59 | cmp $DATA ${COPY}.2 || fail "corrupted copy after put" 60 | fi 61 | done 62 | done 63 | done 64 | rm -f ${COPY}.1 ${COPY}.2 65 | rm -f $SFTPCMDFILE 66 | -------------------------------------------------------------------------------- /regress/ssh2putty.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # $OpenBSD: ssh2putty.sh,v 1.2 2009/10/06 23:51:49 dtucker Exp $ 3 | 4 | if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then 5 | echo "Usage: ssh2putty hostname port ssh-private-key" 6 | exit 1 7 | fi 8 | 9 | HOST=$1 10 | PORT=$2 11 | KEYFILE=$3 12 | 13 | # XXX - support DSA keys too 14 | if grep "BEGIN RSA PRIVATE KEY" $KEYFILE >/dev/null 2>&1 ; then 15 | : 16 | else 17 | echo "Unsupported private key format" 18 | exit 1 19 | fi 20 | 21 | public_exponent=` 22 | openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent | 23 | sed 's/.*(//;s/).*//' 24 | ` 25 | test $? -ne 0 && exit 1 26 | 27 | modulus=` 28 | openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= | 29 | sed 's/^Modulus=/0x/' | tr A-Z a-z 30 | ` 31 | test $? -ne 0 && exit 1 32 | 33 | echo "rsa2@$PORT:$HOST $public_exponent,$modulus" 34 | 35 | -------------------------------------------------------------------------------- /regress/sshd-log-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # $OpenBSD: sshd-log-wrapper.sh,v 1.3 2013/04/07 02:16:03 dtucker Exp $ 3 | # Placed in the Public Domain. 4 | # 5 | # simple wrapper for sshd proxy mode to catch stderr output 6 | # sh sshd-log-wrapper.sh /path/to/sshd /path/to/logfile 7 | 8 | sshd=$1 9 | log=$2 10 | shift 11 | shift 12 | 13 | exec $sshd -E$log $@ 14 | -------------------------------------------------------------------------------- /regress/stderr-after-eof.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: stderr-after-eof.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="stderr data after eof" 5 | 6 | # setup data 7 | rm -f ${DATA} ${COPY} 8 | cp /dev/null ${DATA} 9 | for i in 1 2 3 4 5 6; do 10 | (date;echo $i) | md5 >> ${DATA} 11 | done 12 | 13 | ${SSH} -2 -F $OBJ/ssh_proxy otherhost \ 14 | exec sh -c \'"exec > /dev/null; sleep 2; cat ${DATA} 1>&2 $s"\' \ 15 | 2> ${COPY} 16 | r=$? 17 | if [ $r -ne 0 ]; then 18 | fail "ssh failed with exit code $r" 19 | fi 20 | egrep 'Disconnecting: Received extended_data after EOF' ${COPY} && 21 | fail "ext data received after eof" 22 | cmp ${DATA} ${COPY} || fail "stderr corrupt" 23 | 24 | rm -f ${DATA} ${COPY} 25 | -------------------------------------------------------------------------------- /regress/stderr-data.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: stderr-data.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="stderr data transfer" 5 | 6 | for n in '' -n; do 7 | for p in 1 2; do 8 | verbose "test $tid: proto $p ($n)" 9 | ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ 10 | exec sh -c \'"exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ 11 | 2> ${COPY} 12 | r=$? 13 | if [ $r -ne 0 ]; then 14 | fail "ssh failed with exit code $r" 15 | fi 16 | cmp ${DATA} ${COPY} || fail "stderr corrupt" 17 | rm -f ${COPY} 18 | 19 | ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ 20 | exec sh -c \'"echo a; exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ 21 | > /dev/null 2> ${COPY} 22 | r=$? 23 | if [ $r -ne 0 ]; then 24 | fail "ssh failed with exit code $r" 25 | fi 26 | cmp ${DATA} ${COPY} || fail "stderr corrupt" 27 | rm -f ${COPY} 28 | done 29 | done 30 | -------------------------------------------------------------------------------- /regress/t4.ok: -------------------------------------------------------------------------------- 1 | 3b:dd:44:e9:49:18:84:95:f1:e7:33:6b:9d:93:b1:36 2 | -------------------------------------------------------------------------------- /regress/t5.ok: -------------------------------------------------------------------------------- 1 | xokes-lylis-byleh-zebib-kalus-bihas-tevah-haroz-suhar-foved-noxex 2 | -------------------------------------------------------------------------------- /regress/transfer.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: transfer.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="transfer data" 5 | 6 | for p in 1 2; do 7 | verbose "$tid: proto $p" 8 | rm -f ${COPY} 9 | ${SSH} -n -q -$p -F $OBJ/ssh_proxy somehost cat ${DATA} > ${COPY} 10 | if [ $? -ne 0 ]; then 11 | fail "ssh cat $DATA failed" 12 | fi 13 | cmp ${DATA} ${COPY} || fail "corrupted copy" 14 | 15 | for s in 10 100 1k 32k 64k 128k 256k; do 16 | trace "proto $p dd-size ${s}" 17 | rm -f ${COPY} 18 | dd if=$DATA obs=${s} 2> /dev/null | \ 19 | ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}" 20 | if [ $? -ne 0 ]; then 21 | fail "ssh cat $DATA failed" 22 | fi 23 | cmp $DATA ${COPY} || fail "corrupted copy" 24 | done 25 | done 26 | rm -f ${COPY} 27 | -------------------------------------------------------------------------------- /regress/try-ciphers.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: try-ciphers.sh,v 1.22 2013/11/21 03:18:51 djm Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="try ciphers" 5 | 6 | for c in `${SSH} -Q cipher`; do 7 | n=0 8 | for m in `${SSH} -Q mac`; do 9 | trace "proto 2 cipher $c mac $m" 10 | verbose "test $tid: proto 2 cipher $c mac $m" 11 | ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true 12 | if [ $? -ne 0 ]; then 13 | fail "ssh -2 failed with mac $m cipher $c" 14 | fi 15 | # No point trying all MACs for AEAD ciphers since they 16 | # are ignored. 17 | if ssh -Q cipher-auth | grep "^${c}\$" >/dev/null 2>&1 ; then 18 | break 19 | fi 20 | n=`expr $n + 1` 21 | done 22 | done 23 | 24 | ciphers="3des blowfish" 25 | for c in $ciphers; do 26 | trace "proto 1 cipher $c" 27 | verbose "test $tid: proto 1 cipher $c" 28 | ${SSH} -F $OBJ/ssh_proxy -1 -c $c somehost true 29 | if [ $? -ne 0 ]; then 30 | fail "ssh -1 failed with cipher $c" 31 | fi 32 | done 33 | 34 | -------------------------------------------------------------------------------- /regress/yes-head.sh: -------------------------------------------------------------------------------- 1 | # $OpenBSD: yes-head.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ 2 | # Placed in the Public Domain. 3 | 4 | tid="yes pipe head" 5 | 6 | for p in 1 2; do 7 | lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` 8 | if [ $? -ne 0 ]; then 9 | fail "yes|head test failed" 10 | lines = 0; 11 | fi 12 | if [ $lines -ne 2000 ]; then 13 | fail "yes|head returns $lines lines instead of 2000" 14 | fi 15 | done 16 | -------------------------------------------------------------------------------- /rijndael.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: rijndael.h,v 1.12 2001/12/19 07:18:56 deraadt Exp $ */ 2 | 3 | /** 4 | * rijndael-alg-fst.h 5 | * 6 | * @version 3.0 (December 2000) 7 | * 8 | * Optimised ANSI C code for the Rijndael cipher (now AES) 9 | * 10 | * @author Vincent Rijmen 11 | * @author Antoon Bosselaers 12 | * @author Paulo Barreto 13 | * 14 | * This code is hereby placed in the public domain. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS 17 | * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE 20 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 23 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 24 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 25 | * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 26 | * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | #ifndef __RIJNDAEL_H 29 | #define __RIJNDAEL_H 30 | 31 | #define MAXKC (256/32) 32 | #define MAXKB (256/8) 33 | #define MAXNR 14 34 | 35 | typedef unsigned char u8; 36 | typedef unsigned short u16; 37 | typedef unsigned int u32; 38 | 39 | /* The structure for key information */ 40 | typedef struct { 41 | int decrypt; 42 | int Nr; /* key-length-dependent number of rounds */ 43 | u32 ek[4*(MAXNR + 1)]; /* encrypt key schedule */ 44 | u32 dk[4*(MAXNR + 1)]; /* decrypt key schedule */ 45 | } rijndael_ctx; 46 | 47 | void rijndael_set_key(rijndael_ctx *, u_char *, int, int); 48 | void rijndael_decrypt(rijndael_ctx *, u_char *, u_char *); 49 | void rijndael_encrypt(rijndael_ctx *, u_char *, u_char *); 50 | 51 | #endif /* __RIJNDAEL_H */ 52 | -------------------------------------------------------------------------------- /roaming.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2004-2009 AppGate Network Security AB 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #ifndef ROAMING_H 19 | #define ROAMING_H 20 | 21 | #define DEFAULT_ROAMBUF 65536 22 | #define MAX_ROAMBUF (2*1024*1024) /* XXX arbitrary */ 23 | #define ROAMING_REQUEST "roaming@appgate.com" 24 | 25 | extern int roaming_enabled; 26 | extern int resume_in_progress; 27 | 28 | void request_roaming(void); 29 | int get_snd_buf_size(void); 30 | int get_recv_buf_size(void); 31 | void add_recv_bytes(u_int64_t); 32 | int wait_for_roaming_reconnect(void); 33 | void roaming_reply(int, u_int32_t, void *); 34 | void set_out_buffer_size(size_t); 35 | ssize_t roaming_write(int, const void *, size_t, int *); 36 | ssize_t roaming_read(int, void *, size_t, int *); 37 | size_t roaming_atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); 38 | u_int64_t get_recv_bytes(void); 39 | u_int64_t get_sent_bytes(void); 40 | void roam_set_bytes(u_int64_t, u_int64_t); 41 | void resend_bytes(int, u_int64_t *); 42 | void calculate_new_key(u_int64_t *, u_int64_t, u_int64_t); 43 | int resume_kex(void); 44 | 45 | #endif /* ROAMING */ 46 | -------------------------------------------------------------------------------- /roaming_dummy.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: roaming_dummy.c,v 1.3 2009/06/21 09:04:03 dtucker Exp $ */ 2 | /* 3 | * Copyright (c) 2004-2009 AppGate Network Security AB 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | /* 19 | * This file is included in the client programs which should not 20 | * support roaming. 21 | */ 22 | 23 | #include "includes.h" 24 | 25 | #include 26 | #include 27 | 28 | #include "roaming.h" 29 | 30 | int resume_in_progress = 0; 31 | 32 | u_int64_t 33 | get_recv_bytes(void) 34 | { 35 | return 0; 36 | } 37 | 38 | ssize_t 39 | roaming_write(int fd, const void *buf, size_t count, int *cont) 40 | { 41 | return write(fd, buf, count); 42 | } 43 | 44 | ssize_t 45 | roaming_read(int fd, void *buf, size_t count, int *cont) 46 | { 47 | if (cont) 48 | *cont = 0; 49 | return read(fd, buf, count); 50 | } 51 | 52 | void 53 | add_recv_bytes(u_int64_t num) 54 | { 55 | } 56 | 57 | int 58 | resume_kex(void) 59 | { 60 | return 1; 61 | } 62 | -------------------------------------------------------------------------------- /roaming_serv.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: roaming_serv.c,v 1.1 2009/10/24 11:18:23 andreas Exp $ */ 2 | /* 3 | * Copyright (c) 2004-2009 AppGate Network Security AB 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "includes.h" 19 | 20 | #include 21 | 22 | #include "roaming.h" 23 | 24 | /* 25 | * Wait for the roaming client to reconnect. Returns 0 if a connect ocurred. 26 | */ 27 | int 28 | wait_for_roaming_reconnect(void) 29 | { 30 | return 1; 31 | } 32 | -------------------------------------------------------------------------------- /rsa.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: rsa.h,v 1.16 2006/03/25 22:22:43 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * RSA key generation, encryption and decryption. 8 | * 9 | * As far as I am concerned, the code I have written for this software 10 | * can be used freely for any purpose. Any derived versions of this 11 | * software must be clearly marked as such, and if the derived work is 12 | * incompatible with the protocol description in the RFC file, it must be 13 | * called by a name other than "ssh" or "Secure Shell". 14 | */ 15 | 16 | #ifndef RSA_H 17 | #define RSA_H 18 | 19 | #include 20 | #include 21 | 22 | void rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); 23 | int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); 24 | void rsa_generate_additional_parameters(RSA *); 25 | 26 | #endif /* RSA_H */ 27 | -------------------------------------------------------------------------------- /sandbox-null.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD$ */ 2 | /* 3 | * Copyright (c) 2011 Damien Miller 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "includes.h" 19 | 20 | #ifdef SANDBOX_NULL 21 | 22 | #include 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | #include "log.h" 32 | #include "ssh-sandbox.h" 33 | #include "xmalloc.h" 34 | 35 | /* dummy sandbox */ 36 | 37 | struct ssh_sandbox { 38 | int junk; 39 | }; 40 | 41 | struct ssh_sandbox * 42 | ssh_sandbox_init(struct monitor *monitor) 43 | { 44 | struct ssh_sandbox *box; 45 | 46 | /* 47 | * Strictly, we don't need to maintain any state here but we need 48 | * to return non-NULL to satisfy the API. 49 | */ 50 | box = xcalloc(1, sizeof(*box)); 51 | return box; 52 | } 53 | 54 | void 55 | ssh_sandbox_child(struct ssh_sandbox *box) 56 | { 57 | /* Nothing to do here */ 58 | } 59 | 60 | void 61 | ssh_sandbox_parent_finish(struct ssh_sandbox *box) 62 | { 63 | free(box); 64 | } 65 | 66 | void 67 | ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) 68 | { 69 | /* Nothing to do here */ 70 | } 71 | 72 | #endif /* SANDBOX_NULL */ 73 | -------------------------------------------------------------------------------- /serverloop.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: serverloop.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | /* 15 | * Performs the interactive session. This handles data transmission between 16 | * the client and the program. Note that the notion of stdin, stdout, and 17 | * stderr in this function is sort of reversed: this function writes to stdin 18 | * (of the child program), and reads from stdout and stderr (of the child 19 | * program). 20 | */ 21 | #ifndef SERVERLOOP_H 22 | #define SERVERLOOP_H 23 | 24 | void server_loop(pid_t, int, int, int); 25 | void server_loop2(Authctxt *); 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /sftp-common.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: sftp-common.h,v 1.11 2010/01/13 01:40:16 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. 5 | * Copyright (c) 2001 Damien Miller. All rights reserved. 6 | * 7 | * Redistribution and use in source and binary forms, with or without 8 | * modification, are permitted provided that the following conditions 9 | * are met: 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | /* Maximum packet that we are willing to send/accept */ 29 | #define SFTP_MAX_MSG_LENGTH (256 * 1024) 30 | 31 | typedef struct Attrib Attrib; 32 | 33 | /* File attributes */ 34 | struct Attrib { 35 | u_int32_t flags; 36 | u_int64_t size; 37 | u_int32_t uid; 38 | u_int32_t gid; 39 | u_int32_t perm; 40 | u_int32_t atime; 41 | u_int32_t mtime; 42 | }; 43 | 44 | void attrib_clear(Attrib *); 45 | void stat_to_attrib(const struct stat *, Attrib *); 46 | void attrib_to_stat(const Attrib *, struct stat *); 47 | Attrib *decode_attrib(Buffer *); 48 | void encode_attrib(Buffer *, const Attrib *); 49 | char *ls_file(const char *, const struct stat *, int, int); 50 | 51 | const char *fx2txt(int); 52 | -------------------------------------------------------------------------------- /sftp-server-main.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: sftp-server-main.c,v 1.4 2009/02/21 19:32:04 tobias Exp $ */ 2 | /* 3 | * Copyright (c) 2008 Markus Friedl. All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include "includes.h" 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #include "log.h" 27 | #include "sftp.h" 28 | #include "misc.h" 29 | 30 | void 31 | cleanup_exit(int i) 32 | { 33 | sftp_server_cleanup_exit(i); 34 | } 35 | 36 | int 37 | main(int argc, char **argv) 38 | { 39 | struct passwd *user_pw; 40 | 41 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 42 | sanitise_stdfd(); 43 | 44 | if ((user_pw = getpwuid(getuid())) == NULL) { 45 | fprintf(stderr, "No user found for uid %lu\n", 46 | (u_long)getuid()); 47 | return 1; 48 | } 49 | 50 | return (sftp_server_main(argc, argv, user_pw)); 51 | } 52 | -------------------------------------------------------------------------------- /ssh-keysign.0: -------------------------------------------------------------------------------- 1 | SSH-KEYSIGN(8) OpenBSD System Manager's Manual SSH-KEYSIGN(8) 2 | 3 | NAME 4 | ssh-keysign - ssh helper program for host-based authentication 5 | 6 | SYNOPSIS 7 | ssh-keysign 8 | 9 | DESCRIPTION 10 | ssh-keysign is used by ssh(1) to access the local host keys and generate 11 | the digital signature required during host-based authentication with SSH 12 | protocol version 2. 13 | 14 | ssh-keysign is disabled by default and can only be enabled in the global 15 | client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign 16 | to ``yes''. 17 | 18 | ssh-keysign is not intended to be invoked by the user, but from ssh(1). 19 | See ssh(1) and sshd(8) for more information about host-based 20 | authentication. 21 | 22 | FILES 23 | /etc/ssh/ssh_config 24 | Controls whether ssh-keysign is enabled. 25 | 26 | /etc/ssh/ssh_host_dsa_key 27 | /etc/ssh/ssh_host_ecdsa_key 28 | /etc/ssh/ssh_host_ed25519_key 29 | /etc/ssh/ssh_host_rsa_key 30 | These files contain the private parts of the host keys used to 31 | generate the digital signature. They should be owned by root, 32 | readable only by root, and not accessible to others. Since they 33 | are readable only by root, ssh-keysign must be set-uid root if 34 | host-based authentication is used. 35 | 36 | /etc/ssh/ssh_host_dsa_key-cert.pub 37 | /etc/ssh/ssh_host_ecdsa_key-cert.pub 38 | /etc/ssh/ssh_host_ed25519_key-cert.pub 39 | /etc/ssh/ssh_host_rsa_key-cert.pub 40 | If these files exist they are assumed to contain public 41 | certificate information corresponding with the private keys 42 | above. 43 | 44 | SEE ALSO 45 | ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) 46 | 47 | HISTORY 48 | ssh-keysign first appeared in OpenBSD 3.2. 49 | 50 | AUTHORS 51 | Markus Friedl 52 | 53 | OpenBSD 5.5 December 7, 2013 OpenBSD 5.5 54 | -------------------------------------------------------------------------------- /ssh-pkcs11-helper.0: -------------------------------------------------------------------------------- 1 | SSH-PKCS11-HELPER(8) OpenBSD System Manager's Manual SSH-PKCS11-HELPER(8) 2 | 3 | NAME 4 | ssh-pkcs11-helper - ssh-agent helper program for PKCS#11 support 5 | 6 | SYNOPSIS 7 | ssh-pkcs11-helper 8 | 9 | DESCRIPTION 10 | ssh-pkcs11-helper is used by ssh-agent(1) to access keys provided by a 11 | PKCS#11 token. 12 | 13 | ssh-pkcs11-helper is not intended to be invoked by the user, but from 14 | ssh-agent(1). 15 | 16 | SEE ALSO 17 | ssh(1), ssh-add(1), ssh-agent(1) 18 | 19 | HISTORY 20 | ssh-pkcs11-helper first appeared in OpenBSD 4.7. 21 | 22 | AUTHORS 23 | Markus Friedl 24 | 25 | OpenBSD 5.5 July 16, 2013 OpenBSD 5.5 26 | -------------------------------------------------------------------------------- /ssh-pkcs11-helper.8: -------------------------------------------------------------------------------- 1 | .\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ 2 | .\" 3 | .\" Copyright (c) 2010 Markus Friedl. All rights reserved. 4 | .\" 5 | .\" Permission to use, copy, modify, and distribute this software for any 6 | .\" purpose with or without fee is hereby granted, provided that the above 7 | .\" copyright notice and this permission notice appear in all copies. 8 | .\" 9 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | .\" 17 | .Dd $Mdocdate: July 16 2013 $ 18 | .Dt SSH-PKCS11-HELPER 8 19 | .Os 20 | .Sh NAME 21 | .Nm ssh-pkcs11-helper 22 | .Nd ssh-agent helper program for PKCS#11 support 23 | .Sh SYNOPSIS 24 | .Nm 25 | .Sh DESCRIPTION 26 | .Nm 27 | is used by 28 | .Xr ssh-agent 1 29 | to access keys provided by a PKCS#11 token. 30 | .Pp 31 | .Nm 32 | is not intended to be invoked by the user, but from 33 | .Xr ssh-agent 1 . 34 | .Sh SEE ALSO 35 | .Xr ssh 1 , 36 | .Xr ssh-add 1 , 37 | .Xr ssh-agent 1 38 | .Sh HISTORY 39 | .Nm 40 | first appeared in 41 | .Ox 4.7 . 42 | .Sh AUTHORS 43 | .An Markus Friedl Aq Mt markus@openbsd.org 44 | -------------------------------------------------------------------------------- /ssh-pkcs11.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: ssh-pkcs11.h,v 1.2 2010/02/24 06:12:53 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | int pkcs11_init(int); 18 | void pkcs11_terminate(void); 19 | int pkcs11_add_provider(char *, char *, Key ***); 20 | int pkcs11_del_provider(char *); 21 | -------------------------------------------------------------------------------- /ssh-sandbox.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: ssh-sandbox.h,v 1.1 2011/06/23 09:34:13 djm Exp $ */ 2 | /* 3 | * Copyright (c) 2011 Damien Miller 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | struct monitor; 19 | struct ssh_sandbox; 20 | 21 | struct ssh_sandbox *ssh_sandbox_init(struct monitor *); 22 | void ssh_sandbox_child(struct ssh_sandbox *); 23 | void ssh_sandbox_parent_finish(struct ssh_sandbox *); 24 | void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); 25 | -------------------------------------------------------------------------------- /ssh_config: -------------------------------------------------------------------------------- 1 | # $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ 2 | 3 | # This is the ssh client system-wide configuration file. See 4 | # ssh_config(5) for more information. This file provides defaults for 5 | # users, and the values can be changed in per-user configuration files 6 | # or on the command line. 7 | 8 | # Configuration data is parsed as follows: 9 | # 1. command line options 10 | # 2. user-specific file 11 | # 3. system-wide file 12 | # Any configuration value is only changed the first time it is set. 13 | # Thus, host-specific definitions should be at the beginning of the 14 | # configuration file, and defaults at the end. 15 | 16 | # Site-wide defaults for some commonly used options. For a comprehensive 17 | # list of available options, their meanings and defaults, please see the 18 | # ssh_config(5) man page. 19 | 20 | # Host * 21 | # ForwardAgent no 22 | # ForwardX11 no 23 | # RhostsRSAAuthentication no 24 | # RSAAuthentication yes 25 | # PasswordAuthentication yes 26 | # HostbasedAuthentication no 27 | # GSSAPIAuthentication no 28 | # GSSAPIDelegateCredentials no 29 | # BatchMode no 30 | # CheckHostIP yes 31 | # AddressFamily any 32 | # ConnectTimeout 0 33 | # StrictHostKeyChecking ask 34 | # IdentityFile ~/.ssh/identity 35 | # IdentityFile ~/.ssh/id_rsa 36 | # IdentityFile ~/.ssh/id_dsa 37 | # Port 22 38 | # Protocol 2,1 39 | # Cipher 3des 40 | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc 41 | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 42 | # EscapeChar ~ 43 | # Tunnel no 44 | # TunnelDevice any:any 45 | # PermitLocalCommand no 46 | # VisualHostKey no 47 | # ProxyCommand ssh -q -W %h:%p gateway.example.com 48 | # RekeyLimit 1G 1h 49 | -------------------------------------------------------------------------------- /sshlogin.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: sshlogin.h,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | 15 | void record_login(pid_t, const char *, const char *, uid_t, 16 | const char *, struct sockaddr *, socklen_t); 17 | void record_logout(pid_t, const char *, const char *); 18 | time_t get_last_login_time(uid_t, const char *, char *, size_t); 19 | 20 | #ifdef LOGIN_NEEDS_UTMPX 21 | void record_utmp_only(pid_t, const char *, const char *, const char *, 22 | struct sockaddr *, socklen_t); 23 | #endif 24 | -------------------------------------------------------------------------------- /sshpty.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: sshpty.h,v 1.12 2010/01/09 05:04:24 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * Functions for allocating a pseudo-terminal and making it the controlling 8 | * tty. 9 | * 10 | * As far as I am concerned, the code I have written for this software 11 | * can be used freely for any purpose. Any derived versions of this 12 | * software must be clearly marked as such, and if the derived work is 13 | * incompatible with the protocol description in the RFC file, it must be 14 | * called by a name other than "ssh" or "Secure Shell". 15 | */ 16 | 17 | #include 18 | 19 | struct termios *get_saved_tio(void); 20 | void leave_raw_mode(int); 21 | void enter_raw_mode(int); 22 | 23 | int pty_allocate(int *, int *, char *, size_t); 24 | void pty_release(const char *); 25 | void pty_make_controlling_tty(int *, const char *); 26 | void pty_change_window_size(int, u_int, u_int, u_int, u_int); 27 | void pty_setowner(struct passwd *, const char *); 28 | -------------------------------------------------------------------------------- /survey.sh.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2004, 2005 Darren Tucker 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | host="@host@" 18 | AWK="@AWK@" 19 | CC="@CC@" 20 | CPP="@CPP@" 21 | CFLAGS="@CFLAGS@" 22 | CPPFLAGS="@CPPFLAGS@" 23 | LDFLAGS="@LDFLAGS@" 24 | LIBS="@LIBS@" 25 | 26 | # Note format: 27 | # identifier: [data] CRCR 28 | 29 | echo "openssh-survey-version: 1" 30 | echo 31 | echo "openssh-version: `./ssh -V 2>&1`" 32 | echo 33 | configinv=`$AWK '/^ \\\$.*configure/' config.log | sed 's/^ \\\$ //g'` 34 | echo "configure-invocation: $configinv" 35 | echo 36 | echo "host: $host" 37 | echo 38 | echo "uname: `uname`" 39 | echo 40 | echo "uname-r: `uname -r`" 41 | echo 42 | echo "uname-m: `uname -m`" 43 | echo 44 | echo "uname-p: `uname -p`" 45 | echo 46 | echo "oslevel: `oslevel 2>/dev/null`" 47 | echo 48 | echo "oslevel-r: `oslevel -r 2>/dev/null`" 49 | echo 50 | echo "cc: $CC" 51 | echo 52 | echo "cflags: $CFLAGS" 53 | echo 54 | echo "cppflags: $CPPFLAGS" 55 | echo 56 | echo "ldflags: $LDFLAGS" 57 | echo 58 | echo "libs: $LIBS" 59 | echo 60 | echo "ccver-v: `$CC -v 2>&1 | sed '/^[ \t]*$/d'`" 61 | echo 62 | echo "ccver-V: `$CC -V 2>&1 | sed '/^[ \t]*$/d'`" 63 | echo 64 | echo "cppdefines:" 65 | ${CPP} -dM - 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * 8 | * As far as I am concerned, the code I have written for this software 9 | * can be used freely for any purpose. Any derived versions of this 10 | * software must be clearly marked as such, and if the derived work is 11 | * incompatible with the protocol description in the RFC file, it must be 12 | * called by a name other than "ssh" or "Secure Shell". 13 | */ 14 | 15 | void temporarily_use_uid(struct passwd *); 16 | void restore_uid(void); 17 | void permanently_set_uid(struct passwd *); 18 | void permanently_drop_suid(uid_t); 19 | -------------------------------------------------------------------------------- /uuencode.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | int uuencode(const u_char *, u_int, char *, size_t); 28 | int uudecode(const char *, u_char *, size_t); 29 | void dump_base64(FILE *, const u_char *, u_int); 30 | -------------------------------------------------------------------------------- /verify.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: verify.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ 2 | 3 | /* 4 | * Public Domain, Author: Daniel J. Bernstein 5 | * Copied from nacl-20110221/crypto_verify/32/ref/verify.c 6 | */ 7 | 8 | #include "includes.h" 9 | 10 | #include "crypto_api.h" 11 | 12 | int crypto_verify_32(const unsigned char *x,const unsigned char *y) 13 | { 14 | unsigned int differentbits = 0; 15 | #define F(i) differentbits |= x[i] ^ y[i]; 16 | F(0) 17 | F(1) 18 | F(2) 19 | F(3) 20 | F(4) 21 | F(5) 22 | F(6) 23 | F(7) 24 | F(8) 25 | F(9) 26 | F(10) 27 | F(11) 28 | F(12) 29 | F(13) 30 | F(14) 31 | F(15) 32 | F(16) 33 | F(17) 34 | F(18) 35 | F(19) 36 | F(20) 37 | F(21) 38 | F(22) 39 | F(23) 40 | F(24) 41 | F(25) 42 | F(26) 43 | F(27) 44 | F(28) 45 | F(29) 46 | F(30) 47 | F(31) 48 | return (1 & ((differentbits - 1) >> 8)) - 1; 49 | } 50 | -------------------------------------------------------------------------------- /version.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */ 2 | 3 | #define SSH_VERSION "OpenSSH_6.6" 4 | 5 | #define SSH_PORTABLE "p1" 6 | #define SSH_RELEASE SSH_VERSION SSH_PORTABLE 7 | -------------------------------------------------------------------------------- /xmalloc.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: xmalloc.h,v 1.14 2013/05/17 00:13:14 djm Exp $ */ 2 | 3 | /* 4 | * Author: Tatu Ylonen 5 | * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland 6 | * All rights reserved 7 | * Created: Mon Mar 20 22:09:17 1995 ylo 8 | * 9 | * Versions of malloc and friends that check their results, and never return 10 | * failure (they call fatal if they encounter an error). 11 | * 12 | * As far as I am concerned, the code I have written for this software 13 | * can be used freely for any purpose. Any derived versions of this 14 | * software must be clearly marked as such, and if the derived work is 15 | * incompatible with the protocol description in the RFC file, it must be 16 | * called by a name other than "ssh" or "Secure Shell". 17 | */ 18 | 19 | void *xmalloc(size_t); 20 | void *xcalloc(size_t, size_t); 21 | void *xrealloc(void *, size_t, size_t); 22 | char *xstrdup(const char *); 23 | int xasprintf(char **, const char *, ...) 24 | __attribute__((__format__ (printf, 2, 3))) 25 | __attribute__((__nonnull__ (2))); 26 | --------------------------------------------------------------------------------