Commit 0194e6d0 authored by Ed Maste's avatar Ed Maste
Browse files

Vendor import of OpenSSH 8.1p1

parent f02e3998
This diff is collapsed.
......@@ -6,6 +6,11 @@ fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring
814b2f670df75759e1581ecef530980b2b3d7e0f remove redundant make defs
04431e8e7872f49a2129bf080a6b73c19d576d40 moduli update
c07772f58028fda683ee6abd41c73da3ff70d403 moduli update
db6375fc302e3bdf07d96430c63c991b2c2bd3ff moduli update
5ea3d63ab972691f43e9087ab5fd8376d48e898f uuencode.c Makefile accident
99dd10e72c04e93849981d43d64c946619efa474 include sshbuf-misc.c
9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 sshbuf-misc.c in regress
569f08445c27124ec7c7f6c0268d844ec56ac061 Makefile tweaks for !openssl
Old upstream tree:
......
......@@ -33,7 +33,7 @@ David Agraz <dagraz@jahoopa.com> - Build fixes
David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
David Hesprich <darkgrue@gue-tech.org> - Configure fixes
David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
Dag-Erling Smrgrav <des at freebsd.org> - Challenge-Response PAM code.
Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
Garrick James <garrick@james.net> - configure fixes
......
This diff is collapsed.
......@@ -14,8 +14,9 @@ Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
http://www.gzip.org/zlib/
libcrypto from either of:
- LibreSSL (http://www.libressl.org/)
- OpenSSL 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g (http://www.openssl.org/)
- LibreSSL (https://www.libressl.org/)
- OpenSSL (https://www.openssl.org) with any of the following versions:
- 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
LibreSSL/OpenSSL should be compiled as a position-independent library
(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
......@@ -23,23 +24,28 @@ If you must use a non-position-independent libcrypto, then you may need
to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit
OpenSSL 1.1 versions prior to 1.1.0g can't be used.
To support Privilege Separation (which is now required) you will need
to create the user, group and directory used by sshd for privilege
separation. See README.privsep for details.
The remaining items are optional.
NB. If you operating system supports /dev/random, you should configure
libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
direct support of /dev/random, or failing that, either prngd or egd
direct support of /dev/random, or failing that, either prngd or egd.
PRNGD:
If your system lacks kernel-based random collection, the use of Lutz
Jaenicke's PRNGd is recommended.
Jaenicke's PRNGd is recommended. It requires that libcrypto be configured
to support it.
http://prngd.sourceforge.net/
EGD:
If the kernel lacks /dev/random the Entropy Gathering Daemon (EGD) is
supported only if libcrypto supports it.
The Entropy Gathering Daemon (EGD) suppports the same interface as prngd.
It also supported only if libcrypto is configured to support it.
http://egd.sourceforge.net/
......@@ -131,10 +137,6 @@ make install
This will install the binaries in /opt/{bin,lib,sbin}, but will place the
configuration files in /etc/ssh.
If you are using Privilege Separation (which is enabled by default)
then you will also need to create the user, group and directory used by
sshd for privilege separation. See README.privsep for details.
If you are using PAM, you may need to manually install a PAM control
file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
them). Note that the service name used to start PAM is __progname,
......
......@@ -174,7 +174,7 @@ OpenSSH contains no GPL code.
Gert Doering
Jakob Schlyter
Jason Downs
Juha Yrjö
Juha Yrjölä
Michael Stone
Networks Associates Technology, Inc.
Solar Designer
......
......@@ -87,10 +87,10 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
authfd.o authfile.o \
canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
cipher-ctr.o cleanup.o \
compat.o crc32.o fatal.o hostfile.o \
compat.o fatal.o hostfile.o \
log.o match.o moduli.o nchan.o packet.o \
readpass.o ttymodes.o xmalloc.o addrmatch.o \
atomicio.o dispatch.o mac.o uuencode.o misc.o utf8.o \
atomicio.o dispatch.o mac.o misc.o utf8.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
ssh-pkcs11.o smult_curve25519_ref.o \
......@@ -116,7 +116,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
monitor.o monitor_wrap.o auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
sftp-server.o sftp-common.o \
sftp-server.o sftp-common.o sftp-realpath.o \
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
sandbox-solaris.o uidswap.o
......@@ -151,11 +151,16 @@ FIXPATHSCMD = $(SED) $(PATHSUBS)
FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \
@UNSUPPORTED_ALGORITHMS@
all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
all: configure-check $(CONFIGFILES) $(MANPAGES) $(TARGETS)
$(LIBSSH_OBJS): Makefile.in config.h
$(SSHOBJS): Makefile.in config.h
$(SSHDOBJS): Makefile.in config.h
configure-check: $(srcdir)/configure
$(srcdir)/configure: configure.ac aclocal.m4
@echo "ERROR: configure is out of date; please run ${AUTORECONF} (and configure)" 1>&2
@exit 1
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
......@@ -184,8 +189,8 @@ ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o sshsig.o
$(LD) -o $@ ssh-keygen.o sshsig.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
......@@ -196,8 +201,8 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-realpath.o sftp-server-main.o
$(LD) -o $@ sftp-server.o sftp-common.o sftp-realpath.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
......@@ -572,11 +577,14 @@ regress/misc/kexfuzz/kexfuzz$(EXEEXT): ${MISC_KEX_FUZZ_OBJS} libssh.a
$(LD) -o $@ $(LDFLAGS) $(MISC_KEX_FUZZ_OBJS) \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
regress-binaries: regress/modpipe$(EXEEXT) \
regress-binaries: regress-prep $(LIBCOMPAT) \
regress/modpipe$(EXEEXT) \
regress/setuid-allowed$(EXEEXT) \
regress/netcat$(EXEEXT) \
regress/check-perm$(EXEEXT) \
regress/mkdtemp$(EXEEXT) \
regress/mkdtemp$(EXEEXT)
regress-unit-binaries: regress-prep $(REGRESSLIBS) \
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
regress/unittests/sshkey/test_sshkey$(EXEEXT) \
regress/unittests/bitmap/test_bitmap$(EXEEXT) \
......@@ -587,7 +595,18 @@ regress-binaries: regress/modpipe$(EXEEXT) \
regress/unittests/utf8/test_utf8$(EXEEXT) \
regress/misc/kexfuzz/kexfuzz$(EXEEXT)
tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
tests: file-tests t-exec interop-tests unit
echo all tests passed
unit: regress-unit-binaries
BUILDDIR=`pwd`; \
cd $(srcdir)/regress || exit $$?; \
$(MAKE) \
.OBJDIR="$${BUILDDIR}/regress" \
.CURDIR="`pwd`" \
$@ && echo $@ tests passed
interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
BUILDDIR=`pwd`; \
TEST_SSH_SCP="$${BUILDDIR}/scp"; \
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
......@@ -633,7 +652,7 @@ tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
TEST_SSH_ECC="$${TEST_SSH_ECC}" \
TEST_SHELL="${TEST_SHELL}" \
EXEEXT="$(EXEEXT)" \
$@ && echo all tests passed
$@ && echo all $@ passed
compat-tests: $(LIBCOMPAT)
(cd openbsd-compat/regress && $(MAKE))
......
This document describes a lightweight SSH Signature format
that is compatible with SSH keys and wire formats.
At present, only detached and armored signatures are supported.
1. Armored format
The Armored SSH signatures consist of a header, a base64
encoded blob, and a footer.
The header is the string "-----BEGIN SSH SIGNATURE-----"
followed by a newline. The footer is the string
"-----END SSH SIGNATURE-----" immediately after a newline.
The header MUST be present at the start of every signature.
Files containing the signature MUST start with the header.
Likewise, the footer MUST be present at the end of every
signature.
The base64 encoded blob SHOULD be broken up by newlines
every 76 characters.
Example:
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgJKxoLBJBivUPNTUJUSslQTt2hD
jozKvHarKeN8uYFqgAAAADZm9vAAAAAAAAAFMAAAALc3NoLWVkMjU1MTkAAABAKNC4IEbt
Tq0Fb56xhtuE1/lK9H9RZJfON4o6hE9R4ZGFX98gy0+fFJ/1d2/RxnZky0Y7GojwrZkrHT
FgCqVWAQ==
-----END SSH SIGNATURE-----
2. Blob format
#define MAGIC_PREAMBLE "SSHSIG"
#define SIG_VERSION 0x01
byte[6] MAGIC_PREAMBLE
uint32 SIG_VERSION
string publickey
string namespace
string reserved
string hash_algorithm
string signature
The publickey field MUST contain the serialisation of the
public key used to make the signature using the usual SSH
encoding rules, i.e RFC4253, RFC5656,
draft-ietf-curdle-ssh-ed25519-ed448, etc.
Verifiers MUST reject signatures with versions greater than those
they support.
The purpose of the namespace value is to specify a unambiguous
interpretation domain for the signature, e.g. file signing.
This prevents cross-protocol attacks caused by signatures
intended for one intended domain being accepted in another.
The namespace value MUST NOT be the empty string.
The reserved value is present to encode future information
(e.g. tags) into the signature. Implementations should ignore
the reserved field if it is not empty.
Data to be signed is first hashed with the specified hash_algorithm.
This is done to limit the amount of data presented to the signature
operation, which may be of concern if the signing key is held in limited
or slow hardware or on a remote ssh-agent. The supported hash algorithms
are "sha256" and "sha512".
The signature itself is made using the SSH signature algorithm and
encoding rules for the chosen key type. For RSA signatures, the
signature algorithm must be "rsa-sha2-512" or "rsa-sha2-256" (i.e.
not the legacy RSA-SHA1 "ssh-rsa").
This blob is encoded as a string using the RFC4243 encoding
rules and base64 encoded to form the middle part of the
armored signature.
3. Signed Data, of which the signature goes into the blob above
#define MAGIC_PREAMBLE "SSHSIG"
byte[6] MAGIC_PREAMBLE
string namespace
string reserved
string hash_algorithm
string H(message)
The preamble is the six-byte sequence "SSHSIG". It is included to
ensure that manual signatures can never be confused with any message
signed during SSH user or host authentication.
The reserved value is present to encode future information
(e.g. tags) into the signature. Implementations should ignore
the reserved field if it is not empty.
The data is concatenated and passed to the SSH signing
function.
See https://www.openssh.com/releasenotes.html#8.0p1 for the release notes.
See https://www.openssh.com/releasenotes.html#8.1p1 for the release notes.
Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
......
......@@ -5,13 +5,10 @@ escalation by containing corruption to an unprivileged process.
More information is available at:
http://www.citi.umich.edu/u/provos/ssh/privsep.html
Privilege separation is now enabled by default; see the
UsePrivilegeSeparation option in sshd_config(5).
When privsep is enabled, during the pre-authentication phase sshd will
chroot(2) to "/var/empty" and change its privileges to the "sshd" user
and its primary group. sshd is a pseudo-account that should not be
used by other daemons, and must be locked and should contain a
Privilege separation is now mandatory. During the pre-authentication
phase sshd will chroot(2) to "/var/empty" and change its privileges to the
"sshd" user and its primary group. sshd is a pseudo-account that should
not be used by other daemons, and must be locked and should contain a
"nologin" or invalid shell.
You should do something like the following to prepare the privsep
......
......@@ -29,8 +29,6 @@
#include <stdarg.h>
#include <stdio.h>
#include <stdarg.h>
#ifdef BSD_AUTH
#include "xmalloc.h"
#include "sshkey.h"
......
/* $OpenBSD: auth-options.c,v 1.84 2018/10/03 06:38:35 djm Exp $ */
/* $OpenBSD: auth-options.c,v 1.89 2019/09/13 04:36:43 dtucker Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
*
......@@ -19,6 +19,7 @@
#include <sys/types.h>
#include <stdlib.h>
#include <netdb.h>
#include <pwd.h>
#include <string.h>
......@@ -39,75 +40,6 @@
#include "ssh2.h"
#include "auth-options.h"
/*
* Match flag 'opt' in *optsp, and if allow_negate is set then also match
* 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
* if negated option matches.
* If the option or negated option matches, then *optsp is updated to
* point to the first character after the option.
*/
static int
opt_flag(const char *opt, int allow_negate, const char **optsp)
{
size_t opt_len = strlen(opt);
const char *opts = *optsp;
int negate = 0;
if (allow_negate && strncasecmp(opts, "no-", 3) == 0) {
opts += 3;
negate = 1;
}
if (strncasecmp(opts, opt, opt_len) == 0) {
*optsp = opts + opt_len;
return negate ? 0 : 1;
}
return -1;
}
static char *
opt_dequote(const char **sp, const char **errstrp)
{
const char *s = *sp;
char *ret;
size_t i;
*errstrp = NULL;
if (*s != '"') {
*errstrp = "missing start quote";
return NULL;
}
s++;
if ((ret = malloc(strlen((s)) + 1)) == NULL) {
*errstrp = "memory allocation failed";
return NULL;
}
for (i = 0; *s != '\0' && *s != '"';) {
if (s[0] == '\\' && s[1] == '"')
s++;
ret[i++] = *s++;
}
if (*s == '\0') {
*errstrp = "missing end quote";
free(ret);
return NULL;
}
ret[i] = '\0';
s++;
*sp = s;
return ret;
}
static int
opt_match(const char **opts, const char *term)
{
if (strncasecmp((*opts), term, strlen(term)) == 0 &&
(*opts)[strlen(term)] == '=') {
*opts += strlen(term) + 1;
return 1;
}
return 0;
}
static int
dup_strings(char ***dstp, size_t *ndstp, char **src, size_t nsrc)
{
......@@ -320,7 +252,7 @@ handle_permit(const char **optsp, int allow_bare_port,
size_t npermits = *npermitsp;
const char *errstr = "unknown error";
if (npermits > INT_MAX) {
if (npermits > SSH_AUTHOPT_PERMIT_MAX) {
*errstrp = "too many permission directives";
return -1;
}
......@@ -332,7 +264,8 @@ handle_permit(const char **optsp, int allow_bare_port,
* Allow a bare port number in permitlisten to indicate a
* listen_host wildcard.
*/
if (asprintf(&tmp, "*:%s", opt) < 0) {
if (asprintf(&tmp, "*:%s", opt) == -1) {
free(opt);
*errstrp = "memory allocation failed";
return -1;
}
......
/* $OpenBSD: auth-options.h,v 1.27 2018/06/06 18:23:32 djm Exp $ */
/* $OpenBSD: auth-options.h,v 1.28 2019/07/09 04:15:00 djm Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
......@@ -22,6 +22,9 @@
struct passwd;
struct sshkey;
/* Maximum number of permitopen/permitlisten directives to accept */
#define SSH_AUTHOPT_PERMIT_MAX 4096
/*
* sshauthopt represents key options parsed from authorized_keys or
* from certificate extensions/options.
......
......@@ -197,7 +197,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
switch ((pid = fork())) {
case -1:
error("fork(): %s", strerror(errno));
return (-1);
return errno;
case 0:
close(ctx->pam_psock);
ctx->pam_psock = -1;
......@@ -258,7 +258,7 @@ static char **
pam_getenvlist(pam_handle_t *pamh)
{
/*
* XXX - If necessary, we can still support envrionment passing
* XXX - If necessary, we can still support environment passing
* for platforms without pam_getenvlist by searching for known
* env vars (e.g. KRB5CCNAME) from the PAM environment.
*/
......@@ -266,6 +266,14 @@ pam_getenvlist(pam_handle_t *pamh)
}
#endif
#ifndef HAVE_PAM_PUTENV
static int
pam_putenv(pam_handle_t *pamh, const char *name_value)
{
return PAM_SUCCESS;
}
#endif /* HAVE_PAM_PUTENV */
/*
* Some platforms, notably Solaris, do not enforce password complexity
* rules during pam_chauthtok() if the real uid of the calling process
......@@ -360,13 +368,11 @@ import_environments(struct sshbuf *b)
for (i = 0; i < num_env; i++) {
if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
#ifdef HAVE_PAM_PUTENV
/* Errors are not fatal here */
if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) {
error("PAM: pam_putenv: %s",
pam_strerror(sshpam_handle, r));
}
#endif
/* XXX leak env? */
}
#endif
......@@ -535,7 +541,7 @@ sshpam_thread(void *ctxtp)
for (i = 0; environ[i] != NULL; i++) {
/* Count */
if (i > INT_MAX)
fatal("%s: too many enviornment strings", __func__);
fatal("%s: too many environment strings", __func__);
}
if ((r = sshbuf_put_u32(buffer, i)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
......@@ -548,7 +554,7 @@ sshpam_thread(void *ctxtp)
for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) {
/* Count */
if (i > INT_MAX)
fatal("%s: too many PAM enviornment strings", __func__);
fatal("%s: too many PAM environment strings", __func__);
}
if ((r = sshbuf_put_u32(buffer, i)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
......@@ -770,7 +776,7 @@ static void *
sshpam_init_ctx(Authctxt *authctxt)
{
struct pam_ctxt *ctxt;
int socks[2];
int result, socks[2];
debug3("PAM: %s entering", __func__);
/*
......@@ -797,9 +803,10 @@ sshpam_init_ctx(Authctxt *authctxt)
}
ctxt->pam_psock = socks[0];
ctxt->pam_csock = socks[1];
if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
result = pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt);
if (result != 0) {
error("PAM: failed to start authentication thread: %s",
strerror(errno));
strerror(result));
close(socks[0]);
close(socks[1]);
free(ctxt);
......@@ -844,6 +851,7 @@ sshpam_query(void *ctx, char **name, char **info,
plen += mlen;
**echo_on = (type == PAM_PROMPT_ECHO_ON);
free(msg);
sshbuf_free(buffer);
return (0);
case PAM_ERROR_MSG:
case PAM_TEXT_INFO:
......@@ -872,6 +880,7 @@ sshpam_query(void *ctx, char **name, char **info,
**echo_on = 0;
ctxt->pam_done = -1;
free(msg);
sshbuf_free(buffer);
return 0;
}
/* FALLTHROUGH */
......@@ -898,6 +907,7 @@ sshpam_query(void *ctx, char **name, char **info,
**echo_on = 0;
ctxt->pam_done = 1;
free(msg);
sshbuf_free(buffer);
return (0);
}
error("PAM: %s for %s%.100s from %.100s", msg,
......@@ -909,9 +919,11 @@ sshpam_query(void *ctx, char **name, char **info,
**echo_on = 0;
free(msg);
ctxt->pam_done = -1;
sshbuf_free(buffer);
return (-1);
}
}
sshbuf_free(buffer);
return (-1);
}
......@@ -1205,7 +1217,6 @@ int
do_pam_putenv(char *name, char *value)
{
int ret = 1;
#ifdef HAVE_PAM_PUTENV
char *compound;
size_t len;
......@@ -1215,7 +1226,6 @@ do_pam_putenv(char *name, char *value)
snprintf(compound, len, "%s=%s", name, value);
ret = pam_putenv(sshpam_handle, compound);
free(compound);
#endif
return (ret);
}
......
/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
/* $OpenBSD: auth-rhosts.c,v 1.51 2019/10/02 00:42:30 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -38,7 +38,6 @@
#include "sshkey.h"
#include "servconf.h"
#include "canohost.h"
#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
......@@ -222,8 +221,8 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
* are no system-wide files.
*/
if (!rhosts_files[rhosts_file_index] &&
stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) {
stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
debug3("%s: no hosts access files exist", __func__);
return 0;
}
......@@ -253,7 +252,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
* Check that the home directory is owned by root or the user, and is
* not group or world writable.
*/
if (stat(pw->pw_dir, &st) < 0) {
if (stat(pw->pw_dir, &st) == -1) {
logit("Rhosts authentication refused for %.100s: "
"no home directory %.200s", pw->pw_name, pw->pw_dir);
auth_debug_add("Rhosts authentication refused for %.100s: "
......@@ -278,7 +277,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
/* Check users .rhosts or .shosts. */
snprintf(buf, sizeof buf, "%.500s/%.100s",
pw->pw_dir, rhosts_files[rhosts_file_index]);
if (stat(buf, &st) < 0)
if (stat(buf, &st) == -1)
continue;
/*
......
/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */
/* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
......@@ -32,6 +32,7 @@
#include <netinet/in.h>
#include <stdlib.h>
#include <errno.h>
#include <fcntl.h>
#ifdef HAVE_PATHS_H
......@@ -72,7 +73,6 @@