search for: buffer_put_cstr

i think our strategy for privsep is to just keep portable sync'd closely with openbsd's tree, even though things will be broken wrt privsep for many platforms. then we just get primary one's working and work out issues as we go along. i'll start to work on sun and hp-ux again tomorrow.

..._init(&msg); + + /* Send link request */ + id = conn->msg_id++; + if ((conn->exts & SFTP_EXT_LINK) == 0) { + error("Server does not support link at openssh.com extension"); + return -1; + } + + buffer_put_char(&msg, SSH2_FXP_EXTENDED); + buffer_put_int(&msg, id); + buffer_put_cstring(&msg, "link at openssh.com"); + buffer_put_cstring(&msg, oldpath); + buffer_put_cstring(&msg, newpath); + send_msg(conn->fd_out, &msg); + debug3("Sent message link at openssh.com \"%s\" -> \"%s\"", + oldpath, newpath); + buffer...

..._binary(&blen); chost = packet_get_string(NULL); cuser = packet_get_string(NULL); - sig = packet_get_string(&slen); + sig = packet_get_binary(&slen); debug("userauth_hostbased: cuser %s chost %s pkalg %s slen %d", cuser, chost, pkalg, slen); @@ -101,7 +101,7 @@ buffer_put_cstring(&b, service); buffer_put_cstring(&b, "hostbased"); buffer_put_string(&b, pkalg, alen); - buffer_put_string(&b, pkblob, blen); + buffer_put_binary(&b, pkblob, blen); buffer_put_cstring(&b, chost); buffer_put_cstring(&b, cuser); #ifdef DEBUG_PK diff -...

...mpts, &echo_on); <== num may not be altered in this call if (ret == 0 && num == 0) sshpam_authok = sshpam_ctxt; if (num > 1 || name == NULL || info == NULL) ret = -1; buffer_clear(m); buffer_put_int(m, ret); buffer_put_cstring(m, name); xfree(name); buffer_put_cstring(m, info); xfree(info); buffer_put_int(m, num); for (i = 0; i < num; ++i) { buffer_put_cstring(m, prompts[i]); <== fail here! xfree(prompts[i]); buffer_put_int...

...EY_RSA; + } else if (strcmp(name, "x509v3-sign-dss") == 0) { + return KEY_DSA; } debug2("key_type_from_name: unknown key type '%s'", name); return KEY_UNSPEC; @@ -739,9 +751,16 @@ buffer_put_bignum2(&b, key->dsa->pub_key); break; case KEY_RSA: - buffer_put_cstring(&b, key_ssh_name(key)); - buffer_put_bignum2(&b, key->rsa->e); - buffer_put_bignum2(&b, key->rsa->n); + if (key->x509) { + /* XXX ssh.com does not accept a key name here */ + len = i2d_X509(key->x509, NULL); + buf = buffer_append_space(&b, len); + i2d...

...p1/monitor_wrap.c Thu Jun 20 20:43:43 2002 +++ openssh-3.4p1+/monitor_wrap.c Sun Jul 21 22:53:14 2002 @@ -649,6 +649,24 @@ s->ttyfd = -1; } +#ifdef HAVE_OSF_SIA +void +mm_setup_sia(char *name, char *tty) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_cstring(&m, name); + buffer_put_cstring(&m, tty); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SETUP_SIA, &m); + + buffer_free(&m); +} +#endif + #ifdef USE_PAM void mm_start_pam(char *user) diff -ur openssh-3.4p1/monitor_wrap.h openssh-3.4p1+/monitor_wrap.h --- openssh-3.4p1...

...& SSH2_FILEXFER_ATTR_UIDGID) { @@ -147,6 +279,19 @@ encode_attrib(Buffer *b, const Attrib *a buffer_put_int(b, a->atime); buffer_put_int(b, a->mtime); } + + if (flags & SSH2_FILEXFER_ATTR_EXTENDED) { + u_int ext_count = 1; + Buffer ext; + + buffer_put_int(b, ext_count); + buffer_put_cstring(b, "extattr at openssh.com"); + + buffer_init(&ext); + encode_extra_attrib(&ext, a); + buffer_put_string(b, buffer_ptr(&ext), buffer_len(&ext)); + buffer_free(&ext); + } } /* Convert from SSH2_FX_ status to text error message */ Index: ssh/sftp-common.h ====...

...b; + int len, len1; + char *pb; + + if (key == NULL) { + error("do_convert_private_ssh2_to_blob: key == NULL"); + return 0; + } + buffer_init(&b); + buffer_put_int(&b, SSH_COM_PRIVATE_KEY_MAGIC); + buffer_put_int(&b, 0); + + switch (key->type) { + case KEY_DSA: + buffer_put_cstring(&b, "dl-modp{sign{dsa-nist-sha1},dh{plain}}"); + break; + case KEY_RSA: + buffer_put_cstring(&b, "if-modn{sign{rsa-pkcs1-md5}}"); + break; + default: + error("do_convert_private_ssh2_to_blob: unsupported key type %d", + key->type); + bu...

..._, i); for (j = 0; j < i; j++) @@ -374,38 +342,44 @@ muxserver_accept_control(void) xfree(cctx->env); xfree(cctx->term); buffer_free(&cctx->cmd); - close(client_fd); xfree(cctx); - return 0; + + /* prepare reply */ + buffer_put_int(r, MUX_S_FAILURE); + buffer_put_cstring(r, + "did not receive file descriptors"); + return -1; } } - debug2("%s: got fds stdin %d, stdout %d, stderr %d", __func__, + debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__, new_fd[0], new_fd[1], new_fd[2]); + if (options.contro...

...ll fail if 'newpath' exists */ 877: ret = symlink(oldpath, newpath); The same bug is obviously even in OpenSSH SFTP client: The latest (CVS) sftp-client.c: 647: id = conn->msg_id++; 648: buffer_put_char(&msg, SSH2_FXP_SYMLINK); 649: buffer_put_int(&msg, id); 650: buffer_put_cstring(&msg, oldpath); 651: buffer_put_cstring(&msg, newpath); Have a nice day. Martin Prikryl http://www.prikryl.cz/ http://winscp.sourceforge.net/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...4:14:35 -0000 @@ -295,6 +295,12 @@ } int +mm_user_cert_key_allowed(struct passwd *pw, Key *key) +{ + return (mm_key_allowed(MM_CERTKEY, NULL, NULL, key)); +} + +int mm_user_key_allowed(struct passwd *pw, Key *key) { return (mm_key_allowed(MM_USERKEY, NULL, NULL, key)); @@ -351,6 +357,8 @@ buffer_put_cstring(&m, user ? user : ""); buffer_put_cstring(&m, host ? host : ""); buffer_put_string(&m, blob, len); + if (type == MM_CERTKEY && key && key->cert) + buffer_put_string(&m, key->cert, strlen(key->cert)); xfree(blob); mm_request_...

I have been trying to compile OpenSSH_4.7p1 for OS/390 and got really stuck. IBM released a build of v3.8.1p1 several years ago, but I do not know whether anyone else has ever managed to compile it for OS/390 or OS/z. The first problem is that the build apparently performs ssh transport exchange using EBCDIC character encoding instead of ASCII (which breaks RFC 4253) and I am not sure how to do

...ap.c --- monitor_wrap.c 27 Jun 2002 00:23:03 -0000 1.13 +++ monitor_wrap.c 29 Jun 2002 03:19:30 -0000 @@ -649,6 +649,24 @@ s->ttyfd = -1; } +#ifdef HAVE_OSF_SIA +void +mm_setup_sia(char *name, char *tty) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_cstring(&m, name); + buffer_put_cstring(&m, tty); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SETUP_SIA, &m); + + buffer_free(&m); +} +#endif + #ifdef USE_PAM void mm_start_pam(char *user) Index: monitor_wrap.h ===============================================================...

...p.c --- monitor_wrap.c 27 Jun 2002 00:23:03 -0000 1.13 +++ monitor_wrap.c 28 Jun 2002 20:29:12 -0000 @@ -649,6 +649,24 @@ s->ttyfd = -1; } +#ifdef HAVE_OSF_SIA +void +mm_setup_sia(char *name, char *tty) +{ + Buffer m; + + debug3("mm_setup_sia: entering"); + + buffer_init(&m); + buffer_put_cstring(&m, name); + buffer_put_cstring(&m, tty); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SETUP_SIA, &m); + + buffer_free(&m); +} +#endif + #ifdef USE_PAM void mm_start_pam(char *user) Index: monitor_wrap.h ===============================================================...

...p1/monitor_wrap.c Thu Jun 20 20:43:43 2002 +++ openssh-3.4p1+/monitor_wrap.c Sun Jul 21 22:53:14 2002 @@ -649,6 +649,24 @@ s->ttyfd = -1; } +#ifdef HAVE_OSF_SIA +void +mm_setup_sia(char *name, char *tty) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_cstring(&m, name); + buffer_put_cstring(&m, tty); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SETUP_SIA, &m); + + buffer_free(&m); +} +#endif + #ifdef USE_PAM void mm_start_pam(char *user) diff -ur openssh-3.4p1/monitor_wrap.h openssh-3.4p1+/monitor_wrap.h --- openssh-3.4p1...

...uth_fail; + if (compat20) { + if (do_pam_account() && sshpam_new_authtok_reqd) { + sshpam_err = pam_chauthtok(sshpam_handle, + PAM_CHANGE_EXPIRED_AUTHTOK); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; + sshpam_new_authtok_reqd = 0; /* XXX: reset fwd flags */ + } + } buffer_put_cstring(&buffer, "OK"); ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); buffer_free(&buffer); @@ -532,11 +544,16 @@ finish_pam(void) u_int do_pam_account(void) { + if (sshpam_account_status != -1) + return (sshpam_account_status); + sshpam_err = pam_acct_mgmt(sshpa...

Yo All! I have been playing with SSH 2.2.0 from www.ssh.com. I can not connect to openssh 2.2.1p1 using Ver 2 protocol from ssh Ver 2.2.0. Ver 1 works fine. See below for the debug output from both ends If I force hmac-md5 (-m hmac-md5) from the sender it works! The other 3 choices fail: hmac-sha1; hmac-md5-96; and none. I have no problem connecting to this openssh host (hobbes) from

These patches implement a new mux client request to list the currently opened TCP forwardings. It also removes some todos regarding keeping the list of forwardings in the options up-to-date. Bert Wesarg (6): attach the forwarding type to struct Forward merge local and remote forward lists generate unique ids for forwardings to be used for identification remove closed forwardings from

...may apply this patch: Index: key.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/key.c,v retrieving revision 1.95 diff -u -r1.95 key.c --- key.c 10 Nov 2010 01:33:07 -0000 1.95 +++ key.c 3 Feb 2011 06:52:33 -0000 @@ -1823,8 +1823,8 @@ buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); /* -v01 certs put nonce first */ + arc4random_buf(&nonce, sizeof(nonce)); if (!key_cert_is_legacy(k)) { - arc4random_buf(&nonce, sizeof(nonce)); buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); }

...may apply this patch: Index: key.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/key.c,v retrieving revision 1.95 diff -u -r1.95 key.c --- key.c 10 Nov 2010 01:33:07 -0000 1.95 +++ key.c 3 Feb 2011 06:52:33 -0000 @@ -1823,8 +1823,8 @@ buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); /* -v01 certs put nonce first */ + arc4random_buf(&nonce, sizeof(nonce)); if (!key_cert_is_legacy(k)) { - arc4random_buf(&nonce, sizeof(nonce)); buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); }