[Openssh-commits] r57 - in trunk: . contrib contrib/caldera contrib/cygwin contrib/redhat contrib/suse debian debian/po openbsd-compat openbsd-compat/regress regress
ed_ at garage.maemo.org
ed_ at garage.maemo.org
Wed Jun 24 00:31:19 EEST 2009
Author: ed_
Date: 2009-06-24 00:31:15 +0300 (Wed, 24 Jun 2009)
New Revision: 57
Modified:
trunk/ChangeLog
trunk/ChangeLog.gssapi
trunk/Makefile.in
trunk/README
trunk/atomicio.c
trunk/audit-bsm.c
trunk/auth-bsdauth.c
trunk/auth-options.c
trunk/auth-options.h
trunk/auth-pam.c
trunk/auth-passwd.c
trunk/auth-rhosts.c
trunk/auth-rsa.c
trunk/auth-sia.c
trunk/auth.c
trunk/auth.h
trunk/auth1.c
trunk/auth2-chall.c
trunk/auth2-gss.c
trunk/auth2-hostbased.c
trunk/auth2-none.c
trunk/auth2-pubkey.c
trunk/auth2.c
trunk/bufaux.c
trunk/buffer.h
trunk/canohost.c
trunk/channels.c
trunk/channels.h
trunk/clientloop.c
trunk/clientloop.h
trunk/compat.c
trunk/compat.h
trunk/config.h.in
trunk/configure
trunk/configure.ac
trunk/contrib/caldera/openssh.spec
trunk/contrib/cygwin/Makefile
trunk/contrib/cygwin/ssh-host-config
trunk/contrib/cygwin/ssh-user-config
trunk/contrib/redhat/openssh.spec
trunk/contrib/ssh-copy-id
trunk/contrib/suse/openssh.spec
trunk/debian/changelog
trunk/debian/openssh-server.default
trunk/debian/po/ko.po
trunk/debian/po/ro.po
trunk/debian/ssh-askpass-gnome.desktop
trunk/defines.h
trunk/dh.c
trunk/dh.h
trunk/dns.c
trunk/groupaccess.c
trunk/groupaccess.h
trunk/gss-serv.c
trunk/includes.h
trunk/key.c
trunk/key.h
trunk/log.c
trunk/log.h
trunk/mac.c
trunk/match.c
trunk/match.h
trunk/misc.c
trunk/misc.h
trunk/moduli
trunk/moduli.c
trunk/monitor.c
trunk/monitor_fdpass.c
trunk/monitor_fdpass.h
trunk/monitor_mm.h
trunk/monitor_wrap.c
trunk/nchan.c
trunk/nchan2.ms
trunk/openbsd-compat/Makefile.in
trunk/openbsd-compat/base64.c
trunk/openbsd-compat/bindresvport.c
trunk/openbsd-compat/bsd-arc4random.c
trunk/openbsd-compat/bsd-asprintf.c
trunk/openbsd-compat/bsd-cygwin_util.c
trunk/openbsd-compat/bsd-poll.c
trunk/openbsd-compat/fake-rfc2553.c
trunk/openbsd-compat/fake-rfc2553.h
trunk/openbsd-compat/getrrsetbyname.c
trunk/openbsd-compat/getrrsetbyname.h
trunk/openbsd-compat/glob.c
trunk/openbsd-compat/glob.h
trunk/openbsd-compat/openbsd-compat.h
trunk/openbsd-compat/openssl-compat.c
trunk/openbsd-compat/openssl-compat.h
trunk/openbsd-compat/port-aix.c
trunk/openbsd-compat/port-aix.h
trunk/openbsd-compat/port-linux.c
trunk/openbsd-compat/port-linux.h
trunk/openbsd-compat/port-tun.c
trunk/openbsd-compat/regress/closefromtest.c
trunk/openbsd-compat/regress/strtonumtest.c
trunk/openbsd-compat/rresvport.c
trunk/openbsd-compat/setenv.c
trunk/openbsd-compat/setproctitle.c
trunk/openbsd-compat/sigact.c
trunk/openbsd-compat/sys-queue.h
trunk/openbsd-compat/sys-tree.h
trunk/packet.c
trunk/packet.h
trunk/readconf.c
trunk/readconf.h
trunk/regress/Makefile
trunk/regress/agent-getpeereid.sh
trunk/regress/agent.sh
trunk/regress/cfgmatch.sh
trunk/regress/cipher-speed.sh
trunk/regress/sftp-badcmds.sh
trunk/regress/sftp-cmds.sh
trunk/regress/sftp-glob.sh
trunk/regress/test-exec.sh
trunk/regress/try-ciphers.sh
trunk/scp.0
trunk/scp.1
trunk/scp.c
trunk/servconf.c
trunk/servconf.h
trunk/serverloop.c
trunk/session.c
trunk/session.h
trunk/sftp-client.c
trunk/sftp-client.h
trunk/sftp-server.0
trunk/sftp-server.8
trunk/sftp-server.c
trunk/sftp.0
trunk/sftp.1
trunk/sftp.c
trunk/sftp.h
trunk/ssh-add.0
trunk/ssh-add.1
trunk/ssh-add.c
trunk/ssh-agent.0
trunk/ssh-agent.1
trunk/ssh-agent.c
trunk/ssh-keygen.0
trunk/ssh-keygen.1
trunk/ssh-keygen.c
trunk/ssh-keyscan.0
trunk/ssh-keyscan.1
trunk/ssh-keyscan.c
trunk/ssh-keysign.0
trunk/ssh-keysign.8
trunk/ssh-rand-helper.0
trunk/ssh-vulnkey.c
trunk/ssh.0
trunk/ssh.1
trunk/ssh.c
trunk/ssh_config
trunk/ssh_config.0
trunk/ssh_config.5
trunk/sshconnect.c
trunk/sshconnect.h
trunk/sshconnect2.c
trunk/sshd.0
trunk/sshd.8
trunk/sshd.c
trunk/sshd_config
trunk/sshd_config.0
trunk/sshd_config.5
trunk/sshlogin.c
trunk/sshpty.c
trunk/sshpty.h
trunk/sshtty.c
trunk/ttymodes.c
trunk/umac.c
trunk/version.h
Log:
upgraded to upstream version 1:5.1p1-5
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ChangeLog 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,3 +1,1529 @@
+20080721
+ - (djm) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2008/07/18 22:51:01
+ [sftp-server.8]
+ no need for .Pp before or after .Sh;
+ - djm at cvs.openbsd.org 2008/07/21 08:19:07
+ [version.h]
+ openssh-5.1
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update version number in README and RPM specs
+ - (djm) Release OpenSSH-5.1
+
+20080717
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/07/17 08:48:00
+ [sshconnect2.c]
+ strnvis preauth banner; pointed out by mpf@ ok markus@
+ - djm at cvs.openbsd.org 2008/07/17 08:51:07
+ [auth2-hostbased.c]
+ strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes
+ report and patch from res AT qoxp.net (bz#1200); ok markus@
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Remove long-unneeded compat
+ code, replace with equivalent cygwin library call. Patch from vinschen
+ at redhat.com, ok djm at .
+ - (djm) [sshconnect2.c] vis.h isn't available everywhere
+
+20080716
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/07/15 02:23:14
+ [sftp.1]
+ number of pipelined requests is now 64;
+ prodded by Iain.Morgan AT nasa.gov
+ - djm at cvs.openbsd.org 2008/07/16 11:51:14
+ [clientloop.c]
+ rename variable first_gc -> last_gc (since it is actually the last
+ in the list).
+ - djm at cvs.openbsd.org 2008/07/16 11:52:19
+ [channels.c]
+ this loop index should be automatic, not static
+
+20080714
+ - (djm) OpenBSD CVS Sync
+ - sthen at cvs.openbsd.org 2008/07/13 21:22:52
+ [ssh-keygen.c]
+ Change "ssh-keygen -F [host] -l" to not display random art unless
+ -v is also specified, making it consistent with the manual and other
+ uses of -l.
+ ok grunk@
+ - djm at cvs.openbsd.org 2008/07/13 22:13:07
+ [channels.c]
+ use struct sockaddr_storage instead of struct sockaddr for accept(2)
+ address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
+ - djm at cvs.openbsd.org 2008/07/13 22:16:03
+ [sftp.c]
+ increase number of piplelined requests so they properly fill the
+ (recently increased) channel window. prompted by rapier AT psc.edu;
+ ok markus@
+ - djm at cvs.openbsd.org 2008/07/14 01:55:56
+ [sftp-server.8]
+ mention requirement for /dev/log inside chroot when using sftp-server
+ with ChrootDirectory
+ - (djm) [openbsd-compat/bindresvport.c] Rename variables s/sin/in/ to
+ avoid clash with sin(3) function; reported by
+ cristian.ionescu-idbohrn AT axis.com
+ - (djm) [openbsd-compat/rresvport.c] Add unistd.h for missing close()
+ prototype; reported by cristian.ionescu-idbohrn AT axis.com
+ - (djm) [umac.c] Rename variable s/buffer_ptr/bufp/ to avoid clash;
+ reported by cristian.ionescu-idbohrn AT axis.com
+ - (djm) [contrib/cygwin/Makefile contrib/cygwin/ssh-host-config]
+ [contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd]
+ Revamped and simplified Cygwin ssh-host-config script that uses
+ unified csih configuration tool. Requires recent Cygwin.
+ Patch from vinschen AT redhat.com
+
+20080712
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/07/12 04:52:50
+ [channels.c]
+ unbreak; move clearing of cctx struct to before first use
+ reported by dkrause@
+ - djm at cvs.openbsd.org 2008/07/12 05:33:41
+ [scp.1]
+ better description for -i flag:
+ s/RSA authentication/public key authentication/
+ - (djm) [openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h]
+ return EAI_FAMILY when trying to lookup unsupported address family;
+ from vinschen AT redhat.com
+
+20080711
+ - (djm) OpenBSD CVS Sync
+ - stevesk at cvs.openbsd.org 2008/07/07 00:31:41
+ [ttymodes.c]
+ we don't need arg after the debug3() was removed. from lint.
+ ok djm@
+ - stevesk at cvs.openbsd.org 2008/07/07 23:32:51
+ [key.c]
+ /*NOTREACHED*/ for lint warning:
+ warning: function key_equal falls off bottom without returning value
+ ok djm@
+ - markus at cvs.openbsd.org 2008/07/10 18:05:58
+ [channels.c]
+ missing bzero; from mickey; ok djm@
+ - markus at cvs.openbsd.org 2008/07/10 18:08:11
+ [clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c]
+ sync v1 and v2 traffic accounting; add it to sshd, too;
+ ok djm@, dtucker@
+
+20080709
+ - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass
+ - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
+ account check failure path. The vulnerable format buffer is supplied
+ from PAM and should not contain attacker-supplied data.
+ - (djm) [auth.c] Missing unistd.h for close()
+ - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x
+
+20080705
+ - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed
+ passwords disabled. bz#1083 report & patch from senthilkumar_sen AT
+ hotpop.com, w/ dtucker@
+ - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for
+ Tru64. readv doesn't seem to be a comparable object there.
+ bz#1386, patch from dtucker@ ok me
+ - (djm) [Makefile.in] Pass though pass to conch for interop tests
+ - (djm) [configure.ac] unbreak: remove extra closing brace
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/07/04 23:08:25
+ [packet.c]
+ handle EINTR in packet_write_poll()l ok dtucker@
+ - djm at cvs.openbsd.org 2008/07/04 23:30:16
+ [auth1.c auth2.c]
+ Make protocol 1 MaxAuthTries logic match protocol 2's.
+ Do not treat the first protocol 2 authentication attempt as
+ a failure IFF it is for method "none".
+ Makes MaxAuthTries' user-visible behaviour identical for
+ protocol 1 vs 2.
+ ok dtucker@
+ - djm at cvs.openbsd.org 2008/07/05 05:16:01
+ [PROTOCOL]
+ grammar
+
+20080704
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/07/02 13:30:34
+ [auth2.c]
+ really really remove the freebie "none" auth try for protocol 2
+ - djm at cvs.openbsd.org 2008/07/02 13:47:39
+ [ssh.1 ssh.c]
+ When forking after authentication ("ssh -f") with ExitOnForwardFailure
+ enabled, delay the fork until after replies for any -R forwards have
+ been seen. Allows for robust detection of -R forward failure when
+ using -f (similar to bz#92); ok dtucker@
+ - otto at cvs.openbsd.org 2008/07/03 21:46:58
+ [auth2-pubkey.c]
+ avoid nasty double free; ok dtucker@ djm@
+ - djm at cvs.openbsd.org 2008/07/04 03:44:59
+ [servconf.c groupaccess.h groupaccess.c]
+ support negation of groups in "Match group" block (bz#1315); ok dtucker@
+ - dtucker at cvs.openbsd.org 2008/07/04 03:47:02
+ [monitor.c]
+ Make debug a little clearer. ok djm@
+ - djm at cvs.openbsd.org 2008/06/30 08:07:34
+ [regress/key-options.sh]
+ shell portability: use "=" instead of "==" in test(1) expressions,
+ double-quote string with backslash escaped /
+ - djm at cvs.openbsd.org 2008/06/30 10:31:11
+ [regress/{putty-transfer,putty-kex,putty-ciphers}.sh]
+ remove "set -e" left over from debugging
+ - djm at cvs.openbsd.org 2008/06/30 10:43:03
+ [regress/conch-ciphers.sh]
+ explicitly disable conch options that could interfere with the test
+ - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link
+ returns EXDEV. Patch from Mike Garrison, ok djm@
+ - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
+ [packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
+ [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
+ some platforms (HP nonstop) it is a distinct errno;
+ bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
+
+20080702
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/06/30 08:05:59
+ [PROTOCOL.agent]
+ typo: s/constraint_date/constraint_data/
+ - djm at cvs.openbsd.org 2008/06/30 12:15:39
+ [serverloop.c]
+ only pass channel requests on session channels through to the session
+ channel handler, avoiding spurious log messages; ok! markus@
+ - djm at cvs.openbsd.org 2008/06/30 12:16:02
+ [nchan.c]
+ only send eow at openssh.com notifications for session channels; ok! markus@
+ - djm at cvs.openbsd.org 2008/06/30 12:18:34
+ [PROTOCOL]
+ clarify that eow at openssh.com is only sent on session channels
+ - dtucker at cvs.openbsd.org 2008/07/01 07:20:52
+ [sshconnect.c]
+ Check ExitOnForwardFailure if forwardings are disabled due to a failed
+ host key check. ok djm@
+ - dtucker at cvs.openbsd.org 2008/07/01 07:24:22
+ [sshconnect.c sshd.c]
+ Send CR LF during protocol banner exchanges, but only for Protocol 2 only,
+ in order to comply with RFC 4253. bz #1443, ok djm@
+ - stevesk at cvs.openbsd.org 2008/07/01 23:12:47
+ [PROTOCOL.agent]
+ fix some typos; ok djm@
+ - djm at cvs.openbsd.org 2008/07/02 02:24:18
+ [sshd_config sshd_config.5 sshd.8 servconf.c]
+ increase default size of ssh protocol 1 ephemeral key from 768 to 1024
+ bits; prodded by & ok dtucker@ ok deraadt@
+ - dtucker at cvs.openbsd.org 2008/07/02 12:03:51
+ [auth-rsa.c auth.c auth2-pubkey.c auth.h]
+ Merge duplicate host key file checks, based in part on a patch from Rob
+ Holland via bz #1348 . Also checks for non-regular files during protocol
+ 1 RSA auth. ok djm@
+ - djm at cvs.openbsd.org 2008/07/02 12:36:39
+ [auth2-none.c auth2.c]
+ Make protocol 2 MaxAuthTries behaviour a little more sensible:
+ Check whether client has exceeded MaxAuthTries before running
+ an authentication method and skip it if they have, previously it
+ would always allow one try (for "none" auth).
+ Preincrement failure count before post-auth test - previously this
+ checked and postincremented, also to allow one "none" try.
+ Together, these two changes always count the "none" auth method
+ which could be skipped by a malicious client (e.g. an SSH worm)
+ to get an extra attempt at a real auth method. They also make
+ MaxAuthTries=0 a useful way to block users entirely (esp. in a
+ sshd_config Match block).
+ Also, move sending of any preauth banner from "none" auth method
+ to the first call to input_userauth_request(), so worms that skip
+ the "none" method get to see it too.
+
+20080630
+ - (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2008/06/10 23:13:43
+ [regress/Makefile regress/key-options.sh]
+ Add regress test for key options. ok djm@
+ - dtucker at cvs.openbsd.org 2008/06/11 23:11:40
+ [regress/Makefile]
+ Don't run cipher-speed test by default; mistakenly enabled by me
+ - djm at cvs.openbsd.org 2008/06/28 13:57:25
+ [regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh]
+ very basic regress test against Twisted Conch in "make interop"
+ target (conch is available in ports/devel/py-twisted/conch);
+ ok markus@
+ - (djm) [regress/Makefile] search for conch by path, like we do putty
+
+20080629
+ - (djm) OpenBSD CVS Sync
+ - martynas at cvs.openbsd.org 2008/06/21 07:46:46
+ [sftp.c]
+ use optopt to get invalid flag, instead of return value of getopt,
+ which is always '?'; ok djm@
+ - otto at cvs.openbsd.org 2008/06/25 11:13:43
+ [key.c]
+ add key length to visual fingerprint; zap magical constants;
+ ok grunk@ djm@
+ - djm at cvs.openbsd.org 2008/06/26 06:10:09
+ [sftp-client.c sftp-server.c]
+ allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
+ bits. Note that this only affects explicit setting of modes (e.g. via
+ sftp(1)'s chmod command) and not file transfers. (bz#1310)
+ ok deraadt@ at c2k8
+ - djm at cvs.openbsd.org 2008/06/26 09:19:40
+ [dh.c dh.h moduli.c]
+ when loading moduli from /etc/moduli in sshd(8), check that they
+ are of the expected "safe prime" structure and have had
+ appropriate primality tests performed;
+ feedback and ok dtucker@
+ - grunk at cvs.openbsd.org 2008/06/26 11:46:31
+ [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
+ Move SSH Fingerprint Visualization away from sharing the config option
+ CheckHostIP to an own config option named VisualHostKey.
+ While there, fix the behaviour that ssh would draw a random art picture
+ on every newly seen host even when the option was not enabled.
+ prodded by deraadt@, discussions,
+ help and ok markus@ djm@ dtucker@
+ - jmc at cvs.openbsd.org 2008/06/26 21:11:46
+ [ssh.1]
+ add VisualHostKey to the list of options listed in -o;
+ - djm at cvs.openbsd.org 2008/06/28 07:25:07
+ [PROTOCOL]
+ spelling fixes
+ - djm at cvs.openbsd.org 2008/06/28 13:58:23
+ [ssh-agent.c]
+ refuse to add a key that has unknown constraints specified;
+ ok markus
+ - djm at cvs.openbsd.org 2008/06/28 14:05:15
+ [ssh-agent.c]
+ reset global compat flag after processing a protocol 2 signature
+ request with the legacy DSA encoding flag set; ok markus
+ - djm at cvs.openbsd.org 2008/06/28 14:08:30
+ [PROTOCOL PROTOCOL.agent]
+ document the protocol used by ssh-agent; "looks ok" markus@
+
+20080628
+ - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec]
+ RFC.nroff lacks a license, remove it (it is long gone in OpenBSD).
+
+20080626
+ - (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD.
+ (bz#1372)
+ - (djm) [ contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Include moduli.5 in RPM spec files.
+
+20080616
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2008/06/16 13:22:53
+ [session.c channels.c]
+ Rename the isatty argument to is_tty so we don't shadow
+ isatty(3). ok markus@
+ - (dtucker) [channels.c] isatty -> is_tty here too.
+
+20080615
+ - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc.
+ - OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2008/06/14 15:49:48
+ [sshd.c]
+ wrap long line at 80 chars
+ - dtucker at cvs.openbsd.org 2008/06/14 17:07:11
+ [sshd.c]
+ ensure default umask disallows at least group and world write; ok djm@
+ - djm at cvs.openbsd.org 2008/06/14 18:33:43
+ [session.c]
+ suppress the warning message from chdir(homedir) failures
+ when chrooted (bz#1461); ok dtucker
+ - dtucker at cvs.openbsd.org 2008/06/14 19:42:10
+ [scp.1]
+ Mention that scp follows symlinks during -r. bz #1466,
+ from nectar at apple
+ - dtucker at cvs.openbsd.org 2008/06/15 16:55:38
+ [sshd_config.5]
+ MaxSessions is allowed in a Match block too
+ - dtucker at cvs.openbsd.org 2008/06/15 16:58:40
+ [servconf.c sshd_config.5]
+ Allow MaxAuthTries within a Match block. ok djm@
+ - djm at cvs.openbsd.org 2008/06/15 20:06:26
+ [channels.c channels.h session.c]
+ don't call isatty() on a pty master, instead pass a flag down to
+ channel_set_fds() indicating that te fds refer to a tty. Fixes a
+ hang on exit on Solaris (bz#1463) in portable but is actually
+ a generic bug; ok dtucker deraadt markus
+
+20080614
+ - (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction
+ replacement code; patch from ighighi AT gmail.com in bz#1240;
+ ok dtucker
+
+20080613
+ - (dtucker) OpenBSD CVS Sync
+ - deraadt at cvs.openbsd.org 2008/06/13 09:44:36
+ [packet.c]
+ compile on older gcc; no decl after code
+ - dtucker at cvs.openbsd.org 2008/06/13 13:56:59
+ [monitor.c]
+ Clear key options in the monitor on failed authentication, prevents
+ applying additional restrictions to non-pubkey authentications in
+ the case where pubkey fails but another method subsequently succeeds.
+ bz #1472, found by Colin Watson, ok markus@ djm@
+ - dtucker at cvs.openbsd.org 2008/06/13 14:18:51
+ [auth2-pubkey.c auth-rhosts.c]
+ Include unistd.h for close(), prevents warnings in -portable
+ - dtucker at cvs.openbsd.org 2008/06/13 17:21:20
+ [mux.c]
+ Friendlier error messages for mux fallback. ok djm@
+ - dtucker at cvs.openbsd.org 2008/06/13 18:55:22
+ [scp.c]
+ Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
+ - grunk at cvs.openbsd.org 2008/06/13 20:13:26
+ [ssh.1]
+ Explain the use of SSH fpr visualization using random art, and cite the
+ original scientific paper inspiring that technique.
+ Much help with English and nroff by jmc@, thanks.
+ - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which
+ despite its name doesn't seem to implement all of GSSAPI. Patch from
+ Jan Engelhardt, sanity checked by Simon Wilkinson.
+
+20080612
+ - (dtucker) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2008/06/11 07:30:37
+ [sshd.8]
+ kill trailing whitespace;
+ - grunk at cvs.openbsd.org 2008/06/11 21:01:35
+ [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
+ sshconnect.c]
+ Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
+ graphical hash visualization schemes known as "random art", and by
+ Dan Kaminsky's musings on the subject during a BlackOp talk at the
+ 23C3 in Berlin.
+ Scientific publication (original paper):
+ "Hash Visualization: a New Technique to improve Real-World Security",
+ Perrig A. and Song D., 1999, International Workshop on Cryptographic
+ Techniques and E-Commerce (CrypTEC '99)
+ http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
+ The algorithm used here is a worm crawling over a discrete plane,
+ leaving a trace (augmenting the field) everywhere it goes.
+ Movement is taken from dgst_raw 2bit-wise. Bumping into walls
+ makes the respective movement vector be ignored for this turn,
+ thus switching to the other color of the chessboard.
+ Graphs are not unambiguous for now, because circles in graphs can be
+ walked in either direction.
+ discussions with several people,
+ help, corrections and ok markus@ djm@
+ - grunk at cvs.openbsd.org 2008/06/11 21:38:25
+ [ssh-keygen.c]
+ ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pub
+ would not display you the random art as intended, spotted by canacar@
+ - grunk at cvs.openbsd.org 2008/06/11 22:20:46
+ [ssh-keygen.c ssh-keygen.1]
+ ssh-keygen would write fingerprints to STDOUT, and random art to STDERR,
+ that is not how it was envisioned.
+ Also correct manpage saying that -v is needed along with -l for it to work.
+ spotted by naddy@
+ - otto at cvs.openbsd.org 2008/06/11 23:02:22
+ [key.c]
+ simpler way of computing the augmentations; ok grunk@
+ - grunk at cvs.openbsd.org 2008/06/11 23:03:56
+ [ssh_config.5]
+ CheckHostIP set to ``fingerprint'' will display both hex and random art
+ spotted by naddy@
+ - grunk at cvs.openbsd.org 2008/06/11 23:51:57
+ [key.c]
+ #define statements that are not atoms need braces around them, else they
+ will cause trouble in some cases.
+ Also do a computation of -1 once, and not in a loop several times.
+ spotted by otto@
+ - dtucker at cvs.openbsd.org 2008/06/12 00:03:49
+ [dns.c canohost.c sshconnect.c]
+ Do not pass "0" strings as ports to getaddrinfo because the lookups
+ can slow things down and we never use the service info anyway. bz
+ #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok
+ deraadt@ djm@
+ djm belives that the reason for the "0" strings is to ensure that
+ it's not possible to call getaddrinfo with both host and port being
+ NULL. In the case of canohost.c host is a local array. In the
+ case of sshconnect.c, it's checked for null immediately before use.
+ In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
+ be non-null but it's not obvious, so I added a warning message in
+ case it is ever passed a null.
+ - grunk at cvs.openbsd.org 2008/06/12 00:13:55
+ [sshconnect.c]
+ Make ssh print the random art also when ssh'ing to a host using IP only.
+ spotted by naddy@, ok and help djm@ dtucker@
+ - otto at cvs.openbsd.org 2008/06/12 00:13:13
+ [key.c]
+ use an odd number of rows and columns and a separate start marker, looks
+ better; ok grunk@
+ - djm at cvs.openbsd.org 2008/06/12 03:40:52
+ [clientloop.h mux.c channels.c clientloop.c channels.h]
+ Enable ~ escapes for multiplex slave sessions; give each channel
+ its own escape state and hook the escape filters up to muxed
+ channels. bz #1331
+ Mux slaves do not currently support the ~^Z and ~& escapes.
+ NB. this change cranks the mux protocol version, so a new ssh
+ mux client will not be able to connect to a running old ssh
+ mux master.
+ ok dtucker@
+ - djm at cvs.openbsd.org 2008/06/12 04:06:00
+ [clientloop.h ssh.c clientloop.c]
+ maintain an ordered queue of outstanding global requests that we
+ expect replies to, similar to the per-channel confirmation queue.
+ Use this queue to verify success or failure for remote forward
+ establishment in a race free way.
+ ok dtucker@
+ - djm at cvs.openbsd.org 2008/06/12 04:17:47
+ [clientloop.c]
+ thall shalt not code past the eightieth column
+ - djm at cvs.openbsd.org 2008/06/12 04:24:06
+ [ssh.c]
+ thal shalt not code past the eightieth column
+ - djm at cvs.openbsd.org 2008/06/12 05:15:41
+ [PROTOCOL]
+ document tun at openssh.com forwarding method
+ - djm at cvs.openbsd.org 2008/06/12 05:32:30
+ [mux.c]
+ some more TODO for me
+ - grunk at cvs.openbsd.org 2008/06/12 05:42:46
+ [key.c]
+ supply the key type (rsa1, rsa, dsa) as a caption in the frame of the
+ random art. while there, stress the fact that the field base should at
+ least be 8 characters for the pictures to make sense.
+ comment and ok djm@
+ - grunk at cvs.openbsd.org 2008/06/12 06:32:59
+ [key.c]
+ We already mark the start of the worm, now also mark the end of the worm
+ in our random art drawings.
+ ok djm@
+ - djm at cvs.openbsd.org 2008/06/12 15:19:17
+ [clientloop.h channels.h clientloop.c channels.c mux.c]
+ The multiplexing escape char handler commit last night introduced a
+ small memory leak per session; plug it.
+ - dtucker at cvs.openbsd.org 2008/06/12 16:35:31
+ [ssh_config.5 ssh.c]
+ keyword expansion for localcommand. ok djm@
+ - jmc at cvs.openbsd.org 2008/06/12 19:10:09
+ [ssh_config.5 ssh-keygen.1]
+ tweak the ascii art text; ok grunk
+ - dtucker at cvs.openbsd.org 2008/06/12 20:38:28
+ [sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
+ Make keepalive timeouts apply while waiting for a packet, particularly
+ during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
+ - djm at cvs.openbsd.org 2008/06/12 20:47:04
+ [sftp-client.c]
+ print extension revisions for extensions that we understand
+ - djm at cvs.openbsd.org 2008/06/12 21:06:25
+ [clientloop.c]
+ I was coalescing expected global request confirmation replies at
+ the wrong end of the queue - fix; prompted by markus@
+ - grunk at cvs.openbsd.org 2008/06/12 21:14:46
+ [ssh-keygen.c]
+ make ssh-keygen -lf show the key type just as ssh-add -l would do it
+ ok djm@ markus@
+ - grunk at cvs.openbsd.org 2008/06/12 22:03:36
+ [key.c]
+ add my copyright, ok djm@
+ - ian at cvs.openbsd.org 2008/06/12 23:24:58
+ [sshconnect.c]
+ tweak wording in message, ok deraadt@ jmc@
+ - dtucker at cvs.openbsd.org 2008/06/13 00:12:02
+ [sftp.h log.h]
+ replace __dead with __attribute__((noreturn)), makes things
+ a little easier to port. Also, add it to sigdie(). ok djm@
+ - djm at cvs.openbsd.org 2008/06/13 00:16:49
+ [mux.c]
+ fall back to creating a new TCP connection on most multiplexing errors
+ (socket connect fail, invalid version, refused permittion, corrupted
+ messages, etc.); bz #1329 ok dtucker@
+ - dtucker at cvs.openbsd.org 2008/06/13 00:47:53
+ [mux.c]
+ upcast size_t to u_long to match format arg; ok djm@
+ - dtucker at cvs.openbsd.org 2008/06/13 00:51:47
+ [mac.c]
+ upcast another size_t to u_long to match format
+ - dtucker at cvs.openbsd.org 2008/06/13 01:38:23
+ [misc.c]
+ upcast uid to long with matching %ld, prevents warnings in portable
+ - djm at cvs.openbsd.org 2008/06/13 04:40:22
+ [auth2-pubkey.c auth-rhosts.c]
+ refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
+ regular files; report from Solar Designer via Colin Watson in bz#1471
+ ok dtucker@ deraadt
+ - (dtucker) [clientloop.c serverloop.c] channel_register_filter now
+ takes 2 more args. with djm@
+ - (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch
+ from Todd Vierling.
+ - (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA
+ systems. Patch from R. Scott Bailey.
+ - (dtucker) [umac.c] STORE_UINT32_REVERSED and endian_convert are never used
+ on big endian machines, so ifdef them for little-endian only to prevent
+ unused function warnings on big-endians.
+ - (dtucker) [openbsd-compat/setenv.c] Make offsets size_t to prevent
+ compiler warnings on some platforms. Based on a discussion with otto@
+
+20080611
+ - (djm) [channels.c configure.ac]
+ Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no)
+ bz#1464; ok dtucker
+
+20080610
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/06/10 03:57:27
+ [servconf.c match.h sshd_config.5]
+ support CIDR address matching in sshd_config "Match address" blocks, with
+ full support for negation and fall-back to classic wildcard matching.
+ For example:
+ Match address 192.0.2.0/24,3ffe:ffff::/32,!10.*
+ PasswordAuthentication yes
+ addrmatch.c code mostly lifted from flowd's addr.c
+ feedback and ok dtucker@
+ - djm at cvs.openbsd.org 2008/06/10 04:17:46
+ [sshd_config.5]
+ better reference for pattern-list
+ - dtucker at cvs.openbsd.org 2008/06/10 04:50:25
+ [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
+ Add extended test mode (-T) and connection parameters for test mode (-C).
+ -T causes sshd to write its effective configuration to stdout and exit.
+ -C causes any relevant Match rules to be applied before output. The
+ combination allows tesing of the parser and config files. ok deraadt djm
+ - jmc at cvs.openbsd.org 2008/06/10 07:12:00
+ [sshd_config.5]
+ tweak previous;
+ - jmc at cvs.openbsd.org 2008/06/10 08:17:40
+ [sshd.8 sshd.c]
+ - update usage()
+ - fix SYNOPSIS, and sort options
+ - some minor additional fixes
+ - dtucker at cvs.openbsd.org 2008/06/09 18:06:32
+ [regress/test-exec.sh]
+ Don't generate putty keys if we're not going to use them. ok djm
+ - dtucker at cvs.openbsd.org 2008/06/10 05:23:32
+ [regress/addrmatch.sh regress/Makefile]
+ Regress test for Match CIDR rules. ok djm@
+ - dtucker at cvs.openbsd.org 2008/06/10 15:21:41
+ [test-exec.sh]
+ Use a more portable construct for checking if we're running a putty test
+ - dtucker at cvs.openbsd.org 2008/06/10 15:28:49
+ [test-exec.sh]
+ Add quotes
+ - dtucker at cvs.openbsd.org 2008/06/10 18:21:24
+ [ssh_config.5]
+ clarify that Host patterns are space-separated. ok deraadt
+ - djm at cvs.openbsd.org 2008/06/10 22:15:23
+ [PROTOCOL ssh.c serverloop.c]
+ Add a no-more-sessions at openssh.com global request extension that the
+ client sends when it knows that it will never request another session
+ (i.e. when session multiplexing is disabled). This allows a server to
+ disallow further session requests and terminate the session.
+ Why would a non-multiplexing client ever issue additional session
+ requests? It could have been attacked with something like SSH'jack:
+ http://www.storm.net.nz/projects/7
+ feedback & ok markus
+ - djm at cvs.openbsd.org 2008/06/10 23:06:19
+ [auth-options.c match.c servconf.c addrmatch.c sshd.8]
+ support CIDR address matching in .ssh/authorized_keys from="..." stanzas
+ ok and extensive testing dtucker@
+ - dtucker at cvs.openbsd.org 2008/06/10 23:21:34
+ [bufaux.c]
+ Use '\0' for a nul byte rather than unadorned 0. ok djm@
+ - dtucker at cvs.openbsd.org 2008/06/10 23:13:43
+ [Makefile regress/key-options.sh]
+ Add regress test for key options. ok djm@
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6
+ since the new CIDR code in addmatch.c references it.
+ - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6
+ specific tests on platforms that don't do IPv6.
+ - (dtucker) [Makefile.in] Define TEST_SSH_IPV6 in make's arguments as well
+ as environment.
+ - (dtucker) [Makefile.in] Move addrmatch.o to libssh.a where it's needed now.
+
+20080609
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2008/06/08 17:04:41
+ [sftp-server.c]
+ Add case for ENOSYS in errno_to_portable; ok deraadt
+ - dtucker at cvs.openbsd.org 2008/06/08 20:15:29
+ [sftp.c sftp-client.c sftp-client.h]
+ Have the sftp client store the statvfs replies in wire format,
+ which prevents problems when the server's native sizes exceed the
+ client's.
+ Also extends the sizes of the remaining 32bit wire format to 64bit,
+ they're specified as unsigned long in the standard.
+ - dtucker at cvs.openbsd.org 2008/06/09 13:02:39
+ [sftp-server.c]
+ Extend 32bit -> 64bit values for statvfs extension missed in previous
+ commit.
+ - dtucker at cvs.openbsd.org 2008/06/09 13:38:46
+ [PROTOCOL]
+ Use a $OpenBSD tag so our scripts will sync changes.
+
+20080608
+ - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c
+ openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
+ openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and
+ fstatvfs and remove #defines around statvfs code. ok djm@
+ - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a
+ macro to convert fsid to unsigned long for platforms where fsid is a
+ 2-member array.
+
+20080607
+ - (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H.
+ - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c]
+ Do not enable statvfs extensions on platforms that do not have statvfs.
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/05/19 06:14:02
+ [packet.c] unbreak protocol keepalive timeouts bz#1465; ok dtucker@
+ - djm at cvs.openbsd.org 2008/05/19 15:45:07
+ [sshtty.c ttymodes.c sshpty.h]
+ Fix sending tty modes when stdin is not a tty (bz#1199). Previously
+ we would send the modes corresponding to a zeroed struct termios,
+ whereas we should have been sending an empty list of modes.
+ Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@
+ - djm at cvs.openbsd.org 2008/05/19 15:46:31
+ [ssh-keygen.c]
+ support -l (print fingerprint) in combination with -F (find host) to
+ search for a host in ~/.ssh/known_hosts and display its fingerprint;
+ ok markus@
+ - djm at cvs.openbsd.org 2008/05/19 20:53:52
+ [clientloop.c]
+ unbreak tree by committing this bit that I missed from:
+ Fix sending tty modes when stdin is not a tty (bz#1199). Previously
+ we would send the modes corresponding to a zeroed struct termios,
+ whereas we should have been sending an empty list of modes.
+ Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@
+
+20080604
+ - (djm) [openbsd-compat/bsd-arc4random.c] Fix math bug that caused bias
+ in arc4random_uniform with upper_bound in (2^30,2*31). Note that
+ OpenSSH did not make requests with upper bounds in this range.
+
+20080519
+ - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in]
+ [openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h]
+ Fix compilation on Linux, including pulling in fmt_scaled(3)
+ implementation from OpenBSD's libutil.
+
+20080518
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/04/04 05:14:38
+ [sshd_config.5]
+ ChrootDirectory is supported in Match blocks (in fact, it is most useful
+ there). Spotted by Minstrel AT minstrel.org.uk
+ - djm at cvs.openbsd.org 2008/04/04 06:44:26
+ [sshd_config.5]
+ oops, some unrelated stuff crept into that commit - backout.
+ spotted by jmc@
+ - djm at cvs.openbsd.org 2008/04/05 02:46:02
+ [sshd_config.5]
+ HostbasedAuthentication is supported under Match too
+ - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c]
+ [configure.ac] Implement arc4random_buf(), import implementation of
+ arc4random_uniform() from OpenBSD
+ - (djm) [openbsd-compat/bsd-arc4random.c] Warning fixes
+ - (djm) [openbsd-compat/port-tun.c] needs sys/queue.h
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2008/04/13 00:22:17
+ [dh.c sshd.c]
+ Use arc4random_buf() when requesting more than a single word of output
+ Use arc4random_uniform() when the desired random number upper bound
+ is not a power of two
+ ok deraadt@ millert@
+ - djm at cvs.openbsd.org 2008/04/18 12:32:11
+ [sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
+ introduce sftp extension methods statvfs at openssh.com and
+ fstatvfs at openssh.com that implement statvfs(2)-like operations,
+ based on a patch from miklos AT szeredi.hu (bz#1399)
+ also add a "df" command to the sftp client that uses the
+ statvfs at openssh.com to produce a df(1)-like display of filesystem
+ space and inode utilisation
+ ok markus@
+ - jmc at cvs.openbsd.org 2008/04/18 17:15:47
+ [sftp.1]
+ macro fixage;
+ - djm at cvs.openbsd.org 2008/04/18 22:01:33
+ [session.c]
+ remove unneccessary parentheses
+ - otto at cvs.openbsd.org 2008/04/29 11:20:31
+ [monitor_mm.h]
+ garbage collect two unused fields in struct mm_master; ok markus@
+ - djm at cvs.openbsd.org 2008/04/30 10:14:03
+ [ssh-keyscan.1 ssh-keyscan.c]
+ default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by
+ larsnooden AT openoffice.org
+ - pyr at cvs.openbsd.org 2008/05/07 05:49:37
+ [servconf.c servconf.h session.c sshd_config.5]
+ Enable the AllowAgentForwarding option in sshd_config (global and match
+ context), to specify if agents should be permitted on the server.
+ As the man page states:
+ ``Note that disabling Agent forwarding does not improve security
+ unless users are also denied shell access, as they can always install
+ their own forwarders.''
+ ok djm@, ok and a mild frown markus@
+ - pyr at cvs.openbsd.org 2008/05/07 06:43:35
+ [sshd_config]
+ push the sshd_config bits in, spotted by ajacoutot@
+ - jmc at cvs.openbsd.org 2008/05/07 08:00:14
+ [sshd_config.5]
+ sort;
+ - markus at cvs.openbsd.org 2008/05/08 06:59:01
+ [bufaux.c buffer.h channels.c packet.c packet.h]
+ avoid extra malloc/copy/free when receiving data over the net;
+ ~10% speedup for localhost-scp; ok djm@
+ - djm at cvs.openbsd.org 2008/05/08 12:02:23
+ [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
+ [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
+ [ssh.c sshd.c]
+ Implement a channel success/failure status confirmation callback
+ mechanism. Each channel maintains a queue of callbacks, which will
+ be drained in order (RFC4253 guarantees confirm messages are not
+ reordered within an channel).
+ Also includes a abandonment callback to clean up if a channel is
+ closed without sending confirmation messages. This probably
+ shouldn't happen in compliant implementations, but it could be
+ abused to leak memory.
+ ok markus@ (as part of a larger diff)
+ - djm at cvs.openbsd.org 2008/05/08 12:21:16
+ [monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
+ [sshd_config sshd_config.5]
+ Make the maximum number of sessions run-time controllable via
+ a sshd_config MaxSessions knob. This is useful for disabling
+ login/shell/subsystem access while leaving port-forwarding working
+ (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
+ simply increasing the number of allows multiplexed sessions.
+ Because some bozos are sure to configure MaxSessions in excess of the
+ number of available file descriptors in sshd (which, at peak, might be
+ as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
+ on error paths, and make it fail gracefully on out-of-fd conditions -
+ sending channel errors instead of than exiting with fatal().
+ bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
+ ok markus@
+ - djm at cvs.openbsd.org 2008/05/08 13:06:11
+ [clientloop.c clientloop.h ssh.c]
+ Use new channel status confirmation callback system to properly deal
+ with "important" channel requests that fail, in particular command exec,
+ shell and subsystem requests. Previously we would optimistically assume
+ that the requests would always succeed, which could cause hangs if they
+ did not (e.g. when the server runs out of fds) or were unimplemented by
+ the server (bz #1384)
+ Also, properly report failing multiplex channel requests via the mux
+ client stderr (subject to LogLevel in the mux master) - better than
+ silently failing.
+ most bits ok markus@ (as part of a larger diff)
+ - djm at cvs.openbsd.org 2008/05/09 04:55:56
+ [channels.c channels.h clientloop.c serverloop.c]
+ Try additional addresses when connecting to a port forward destination
+ whose DNS name resolves to more than one address. The previous behaviour
+ was to try the first address and give up.
+ Reported by stig AT venaas.com in bz#343
+ great feedback and ok markus@
+ - djm at cvs.openbsd.org 2008/05/09 14:18:44
+ [clientloop.c clientloop.h ssh.c mux.c]
+ tidy up session multiplexing code, moving it into its own file and
+ making the function names more consistent - making ssh.c and
+ clientloop.c a fair bit more readable.
+ ok markus@
+ - djm at cvs.openbsd.org 2008/05/09 14:26:08
+ [ssh.c]
+ dingo stole my diff hunk
+ - markus at cvs.openbsd.org 2008/05/09 16:16:06
+ [session.c]
+ re-add the USE_PIPES code and enable it.
+ without pipes shutdown-read from the sshd does not trigger
+ a SIGPIPE when the forked program does a write.
+ ok djm@
+ (Id sync only, USE_PIPES never left portable OpenSSH)
+ - markus at cvs.openbsd.org 2008/05/09 16:17:51
+ [channels.c]
+ error-fd race: don't enable the error fd in the select bitmask
+ for channels with both in- and output closed, since the channel
+ will go away before we call select();
+ report, lots of debugging help and ok djm@
+ - markus at cvs.openbsd.org 2008/05/09 16:21:13
+ [channels.h clientloop.c nchan.c serverloop.c]
+ unbreak
+ ssh -2 localhost od /bin/ls | true
+ ignoring SIGPIPE by adding a new channel message (EOW) that signals
+ the peer that we're not interested in any data it might send.
+ fixes bz #85; discussion, debugging and ok djm@
+ - pvalchev at cvs.openbsd.org 2008/05/12 20:52:20
+ [umac.c]
+ Ensure nh_result lies on a 64-bit boundary (fixes warnings observed
+ on Itanium on Linux); from Dale Talcott (bug #1462); ok djm@
+ - djm at cvs.openbsd.org 2008/05/15 23:52:24
+ [nchan2.ms]
+ document eow message in ssh protocol 2 channel state machine;
+ feedback and ok markus@
+ - djm at cvs.openbsd.org 2008/05/18 21:29:05
+ [sftp-server.c]
+ comment extension announcement
+ - djm at cvs.openbsd.org 2008/05/16 08:30:42
+ [PROTOCOL]
+ document our protocol extensions and deviations; ok markus@
+ - djm at cvs.openbsd.org 2008/05/17 01:31:56
+ [PROTOCOL]
+ grammar and correctness fixes from stevesk@
+
+20080403
+ - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-
+ time warnings on LynxOS. Patch from ops AT iki.fi
+ - (djm) Force string arguments to replacement setproctitle() though
+ strnvis first. Ok dtucker@
+
+20080403
+ - (djm) OpenBSD CVS sync:
+ - markus at cvs.openbsd.org 2008/04/02 15:36:51
+ [channels.c]
+ avoid possible hijacking of x11-forwarded connections (back out 1.183)
+ CVE-2008-1483; ok djm@
+ - jmc at cvs.openbsd.org 2008/03/27 22:37:57
+ [sshd.8]
+ remove trailing whitespace;
+ - djm at cvs.openbsd.org 2008/04/03 09:50:14
+ [version.h]
+ openssh-5.0
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
+ - (djm) [README] Update link to release notes
+ - (djm) Release 5.0p1
+
+20080315
+ - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
+ empty; report and patch from Peter Stuge
+ - (djm) [regress/test-exec.sh] Silence noise from detection of putty
+ commands; report from Peter Stuge
+ - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
+ crashes when used with ChrootDirectory
+
+
+20080327
+ - (dtucker) Cache selinux status earlier so we know if it's enabled after a
+ chroot. Allows ChrootDirectory to work with selinux support compiled in
+ but not enabled. Using it with selinux enabled will require some selinux
+ support inside the chroot. "looks sane" djm@
+ - (djm) Fix RCS ident in sftp-server-main.c
+ - (djm) OpenBSD CVS sync:
+ - jmc at cvs.openbsd.org 2008/02/11 07:58:28
+ [ssh.1 sshd.8 sshd_config.5]
+ bump Mdocdate for pages committed in "febuary", necessary because
+ of a typo in rcs.c;
+ - deraadt at cvs.openbsd.org 2008/03/13 01:49:53
+ [monitor_fdpass.c]
+ Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
+ an extensive discussion with otto, kettenis, millert, and hshoexer
+ - deraadt at cvs.openbsd.org 2008/03/15 16:19:02
+ [monitor_fdpass.c]
+ Repair the simple cases for msg_controllen where it should just be
+ CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
+ of alignment; ok kettenis hshoexer
+ - djm at cvs.openbsd.org 2008/03/23 12:54:01
+ [sftp-client.c]
+ prefer POSIX-style file renaming over filexfer rename behaviour if the
+ server supports the posix-rename at openssh.com extension.
+ Note that the old (filexfer) behaviour would refuse to clobber an
+ existing file. Users who depended on this should adjust their sftp(1)
+ usage.
+ ok deraadt@ markus@
+ - deraadt at cvs.openbsd.org 2008/03/24 16:11:07
+ [monitor_fdpass.c]
+ msg_controllen has to be CMSG_SPACE so that the kernel can account for
+ each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
+ works now that kernel fd passing has been fixed to accept a bit of
+ sloppiness because of this ABI repair.
+ lots of discussion with kettenis
+ - djm at cvs.openbsd.org 2008/03/25 11:58:02
+ [session.c sshd_config.5]
+ ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
+ from dtucker@ ok deraadt@ djm@
+ - djm at cvs.openbsd.org 2008/03/25 23:01:41
+ [session.c]
+ last patch had backwards test; spotted by termim AT gmail.com
+ - djm at cvs.openbsd.org 2008/03/26 21:28:14
+ [auth-options.c auth-options.h session.c sshd.8]
+ add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
+ - djm at cvs.openbsd.org 2008/03/27 00:16:49
+ [version.h]
+ openssh-4.9
+ - djm at cvs.openbsd.org 2008/03/24 21:46:54
+ [regress/sftp-badcmds.sh]
+ disable no-replace rename test now that we prefer a POSIX rename; spotted
+ by dkrause@
+ - (djm) [configure.ac] fix alignment of --without-stackprotect description
+ - (djm) [configure.ac] --with-selinux too
+ - (djm) [regress/Makefile] cleanup PuTTY interop test droppings
+ - (djm) [README] Update link to release notes
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
+ - (djm) Release 4.9p1
+
+20080315
+ - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
+ empty; report and patch from Peter Stuge
+ - (djm) [regress/test-exec.sh] Silence noise from detection of putty
+ commands; report from Peter Stuge
+ - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing
+ crashes when used with ChrootDirectory
+
+20080314
+ - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported by
+ vinschen at redhat.com. Add () to put echo commands in subshell for lls test
+ I mistakenly left out of last commit.
+ - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan at
+ nas.nasa.gov
+
+20080313
+ - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to
+ self: make changes to Makefile.in next time, not the generated Makefile).
+ - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and
+ puttygen(1) by $PATH
+ - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch
+ by vinschen at redhat.com.
+ - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixes
+ from vinschen at redhat.com and imorgan at nas.nasa.gov
+
+20080312
+ - (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2007/10/29 06:57:13
+ [regress/Makefile regress/localcommand.sh]
+ Add simple regress test for LocalCommand; ok djm@
+ - jmc at cvs.openbsd.org 2007/11/25 15:35:09
+ [regress/agent-getpeereid.sh regress/agent.sh]
+ more existant -> existent, from Martynas Venckus;
+ pfctl changes: ok henning
+ ssh changes: ok deraadt
+ - djm at cvs.openbsd.org 2007/12/12 05:04:03
+ [regress/sftp-cmds.sh]
+ unbreak lls command and add a regress test that would have caught the
+ breakage; spotted by mouring@
+ NB. sftp code change already committed.
+ - djm at cvs.openbsd.org 2007/12/21 04:13:53
+ [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
+ [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
+ basic (crypto, kex and transfer) interop regression tests against putty
+ To run these, install putty and run "make interop-tests" from the build
+ directory - the tests aren't run by default yet.
+
+20080311
+ - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
+ pam_open_session and pam_close_session into the privsep monitor, which
+ will ensure that pam_session_close is called as root. Patch from Tomas
+ Mraz.
+
+20080309
+ - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
+ always work for all platforms and versions, so test what we can and
+ add a configure flag to turn it of if needed. ok djm@
+ - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
+ implementation. It's not needed to fix bug #1081 and breaks the build
+ on some AIX configurations.
+ - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform's
+ equivalent of LLONG_MAX for the compat regression tests, which makes them
+ run on AIX and HP-UX. Patch from David Leonard.
+ - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
+ platforms where gcc understands the option but it's not supported (and
+ thus generates a warning).
+
+20080307
+ - (djm) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2008/02/11 07:58:28
+ [ssh.1 sshd.8 sshd_config.5]
+ bump Mdocdate for pages committed in "febuary", necessary because
+ of a typo in rcs.c;
+ - djm at cvs.openbsd.org 2008/02/13 22:38:17
+ [servconf.h session.c sshd.c]
+ rekey arc4random and OpenSSL RNG in postauth child
+ closefrom fds > 2 before shell/command execution
+ ok markus@
+ - mbalmer at cvs.openbsd.org 2008/02/14 13:10:31
+ [sshd.c]
+ When started in configuration test mode (-t) do not check that sshd is
+ being started with an absolute path.
+ ok djm
+ - markus at cvs.openbsd.org 2008/02/20 15:25:26
+ [session.c]
+ correct boolean encoding for coredump; der Mouse via dugsong
+ - djm at cvs.openbsd.org 2008/02/22 05:58:56
+ [session.c]
+ closefrom() call was too early, delay it until just before we execute
+ the user's rc files (if any).
+ - dtucker at cvs.openbsd.org 2008/02/22 20:44:02
+ [clientloop.c packet.c packet.h serverloop.c]
+ Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
+ keepalive timer (bz #1307). ok markus@
+ - djm at cvs.openbsd.org 2008/02/27 20:21:15
+ [sftp-server.c]
+ add an extension method "posix-rename at openssh.com" to perform POSIX atomic
+ rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
+ ok dtucker@ markus@
+ - deraadt at cvs.openbsd.org 2008/03/02 18:19:35
+ [monitor_fdpass.c]
+ use a union to ensure alignment of the cmsg (pay attention: various other
+ parts of the tree need this treatment too); ok djm
+ - deraadt at cvs.openbsd.org 2008/03/04 21:15:42
+ [version.h]
+ crank version; from djm
+ - (tim) [regress/sftp-glob.sh] Shell portability fix.
+
+20080302
+ - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect
+ either, so use our own.
+
+20080229
+ - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in
+ configure (and there's not much point, as openssh won't work without it)
+ so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
+ built in. Remove HAVE_SELECT so we can build on platforms without poll.
+ - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H.
+ - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. From
+ Debian patch via bernd AT openbsd.org
+
+20080228
+ - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes
+ linking problems on AIX with gcc 4.1.x.
+ - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
+ openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
+ header to after OpenSSL headers, since some versions of OpenSSL have
+ SSLeay_add_all_algorithms as a macro already.
+ - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL
+ compat glue into openssl-compat.h.
+ - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
+ getgrouplist via getgrset on AIX, rather than iterating over getgrent.
+ This allows, eg, Match and AllowGroups directives to work with NIS and
+ LDAP groups.
+ - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use the
+ same SyslogFacility as the rest of sshd. Patch from William Knox,
+ ok djm at .
+
+20080225
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
+ since it now conflicts with the helper function in misc.c. From
+ vinschen AT redhat.com.
+ - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
+ of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).
+ Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
+ - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffle
+ headers so ./configure --with-ssl-engine actually works. Patch from
+ Ian Lister.
+
+20080224
+ - (tim) [contrib/cygwin/ssh-host-config]
+ Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
+ Check more thoroughly that it's possible to create the /var/empty directory.
+ Patch by vinschen AT redhat.com
+
+20080210
+ - OpenBSD CVS Sync
+ - chl at cvs.openbsd.org 2008/01/11 07:22:28
+ [sftp-client.c sftp-client.h]
+ disable unused functions
+ initially from tobias@, but disabled them by placing them in
+ "#ifdef notyet" which was asked by djm@
+ ok djm@ tobias@
+ - djm at cvs.openbsd.org 2008/01/19 19:13:28
+ [ssh.1]
+ satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
+ some commandline parsing warnings go unconditionally to stdout).
+ - djm at cvs.openbsd.org 2008/01/19 20:48:53
+ [clientloop.c]
+ fd leak on session multiplexing error path. Report and patch from
+ gregory_shively AT fanniemae.com
+ - djm at cvs.openbsd.org 2008/01/19 20:51:26
+ [ssh.c]
+ ignore SIGPIPE in multiplex client mode - we can receive this if the
+ server runs out of fds on us midway. Report and patch from
+ gregory_shively AT fanniemae.com
+ - djm at cvs.openbsd.org 2008/01/19 22:04:57
+ [sftp-client.c]
+ fix remote handle leak in do_download() local file open error path;
+ report and fix from sworley AT chkno.net
+ - djm at cvs.openbsd.org 2008/01/19 22:22:58
+ [ssh-keygen.c]
+ when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
+ hash just the specified hostname and not the entire hostspec from the
+ keyfile. It may be of the form "hostname,ipaddr", which would lead to
+ a hash that never matches. report and fix from jp AT devnull.cz
+ - djm at cvs.openbsd.org 2008/01/19 22:37:19
+ [ssh-keygen.c]
+ unbreak line numbering (broken in revision 1.164), fix error message
+ - djm at cvs.openbsd.org 2008/01/19 23:02:40
+ [channels.c]
+ When we added support for specified bind addresses for port forwards, we
+ added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
+ this for -L port forwards that causes the client to listen on both v4
+ and v6 addresses when connected to a server with this quirk, despite
+ having set 0.0.0.0 as a bind_address.
+ report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
+ - djm at cvs.openbsd.org 2008/01/19 23:09:49
+ [readconf.c readconf.h sshconnect2.c]
+ promote rekeylimit to a int64 so it can hold the maximum useful limit
+ of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
+ - djm at cvs.openbsd.org 2008/01/20 00:38:30
+ [sftp.c]
+ When uploading, correctly handle the case of an unquoted filename with
+ glob metacharacters that match a file exactly but not as a glob, e.g. a
+ file called "[abcd]". report and test cases from duncan2nd AT gmx.de
+ - djm at cvs.openbsd.org 2008/01/21 17:24:30
+ [sftp-server.c]
+ Remove the fixed 100 handle limit in sftp-server and allocate as many
+ as we have available file descriptors. Patch from miklos AT szeredi.hu;
+ ok dtucker@ markus@
+ - djm at cvs.openbsd.org 2008/01/21 19:20:17
+ [sftp-client.c]
+ when a remote write error occurs during an upload, ensure that ACKs for
+ all issued requests are properly drained. patch from t8m AT centrum.cz
+ - dtucker at cvs.openbsd.org 2008/01/23 01:56:54
+ [clientloop.c packet.c serverloop.c]
+ Revert the change for bz #1307 as it causes connection aborts if an IGNORE
+ packet arrives while we're waiting in packet_read_expect (and possibly
+ elsewhere).
+ - jmc at cvs.openbsd.org 2008/01/31 20:06:50
+ [scp.1]
+ explain how to handle local file names containing colons;
+ requested by Tamas TEVESZ
+ ok dtucker
+ - markus at cvs.openbsd.org 2008/02/04 21:53:00
+ [session.c sftp-server.c sftp.h]
+ link sftp-server into sshd; feedback and ok djm@
+ - mcbride at cvs.openbsd.org 2008/02/09 12:15:43
+ [ssh.1 sshd.8]
+ Document the correct permissions for the ~/.ssh/ directory.
+ ok jmc
+ - djm at cvs.openbsd.org 2008/02/10 09:55:37
+ [sshd_config.5]
+ mantion that "internal-sftp" is useful with ForceCommand too
+ - djm at cvs.openbsd.org 2008/02/10 10:54:29
+ [servconf.c session.c]
+ delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
+ home, rather than the user who starts sshd (probably root)
+
+20080119
+ - (djm) Silence noice from expr in ssh-copy-id; patch from
+ mikel AT mikelward.com
+ - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from
+ tsr2600 AT gmail.com
+
+20080102
+ - (dtucker) [configure.ac] Fix message for -fstack-protector-all test.
+
+20080101
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2007/12/31 10:41:31
+ [readconf.c servconf.c]
+ Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch
+ from Dmitry V. Levin, ok djm@
+ - dtucker at cvs.openbsd.org 2007/12/31 15:27:04
+ [sshd.c]
+ When in inetd mode, have sshd generate a Protocol 1 ephemeral server
+ key only for connections where the client chooses Protocol 1 as opposed
+ to when it's enabled in the server's config. Speeds up Protocol 2
+ connections to inetd-mode servers that also allow Protocol 1. bz #440,
+ based on a patch from bruno at wolff.to, ok markus@
+ - dtucker at cvs.openbsd.org 2008/01/01 08:47:04
+ [misc.c]
+ spaces -> tabs from my previous commit
+ - dtucker at cvs.openbsd.org 2008/01/01 09:06:39
+ [scp.c]
+ If scp -p encounters a pre-epoch timestamp, use the epoch which is
+ as close as we can get given that it's used unsigned. Add a little
+ debugging while there. bz #828, ok djm@
+ - dtucker at cvs.openbsd.org 2008/01/01 09:27:33
+ [sshd_config.5 servconf.c]
+ Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
+ only from the local network. ok markus@, man page bit ok jmc@
+ - dtucker at cvs.openbsd.org 2008/01/01 08:51:20
+ [moduli]
+ Updated moduli file; ok djm@
+
+20071231
+ - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of
+ builtin glob implementation on Mac OS X. Based on a patch from
+ vgiffin at apple.
+
+20071229
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2007/12/12 05:04:03
+ [sftp.c]
+ unbreak lls command and add a regress test that would have caught the
+ breakage; spotted by mouring@
+ - dtucker at cvs.openbsd.org 2007/12/27 14:22:08
+ [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
+ sshd.c]
+ Add a small helper function to consistently handle the EAI_SYSTEM error
+ code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
+ ok markus@ stevesk@
+ - dtucker at cvs.openbsd.org 2007/12/28 15:32:24
+ [clientloop.c serverloop.c packet.c]
+ Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
+ ServerAlive and ClientAlive timers. Prevents dropping a connection
+ when these are enabled but the peer does not support our keepalives.
+ bz #1307, ok djm at .
+ - dtucker at cvs.openbsd.org 2007/12/28 22:34:47
+ [clientloop.c]
+ Use the correct packet maximum sizes for remote port and agent forwarding.
+ Prevents the server from killing the connection if too much data is queued
+ and an excessively large packet gets sent. bz #1360, ok djm at .
+
+20071202
+ - (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
+ gcc supports it. ok djm@
+ - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove
+ leftover debug code.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2007/10/29 00:52:45
+ [auth2-gss.c]
+ Allow build without -DGSSAPI; ok deraadt@
+ (Id sync only, Portable already has the ifdefs)
+ - dtucker at cvs.openbsd.org 2007/10/29 01:55:04
+ [ssh.c]
+ Plug tiny mem leaks in ControlPath and ProxyCommand option processing;
+ ok djm@
+ - dtucker at cvs.openbsd.org 2007/10/29 04:08:08
+ [monitor_wrap.c monitor.c]
+ Send config block back to slave for invalid users too so options
+ set by a Match block (eg Banner) behave the same for non-existent
+ users. Found by and ok djm@
+ - dtucker at cvs.openbsd.org 2007/10/29 06:51:59
+ [ssh_config.5]
+ ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
+ - dtucker at cvs.openbsd.org 2007/10/29 06:54:50
+ [ssh.c]
+ Make LocalCommand work for Protocol 1 too; ok djm@
+ - jmc at cvs.openbsd.org 2007/10/29 07:48:19
+ [ssh_config.5]
+ clean up after previous macro removal;
+ - djm at cvs.openbsd.org 2007/11/03 00:36:14
+ [clientloop.c]
+ fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
+ ok dtucker@
+ - deraadt at cvs.openbsd.org 2007/11/03 01:24:06
+ [ssh.c]
+ bz #1377: getpwuid results were being clobbered by another getpw* call
+ inside tilde_expand_filename(); save the data we need carefully
+ ok djm
+ - dtucker at cvs.openbsd.org 2007/11/03 02:00:32
+ [ssh.c]
+ Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
+ - deraadt at cvs.openbsd.org 2007/11/03 02:03:49
+ [ssh.c]
+ avoid errno trashing in signal handler; ok dtucker
+
+20071030
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2007/10/29 23:49:41
+ [openbsd-compat/sys-tree.h]
+ remove extra backslash at the end of RB_PROTOTYPE, report from
+ Jan.Pechanec AT Sun.COM; ok deraadt@
+
+20071026
+ - (djm) OpenBSD CVS Sync
+ - stevesk at cvs.openbsd.org 2007/09/11 23:49:09
+ [sshpty.c]
+ remove #if defined block not needed; ok markus@ dtucker@
+ (NB. RCD ID sync only for portable)
+ - djm at cvs.openbsd.org 2007/09/21 03:05:23
+ [ssh_config.5]
+ document KbdInteractiveAuthentication in ssh_config.5;
+ patch from dkg AT fifthhorseman.net
+ - djm at cvs.openbsd.org 2007/09/21 08:15:29
+ [auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
+ [monitor.c monitor_wrap.c]
+ unifdef -DBSD_AUTH
+ unifdef -USKEY
+ These options have been in use for some years;
+ ok markus@ "no objection" millert@
+ (NB. RCD ID sync only for portable)
+ - canacar at cvs.openbsd.org 2007/09/25 23:48:57
+ [ssh-agent.c]
+ When adding a key that already exists, update the properties
+ (time, confirm, comment) instead of discarding them. ok djm@ markus@
+ - ray at cvs.openbsd.org 2007/09/27 00:15:57
+ [dh.c]
+ Don't return -1 on error in dh_pub_is_valid(), since it evaluates
+ to true.
+ Also fix a typo.
+ Initial diff from Matthew Dempsky, input from djm.
+ OK djm, markus.
+ - dtucker at cvs.openbsd.org 2007/09/29 00:25:51
+ [auth2.c]
+ Remove unused prototype. ok djm@
+ - chl at cvs.openbsd.org 2007/10/02 17:49:58
+ [ssh-keygen.c]
+ handles zero-sized strings that fgets can return
+ properly removes trailing newline
+ removes an unused variable
+ correctly counts line number
+ "looks ok" ray@ markus@
+ - markus at cvs.openbsd.org 2007/10/22 19:10:24
+ [readconf.c]
+ make sure that both the local and remote port are correct when
+ parsing -L; Jan Pechanec (bz #1378)
+ - djm at cvs.openbsd.org 2007/10/24 03:30:02
+ [sftp.c]
+ rework argument splitting and parsing to cope correctly with common
+ shell escapes and make handling of escaped characters consistent
+ with sh(1) and between sftp commands (especially between ones that
+ glob their arguments and ones that don't).
+ parse command flags using getopt(3) rather than hand-rolled parsers.
+ ok dtucker@
+ - djm at cvs.openbsd.org 2007/10/24 03:44:02
+ [scp.c]
+ factor out network read/write into an atomicio()-like function, and
+ use it to handle short reads, apply bandwidth limits and update
+ counters. make network IO non-blocking, so a small trickle of
+ reads/writes has a chance of updating the progress meter; bz #799
+ ok dtucker@
+ - djm at cvs.openbsd.org 2006/08/29 09:44:00
+ [regress/sftp-cmds.sh]
+ clean up our mess
+ - markus at cvs.openbsd.org 2006/11/06 09:27:43
+ [regress/cfgmatch.sh]
+ fix quoting for non-(c)sh login shells.
+ - dtucker at cvs.openbsd.org 2006/12/13 08:36:36
+ [regress/cfgmatch.sh]
+ Additional test for multiple PermitOpen entries. ok djm@
+ - pvalchev at cvs.openbsd.org 2007/06/07 19:41:46
+ [regress/cipher-speed.sh regress/try-ciphers.sh]
+ test umac-64 at openssh.com
+ ok djm@
+ - djm at cvs.openbsd.org 2007/10/24 03:32:35
+ [regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh]
+ comprehensive tests for sftp escaping its interaction with globbing;
+ ok dtucker@
+ - djm at cvs.openbsd.org 2007/10/26 05:30:01
+ [regress/sftp-glob.sh regress/test-exec.sh]
+ remove "echo -E" crap that I added in last commit and use printf(1) for
+ cases where we strictly require echo not to reprocess escape characters.
+ - deraadt at cvs.openbsd.org 2005/11/28 17:50:12
+ [openbsd-compat/glob.c]
+ unused arg in internal static API
+ - jakob at cvs.openbsd.org 2007/10/11 18:36:41
+ [openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h]
+ use RRSIG instead of SIG for DNSSEC. ok djm@
+ - otto at cvs.openbsd.org 2006/10/21 09:55:03
+ [openbsd-compat/base64.c]
+ remove calls to abort(3) that can't happen anyway; from
+ <bret dot lambert at gmail.com>; ok millert@ deraadt@
+ - frantzen at cvs.openbsd.org 2004/04/24 18:11:46
+ [openbsd-compat/sys-tree.h]
+ sync to Niels Provos' version. avoid unused variable warning in
+ RB_NEXT()
+ - tdeval at cvs.openbsd.org 2004/11/24 18:10:42
+ [openbsd-compat/sys-tree.h]
+ typo
+ - grange at cvs.openbsd.org 2004/05/04 16:59:32
+ [openbsd-compat/sys-queue.h]
+ Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
+ This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
+ ok millert krw deraadt
+ - deraadt at cvs.openbsd.org 2005/02/25 13:29:30
+ [openbsd-compat/sys-queue.h]
+ minor white spacing
+ - otto at cvs.openbsd.org 2005/10/17 20:19:42
+ [openbsd-compat/sys-queue.h]
+ Performing certain operations on queue.h data structurs produced
+ funny results. An example is calling LIST_REMOVE on the same
+ element twice. This will not fail, but result in a data structure
+ referencing who knows what. Prevent these accidents by NULLing some
+ fields on remove and replace. This way, either a panic or segfault
+ will be produced on the faulty operation.
+ - otto at cvs.openbsd.org 2005/10/24 20:25:14
+ [openbsd-compat/sys-queue.h]
+ Partly backout. NOLIST, used in LISTs is probably interfering.
+ requested by deraadt@
+ - otto at cvs.openbsd.org 2005/10/25 06:37:47
+ [openbsd-compat/sys-queue.h]
+ Some uvm problem is being exposed with the more strict macros.
+ Revert until we've found out what's causing the panics.
+ - otto at cvs.openbsd.org 2005/11/25 08:06:25
+ [openbsd-compat/sys-queue.h]
+ Introduce debugging aid for queue macros. Disabled by default; but
+ developers are encouraged to run with this enabled.
+ ok krw@ fgsch@ deraadt@
+ - otto at cvs.openbsd.org 2007/04/30 18:42:34
+ [openbsd-compat/sys-queue.h]
+ Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels.
+ Input and okays from krw@, millert@, otto@, deraadt@, miod at .
+ - millert at cvs.openbsd.org 2004/10/07 16:56:11
+ GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE
+ block.
+ (NB. mostly an RCS ID sync, as portable strips out the conditionals)
+ - (djm) [regress/sftp-cmds.sh]
+ Use more restrictive glob to pick up test files from /bin - some platforms
+ ship broken symlinks there which could spoil the test.
+ - (djm) [openbsd-compat/bindresvport.c]
+ Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling
+
+20070927
+ - (dtucker) [configure.ac atomicio.c] Fall back to including <sys/poll.h> if
+ we don't have <poll.h> (eq QNX). From bacon at cs nyu edu.
+ - (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
+ so disable it for that platform. From bacon at cs nyu edu.
+
+20070921
+ - (djm) [atomicio.c] Fix spin avoidance for platforms that define
+ EWOULDBLOCK; patch from ben AT psc.edu
+
+20070917
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2007/08/23 02:49:43
+ [auth-passwd.c auth.c session.c]
+ unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
+ NB. RCS ID sync only for portable
+ - djm at cvs.openbsd.org 2007/08/23 02:55:51
+ [auth-passwd.c auth.c session.c]
+ missed include bits from last commit
+ NB. RCS ID sync only for portable
+ - djm at cvs.openbsd.org 2007/08/23 03:06:10
+ [auth.h]
+ login_cap.h doesn't belong here
+ NB. RCS ID sync only for portable
+ - djm at cvs.openbsd.org 2007/08/23 03:22:16
+ [auth2-none.c sshd_config sshd_config.5]
+ Support "Banner=none" to disable displaying of the pre-login banner;
+ ok dtucker@ deraadt@
+ - djm at cvs.openbsd.org 2007/08/23 03:23:26
+ [sshconnect.c]
+ Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
+ - djm at cvs.openbsd.org 2007/09/04 03:21:03
+ [clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
+ [monitor_wrap.c ssh.c]
+ make file descriptor passing code return an error rather than call fatal()
+ when it encounters problems, and use this to make session multiplexing
+ masters survive slaves failing to pass all stdio FDs; ok markus@
+ - djm at cvs.openbsd.org 2007/09/04 11:15:56
+ [ssh.c sshconnect.c sshconnect.h]
+ make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
+ SSH banner exchange (previously it just covered the TCP connection).
+ This allows callers of ssh(1) to better detect and deal with stuck servers
+ that accept a TCP connection but don't progress the protocol, and also
+ makes ConnectTimeout useful for connections via a ProxyCommand;
+ feedback and "looks ok" markus@
+ - sobrado at cvs.openbsd.org 2007/09/09 11:38:01
+ [ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
+ sort synopsis and options in ssh-agent(1); usage is lowercase
+ ok jmc@
+ - stevesk at cvs.openbsd.org 2007/09/11 04:36:29
+ [sshpty.c]
+ sort #include
+ NB. RCS ID sync only
+ - gilles at cvs.openbsd.org 2007/09/11 15:47:17
+ [session.c ssh-keygen.c sshlogin.c]
+ use strcspn to properly overwrite '\n' in fgets returned buffer
+ ok pyr@, ray@, millert@, moritz@, chl@
+ - stevesk at cvs.openbsd.org 2007/09/11 23:49:09
+ [sshpty.c]
+ remove #if defined block not needed; ok markus@ dtucker@
+ NB. RCS ID sync only
+ - stevesk at cvs.openbsd.org 2007/09/12 19:39:19
+ [umac.c]
+ use xmalloc() and xfree(); ok markus@ pvalchev@
+ - djm at cvs.openbsd.org 2007/09/13 04:39:04
+ [sftp-server.c]
+ fix incorrect test when setting syslog facility; from Jan Pechanec
+ - djm at cvs.openbsd.org 2007/09/16 00:55:52
+ [sftp-client.c]
+ use off_t instead of u_int64_t for file offsets, matching what the
+ progressmeter code expects; bz #842
+ - (tim) [defines.h] Fix regression in long password support on OpenServer 6.
+ Problem report and additional testing rac AT tenzing.org.
+
+20070914
+ - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
+ Patch from Jan.Pechanec at sun com.
+
+20070910
+ - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358: Always
+ return 0 on successful test. From David.Leonard at quest com.
+ - (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
+ did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
+
20070817
- (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
accounts and that's what the code looks for, so make man page and code
@@ -3184,4 +4710,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4738.2.1 2007/09/04 06:49:09 djm Exp $
+$Id: ChangeLog,v 1.5095 2008/07/21 08:22:25 djm Exp $
Modified: trunk/ChangeLog.gssapi
===================================================================
--- trunk/ChangeLog.gssapi 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ChangeLog.gssapi 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,3 +1,9 @@
+20080404
+ - [ gss-serv.c ]
+ Add code to actually implement GSSAPIStrictAcceptCheck, which had somehow
+ been omitted from a previous version of this patch. Reported by Borislav
+ Stoichkov
+
20070317
- [ gss-serv-krb5.c ]
Remove C99ism, where new_ccname was being declared in the middle of a
Modified: trunk/Makefile.in
===================================================================
--- trunk/Makefile.in 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/Makefile.in 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.285 2007/06/11 04:01:42 djm Exp $
+# $Id: Makefile.in,v 1.297 2008/07/08 14:21:12 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -69,14 +69,14 @@
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
- readpass.o rsa.o ttymodes.o xmalloc.o \
+ readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
entropy.o scard-opensc.o gss-genr.o umac.o kexgssc.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
- sshconnect.o sshconnect1.o sshconnect2.o
+ sshconnect.o sshconnect1.o sshconnect2.o mux.o
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
sshpty.o sshlogin.o servconf.o serverloop.o \
@@ -88,10 +88,10 @@
auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
- audit.o audit-bsm.o platform.o
+ audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o
-MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
+MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
+MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -108,6 +108,7 @@
-e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
+ -e 's|/etc/moduli|$(sysconfdir)/moduli|g' \
-e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
-e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \
-e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
@@ -158,8 +159,8 @@
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
-sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
- $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
+ $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
@@ -276,6 +277,7 @@
$(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
$(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
$(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
+ $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
$(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
$(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
@@ -286,7 +288,7 @@
$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
- #$(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
+ $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
-rm -f $(DESTDIR)$(bindir)/slogin
ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
@@ -388,7 +390,7 @@
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-tests: $(TARGETS)
+tests interop-tests: $(TARGETS)
BUILDDIR=`pwd`; \
[ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \
[ -f `pwd`/regress/Makefile ] || \
@@ -402,6 +404,10 @@
TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
+ TEST_SSH_PLINK="plink"; \
+ TEST_SSH_PUTTYGEN="puttygen"; \
+ TEST_SSH_CONCH="conch"; \
+ TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
cd $(srcdir)/regress || exit $$?; \
$(MAKE) \
.OBJDIR="$${BUILDDIR}/regress" \
@@ -418,8 +424,12 @@
TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
+ TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \
+ TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \
+ TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
+ TEST_SSH_IPV6="@TEST_SSH_IPV6@" \
EXEEXT="$(EXEEXT)" \
- $@
+ $@ && echo all tests passed
compat-tests: $(LIBCOMPAT)
(cd openbsd-compat/regress && $(MAKE))
Modified: trunk/README
===================================================================
--- trunk/README 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/README 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-4.7 for the release notes.
+See http://www.openssh.com/txt/release-5.1 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
-$Id: README,v 1.66 2007/08/15 09:22:20 dtucker Exp $
+$Id: README,v 1.69 2008/07/21 08:21:52 djm Exp $
Modified: trunk/atomicio.c
===================================================================
--- trunk/atomicio.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/atomicio.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -34,6 +34,10 @@
#include <errno.h>
#ifdef HAVE_POLL_H
#include <poll.h>
+#else
+# ifdef HAVE_SYS_POLL_H
+# include <sys/poll.h>
+# endif
#endif
#include <string.h>
#include <unistd.h>
@@ -57,13 +61,9 @@
res = (f) (fd, s + pos, n - pos);
switch (res) {
case -1:
-#ifdef EWOULDBLOCK
- if (errno == EINTR || errno == EWOULDBLOCK)
-#else
if (errno == EINTR)
-#endif
continue;
- if (errno == EAGAIN) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
(void)poll(&pfd, 1, -1);
continue;
}
@@ -97,20 +97,20 @@
/* Make a copy of the iov array because we may modify it below */
memcpy(iov, _iov, iovcnt * sizeof(*_iov));
+#ifndef BROKEN_READV_COMPARISON
pfd.fd = fd;
pfd.events = f == readv ? POLLIN : POLLOUT;
+#endif
for (; iovcnt > 0 && iov[0].iov_len > 0;) {
res = (f) (fd, iov, iovcnt);
switch (res) {
case -1:
-#ifdef EWOULDBLOCK
- if (errno == EINTR || errno == EWOULDBLOCK)
-#else
if (errno == EINTR)
-#endif
continue;
- if (errno == EAGAIN) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+#ifndef BROKEN_READV_COMPARISON
(void)poll(&pfd, 1, -1);
+#endif
continue;
}
return 0;
Modified: trunk/audit-bsm.c
===================================================================
--- trunk/audit-bsm.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/audit-bsm.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */
+/* $Id: audit-bsm.c,v 1.6 2008/02/25 10:05:04 dtucker Exp $ */
/*
* TODO
@@ -40,7 +40,9 @@
#include <sys/types.h>
#include <errno.h>
+#include <netdb.h>
#include <stdarg.h>
+#include <string.h>
#include <unistd.h>
#include "ssh.h"
@@ -62,8 +64,6 @@
#if defined(HAVE_GETAUDIT_ADDR)
#define AuditInfoStruct auditinfo_addr
#define AuditInfoTermID au_tid_addr_t
-#define GetAuditFunc(a,b) getaudit_addr((a),(b))
-#define GetAuditFuncText "getaudit_addr"
#define SetAuditFunc(a,b) setaudit_addr((a),(b))
#define SetAuditFuncText "setaudit_addr"
#define AUToSubjectFunc au_to_subject_ex
@@ -71,18 +71,16 @@
#else
#define AuditInfoStruct auditinfo
#define AuditInfoTermID au_tid_t
-#define GetAuditFunc(a,b) getaudit(a)
-#define GetAuditFuncText "getaudit"
#define SetAuditFunc(a,b) setaudit(a)
#define SetAuditFuncText "setaudit"
#define AUToSubjectFunc au_to_subject
#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
#endif
+#ifndef cannot_audit
extern int cannot_audit(int);
+#endif
extern void aug_init(void);
-extern dev_t aug_get_port(void);
-extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
extern void aug_save_auid(au_id_t);
extern void aug_save_uid(uid_t);
extern void aug_save_euid(uid_t);
@@ -119,6 +117,51 @@
/* Below is the low-level BSM interface code */
/*
+ * aug_get_machine is only required on IPv6 capable machines, we use a
+ * different mechanism in audit_connection_from() for IPv4-only machines.
+ * getaudit_addr() is only present on IPv6 capable machines.
+ */
+#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
+extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
+#else
+static int
+aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
+{
+ struct addrinfo *ai;
+ struct sockaddr_in *in4;
+ struct sockaddr_in6 *in6;
+ int ret = 0, r;
+
+ if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
+ error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
+ r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
+ return -1;
+ }
+
+ switch (ai->ai_family) {
+ case AF_INET:
+ in4 = (struct sockaddr_in *)ai->ai_addr;
+ *type = AU_IPv4;
+ memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
+ break;
+#ifdef AU_IPv6
+ case AF_INET6:
+ in6 = (struct sockaddr_in6 *)ai->ai_addr;
+ *type = AU_IPv6;
+ memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
+ break;
+#endif
+ default:
+ error("BSM audit: unknown address family for %.100s: %d",
+ host, ai->ai_family);
+ ret = -1;
+ }
+ freeaddrinfo(ai);
+ return ret;
+}
+#endif
+
+/*
* Check if the specified event is selected (enabled) for auditing.
* Returns 1 if the event is selected, 0 if not and -1 on failure.
*/
Modified: trunk/auth-bsdauth.c
===================================================================
--- trunk/auth-bsdauth.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth-bsdauth.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-bsdauth.c,v 1.10 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-bsdauth.c,v 1.11 2007/09/21 08:15:29 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
Modified: trunk/auth-options.c
===================================================================
--- trunk/auth-options.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth-options.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-options.c,v 1.43 2008/06/10 23:06:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <stdarg.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "match.h"
#include "log.h"
@@ -225,9 +226,20 @@
}
patterns[i] = '\0';
opts++;
- if (match_host_and_ip(remote_host, remote_ip,
- patterns) != 1) {
+ switch (match_host_and_ip(remote_host, remote_ip,
+ patterns)) {
+ case 1:
xfree(patterns);
+ /* Host name matches. */
+ goto next_option;
+ case -1:
+ debug("%.100s, line %lu: invalid criteria",
+ file, linenum);
+ auth_debug_add("%.100s, line %lu: "
+ "invalid criteria", file, linenum);
+ /* FALLTHROUGH */
+ case 0:
+ xfree(patterns);
logit("Authentication tried for %.100s with "
"correct key but not from a permitted "
"host (host=%.200s, ip=%.200s).",
@@ -235,12 +247,10 @@
auth_debug_add("Your host '%.200s' is not "
"permitted to use this key for login.",
remote_host);
- /* deny access */
- return 0;
+ break;
}
- xfree(patterns);
- /* Host name matches. */
- goto next_option;
+ /* deny access */
+ return 0;
}
cp = "permitopen=\"";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
Modified: trunk/auth-options.h
===================================================================
--- trunk/auth-options.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth-options.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-options.h,v 1.17 2008/03/26 21:28:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
Modified: trunk/auth-pam.c
===================================================================
--- trunk/auth-pam.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth-pam.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -598,15 +598,17 @@
void
sshpam_cleanup(void)
{
+ if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
+ return;
debug("PAM: cleanup");
- if (sshpam_handle == NULL)
- return;
pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
if (sshpam_cred_established) {
+ debug("PAM: deleting credentials");
pam_setcred(sshpam_handle, PAM_DELETE_CRED);
sshpam_cred_established = 0;
}
if (sshpam_session_open) {
+ debug("PAM: closing session");
pam_close_session(sshpam_handle, PAM_SILENT);
sshpam_session_open = 0;
}
Modified: trunk/auth-passwd.c
===================================================================
--- trunk/auth-passwd.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth-passwd.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-passwd.c,v 1.40 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-passwd.c,v 1.43 2007/09/21 08:15:29 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
Modified: trunk/auth-rhosts.c
===================================================================
--- trunk/auth-rhosts.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth-rhosts.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.41 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.43 2008/06/13 14:18:51 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -26,6 +26,8 @@
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
+#include <fcntl.h>
+#include <unistd.h>
#include "packet.h"
#include "buffer.h"
@@ -37,6 +39,7 @@
#include "key.h"
#include "hostfile.h"
#include "auth.h"
+#include "misc.h"
/* import */
extern ServerOptions options;
@@ -55,12 +58,27 @@
{
FILE *f;
char buf[1024]; /* Must not be larger than host, user, dummy below. */
+ int fd;
+ struct stat st;
/* Open the .rhosts file, deny if unreadable */
- f = fopen(filename, "r");
- if (!f)
+ if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1)
return 0;
-
+ if (fstat(fd, &st) == -1) {
+ close(fd);
+ return 0;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ logit("User %s hosts file %s is not a regular file",
+ server_user, filename);
+ close(fd);
+ return 0;
+ }
+ unset_nonblock(fd);
+ if ((f = fdopen(fd, "r")) == NULL) {
+ close(fd);
+ return 0;
+ }
while (fgets(buf, sizeof(buf), f)) {
/* All three must be at least as big as buf to avoid overflows. */
char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp;
Modified: trunk/auth-rsa.c
===================================================================
--- trunk/auth-rsa.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth-rsa.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.72 2006/11/06 21:25:27 markus Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.73 2008/07/02 12:03:51 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -173,7 +173,6 @@
u_int bits;
FILE *f;
u_long linenum = 0;
- struct stat st;
Key *key;
/* Temporarily use the user's uid. */
@@ -182,27 +181,9 @@
/* The authorized keys. */
file = authorized_keys_file(pw);
debug("trying public RSA key file %s", file);
-
- /* Fail quietly if file does not exist */
- if (stat(file, &st) < 0) {
- /* Restore the privileged uid. */
- restore_uid();
- xfree(file);
- return (0);
- }
- /* Open the file containing the authorized keys. */
- f = fopen(file, "r");
+ f = auth_openkeyfile(file, pw, options.strict_modes);
if (!f) {
- /* Restore the privileged uid. */
- restore_uid();
xfree(file);
- return (0);
- }
- if (options.strict_modes &&
- secure_filename(f, file, pw, line, sizeof(line)) != 0) {
- xfree(file);
- fclose(f);
- logit("Authentication refused: %s", line);
restore_uid();
return (0);
}
Modified: trunk/auth-sia.c
===================================================================
--- trunk/auth-sia.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth-sia.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -34,6 +34,10 @@
#include <unistd.h>
#include <stdarg.h>
#include <string.h>
+#include <sys/types.h>
+#include <sys/security.h>
+#include <prot.h>
+#include <time.h>
#include "ssh.h"
#include "key.h"
@@ -49,6 +53,52 @@
extern int saved_argc;
extern char **saved_argv;
+static int
+sia_password_change_required(const char *user)
+{
+ struct es_passwd *acct;
+ time_t pw_life;
+ time_t pw_date;
+
+ set_auth_parameters(saved_argc, saved_argv);
+
+ if ((acct = getespwnam(user)) == NULL) {
+ error("Couldn't access protected database entry for %s", user);
+ endprpwent();
+ return (0);
+ }
+
+ /* If forced password change flag is set, honor it */
+ if (acct->uflg->fg_psw_chg_reqd && acct->ufld->fd_psw_chg_reqd) {
+ endprpwent();
+ return (1);
+ }
+
+ /* Obtain password lifetime; if none, it can't have expired */
+ if (acct->uflg->fg_expire)
+ pw_life = acct->ufld->fd_expire;
+ else if (acct->sflg->fg_expire)
+ pw_life = acct->sfld->fd_expire;
+ else {
+ endprpwent();
+ return (0);
+ }
+
+ /* Offset from last change; if none, it must be expired */
+ if (acct->uflg->fg_schange)
+ pw_date = acct->ufld->fd_schange + pw_life;
+ else {
+ endprpwent();
+ return (1);
+ }
+
+ endprpwent();
+
+ /* If expiration date is prior to now, change password */
+
+ return (pw_date <= time((time_t *) NULL));
+}
+
int
sys_auth_passwd(Authctxt *authctxt, const char *pass)
{
@@ -76,6 +126,9 @@
sia_ses_release(&ent);
+ authctxt->force_pwchange = sia_password_change_required(
+ authctxt->user);
+
return (1);
}
Modified: trunk/auth.c
===================================================================
--- trunk/auth.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.75 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth.c,v 1.79 2008/07/02 12:03:51 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -32,6 +32,7 @@
#include <netinet/in.h>
#include <errno.h>
+#include <fcntl.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
@@ -48,6 +49,7 @@
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
+#include <unistd.h>
#include "xmalloc.h"
#include "match.h"
@@ -114,6 +116,7 @@
#endif /* USE_SHADOW */
/* grab passwd field for locked account check */
+ passwd = pw->pw_passwd;
#ifdef USE_SHADOW
if (spw != NULL)
#ifdef USE_LIBIAF
@@ -121,8 +124,6 @@
#else
passwd = spw->sp_pwdp;
#endif /* USE_LIBIAF */
-#else
- passwd = pw->pw_passwd;
#endif
/* check for locked account */
@@ -443,7 +444,7 @@
*
* Returns 0 on success and -1 on failure
*/
-int
+static int
secure_filename(FILE *f, const char *file, struct passwd *pw,
char *err, size_t errlen)
{
@@ -503,6 +504,46 @@
return 0;
}
+FILE *
+auth_openkeyfile(const char *file, struct passwd *pw, int strict_modes)
+{
+ char line[1024];
+ struct stat st;
+ int fd;
+ FILE *f;
+
+ /*
+ * Open the file containing the authorized keys
+ * Fail quietly if file does not exist
+ */
+ if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1)
+ return NULL;
+
+ if (fstat(fd, &st) < 0) {
+ close(fd);
+ return NULL;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ logit("User %s authorized keys %s is not a regular file",
+ pw->pw_name, file);
+ close(fd);
+ return NULL;
+ }
+ unset_nonblock(fd);
+ if ((f = fdopen(fd, "r")) == NULL) {
+ close(fd);
+ return NULL;
+ }
+ if (options.strict_modes &&
+ secure_filename(f, file, pw, line, sizeof(line)) != 0) {
+ fclose(f);
+ logit("Authentication refused: %s", line);
+ return NULL;
+ }
+
+ return f;
+}
+
struct passwd *
getpwnamallow(const char *user)
{
Modified: trunk/auth.h
===================================================================
--- trunk/auth.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.58 2006/08/18 09:15:20 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.61 2008/07/02 12:03:51 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -168,8 +168,7 @@
char *authorized_keys_file(struct passwd *);
char *authorized_keys_file2(struct passwd *);
-int
-secure_filename(FILE *, const char *, struct passwd *, char *, size_t);
+FILE *auth_openkeyfile(const char *, struct passwd *, int);
HostStatus
check_key_in_hostfiles(struct passwd *, Key *, const char *,
Modified: trunk/auth1.c
===================================================================
--- trunk/auth1.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth1.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.70 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -20,6 +20,7 @@
#include <unistd.h>
#include <pwd.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "rsa.h"
#include "ssh1.h"
@@ -283,6 +284,8 @@
type != SSH_CMSG_AUTH_TIS_RESPONSE)
abandon_challenge_response(authctxt);
+ if (authctxt->failures >= options.max_authtries)
+ goto skip;
if ((meth = lookup_authmethod1(type)) == NULL) {
logit("Unknown message during authentication: "
"type %d", type);
@@ -351,7 +354,7 @@
msg[len] = '\0';
else
msg = "Access denied.";
- packet_disconnect(msg);
+ packet_disconnect("%s", msg);
}
#endif
@@ -367,7 +370,7 @@
if (authenticated)
return;
- if (authctxt->failures++ > options.max_authtries) {
+ if (++authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
Modified: trunk/auth2-chall.c
===================================================================
--- trunk/auth2-chall.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth2-chall.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.32 2007/01/03 03:01:40 stevesk Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.33 2007/09/21 08:15:29 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
Modified: trunk/auth2-gss.c
===================================================================
--- trunk/auth2-gss.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth2-gss.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
Modified: trunk/auth2-hostbased.c
===================================================================
--- trunk/auth2-hostbased.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth2-hostbased.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.11 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.12 2008/07/17 08:51:07 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -154,15 +154,16 @@
debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
chost, resolvedname, ipaddr);
+ if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
+ debug2("stripping trailing dot from chost %s", chost);
+ chost[len - 1] = '\0';
+ }
+
if (options.hostbased_uses_name_from_packet_only) {
if (auth_rhosts2(pw, cuser, chost, chost) == 0)
return 0;
lookup = chost;
} else {
- if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
- debug2("stripping trailing dot from chost %s", chost);
- chost[len - 1] = '\0';
- }
if (strcasecmp(resolvedname, chost) != 0)
logit("userauth_hostbased mismatch: "
"client sends %s, but we resolve %s to %s",
Modified: trunk/auth2-none.c
===================================================================
--- trunk/auth2-none.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth2-none.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.15 2008/07/02 12:36:39 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -31,8 +31,10 @@
#include <fcntl.h>
#include <stdarg.h>
+#include <string.h>
#include <unistd.h>
+#include "atomicio.h"
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"
@@ -41,7 +43,6 @@
#include "log.h"
#include "buffer.h"
#include "servconf.h"
-#include "atomicio.h"
#include "compat.h"
#include "ssh2.h"
#ifdef GSSAPI
@@ -55,75 +56,11 @@
/* "none" is allowed only one time */
static int none_enabled = 1;
-char *
-auth2_read_banner(void)
-{
- struct stat st;
- char *banner = NULL;
- size_t len, n;
- int fd;
-
- if ((fd = open(options.banner, O_RDONLY)) == -1)
- return (NULL);
- if (fstat(fd, &st) == -1) {
- close(fd);
- return (NULL);
- }
- if (st.st_size > 1*1024*1024) {
- close(fd);
- return (NULL);
- }
-
- len = (size_t)st.st_size; /* truncate */
- banner = xmalloc(len + 1);
- n = atomicio(read, fd, banner, len);
- close(fd);
-
- if (n != len) {
- xfree(banner);
- return (NULL);
- }
- banner[n] = '\0';
-
- return (banner);
-}
-
-void
-userauth_send_banner(const char *msg)
-{
- if (datafellows & SSH_BUG_BANNER)
- return;
-
- packet_start(SSH2_MSG_USERAUTH_BANNER);
- packet_put_cstring(msg);
- packet_put_cstring(""); /* language, unused */
- packet_send();
- debug("%s: sent", __func__);
-}
-
-static void
-userauth_banner(void)
-{
- char *banner = NULL;
-
- if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))
- return;
-
- if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
- goto done;
- userauth_send_banner(banner);
-
-done:
- if (banner)
- xfree(banner);
-}
-
static int
userauth_none(Authctxt *authctxt)
{
none_enabled = 0;
packet_check_eom();
- userauth_banner();
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw) == 0)
return (0);
Modified: trunk/auth2-pubkey.c
===================================================================
--- trunk/auth2-pubkey.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth2-pubkey.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.19 2008/07/03 21:46:58 otto Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -28,9 +28,11 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
#include <stdarg.h>
+#include <unistd.h>
#include "xmalloc.h"
#include "ssh.h"
@@ -183,7 +185,6 @@
int found_key = 0;
FILE *f;
u_long linenum = 0;
- struct stat st;
Key *found;
char *fp;
@@ -191,27 +192,12 @@
temporarily_use_uid(pw);
debug("trying public key file %s", file);
+ f = auth_openkeyfile(file, pw, options.strict_modes);
- /* Fail quietly if file does not exist */
- if (stat(file, &st) < 0) {
- /* Restore the privileged uid. */
- restore_uid();
- return 0;
- }
- /* Open the file containing the authorized keys. */
- f = fopen(file, "r");
if (!f) {
- /* Restore the privileged uid. */
restore_uid();
return 0;
}
- if (options.strict_modes &&
- secure_filename(f, file, pw, line, sizeof(line)) != 0) {
- fclose(f);
- logit("Authentication refused: %s", line);
- restore_uid();
- return 0;
- }
found_key = 0;
found = key_new(key->type);
Modified: trunk/auth2.c
===================================================================
--- trunk/auth2.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/auth2.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.115 2007/04/14 22:01:58 stevesk Exp $ */
+/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -26,12 +26,17 @@
#include "includes.h"
#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/uio.h>
+#include <fcntl.h>
#include <pwd.h>
#include <stdarg.h>
#include <string.h>
+#include <unistd.h>
#include "xmalloc.h"
+#include "atomicio.h"
#include "ssh2.h"
#include "packet.h"
#include "log.h"
@@ -89,12 +94,75 @@
/* helper */
static Authmethod *authmethod_lookup(const char *);
static char *authmethods_get(void);
-int user_key_allowed(struct passwd *, Key *);
+char *
+auth2_read_banner(void)
+{
+ struct stat st;
+ char *banner = NULL;
+ size_t len, n;
+ int fd;
+
+ if ((fd = open(options.banner, O_RDONLY)) == -1)
+ return (NULL);
+ if (fstat(fd, &st) == -1) {
+ close(fd);
+ return (NULL);
+ }
+ if (st.st_size > 1*1024*1024) {
+ close(fd);
+ return (NULL);
+ }
+
+ len = (size_t)st.st_size; /* truncate */
+ banner = xmalloc(len + 1);
+ n = atomicio(read, fd, banner, len);
+ close(fd);
+
+ if (n != len) {
+ xfree(banner);
+ return (NULL);
+ }
+ banner[n] = '\0';
+
+ return (banner);
+}
+
+void
+userauth_send_banner(const char *msg)
+{
+ if (datafellows & SSH_BUG_BANNER)
+ return;
+
+ packet_start(SSH2_MSG_USERAUTH_BANNER);
+ packet_put_cstring(msg);
+ packet_put_cstring(""); /* language, unused */
+ packet_send();
+ debug("%s: sent", __func__);
+}
+
+static void
+userauth_banner(void)
+{
+ char *banner = NULL;
+
+ if (options.banner == NULL ||
+ strcasecmp(options.banner, "none") == 0 ||
+ (datafellows & SSH_BUG_BANNER) != 0)
+ return;
+
+ if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
+ goto done;
+ userauth_send_banner(banner);
+
+done:
+ if (banner)
+ xfree(banner);
+}
+
/*
* loop until authctxt->success == TRUE
*/
-
void
do_authentication2(Authctxt *authctxt)
{
@@ -188,6 +256,7 @@
authctxt->role = role ? xstrdup(role) : NULL;
if (use_privsep)
mm_inform_authserv(service, style, role);
+ userauth_banner();
} else if (strcmp(user, authctxt->user) != 0 ||
strcmp(service, authctxt->service) != 0) {
packet_disconnect("Change of username or service not allowed: "
@@ -207,7 +276,7 @@
/* try to authenticate user */
m = authmethod_lookup(method);
- if (m != NULL) {
+ if (m != NULL && authctxt->failures < options.max_authtries) {
debug2("input_userauth_request: try method %s", method);
authenticated = m->userauth(authctxt);
}
@@ -274,9 +343,13 @@
/* now we can break out */
authctxt->success = 1;
} else {
- /* Dont count server configuration issues against the client */
- if (!authctxt->server_caused_failure &&
- authctxt->failures++ > options.max_authtries) {
+
+ /* Allow initial try of "none" auth without failure penalty */
+ /* Don't count server configuration issues against the client */
+ if (!authctxt->server_caused_failure &&
+ (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+ authctxt->failures++;
+ if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
@@ -332,3 +405,4 @@
name ? name : "NULL");
return NULL;
}
+
Modified: trunk/bufaux.c
===================================================================
--- trunk/bufaux.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/bufaux.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.44 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: bufaux.c,v 1.46 2008/06/10 23:21:34 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -180,7 +180,7 @@
return (NULL);
}
/* Append a null character to make processing easier. */
- value[len] = 0;
+ value[len] = '\0';
/* Optionally return the length of the string. */
if (length_ptr)
*length_ptr = len;
@@ -197,6 +197,22 @@
return (ret);
}
+void *
+buffer_get_string_ptr(Buffer *buffer, u_int *length_ptr)
+{
+ void *ptr;
+ u_int len;
+
+ len = buffer_get_int(buffer);
+ if (len > 256 * 1024)
+ fatal("buffer_get_string_ptr: bad string length %u", len);
+ ptr = buffer_ptr(buffer);
+ buffer_consume(buffer, len);
+ if (length_ptr)
+ *length_ptr = len;
+ return (ptr);
+}
+
/*
* Stores and arbitrary binary string in the buffer.
*/
Modified: trunk/buffer.h
===================================================================
--- trunk/buffer.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/buffer.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: buffer.h,v 1.16 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: buffer.h,v 1.17 2008/05/08 06:59:01 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -66,6 +66,7 @@
void buffer_put_char(Buffer *, int);
void *buffer_get_string(Buffer *, u_int *);
+void *buffer_get_string_ptr(Buffer *, u_int *);
void buffer_put_string(Buffer *, const void *, u_int);
void buffer_put_cstring(Buffer *, const char *);
Modified: trunk/canohost.c
===================================================================
--- trunk/canohost.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/canohost.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: canohost.c,v 1.61 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: canohost.c,v 1.63 2008/06/12 00:03:49 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -32,6 +32,7 @@
#include "packet.h"
#include "log.h"
#include "canohost.h"
+#include "misc.h"
static void check_ip_options(int, char *);
@@ -88,7 +89,7 @@
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_DGRAM; /*dummy*/
hints.ai_flags = AI_NUMERICHOST;
- if (getaddrinfo(name, "0", &hints, &ai) == 0) {
+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
name, ntop);
freeaddrinfo(ai);
@@ -271,7 +272,7 @@
if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
sizeof(ntop), NULL, 0, flags)) != 0) {
error("get_socket_address: getnameinfo %d failed: %s", flags,
- r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
+ ssh_gai_strerror(r));
return NULL;
}
return xstrdup(ntop);
@@ -372,7 +373,7 @@
if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
strport, sizeof(strport), NI_NUMERICSERV)) != 0)
fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed: %s",
- r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
+ ssh_gai_strerror(r));
return atoi(strport);
}
Modified: trunk/channels.c
===================================================================
--- trunk/channels.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/channels.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
+/* $OpenBSD: channels.c,v 1.286 2008/07/16 11:52:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -61,6 +61,7 @@
#include <unistd.h>
#include <stdarg.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
@@ -164,6 +165,10 @@
/* helper */
static void port_open_helper(Channel *c, char *rtype);
+/* non-blocking connect helpers */
+static int connect_next(struct channel_connect *);
+static void channel_connect_ctx_free(struct channel_connect *);
+
/* -- channel core */
Channel *
@@ -216,7 +221,7 @@
*/
static void
channel_register_fds(Channel *c, int rfd, int wfd, int efd,
- int extusage, int nonblock)
+ int extusage, int nonblock, int is_tty)
{
/* Update the maximum file descriptor value. */
channel_max_fd = MAX(channel_max_fd, rfd);
@@ -232,18 +237,9 @@
c->efd = efd;
c->extended_usage = extusage;
- /* XXX ugly hack: nonblock is only set by the server */
- if (nonblock && isatty(c->rfd)) {
+ if ((c->isatty = is_tty) != 0)
debug2("channel %d: rfd %d isatty", c->self, c->rfd);
- c->isatty = 1;
- if (!isatty(c->wfd)) {
- error("channel %d: wfd %d is not a tty?",
- c->self, c->wfd);
- }
- } else {
- c->isatty = 0;
- }
- c->wfd_isatty = isatty(c->wfd);
+ c->wfd_isatty = is_tty || isatty(c->wfd);
/* enable nonblocking mode */
if (nonblock) {
@@ -303,7 +299,7 @@
c->ostate = CHAN_OUTPUT_OPEN;
c->istate = CHAN_INPUT_OPEN;
c->flags = 0;
- channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
+ channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, 0);
c->self = found;
c->type = type;
c->ctype = ctype;
@@ -319,10 +315,13 @@
c->single_connection = 0;
c->detach_user = NULL;
c->detach_close = 0;
- c->confirm = NULL;
- c->confirm_ctx = NULL;
+ c->open_confirm = NULL;
+ c->open_confirm_ctx = NULL;
c->input_filter = NULL;
c->output_filter = NULL;
+ c->filter_ctx = NULL;
+ c->filter_cleanup = NULL;
+ TAILQ_INIT(&c->status_confirms);
debug("channel %d: new [%s]", found, remote_name);
return c;
}
@@ -379,6 +378,7 @@
{
char *s;
u_int i, n;
+ struct channel_confirm *cc;
for (n = 0, i = 0; i < channels_alloc; i++)
if (channels[i])
@@ -402,6 +402,15 @@
xfree(c->remote_name);
c->remote_name = NULL;
}
+ while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
+ if (cc->abandon_cb != NULL)
+ cc->abandon_cb(c, cc->ctx);
+ TAILQ_REMOVE(&c->status_confirms, cc, entry);
+ bzero(cc, sizeof(*cc));
+ xfree(cc);
+ }
+ if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
+ c->filter_cleanup(c->self, c->filter_ctx);
channels[c->self] = NULL;
xfree(c);
}
@@ -660,16 +669,33 @@
}
void
-channel_register_confirm(int id, channel_callback_fn *fn, void *ctx)
+channel_register_status_confirm(int id, channel_confirm_cb *cb,
+ channel_confirm_abandon_cb *abandon_cb, void *ctx)
{
+ struct channel_confirm *cc;
+ Channel *c;
+
+ if ((c = channel_lookup(id)) == NULL)
+ fatal("channel_register_expect: %d: bad id", id);
+
+ cc = xmalloc(sizeof(*cc));
+ cc->cb = cb;
+ cc->abandon_cb = abandon_cb;
+ cc->ctx = ctx;
+ TAILQ_INSERT_TAIL(&c->status_confirms, cc, entry);
+}
+
+void
+channel_register_open_confirm(int id, channel_callback_fn *fn, void *ctx)
+{
Channel *c = channel_lookup(id);
if (c == NULL) {
- logit("channel_register_comfirm: %d: bad id", id);
+ logit("channel_register_open_comfirm: %d: bad id", id);
return;
}
- c->confirm = fn;
- c->confirm_ctx = ctx;
+ c->open_confirm = fn;
+ c->open_confirm_ctx = ctx;
}
void
@@ -700,7 +726,7 @@
void
channel_register_filter(int id, channel_infilter_fn *ifn,
- channel_outfilter_fn *ofn)
+ channel_outfilter_fn *ofn, channel_filter_cleanup_fn *cfn, void *ctx)
{
Channel *c = channel_lookup(id);
@@ -710,17 +736,19 @@
}
c->input_filter = ifn;
c->output_filter = ofn;
+ c->filter_ctx = ctx;
+ c->filter_cleanup = cfn;
}
void
channel_set_fds(int id, int rfd, int wfd, int efd,
- int extusage, int nonblock, u_int window_max)
+ int extusage, int nonblock, int is_tty, u_int window_max)
{
Channel *c = channel_lookup(id);
if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
fatal("channel_activate for non-larval channel %d.", id);
- channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
+ channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, is_tty);
c->type = SSH_CHANNEL_OPEN;
c->local_window = c->local_window_max = window_max;
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
@@ -788,7 +816,8 @@
}
}
/** XXX check close conditions, too */
- if (compat20 && c->efd != -1) {
+ if (compat20 && c->efd != -1 &&
+ !(c->istate == CHAN_INPUT_CLOSED && c->ostate == CHAN_OUTPUT_CLOSED)) {
if (c->extended_usage == CHAN_EXTENDED_WRITE &&
buffer_len(&c->extended) > 0)
FD_SET(c->efd, writeset);
@@ -1181,7 +1210,7 @@
channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
{
Channel *nc;
- struct sockaddr addr;
+ struct sockaddr_storage addr;
int newsock;
socklen_t addrlen;
char buf[16384], *remote_ipaddr;
@@ -1190,7 +1219,7 @@
if (FD_ISSET(c->sock, readset)) {
debug("X11 connection requested.");
addrlen = sizeof(addr);
- newsock = accept(c->sock, &addr, &addrlen);
+ newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (c->single_connection) {
debug2("single_connection: closing X11 listener.");
channel_close_fd(&c->sock);
@@ -1307,7 +1336,7 @@
channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
{
Channel *nc;
- struct sockaddr addr;
+ struct sockaddr_storage addr;
int newsock, nextstate;
socklen_t addrlen;
char *rtype;
@@ -1331,7 +1360,7 @@
}
addrlen = sizeof(addr);
- newsock = accept(c->sock, &addr, &addrlen);
+ newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (newsock < 0) {
error("accept: %.100s", strerror(errno));
return;
@@ -1366,12 +1395,12 @@
{
Channel *nc;
int newsock;
- struct sockaddr addr;
+ struct sockaddr_storage addr;
socklen_t addrlen;
if (FD_ISSET(c->sock, readset)) {
addrlen = sizeof(addr);
- newsock = accept(c->sock, &addr, &addrlen);
+ newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (newsock < 0) {
error("accept from auth socket: %.100s", strerror(errno));
return;
@@ -1398,7 +1427,7 @@
static void
channel_post_connecting(Channel *c, fd_set *readset, fd_set *writeset)
{
- int err = 0;
+ int err = 0, sock;
socklen_t sz = sizeof(err);
if (FD_ISSET(c->sock, writeset)) {
@@ -1407,7 +1436,9 @@
error("getsockopt SO_ERROR failed");
}
if (err == 0) {
- debug("channel %d: connected", c->self);
+ debug("channel %d: connected to %s port %d",
+ c->self, c->connect_ctx.host, c->connect_ctx.port);
+ channel_connect_ctx_free(&c->connect_ctx);
c->type = SSH_CHANNEL_OPEN;
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
@@ -1421,8 +1452,19 @@
packet_put_int(c->self);
}
} else {
- debug("channel %d: not connected: %s",
+ debug("channel %d: connection failed: %s",
c->self, strerror(err));
+ /* Try next address, if any */
+ if ((sock = connect_next(&c->connect_ctx)) > 0) {
+ close(c->sock);
+ c->sock = c->rfd = c->wfd = sock;
+ channel_max_fd = channel_find_maxfd();
+ return;
+ }
+ /* Exhausted all addresses */
+ error("connect_to %.100s port %d: failed.",
+ c->connect_ctx.host, c->connect_ctx.port);
+ channel_connect_ctx_free(&c->connect_ctx);
if (compat20) {
packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(c->remote_id);
@@ -1452,7 +1494,8 @@
if (c->rfd != -1 && (force || FD_ISSET(c->rfd, readset))) {
errno = 0;
len = read(c->rfd, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR || (errno == EAGAIN && !force)))
+ if (len < 0 && (errno == EINTR ||
+ ((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
return 1;
#ifndef PTY_ZEROREAD
if (len <= 0) {
@@ -1523,7 +1566,8 @@
c->local_consumed += dlen + 4;
len = write(c->wfd, buf, dlen);
xfree(data);
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 && (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
if (c->type != SSH_CHANNEL_OPEN)
@@ -1541,7 +1585,8 @@
#endif
len = write(c->wfd, buf, dlen);
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 &&
+ (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
if (c->type != SSH_CHANNEL_OPEN) {
@@ -1593,7 +1638,8 @@
buffer_len(&c->extended));
debug2("channel %d: written %d to efd %d",
c->self, len, c->efd);
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 && (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
debug2("channel %d: closing write-efd %d",
@@ -1608,8 +1654,8 @@
len = read(c->efd, buf, sizeof(buf));
debug2("channel %d: read %d from efd %d",
c->self, len, c->efd);
- if (len < 0 && (errno == EINTR ||
- (errno == EAGAIN && !c->detach_close)))
+ if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+ errno == EWOULDBLOCK) && !c->detach_close)))
return 1;
if (len <= 0) {
debug2("channel %d: closing read-efd %d",
@@ -1633,7 +1679,8 @@
/* Monitor control fd to detect if the slave client exits */
if (c->ctl_fd != -1 && FD_ISSET(c->ctl_fd, readset)) {
len = read(c->ctl_fd, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 &&
+ (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
return 1;
if (len <= 0) {
debug2("channel %d: ctl read<=0", c->self);
@@ -2012,7 +2059,7 @@
return;
/* Get the data. */
- data = packet_get_string(&data_len);
+ data = packet_get_string_ptr(&data_len);
/*
* Ignore data for protocol > 1.3 if output end is no longer open.
@@ -2026,7 +2073,6 @@
c->local_window -= data_len;
c->local_consumed += data_len;
}
- xfree(data);
return;
}
@@ -2038,17 +2084,15 @@
if (data_len > c->local_window) {
logit("channel %d: rcvd too much data %d, win %d",
c->self, data_len, c->local_window);
- xfree(data);
return;
}
c->local_window -= data_len;
}
- packet_check_eom();
if (c->datagram)
buffer_put_string(&c->output, data, data_len);
else
buffer_append(&c->output, data, data_len);
- xfree(data);
+ packet_check_eom();
}
/* ARGSUSED */
@@ -2212,9 +2256,9 @@
if (compat20) {
c->remote_window = packet_get_int();
c->remote_maxpacket = packet_get_int();
- if (c->confirm) {
+ if (c->open_confirm) {
debug2("callback start");
- c->confirm(c->self, c->confirm_ctx);
+ c->open_confirm(c->self, c->open_confirm_ctx);
debug2("callback done");
}
debug2("channel %d: open confirm rwindow %u rmax %u", c->self,
@@ -2303,7 +2347,7 @@
Channel *c = NULL;
u_short host_port;
char *host, *originator_string;
- int remote_id, sock = -1;
+ int remote_id;
remote_id = packet_get_int();
host = packet_get_string(NULL);
@@ -2315,23 +2359,47 @@
originator_string = xstrdup("unknown (remote did not supply name)");
}
packet_check_eom();
- sock = channel_connect_to(host, host_port);
- if (sock != -1) {
- c = channel_new("connected socket",
- SSH_CHANNEL_CONNECTING, sock, sock, -1, 0, 0, 0,
- originator_string, 1);
- c->remote_id = remote_id;
- }
+ c = channel_connect_to(host, host_port,
+ "connected socket", originator_string);
xfree(originator_string);
+ xfree(host);
if (c == NULL) {
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(remote_id);
packet_send();
- }
- xfree(host);
+ } else
+ c->remote_id = remote_id;
}
+/* ARGSUSED */
+void
+channel_input_status_confirm(int type, u_int32_t seq, void *ctxt)
+{
+ Channel *c;
+ struct channel_confirm *cc;
+ int remote_id;
+ /* Reset keepalive timeout */
+ keep_alive_timeouts = 0;
+
+ remote_id = packet_get_int();
+ packet_check_eom();
+
+ debug2("channel_input_confirm: type %d id %d", type, remote_id);
+
+ if ((c = channel_lookup(remote_id)) == NULL) {
+ logit("channel_input_success_failure: %d: unknown", remote_id);
+ return;
+ }
+ ;
+ if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL)
+ return;
+ cc->cb(type, c, cc->ctx);
+ TAILQ_REMOVE(&c->status_confirms, cc, entry);
+ bzero(cc, sizeof(*cc));
+ xfree(cc);
+}
+
/* -- tcp forwarding */
void
@@ -2385,7 +2453,7 @@
wildcard = 1;
} else if (gateway_ports || is_client) {
if (((datafellows & SSH_OLD_FORWARD_ADDR) &&
- strcmp(listen_addr, "0.0.0.0") == 0) ||
+ strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) ||
*listen_addr == '\0' || strcmp(listen_addr, "*") == 0 ||
(!is_client && gateway_ports == 1))
wildcard = 1;
@@ -2409,10 +2477,11 @@
if (addr == NULL) {
/* This really shouldn't happen */
packet_disconnect("getaddrinfo: fatal error: %s",
- gai_strerror(r));
+ ssh_gai_strerror(r));
} else {
error("channel_setup_fwd_listener: "
- "getaddrinfo(%.64s): %s", addr, gai_strerror(r));
+ "getaddrinfo(%.64s): %s", addr,
+ ssh_gai_strerror(r));
}
return 0;
}
@@ -2717,35 +2786,37 @@
num_adm_permitted_opens = 0;
}
-/* return socket to remote host, port */
+void
+channel_print_adm_permitted_opens(void)
+{
+ int i;
+
+ for (i = 0; i < num_adm_permitted_opens; i++)
+ if (permitted_adm_opens[i].host_to_connect != NULL)
+ printf(" %s:%d", permitted_adm_opens[i].host_to_connect,
+ permitted_adm_opens[i].port_to_connect);
+}
+
+/* Try to start non-blocking connect to next host in cctx list */
static int
-connect_to(const char *host, u_short port)
+connect_next(struct channel_connect *cctx)
{
- struct addrinfo hints, *ai, *aitop;
+ int sock, saved_errno;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
- int gaierr;
- int sock = -1;
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = IPv4or6;
- hints.ai_socktype = SOCK_STREAM;
- snprintf(strport, sizeof strport, "%d", port);
- if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
- error("connect_to %.100s: unknown host (%s)", host,
- gai_strerror(gaierr));
- return -1;
- }
- for (ai = aitop; ai; ai = ai->ai_next) {
- if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ for (; cctx->ai; cctx->ai = cctx->ai->ai_next) {
+ if (cctx->ai->ai_family != AF_INET &&
+ cctx->ai->ai_family != AF_INET6)
continue;
- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
- strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
- error("connect_to: getnameinfo failed");
+ if (getnameinfo(cctx->ai->ai_addr, cctx->ai->ai_addrlen,
+ ntop, sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+ error("connect_next: getnameinfo failed");
continue;
}
- sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
- if (sock < 0) {
- if (ai->ai_next == NULL)
+ if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype,
+ cctx->ai->ai_protocol)) == -1) {
+ if (cctx->ai->ai_next == NULL)
error("socket: %.100s", strerror(errno));
else
verbose("socket: %.100s", strerror(errno));
@@ -2753,45 +2824,95 @@
}
if (set_nonblock(sock) == -1)
fatal("%s: set_nonblock(%d)", __func__, sock);
- if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0 &&
- errno != EINPROGRESS) {
- error("connect_to %.100s port %s: %.100s", ntop, strport,
+ if (connect(sock, cctx->ai->ai_addr,
+ cctx->ai->ai_addrlen) == -1 && errno != EINPROGRESS) {
+ debug("connect_next: host %.100s ([%.100s]:%s): "
+ "%.100s", cctx->host, ntop, strport,
strerror(errno));
+ saved_errno = errno;
close(sock);
+ errno = saved_errno;
continue; /* fail -- try next */
}
- break; /* success */
+ debug("connect_next: host %.100s ([%.100s]:%s) "
+ "in progress, fd=%d", cctx->host, ntop, strport, sock);
+ cctx->ai = cctx->ai->ai_next;
+ set_nodelay(sock);
+ return sock;
+ }
+ return -1;
+}
+static void
+channel_connect_ctx_free(struct channel_connect *cctx)
+{
+ xfree(cctx->host);
+ if (cctx->aitop)
+ freeaddrinfo(cctx->aitop);
+ bzero(cctx, sizeof(*cctx));
+ cctx->host = NULL;
+ cctx->ai = cctx->aitop = NULL;
+}
+
+/* Return CONNECTING channel to remote host, port */
+static Channel *
+connect_to(const char *host, u_short port, char *ctype, char *rname)
+{
+ struct addrinfo hints;
+ int gaierr;
+ int sock = -1;
+ char strport[NI_MAXSERV];
+ struct channel_connect cctx;
+ Channel *c;
+
+ memset(&cctx, 0, sizeof(cctx));
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = IPv4or6;
+ hints.ai_socktype = SOCK_STREAM;
+ snprintf(strport, sizeof strport, "%d", port);
+ if ((gaierr = getaddrinfo(host, strport, &hints, &cctx.aitop)) != 0) {
+ error("connect_to %.100s: unknown host (%s)", host,
+ ssh_gai_strerror(gaierr));
+ return NULL;
}
- freeaddrinfo(aitop);
- if (!ai) {
- error("connect_to %.100s port %d: failed.", host, port);
- return -1;
+
+ cctx.host = xstrdup(host);
+ cctx.port = port;
+ cctx.ai = cctx.aitop;
+
+ if ((sock = connect_next(&cctx)) == -1) {
+ error("connect to %.100s port %d failed: %s",
+ host, port, strerror(errno));
+ channel_connect_ctx_free(&cctx);
+ return NULL;
}
- /* success */
- set_nodelay(sock);
- return sock;
+ c = channel_new(ctype, SSH_CHANNEL_CONNECTING, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, rname, 1);
+ c->connect_ctx = cctx;
+ return c;
}
-int
-channel_connect_by_listen_address(u_short listen_port)
+Channel *
+channel_connect_by_listen_address(u_short listen_port, char *ctype, char *rname)
{
int i;
- for (i = 0; i < num_permitted_opens; i++)
+ for (i = 0; i < num_permitted_opens; i++) {
if (permitted_opens[i].host_to_connect != NULL &&
- permitted_opens[i].listen_port == listen_port)
+ permitted_opens[i].listen_port == listen_port) {
return connect_to(
permitted_opens[i].host_to_connect,
- permitted_opens[i].port_to_connect);
+ permitted_opens[i].port_to_connect, ctype, rname);
+ }
+ }
error("WARNING: Server requests forwarding for unknown listen_port %d",
listen_port);
- return -1;
+ return NULL;
}
/* Check if connecting to that port is permitted and connect. */
-int
-channel_connect_to(const char *host, u_short port)
+Channel *
+channel_connect_to(const char *host, u_short port, char *ctype, char *rname)
{
int i, permit, permit_adm = 1;
@@ -2817,9 +2938,9 @@
if (!permit || !permit_adm) {
logit("Received request to connect to host %.100s port %d, "
"but the request was denied.", host, port);
- return -1;
+ return NULL;
}
- return connect_to(host, port);
+ return connect_to(host, port, ctype, rname);
}
void
@@ -2874,7 +2995,7 @@
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
- error("getaddrinfo: %.100s", gai_strerror(gaierr));
+ error("getaddrinfo: %.100s", ssh_gai_strerror(gaierr));
return -1;
}
for (ai = aitop; ai; ai = ai->ai_next) {
@@ -2904,7 +3025,8 @@
error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
}
#endif
- channel_set_reuseaddr(sock);
+ if (x11_use_localhost)
+ channel_set_reuseaddr(sock);
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
debug2("bind port %d: %.100s", port, strerror(errno));
close(sock);
@@ -2916,17 +3038,8 @@
break;
}
socks[num_socks++] = sock;
-#ifndef DONT_TRY_OTHER_AF
if (num_socks == NUM_SOCKS)
break;
-#else
- if (x11_use_localhost) {
- if (num_socks == NUM_SOCKS)
- break;
- } else {
- break;
- }
-#endif
}
freeaddrinfo(aitop);
if (num_socks > 0)
@@ -3048,7 +3161,8 @@
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%u", 6000 + display_number);
if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
- error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr));
+ error("%.100s: unknown host. (%s)", buf,
+ ssh_gai_strerror(gaierr));
return -1;
}
for (ai = aitop; ai; ai = ai->ai_next) {
Modified: trunk/channels.h
===================================================================
--- trunk/channels.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/channels.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.89 2007/06/11 09:14:00 markus Exp $ */
+/* $OpenBSD: channels.h,v 1.96 2008/06/15 20:06:26 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -62,8 +62,27 @@
typedef void channel_callback_fn(int, void *);
typedef int channel_infilter_fn(struct Channel *, char *, int);
+typedef void channel_filter_cleanup_fn(int, void *);
typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *);
+/* Channel success/failure callbacks */
+typedef void channel_confirm_cb(int, struct Channel *, void *);
+typedef void channel_confirm_abandon_cb(struct Channel *, void *);
+struct channel_confirm {
+ TAILQ_ENTRY(channel_confirm) entry;
+ channel_confirm_cb *cb;
+ channel_confirm_abandon_cb *abandon_cb;
+ void *ctx;
+};
+TAILQ_HEAD(channel_confirms, channel_confirm);
+
+/* Context for non-blocking connects */
+struct channel_connect {
+ char *host;
+ int port;
+ struct addrinfo *ai, *aitop;
+};
+
struct Channel {
int type; /* channel type/state */
int self; /* my own channel identifier */
@@ -104,16 +123,23 @@
char *ctype; /* type */
/* callback */
- channel_callback_fn *confirm;
- void *confirm_ctx;
+ channel_callback_fn *open_confirm;
+ void *open_confirm_ctx;
channel_callback_fn *detach_user;
int detach_close;
+ struct channel_confirms status_confirms;
/* filter */
channel_infilter_fn *input_filter;
channel_outfilter_fn *output_filter;
+ void *filter_ctx;
+ channel_filter_cleanup_fn *filter_cleanup;
- int datagram; /* keep boundaries */
+ /* keep boundaries */
+ int datagram;
+
+ /* non-blocking connect */
+ struct channel_connect connect_ctx;
};
#define CHAN_EXTENDED_IGNORE 0
@@ -162,7 +188,7 @@
Channel *channel_by_id(int);
Channel *channel_lookup(int);
Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
-void channel_set_fds(int, int, int, int, int, int, u_int);
+void channel_set_fds(int, int, int, int, int, int, int, u_int);
void channel_free(Channel *);
void channel_free_all(void);
void channel_stop_listening(void);
@@ -170,8 +196,11 @@
void channel_send_open(int);
void channel_request_start(int, char *, int);
void channel_register_cleanup(int, channel_callback_fn *, int);
-void channel_register_confirm(int, channel_callback_fn *, void *);
-void channel_register_filter(int, channel_infilter_fn *, channel_outfilter_fn *);
+void channel_register_open_confirm(int, channel_callback_fn *, void *);
+void channel_register_filter(int, channel_infilter_fn *,
+ channel_outfilter_fn *, channel_filter_cleanup_fn *, void *);
+void channel_register_status_confirm(int, channel_confirm_cb *,
+ channel_confirm_abandon_cb *, void *);
void channel_cancel_cleanup(int);
int channel_close_fd(int *);
void channel_send_window_changes(void);
@@ -188,6 +217,7 @@
void channel_input_open_failure(int, u_int32_t, void *);
void channel_input_port_open(int, u_int32_t, void *);
void channel_input_window_adjust(int, u_int32_t, void *);
+void channel_input_status_confirm(int, u_int32_t, void *);
/* file descriptor handling (read/write) */
@@ -208,9 +238,10 @@
int channel_add_adm_permitted_opens(char *, int);
void channel_clear_permitted_opens(void);
void channel_clear_adm_permitted_opens(void);
+void channel_print_adm_permitted_opens(void);
int channel_input_port_forward_request(int, int);
-int channel_connect_to(const char *, u_short);
-int channel_connect_by_listen_address(u_short);
+Channel *channel_connect_to(const char *, u_short, char *, char *);
+Channel *channel_connect_by_listen_address(u_short, char *, char *);
int channel_request_remote_forwarding(const char *, u_short,
const char *, u_short);
int channel_setup_local_fwd_listener(const char *, u_short,
@@ -225,7 +256,7 @@
int x11_create_display_inet(int, int, int, u_int *, int **);
void x11_input_open(int, u_int32_t, void *);
void x11_request_forwarding_with_spoofing(int, const char *, const char *,
- const char *);
+ const char *);
void deny_input_open(int, u_int32_t, void *);
/* agent forwarding */
@@ -240,6 +271,7 @@
/* channel events */
void chan_rcvd_oclose(Channel *);
+void chan_rcvd_eow(Channel *); /* SSH2-only */
void chan_read_failed(Channel *);
void chan_ibuf_empty(Channel *);
Modified: trunk/clientloop.c
===================================================================
--- trunk/clientloop.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/clientloop.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.181 2007/08/15 08:14:46 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.201 2008/07/16 11:51:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -86,6 +86,7 @@
#include <pwd.h>
#include <unistd.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
@@ -120,7 +121,7 @@
extern int no_shell_flag;
/* Control socket */
-extern int control_fd;
+extern int muxserver_sock;
/*
* Name of the host we are connecting to. This is the name given on the
@@ -143,36 +144,46 @@
/* Common data for the client loop code. */
static volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */
-static int escape_char; /* Escape character. */
-static int escape_pending; /* Last character was the escape character */
+static int escape_char1; /* Escape character. (proto1 only) */
+static int escape_pending1; /* Last character was an escape (proto1 only) */
static int last_was_cr; /* Last character was a newline. */
-static int exit_status; /* Used to store the exit status of the command. */
-static int stdin_eof; /* EOF has been encountered on standard error. */
+static int exit_status; /* Used to store the command exit status. */
+static int stdin_eof; /* EOF has been encountered on stderr. */
static Buffer stdin_buffer; /* Buffer for stdin data. */
static Buffer stdout_buffer; /* Buffer for stdout data. */
static Buffer stderr_buffer; /* Buffer for stderr data. */
-static u_long stdin_bytes, stdout_bytes, stderr_bytes;
static u_int buffer_high;/* Soft max buffer size. */
static int connection_in; /* Connection to server (input). */
static int connection_out; /* Connection to server (output). */
static int need_rekeying; /* Set to non-zero if rekeying is requested. */
static int session_closed = 0; /* In SSH2: login session closed. */
-static int server_alive_timeouts = 0;
static void client_init_dispatch(void);
int session_ident = -1;
-struct confirm_ctx {
- int want_tty;
- int want_subsys;
- int want_x_fwd;
- int want_agent_fwd;
- Buffer cmd;
- char *term;
- struct termios tio;
- char **env;
+/* Track escape per proto2 channel */
+struct escape_filter_ctx {
+ int escape_pending;
+ int escape_char;
};
+/* Context for channel confirmation replies */
+struct channel_reply_ctx {
+ const char *request_type;
+ int id, do_close;
+};
+
+/* Global request success/failure callbacks */
+struct global_confirm {
+ TAILQ_ENTRY(global_confirm) entry;
+ global_confirm_cb *cb;
+ void *ctx;
+ int ref_count;
+};
+TAILQ_HEAD(global_confirms, global_confirm);
+static struct global_confirms global_confirms =
+ TAILQ_HEAD_INITIALIZER(global_confirms);
+
/*XXX*/
extern Kex *xxx_kex;
@@ -380,7 +391,10 @@
/* Check for immediate EOF on stdin. */
len = read(fileno(stdin), buf, 1);
if (len == 0) {
- /* EOF. Record that we have seen it and send EOF to server. */
+ /*
+ * EOF. Record that we have seen it and send
+ * EOF to server.
+ */
debug("Sending eof.");
stdin_eof = 1;
packet_start(SSH_CMSG_EOF);
@@ -391,8 +405,8 @@
* and also process it as an escape character if
* appropriate.
*/
- if ((u_char) buf[0] == escape_char)
- escape_pending = 1;
+ if ((u_char) buf[0] == escape_char1)
+ escape_pending1 = 1;
else
buffer_append(&stdin_buffer, buf, 1);
}
@@ -422,7 +436,6 @@
packet_put_string(buffer_ptr(&stdin_buffer), len);
packet_send();
buffer_consume(&stdin_buffer, len);
- stdin_bytes += len;
/* If we have a pending EOF, send it now. */
if (stdin_eof && buffer_len(&stdin_buffer) == 0) {
packet_start(SSH_CMSG_EOF);
@@ -467,15 +480,26 @@
static void
client_global_request_reply(int type, u_int32_t seq, void *ctxt)
{
- server_alive_timeouts = 0;
- client_global_request_reply_fwd(type, seq, ctxt);
+ struct global_confirm *gc;
+
+ if ((gc = TAILQ_FIRST(&global_confirms)) == NULL)
+ return;
+ if (gc->cb != NULL)
+ gc->cb(type, seq, gc->ctx);
+ if (--gc->ref_count <= 0) {
+ TAILQ_REMOVE(&global_confirms, gc, entry);
+ bzero(gc, sizeof(*gc));
+ xfree(gc);
+ }
+
+ keep_alive_timeouts = 0;
}
static void
server_alive_check(void)
{
if (compat20) {
- if (++server_alive_timeouts > options.server_alive_count_max) {
+ if (++keep_alive_timeouts > options.server_alive_count_max) {
logit("Timeout, server not responding.");
cleanup_exit(255);
}
@@ -483,6 +507,8 @@
packet_put_cstring("keepalive at openssh.com");
packet_put_char(1); /* boolean: want reply */
packet_send();
+ /* Insert an empty placeholder to maintain ordering */
+ client_register_global_confirm(NULL, NULL);
} else {
packet_send_ignore(0);
packet_send();
@@ -538,8 +564,8 @@
if (packet_have_data_to_write())
FD_SET(connection_out, *writesetp);
- if (control_fd != -1)
- FD_SET(control_fd, *readsetp);
+ if (muxserver_sock != -1)
+ FD_SET(muxserver_sock, *readsetp);
/*
* Wait for something to happen. This will suspend the process until
@@ -581,9 +607,11 @@
{
/* Flush stdout and stderr buffers. */
if (buffer_len(bout) > 0)
- atomicio(vwrite, fileno(stdout), buffer_ptr(bout), buffer_len(bout));
+ atomicio(vwrite, fileno(stdout), buffer_ptr(bout),
+ buffer_len(bout));
if (buffer_len(berr) > 0)
- atomicio(vwrite, fileno(stderr), buffer_ptr(berr), buffer_len(berr));
+ atomicio(vwrite, fileno(stderr), buffer_ptr(berr),
+ buffer_len(berr));
leave_raw_mode();
@@ -623,9 +651,13 @@
/* Read as much as possible. */
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
- /* Received EOF. The remote host has closed the connection. */
- snprintf(buf, sizeof buf, "Connection to %.300s closed by remote host.\r\n",
- host);
+ /*
+ * Received EOF. The remote host has closed the
+ * connection.
+ */
+ snprintf(buf, sizeof buf,
+ "Connection to %.300s closed by remote host.\r\n",
+ host);
buffer_append(&stderr_buffer, buf, strlen(buf));
quit_pending = 1;
return;
@@ -634,13 +666,18 @@
* There is a kernel bug on Solaris that causes select to
* sometimes wake up even though there is no data available.
*/
- if (len < 0 && (errno == EAGAIN || errno == EINTR))
+ if (len < 0 &&
+ (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
len = 0;
if (len < 0) {
- /* An error has encountered. Perhaps there is a network problem. */
- snprintf(buf, sizeof buf, "Read from remote host %.300s: %.100s\r\n",
- host, strerror(errno));
+ /*
+ * An error has encountered. Perhaps there is a
+ * network problem.
+ */
+ snprintf(buf, sizeof buf,
+ "Read from remote host %.300s: %.100s\r\n",
+ host, strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
quit_pending = 1;
return;
@@ -650,289 +687,81 @@
}
static void
-client_subsystem_reply(int type, u_int32_t seq, void *ctxt)
+client_status_confirm(int type, Channel *c, void *ctx)
{
- int id;
- Channel *c;
+ struct channel_reply_ctx *cr = (struct channel_reply_ctx *)ctx;
+ char errmsg[256];
+ int tochan;
- id = packet_get_int();
- packet_check_eom();
+ /* XXX supress on mux _client_ quietmode */
+ tochan = options.log_level >= SYSLOG_LEVEL_ERROR &&
+ c->ctl_fd != -1 && c->extended_usage == CHAN_EXTENDED_WRITE;
- if ((c = channel_lookup(id)) == NULL) {
- error("%s: no channel for id %d", __func__, id);
- return;
+ if (type == SSH2_MSG_CHANNEL_SUCCESS) {
+ debug2("%s request accepted on channel %d",
+ cr->request_type, c->self);
+ } else if (type == SSH2_MSG_CHANNEL_FAILURE) {
+ if (tochan) {
+ snprintf(errmsg, sizeof(errmsg),
+ "%s request failed\r\n", cr->request_type);
+ } else {
+ snprintf(errmsg, sizeof(errmsg),
+ "%s request failed on channel %d",
+ cr->request_type, c->self);
+ }
+ /* If error occurred on primary session channel, then exit */
+ if (cr->do_close && c->self == session_ident)
+ fatal("%s", errmsg);
+ /* If error occurred on mux client, append to their stderr */
+ if (tochan)
+ buffer_append(&c->extended, errmsg, strlen(errmsg));
+ else
+ error("%s", errmsg);
+ if (cr->do_close) {
+ chan_read_failed(c);
+ chan_write_failed(c);
+ }
}
-
- if (type == SSH2_MSG_CHANNEL_SUCCESS)
- debug2("Request suceeded on channel %d", id);
- else if (type == SSH2_MSG_CHANNEL_FAILURE) {
- error("Request failed on channel %d", id);
- channel_free(c);
- }
+ xfree(cr);
}
static void
-client_extra_session2_setup(int id, void *arg)
+client_abandon_status_confirm(Channel *c, void *ctx)
{
- struct confirm_ctx *cctx = arg;
- const char *display;
- Channel *c;
- int i;
-
- if (cctx == NULL)
- fatal("%s: cctx == NULL", __func__);
- if ((c = channel_lookup(id)) == NULL)
- fatal("%s: no channel for id %d", __func__, id);
-
- display = getenv("DISPLAY");
- if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
- char *proto, *data;
- /* Get reasonable local authentication information. */
- client_x11_get_proto(display, options.xauth_location,
- options.forward_x11_trusted, &proto, &data);
- /* Request forwarding with authentication spoofing. */
- debug("Requesting X11 forwarding with authentication spoofing.");
- x11_request_forwarding_with_spoofing(id, display, proto, data);
- /* XXX wait for reply */
- }
-
- if (cctx->want_agent_fwd && options.forward_agent) {
- debug("Requesting authentication agent forwarding.");
- channel_request_start(id, "auth-agent-req at openssh.com", 0);
- packet_send();
- }
-
- client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
- cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
- client_subsystem_reply);
-
- c->confirm_ctx = NULL;
- buffer_free(&cctx->cmd);
- xfree(cctx->term);
- if (cctx->env != NULL) {
- for (i = 0; cctx->env[i] != NULL; i++)
- xfree(cctx->env[i]);
- xfree(cctx->env);
- }
- xfree(cctx);
+ xfree(ctx);
}
static void
-client_process_control(fd_set *readset)
+client_expect_confirm(int id, const char *request, int do_close)
{
- Buffer m;
- Channel *c;
- int client_fd, new_fd[3], ver, allowed, window, packetmax;
- socklen_t addrlen;
- struct sockaddr_storage addr;
- struct confirm_ctx *cctx;
- char *cmd;
- u_int i, len, env_len, command, flags;
- uid_t euid;
- gid_t egid;
+ struct channel_reply_ctx *cr = xmalloc(sizeof(*cr));
- /*
- * Accept connection on control socket
- */
- if (control_fd == -1 || !FD_ISSET(control_fd, readset))
- return;
+ cr->request_type = request;
+ cr->do_close = do_close;
- memset(&addr, 0, sizeof(addr));
- addrlen = sizeof(addr);
- if ((client_fd = accept(control_fd,
- (struct sockaddr*)&addr, &addrlen)) == -1) {
- error("%s accept: %s", __func__, strerror(errno));
- return;
- }
+ channel_register_status_confirm(id, client_status_confirm,
+ client_abandon_status_confirm, cr);
+}
- if (getpeereid(client_fd, &euid, &egid) < 0) {
- error("%s getpeereid failed: %s", __func__, strerror(errno));
- close(client_fd);
- return;
- }
- if ((euid != 0) && (getuid() != euid)) {
- error("control mode uid mismatch: peer euid %u != uid %u",
- (u_int) euid, (u_int) getuid());
- close(client_fd);
- return;
- }
+void
+client_register_global_confirm(global_confirm_cb *cb, void *ctx)
+{
+ struct global_confirm *gc, *last_gc;
- unset_nonblock(client_fd);
-
- /* Read command */
- buffer_init(&m);
- if (ssh_msg_recv(client_fd, &m) == -1) {
- error("%s: client msg_recv failed", __func__);
- close(client_fd);
- buffer_free(&m);
+ /* Coalesce identical callbacks */
+ last_gc = TAILQ_LAST(&global_confirms, global_confirms);
+ if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) {
+ if (++last_gc->ref_count >= INT_MAX)
+ fatal("%s: last_gc->ref_count = %d",
+ __func__, last_gc->ref_count);
return;
}
- if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
- error("%s: wrong client version %d", __func__, ver);
- buffer_free(&m);
- close(client_fd);
- return;
- }
- allowed = 1;
- command = buffer_get_int(&m);
- flags = buffer_get_int(&m);
-
- buffer_clear(&m);
-
- switch (command) {
- case SSHMUX_COMMAND_OPEN:
- if (options.control_master == SSHCTL_MASTER_ASK ||
- options.control_master == SSHCTL_MASTER_AUTO_ASK)
- allowed = ask_permission("Allow shared connection "
- "to %s? ", host);
- /* continue below */
- break;
- case SSHMUX_COMMAND_TERMINATE:
- if (options.control_master == SSHCTL_MASTER_ASK ||
- options.control_master == SSHCTL_MASTER_AUTO_ASK)
- allowed = ask_permission("Terminate shared connection "
- "to %s? ", host);
- if (allowed)
- quit_pending = 1;
- /* FALLTHROUGH */
- case SSHMUX_COMMAND_ALIVE_CHECK:
- /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */
- buffer_clear(&m);
- buffer_put_int(&m, allowed);
- buffer_put_int(&m, getpid());
- if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
- error("%s: client msg_send failed", __func__);
- close(client_fd);
- buffer_free(&m);
- return;
- }
- buffer_free(&m);
- close(client_fd);
- return;
- default:
- error("Unsupported command %d", command);
- buffer_free(&m);
- close(client_fd);
- return;
- }
-
- /* Reply for SSHMUX_COMMAND_OPEN */
- buffer_clear(&m);
- buffer_put_int(&m, allowed);
- buffer_put_int(&m, getpid());
- if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
- error("%s: client msg_send failed", __func__);
- close(client_fd);
- buffer_free(&m);
- return;
- }
-
- if (!allowed) {
- error("Refused control connection");
- close(client_fd);
- buffer_free(&m);
- return;
- }
-
- buffer_clear(&m);
- if (ssh_msg_recv(client_fd, &m) == -1) {
- error("%s: client msg_recv failed", __func__);
- close(client_fd);
- buffer_free(&m);
- return;
- }
- if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
- error("%s: wrong client version %d", __func__, ver);
- buffer_free(&m);
- close(client_fd);
- return;
- }
-
- cctx = xcalloc(1, sizeof(*cctx));
- cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
- cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
- cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
- cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0;
- cctx->term = buffer_get_string(&m, &len);
-
- cmd = buffer_get_string(&m, &len);
- buffer_init(&cctx->cmd);
- buffer_append(&cctx->cmd, cmd, strlen(cmd));
-
- env_len = buffer_get_int(&m);
- env_len = MIN(env_len, 4096);
- debug3("%s: receiving %d env vars", __func__, env_len);
- if (env_len != 0) {
- cctx->env = xcalloc(env_len + 1, sizeof(*cctx->env));
- for (i = 0; i < env_len; i++)
- cctx->env[i] = buffer_get_string(&m, &len);
- cctx->env[i] = NULL;
- }
-
- debug2("%s: accepted tty %d, subsys %d, cmd %s", __func__,
- cctx->want_tty, cctx->want_subsys, cmd);
- xfree(cmd);
-
- /* Gather fds from client */
- new_fd[0] = mm_receive_fd(client_fd);
- new_fd[1] = mm_receive_fd(client_fd);
- new_fd[2] = mm_receive_fd(client_fd);
-
- debug2("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
- new_fd[0], new_fd[1], new_fd[2]);
-
- /* Try to pick up ttymodes from client before it goes raw */
- if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
- error("%s: tcgetattr: %s", __func__, strerror(errno));
-
- /* This roundtrip is just for synchronisation of ttymodes */
- buffer_clear(&m);
- if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
- error("%s: client msg_send failed", __func__);
- close(client_fd);
- close(new_fd[0]);
- close(new_fd[1]);
- close(new_fd[2]);
- buffer_free(&m);
- xfree(cctx->term);
- if (env_len != 0) {
- for (i = 0; i < env_len; i++)
- xfree(cctx->env[i]);
- xfree(cctx->env);
- }
- return;
- }
- buffer_free(&m);
-
- /* enable nonblocking unless tty */
- if (!isatty(new_fd[0]))
- set_nonblock(new_fd[0]);
- if (!isatty(new_fd[1]))
- set_nonblock(new_fd[1]);
- if (!isatty(new_fd[2]))
- set_nonblock(new_fd[2]);
-
- set_nonblock(client_fd);
-
- window = CHAN_SES_WINDOW_DEFAULT;
- packetmax = CHAN_SES_PACKET_DEFAULT;
- if (cctx->want_tty) {
- window >>= 1;
- packetmax >>= 1;
- }
-
- c = channel_new("session", SSH_CHANNEL_OPENING,
- new_fd[0], new_fd[1], new_fd[2], window, packetmax,
- CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
-
- /* XXX */
- c->ctl_fd = client_fd;
-
- debug3("%s: channel_new: %d", __func__, c->self);
-
- channel_send_open(c->self);
- channel_register_confirm(c->self, client_extra_session2_setup, cctx);
+ gc = xmalloc(sizeof(*gc));
+ gc->cb = cb;
+ gc->ctx = ctx;
+ gc->ref_count = 1;
+ TAILQ_INSERT_TAIL(&global_confirms, gc, entry);
}
static void
@@ -945,6 +774,9 @@
u_short cancel_port;
Forward fwd;
+ bzero(&fwd, sizeof(fwd));
+ fwd.listen_host = fwd.connect_host = NULL;
+
leave_raw_mode();
handler = signal(SIGINT, SIG_IGN);
cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
@@ -1044,11 +876,18 @@
enter_raw_mode();
if (cmd)
xfree(cmd);
+ if (fwd.listen_host != NULL)
+ xfree(fwd.listen_host);
+ if (fwd.connect_host != NULL)
+ xfree(fwd.connect_host);
}
-/* process the characters one by one */
+/*
+ * Process the characters one by one, call with c==NULL for proto1 case.
+ */
static int
-process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
+process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
+ char *buf, int len)
{
char string[1024];
pid_t pid;
@@ -1056,7 +895,20 @@
u_int i;
u_char ch;
char *s;
+ int *escape_pendingp, escape_char;
+ struct escape_filter_ctx *efc;
+ if (c == NULL) {
+ escape_pendingp = &escape_pending1;
+ escape_char = escape_char1;
+ } else {
+ if (c->filter_ctx == NULL)
+ return 0;
+ efc = (struct escape_filter_ctx *)c->filter_ctx;
+ escape_pendingp = &efc->escape_pending;
+ escape_char = efc->escape_char;
+ }
+
if (len <= 0)
return (0);
@@ -1064,25 +916,42 @@
/* Get one character at a time. */
ch = buf[i];
- if (escape_pending) {
+ if (*escape_pendingp) {
/* We have previously seen an escape character. */
/* Clear the flag now. */
- escape_pending = 0;
+ *escape_pendingp = 0;
/* Process the escaped character. */
switch (ch) {
case '.':
/* Terminate the connection. */
- snprintf(string, sizeof string, "%c.\r\n", escape_char);
+ snprintf(string, sizeof string, "%c.\r\n",
+ escape_char);
buffer_append(berr, string, strlen(string));
- quit_pending = 1;
+ if (c && c->ctl_fd != -1) {
+ chan_read_failed(c);
+ chan_write_failed(c);
+ return 0;
+ } else
+ quit_pending = 1;
return -1;
case 'Z' - 64:
- /* Suspend the program. */
- /* Print a message to that effect to the user. */
- snprintf(string, sizeof string, "%c^Z [suspend ssh]\r\n", escape_char);
+ /* XXX support this for mux clients */
+ if (c && c->ctl_fd != -1) {
+ noescape:
+ snprintf(string, sizeof string,
+ "%c%c escape not available to "
+ "multiplexed sessions\r\n",
+ escape_char, ch);
+ buffer_append(berr, string,
+ strlen(string));
+ continue;
+ }
+ /* Suspend the program. Inform the user */
+ snprintf(string, sizeof string,
+ "%c^Z [suspend ssh]\r\n", escape_char);
buffer_append(berr, string, strlen(string));
/* Restore terminal modes and suspend. */
@@ -1107,16 +976,20 @@
case 'R':
if (compat20) {
if (datafellows & SSH_BUG_NOREKEY)
- logit("Server does not support re-keying");
+ logit("Server does not "
+ "support re-keying");
else
need_rekeying = 1;
}
continue;
case '&':
+ if (c && c->ctl_fd != -1)
+ goto noescape;
/*
- * Detach the program (continue to serve connections,
- * but put in background and no more new connections).
+ * Detach the program (continue to serve
+ * connections, but put in background and no
+ * more new connections).
*/
/* Restore tty modes. */
leave_raw_mode();
@@ -1145,9 +1018,9 @@
return -1;
} else if (!stdin_eof) {
/*
- * Sending SSH_CMSG_EOF alone does not always appear
- * to be enough. So we try to send an EOF character
- * first.
+ * Sending SSH_CMSG_EOF alone does not
+ * always appear to be enough. So we
+ * try to send an EOF character first.
*/
packet_start(SSH_CMSG_STDIN_DATA);
packet_put_string("\004", 1);
@@ -1162,27 +1035,50 @@
continue;
case '?':
- snprintf(string, sizeof string,
+ if (c && c->ctl_fd != -1) {
+ snprintf(string, sizeof string,
"%c?\r\n\
Supported escape sequences:\r\n\
-%c. - terminate connection\r\n\
-%cB - send a BREAK to the remote system\r\n\
-%cC - open a command line\r\n\
-%cR - Request rekey (SSH protocol 2 only)\r\n\
-%c^Z - suspend ssh\r\n\
-%c# - list forwarded connections\r\n\
-%c& - background ssh (when waiting for connections to terminate)\r\n\
-%c? - this message\r\n\
-%c%c - send the escape character by typing it twice\r\n\
+ %c. - terminate session\r\n\
+ %cB - send a BREAK to the remote system\r\n\
+ %cC - open a command line\r\n\
+ %cR - Request rekey (SSH protocol 2 only)\r\n\
+ %c# - list forwarded connections\r\n\
+ %c? - this message\r\n\
+ %c%c - send the escape character by typing it twice\r\n\
(Note that escapes are only recognized immediately after newline.)\r\n",
- escape_char, escape_char, escape_char, escape_char,
- escape_char, escape_char, escape_char, escape_char,
- escape_char, escape_char, escape_char);
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char);
+ } else {
+ snprintf(string, sizeof string,
+"%c?\r\n\
+Supported escape sequences:\r\n\
+ %c. - terminate connection (and any multiplexed sessions)\r\n\
+ %cB - send a BREAK to the remote system\r\n\
+ %cC - open a command line\r\n\
+ %cR - Request rekey (SSH protocol 2 only)\r\n\
+ %c^Z - suspend ssh\r\n\
+ %c# - list forwarded connections\r\n\
+ %c& - background ssh (when waiting for connections to terminate)\r\n\
+ %c? - this message\r\n\
+ %c%c - send the escape character by typing it twice\r\n\
+(Note that escapes are only recognized immediately after newline.)\r\n",
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char, escape_char,
+ escape_char);
+ }
buffer_append(berr, string, strlen(string));
continue;
case '#':
- snprintf(string, sizeof string, "%c#\r\n", escape_char);
+ snprintf(string, sizeof string, "%c#\r\n",
+ escape_char);
buffer_append(berr, string, strlen(string));
s = channel_open_message();
buffer_append(berr, s, strlen(s));
@@ -1203,12 +1099,15 @@
}
} else {
/*
- * The previous character was not an escape char. Check if this
- * is an escape.
+ * The previous character was not an escape char.
+ * Check if this is an escape.
*/
if (last_was_cr && ch == escape_char) {
- /* It is. Set the flag and continue to next character. */
- escape_pending = 1;
+ /*
+ * It is. Set the flag and continue to
+ * next character.
+ */
+ *escape_pendingp = 1;
continue;
}
}
@@ -1234,7 +1133,8 @@
if (FD_ISSET(fileno(stdin), readset)) {
/* Read as much as possible. */
len = read(fileno(stdin), buf, sizeof(buf));
- if (len < 0 && (errno == EAGAIN || errno == EINTR))
+ if (len < 0 &&
+ (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
return; /* we'll try again later */
if (len <= 0) {
/*
@@ -1243,7 +1143,8 @@
* if it was an error condition.
*/
if (len < 0) {
- snprintf(buf, sizeof buf, "read: %.100s\r\n", strerror(errno));
+ snprintf(buf, sizeof buf, "read: %.100s\r\n",
+ strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
}
/* Mark that we have seen EOF. */
@@ -1259,7 +1160,7 @@
packet_start(SSH_CMSG_EOF);
packet_send();
}
- } else if (escape_char == SSH_ESCAPECHAR_NONE) {
+ } else if (escape_char1 == SSH_ESCAPECHAR_NONE) {
/*
* Normal successful read, and no escape character.
* Just append the data to buffer.
@@ -1267,11 +1168,12 @@
buffer_append(&stdin_buffer, buf, len);
} else {
/*
- * Normal, successful read. But we have an escape character
- * and have to process the characters one by one.
+ * Normal, successful read. But we have an escape
+ * character and have to process the characters one
+ * by one.
*/
- if (process_escapes(&stdin_buffer, &stdout_buffer,
- &stderr_buffer, buf, len) == -1)
+ if (process_escapes(NULL, &stdin_buffer,
+ &stdout_buffer, &stderr_buffer, buf, len) == -1)
return;
}
}
@@ -1289,14 +1191,16 @@
len = write(fileno(stdout), buffer_ptr(&stdout_buffer),
buffer_len(&stdout_buffer));
if (len <= 0) {
- if (errno == EINTR || errno == EAGAIN)
+ if (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK)
len = 0;
else {
/*
* An error or EOF was encountered. Put an
* error message to stderr buffer.
*/
- snprintf(buf, sizeof buf, "write stdout: %.50s\r\n", strerror(errno));
+ snprintf(buf, sizeof buf,
+ "write stdout: %.50s\r\n", strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
quit_pending = 1;
return;
@@ -1304,7 +1208,6 @@
}
/* Consume printed data from the buffer. */
buffer_consume(&stdout_buffer, len);
- stdout_bytes += len;
}
/* Write buffered output to stderr. */
if (FD_ISSET(fileno(stderr), writeset)) {
@@ -1312,17 +1215,20 @@
len = write(fileno(stderr), buffer_ptr(&stderr_buffer),
buffer_len(&stderr_buffer));
if (len <= 0) {
- if (errno == EINTR || errno == EAGAIN)
+ if (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK)
len = 0;
else {
- /* EOF or error, but can't even print error message. */
+ /*
+ * EOF or error, but can't even print
+ * error message.
+ */
quit_pending = 1;
return;
}
}
/* Consume printed characters from the buffer. */
buffer_consume(&stderr_buffer, len);
- stderr_bytes += len;
}
}
@@ -1341,18 +1247,41 @@
static void
client_process_buffered_input_packets(void)
{
- dispatch_run(DISPATCH_NONBLOCK, &quit_pending, compat20 ? xxx_kex : NULL);
+ dispatch_run(DISPATCH_NONBLOCK, &quit_pending,
+ compat20 ? xxx_kex : NULL);
}
/* scan buf[] for '~' before sending data to the peer */
-static int
-simple_escape_filter(Channel *c, char *buf, int len)
+/* Helper: allocate a new escape_filter_ctx and fill in its escape char */
+void *
+client_new_escape_filter_ctx(int escape_char)
{
- /* XXX we assume c->extended is writeable */
- return process_escapes(&c->input, &c->output, &c->extended, buf, len);
+ struct escape_filter_ctx *ret;
+
+ ret = xmalloc(sizeof(*ret));
+ ret->escape_pending = 0;
+ ret->escape_char = escape_char;
+ return (void *)ret;
}
+/* Free the escape filter context on channel free */
+void
+client_filter_cleanup(int cid, void *ctx)
+{
+ xfree(ctx);
+}
+
+int
+client_simple_escape_filter(Channel *c, char *buf, int len)
+{
+ if (c->extended_usage != CHAN_EXTENDED_WRITE)
+ return 0;
+
+ return process_escapes(c, &c->input, &c->output, &c->extended,
+ buf, len);
+}
+
static void
client_channel_closed(int id, void *arg)
{
@@ -1374,6 +1303,7 @@
fd_set *readset = NULL, *writeset = NULL;
double start_time, total_time;
int max_fd = 0, max_fd2 = 0, len, rekeying = 0;
+ u_int64_t ibytes, obytes;
u_int nalloc = 0;
char buf[100];
@@ -1382,7 +1312,7 @@
start_time = get_current_time();
/* Initialize variables. */
- escape_pending = 0;
+ escape_pending1 = 0;
last_was_cr = 1;
exit_status = -1;
stdin_eof = 0;
@@ -1390,8 +1320,8 @@
connection_in = packet_get_connection_in();
connection_out = packet_get_connection_out();
max_fd = MAX(connection_in, connection_out);
- if (control_fd != -1)
- max_fd = MAX(max_fd, control_fd);
+ if (muxserver_sock != -1)
+ max_fd = MAX(max_fd, muxserver_sock);
if (!compat20) {
/* enable nonblocking unless tty */
@@ -1405,11 +1335,8 @@
max_fd = MAX(max_fd, fileno(stdout));
max_fd = MAX(max_fd, fileno(stderr));
}
- stdin_bytes = 0;
- stdout_bytes = 0;
- stderr_bytes = 0;
quit_pending = 0;
- escape_char = escape_char_arg;
+ escape_char1 = escape_char_arg;
/* Initialize buffers. */
buffer_init(&stdin_buffer);
@@ -1437,9 +1364,11 @@
if (compat20) {
session_ident = ssh2_chan_id;
- if (escape_char != SSH_ESCAPECHAR_NONE)
+ if (escape_char_arg != SSH_ESCAPECHAR_NONE)
channel_register_filter(session_ident,
- simple_escape_filter, NULL);
+ client_simple_escape_filter, NULL,
+ client_filter_cleanup,
+ client_new_escape_filter_ctx(escape_char_arg));
if (session_ident != -1)
channel_register_cleanup(session_ident,
client_channel_closed, 0);
@@ -1511,7 +1440,10 @@
client_process_net_input(readset);
/* Accept control connections. */
- client_process_control(readset);
+ if (muxserver_sock != -1 &&FD_ISSET(muxserver_sock, readset)) {
+ if (muxserver_accept_control())
+ quit_pending = 1;
+ }
if (quit_pending)
break;
@@ -1526,7 +1458,10 @@
client_process_output(writeset);
}
- /* Send as much buffered packet data as possible to the sender. */
+ /*
+ * Send as much buffered packet data as possible to the
+ * sender.
+ */
if (FD_ISSET(connection_out, writeset))
packet_write_poll();
}
@@ -1573,7 +1508,8 @@
* that the connection has been closed.
*/
if (have_pty && options.log_level > SYSLOG_LEVEL_QUIET) {
- snprintf(buf, sizeof buf, "Connection to %.64s closed.\r\n", host);
+ snprintf(buf, sizeof buf,
+ "Connection to %.64s closed.\r\n", host);
buffer_append(&stderr_buffer, buf, strlen(buf));
}
@@ -1586,7 +1522,6 @@
break;
}
buffer_consume(&stdout_buffer, len);
- stdout_bytes += len;
}
/* Output any buffered data for stderr. */
@@ -1598,7 +1533,6 @@
break;
}
buffer_consume(&stderr_buffer, len);
- stderr_bytes += len;
}
/* Clear and free any buffers. */
@@ -1609,13 +1543,13 @@
/* Report bytes transferred, and transfer rates. */
total_time = get_current_time() - start_time;
- debug("Transferred: stdin %lu, stdout %lu, stderr %lu bytes in %.1f seconds",
- stdin_bytes, stdout_bytes, stderr_bytes, total_time);
+ packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
+ packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
+ verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds",
+ obytes, ibytes, total_time);
if (total_time > 0)
- debug("Bytes per second: stdin %.1f, stdout %.1f, stderr %.1f",
- stdin_bytes / total_time, stdout_bytes / total_time,
- stderr_bytes / total_time);
-
+ verbose("Bytes per second: sent %.1f, received %.1f",
+ obytes / total_time, ibytes / total_time);
/* Return the exit status of the program. */
debug("Exit status %d", exit_status);
return exit_status;
@@ -1706,7 +1640,6 @@
Channel *c = NULL;
char *listen_address, *originator_address;
int listen_port, originator_port;
- int sock;
/* Get rest of the packet */
listen_address = packet_get_string(NULL);
@@ -1715,19 +1648,13 @@
originator_port = packet_get_int();
packet_check_eom();
- debug("client_request_forwarded_tcpip: listen %s port %d, originator %s port %d",
- listen_address, listen_port, originator_address, originator_port);
+ debug("client_request_forwarded_tcpip: listen %s port %d, "
+ "originator %s port %d", listen_address, listen_port,
+ originator_address, originator_port);
- sock = channel_connect_by_listen_address(listen_port);
- if (sock < 0) {
- xfree(originator_address);
- xfree(listen_address);
- return NULL;
- }
- c = channel_new("forwarded-tcpip",
- SSH_CHANNEL_CONNECTING, sock, sock, -1,
- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
- originator_address, 1);
+ c = channel_connect_by_listen_address(listen_port,
+ "forwarded-tcpip", originator_address);
+
xfree(originator_address);
xfree(listen_address);
return c;
@@ -1743,7 +1670,8 @@
if (!options.forward_x11) {
error("Warning: ssh server tried X11 forwarding.");
- error("Warning: this is probably a break-in attempt by a malicious server.");
+ error("Warning: this is probably a break-in attempt by a "
+ "malicious server.");
return NULL;
}
originator = packet_get_string(NULL);
@@ -1776,7 +1704,8 @@
if (!options.forward_agent) {
error("Warning: ssh server tried agent forwarding.");
- error("Warning: this is probably a break-in attempt by a malicious server.");
+ error("Warning: this is probably a break-in attempt by a "
+ "malicious server.");
return NULL;
}
sock = ssh_get_authentication_socket();
@@ -1819,7 +1748,7 @@
#if defined(SSH_TUN_FILTER)
if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
- sys_tun_outfilter);
+ sys_tun_outfilter, NULL, NULL);
#endif
packet_start(SSH2_MSG_CHANNEL_OPEN);
@@ -1902,7 +1831,11 @@
if (id == -1) {
error("client_input_channel_req: request for channel -1");
} else if ((c = channel_lookup(id)) == NULL) {
- error("client_input_channel_req: channel %d: unknown channel", id);
+ error("client_input_channel_req: channel %d: "
+ "unknown channel", id);
+ } else if (strcmp(rtype, "eow at openssh.com") == 0) {
+ packet_check_eom();
+ chan_rcvd_eow(c);
} else if (strcmp(rtype, "exit-status") == 0) {
exitval = packet_get_int();
if (id == session_ident) {
@@ -1947,8 +1880,7 @@
void
client_session2_setup(int id, int want_tty, int want_subsystem,
- const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env,
- dispatch_fn *subsys_repl)
+ const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env)
{
int len;
Channel *c = NULL;
@@ -1960,20 +1892,21 @@
if (want_tty) {
struct winsize ws;
- struct termios tio;
/* Store window size in the packet. */
if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0)
memset(&ws, 0, sizeof(ws));
- channel_request_start(id, "pty-req", 0);
+ channel_request_start(id, "pty-req", 1);
+ client_expect_confirm(id, "PTY allocation", 0);
packet_put_cstring(term != NULL ? term : "");
packet_put_int((u_int)ws.ws_col);
packet_put_int((u_int)ws.ws_row);
packet_put_int((u_int)ws.ws_xpixel);
packet_put_int((u_int)ws.ws_ypixel);
- tio = get_saved_tio();
- tty_make_modes(-1, tiop != NULL ? tiop : &tio);
+ if (tiop == NULL)
+ tiop = get_saved_tio();
+ tty_make_modes(-1, tiop);
packet_send();
/* XXX wait for reply */
c->client_tty = 1;
@@ -2021,22 +1954,21 @@
if (len > 900)
len = 900;
if (want_subsystem) {
- debug("Sending subsystem: %.*s", len, (u_char*)buffer_ptr(cmd));
- channel_request_start(id, "subsystem", subsys_repl != NULL);
- if (subsys_repl != NULL) {
- /* register callback for reply */
- /* XXX we assume that client_loop has already been called */
- dispatch_set(SSH2_MSG_CHANNEL_FAILURE, subsys_repl);
- dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, subsys_repl);
- }
+ debug("Sending subsystem: %.*s",
+ len, (u_char*)buffer_ptr(cmd));
+ channel_request_start(id, "subsystem", 1);
+ client_expect_confirm(id, "subsystem", 1);
} else {
- debug("Sending command: %.*s", len, (u_char*)buffer_ptr(cmd));
- channel_request_start(id, "exec", 0);
+ debug("Sending command: %.*s",
+ len, (u_char*)buffer_ptr(cmd));
+ channel_request_start(id, "exec", 1);
+ client_expect_confirm(id, "exec", 1);
}
packet_put_string(buffer_ptr(cmd), buffer_len(cmd));
packet_send();
} else {
- channel_request_start(id, "shell", 0);
+ channel_request_start(id, "shell", 1);
+ client_expect_confirm(id, "shell", 1);
packet_send();
}
}
@@ -2055,6 +1987,8 @@
dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
+ dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm);
+ dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm);
dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &client_input_global_request);
/* rekeying */
@@ -2064,6 +1998,7 @@
dispatch_set(SSH2_MSG_REQUEST_FAILURE, &client_global_request_reply);
dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &client_global_request_reply);
}
+
static void
client_init_dispatch_13(void)
{
@@ -2083,6 +2018,7 @@
dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
&x11_input_open : &deny_input_open);
}
+
static void
client_init_dispatch_15(void)
{
@@ -2090,6 +2026,7 @@
dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, & channel_input_oclose);
}
+
static void
client_init_dispatch(void)
{
@@ -2107,7 +2044,7 @@
{
leave_raw_mode();
leave_non_blocking();
- if (options.control_path != NULL && control_fd != -1)
+ if (options.control_path != NULL && muxserver_sock != -1)
unlink(options.control_path);
_exit(i);
}
Modified: trunk/clientloop.h
===================================================================
--- trunk/clientloop.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/clientloop.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.h,v 1.17 2007/08/07 07:32:53 djm Exp $ */
+/* $OpenBSD: clientloop.h,v 1.22 2008/06/12 15:19:17 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -43,11 +43,20 @@
char **, char **);
void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(int, int, int, const char *, struct termios *,
- int, Buffer *, char **, dispatch_fn *);
+ int, Buffer *, char **);
int client_request_tun_fwd(int, int, int);
+/* Escape filter for protocol 2 sessions */
+void *client_new_escape_filter_ctx(int);
+void client_filter_cleanup(int, void *);
+int client_simple_escape_filter(Channel *, char *, int);
+
+/* Global request confirmation callbacks */
+typedef void global_confirm_cb(int, u_int32_t seq, void *);
+void client_register_global_confirm(global_confirm_cb *, void *);
+
/* Multiplexing protocol version */
-#define SSHMUX_VER 1
+#define SSHMUX_VER 2
/* Multiplexing control protocol flags */
#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */
@@ -58,3 +67,7 @@
#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */
#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */
#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */
+
+void muxserver_listen(void);
+int muxserver_accept_control(void);
+void muxclient(const char *);
Modified: trunk/compat.c
===================================================================
--- trunk/compat.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/compat.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -91,7 +91,8 @@
"OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
{ "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR },
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
- { "OpenSSH*", 0 },
+ { "OpenSSH_4*", 0 },
+ { "OpenSSH*", SSH_NEW_OPENSSH },
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
Modified: trunk/compat.h
===================================================================
--- trunk/compat.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/compat.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -57,6 +57,7 @@
#define SSH_BUG_FIRSTKEX 0x00800000
#define SSH_OLD_FORWARD_ADDR 0x01000000
#define SSH_BUG_RFWD_ADDR 0x02000000
+#define SSH_NEW_OPENSSH 0x04000000
void enable_compat13(void);
void enable_compat20(void);
Modified: trunk/config.h.in
===================================================================
--- trunk/config.h.in 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/config.h.in 2009-06-23 21:31:15 UTC (rev 57)
@@ -7,6 +7,9 @@
/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
#undef AIX_LOGINFAILED_4ARG
+/* System only supports IPv4 audit records */
+#undef AU_IPv4
+
/* Define if your resolver libs need this for getrrsetbyname */
#undef BIND_8_COMPAT
@@ -19,6 +22,9 @@
/* getgroups(0,NULL) will return -1 */
#undef BROKEN_GETGROUPS
+/* FreeBSD glob does not do what we need */
+#undef BROKEN_GLOB
+
/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
#undef BROKEN_INET_NTOA
@@ -32,6 +38,9 @@
*/
#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
+/* Can't do comparisons on readv */
+#undef BROKEN_READV_COMPARISON
+
/* Define if you have a broken realpath. */
#undef BROKEN_REALPATH
@@ -53,6 +62,9 @@
/* LynxOS has broken setvbuf() implementation */
#undef BROKEN_SETVBUF
+/* QNX shadow support is broken */
+#undef BROKEN_SHADOW_EXPIRE
+
/* Define if your snprintf is busted */
#undef BROKEN_SNPRINTF
@@ -107,12 +119,12 @@
/* Define if you don't want to use wtmpx */
#undef DISABLE_WTMPX
-/* Workaround more Linux IPv6 quirks */
-#undef DONT_TRY_OTHER_AF
-
/* Builtin PRNG command timeout */
#undef ENTROPY_TIMEOUT_MSEC
+/* f_fsid has members */
+#undef FSID_HAS_VAL
+
/* Define to 1 if the `getpgrp' function requires zero arguments. */
#undef GETPGRP_VOID
@@ -149,6 +161,12 @@
/* Define to 1 if you have the `arc4random' function. */
#undef HAVE_ARC4RANDOM
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
+
+/* Define to 1 if you have the `arc4random_uniform' function. */
+#undef HAVE_ARC4RANDOM_UNIFORM
+
/* Define to 1 if you have the `asprintf' function. */
#undef HAVE_ASPRINTF
@@ -161,6 +179,9 @@
/* OpenBSD's gcc has sentinel */
#undef HAVE_ATTRIBUTE__SENTINEL__
+/* Define to 1 if you have the `aug_get_machine' function. */
+#undef HAVE_AUG_GET_MACHINE
+
/* Define to 1 if you have the `b64_ntop' function. */
#undef HAVE_B64_NTOP
@@ -320,9 +341,21 @@
/* Define to 1 if you have the <floatingpoint.h> header file. */
#undef HAVE_FLOATINGPOINT_H
+/* Define to 1 if you have the `fmt_scaled' function. */
+#undef HAVE_FMT_SCALED
+
/* Define to 1 if you have the `freeaddrinfo' function. */
#undef HAVE_FREEADDRINFO
+/* Define to 1 if the system has the type `fsblkcnt_t'. */
+#undef HAVE_FSBLKCNT_T
+
+/* Define to 1 if the system has the type `fsfilcnt_t'. */
+#undef HAVE_FSFILCNT_T
+
+/* Define to 1 if you have the `fstatvfs' function. */
+#undef HAVE_FSTATVFS
+
/* Define to 1 if you have the `futimes' function. */
#undef HAVE_FUTIMES
@@ -344,6 +377,9 @@
/* Define to 1 if you have the `getgrouplist' function. */
#undef HAVE_GETGROUPLIST
+/* Define to 1 if you have the `getgrset' function. */
+#undef HAVE_GETGRSET
+
/* Define to 1 if you have the `getluid' function. */
#undef HAVE_GETLUID
@@ -494,6 +530,9 @@
/* Define to 1 if you have the <libgen.h> header file. */
#undef HAVE_LIBGEN_H
+/* Define if system has libiaf that supports set_id */
+#undef HAVE_LIBIAF
+
/* Define to 1 if you have the `nsl' library (-lnsl). */
#undef HAVE_LIBNSL
@@ -792,6 +831,12 @@
/* Fields in struct sockaddr_storage */
#undef HAVE_SS_FAMILY_IN_SS
+/* Define to 1 if you have the `statfs' function. */
+#undef HAVE_STATFS
+
+/* Define to 1 if you have the `statvfs' function. */
+#undef HAVE_STATVFS
+
/* Define to 1 if you have the <stddef.h> header file. */
#undef HAVE_STDDEF_H
@@ -894,12 +939,18 @@
/* Define to 1 if you have the <sys/mman.h> header file. */
#undef HAVE_SYS_MMAN_H
+/* Define to 1 if you have the <sys/mount.h> header file. */
+#undef HAVE_SYS_MOUNT_H
+
/* Define to 1 if you have the <sys/ndir.h> header file. */
#undef HAVE_SYS_NDIR_H
/* Define if your system defines sys_nerr */
#undef HAVE_SYS_NERR
+/* Define to 1 if you have the <sys/poll.h> header file. */
+#undef HAVE_SYS_POLL_H
+
/* Define to 1 if you have the <sys/prctl.h> header file. */
#undef HAVE_SYS_PRCTL_H
@@ -912,6 +963,9 @@
/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
+/* Define to 1 if you have the <sys/statvfs.h> header file. */
+#undef HAVE_SYS_STATVFS_H
+
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
Modified: trunk/configure
===================================================================
--- trunk/configure 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/configure 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.ac Revision: 1.383 .
+# From configure.ac Revision: 1.409 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61 for OpenSSH Portable.
#
@@ -723,6 +723,7 @@
mansubdir
user_path
piddir
+TEST_SSH_IPV6
LIBOBJS
LTLIBOBJS'
ac_subst_files=''
@@ -1324,6 +1325,7 @@
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --without-stackprotect Don't use compiler's stack protection
--without-rpath Disable auto-added -R linker paths
--with-cflags Specify additional flags to pass to compiler
--with-cppflags Specify additional flags to pass to preprocessor
@@ -1349,7 +1351,7 @@
--with-privsep-user=user Specify non-privileged user for privilege separation
--with-sectok Enable smartcard support using libsectok
--with-opensc[=PFX] Enable smartcard support using OpenSC (optionally in PATH)
- --with-selinux Enable SELinux support
+ --with-selinux Enable SELinux support
--with-kerberos5=PATH Enable Kerberos 5 support
--with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
--with-xauth=PATH Specify path to xauth program
@@ -5383,6 +5385,17 @@
fi
+use_stack_protector=1
+
+# Check whether --with-stackprotect was given.
+if test "${with_stackprotect+set}" = set; then
+ withval=$with_stackprotect;
+ if test "x$withval" = "xno"; then
+ use_stack_protector=0
+ fi
+fi
+
+
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
@@ -5393,11 +5406,175 @@
no_attrib_nonnull=1
;;
2.*) no_attrib_nonnull=1 ;;
- 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
- 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
+ 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
+ 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
*) ;;
esac
+ { echo "$as_me:$LINENO: checking if $CC accepts -fno-builtin-memset" >&5
+echo $ECHO_N "checking if $CC accepts -fno-builtin-memset... $ECHO_C" >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <string.h>
+int main(void){char b[10]; memset(b, 0, sizeof(b));}
+
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+
+ # -fstack-protector-all doesn't always work for some GCC versions
+ # and/or platforms, so we test if we can. If it's not supported
+ # on a give platform gcc will emit a warning so we use -Werror.
+ if test "x$use_stack_protector" = "x1"; then
+ for t in -fstack-protector-all -fstack-protector; do
+ { echo "$as_me:$LINENO: checking if $CC supports $t" >&5
+echo $ECHO_N "checking if $CC supports $t... $ECHO_C" >&6; }
+ saved_CFLAGS="$CFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CFLAGS $t -Werror"
+ LDFLAGS="$LDFLAGS $t -Werror"
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdlib.h>
+int main(void){return 0;}
+
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ CFLAGS="$saved_CFLAGS $t"
+ LDFLAGS="$saved_LDFLAGS $t"
+ { echo "$as_me:$LINENO: checking if $t works" >&5
+echo $ECHO_N "checking if $t works... $ECHO_C" >&6; }
+ if test "$cross_compiling" = yes; then
+ { echo "$as_me:$LINENO: WARNING: cross compiling: cannot test" >&5
+echo "$as_me: WARNING: cross compiling: cannot test" >&2;}
+ break
+
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <stdlib.h>
+int main(void){exit(0);}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ break
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ CFLAGS="$saved_CFLAGS"
+ LDFLAGS="$saved_LDFLAGS"
+ done
+ fi
+
if test -z "$have_llong_max"; then
# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
unset ac_cv_have_decl_LLONG_MAX
@@ -5614,6 +5791,9 @@
+
+
+
for ac_header in \
bstring.h \
crypt.h \
@@ -5653,7 +5833,9 @@
sys/cdefs.h \
sys/dir.h \
sys/mman.h \
+ sys/mount.h \
sys/ndir.h \
+ sys/poll.h \
sys/prctl.h \
sys/pstat.h \
sys/select.h \
@@ -5661,6 +5843,7 @@
sys/stream.h \
sys/stropts.h \
sys/strtio.h \
+ sys/statvfs.h \
sys/sysmacros.h \
sys/time.h \
sys/timers.h \
@@ -6761,7 +6944,8 @@
-for ac_func in setauthdb
+
+for ac_func in getgrset setauthdb
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -7094,6 +7278,11 @@
_ACEOF
+cat >>confdefs.h <<\_ACEOF
+#define BROKEN_GLOB 1
+_ACEOF
+
+
cat >>confdefs.h <<_ACEOF
#define BIND_8_COMPAT 1
_ACEOF
@@ -7113,6 +7302,71 @@
#define SSH_TUN_PREPEND_AF 1
_ACEOF
+
+ { echo "$as_me:$LINENO: checking whether AU_IPv4 is declared" >&5
+echo $ECHO_N "checking whether AU_IPv4 is declared... $ECHO_C" >&6; }
+if test "${ac_cv_have_decl_AU_IPv4+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+#ifndef AU_IPv4
+ (void) AU_IPv4;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_have_decl_AU_IPv4=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_have_decl_AU_IPv4=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_AU_IPv4" >&5
+echo "${ECHO_T}$ac_cv_have_decl_AU_IPv4" >&6; }
+if test $ac_cv_have_decl_AU_IPv4 = yes; then
+ :
+else
+
+cat >>confdefs.h <<\_ACEOF
+#define AU_IPv4 0
+_ACEOF
+
+ #include <bsm/audit.h>
+
+fi
+
{ echo "$as_me:$LINENO: checking if we have the Security Authorization Session API" >&5
echo $ECHO_N "checking if we have the Security Authorization Session API... $ECHO_C" >&6; }
cat >conftest.$ac_ext <<_ACEOF
@@ -7224,7 +7478,7 @@
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ;;
+ ;;
*-*-dragonfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
;;
@@ -7569,11 +7823,6 @@
check_for_openpty_ctty_bug=1
cat >>confdefs.h <<\_ACEOF
-#define DONT_TRY_OTHER_AF 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
#define PAM_TTY_KLUDGE 1
_ACEOF
@@ -7773,6 +8022,11 @@
_ACEOF
fi
+
+cat >>confdefs.h <<\_ACEOF
+#define OOM_ADJUST 1
+_ACEOF
+
;;
mips-sony-bsd|mips-sony-newsos4)
@@ -8092,6 +8346,11 @@
fi
+
+cat >>confdefs.h <<\_ACEOF
+#define BROKEN_GLOB 1
+_ACEOF
+
;;
*-*-bsdi*)
cat >>confdefs.h <<\_ACEOF
@@ -8975,6 +9234,11 @@
#define BROKEN_SETREGID 1
_ACEOF
+
+cat >>confdefs.h <<\_ACEOF
+#define BROKEN_READV_COMPARISON 1
+_ACEOF
+
;;
*-*-nto-qnx*)
@@ -9009,6 +9273,11 @@
#define SSHD_ACQUIRES_CTTY 1
_ACEOF
+
+cat >>confdefs.h <<\_ACEOF
+#define BROKEN_SHADOW_EXPIRE 1
+_ACEOF
+
enable_etc_default_login=no # has incompatible /etc/default/login
case "$host" in
*-*-nto-qnx6*)
@@ -11174,7 +11443,8 @@
-for ac_func in logout updwtmp logwtmp
+
+for ac_func in fmt_scaled logout updwtmp logwtmp
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -12315,7 +12585,8 @@
# These are optional
-for ac_func in getaudit_addr
+
+for ac_func in getaudit_addr aug_get_machine
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
{ echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -12522,8 +12793,15 @@
+
+
+
+
+
for ac_func in \
arc4random \
+ arc4random_buf \
+ arc4random_uniform \
asprintf \
b64_ntop \
__b64_ntop \
@@ -12537,6 +12815,7 @@
fchmod \
fchown \
freeaddrinfo \
+ fstatvfs \
futimes \
getaddrinfo \
getcwd \
@@ -12588,6 +12867,8 @@
sigvec \
snprintf \
socketpair \
+ statfs \
+ statvfs \
strdup \
strerror \
strlcat \
@@ -16755,6 +17036,12 @@
#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
SSHDLIBS="$SSHDLIBS -liaf"
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LIBIAF 1
+_ACEOF
+
+
fi
done
@@ -21536,7 +21823,154 @@
fi
+{ echo "$as_me:$LINENO: checking for fsblkcnt_t" >&5
+echo $ECHO_N "checking for fsblkcnt_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_fsblkcnt_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+
+typedef fsblkcnt_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_fsblkcnt_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_fsblkcnt_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_fsblkcnt_t" >&5
+echo "${ECHO_T}$ac_cv_type_fsblkcnt_t" >&6; }
+if test $ac_cv_type_fsblkcnt_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FSBLKCNT_T 1
+_ACEOF
+
+
+fi
+{ echo "$as_me:$LINENO: checking for fsfilcnt_t" >&5
+echo $ECHO_N "checking for fsfilcnt_t... $ECHO_C" >&6; }
+if test "${ac_cv_type_fsfilcnt_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+
+typedef fsfilcnt_t ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_fsfilcnt_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_fsfilcnt_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_fsfilcnt_t" >&5
+echo "${ECHO_T}$ac_cv_type_fsfilcnt_t" >&6; }
+if test $ac_cv_type_fsfilcnt_t = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FSFILCNT_T 1
+_ACEOF
+
+
+fi
+
+
{ echo "$as_me:$LINENO: checking for in_addr_t" >&5
echo $ECHO_N "checking for in_addr_t... $ECHO_C" >&6; }
if test "${ac_cv_type_in_addr_t+set}" = set; then
@@ -23843,6 +24277,60 @@
fi
+{ echo "$as_me:$LINENO: checking if f_fsid has val members" >&5
+echo $ECHO_N "checking if f_fsid has val members... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/statvfs.h>
+int
+main ()
+{
+struct fsid_t t; t.val[0] = 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+
+cat >>confdefs.h <<\_ACEOF
+#define FSID_HAS_VAL 1
+_ACEOF
+
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
{ echo "$as_me:$LINENO: checking for msg_control field in struct msghdr" >&5
echo $ECHO_N "checking for msg_control field in struct msghdr... $ECHO_C" >&6; }
if test "${ac_cv_have_control_in_msghdr+set}" = set; then
@@ -25708,6 +26196,8 @@
echo "${ECHO_T}$ac_cv_lib_selinux_setexeccon" >&6; }
if test $ac_cv_lib_selinux_setexeccon = yes; then
LIBSELINUX="-lselinux"
+ LIBS="$LIBS -lselinux"
+
else
{ { echo "$as_me:$LINENO: error: SELinux support requires libselinux library" >&5
echo "$as_me: error: SELinux support requires libselinux library" >&2;}
@@ -26121,13 +26611,13 @@
fi
- { echo "$as_me:$LINENO: checking for gss_init_sec_context in -lgssapi" >&5
-echo $ECHO_N "checking for gss_init_sec_context in -lgssapi... $ECHO_C" >&6; }
-if test "${ac_cv_lib_gssapi_gss_init_sec_context+set}" = set; then
+ { echo "$as_me:$LINENO: checking for gss_init_sec_context in -lgssapi_krb5" >&5
+echo $ECHO_N "checking for gss_init_sec_context in -lgssapi_krb5... $ECHO_C" >&6; }
+if test "${ac_cv_lib_gssapi_krb5_gss_init_sec_context+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi $K5LIBS $LIBS"
+LIBS="-lgssapi_krb5 $K5LIBS $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
@@ -26168,34 +26658,34 @@
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
- ac_cv_lib_gssapi_gss_init_sec_context=yes
+ ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_lib_gssapi_gss_init_sec_context=no
+ ac_cv_lib_gssapi_krb5_gss_init_sec_context=no
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5
-echo "${ECHO_T}$ac_cv_lib_gssapi_gss_init_sec_context" >&6; }
-if test $ac_cv_lib_gssapi_gss_init_sec_context = yes; then
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5
+echo "${ECHO_T}$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; }
+if test $ac_cv_lib_gssapi_krb5_gss_init_sec_context = yes; then
cat >>confdefs.h <<\_ACEOF
#define GSSAPI 1
_ACEOF
- K5LIBS="-lgssapi $K5LIBS"
+ K5LIBS="-lgssapi_krb5 $K5LIBS"
else
- { echo "$as_me:$LINENO: checking for gss_init_sec_context in -lgssapi_krb5" >&5
-echo $ECHO_N "checking for gss_init_sec_context in -lgssapi_krb5... $ECHO_C" >&6; }
-if test "${ac_cv_lib_gssapi_krb5_gss_init_sec_context+set}" = set; then
+ { echo "$as_me:$LINENO: checking for gss_init_sec_context in -lgssapi" >&5
+echo $ECHO_N "checking for gss_init_sec_context in -lgssapi... $ECHO_C" >&6; }
+if test "${ac_cv_lib_gssapi_gss_init_sec_context+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgssapi_krb5 $K5LIBS $LIBS"
+LIBS="-lgssapi $K5LIBS $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
@@ -26236,26 +26726,26 @@
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
- ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes
+ ac_cv_lib_gssapi_gss_init_sec_context=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_lib_gssapi_krb5_gss_init_sec_context=no
+ ac_cv_lib_gssapi_gss_init_sec_context=no
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5
-echo "${ECHO_T}$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; }
-if test $ac_cv_lib_gssapi_krb5_gss_init_sec_context = yes; then
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5
+echo "${ECHO_T}$ac_cv_lib_gssapi_gss_init_sec_context" >&6; }
+if test $ac_cv_lib_gssapi_gss_init_sec_context = yes; then
cat >>confdefs.h <<\_ACEOF
#define GSSAPI 1
_ACEOF
- K5LIBS="-lgssapi_krb5 $K5LIBS"
+ K5LIBS="-lgssapi $K5LIBS"
else
{ echo "$as_me:$LINENO: WARNING: Cannot find any suitable gss-api library - build may fail" >&5
echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;}
@@ -28525,7 +29015,16 @@
CFLAGS="$CFLAGS $werror_flags"
+if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
+ test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ TEST_SSH_IPV6=no
+else
+ TEST_SSH_IPV6=yes
+
+fi
+
+
ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh"
cat >confcache <<\_ACEOF
@@ -29300,11 +29799,12 @@
mansubdir!$mansubdir$ac_delim
user_path!$user_path$ac_delim
piddir!$piddir$ac_delim
+TEST_SSH_IPV6!$TEST_SSH_IPV6$ac_delim
LIBOBJS!$LIBOBJS$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 12; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/configure.ac 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.383 2007/08/10 04:36:12 dtucker Exp $
+# $Id: configure.ac,v 1.409 2008/07/09 11:07:19 djm Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev at mindrot.org)
-AC_REVISION($Revision: 1.383 $)
+AC_REVISION($Revision: 1.409 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
@@ -90,6 +90,13 @@
AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
+use_stack_protector=1
+AC_ARG_WITH(stackprotect,
+ [ --without-stackprotect Don't use compiler's stack protection], [
+ if test "x$withval" = "xno"; then
+ use_stack_protector=0
+ fi ])
+
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
@@ -100,11 +107,61 @@
no_attrib_nonnull=1
;;
2.*) no_attrib_nonnull=1 ;;
- 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
- 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
+ 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
+ 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
*) ;;
esac
+ AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ AC_LINK_IFELSE( [AC_LANG_SOURCE([[
+#include <string.h>
+int main(void){char b[10]; memset(b, 0, sizeof(b));}
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ CFLAGS="$saved_CFLAGS" ]
+)
+
+ # -fstack-protector-all doesn't always work for some GCC versions
+ # and/or platforms, so we test if we can. If it's not supported
+ # on a give platform gcc will emit a warning so we use -Werror.
+ if test "x$use_stack_protector" = "x1"; then
+ for t in -fstack-protector-all -fstack-protector; do
+ AC_MSG_CHECKING(if $CC supports $t)
+ saved_CFLAGS="$CFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CFLAGS $t -Werror"
+ LDFLAGS="$LDFLAGS $t -Werror"
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdlib.h>
+int main(void){return 0;}
+ ])],
+ [ AC_MSG_RESULT(yes)
+ CFLAGS="$saved_CFLAGS $t"
+ LDFLAGS="$saved_LDFLAGS $t"
+ AC_MSG_CHECKING(if $t works)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdlib.h>
+int main(void){exit(0);}
+ ])],
+ [ AC_MSG_RESULT(yes)
+ break ],
+ [ AC_MSG_RESULT(no) ],
+ [ AC_MSG_WARN([cross compiling: cannot test])
+ break ]
+ )
+ ],
+ [ AC_MSG_RESULT(no) ]
+ )
+ CFLAGS="$saved_CFLAGS"
+ LDFLAGS="$saved_LDFLAGS"
+ done
+ fi
+
if test -z "$have_llong_max"; then
# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
unset ac_cv_have_decl_LLONG_MAX
@@ -222,7 +279,9 @@
sys/cdefs.h \
sys/dir.h \
sys/mman.h \
+ sys/mount.h \
sys/ndir.h \
+ sys/poll.h \
sys/prctl.h \
sys/pstat.h \
sys/select.h \
@@ -230,6 +289,7 @@
sys/stream.h \
sys/stropts.h \
sys/strtio.h \
+ sys/statvfs.h \
sys/sysmacros.h \
sys/time.h \
sys/timers.h \
@@ -343,7 +403,7 @@
[],
[#include <usersec.h>]
)
- AC_CHECK_FUNCS(setauthdb)
+ AC_CHECK_FUNCS(getgrset setauthdb)
AC_CHECK_DECL(F_CLOSEM,
AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
[],
@@ -405,6 +465,7 @@
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
[Define if your resolver libs need this for getrrsetbyname])
AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
@@ -412,6 +473,11 @@
[Use tunnel device compatibility to OpenBSD])
AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
[Prepend the address family to IP tunnel traffic])
+ m4_pattern_allow(AU_IPv)
+ AC_CHECK_DECL(AU_IPv4, [],
+ AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
+ [#include <bsm/audit.h>]
+ )
AC_MSG_CHECKING(if we have the Security Authorization Session API)
AC_TRY_COMPILE([#include <Security/AuthSession.h>],
[SessionCreate(0, 0);],
@@ -436,7 +502,7 @@
fi],
[AC_MSG_RESULT(no)]
)
- ;;
+ ;;
*-*-dragonfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
;;
@@ -531,7 +597,6 @@
no_dev_ptmx=1
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
- AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
AC_DEFINE(PAM_TTY_KLUDGE, 1,
[Work around problematic Linux PAM modules handling of PAM_TTY])
AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
@@ -582,6 +647,7 @@
AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
AC_CHECK_HEADER([net/if_tap.h], ,
AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
+ AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
;;
*-*-bsdi*)
AC_DEFINE(SETEUID_BREAKS_SETUID)
@@ -808,6 +874,7 @@
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
;;
*-*-nto-qnx*)
@@ -818,6 +885,7 @@
AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
AC_DEFINE(DISABLE_LASTLOG)
AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
enable_etc_default_login=no # has incompatible /etc/default/login
case "$host" in
*-*-nto-qnx6*)
@@ -1013,7 +1081,7 @@
AC_CHECK_HEADERS(libutil.h)
AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
[Define if your libraries define login()])])
-AC_CHECK_FUNCS(logout updwtmp logwtmp)
+AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
AC_FUNC_STRFTIME
@@ -1247,7 +1315,7 @@
AC_CHECK_FUNCS(getaudit, [],
[AC_MSG_ERROR(BSM enabled and required function not found)])
# These are optional
- AC_CHECK_FUNCS(getaudit_addr)
+ AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
;;
debug)
@@ -1267,6 +1335,8 @@
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS( \
arc4random \
+ arc4random_buf \
+ arc4random_uniform \
asprintf \
b64_ntop \
__b64_ntop \
@@ -1280,6 +1350,7 @@
fchmod \
fchown \
freeaddrinfo \
+ fstatvfs \
futimes \
getaddrinfo \
getcwd \
@@ -1331,6 +1402,8 @@
sigvec \
snprintf \
socketpair \
+ statfs \
+ statvfs \
strdup \
strerror \
strlcat \
@@ -2037,7 +2110,10 @@
saved_LIBS="$LIBS"
AC_CHECK_LIB(iaf, ia_openinfo, [
LIBS="$LIBS -liaf"
- AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
+ AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
+ AC_DEFINE(HAVE_LIBIAF, 1,
+ [Define if system has libiaf that supports set_id])
+ ])
])
LIBS="$saved_LIBS"
@@ -2621,6 +2697,18 @@
TYPE_SOCKLEN_T
AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+])
AC_CHECK_TYPES(in_addr_t,,,
[#include <sys/types.h>
@@ -2983,6 +3071,16 @@
file descriptor passing])
fi
+AC_MSG_CHECKING(if f_fsid has val members)
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/statvfs.h>],
+[struct fsid_t t; t.val[0] = 0;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
+ [ AC_MSG_RESULT(no) ]
+)
+
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
AC_COMPILE_IFELSE(
@@ -3234,7 +3332,7 @@
SELINUX_MSG="no"
LIBSELINUX=""
AC_ARG_WITH(selinux,
- [ --with-selinux Enable SELinux support],
+ [ --with-selinux Enable SELinux support],
[ if test "x$withval" != "xno" ; then
save_LIBS="$LIBS"
AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
@@ -3314,12 +3412,12 @@
)
AC_SEARCH_LIBS(dn_expand, resolv)
- AC_CHECK_LIB(gssapi,gss_init_sec_context,
+ AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi $K5LIBS" ],
- [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
+ K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ K5LIBS="-lgssapi $K5LIBS" ],
AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
$K5LIBS)
],
@@ -4018,6 +4116,13 @@
dnl Add now.
CFLAGS="$CFLAGS $werror_flags"
+if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
+ test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ AC_SUBST(TEST_SSH_IPV6, no)
+else
+ AC_SUBST(TEST_SSH_IPV6, yes)
+fi
+
AC_EXEEXT
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
openbsd-compat/Makefile openbsd-compat/regress/Makefile \
Modified: trunk/contrib/caldera/openssh.spec
===================================================================
--- trunk/contrib/caldera/openssh.spec 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/contrib/caldera/openssh.spec 2009-06-23 21:31:15 UTC (rev 57)
@@ -17,11 +17,11 @@
#old cvs stuff. please update before use. may be deprecated.
%define use_stable 1
%if %{use_stable}
- %define version 4.7p1
+ %define version 5.1p1
%define cvs %{nil}
%define release 1
%else
- %define version 4.1p1
+ %define version 5.1p1
%define cvs cvs20050315
%define release 0r1
%endif
@@ -342,6 +342,7 @@
%config %{SVIcdir}/sshd
%{_libexecdir}/sftp-server
%{_sbindir}/sshd
+%{_mandir}/man5/moduli.5.gz
%{_mandir}/man5/sshd_config.5.gz
%{_mandir}/man8/sftp-server.8.gz
%{_mandir}/man8/sshd.8.gz
@@ -357,4 +358,4 @@
* Mon Jan 01 1998 ...
Template Version: 1.31
-$Id: openssh.spec,v 1.61 2007/08/15 09:22:20 dtucker Exp $
+$Id: openssh.spec,v 1.65 2008/07/21 08:21:53 djm Exp $
Modified: trunk/contrib/cygwin/Makefile
===================================================================
--- trunk/contrib/cygwin/Makefile 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/contrib/cygwin/Makefile 2009-06-23 21:31:15 UTC (rev 57)
@@ -8,6 +8,7 @@
cygdocdir=$(docdir)/Cygwin
sysconfdir=/etc
defaultsdir=$(sysconfdir)/defaults/etc
+inetdefdir=$(defaultsdir)/inetd.d
PRIVSEP_PATH=/var/empty
INSTALL=/usr/bin/install -c
@@ -27,6 +28,10 @@
remove-empty-dir:
rm -rf $(DESTDIR)$(PRIVSEP_PATH)
+install-inetd-config:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(inetdefdir)
+ $(INSTALL) -m 644 sshd-inetd $(DESTDIR)$(inetdefdir)/sshd-inetd
+
install-sshdoc:
$(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
@@ -52,5 +57,5 @@
$(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
$(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
-cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts
+cygwin-postinstall: move-config-files remove-empty-dir install-inetd-config install-doc install-scripts
@echo "Cygwin specific configuration finished."
Modified: trunk/contrib/cygwin/ssh-host-config
===================================================================
--- trunk/contrib/cygwin/ssh-host-config 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/contrib/cygwin/ssh-host-config 2009-06-23 21:31:15 UTC (rev 57)
@@ -4,6 +4,15 @@
#
# This file is part of the Cygwin port of OpenSSH.
+# ======================================================================
+# Initialization
+# ======================================================================
+PROGNAME=$(basename $0)
+_tdir=$(dirname $0)
+PROGDIR=$(cd $_tdir && pwd)
+
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+
# Subdirectory where the new package is being installed
PREFIX=/usr
@@ -11,43 +20,371 @@
SYSCONFDIR=/etc
LOCALSTATEDIR=/var
-progname=$0
-auto_answer=""
-port_number=22
+source ${CSIH_SCRIPT}
+port_number=22
privsep_configured=no
privsep_used=yes
-sshd_in_passwd=no
-sshd_in_sam=no
+cygwin_value="ntsec"
+password_value=
-request()
-{
- if [ "${auto_answer}" = "yes" ]
+# ======================================================================
+# Routine: create_host_keys
+# ======================================================================
+create_host_keys() {
+ if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
then
- echo "$1 (yes/no) yes"
- return 0
- elif [ "${auto_answer}" = "no" ]
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
+ ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
then
- echo "$1 (yes/no) no"
- return 1
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
+ ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
+ ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
+ fi
+} # --- End of create_host_keys --- #
- answer=""
- while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
- do
- echo -n "$1 (yes/no) "
- read -e answer
- done
- if [ "X${answer}" = "Xyes" ]
+# ======================================================================
+# Routine: update_services_file
+# ======================================================================
+update_services_file() {
+ local _my_etcdir="/ssh-host-config.$$"
+ local _win_etcdir
+ local _services
+ local _spaces
+ local _serv_tmp
+ local _wservices
+
+ if csih_is_nt
then
- return 0
+ _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
+ _services="${_my_etcdir}/services"
+ # On NT, 27 spaces, no space after the hash
+ _spaces=" #"
else
- return 1
+ _win_etcdir="${WINDIR}"
+ _services="${_my_etcdir}/SERVICES"
+ # On 9x, 18 spaces (95 is very touchy), a space after the hash
+ _spaces=" # "
fi
-}
+ _serv_tmp="${_my_etcdir}/srv.out.$$"
+
+ mount -t -f "${_win_etcdir}" "${_my_etcdir}"
+
+ # Depends on the above mount
+ _wservices=`cygpath -w "${_services}"`
+
+ # Remove sshd 22/port from services
+ if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
+ then
+ grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
+ if [ -f "${_serv_tmp}" ]
+ then
+ if mv "${_serv_tmp}" "${_services}"
+ then
+ csih_inform "Removing sshd from ${_wservices}"
+ else
+ csih_warning "Removing sshd from ${_wservices} failed!"
+ fi
+ rm -f "${_serv_tmp}"
+ else
+ csih_warning "Removing sshd from ${_wservices} failed!"
+ fi
+ fi
+
+ # Add ssh 22/tcp and ssh 22/udp to services
+ if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
+ then
+ if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
+ then
+ if mv "${_serv_tmp}" "${_services}"
+ then
+ csih_inform "Added ssh to ${_wservices}"
+ else
+ csih_warning "Adding ssh to ${_wservices} failed!"
+ fi
+ rm -f "${_serv_tmp}"
+ else
+ csih_warning "Adding ssh to ${_wservices} failed!"
+ fi
+ fi
+ umount "${_my_etcdir}"
+} # --- End of update_services_file --- #
-# Check options
+# ======================================================================
+# Routine: sshd_privsep
+# MODIFIES: privsep_configured privsep_used
+# ======================================================================
+sshd_privsep() {
+ local sshdconfig_tmp
+ if [ "${privsep_configured}" != "yes" ]
+ then
+ if csih_is_nt
+ then
+ csih_inform "Privilege separation is set to yes by default since OpenSSH 3.3."
+ csih_inform "However, this requires a non-privileged account called 'sshd'."
+ csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
+ if csih_request "Should privilege separation be used?"
+ then
+ privsep_used=yes
+ if ! csih_create_unprivileged_user sshd
+ then
+ csih_warning "Couldn't create user 'sshd'!"
+ csih_warning "Privilege separation set to 'no' again!"
+ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
+ privsep_used=no
+ fi
+ else
+ privsep_used=no
+ fi
+ else
+ # On 9x don't use privilege separation. Since security isn't
+ # available it just adds useless additional processes.
+ privsep_used=no
+ fi
+ fi
+
+ # Create default sshd_config from skeleton files in /etc/defaults/etc or
+ # modify to add the missing privsep configuration option
+ if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
+ then
+ csih_inform "Updating ${SYSCONFDIR}/sshd_config file"
+ sshdconfig_tmp=${SYSCONFDIR}/sshd_config.$$
+ sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
+ s/^#Port 22/Port ${port_number}/
+ s/^#StrictModes yes/StrictModes no/" \
+ < ${SYSCONFDIR}/sshd_config \
+ > "${sshdconfig_tmp}"
+ mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config
+ elif [ "${privsep_configured}" != "yes" ]
+ then
+ echo >> ${SYSCONFDIR}/sshd_config
+ echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
+ fi
+} # --- End of sshd_privsep --- #
+
+# ======================================================================
+# Routine: update_inetd_conf
+# ======================================================================
+update_inetd_conf() {
+ local _inetcnf="${SYSCONFDIR}/inetd.conf"
+ local _inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
+ local _inetcnf_dir="${SYSCONFDIR}/inetd.d"
+ local _sshd_inetd_conf="${_inetcnf_dir}/sshd-inetd"
+ local _sshd_inetd_conf_tmp="${_inetcnf_dir}/sshd-inetd.$$"
+ local _with_comment=1
+
+ if [ -d "${_inetcnf_dir}" ]
+ then
+ # we have inetutils-1.5 inetd.d support
+ if [ -f "${_inetcnf}" ]
+ then
+ grep -q '^[ \t]*ssh' "${_inetcnf}" && _with_comment=0
+
+ # check for sshd OR ssh in top-level inetd.conf file, and remove
+ # will be replaced by a file in inetd.d/
+ if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ]
+ then
+ grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
+ if [ -f "${_inetcnf_tmp}" ]
+ then
+ if mv "${_inetcnf_tmp}" "${_inetcnf}"
+ then
+ csih_inform "Removed ssh[d] from ${_inetcnf}"
+ else
+ csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
+ fi
+ rm -f "${_inetcnf_tmp}"
+ else
+ csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
+ fi
+ fi
+ fi
+
+ csih_install_config "${_sshd_inetd_conf}" "${SYSCONFDIR}/defaults"
+ if cmp "${SYSCONFDIR}/defaults${_sshd_inetd_conf}" "${_sshd_inetd_conf}" >/dev/null 2>&1
+ then
+ if [ "${_with_comment}" -eq 0 ]
+ then
+ sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+ else
+ sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+ fi
+ mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}"
+ csih_inform "Updated ${_sshd_inetd_conf}"
+ fi
+
+ elif [ -f "${_inetcnf}" ]
+ then
+ grep -q '^[ \t]*sshd' "${_inetcnf}" && _with_comment=0
+
+ # check for sshd in top-level inetd.conf file, and remove
+ # will be replaced by a file in inetd.d/
+ if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
+ then
+ grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
+ if [ -f "${_inetcnf_tmp}" ]
+ then
+ if mv "${_inetcnf_tmp}" "${_inetcnf}"
+ then
+ csih_inform "Removed sshd from ${_inetcnf}"
+ else
+ csih_warning "Removing sshd from ${_inetcnf} failed!"
+ fi
+ rm -f "${_inetcnf_tmp}"
+ else
+ csih_warning "Removing sshd from ${_inetcnf} failed!"
+ fi
+ fi
+
+ # Add ssh line to inetd.conf
+ if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
+ then
+ if [ "${_with_comment}" -eq 0 ]
+ then
+ echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+ else
+ echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+ fi
+ csih_inform "Added ssh to ${_inetcnf}"
+ fi
+ fi
+} # --- End of update_inetd_conf --- #
+
+# ======================================================================
+# Routine: install_service
+# Install sshd as a service
+# ======================================================================
+install_service() {
+ local run_service_as
+ local password
+
+ if csih_is_nt
+ then
+ if ! cygrunsrv -Q sshd >/dev/null 2>&1
+ then
+ echo
+ echo
+ csih_warning "The following functions require administrator privileges!"
+ echo
+ echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
+ if csih_request "(Say \"no\" if it is already installed as a service)"
+ then
+ csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\""
+ csih_inform "for sshd to be able to change user context without password."
+ csih_get_cygenv "${cygwin_value}"
+
+ if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+ then
+ csih_inform "On Windows Server 2003, Windows Vista, and above, the"
+ csih_inform "SYSTEM account cannot setuid to other users -- a capability"
+ csih_inform "sshd requires. You need to have or to create a privileged"
+ csih_inform "account. This script will help you do so."
+ echo
+ if ! csih_create_privileged_user "${password_value}"
+ then
+ csih_error_recoverable "There was a serious problem creating a privileged user."
+ csih_request "Do you want to proceed anyway?" || exit 1
+ fi
+ fi
+
+ # never returns empty if NT or above
+ run_service_as=$(csih_service_should_run_as)
+
+ if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
+ then
+ password="${csih_PRIVILEGED_PASSWORD}"
+ if [ -z "${password}" ]
+ then
+ csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
+ password="${csih_value}"
+ fi
+ fi
+
+ # at this point, we either have $run_service_as = "system" and $password is empty,
+ # or $run_service_as is some privileged user and (hopefully) $password contains
+ # the correct password. So, from here out, we use '-z "${password}"' to discriminate
+ # the two cases.
+
+ csih_check_user "${run_service_as}"
+
+ if [ -z "${password}" ]
+ then
+ if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \
+ -e CYGWIN="${csih_cygenv}"
+ then
+ echo
+ csih_inform "The sshd service has been installed under the LocalSystem"
+ csih_inform "account (also known as SYSTEM). To start the service now, call"
+ csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
+ csih_inform "will start automatically after the next reboot."
+ fi
+ else
+ if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \
+ -e CYGWIN="${csih_cygenv}" -u "${run_service_as}" -w "${password}"
+ then
+ echo
+ csih_inform "The sshd service has been installed under the '${run_service_as}'"
+ csih_inform "account. To start the service now, call \`net start sshd' or"
+ csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
+ csih_inform "after the next reboot."
+ fi
+ fi
+
+ # now, if successfully installed, set ownership of the affected files
+ if cygrunsrv -Q sshd >/dev/null 2>&1
+ then
+ chown "${run_service_as}" ${SYSCONFDIR}/ssh*
+ chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
+ chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
+ if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
+ then
+ chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log
+ fi
+ else
+ csih_warning "Something went wrong installing the sshd service."
+ fi
+ fi # user allowed us to install as service
+ fi # service not yet installed
+ fi # csih_is_nt
+} # --- End of install_service --- #
+
+# ======================================================================
+# Main Entry Point
+# ======================================================================
+
+# Check how the script has been started. If
+# (1) it has been started by giving the full path and
+# that path is /etc/postinstall, OR
+# (2) Otherwise, if the environment variable
+# SSH_HOST_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no". This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist. In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+fi
+if [ -n "${SSH_HOST_CONFIG_AUTO_ANSWER_NO}" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+fi
+
+# ======================================================================
+# Parse options
+# ======================================================================
while :
do
case $# in
@@ -62,14 +399,15 @@
case "${option}" in
-d | --debug )
set -x
+ csih_trace_on
;;
-y | --yes )
- auto_answer=yes
+ csih_auto_answer=yes
;;
-n | --no )
- auto_answer=no
+ csih_auto_answer=no
;;
-c | --cygwin )
@@ -87,6 +425,10 @@
shift
;;
+ --privileged )
+ csih_FORCE_PRIVILEGED_USER=yes
+ ;;
+
*)
echo "usage: ${progname} [OPTION]..."
echo
@@ -98,7 +440,9 @@
echo " --no -n Answer all questions with \"no\" automatically."
echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
echo " --port -p <n> sshd listens on port n."
- echo " --pwd -w <passwd> Use \"pwd\" as password for user 'sshd_server'."
+ echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user."
+ echo " --privileged On Windows NT/2k/XP, require privileged user"
+ echo " instead of LocalSystem for sshd service."
echo
exit 1
;;
@@ -106,73 +450,34 @@
esac
done
-# Check if running on NT
-_sys="`uname`"
-_nt=`expr "${_sys}" : "CYGWIN_NT"`
-# If running on NT, check if running under 2003 Server or later
-if [ ${_nt} -gt 0 ]
-then
- _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
-fi
+# ======================================================================
+# Action!
+# ======================================================================
# Check for running ssh/sshd processes first. Refuse to do anything while
# some ssh processes are still running
-
if ps -ef | grep -v grep | grep -q ssh
then
echo
- echo "There are still ssh processes running. Please shut them down first."
- echo
- exit 1
+ csih_error "There are still ssh processes running. Please shut them down first."
fi
# Check for ${SYSCONFDIR} directory
+csih_make_dir "${SYSCONFDIR}" "Cannot create global configuration files."
+chmod 775 "${SYSCONFDIR}"
+setfacl -m u:system:rwx "${SYSCONFDIR}"
-if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
-then
- echo
- echo "${SYSCONFDIR} is existant but not a directory."
- echo "Cannot create global configuration files."
- echo
- exit 1
-fi
+# Check for /var/log directory
+csih_make_dir "${LOCALSTATEDIR}/log" "Cannot create log directory."
+chmod 775 "${LOCALSTATEDIR}/log"
+setfacl -m u:system:rwx "${LOCALSTATEDIR}/log"
-# Create it if necessary
-
-if [ ! -e "${SYSCONFDIR}" ]
-then
- mkdir "${SYSCONFDIR}"
- if [ ! -e "${SYSCONFDIR}" ]
- then
- echo
- echo "Creating ${SYSCONFDIR} directory failed"
- echo
- exit 1
- fi
-fi
-
-# Create /var/log and /var/log/lastlog if not already existing
-
-if [ -e ${LOCALSTATEDIR}/log -a ! -d ${LOCALSTATEDIR}/log ]
-then
- echo
- echo "${LOCALSTATEDIR}/log is existant but not a directory."
- echo "Cannot create ssh host configuration."
- echo
- exit 1
-fi
-if [ ! -e ${LOCALSTATEDIR}/log ]
-then
- mkdir -p ${LOCALSTATEDIR}/log
-fi
-
+# Create /var/log/lastlog if not already exists
if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
then
echo
- echo "${LOCALSTATEDIR}/log/lastlog exists, but is not a file."
- echo "Cannot create ssh host configuration."
- echo
- exit 1
+ csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \
+ "Cannot create ssh host configuration."
fi
if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
then
@@ -181,431 +486,44 @@
fi
# Create /var/empty file used as chroot jail for privilege separation
-if [ -f ${LOCALSTATEDIR}/empty ]
-then
- echo "Creating ${LOCALSTATEDIR}/empty failed!"
-else
- mkdir -p ${LOCALSTATEDIR}/empty
- if [ ${_nt} -gt 0 ]
- then
- chmod 755 ${LOCALSTATEDIR}/empty
- fi
-fi
+csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create log directory."
+chmod 755 "${LOCALSTATEDIR}/empty"
+setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty"
-# First generate host keys if not already existing
+# host keys
+create_host_keys
-if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
-then
- echo "Generating ${SYSCONFDIR}/ssh_host_key"
- ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
-fi
+# use 'cmp' program to determine if a config file is identical
+# to the default version of that config file
+csih_check_program_or_error cmp diffutils
-if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
-then
- echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
- ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
-fi
-if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
+# handle ssh_config
+csih_install_config "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults"
+if cmp "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/ssh_config" >/dev/null 2>&1
then
- echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
- ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
-fi
-
-# Check if ssh_config exists. If yes, ask for overwriting
-
-if [ -f "${SYSCONFDIR}/ssh_config" ]
-then
- if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
- then
- rm -f "${SYSCONFDIR}/ssh_config"
- if [ -f "${SYSCONFDIR}/ssh_config" ]
- then
- echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
- fi
- fi
-fi
-
-# Create default ssh_config from skeleton file in /etc/defaults/etc
-
-if [ ! -f "${SYSCONFDIR}/ssh_config" ]
-then
- echo "Generating ${SYSCONFDIR}/ssh_config file"
- cp ${SYSCONFDIR}/defaults/etc/ssh_config ${SYSCONFDIR}/ssh_config
if [ "${port_number}" != "22" ]
then
+ csih_inform "Updating ${SYSCONFDIR}/ssh_config file with requested port"
echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config
fi
fi
-# Check if sshd_config exists. If yes, ask for overwriting
-
-if [ -f "${SYSCONFDIR}/sshd_config" ]
+# handle sshd_config (and privsep)
+csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults"
+if ! cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
then
- if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
- then
- rm -f "${SYSCONFDIR}/sshd_config"
- if [ -f "${SYSCONFDIR}/sshd_config" ]
- then
- echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
- fi
- else
- grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
- fi
+ grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
fi
+sshd_privsep
-# Prior to creating or modifying sshd_config, care for privilege separation
-if [ "${privsep_configured}" != "yes" ]
-then
- if [ ${_nt} -gt 0 ]
- then
- echo "Privilege separation is set to yes by default since OpenSSH 3.3."
- echo "However, this requires a non-privileged account called 'sshd'."
- echo "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
- echo
- if request "Should privilege separation be used?"
- then
- privsep_used=yes
- grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
- net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
- if [ "${sshd_in_passwd}" != "yes" ]
- then
- if [ "${sshd_in_sam}" != "yes" ]
- then
- echo "Warning: The following function requires administrator privileges!"
- if request "Should this script create a local user 'sshd' on this machine?"
- then
- dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
- net user sshd /add /fullname:"sshd privsep" "/homedir:${dos_var_empty}" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
- if [ "${sshd_in_sam}" != "yes" ]
- then
- echo "Warning: Creating the user 'sshd' failed!"
- fi
- fi
- fi
- if [ "${sshd_in_sam}" != "yes" ]
- then
- echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
- echo " Privilege separation set to 'no' again!"
- echo " Check your ${SYSCONFDIR}/sshd_config file!"
- privsep_used=no
- else
- mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
- fi
- fi
- else
- privsep_used=no
- fi
- else
- # On 9x don't use privilege separation. Since security isn't
- # available it just adds useless additional processes.
- privsep_used=no
- fi
-fi
-# Create default sshd_config from skeleton files in /etc/defaults/etc or
-# modify to add the missing privsep configuration option
+update_services_file
+update_inetd_conf
+install_service
-if [ ! -f "${SYSCONFDIR}/sshd_config" ]
-then
- echo "Generating ${SYSCONFDIR}/sshd_config file"
- sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
- s/^#Port 22/Port ${port_number}/
- s/^#StrictModes yes/StrictModes no/" \
- < ${SYSCONFDIR}/defaults/etc/sshd_config \
- > ${SYSCONFDIR}/sshd_config
-elif [ "${privsep_configured}" != "yes" ]
-then
- echo >> ${SYSCONFDIR}/sshd_config
- echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
-fi
-
-# Care for services file
-_my_etcdir="/ssh-host-config.$$"
-if [ ${_nt} -gt 0 ]
-then
- _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
- _services="${_my_etcdir}/services"
- # On NT, 27 spaces, no space after the hash
- _spaces=" #"
-else
- _win_etcdir="${WINDIR}"
- _services="${_my_etcdir}/SERVICES"
- # On 9x, 18 spaces (95 is very touchy), a space after the hash
- _spaces=" # "
-fi
-_serv_tmp="${_my_etcdir}/srv.out.$$"
-
-mount -t -f "${_win_etcdir}" "${_my_etcdir}"
-
-# Depends on the above mount
-_wservices=`cygpath -w "${_services}"`
-
-# Remove sshd 22/port from services
-if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
-then
- grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
- if [ -f "${_serv_tmp}" ]
- then
- if mv "${_serv_tmp}" "${_services}"
- then
- echo "Removing sshd from ${_wservices}"
- else
- echo "Removing sshd from ${_wservices} failed!"
- fi
- rm -f "${_serv_tmp}"
- else
- echo "Removing sshd from ${_wservices} failed!"
- fi
-fi
-
-# Add ssh 22/tcp and ssh 22/udp to services
-if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
-then
- if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
- then
- if mv "${_serv_tmp}" "${_services}"
- then
- echo "Added ssh to ${_wservices}"
- else
- echo "Adding ssh to ${_wservices} failed!"
- fi
- rm -f "${_serv_tmp}"
- else
- echo "WARNING: Adding ssh to ${_wservices} failed!"
- fi
-fi
-
-umount "${_my_etcdir}"
-
-# Care for inetd.conf file
-_inetcnf="${SYSCONFDIR}/inetd.conf"
-_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
-
-if [ -f "${_inetcnf}" ]
-then
- # Check if ssh service is already in use as sshd
- with_comment=1
- grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
- # Remove sshd line from inetd.conf
- if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
- then
- grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
- if [ -f "${_inetcnf_tmp}" ]
- then
- if mv "${_inetcnf_tmp}" "${_inetcnf}"
- then
- echo "Removed sshd from ${_inetcnf}"
- else
- echo "Removing sshd from ${_inetcnf} failed!"
- fi
- rm -f "${_inetcnf_tmp}"
- else
- echo "Removing sshd from ${_inetcnf} failed!"
- fi
- fi
-
- # Add ssh line to inetd.conf
- if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
- then
- if [ "${with_comment}" -eq 0 ]
- then
- echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
- else
- echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
- fi
- echo "Added ssh to ${_inetcnf}"
- fi
-fi
-
-# On NT ask if sshd should be installed as service
-if [ ${_nt} -gt 0 ]
-then
- # But only if it is not already installed
- if ! cygrunsrv -Q sshd > /dev/null 2>&1
- then
- echo
- echo
- echo "Warning: The following functions require administrator privileges!"
- echo
- echo "Do you want to install sshd as service?"
- if request "(Say \"no\" if it's already installed as service)"
- then
- if [ $_nt2003 -gt 0 ]
- then
- grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && sshd_server_in_passwd=yes
- if [ "${sshd_server_in_passwd}" = "yes" ]
- then
- # Drop sshd_server from passwd since it could have wrong settings
- grep -v '^sshd_server:' ${SYSCONFDIR}/passwd > ${SYSCONFDIR}/passwd.$$
- rm -f ${SYSCONFDIR}/passwd
- mv ${SYSCONFDIR}/passwd.$$ ${SYSCONFDIR}/passwd
- chmod g-w,o-w ${SYSCONFDIR}/passwd
- fi
- net user sshd_server >/dev/null 2>&1 && sshd_server_in_sam=yes
- if [ "${sshd_server_in_sam}" != "yes" ]
- then
- echo
- echo "You appear to be running Windows 2003 Server or later. On 2003 and"
- echo "later systems, it's not possible to use the LocalSystem account"
- echo "if sshd should allow passwordless logon (e. g. public key authentication)."
- echo "If you want to enable that functionality, it's required to create a new"
- echo "account 'sshd_server' with special privileges, which is then used to run"
- echo "the sshd service under."
- echo
- echo "Should this script create a new local account 'sshd_server' which has"
- if request "the required privileges?"
- then
- _admingroup=`mkgroup -l | awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' `
- if [ -z "${_admingroup}" ]
- then
- echo "mkgroup -l produces no group with SID S-1-5-32-544 (Local administrators group)."
- exit 1
- fi
- dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
- while [ "${sshd_server_in_sam}" != "yes" ]
- do
- if [ -n "${password_value}" ]
- then
- _password="${password_value}"
- # Allow to ask for password if first try fails
- password_value=""
- else
- echo
- echo "Please enter a password for new user 'sshd_server'. Please be sure that"
- echo "this password matches the password rules given on your system."
- echo -n "Entering no password will exit the configuration. PASSWORD="
- read -e _password
- if [ -z "${_password}" ]
- then
- echo
- echo "Exiting configuration. No user sshd_server has been created,"
- echo "no sshd service installed."
- exit 1
- fi
- fi
- net user sshd_server "${_password}" /add /fullname:"sshd server account" "/homedir:${dos_var_empty}" /yes > /tmp/nu.$$ 2>&1 && sshd_server_in_sam=yes
- if [ "${sshd_server_in_sam}" != "yes" ]
- then
- echo "Creating the user 'sshd_server' failed! Reason:"
- cat /tmp/nu.$$
- rm /tmp/nu.$$
- fi
- done
- net localgroup "${_admingroup}" sshd_server /add > /dev/null 2>&1 && sshd_server_in_admingroup=yes
- if [ "${sshd_server_in_admingroup}" != "yes" ]
- then
- echo "WARNING: Adding user sshd_server to local group ${_admingroup} failed!"
- echo "Please add sshd_server to local group ${_admingroup} before"
- echo "starting the sshd service!"
- echo
- fi
- passwd_has_expiry_flags=`passwd -v | awk '/^passwd /{print ( $3 >= 1.5 ) ? "yes" : "no";}'`
- if [ "${passwd_has_expiry_flags}" != "yes" ]
- then
- echo
- echo "WARNING: User sshd_server has password expiry set to system default."
- echo "Please check that password never expires or set it to your needs."
- elif ! passwd -e sshd_server
- then
- echo
- echo "WARNING: Setting password expiry for user sshd_server failed!"
- echo "Please check that password never expires or set it to your needs."
- fi
- editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
- editrights -a SeCreateTokenPrivilege -u sshd_server &&
- editrights -a SeTcbPrivilege -u sshd_server &&
- editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
- editrights -a SeDenyNetworkLogonRight -u sshd_server &&
- editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server &&
- editrights -a SeIncreaseQuotaPrivilege -u sshd_server &&
- editrights -a SeServiceLogonRight -u sshd_server &&
- sshd_server_got_all_rights="yes"
- if [ "${sshd_server_got_all_rights}" != "yes" ]
- then
- echo
- echo "Assigning the appropriate privileges to user 'sshd_server' failed!"
- echo "Can't create sshd service!"
- exit 1
- fi
- echo
- echo "User 'sshd_server' has been created with password '${_password}'."
- echo "If you change the password, please keep in mind to change the password"
- echo "for the sshd service, too."
- echo
- echo "Also keep in mind that the user sshd_server needs read permissions on all"
- echo "users' .ssh/authorized_keys file to allow public key authentication for"
- echo "these users!. (Re-)running ssh-user-config for each user will set the"
- echo "required permissions correctly."
- echo
- fi
- fi
- if [ "${sshd_server_in_sam}" = "yes" ]
- then
- mkpasswd -l -u sshd_server | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
- fi
- fi
- if [ -n "${cygwin_value}" ]
- then
- _cygwin="${cygwin_value}"
- else
- echo
- echo "Which value should the environment variable CYGWIN have when"
- echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
- echo "able to change user context without password."
- echo -n "Default is \"ntsec\". CYGWIN="
- read -e _cygwin
- fi
- [ -z "${_cygwin}" ] && _cygwin="ntsec"
- if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
- then
- if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}" -y tcpip
- then
- echo
- echo "The service has been installed under sshd_server account."
- echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
- fi
- else
- if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" -y tcpip
- then
- echo
- echo "The service has been installed under LocalSystem account."
- echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
- fi
- fi
- fi
- # Now check if sshd has been successfully installed. This allows to
- # set the ownership of the affected files correctly.
- if cygrunsrv -Q sshd > /dev/null 2>&1
- then
- if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
- then
- _user="sshd_server"
- else
- _user="system"
- fi
- chown "${_user}" ${SYSCONFDIR}/ssh*
- chown "${_user}".544 ${LOCALSTATEDIR}/empty
- chown "${_user}".544 ${LOCALSTATEDIR}/log/lastlog
- if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
- then
- chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log
- fi
- fi
- if ! ( mount | egrep -q 'on /(|usr/(bin|lib)) type system' )
- then
- echo
- echo "Warning: It appears that you have user mode mounts (\"Just me\""
- echo "chosen during install.) Any daemons installed as services will"
- echo "fail to function unless system mounts are used. To change this,"
- echo "re-run setup.exe and choose \"All users\"."
- echo
- echo "For more information, see http://cygwin.com/faq/faq0.html#TOC33"
- fi
- fi
-fi
-
echo
-echo "Host configuration finished. Have fun!"
+csih_inform "Host configuration finished. Have fun!"
+
Modified: trunk/contrib/cygwin/ssh-user-config
===================================================================
--- trunk/contrib/cygwin/ssh-user-config 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/contrib/cygwin/ssh-user-config 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,52 +1,235 @@
-#!/bin/sh
+#!/bin/bash
#
# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
+# ======================================================================
+# Initialization
+# ======================================================================
+PROGNAME=$(basename -- $0)
+_tdir=$(dirname -- $0)
+PROGDIR=$(cd $_tdir && pwd)
+
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
# Directory where the config files are stored
SYSCONFDIR=/etc
-progname=$0
-auto_answer=""
+source ${CSIH_SCRIPT}
+
auto_passphrase="no"
passphrase=""
+pwdhome=
+with_passphrase=
-request()
-{
- if [ "${auto_answer}" = "yes" ]
+# ======================================================================
+# Routine: create_ssh1_identity
+# optionally create ~/.ssh/identity[.pub]
+# optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_ssh1_identity() {
+ if [ ! -f "${pwdhome}/.ssh/identity" ]
then
- return 0
- elif [ "${auto_answer}" = "no" ]
+ if csih_request "Shall I create an SSH1 RSA identity file for you?"
+ then
+ csih_inform "Generating ${pwdhome}/.ssh/identity"
+ if [ "${with_passphrase}" = "yes" ]
+ then
+ ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
+ else
+ ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
+ fi
+ if csih_request "Do you want to use this identity to login to this machine?"
+ then
+ csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+ cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
+ fi
+ fi
+ fi
+} # === End of create_ssh1_identity() === #
+readonly -f create_ssh1_identity
+
+# ======================================================================
+# Routine: create_ssh2_rsa_identity
+# optionally create ~/.ssh/id_rsa[.pub]
+# optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_ssh2_rsa_identity() {
+ if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
then
- return 1
+ if csih_request "Shall I create an SSH2 RSA identity file for you?"
+ then
+ csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
+ if [ "${with_passphrase}" = "yes" ]
+ then
+ ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+ else
+ ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+ fi
+ if csih_request "Do you want to use this identity to login to this machine?"
+ then
+ csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+ cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
+ fi
+ fi
fi
+} # === End of create_ssh2_rsa_identity() === #
+readonly -f create_ssh2_rsa_identity
- answer=""
- while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
- do
- echo -n "$1 (yes/no) "
- read answer
- done
- if [ "X${answer}" = "Xyes" ]
+# ======================================================================
+# Routine: create_ssh2_dsa_identity
+# optionally create ~/.ssh/id_dsa[.pub]
+# optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_ssh2_dsa_identity() {
+ if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
then
- return 0
- else
- return 1
+ if csih_request "Shall I create an SSH2 DSA identity file for you?"
+ then
+ csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
+ if [ "${with_passphrase}" = "yes" ]
+ then
+ ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+ else
+ ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+ fi
+ if csih_request "Do you want to use this identity to login to this machine?"
+ then
+ csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+ cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
+ fi
+ fi
fi
-}
+} # === End of create_ssh2_dsa_identity() === #
+readonly -f create_ssh2_dsa_identity
-# Check if running on NT
-_sys="`uname -a`"
-_nt=`expr "$_sys" : "CYGWIN_NT"`
-# If running on NT, check if running under 2003 Server or later
-if [ $_nt -gt 0 ]
+# ======================================================================
+# Routine: check_user_homedir
+# Perform various checks on the user's home directory
+# SETS GLOBAL VARIABLE:
+# pwdhome
+# ======================================================================
+check_user_homedir() {
+ local uid=$(id -u)
+ pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
+ if [ "X${pwdhome}" = "X" ]
+ then
+ csih_error_multiline \
+ "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
+ 'Setting $HOME is not sufficient!'
+ fi
+
+ if [ ! -d "${pwdhome}" ]
+ then
+ csih_error_multiline \
+ "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
+ 'but it is not a valid directory. Cannot create user identity files.'
+ fi
+
+ # If home is the root dir, set home to empty string to avoid error messages
+ # in subsequent parts of that script.
+ if [ "X${pwdhome}" = "X/" ]
+ then
+ # But first raise a warning!
+ csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
+ if csih_request "Would you like to proceed anyway?"
+ then
+ pwdhome=''
+ else
+ csih_warning "Exiting. Configuration is not complete"
+ exit 1
+ fi
+ fi
+
+ if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
+ then
+ echo
+ csih_warning 'group and other have been revoked write permission to your home'
+ csih_warning "directory ${pwdhome}."
+ csih_warning 'This is required by OpenSSH to allow public key authentication using'
+ csih_warning 'the key files stored in your .ssh subdirectory.'
+ csih_warning 'Revert this change ONLY if you know what you are doing!'
+ echo
+ fi
+} # === End of check_user_homedir() === #
+readonly -f check_user_homedir
+
+# ======================================================================
+# Routine: check_user_dot_ssh_dir
+# Perform various checks on the ~/.ssh directory
+# PREREQUISITE:
+# pwdhome -- check_user_homedir()
+# ======================================================================
+check_user_dot_ssh_dir() {
+ if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
+ then
+ csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
+ fi
+
+ if [ ! -e "${pwdhome}/.ssh" ]
+ then
+ mkdir "${pwdhome}/.ssh"
+ if [ ! -e "${pwdhome}/.ssh" ]
+ then
+ csih_error "Creating users ${pwdhome}/.ssh directory failed"
+ fi
+ fi
+} # === End of check_user_dot_ssh_dir() === #
+readonly -f check_user_dot_ssh_dir
+
+# ======================================================================
+# Routine: fix_authorized_keys_perms
+# Corrects the permissions of ~/.ssh/authorized_keys
+# PREREQUISITE:
+# pwdhome -- check_user_homedir()
+# ======================================================================
+fix_authorized_keys_perms() {
+ if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
+ then
+ if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
+ then
+ csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
+ csih_warning "failed. Please care for the correct permissions. The minimum requirement"
+ csih_warning "is, the owner needs read permissions."
+ echo
+ fi
+ fi
+} # === End of fix_authorized_keys_perms() === #
+readonly -f fix_authorized_keys_perms
+
+
+# ======================================================================
+# Main Entry Point
+# ======================================================================
+
+# Check how the script has been started. If
+# (1) it has been started by giving the full path and
+# that path is /etc/postinstall, OR
+# (2) Otherwise, if the environment variable
+# SSH_USER_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no". This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist. In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
then
- _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
+ csih_auto_answer="no"
+ csih_disable_color
fi
+if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+fi
-# Check options
-
+# ======================================================================
+# Parse options
+# ======================================================================
while :
do
case $# in
@@ -61,14 +244,15 @@
case "$option" in
-d | --debug )
set -x
+ csih_trace_on
;;
-y | --yes )
- auto_answer=yes
+ csih_auto_answer=yes
;;
-n | --no )
- auto_answer=no
+ csih_auto_answer=no
;;
-p | --passphrase )
@@ -77,8 +261,12 @@
shift
;;
+ --privileged )
+ csih_FORCE_PRIVILEGED_USER=yes
+ ;;
+
*)
- echo "usage: ${progname} [OPTION]..."
+ echo "usage: ${PROGNAME} [OPTION]..."
echo
echo "This script creates an OpenSSH user configuration."
echo
@@ -87,6 +275,8 @@
echo " --yes -y Answer all questions with \"yes\" automatically."
echo " --no -n Answer all questions with \"no\" automatically."
echo " --passphrase -p word Use \"word\" as passphrase automatically."
+ echo " --privileged On Windows NT/2k/XP, assume privileged user"
+ echo " instead of LocalSystem for sshd service."
echo
exit 1
;;
@@ -94,157 +284,27 @@
esac
done
-# Ask user if user identity should be generated
+# ======================================================================
+# Action!
+# ======================================================================
+# Check passwd file
if [ ! -f ${SYSCONFDIR}/passwd ]
then
- echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
- echo 'first using mkpasswd. Check if it contains an entry for you and'
- echo 'please care for the home directory in your entry as well.'
- exit 1
+ csih_error_multiline \
+ "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
+ 'first using mkpasswd. Check if it contains an entry for you and' \
+ 'please care for the home directory in your entry as well.'
fi
-uid=`id -u`
-pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
+check_user_homedir
+check_user_dot_ssh_dir
+create_ssh1_identity
+create_ssh2_rsa_identity
+create_ssh2_dsa_identity
+fix_authorized_keys_perms
-if [ "X${pwdhome}" = "X" ]
-then
- echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
- echo 'Setting $HOME is not sufficient!'
- exit 1
-fi
+echo
+csih_inform "Configuration finished. Have fun!"
-if [ ! -d "${pwdhome}" ]
-then
- echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
- echo 'but it is not a valid directory. Cannot create user identity files.'
- exit 1
-fi
-# If home is the root dir, set home to empty string to avoid error messages
-# in subsequent parts of that script.
-if [ "X${pwdhome}" = "X/" ]
-then
- # But first raise a warning!
- echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
- if request "Would you like to proceed anyway?"
- then
- pwdhome=''
- else
- exit 1
- fi
-fi
-
-if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
-then
- echo
- echo 'WARNING: group and other have been revoked write permission to your home'
- echo " directory ${pwdhome}."
- echo ' This is required by OpenSSH to allow public key authentication using'
- echo ' the key files stored in your .ssh subdirectory.'
- echo ' Revert this change ONLY if you know what you are doing!'
- echo
-fi
-
-if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
-then
- echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
- exit 1
-fi
-
-if [ ! -e "${pwdhome}/.ssh" ]
-then
- mkdir "${pwdhome}/.ssh"
- if [ ! -e "${pwdhome}/.ssh" ]
- then
- echo "Creating users ${pwdhome}/.ssh directory failed"
- exit 1
- fi
-fi
-
-if [ $_nt -gt 0 ]
-then
- _user="system"
- if [ $_nt2003 -gt 0 ]
- then
- grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
- fi
- if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
- then
- echo "${pwdhome}/.ssh couldn't be given the correct permissions."
- echo "Please try to solve this problem first."
- exit 1
- fi
-fi
-
-if [ ! -f "${pwdhome}/.ssh/identity" ]
-then
- if request "Shall I create an SSH1 RSA identity file for you?"
- then
- echo "Generating ${pwdhome}/.ssh/identity"
- if [ "${with_passphrase}" = "yes" ]
- then
- ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
- else
- ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
- fi
- if request "Do you want to use this identity to login to this machine?"
- then
- echo "Adding to ${pwdhome}/.ssh/authorized_keys"
- cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
- fi
- fi
-fi
-
-if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
-then
- if request "Shall I create an SSH2 RSA identity file for you?"
- then
- echo "Generating ${pwdhome}/.ssh/id_rsa"
- if [ "${with_passphrase}" = "yes" ]
- then
- ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
- else
- ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
- fi
- if request "Do you want to use this identity to login to this machine?"
- then
- echo "Adding to ${pwdhome}/.ssh/authorized_keys"
- cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
- fi
- fi
-fi
-
-if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
-then
- if request "Shall I create an SSH2 DSA identity file for you?"
- then
- echo "Generating ${pwdhome}/.ssh/id_dsa"
- if [ "${with_passphrase}" = "yes" ]
- then
- ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
- else
- ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
- fi
- if request "Do you want to use this identity to login to this machine?"
- then
- echo "Adding to ${pwdhome}/.ssh/authorized_keys"
- cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
- fi
- fi
-fi
-
-if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
-then
- if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
- then
- echo
- echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
- echo "failed. Please care for the correct permissions. The minimum requirement"
- echo "is, the owner and ${_user} both need read permissions."
- echo
- fi
-fi
-
-echo
-echo "Configuration finished. Have fun!"
Modified: trunk/contrib/redhat/openssh.spec
===================================================================
--- trunk/contrib/redhat/openssh.spec 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/contrib/redhat/openssh.spec 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-%define ver 4.7p1
+%define ver 5.1p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
@@ -376,6 +376,7 @@
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
+%attr(0644,root,root) %{_mandir}/man5/moduli.5*
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
Modified: trunk/contrib/ssh-copy-id
===================================================================
--- trunk/contrib/ssh-copy-id 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/contrib/ssh-copy-id 2009-06-23 21:31:15 UTC (rev 57)
@@ -11,7 +11,7 @@
shift
# check if we have 2 parameters left, if so the first is the new ID file
if [ -n "$2" ]; then
- if expr "$1" : ".*\.pub" >/dev/null; then
+ if expr "$1" : ".*\.pub" > /dev/null ; then
ID_FILE="$1"
else
ID_FILE="$1.pub"
@@ -38,10 +38,10 @@
exit 1
fi
-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh ${1%:} "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
cat <<EOF
-Now try logging into the machine, with "ssh '$1'", and check in:
+Now try logging into the machine, with "ssh '${1%:}'", and check in:
.ssh/authorized_keys
Modified: trunk/contrib/suse/openssh.spec
===================================================================
--- trunk/contrib/suse/openssh.spec 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/contrib/suse/openssh.spec 2009-06-23 21:31:15 UTC (rev 57)
@@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
-Version: 4.7p1
+Version: 5.1p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
@@ -201,7 +201,7 @@
%files
%defattr(-,root,root)
%doc ChangeLog OVERVIEW README*
-%doc RFC.nroff TODO CREDITS LICENCE
+%doc TODO CREDITS LICENCE
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
@@ -228,6 +228,7 @@
%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1*
%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1*
%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1*
+%attr(0644,root,root) %doc %{_mandir}/man5/moduli.5*
%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5*
%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5*
%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/debian/changelog 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,3 +1,238 @@
+openssh (1:5.1p1-6.maemo1) unstable; urgency=low
+
+ * upgraded to upstream version 1:5.1p1-5
+
+ -- Ed Bartosh <bartosh at gmail.com> Wed, 24 Jun 2009 00:24:54 +0300
+
+openssh (1:5.1p1-5) unstable; urgency=low
+
+ * Backport from upstream CVS (Markus Friedl):
+ - packet_disconnect() on padding error, too. Should reduce the success
+ probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
+ * Check that /var/run/sshd.pid exists and that the process ID listed there
+ corresponds to sshd before running '/etc/init.d/ssh reload' from if-up
+ script; SIGHUP is racy if called at boot before sshd has a chance to
+ install its signal handler, but fortunately the pid file is written
+ after that which lets us avoid the race (closes: #502444).
+ * While the above is a valuable sanity-check, it turns out that it doesn't
+ really fix the bug (thanks to Kevin Price for testing), so for the
+ meantime we'll just use '/etc/init.d/ssh restart', even though it is
+ unfortunately heavyweight.
+
+ -- Colin Watson <cjwatson at debian.org> Wed, 14 Jan 2009 00:34:08 +0000
+
+openssh (1:5.1p1-4) unstable; urgency=low
+
+ * ssh-copy-id: Strip trailing colons from hostname (closes: #226172,
+ LP: #249706; thanks to Karl Goetz for nudging this along; forwarded
+ upstream as https://bugzilla.mindrot.org/show_bug.cgi?id=1530).
+ * Backport from upstream CVS (Markus Friedl):
+ - Only send eow and no-more-sessions requests to openssh 5 and newer;
+ fixes interop problems with broken ssh v2 implementations (closes:
+ #495917).
+ * Fix double-free when failing to parse a forwarding specification given
+ using ~C (closes: #505330; forwarded upstream as
+ https://bugzilla.mindrot.org/show_bug.cgi?id=1539).
+
+ -- Colin Watson <cjwatson at debian.org> Sun, 23 Nov 2008 14:46:10 +0000
+
+openssh (1:5.1p1-3) unstable; urgency=low
+
+ * Remove unnecessary ssh-vulnkey output in non-verbose mode when no
+ compromised or unknown keys were found (closes: #496495).
+ * Configure with --disable-strip; dh_strip will deal with stripping
+ binaries and will honour DEB_BUILD_OPTIONS (thanks, Bernhard R. Link;
+ closes: #498681).
+ * Fix handling of zero-length server banners (thanks, Tomas Mraz; closes:
+ #497026).
+
+ -- Colin Watson <cjwatson at debian.org> Tue, 30 Sep 2008 23:09:58 +0100
+
+openssh (1:5.1p1-2) unstable; urgency=low
+
+ * Look for $SHELL on the path when executing ProxyCommands or
+ LocalCommands (closes: #492728).
+
+ -- Colin Watson <cjwatson at debian.org> Tue, 29 Jul 2008 15:31:25 +0100
+
+openssh (1:5.1p1-1) unstable; urgency=low
+
+ * New upstream release (closes: #474301). Important changes not previously
+ backported to 4.7p1:
+ - 4.9/4.9p1 (http://www.openssh.com/txt/release-4.9):
+ + Added chroot(2) support for sshd(8), controlled by a new option
+ "ChrootDirectory" (closes: #139047, LP: #24777).
+ + Linked sftp-server(8) into sshd(8). The internal sftp server is used
+ when the command "internal-sftp" is specified in a Subsystem or
+ ForceCommand declaration. When used with ChrootDirectory, the
+ internal sftp server requires no special configuration of files
+ inside the chroot environment.
+ + Added a protocol extension method "posix-rename at openssh.com" for
+ sftp-server(8) to perform POSIX atomic rename() operations; sftp(1)
+ prefers this if available (closes: #308561).
+ + Removed the fixed limit of 100 file handles in sftp-server(8).
+ + ssh(8) will now skip generation of SSH protocol 1 ephemeral server
+ keys when in inetd mode and protocol 2 connections are negotiated.
+ This speeds up protocol 2 connections to inetd-mode servers that
+ also allow Protocol 1.
+ + Accept the PermitRootLogin directive in a sshd_config(5) Match
+ block. Allows for, e.g. permitting root only from the local network.
+ + Reworked sftp(1) argument splitting and escaping to be more
+ internally consistent (i.e. between sftp commands) and more
+ consistent with sh(1). Please note that this will change the
+ interpretation of some quoted strings, especially those with
+ embedded backslash escape sequences.
+ + Support "Banner=none" in sshd_config(5) to disable sending of a
+ pre-login banner (e.g. in a Match block).
+ + ssh(1) ProxyCommands are now executed with $SHELL rather than
+ /bin/sh.
+ + ssh(1)'s ConnectTimeout option is now applied to both the TCP
+ connection and the SSH banner exchange (previously it just covered
+ the TCP connection). This allows callers of ssh(1) to better detect
+ and deal with stuck servers that accept a TCP connection but don't
+ progress the protocol, and also makes ConnectTimeout useful for
+ connections via a ProxyCommand.
+ + scp(1) incorrectly reported "stalled" on slow copies (closes:
+ #140828).
+ + scp(1) date underflow for timestamps before epoch.
+ + ssh(1) used the obsolete SIG DNS RRtype for host keys in DNS,
+ instead of the current standard RRSIG.
+ + Correctly drain ACKs when a sftp(1) upload write fails midway,
+ avoids a fatal() exit from what should be a recoverable condition.
+ + Fixed ssh-keygen(1) selective host key hashing (i.e. "ssh-keygen -HF
+ hostname") to not include any IP address in the data to be hashed.
+ + Make ssh(1) skip listening on the IPv6 wildcard address when a
+ binding address of 0.0.0.0 is used against an old SSH server that
+ does not support the RFC4254 syntax for wildcard bind addresses.
+ + Enable IPV6_V6ONLY socket option on sshd(8) listen socket, as is
+ already done for X11/TCP forwarding sockets (closes: #439661).
+ + Fix FD leak that could hang a ssh(1) connection multiplexing master.
+ + Make ssh(1) -q option documentation consistent with reality.
+ + Fixed sshd(8) PAM support not calling pam_session_close(), or
+ failing to call it with root privileges (closes: #372680).
+ + Fix activation of OpenSSL engine support when requested in configure
+ (LP: #119295).
+ + Cache SELinux status earlier so we know if it's enabled after a
+ chroot (LP: #237557).
+ - 5.1/5.1p1 (http://www.openssh.com/txt/release-5.1):
+ + Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1)
+ and ssh-keygen(1). Visual fingerprint display is controlled by a new
+ ssh_config(5) option "VisualHostKey". The intent is to render SSH
+ host keys in a visual form that is amenable to easy recall and
+ rejection of changed host keys.
+ + sshd_config(5) now supports CIDR address/masklen matching in "Match
+ address" blocks, with a fallback to classic wildcard matching.
+ + sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys
+ from="..." restrictions, also with a fallback to classic wildcard
+ matching.
+ + Added an extended test mode (-T) to sshd(8) to request that it write
+ its effective configuration to stdout and exit. Extended test mode
+ also supports the specification of connection parameters (username,
+ source address and hostname) to test the application of
+ sshd_config(5) Match rules.
+ + ssh(1) now prints the number of bytes transferred and the overall
+ connection throughput for SSH protocol 2 sessions when in verbose
+ mode (previously these statistics were displayed for protocol 1
+ connections only).
+ + sftp-server(8) now supports extension methods statvfs at openssh.com
+ and fstatvfs at openssh.com that implement statvfs(2)-like operations.
+ + sftp(1) now has a "df" command to the sftp client that uses the
+ statvfs at openssh.com to produce a df(1)-like display of filesystem
+ space and inode utilisation (requires statvfs at openssh.com support on
+ the server).
+ + Added a MaxSessions option to sshd_config(5) to allow control of the
+ number of multiplexed sessions supported over a single TCP
+ connection. This allows increasing the number of allowed sessions
+ above the previous default of 10, disabling connection multiplexing
+ (MaxSessions=1) or disallowing login/shell/subsystem sessions
+ entirely (MaxSessions=0).
+ + Added a no-more-sessions at openssh.com global request extension that
+ is sent from ssh(1) to sshd(8) when the client knows that it will
+ never request another session (i.e. when session multiplexing is
+ disabled). This allows a server to disallow further session requests
+ and terminate the session in cases where the client has been
+ hijacked.
+ + ssh-keygen(1) now supports the use of the -l option in combination
+ with -F to search for a host in ~/.ssh/known_hosts and display its
+ fingerprint.
+ + ssh-keyscan(1) now defaults to "rsa" (protocol 2) keys, instead of
+ "rsa1" (LP: #129794).
+ + Added an AllowAgentForwarding option to sshd_config(8) to control
+ whether authentication agent forwarding is permitted. Note that this
+ is a loose control, as a client may install their own unofficial
+ forwarder.
+ + ssh(1) and sshd(8): avoid unnecessary malloc/copy/free when
+ receiving network data, resulting in a ~10% speedup.
+ + ssh(1) and sshd(8) will now try additional addresses when connecting
+ to a port forward destination whose DNS name resolves to more than
+ one address. The previous behaviour was to try the only first
+ address and give up if that failed.
+ + ssh(1) and sshd(8) now support signalling that channels are
+ half-closed for writing, through a channel protocol extension
+ notification "eow at openssh.com". This allows propagation of closed
+ file descriptors, so that commands such as "ssh -2 localhost od
+ /bin/ls | true" do not send unnecessary data over the wire.
+ + sshd(8): increased the default size of ssh protocol 1 ephemeral keys
+ from 768 to 1024 bits.
+ + When ssh(1) has been requested to fork after authentication ("ssh
+ -f") with ExitOnForwardFailure enabled, delay the fork until after
+ replies for any -R forwards have been seen. Allows for robust
+ detection of -R forward failure when using -f.
+ + "Match group" blocks in sshd_config(5) now support negation of
+ groups. E.g. "Match group staff,!guests".
+ + sftp(1) and sftp-server(8) now allow chmod-like operations to set
+ set[ug]id/sticky bits.
+ + The MaxAuthTries option is now permitted in sshd_config(5) match
+ blocks.
+ + Multiplexed ssh(1) sessions now support a subset of the ~ escapes
+ that are available to a primary connection.
+ + ssh(1) connection multiplexing will now fall back to creating a new
+ connection in most error cases (closes: #352830).
+ + Make ssh(1) deal more gracefully with channel requests that fail.
+ Previously it would optimistically assume that requests would always
+ succeed, which could cause hangs if they did not (e.g. when the
+ server runs out of file descriptors).
+ + ssh(1) now reports multiplexing errors via the multiplex slave's
+ stderr where possible (subject to LogLevel in the mux master).
+ + Fixed an UMAC alignment problem that manifested on Itanium
+ platforms.
+ * Remove our local version of moduli(5) now that there's one upstream.
+ * Say "GTK+" rather than "GTK" in ssh-askpass-gnome's description.
+ * Add lintian overrides for empty /usr/share/doc/openssh-client
+ directories in openssh-server and ssh (necessary due to being symlink
+ targets).
+ * Merge from Ubuntu:
+ - Add 'status' action to openssh-server init script, requiring lsb-base
+ (>= 3.2-13) (thanks, Dustin Kirkland).
+ * debconf template translations:
+ - Update Korean (thanks, Sunjae Park; closes: #484821).
+
+ -- Colin Watson <cjwatson at debian.org> Fri, 25 Jul 2008 10:45:08 +0100
+
+openssh (1:4.7p1-13) unstable; urgency=low
+
+ * Add some helpful advice to the end of ssh-vulnkey's output if there are
+ unknown or compromised keys (thanks, Dan Jacobson; closes: #483756).
+ * Check compromised key blacklist in ssh or ssh-add, as well as in the
+ server (LP: #232391). To override the blacklist check in ssh
+ temporarily, use 'ssh -o UseBlacklistedKeys=yes'; there is no override
+ for the blacklist check in ssh-add.
+ * Add cross-references to ssh-vulnkey(1) to ssh(1), ssh-add(1),
+ ssh-keygen(1), and sshd(8) (closes: #484451).
+ * Change openssh-client-udeb's Installer-Menu-Item from 99900 to 99999
+ (thanks, Frans Pop).
+ * Drop openssh-client-udeb isinstallable hack, as main-menu (>= 1.26) now
+ takes care of that (thanks, Frans Pop; closes: #484404).
+ * Update DEB_BUILD_OPTIONS parsing code from policy 3.8.0.
+ * Add documentation on removing openssh-blacklist locally (see #484269).
+ * Clarify documentation of SSHD_OOM_ADJUST, and make setting it to the
+ empty string actually skip adjustment as intended (closes: #487325).
+ * Remove empty /usr/share/applications directory in ssh-askpass-gnome.
+ * debconf template translations:
+ - Update Romanian (thanks, Cătălin Feștilă; closes: #485415).
+
+ -- Colin Watson <cjwatson at debian.org> Mon, 21 Jul 2008 12:18:28 +0100
+
openssh (1:4.7p1-12.maemo2) unstable; urgency=low
* get rid of ssh-vulnkey manpage to avoid strange autobuilder failure
Modified: trunk/debian/openssh-server.default
===================================================================
--- trunk/debian/openssh-server.default 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/debian/openssh-server.default 2009-06-23 21:31:15 UTC (rev 57)
@@ -3,3 +3,9 @@
# Options to pass to sshd
SSHD_OPTS=
+
+# OOM-killer adjustment for sshd (see
+# linux/Documentation/filesystems/proc.txt; lower values reduce likelihood
+# of being killed, while -17 means the OOM-killer will ignore sshd; set to
+# the empty string to skip adjustment)
+SSHD_OOM_ADJUST=-17
Modified: trunk/debian/po/ko.po
===================================================================
--- trunk/debian/po/ko.po 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/debian/po/ko.po 2009-06-23 21:31:15 UTC (rev 57)
@@ -8,8 +8,8 @@
msgstr ""
"Project-Id-Version: openssh\n"
"Report-Msgid-Bugs-To: openssh at packages.debian.org\n"
-"POT-Creation-Date: 2008-05-17 08:51+0200\n"
-"PO-Revision-Date: 2007-05-15 19:28+0900\n"
+"POT-Creation-Date: 2008-05-17 13:58+0200\n"
+"PO-Revision-Date: 2008-06-06 16:06-0400\n"
"Last-Translator: Sunjae Park <darehanl at gmail.com>\n"
"Language-Team: Korean <debian-l10n-korean at lists.debian.org>\n"
"MIME-Version: 1.0\n"
@@ -153,7 +153,7 @@
#. Description
#: ../openssh-server.templates:5001
msgid "Vulnerable host keys will be regenerated"
-msgstr ""
+msgstr "취약한 호스트키를 다시 생성합니다"
#. Type: note
#. Description
@@ -164,6 +164,9 @@
"these host keys are from a well-known set, are subject to brute-force "
"attacks, and must be regenerated."
msgstr ""
+"이 시스템에 있는 OpenSSH 서버의 호스트키는 잘못된 난수생성기를 사용한 버전의 "
+"OpenSSL를 통해 만들어졌습니다. 이러한 호스트키들은 잘 알려진 범위 내에 있게 "
+"되므로 brute-force 공격에 약할 수 있으며, 따라서 다시 만들어야 합니다."
#. Type: note
#. Description
@@ -174,12 +177,16 @@
"keygen -l -f HOST_KEY_FILE' after the upgrade to print the fingerprints of "
"the new host keys."
msgstr ""
+"이 시스템을 사용한 사람들은 다음에 로그인할 때 호스트키가 변경되었다는 사실"
+"을 감지하게 되기 때문에 사용자들에게 이 사항을 알려주셔야 합니다. 업그레이드 "
+"후 'ssh-keygen -l -f 호스트키 파일명'을 사용하여 새로운 호스트키의 핑거프린트"
+"를 출력받을 수 있습니다."
#. Type: note
#. Description
#: ../openssh-server.templates:5001
msgid "The affected host keys are:"
-msgstr ""
+msgstr "관련된 호스트키의 목록은:"
#. Type: note
#. Description
@@ -189,3 +196,6 @@
"may be used as a partial test for this. See /usr/share/doc/openssh-server/"
"README.compromised-keys.gz for more details."
msgstr ""
+"사용자 키 역시 이 문제에 영향을 받을 수 있습니다. 'ssh-vulnkey' 명령을 사용하"
+"여 부분적으로나마 그렇한지를 검사할 수 있습니다. 자세한 정보는 /usr/share/"
+"doc/openssh-server/README.compromised-keys.gz를 참조하십시오."
Modified: trunk/debian/po/ro.po
===================================================================
--- trunk/debian/po/ro.po 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/debian/po/ro.po 2009-06-23 21:31:15 UTC (rev 57)
@@ -4,19 +4,20 @@
#
# Stan Ioan-Eugen <stan.ieugen at gmail.com>, 2006.
# Igor Stirbu <igor.stirbu at gmail.com>, 2007.
+# Cătălin Feștilă <catalinfest at gmail.com>,2008
msgid ""
msgstr ""
"Project-Id-Version: openssh 1.4\n"
"Report-Msgid-Bugs-To: openssh at packages.debian.org\n"
"POT-Creation-Date: 2008-05-17 08:51+0200\n"
-"PO-Revision-Date: 2007-05-01 05:45+0300\n"
-"Last-Translator: Igor Stirbu <igor.stirbu at gmail.com>\n"
+"PO-Revision-Date: 2008-05-28 17:54+0200\n"
+"Last-Translator: Cătălin Feștilă <catalinfest at gmail.com>\n"
"Language-Team: Romanian <debian-l10n-romanian at lists.debian.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: KBabel 1.11.4\n"
-"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
+"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
"20)) ? 1 : 2;\n"
#. Type: boolean
@@ -81,7 +82,7 @@
"you're likely to be disconnected and leave the upgrade procedure unfinished."
msgstr ""
"Este foarte probabil ca această versiune de /etc/init.d/ssh pe care o aveți "
-"instalată să omoare toate instanțele sshd care rulează. Dacă faceți această "
+"instalată să omoare toate instanțele sshd care rulează. Dacă faceți această "
"actualizare printr-o sesiune ssh, atunci este posibil să fiți deconectați și "
"actualizarea să rămână neterminată."
@@ -92,7 +93,7 @@
"This can be fixed by manually adding \"--pidfile /var/run/sshd.pid\" to the "
"start-stop-daemon line in the stop section of the file."
msgstr ""
-"Puteți repara manual acest lucru adăugând „--pidfile /var/run/sshd.pid” la "
+"Puteți repară manual acest lucru adăugând „--pidfile /var/run/sshd.pid” la "
"linia start-stop-daemon în secțiunea stop a fișierului."
#. Type: note
@@ -110,7 +111,7 @@
"utility from the old (non-free) SSH installation does not appear to be "
"available."
msgstr ""
-"Cheia curentă în /etc/ssh/ssh_host_key este criptată cu algoritmul IDEA."
+"Cheia curentă în /etc/ssh/ssh_host_key este criptată cu algoritmul IDEA. "
"OpenSSH nu suportă acest tip de cheie, iar utilitarul ssh-keygen din "
"versiunea SSH (non-liberă) anterior instalată nu pare să fie disponibil."
@@ -155,14 +156,14 @@
msgstr ""
"Dacă dezactivați autentificarea pe bază de provocare-răspuns, utilizatorii "
"nu vor mai putea să se autentifice folosind parolele. Dacă nu o dezactivați "
-"(răspunsul implicit), aunci opțiunea 'PasswordAuthentification no' va fi "
+"(răspunsul implicit), atunci opțiunea 'PasswordAuthentification no' va fi "
"utilizabilă doar dacă modificați și configurația PAM din /etc/pam.d/ssh."
#. Type: note
#. Description
#: ../openssh-server.templates:5001
msgid "Vulnerable host keys will be regenerated"
-msgstr ""
+msgstr "Cheile vulnerabile vor fi regenerate"
#. Type: note
#. Description
@@ -173,6 +174,10 @@
"these host keys are from a well-known set, are subject to brute-force "
"attacks, and must be regenerated."
msgstr ""
+"Unele dintre cheile serverului OpenSSH gazdă de pe acest sistem au fost "
+"generate cu o versiune de OpenSSL, care a avut un generator de numere "
+"aleatorii stricat. Ca rezultat, aceste chei gazda sunt un set binecunoscut, "
+"sunt supuse la atacuri brute-force și trebuie să fie regenerate."
#. Type: note
#. Description
@@ -183,12 +188,16 @@
"keygen -l -f HOST_KEY_FILE' after the upgrade to print the fingerprints of "
"the new host keys."
msgstr ""
+"Utilizatorii acestui sistem ar trebui să fie informați ce se schimbă, "
+"deoarece se va solicita cheia gazdă ce se schimba data viitoare când se "
+"autentifică. Folosiți 'ssh-keygen -l -f HOST_KEY_FILE' după ce faceți "
+"actualizare pentru a imprima amprentele digitale ale noilor chei gazdă."
#. Type: note
#. Description
#: ../openssh-server.templates:5001
msgid "The affected host keys are:"
-msgstr ""
+msgstr "Cheile gazdă afectate sunt:"
#. Type: note
#. Description
@@ -198,6 +207,10 @@
"may be used as a partial test for this. See /usr/share/doc/openssh-server/"
"README.compromised-keys.gz for more details."
msgstr ""
+"Cheile utilizatorului de asemenea, pot fi afectate de această problemă. "
+"Comanda 'ssh-vulnkey' poate fi folosită ca un test parțial pentru acestea. A "
+"se vedea /usr/share/doc/openssh-server/README.compromised-keys.gz pentru mai "
+"multe detalii."
#~ msgid "Warning: you must create a new host key"
#~ msgstr "Avertizare: trebuie să creați o nouă cheie pentru sistem"
@@ -216,3 +229,6 @@
#~ "utilizați) fie să instalați telnetd-ssl astfel încât să existe "
#~ "posibilitatea ca sesiunile telnet să nu trimită informații necriptate de "
#~ "autentificare/parole prin rețea."
+
+#~ msgid "${HOST_KEYS}"
+#~ msgstr "${HOST_KEYS}"
Modified: trunk/debian/ssh-askpass-gnome.desktop
===================================================================
--- trunk/debian/ssh-askpass-gnome.desktop 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/debian/ssh-askpass-gnome.desktop 2009-06-23 21:31:15 UTC (rev 57)
@@ -9,4 +9,4 @@
Terminal=false
Type=Application
Icon=ssh-askpass-gnome
-Categories=Application;Network;
+Categories=Network;Security;
Modified: trunk/defines.h
===================================================================
--- trunk/defines.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/defines.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
-/* $Id: defines.h,v 1.143 2007/08/09 04:37:52 dtucker Exp $ */
+/* $Id: defines.h,v 1.151 2008/07/04 13:10:49 djm Exp $ */
/* Constants */
@@ -431,10 +431,6 @@
# define __attribute__(x)
#endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
-#ifndef __dead
-# define __dead __attribute__((noreturn))
-#endif
-
#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__)
# define __sentinel__
#endif
@@ -540,6 +536,10 @@
# undef HAVE_UPDWTMPX
#endif
+#if defined(BROKEN_SHADOW_EXPIRE) && defined(HAS_SHADOW_EXPIRE)
+# undef HAS_SHADOW_EXPIRE
+#endif
+
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \
defined(SYSLOG_R_SAFE_IN_SIGHAND)
# define DO_LOG_SAFE_IN_SIGHAND
@@ -563,11 +563,6 @@
# define CUSTOM_SSH_AUDIT_EVENTS
#endif
-/* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */
-#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f)
-# define OPENSSL_free(x) Free(x)
-#endif
-
#if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
# define __func__ __FUNCTION__
#elif !defined(HAVE___func__)
@@ -591,6 +586,15 @@
# define SSH_SYSFDMAX 10000
#endif
+#ifdef FSID_HAS_VAL
+/* encode f_fsid into a 64 bit value */
+#define FSID_TO_ULONG(f) \
+ ((((u_int64_t)(f).val[0] & 0xffffffffUL) << 32) | \
+ ((f).val[1] & 0xffffffffUL))
+#else
+# define FSID_TO_ULONG(f) ((f))
+#endif
+
#if defined(__Lynx__)
/*
* LynxOS defines these in param.h which we do not want to include since
@@ -694,9 +698,11 @@
# define CUSTOM_SYS_AUTH_PASSWD 1
#endif
+#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID)
+# define CUSTOM_SYS_AUTH_PASSWD 1
+#endif
#if defined(HAVE_LIBIAF) && defined(HAVE_SET_ID) && !defined(BROKEN_LIBIAF)
# define USE_LIBIAF
-# define CUSTOM_SYS_AUTH_PASSWD 1
#endif
/* HP-UX 11.11 */
@@ -728,4 +734,8 @@
# endif
#endif
+#ifndef EWOULDBLOCK
+# define EWOULDBLOCK EAGAIN
+#endif
+
#endif /* _DEFINES_H */
Modified: trunk/dh.c
===================================================================
--- trunk/dh.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/dh.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.44 2006/11/07 13:02:07 markus Exp $ */
+/* $OpenBSD: dh.c,v 1.47 2008/06/26 09:19:39 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*
@@ -46,6 +46,7 @@
char *cp, *arg;
char *strsize, *gen, *prime;
const char *errstr = NULL;
+ long long n;
cp = line;
if ((arg = strdelim(&cp)) == NULL)
@@ -62,12 +63,24 @@
arg = strsep(&cp, " "); /* type */
if (cp == NULL || *arg == '\0')
goto fail;
+ /* Ensure this is a safe prime */
+ n = strtonum(arg, 0, 5, &errstr);
+ if (errstr != NULL || n != MODULI_TYPE_SAFE)
+ goto fail;
arg = strsep(&cp, " "); /* tests */
if (cp == NULL || *arg == '\0')
goto fail;
+ /* Ensure prime has been tested and is not composite */
+ n = strtonum(arg, 0, 0x1f, &errstr);
+ if (errstr != NULL ||
+ (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE))
+ goto fail;
arg = strsep(&cp, " "); /* tries */
if (cp == NULL || *arg == '\0')
goto fail;
+ n = strtonum(arg, 0, 1<<30, &errstr);
+ if (errstr != NULL || n == 0)
+ goto fail;
strsize = strsep(&cp, " "); /* size */
if (cp == NULL || *strsize == '\0' ||
(dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
@@ -153,7 +166,7 @@
}
linenum = 0;
- which = arc4random() % bestcount;
+ which = arc4random_uniform(bestcount);
while (fgets(line, sizeof(line), f)) {
if (!parse_prime(linenum, line, &dhg))
continue;
@@ -185,7 +198,7 @@
BIGNUM *tmp;
if (dh_pub->neg) {
- logit("invalid public DH value: negativ");
+ logit("invalid public DH value: negative");
return 0;
}
if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */
@@ -193,8 +206,10 @@
return 0;
}
- if ((tmp = BN_new()) == NULL)
- return (-1);
+ if ((tmp = BN_new()) == NULL) {
+ error("%s: BN_new failed", __func__);
+ return 0;
+ }
if (!BN_sub(tmp, dh->p, BN_value_one()) ||
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
BN_clear_free(tmp);
Modified: trunk/dh.h
===================================================================
--- trunk/dh.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/dh.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.9 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: dh.h,v 1.10 2008/06/26 09:19:40 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -46,4 +46,28 @@
#define DH_GRP_MIN 1024
#define DH_GRP_MAX 8192
+/*
+ * Values for "type" field of moduli(5)
+ * Specifies the internal structure of the prime modulus.
+ */
+#define MODULI_TYPE_UNKNOWN (0)
+#define MODULI_TYPE_UNSTRUCTURED (1)
+#define MODULI_TYPE_SAFE (2)
+#define MODULI_TYPE_SCHNORR (3)
+#define MODULI_TYPE_SOPHIE_GERMAIN (4)
+#define MODULI_TYPE_STRONG (5)
+
+/*
+ * Values for "tests" field of moduli(5)
+ * Specifies the methods used in checking for primality.
+ * Usually, more than one test is used.
+ */
+#define MODULI_TESTS_UNTESTED (0x00)
+#define MODULI_TESTS_COMPOSITE (0x01)
+#define MODULI_TESTS_SIEVE (0x02)
+#define MODULI_TESTS_MILLER_RABIN (0x04)
+#define MODULI_TESTS_JACOBI (0x08)
+#define MODULI_TESTS_ELLIPTIC (0x10)
+
+
#endif
Modified: trunk/dns.c
===================================================================
--- trunk/dns.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/dns.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.24 2007/01/03 03:01:40 stevesk Exp $ */
+/* $OpenBSD: dns.c,v 1.25 2008/06/12 00:03:49 dtucker Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -145,11 +145,20 @@
{
struct addrinfo hints, *ai;
+ /*
+ * We shouldn't ever get a null host but if we do then log an error
+ * and return -1 which stops DNS key fingerprint processing.
+ */
+ if (hostname == NULL) {
+ error("is_numeric_hostname called with NULL hostname");
+ return -1;
+ }
+
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_DGRAM;
hints.ai_flags = AI_NUMERICHOST;
- if (getaddrinfo(hostname, "0", &hints, &ai) == 0) {
+ if (getaddrinfo(hostname, NULL, &hints, &ai) == 0) {
freeaddrinfo(ai);
return -1;
}
Modified: trunk/groupaccess.c
===================================================================
--- trunk/groupaccess.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/groupaccess.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: groupaccess.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
*
@@ -31,6 +31,7 @@
#include <grp.h>
#include <unistd.h>
#include <stdarg.h>
+#include <string.h>
#include "xmalloc.h"
#include "groupaccess.h"
@@ -88,6 +89,30 @@
}
/*
+ * Return 1 if one of user's groups matches group_pattern list.
+ * Return 0 on negated or no match.
+ */
+int
+ga_match_pattern_list(const char *group_pattern)
+{
+ int i, found = 0;
+ size_t len = strlen(group_pattern);
+
+ for (i = 0; i < ngroups; i++) {
+ switch (match_pattern_list(groups_byname[i],
+ group_pattern, len, 0)) {
+ case -1:
+ return 0; /* Negated match wins */
+ case 0:
+ continue;
+ case 1:
+ found = 1;
+ }
+ }
+ return found;
+}
+
+/*
* Free memory allocated for group access list.
*/
void
Modified: trunk/groupaccess.h
===================================================================
--- trunk/groupaccess.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/groupaccess.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: groupaccess.h,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: groupaccess.h,v 1.8 2008/07/04 03:44:59 djm Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
@@ -29,6 +29,7 @@
int ga_init(const char *, gid_t);
int ga_match(char * const *, int);
+int ga_match_pattern_list(const char *);
void ga_free(void);
#endif
Modified: trunk/gss-serv.c
===================================================================
--- trunk/gss-serv.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/gss-serv.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.21 2007/06/12 08:20:00 djm Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
/*
* Copyright (c) 2001-2008 Simon Wilkinson. All rights reserved.
@@ -35,6 +35,7 @@
#include <string.h>
#include <unistd.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "buffer.h"
#include "key.h"
Modified: trunk/includes.h
===================================================================
--- trunk/includes.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/includes.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -149,6 +149,8 @@
# include <sys/syslog.h>
#endif
+#include <errno.h>
+
/*
* On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations
* of getspnam when _INCLUDE__STDC__ is defined, so we unset it here.
Modified: trunk/key.c
===================================================================
--- trunk/key.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/key.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.69 2007/07/12 05:48:05 ray Exp $ */
+/* $OpenBSD: key.c,v 1.78 2008/07/07 23:32:51 stevesk Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -11,6 +11,7 @@
*
*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
+ * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -35,9 +36,11 @@
#include "includes.h"
+#include <sys/param.h>
#include <sys/types.h>
#include <openssl/evp.h>
+#include <openbsd-compat/openssl-compat.h>
#include <stdarg.h>
#include <stdio.h>
@@ -171,6 +174,7 @@
default:
fatal("key_equal: bad key type %d", a->type);
}
+ /* NOTREACHED */
}
u_char*
@@ -294,6 +298,114 @@
return retval;
}
+/*
+ * Draw an ASCII-Art representing the fingerprint so human brain can
+ * profit from its built-in pattern recognition ability.
+ * This technique is called "random art" and can be found in some
+ * scientific publications like this original paper:
+ *
+ * "Hash Visualization: a New Technique to improve Real-World Security",
+ * Perrig A. and Song D., 1999, International Workshop on Cryptographic
+ * Techniques and E-Commerce (CrypTEC '99)
+ * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
+ *
+ * The subject came up in a talk by Dan Kaminsky, too.
+ *
+ * If you see the picture is different, the key is different.
+ * If the picture looks the same, you still know nothing.
+ *
+ * The algorithm used here is a worm crawling over a discrete plane,
+ * leaving a trace (augmenting the field) everywhere it goes.
+ * Movement is taken from dgst_raw 2bit-wise. Bumping into walls
+ * makes the respective movement vector be ignored for this turn.
+ * Graphs are not unambiguous, because circles in graphs can be
+ * walked in either direction.
+ */
+
+/*
+ * Field sizes for the random art. Have to be odd, so the starting point
+ * can be in the exact middle of the picture, and FLDBASE should be >=8 .
+ * Else pictures would be too dense, and drawing the frame would
+ * fail, too, because the key type would not fit in anymore.
+ */
+#define FLDBASE 8
+#define FLDSIZE_Y (FLDBASE + 1)
+#define FLDSIZE_X (FLDBASE * 2 + 1)
+static char *
+key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
+{
+ /*
+ * Chars to be used after each other every time the worm
+ * intersects with itself. Matter of taste.
+ */
+ char *augmentation_string = " .o+=*BOX@%&#/^SE";
+ char *retval, *p;
+ u_char field[FLDSIZE_X][FLDSIZE_Y];
+ u_int i, b;
+ int x, y;
+ size_t len = strlen(augmentation_string) - 1;
+
+ retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2));
+
+ /* initialize field */
+ memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
+ x = FLDSIZE_X / 2;
+ y = FLDSIZE_Y / 2;
+
+ /* process raw key */
+ for (i = 0; i < dgst_raw_len; i++) {
+ int input;
+ /* each byte conveys four 2-bit move commands */
+ input = dgst_raw[i];
+ for (b = 0; b < 4; b++) {
+ /* evaluate 2 bit, rest is shifted later */
+ x += (input & 0x1) ? 1 : -1;
+ y += (input & 0x2) ? 1 : -1;
+
+ /* assure we are still in bounds */
+ x = MAX(x, 0);
+ y = MAX(y, 0);
+ x = MIN(x, FLDSIZE_X - 1);
+ y = MIN(y, FLDSIZE_Y - 1);
+
+ /* augment the field */
+ field[x][y]++;
+ input = input >> 2;
+ }
+ }
+
+ /* mark starting point and end point*/
+ field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
+ field[x][y] = len;
+
+ /* fill in retval */
+ snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type(k), key_size(k));
+ p = strchr(retval, '\0');
+
+ /* output upper border */
+ for (i = p - retval - 1; i < FLDSIZE_X; i++)
+ *p++ = '-';
+ *p++ = '+';
+ *p++ = '\n';
+
+ /* output content */
+ for (y = 0; y < FLDSIZE_Y; y++) {
+ *p++ = '|';
+ for (x = 0; x < FLDSIZE_X; x++)
+ *p++ = augmentation_string[MIN(field[x][y], len)];
+ *p++ = '|';
+ *p++ = '\n';
+ }
+
+ /* output lower border */
+ *p++ = '+';
+ for (i = 0; i < FLDSIZE_X; i++)
+ *p++ = '-';
+ *p++ = '+';
+
+ return retval;
+}
+
char *
key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
{
@@ -311,6 +423,9 @@
case SSH_FP_BUBBLEBABBLE:
retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
break;
+ case SSH_FP_RANDOMART:
+ retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k);
+ break;
default:
fatal("key_fingerprint_ex: bad digest representation %d",
dgst_rep);
Modified: trunk/key.h
===================================================================
--- trunk/key.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/key.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: key.h,v 1.27 2008/06/11 21:01:35 grunk Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -43,7 +43,8 @@
};
enum fp_rep {
SSH_FP_HEX,
- SSH_FP_BUBBLEBABBLE
+ SSH_FP_BUBBLEBABBLE,
+ SSH_FP_RANDOMART
};
/* key is stored in external hardware */
Modified: trunk/log.c
===================================================================
--- trunk/log.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/log.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.40 2007/05/17 07:50:31 djm Exp $ */
+/* $OpenBSD: log.c,v 1.41 2008/06/10 04:50:25 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -115,6 +115,17 @@
return SYSLOG_FACILITY_NOT_SET;
}
+const char *
+log_facility_name(SyslogFacility facility)
+{
+ u_int i;
+
+ for (i = 0; log_facilities[i].name; i++)
+ if (log_facilities[i].val == facility)
+ return log_facilities[i].name;
+ return NULL;
+}
+
LogLevel
log_level_number(char *name)
{
@@ -127,6 +138,17 @@
return SYSLOG_LEVEL_NOT_SET;
}
+const char *
+log_level_name(LogLevel level)
+{
+ u_int i;
+
+ for (i = 0; log_levels[i].name != NULL; i++)
+ if (log_levels[i].val == level)
+ return log_levels[i].name;
+ return NULL;
+}
+
/* Error messages that should be logged. */
void
Modified: trunk/log.h
===================================================================
--- trunk/log.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/log.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.h,v 1.15 2006/08/18 09:13:25 deraadt Exp $ */
+/* $OpenBSD: log.h,v 1.17 2008/06/13 00:12:02 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -50,11 +50,15 @@
void log_init(char *, LogLevel, SyslogFacility, int);
SyslogFacility log_facility_number(char *);
-LogLevel log_level_number(char *);
+const char * log_facility_name(SyslogFacility);
+LogLevel log_level_number(char *);
+const char * log_level_name(LogLevel);
-void fatal(const char *, ...) __dead __attribute__((format(printf, 1, 2)));
+void fatal(const char *, ...) __attribute__((noreturn))
+ __attribute__((format(printf, 1, 2)));
void error(const char *, ...) __attribute__((format(printf, 1, 2)));
-void sigdie(const char *, ...) __attribute__((format(printf, 1, 2)));
+void sigdie(const char *, ...) __attribute__((noreturn))
+ __attribute__((format(printf, 1, 2)));
void logit(const char *, ...) __attribute__((format(printf, 1, 2)));
void verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug(const char *, ...) __attribute__((format(printf, 1, 2)));
@@ -62,5 +66,5 @@
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
void do_log(LogLevel, const char *, va_list);
-void cleanup_exit(int) __dead;
+void cleanup_exit(int) __attribute__((noreturn));
#endif
Modified: trunk/mac.c
===================================================================
--- trunk/mac.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/mac.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.14 2007/06/07 19:37:34 pvalchev Exp $ */
+/* $OpenBSD: mac.c,v 1.15 2008/06/13 00:51:47 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -128,7 +128,7 @@
if (mac->mac_len > sizeof(m))
fatal("mac_compute: mac too long %u %lu",
- mac->mac_len, sizeof(m));
+ mac->mac_len, (u_long)sizeof(m));
switch (mac->type) {
case SSH_EVP:
Modified: trunk/match.c
===================================================================
--- trunk/match.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/match.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -183,7 +183,8 @@
/*
* returns 0 if we get a negative match for the hostname or the ip
- * or if we get no match at all. returns 1 otherwise.
+ * or if we get no match at all. returns -1 on error, or 1 on
+ * successful match.
*/
int
match_host_and_ip(const char *host, const char *ipaddr,
@@ -191,9 +192,12 @@
{
int mhost, mip;
- /* negative ipaddr match */
- if ((mip = match_hostname(ipaddr, patterns, strlen(patterns))) == -1)
+ /* error in ipaddr match */
+ if ((mip = addr_match_list(ipaddr, patterns)) == -2)
+ return -1;
+ else if (mip == -1) /* negative ip address match */
return 0;
+
/* negative hostname match */
if ((mhost = match_hostname(host, patterns, strlen(patterns))) == -1)
return 0;
Modified: trunk/match.h
===================================================================
--- trunk/match.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/match.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.h,v 1.13 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: match.h,v 1.14 2008/06/10 03:57:27 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -21,4 +21,7 @@
int match_user(const char *, const char *, const char *, const char *);
char *match_list(const char *, const char *, u_int *);
+/* addrmatch.c */
+int addr_match_list(const char *, const char *);
+
#endif
Modified: trunk/misc.c
===================================================================
--- trunk/misc.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/misc.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.65 2006/11/23 01:35:11 ray Exp $ */
+/* $OpenBSD: misc.c,v 1.69 2008/06/13 01:38:23 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -42,6 +42,7 @@
#include <errno.h>
#include <fcntl.h>
+#include <netdb.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#include <pwd.h>
@@ -120,6 +121,14 @@
return (0);
}
+const char *
+ssh_gai_strerror(int gaierr)
+{
+ if (gaierr == EAI_SYSTEM)
+ return strerror(errno);
+ return gai_strerror(gaierr);
+}
+
/* disable nagle on socket */
void
set_nodelay(int fd)
@@ -525,7 +534,7 @@
if ((pw = getpwnam(user)) == NULL)
fatal("tilde_expand_filename: No such user %s", user);
} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
- fatal("tilde_expand_filename: No such uid %d", uid);
+ fatal("tilde_expand_filename: No such uid %ld", (long)uid);
if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
fatal("tilde_expand_filename: Path too long");
@@ -823,3 +832,23 @@
p[0] = (u_char)(v >> 8) & 0xff;
p[1] = (u_char)v & 0xff;
}
+
+void
+ms_subtract_diff(struct timeval *start, int *ms)
+{
+ struct timeval diff, finish;
+
+ gettimeofday(&finish, NULL);
+ timersub(&finish, start, &diff);
+ *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000);
+}
+
+void
+ms_to_timeval(struct timeval *tv, int ms)
+{
+ if (ms < 0)
+ ms = 0;
+ tv->tv_sec = ms / 1000;
+ tv->tv_usec = (ms % 1000) * 1000;
+}
+
Modified: trunk/misc.h
===================================================================
--- trunk/misc.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/misc.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.36 2006/08/18 10:27:16 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.38 2008/06/12 20:38:28 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -33,8 +33,11 @@
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
char *tohex(const void *, size_t);
void sanitise_stdfd(void);
+void ms_subtract_diff(struct timeval *, int *);
+void ms_to_timeval(struct timeval *, int);
struct passwd *pwcopy(struct passwd *);
+const char *ssh_gai_strerror(int);
typedef struct arglist arglist;
struct arglist {
Modified: trunk/moduli
===================================================================
--- trunk/moduli 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/moduli 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,189 +1,174 @@
-# $OpenBSD: moduli,v 1.3 2005/01/24 10:29:06 dtucker Exp $
+# $OpenBSD: moduli,v 1.4 2008/01/01 08:51:20 dtucker Exp $
# Time Type Tests Tries Size Generator Modulus
-20040225025212 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7AFFE86A7
-20040225025304 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B01F83CB
-20040225025357 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B03F2B73
-20040225025411 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B041C8C7
-20040225025444 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0546E93
-20040225025458 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0573767
-20040225025522 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0629E73
-20040225025545 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B06CD95B
-20040225025616 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B07C93A3
-20040225025655 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B093C72B
-20040225025710 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B096450B
-20040225025750 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0AF2C83
-20040225025830 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0C7F1FF
-20040225025845 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0CB565B
-20040225025858 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0CD8557
-20040225025915 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0D20473
-20040225025934 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0D924F7
-20040225025952 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0DFD8BB
-20040225030015 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0E8E59F
-20040225030039 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0F43B0B
-20040225030104 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B0FEB103
-20040225030130 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B10AC3DB
-20040225030149 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1122527
-20040225030214 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B11E494B
-20040225030245 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B12E727B
-20040225030319 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1416743
-20040225030347 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1507F2B
-20040225030404 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1560FE3
-20040225030418 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1591CF7
-20040225030432 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B15B57FF
-20040225030455 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B165D0AF
-20040225030511 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B169C97F
-20040225030551 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B182715B
-20040225030621 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1920737
-20040225030648 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B19FB54B
-20040225030718 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1AFAE87
-20040225030736 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1B5A7AF
-20040225030753 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1BC3C47
-20040225030815 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1C6AF33
-20040225030831 2 6 100 1023 2 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1CAD9FB
-20040225030902 2 6 100 1023 5 CAADDDEC1667FC68B5FA15D53C4E1532DD24561A1A2D47A12C01ABEA1E00731F6921AAC40742311FDF9E634BB7131BEE1AF240261554389A910425E044E88C8359B010F5AD2B80E29CB1A5B027B19D9E01A6F63A6F45E5D7ED2FF6A2A0085050A7D0CF307C3DB51D2490355907B4427C23A98DF1EB8ABEF2BA209BB7B1DC6A8F
-20040225035226 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800C47CAB
-20040225035359 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800D3866B
-20040225035635 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844800F43DFF
-20040225035846 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448010B4D93
-20040225040147 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448013094F3
-20040225040301 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448013AA0FB
-20040225040619 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480163EC83
-20040225040718 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448016AEB8F
-20040225041023 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480190871F
-20040225041328 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801B5F1B3
-20040225041740 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801ED6FBB
-20040225041921 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844801FEC44F
-20040225042229 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802245FF7
-20040225042513 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480246F93B
-20040225042547 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802473F4F
-20040225042707 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480253B03B
-20040225043111 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480287CD9B
-20040225043513 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802BC32FB
-20040225043609 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802C2125B
-20040225043847 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802E1B733
-20040225043925 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844802E2E963
-20040225044335 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448031AC423
-20040225045303 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803A10E07
-20040225045443 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803B0EF43
-20040225045518 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803B15033
-20040225045923 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803E58317
-20040225050120 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844803F9EB4F
-20040225050333 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448041304B3
-20040225050524 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804279B2F
-20040225050559 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804281047
-20040225050810 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF8448043F454F
-20040225051113 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804672F1F
-20040225051335 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804809CB3
-20040225051442 2 6 100 1535 5 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF84480489545F
-20040225052303 2 6 100 1535 2 FC4601920ABD76FF37FDC717EDFFEC0E539D5F7697882432A53085C95B040175503AEBD8A0FDF38D5F4EAA8EB1A22389D2CF2070F4DD47E2E8F89F4DD4ACACE4593F762DB92C479EBF1BBD4EF450A7FFAA15F75FB921B42B62466C29A993E7C7D8FD8412A4869D867E2765C2CBA0BC0F31E625B9BE1FF5421FDC2E097E0EF66F1CC9FF04AEB9341327D3468630C4E049530EF12350D51A71FDF9B6DB3CE56ED8C9FE61148F8098722A43C4F0AE29855BC9E06068D3898146ACFF844804FE918B
-20040225062215 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9F68B3E7
-20040225063823 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9FD47307
-20040225064402 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6B9FF43C0F
-20040225065646 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA04740DB
-20040225065825 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA04B01BF
-20040225070116 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA056DD47
-20040225074027 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA172E1B3
-20040225080343 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA217422F
-20040225081159 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA24927DB
-20040225081331 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA24C058B
-20040225082528 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA2993EBF
-20040225084537 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3242BE3
-20040225085012 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA33EF643
-20040225085829 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3729D77
-20040225090710 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3AC0143
-20040225091002 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA3B8AE6B
-20040225092648 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA42B65D7
-20040225093120 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4442793
-20040225093517 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA459441F
-20040225094409 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA491BE4B
-20040225095209 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4C4E437
-20040225095548 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA4D5D7AB
-20040225100531 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA51404EB
-20040225100644 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5145C87
-20040225101834 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5609CBB
-20040225102317 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA57AC86F
-20040225103220 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5B631A3
-20040225103355 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5B98D2F
-20040225103756 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5CEBAFB
-20040225104020 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5D77CDF
-20040225104557 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA5F6FD9F
-20040225110302 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA66A70DF
-20040225110515 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6721A43
-20040225110913 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6879A53
-20040225111338 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA69FE2FB
-20040225111911 2 6 100 2047 5 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA6C04F47
-20040225112902 2 6 100 2047 2 F8F54DA4E1F232A9D05104B807DCBEA553C1E606FEB1CF149DEBB99243AAA7A354616FD95368EBCC1A58C8BCB87FB993F731400A413E07E35B1ADDD6484973E1734835FEFDC214DACA8C0844285A670D03BB3E1A5B5E14DC6F3B20EAAC8F18EB6C48AA5604F21EBEEA3C867F6CFA010858DFD589DCDEFBE8996A42F5BA00BEDFF6743F4D4E2808806965258C4E17D1B2BF371814696A2CC7C5C6548ED480AA7491A9DE16D2B12F15471B192295AA27F6D047EC2BA7547ED70674F52B4934D846712B1EA87E7FE12C5A210DEF5B3A14DBC8E712AA7192D877B4E6479F3CD69F82127E7352C19191B036A86BCF2D7D7CC687C25C5E4620295F10DCCE6BA7007CD3
-20040225143208 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8968A91B
-20040225144922 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8987DF6B
-20040225150309 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD899E0F8B
-20040225161716 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8A3A91CF
-20040225163012 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8A4CED2B
-20040225175457 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8B02C5DB
-20040225182539 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8B3E9D13
-20040225194030 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8BDE269B
-20040225201420 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C203553
-20040225203219 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C40B747
-20040225203908 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C46ED83
-20040225210230 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8C72586B
-20040225212746 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8CA15F2F
-20040225214624 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8CC34833
-20040225223007 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8D1B23AB
-20040225234913 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8DC36C9B
-20040226001353 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8DF174B3
-20040226004101 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8E24518B
-20040226010652 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8E543397
-20040226015415 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8EB6152F
-20040226022931 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8EFD1773
-20040226025740 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD8F3376D7
-20040226053010 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD90786CE3
-20040226054156 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD908AC36B
-20040226081600 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD91D61A43
-20040226083039 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD91ED4AE3
-20040226092910 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9265F7DB
-20040226112913 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD93696533
-20040226115826 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD93A210A3
-20040226135326 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD949596D7
-20040226145128 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95096CCF
-20040226153142 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95582C7B
-20040226164905 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD95FACE7B
-20040226171921 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9633F443
-20040226182347 2 6 100 3071 5 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD96BAC3A7
-20040226200555 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD97972EFB
-20040226202801 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD97C0B5C3
-20040226214755 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9868011B
-20040226215843 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD9876E7FB
-20040226220422 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD987B4983
-20040226222346 2 6 100 3071 2 EDDA2E6520E6A915FE821EA06B4E19C95EBA8092F521CDE778B7B6CCA0FD89E935C904E2FA83E37DD49C1C52120C0958B85AAEE0B1A0E36C89836CE6C5509D50ABA58C154289C129B4A12A9249589496A5381CEA2105D818DB8790C4913BAD3C4C5ADB6BE036BD44B8AFB9F607017277FA36C971E5F10D7D062354FAB31BA97B376D723451478D1BA7D2C213A2E377E6826FF2F0695A2EDF9F8107DE4FF78DD0C2EF3A715084592623C58D2B2775FC7C0CF8F745EA1C75BEA8E574B9747207357DE143B0A803829E418B8F4BB44C40481CBB086B8AC6B93CC0E989E1336A010529F5D0FC4E077F778672646C62B7371965D60822C871F97C03913DB5CE080F67A348DD1722DD7BFA0761B2BF16A925FB9FCB6DCD1BC959A8794ACAEA984E1E9AE7BB2276B9C866CC890D8A8C51A17C479DA689DAA065C019CF9B082ED67D9CF1C9753E2A4030CCC27BE34280F042384597CEA223D5FA6631E109D5A23C60312F1D4783C3403D67A0D67665F7C5BEABF0BC30514DB07D7EF2A8E07CDD989D61D3
-20040227091438 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC5737ECF
-20040227101541 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC5AE7363
-20040227160657 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC7295F4F
-20040227180410 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC7A46573
-20040227225950 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC8E6D5E3
-20040227233727 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFC9079B33
-20040228032633 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCA006227
-20040228060859 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCAAE6E63
-20040228101703 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCBBC54FB
-20040228192850 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFCE191D13
-20040229084451 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD1804AF3
-20040229164933 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD3887E07
-20040229210220 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD49457B7
-20040229222958 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD4EA3223
-20040301003324 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD566C79B
-20040301030228 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD6032D8F
-20040301040042 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD63B1113
-20040301073501 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD71C4A67
-20040301133631 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD8A0BBD3
-20040301165652 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD96E4053
-20040301184021 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFD9D662FB
-20040302045553 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDC5FE8E3
-20040302112648 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDDFE9D13
-20040302120026 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDE1A5AD3
-20040302130757 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDE5E4073
-20040302142004 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDEA4AA9B
-20040302145603 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFDEC2C32B
-20040302212946 2 6 100 4095 5 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE0652EC7
-20040303003544 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE127CF63
-20040303072925 2 6 100 4095 2 C7FE661FF2675517258B6E893FE81DFC29EDFB28FFE325C4F929BFAF5D0203DF5D75D966B0886A4197CC8F2EE339349DF88E73C54A315C402DF609DA61A237435167524F8EA37E5AB33E8A0C80E36DF4F6B9D6141958CC784CDDB6E2543038C9966D62AC2474786F2E2890E4935AD47BB005A6FC309817807EC9597B69858F1FBD6A1B28E897EFB6219F9FF83BEAFFD448C9F2F8C33CEA7C08242428FD75D218411E41523B688BF3D9311374E43D8963C821611BBBC91CA23968E60FB143FA0B36120657734D5C83C1C58A5A229CCDDC27875E51C358F0C8FEDDE4A11C50E0A154C80127B6FF92F496F7F2FA41D601A3EA88A3A53569AA3F3ABA5761757AC553CF57578800379C5F06082DD6088841D7BA48A58D1422B0DEC088279655C2D6380CF7097CD39565E9998785CBEB300AFFADEACA285201CBB27F48456EF7E49DE75380D0D1B4CCC28ADB8E12903473548D74A8847DAADC34315F157351C4CD507FF9B03CA6DD1C954BB75C9FD3C425FEFA76FC03FB346BE11E61B67A3AD374C1843ECA636CC7454249AB2A08B645DADCBFB48A470B1206ED20020FF0A0F5C2253187BBC2BC7F449AD58D35746E5A47B4A7BB404592C0A1F4E3BA34938C1E3C32464E1A52D3E722FA1165B72E8B438C11CFD0DB42A4081ED09F468A2E17C8D3F2BB689DC0CC831F889D7BAFC39D2A7F6C9A362E9BAE48B12FBACF34F9DFE2D793F3
+20060827013849 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE261778F3
+20060827013906 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE261CC47B
+20060827013924 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2621AFA3
+20060827014045 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26551B8B
+20060827014056 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26556A27
+20060827014115 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE265B7273
+20060827014137 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26644D77
+20060827014203 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26717773
+20060827014214 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26722EBB
+20060827014312 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26961C8B
+20060827014407 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26BA7BBF
+20060827014418 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26BAC107
+20060827014436 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26C05207
+20060827014515 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26D48C73
+20060827014527 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26D65CD7
+20060827014538 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26D7096F
+20060827014607 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26E3760B
+20060827014626 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26EAF29F
+20060827014637 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26EBCF4F
+20060827014653 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26F0D6BB
+20060827014732 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27088963
+20060827014835 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27320A73
+20060827014915 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27486FA3
+20060827014926 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2748FD9F
+20060827014940 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE274BB323
+20060827014956 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE274F8F7F
+20060827015028 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE275C008F
+20060827015112 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2776D9EF
+20060827015134 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27809AA3
+20060827015146 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27826DFB
+20060827015200 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2785363F
+20060827015231 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27951F4F
+20060827015246 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27991903
+20060827015300 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE279C7B37
+20060827015329 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27AB4843
+20060827015347 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27B0F9D7
+20060827015359 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27B24D5B
+20060827015430 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27C2CE27
+20060827015449 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27CA3BA3
+20060827015546 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27E90A07
+20060827015607 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27F116BF
+20060827015630 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27FBB66F
+20060827015649 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2803E313
+20060827024302 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AD6C361B
+20060827024350 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AD6F7E93
+20060827024537 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AD7DE4BB
+20060827025000 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6ADB6D4D7
+20060827025429 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6ADEF2D8B
+20060827025612 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6ADFCCB13
+20060827030138 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AE41E89B
+20060827030223 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AE44A263
+20060827030555 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AE6FD2A7
+20060827031244 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AECC68C3
+20060827031437 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AEDFB4EB
+20060827031602 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AEEB07E7
+20060827032434 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AF5B1533
+20060827032933 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AF99D5D3
+20060827033028 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AF9CF037
+20060827033120 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFA14BBF
+20060827033331 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFB9FD2B
+20060827033555 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFD32F8B
+20060827033806 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFEBB7DB
+20060827034045 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B009C8D3
+20060827034214 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0177447
+20060827034316 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B01EFC27
+20060827034514 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0313F9B
+20060827035109 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B07D542B
+20060827035412 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0A3485F
+20060827035525 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0AAF3BB
+20060827035829 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0CFE04F
+20060827040101 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0E988E7
+20060827040504 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B11D001B
+20060827040746 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B13A45DF
+20060827041350 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B188B89F
+20060827041513 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B193B2EB
+20060827041621 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B19B9807
+20060827041657 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B19C0107
+20060827041817 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B1A6BE4B
+20060827052122 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C77E8ED3
+20060827055248 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8549C07
+20060827055453 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C85B17DF
+20060827060456 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C899BBE7
+20060827061203 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8C362B3
+20060827061433 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8CC69F7
+20060827061904 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8E44BC7
+20060827062255 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8F6B23F
+20060827063052 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C926C817
+20060827063354 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9351ABF
+20060827063925 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9541A43
+20060827064904 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C98CFAE7
+20060827070314 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9E30823
+20060827070806 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9F90C33
+20060827071119 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA04D477
+20060827072534 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA5A1ADB
+20060827073212 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA7E88A3
+20060827073641 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA93A193
+20060827073850 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA999B57
+20060827080040 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CB21505F
+20060827080817 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CB4C2F97
+20060827083711 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC0FAA7F
+20060827084308 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC30FD83
+20060827084830 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC4EFB67
+20060827085653 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC8152FB
+20060827090522 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CCB5AE6B
+20060827092253 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CD252FCB
+20060827095916 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CE117E2F
+20060827100246 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CE2087CB
+20060827102041 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CE925537
+20060827102556 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CEAF2A27
+20060827103749 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CEF9826F
+20060827103917 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CEFBC467
+20060827104611 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CF24A6E3
+20060827130320 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFA80B3F
+20060827132001 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFC2F2A3
+20060827132659 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFC83DE3
+20060827133231 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFCAE263
+20060827134212 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFD5D943
+20060827135606 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFEAD4AB
+20060827142452 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F01CBFBB
+20060827185212 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F24CFF67
+20060827190158 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F2599507
+20060827202730 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F305315B
+20060827213252 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F38A5B63
+20060827214322 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F3987FC7
+20060827214825 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F39A3CDB
+20060827232520 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F46375AB
+20060828030405 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F62B17EB
+20060828043230 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F6E0BB4F
+20060828081338 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F8A9B0EF
+20060828083613 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F8D164EF
+20060828090529 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F906488B
+20060828100621 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F97FF4CB
+20060828121421 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FA80824B
+20060828141024 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FB659087
+20060828142059 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FB739E8F
+20060828170552 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FCC5CE57
+20060828171327 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FCCCF9D3
+20060828185943 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDA67727
+20060828190537 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDAAC673
+20060828191202 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDAFC737
+20060828192613 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDC50FBB
+20060828193738 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDD6023F
+20060828204936 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FE68405F
+20060829063416 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE57DE9222B
+20060829082327 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE57E5385E7
+20060829092010 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE57E8501A3
+20060830004204 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5825F180F
+20060830013522 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5828DFA2B
+20060830124707 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58555C9EB
+20060830180312 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE586989437
+20060831041205 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5891334BF
+20060831102341 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58A8F8B27
+20060831234001 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58DD7278B
+20060901032352 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58EBE93EB
+20060901061345 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58F693A3F
+20060901123055 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE590F80AE7
+20060901191922 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE592994C63
+20060901203957 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE592E5D92F
+20060901210250 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE592F4A5F3
+20060901225047 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5935D124B
+20060902020657 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5942520CB
+20060902070624 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59553E03F
+20060902095300 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE595F6EC6B
+20060902113306 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE596599BEF
+20060902142302 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59703582B
+20060902210839 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE598A695F7
+20060903073325 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59B315E9B
+20060903095626 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59BBD7153
+20060903162601 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59D48AEE3
20040305011518 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E4CE974B
20040305043124 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E5050933
20040305084728 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E54C7783
@@ -198,3 +183,6 @@
20040319025848 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FD81741B
20040323194658 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C708105AF04AF
20040324041535 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C70810643E737
+20061002171426 2 6 100 8191 2 D2D64D8CC6FDFA9897C8AE805EA7CB972D7A10F5A268EB5B33B0CCE2C75E480365A49070185D8B316872BAF0F3AAF94498A8E0007A13D574C905441F19D4B0D55A83E2A70C09F7B3E353DEA76F5FEB4191E31F4A52D0BC643B9FD1959BDF8B99C13F245B5D9E8589D6C18A844814486F25A8E189B964A9E72675DDE4D759C901C09F7C24CB3E939B54D2009AE9331446C1EDE5FA9D0A33B36F6A6C9B55E956A94169FBE9C1A24EC9A3E497371F4131F2B1E4FB25A1BB27B23A6661155F37C6EC913E5CB207AD894C2319852C556CA040C6B72DE6E913BCF419E5914507119F771206FAB25B1D6BAD57AFEAF74D807CC576549CD979B0AAC13F5D2B637CCF4A54D2D903A4B29C16B9E8BEE8AD6200D24E4E3E97EB25B2DD13C31AE2A4F27D6EFBFA113F9334F92204FCFFCAA5EBDCCBA986C5B6E665FE71D6654ACA3C8051424133597FD65A18BB2AA24FFDD8B09A8758D984E09BE1F55B16A37B36B058295B1E9942A89D386D4B4DB58C516429248052D97DE42BFC32AB14F13D7F963E86867B8B7245062061C9F315EA94C38FCC0E118373BEFC41D1004CF0FA6D951E20BAC5D2C15F5796163469B88A75FE5F5D2C69C949DA47DAC75D22869F37FAB2490791FA5A5854360EAA13701CEE40EC371797272A12746ABA9CB303224B82F8CCE3F62C0D3EA0D62BF3B2C387E015B1A96A4C4A2A73ADA521B0536B81A536A5119EC559D524BA7F2B25A094A164A4EEBB8ADA886DCBA9647FC4D2D4A91BA0DB32805EDA75B61E09F44BC49862D70B8F28C8E630CD6F0DF245535D79DCD75ECBDE51B29AA6DD3F59736E5028E3AB1E75CFCDA1FF9E6F8D52027A4BC218FC9A9E660BF7EB14D300F4199C04B24725405AFA6535DF0837FEF33C0F8B57B9BDFFB1D956E7B40E822FF40603FB5417523B115FE5864094001CEF2526395C19532F153C4630B95E9835FAC985E1C9DF62188DBA12D5B8BEEB414FFD90AFEDF8F986DF33EF5BC7F7C16ACDC4D40A00822CE17A9724066EED89127195BB9D037CB7FB74AA7178A1A4CBECC5D9F67747AA74156C70E54BABA8641A55B93637385A0D1D56E5220867B5A11ED44CFC405AC238DC39690A966A2DE238FFA1E3B3C859D988DE14916C32AB2A2CB35C57F3609C34F1E8E4B5FAC2F446E0EB78CFD64DD7A3570677D373E8FEC6FF47D5471577D92F22B115D03F302C8CD1A43FCDCEBBA823EE942D7733FF7F78672BEAACCEA279744CC14D60E3912E81A14421989CF5B2C10FD1CDB6CA95E2CA8C574AA6C4F3856602A0D32A9978697752878C0DCB50EF5463EE61C83F776AB9D8098755AF00D2972D3E5E502C39A9CE52C8588472C1D3242CA658290F472D48CB0876752643C2F63CFEB66DF6E93C8BE2404DFA10AB3D8EEF214C371DC0EC29755C086574B1AA92A892B517F6E01056DD5EFEB2437E23100E487E3D4B
+20061005090403 2 6 100 8191 5 D2D64D8CC6FDFA9897C8AE805EA7CB972D7A10F5A268EB5B33B0CCE2C75E480365A49070185D8B316872BAF0F3AAF94498A8E0007A13D574C905441F19D4B0D55A83E2A70C09F7B3E353DEA76F5FEB4191E31F4A52D0BC643B9FD1959BDF8B99C13F245B5D9E8589D6C18A844814486F25A8E189B964A9E72675DDE4D759C901C09F7C24CB3E939B54D2009AE9331446C1EDE5FA9D0A33B36F6A6C9B55E956A94169FBE9C1A24EC9A3E497371F4131F2B1E4FB25A1BB27B23A6661155F37C6EC913E5CB207AD894C2319852C556CA040C6B72DE6E913BCF419E5914507119F771206FAB25B1D6BAD57AFEAF74D807CC576549CD979B0AAC13F5D2B637CCF4A54D2D903A4B29C16B9E8BEE8AD6200D24E4E3E97EB25B2DD13C31AE2A4F27D6EFBFA113F9334F92204FCFFCAA5EBDCCBA986C5B6E665FE71D6654ACA3C8051424133597FD65A18BB2AA24FFDD8B09A8758D984E09BE1F55B16A37B36B058295B1E9942A89D386D4B4DB58C516429248052D97DE42BFC32AB14F13D7F963E86867B8B7245062061C9F315EA94C38FCC0E118373BEFC41D1004CF0FA6D951E20BAC5D2C15F5796163469B88A75FE5F5D2C69C949DA47DAC75D22869F37FAB2490791FA5A5854360EAA13701CEE40EC371797272A12746ABA9CB303224B82F8CCE3F62C0D3EA0D62BF3B2C387E015B1A96A4C4A2A73ADA521B0536B81A536A5119EC559D524BA7F2B25A094A164A4EEBB8ADA886DCBA9647FC4D2D4A91BA0DB32805EDA75B61E09F44BC49862D70B8F28C8E630CD6F0DF245535D79DCD75ECBDE51B29AA6DD3F59736E5028E3AB1E75CFCDA1FF9E6F8D52027A4BC218FC9A9E660BF7EB14D300F4199C04B24725405AFA6535DF0837FEF33C0F8B57B9BDFFB1D956E7B40E822FF40603FB5417523B115FE5864094001CEF2526395C19532F153C4630B95E9835FAC985E1C9DF62188DBA12D5B8BEEB414FFD90AFEDF8F986DF33EF5BC7F7C16ACDC4D40A00822CE17A9724066EED89127195BB9D037CB7FB74AA7178A1A4CBECC5D9F67747AA74156C70E54BABA8641A55B93637385A0D1D56E5220867B5A11ED44CFC405AC238DC39690A966A2DE238FFA1E3B3C859D988DE14916C32AB2A2CB35C57F3609C34F1E8E4B5FAC2F446E0EB78CFD64DD7A3570677D373E8FEC6FF47D5471577D92F22B115D03F302C8CD1A43FCDCEBBA823EE942D7733FF7F78672BEAACCEA279744CC14D60E3912E81A14421989CF5B2C10FD1CDB6CA95E2CA8C574AA6C4F3856602A0D32A9978697752878C0DCB50EF5463EE61C83F776AB9D8098755AF00D2972D3E5E502C39A9CE52C8588472C1D3242CA658290F472D48CB0876752643C2F63CFEB66DF6E93C8BE2404DFA10AB3D8EEF214C371DC0EC29755C086574B1AA92A892B517F6E01056DD5EFEB2437E23100E4A242A2F
+20061005152228 2 6 100 8191 2 D2D64D8CC6FDFA9897C8AE805EA7CB972D7A10F5A268EB5B33B0CCE2C75E480365A49070185D8B316872BAF0F3AAF94498A8E0007A13D574C905441F19D4B0D55A83E2A70C09F7B3E353DEA76F5FEB4191E31F4A52D0BC643B9FD1959BDF8B99C13F245B5D9E8589D6C18A844814486F25A8E189B964A9E72675DDE4D759C901C09F7C24CB3E939B54D2009AE9331446C1EDE5FA9D0A33B36F6A6C9B55E956A94169FBE9C1A24EC9A3E497371F4131F2B1E4FB25A1BB27B23A6661155F37C6EC913E5CB207AD894C2319852C556CA040C6B72DE6E913BCF419E5914507119F771206FAB25B1D6BAD57AFEAF74D807CC576549CD979B0AAC13F5D2B637CCF4A54D2D903A4B29C16B9E8BEE8AD6200D24E4E3E97EB25B2DD13C31AE2A4F27D6EFBFA113F9334F92204FCFFCAA5EBDCCBA986C5B6E665FE71D6654ACA3C8051424133597FD65A18BB2AA24FFDD8B09A8758D984E09BE1F55B16A37B36B058295B1E9942A89D386D4B4DB58C516429248052D97DE42BFC32AB14F13D7F963E86867B8B7245062061C9F315EA94C38FCC0E118373BEFC41D1004CF0FA6D951E20BAC5D2C15F5796163469B88A75FE5F5D2C69C949DA47DAC75D22869F37FAB2490791FA5A5854360EAA13701CEE40EC371797272A12746ABA9CB303224B82F8CCE3F62C0D3EA0D62BF3B2C387E015B1A96A4C4A2A73ADA521B0536B81A536A5119EC559D524BA7F2B25A094A164A4EEBB8ADA886DCBA9647FC4D2D4A91BA0DB32805EDA75B61E09F44BC49862D70B8F28C8E630CD6F0DF245535D79DCD75ECBDE51B29AA6DD3F59736E5028E3AB1E75CFCDA1FF9E6F8D52027A4BC218FC9A9E660BF7EB14D300F4199C04B24725405AFA6535DF0837FEF33C0F8B57B9BDFFB1D956E7B40E822FF40603FB5417523B115FE5864094001CEF2526395C19532F153C4630B95E9835FAC985E1C9DF62188DBA12D5B8BEEB414FFD90AFEDF8F986DF33EF5BC7F7C16ACDC4D40A00822CE17A9724066EED89127195BB9D037CB7FB74AA7178A1A4CBECC5D9F67747AA74156C70E54BABA8641A55B93637385A0D1D56E5220867B5A11ED44CFC405AC238DC39690A966A2DE238FFA1E3B3C859D988DE14916C32AB2A2CB35C57F3609C34F1E8E4B5FAC2F446E0EB78CFD64DD7A3570677D373E8FEC6FF47D5471577D92F22B115D03F302C8CD1A43FCDCEBBA823EE942D7733FF7F78672BEAACCEA279744CC14D60E3912E81A14421989CF5B2C10FD1CDB6CA95E2CA8C574AA6C4F3856602A0D32A9978697752878C0DCB50EF5463EE61C83F776AB9D8098755AF00D2972D3E5E502C39A9CE52C8588472C1D3242CA658290F472D48CB0876752643C2F63CFEB66DF6E93C8BE2404DFA10AB3D8EEF214C371DC0EC29755C086574B1AA92A892B517F6E01056DD5EFEB2437E23100E4A4C3B0B
Modified: trunk/moduli.c
===================================================================
--- trunk/moduli.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/moduli.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */
+/* $OpenBSD: moduli.c,v 1.21 2008/06/26 09:19:40 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn at qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson at greendragon.com>
@@ -42,6 +42,7 @@
#include <sys/types.h>
#include <openssl/bn.h>
+#include <openssl/dh.h>
#include <stdio.h>
#include <stdlib.h>
@@ -50,6 +51,7 @@
#include <time.h>
#include "xmalloc.h"
+#include "dh.h"
#include "log.h"
/*
@@ -59,27 +61,6 @@
/* need line long enough for largest moduli plus headers */
#define QLINESIZE (100+8192)
-/* Type: decimal.
- * Specifies the internal structure of the prime modulus.
- */
-#define QTYPE_UNKNOWN (0)
-#define QTYPE_UNSTRUCTURED (1)
-#define QTYPE_SAFE (2)
-#define QTYPE_SCHNORR (3)
-#define QTYPE_SOPHIE_GERMAIN (4)
-#define QTYPE_STRONG (5)
-
-/* Tests: decimal (bit field).
- * Specifies the methods used in checking for primality.
- * Usually, more than one test is used.
- */
-#define QTEST_UNTESTED (0x00)
-#define QTEST_COMPOSITE (0x01)
-#define QTEST_SIEVE (0x02)
-#define QTEST_MILLER_RABIN (0x04)
-#define QTEST_JACOBI (0x08)
-#define QTEST_ELLIPTIC (0x10)
-
/*
* Size: decimal.
* Specifies the number of the most significant bit (0 to M).
@@ -434,8 +415,9 @@
fatal("BN_set_word failed");
if (BN_add(q, q, largebase) == 0)
fatal("BN_add failed");
- if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE,
- largetries, (power - 1) /* MSB */, (0), q) == -1) {
+ if (qfileout(out, MODULI_TYPE_SOPHIE_GERMAIN,
+ MODULI_TESTS_SIEVE, largetries,
+ (power - 1) /* MSB */, (0), q) == -1) {
ret = -1;
break;
}
@@ -507,7 +489,7 @@
/* tests */
in_tests = strtoul(cp, &cp, 10);
- if (in_tests & QTEST_COMPOSITE) {
+ if (in_tests & MODULI_TESTS_COMPOSITE) {
debug2("%10u: known composite", count_in);
continue;
}
@@ -526,7 +508,7 @@
/* modulus (hex) */
switch (in_type) {
- case QTYPE_SOPHIE_GERMAIN:
+ case MODULI_TYPE_SOPHIE_GERMAIN:
debug2("%10u: (%u) Sophie-Germain", count_in, in_type);
a = q;
if (BN_hex2bn(&a, cp) == 0)
@@ -539,11 +521,11 @@
in_size += 1;
generator_known = 0;
break;
- case QTYPE_UNSTRUCTURED:
- case QTYPE_SAFE:
- case QTYPE_SCHNORR:
- case QTYPE_STRONG:
- case QTYPE_UNKNOWN:
+ case MODULI_TYPE_UNSTRUCTURED:
+ case MODULI_TYPE_SAFE:
+ case MODULI_TYPE_SCHNORR:
+ case MODULI_TYPE_STRONG:
+ case MODULI_TYPE_UNKNOWN:
debug2("%10u: (%u)", count_in, in_type);
a = p;
if (BN_hex2bn(&a, cp) == 0)
@@ -570,7 +552,7 @@
continue;
}
- if (in_tests & QTEST_MILLER_RABIN)
+ if (in_tests & MODULI_TESTS_MILLER_RABIN)
in_tries += trials;
else
in_tries = trials;
@@ -644,7 +626,8 @@
}
debug("%10u: q is almost certainly prime", count_in);
- if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN),
+ if (qfileout(out, MODULI_TYPE_SAFE,
+ in_tests | MODULI_TESTS_MILLER_RABIN,
in_tries, in_size, generator_known, p)) {
res = -1;
break;
Modified: trunk/monitor.c
===================================================================
--- trunk/monitor.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/monitor.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.91 2007/05/17 20:52:13 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.99 2008/07/10 18:08:11 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -51,6 +51,7 @@
#include <openssl/dh.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "key.h"
@@ -660,11 +661,11 @@
#endif
buffer_put_cstring(m, pwent->pw_dir);
buffer_put_cstring(m, pwent->pw_shell);
+
+ out:
buffer_put_string(m, &options, sizeof(options));
if (options.banner != NULL)
buffer_put_cstring(m, options.banner);
-
- out:
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
mm_request_send(sock, MONITOR_ANS_PWNAM, m);
@@ -1055,6 +1056,8 @@
allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key);
auth_method = "publickey";
+ if (options.pubkey_authentication && allowed != 1)
+ auth_clear_options();
break;
case MM_HOSTKEY:
allowed = options.hostbased_authentication &&
@@ -1067,6 +1070,8 @@
allowed = options.rhosts_rsa_authentication &&
auth_rhosts_rsa_key_allowed(authctxt->pw,
cuser, chost, key);
+ if (options.rhosts_rsa_authentication && allowed != 1)
+ auth_clear_options();
auth_method = "rsa";
break;
default:
@@ -1096,7 +1101,7 @@
}
debug3("%s: key %p is %s",
- __func__, key, allowed ? "allowed" : "disallowed");
+ __func__, key, allowed ? "allowed" : "not allowed");
buffer_clear(m);
buffer_put_int(m, allowed);
@@ -1313,7 +1318,7 @@
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
session_pty_cleanup2(s);
}
- s->used = 0;
+ session_unused(s->self);
}
int
@@ -1355,8 +1360,9 @@
mm_request_send(sock, MONITOR_ANS_PTY, m);
- mm_send_fd(sock, s->ptyfd);
- mm_send_fd(sock, s->ttyfd);
+ if (mm_send_fd(sock, s->ptyfd) == -1 ||
+ mm_send_fd(sock, s->ttyfd) == -1)
+ fatal("%s: send fds failed", __func__);
/* make sure nothing uses fd 0 */
if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
@@ -1587,6 +1593,11 @@
/* The child is terminating */
session_destroy_all(&mm_session_close);
+#ifdef USE_PAM
+ if (options.use_pam)
+ sshpam_cleanup();
+#endif
+
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR)
exit(1);
@@ -1740,7 +1751,7 @@
u_char *blob, *p;
u_int bloblen, plen;
u_int32_t seqnr, packets;
- u_int64_t blocks;
+ u_int64_t blocks, bytes;
debug3("%s: Waiting for new keys", __func__);
@@ -1773,11 +1784,13 @@
seqnr = buffer_get_int(&m);
blocks = buffer_get_int64(&m);
packets = buffer_get_int(&m);
- packet_set_state(MODE_OUT, seqnr, blocks, packets);
+ bytes = buffer_get_int64(&m);
+ packet_set_state(MODE_OUT, seqnr, blocks, packets, bytes);
seqnr = buffer_get_int(&m);
blocks = buffer_get_int64(&m);
packets = buffer_get_int(&m);
- packet_set_state(MODE_IN, seqnr, blocks, packets);
+ bytes = buffer_get_int64(&m);
+ packet_set_state(MODE_IN, seqnr, blocks, packets, bytes);
skip:
/* Get the key context */
Modified: trunk/monitor_fdpass.c
===================================================================
--- trunk/monitor_fdpass.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/monitor_fdpass.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_fdpass.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: monitor_fdpass.c,v 1.17 2008/03/24 16:11:07 deraadt Exp $ */
/*
* Copyright 2001 Niels Provos <provos at citi.umich.edu>
* All rights reserved.
@@ -64,7 +64,7 @@
return broken_cmsg_type;
}
-void
+int
mm_send_fd(int sock, int fd)
{
#if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
@@ -73,7 +73,11 @@
char ch = '\0';
ssize_t n;
#ifndef HAVE_ACCRIGHTS_IN_MSGHDR
- char tmp[CMSG_SPACE(sizeof(int))];
+ union {
+ struct cmsghdr hdr;
+ char tmp[CMSG_SPACE(sizeof(int))];
+ char buf[CMSG_SPACE(sizeof(int))];
+ } cmsgbuf;
struct cmsghdr *cmsg;
#endif
@@ -82,8 +86,8 @@
msg.msg_accrights = (caddr_t)&fd;
msg.msg_accrightslen = sizeof(fd);
#else
- msg.msg_control = (caddr_t)tmp;
- msg.msg_controllen = CMSG_LEN(sizeof(int));
+ msg.msg_control = (caddr_t)&cmsgbuf.buf;
+ msg.msg_controllen = sizeof(cmsgbuf.buf);
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
cmsg->cmsg_level = SOL_SOCKET;
@@ -96,15 +100,21 @@
msg.msg_iov = &vec;
msg.msg_iovlen = 1;
- if ((n = sendmsg(sock, &msg, 0)) == -1)
- fatal("%s: sendmsg(%d): %s", __func__, fd,
+ if ((n = sendmsg(sock, &msg, 0)) == -1) {
+ error("%s: sendmsg(%d): %s", __func__, fd,
strerror(errno));
- if (n != 1)
- fatal("%s: sendmsg: expected sent 1 got %ld",
+ return -1;
+ }
+
+ if (n != 1) {
+ error("%s: sendmsg: expected sent 1 got %ld",
__func__, (long)n);
+ return -1;
+ }
+ return 0;
#else
- fatal("%s: UsePrivilegeSeparation=yes not supported",
- __func__);
+ error("%s: file descriptor passing not supported", __func__);
+ return -1;
#endif
}
@@ -118,7 +128,10 @@
char ch;
int fd;
#ifndef HAVE_ACCRIGHTS_IN_MSGHDR
- char tmp[CMSG_SPACE(sizeof(int))];
+ union {
+ struct cmsghdr hdr;
+ char buf[CMSG_SPACE(sizeof(int))];
+ } cmsgbuf;
struct cmsghdr *cmsg;
#endif
@@ -131,31 +144,41 @@
msg.msg_accrights = (caddr_t)&fd;
msg.msg_accrightslen = sizeof(fd);
#else
- msg.msg_control = tmp;
- msg.msg_controllen = sizeof(tmp);
+ msg.msg_control = &cmsgbuf.buf;
+ msg.msg_controllen = sizeof(cmsgbuf.buf);
#endif
- if ((n = recvmsg(sock, &msg, 0)) == -1)
- fatal("%s: recvmsg: %s", __func__, strerror(errno));
- if (n != 1)
- fatal("%s: recvmsg: expected received 1 got %ld",
+ if ((n = recvmsg(sock, &msg, 0)) == -1) {
+ error("%s: recvmsg: %s", __func__, strerror(errno));
+ return -1;
+ }
+ if (n != 1) {
+ error("%s: recvmsg: expected received 1 got %ld",
__func__, (long)n);
+ return -1;
+ }
#ifdef HAVE_ACCRIGHTS_IN_MSGHDR
- if (msg.msg_accrightslen != sizeof(fd))
- fatal("%s: no fd", __func__);
+ if (msg.msg_accrightslen != sizeof(fd)) {
+ error("%s: no fd", __func__);
+ return -1;
+ }
#else
cmsg = CMSG_FIRSTHDR(&msg);
- if (cmsg == NULL)
- fatal("%s: no message header", __func__);
- if (!cmsg_type_is_broken() && cmsg->cmsg_type != SCM_RIGHTS)
- fatal("%s: expected type %d got %d", __func__,
+ if (cmsg == NULL) {
+ error("%s: no message header", __func__);
+ return -1;
+ }
+ if (!cmsg_type_is_broken() && cmsg->cmsg_type != SCM_RIGHTS) {
+ error("%s: expected type %d got %d", __func__,
SCM_RIGHTS, cmsg->cmsg_type);
+ return -1;
+ }
fd = (*(int *)CMSG_DATA(cmsg));
#endif
return fd;
#else
- fatal("%s: UsePrivilegeSeparation=yes not supported",
- __func__);
+ error("%s: file descriptor passing not supported", __func__);
+ return -1;
#endif
}
Modified: trunk/monitor_fdpass.h
===================================================================
--- trunk/monitor_fdpass.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/monitor_fdpass.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_fdpass.h,v 1.3 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: monitor_fdpass.h,v 1.4 2007/09/04 03:21:03 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -28,7 +28,7 @@
#ifndef _MM_FDPASS_H_
#define _MM_FDPASS_H_
-void mm_send_fd(int, int);
+int mm_send_fd(int, int);
int mm_receive_fd(int);
#endif /* _MM_FDPASS_H_ */
Modified: trunk/monitor_mm.h
===================================================================
--- trunk/monitor_mm.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/monitor_mm.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_mm.h,v 1.4 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: monitor_mm.h,v 1.5 2008/04/29 11:20:31 otto Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -41,9 +41,6 @@
size_t size;
struct mm_master *mmalloc; /* Used to completely share */
-
- int write; /* used to writing to other party */
- int read; /* used for reading from other party */
};
RB_PROTOTYPE(mmtree, mm_share, next, mm_compare)
Modified: trunk/monitor_wrap.c
===================================================================
--- trunk/monitor_wrap.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/monitor_wrap.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.57 2007/06/07 19:37:34 pvalchev Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.63 2008/07/10 18:08:11 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -41,6 +41,7 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "dh.h"
@@ -222,8 +223,8 @@
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, &m);
if (buffer_get_char(&m) == 0) {
- buffer_free(&m);
- return (NULL);
+ pw = NULL;
+ goto out;
}
pw = buffer_get_string(&m, &len);
if (len != sizeof(struct passwd))
@@ -237,6 +238,7 @@
pw->pw_dir = buffer_get_string(&m, NULL);
pw->pw_shell = buffer_get_string(&m, NULL);
+out:
/* copy options block as a Match directive may have changed some */
newopts = buffer_get_string(&m, &len);
if (len != sizeof(*newopts))
@@ -589,7 +591,7 @@
u_char *blob, *p;
u_int bloblen, plen;
u_int32_t seqnr, packets;
- u_int64_t blocks;
+ u_int64_t blocks, bytes;
buffer_init(&m);
@@ -638,14 +640,16 @@
buffer_put_string(&m, blob, bloblen);
xfree(blob);
- packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
+ packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
buffer_put_int64(&m, blocks);
buffer_put_int(&m, packets);
- packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
+ buffer_put_int64(&m, bytes);
+ packet_get_state(MODE_IN, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
buffer_put_int64(&m, blocks);
buffer_put_int(&m, packets);
+ buffer_put_int64(&m, bytes);
debug3("%s: New keys have been sent", __func__);
skip:
@@ -682,8 +686,21 @@
{
Buffer m;
char *p, *msg;
- int success = 0;
+ int success = 0, tmp1 = -1, tmp2 = -1;
+ /* Kludge: ensure there are fds free to receive the pty/tty */
+ if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
+ (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
+ error("%s: cannot allocate fds for pty", __func__);
+ if (tmp1 > 0)
+ close(tmp1);
+ if (tmp2 > 0)
+ close(tmp2);
+ return 0;
+ }
+ close(tmp1);
+ close(tmp2);
+
buffer_init(&m);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, &m);
@@ -706,8 +723,9 @@
buffer_append(&loginmsg, msg, strlen(msg));
xfree(msg);
- *ptyfd = mm_receive_fd(pmonitor->m_recvfd);
- *ttyfd = mm_receive_fd(pmonitor->m_recvfd);
+ if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
+ (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
+ fatal("%s: receive fds failed", __func__);
/* Success */
return (1);
@@ -726,8 +744,9 @@
buffer_free(&m);
/* closed dup'ed master */
- if (close(s->ptymaster) < 0)
- error("close(s->ptymaster): %s", strerror(errno));
+ if (s->ptymaster != -1 && close(s->ptymaster) < 0)
+ error("close(s->ptymaster/%d): %s",
+ s->ptymaster, strerror(errno));
/* unlink pty from session */
s->ttyfd = -1;
Modified: trunk/nchan.c
===================================================================
--- trunk/nchan.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/nchan.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: nchan.c,v 1.57 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: nchan.c,v 1.60 2008/06/30 12:16:02 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@@ -32,6 +32,7 @@
#include <string.h>
#include <stdarg.h>
+#include "openbsd-compat/sys-queue.h"
#include "ssh1.h"
#include "ssh2.h"
#include "buffer.h"
@@ -77,6 +78,7 @@
static void chan_send_oclose1(Channel *);
static void chan_send_close2(Channel *);
static void chan_send_eof2(Channel *);
+static void chan_send_eow2(Channel *);
/* helper */
static void chan_shutdown_write(Channel *);
@@ -305,6 +307,17 @@
break;
}
}
+void
+chan_rcvd_eow(Channel *c)
+{
+ debug2("channel %d: rcvd eow", c->self);
+ switch (c->istate) {
+ case CHAN_INPUT_OPEN:
+ chan_shutdown_read(c);
+ chan_set_istate(c, CHAN_INPUT_CLOSED);
+ break;
+ }
+}
static void
chan_rcvd_eof2(Channel *c)
{
@@ -321,6 +334,8 @@
case CHAN_OUTPUT_OPEN:
case CHAN_OUTPUT_WAIT_DRAIN:
chan_shutdown_write(c);
+ if (strcmp(c->ctype, "session") == 0)
+ chan_send_eow2(c);
chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
break;
default:
@@ -363,6 +378,23 @@
c->flags |= CHAN_CLOSE_SENT;
}
}
+static void
+chan_send_eow2(Channel *c)
+{
+ debug2("channel %d: send eow", c->self);
+ if (c->ostate == CHAN_OUTPUT_CLOSED) {
+ error("channel %d: must not sent eow on closed output",
+ c->self);
+ return;
+ }
+ if (!(datafellows & SSH_NEW_OPENSSH))
+ return;
+ packet_start(SSH2_MSG_CHANNEL_REQUEST);
+ packet_put_int(c->remote_id);
+ packet_put_cstring("eow at openssh.com");
+ packet_put_char(0);
+ packet_send();
+}
/* shared */
Modified: trunk/nchan2.ms
===================================================================
--- trunk/nchan2.ms 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/nchan2.ms 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: nchan2.ms,v 1.3 2003/11/21 11:57:03 djm Exp $
+.\" $OpenBSD: nchan2.ms,v 1.4 2008/05/15 23:52:24 djm Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
@@ -44,7 +44,7 @@
box invis "rcvd CLOSE/" "shutdown_read" with .sw at last arrow.c
arrow "ibuf_empty ||" "rcvd CLOSE/" "send EOF" "" from S2.e to S4.w
arrow from S1.s to S2.n
-box invis "read_failed/" "shutdown_read" with .e at last arrow.c
+box invis "read_failed ||" "rcvd EOW/" "shutdown_read" with .e at last arrow.c
ellipse wid .9*ellipsewid ht .9*ellipseht at S4
arrow "start" "" from S1.w+(-0.5,0) to S1.w
.PE
@@ -59,7 +59,7 @@
move down l from 1st ellipse.s
S2: ellipse "OUTPUT" "WAIT" "DRAIN"
arrow from S1.e to S4.n
-box invis "write_failed/" "shutdown_write" with .sw at last arrow.c
+box invis "write_failed/" "shutdown_write" "send EOW" with .sw at last arrow.c
arrow "obuf_empty ||" "write_failed/" "shutdown_write" "" from S2.e to S4.w
arrow from S1.s to S2.n
box invis "rcvd EOF ||" "rcvd CLOSE/" "-" with .e at last arrow.c
Modified: trunk/openbsd-compat/Makefile.in
===================================================================
--- trunk/openbsd-compat/Makefile.in 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/Makefile.in 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.41 2007/06/25 12:15:13 dtucker Exp $
+# $Id: Makefile.in,v 1.43 2008/06/08 17:32:29 dtucker Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@@ -16,9 +16,9 @@
INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@
-OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
+OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
-COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
Modified: trunk/openbsd-compat/base64.c
===================================================================
--- trunk/openbsd-compat/base64.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/base64.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */
+/* $OpenBSD: base64.c,v 1.5 2006/10/21 09:55:03 otto Exp $ */
/*
* Copyright (c) 1996 by Internet Software Consortium.
@@ -62,9 +62,6 @@
#include "base64.h"
-/* XXX abort illegal in library */
-#define Assert(Cond) if (!(Cond)) abort()
-
static const char Base64[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static const char Pad64 = '=';
@@ -151,10 +148,6 @@
output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
output[3] = input[2] & 0x3f;
- Assert(output[0] < 64);
- Assert(output[1] < 64);
- Assert(output[2] < 64);
- Assert(output[3] < 64);
if (datalength + 4 > targsize)
return (-1);
@@ -174,9 +167,6 @@
output[0] = input[0] >> 2;
output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
- Assert(output[0] < 64);
- Assert(output[1] < 64);
- Assert(output[2] < 64);
if (datalength + 4 > targsize)
return (-1);
Modified: trunk/openbsd-compat/bindresvport.c
===================================================================
--- trunk/openbsd-compat/bindresvport.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/bindresvport.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,6 +1,6 @@
/* This file has be substantially modified from the original OpenBSD source */
-/* $OpenBSD: bindresvport.c,v 1.16 2005/04/01 07:44:03 otto Exp $ */
+/* $OpenBSD: bindresvport.c,v 1.17 2005/12/21 01:40:22 millert Exp $ */
/*
* Copyright 1996, Jason Downs. All rights reserved.
@@ -54,8 +54,8 @@
{
int error, af;
struct sockaddr_storage myaddr;
- struct sockaddr_in *sin;
- struct sockaddr_in6 *sin6;
+ struct sockaddr_in *in;
+ struct sockaddr_in6 *in6;
u_int16_t *portp;
u_int16_t port;
socklen_t salen;
@@ -74,13 +74,13 @@
af = sa->sa_family;
if (af == AF_INET) {
- sin = (struct sockaddr_in *)sa;
+ in = (struct sockaddr_in *)sa;
salen = sizeof(struct sockaddr_in);
- portp = &sin->sin_port;
+ portp = &in->sin_port;
} else if (af == AF_INET6) {
- sin6 = (struct sockaddr_in6 *)sa;
+ in6 = (struct sockaddr_in6 *)sa;
salen = sizeof(struct sockaddr_in6);
- portp = &sin6->sin6_port;
+ portp = &in6->sin6_port;
} else {
errno = EPFNOSUPPORT;
return (-1);
Modified: trunk/openbsd-compat/bsd-arc4random.c
===================================================================
--- trunk/openbsd-compat/bsd-arc4random.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/bsd-arc4random.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -19,6 +19,7 @@
#include <sys/types.h>
#include <string.h>
+#include <stdlib.h>
#include <stdarg.h>
#include "log.h"
@@ -82,3 +83,68 @@
rc4_ready = REKEY_BYTES;
}
#endif /* !HAVE_ARC4RANDOM */
+
+#ifndef ARC4RANDOM_BUF
+void
+arc4random_buf(void *_buf, size_t n)
+{
+ size_t i;
+ u_int32_t r = 0;
+ char *buf = (char *)_buf;
+
+ for (i = 0; i < n; i++) {
+ if (i % 4 == 0)
+ r = arc4random();
+ buf[i] = r & 0xff;
+ r >>= 8;
+ }
+ i = r = 0;
+}
+#endif /* !HAVE_ARC4RANDOM_BUF */
+
+#ifndef ARC4RANDOM_UNIFORM
+/*
+ * Calculate a uniformly distributed random number less than upper_bound
+ * avoiding "modulo bias".
+ *
+ * Uniformity is achieved by generating new random numbers until the one
+ * returned is outside the range [0, 2**32 % upper_bound). This
+ * guarantees the selected random number will be inside
+ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
+ * after reduction modulo upper_bound.
+ */
+u_int32_t
+arc4random_uniform(u_int32_t upper_bound)
+{
+ u_int32_t r, min;
+
+ if (upper_bound < 2)
+ return 0;
+
+#if (ULONG_MAX > 0xffffffffUL)
+ min = 0x100000000UL % upper_bound;
+#else
+ /* Calculate (2**32 % upper_bound) avoiding 64-bit math */
+ if (upper_bound > 0x80000000)
+ min = 1 + ~upper_bound; /* 2**32 - upper_bound */
+ else {
+ /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
+ min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
+ }
+#endif
+
+ /*
+ * This could theoretically loop forever but each retry has
+ * p > 0.5 (worst case, usually far better) of selecting a
+ * number inside the range we need, so it should rarely need
+ * to re-roll.
+ */
+ for (;;) {
+ r = arc4random();
+ if (r >= min)
+ break;
+ }
+
+ return r % upper_bound;
+}
+#endif /* !HAVE_ARC4RANDOM_UNIFORM */
Modified: trunk/openbsd-compat/bsd-asprintf.c
===================================================================
--- trunk/openbsd-compat/bsd-asprintf.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/bsd-asprintf.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -55,6 +55,7 @@
if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */
*str = string;
} else if (ret == INT_MAX || ret < 0) { /* Bad length */
+ free(string);
goto fail;
} else { /* bigger than initial, realloc allowing for nul */
len = (size_t)ret + 1;
Modified: trunk/openbsd-compat/bsd-cygwin_util.c
===================================================================
--- trunk/openbsd-compat/bsd-cygwin_util.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/bsd-cygwin_util.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -175,45 +175,7 @@
int
check_ntsec(const char *filename)
{
- char *cygwin;
- int allow_ntea = 0, allow_ntsec = 0;
- struct statfs fsstat;
-
- /* Windows 95/98/ME don't support file system security at all. */
- if (!is_winnt)
- return (0);
-
- /* Evaluate current CYGWIN settings. */
- cygwin = getenv("CYGWIN");
- allow_ntea = ntea_on(cygwin);
- allow_ntsec = ntsec_on(cygwin) ||
- (has_capability(HAS_NTSEC_BY_DEFAULT) && !ntsec_off(cygwin));
-
- /*
- * `ntea' is an emulation of POSIX attributes. It doesn't support
- * real file level security as ntsec on NTFS file systems does
- * but it supports FAT filesystems. `ntea' is minimum requirement
- * for security checks.
- */
- if (allow_ntea)
- return (1);
-
- /*
- * Retrieve file system flags. In Cygwin, file system flags are
- * copied to f_type which has no meaning in Win32 itself.
- */
- if (statfs(filename, &fsstat))
- return (1);
-
- /*
- * Only file systems supporting ACLs are able to set permissions.
- * `ntsec' is the setting in Cygwin which switches using of NTFS
- * ACLs to support POSIX permissions on files.
- */
- if (fsstat.f_type & FS_PERSISTENT_ACLS)
- return (allow_ntsec);
-
- return (0);
+ return (pathconf(filename, _PC_POSIX_PERMISSIONS));
}
void
Modified: trunk/openbsd-compat/bsd-poll.c
===================================================================
--- trunk/openbsd-compat/bsd-poll.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/bsd-poll.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $Id: bsd-poll.c,v 1.1 2007/06/25 12:15:13 dtucker Exp $ */
+/* $Id: bsd-poll.c,v 1.3 2008/04/04 05:16:36 djm Exp $ */
/*
* Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au).
@@ -17,12 +17,13 @@
*/
#include "includes.h"
-#if !defined(HAVE_POLL) && defined(HAVE_SELECT)
+#if !defined(HAVE_POLL)
#ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
#endif
+#include <stdlib.h>
#include <errno.h>
#include "bsd-poll.h"
Modified: trunk/openbsd-compat/fake-rfc2553.c
===================================================================
--- trunk/openbsd-compat/fake-rfc2553.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/fake-rfc2553.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -51,6 +51,8 @@
struct hostent *hp;
char tmpserv[16];
+ if (sa->sa_family != AF_UNSPEC && sa->sa_family != AF_INET)
+ return (EAI_FAMILY);
if (serv != NULL) {
snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port));
if (strlcpy(serv, tmpserv, servlen) >= servlen)
@@ -95,6 +97,8 @@
return ("memory allocation failure.");
case EAI_NONAME:
return ("nodename nor servname provided, or not known");
+ case EAI_FAMILY:
+ return ("ai_family not supported");
default:
return ("unknown/invalid error.");
}
@@ -159,6 +163,9 @@
u_long addr;
port = 0;
+ if (hints && hints->ai_family != AF_UNSPEC &&
+ hints->ai_family != AF_INET)
+ return (EAI_FAMILY);
if (servname != NULL) {
char *cp;
Modified: trunk/openbsd-compat/fake-rfc2553.h
===================================================================
--- trunk/openbsd-compat/fake-rfc2553.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/fake-rfc2553.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $Id: fake-rfc2553.h,v 1.13 2006/07/24 03:51:52 djm Exp $ */
+/* $Id: fake-rfc2553.h,v 1.16 2008/07/14 11:37:37 djm Exp $ */
/*
* Copyright (C) 2000-2003 Damien Miller. All rights reserved.
@@ -77,6 +77,7 @@
u_int16_t sin6_port;
u_int32_t sin6_flowinfo;
struct in6_addr sin6_addr;
+ u_int32_t sin6_scope_id;
};
#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */
@@ -128,6 +129,9 @@
#ifndef EAI_SYSTEM
# define EAI_SYSTEM (INT_MAX - 4)
#endif
+#ifndef EAI_FAMILY
+# define EAI_FAMILY (INT_MAX - 5)
+#endif
#ifndef HAVE_STRUCT_ADDRINFO
struct addrinfo {
@@ -152,7 +156,7 @@
#endif /* !HAVE_GETADDRINFO */
#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO)
-#define gai_strerror(a) (ssh_gai_strerror(a))
+#define gai_strerror(a) (_ssh_compat_gai_strerror(a))
char *gai_strerror(int);
#endif /* !HAVE_GAI_STRERROR */
Modified: trunk/openbsd-compat/getrrsetbyname.c
===================================================================
--- trunk/openbsd-compat/getrrsetbyname.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/getrrsetbyname.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */
+/* $OpenBSD: getrrsetbyname.c,v 1.11 2007/10/11 18:36:41 jakob Exp $ */
/*
* Copyright (c) 2001 Jakob Schlyter. All rights reserved.
@@ -288,7 +288,7 @@
rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass,
rrset->rri_rdtype);
rrset->rri_nsigs = count_dns_rr(response->answer, rrset->rri_rdclass,
- T_SIG);
+ T_RRSIG);
/* allocate memory for answers */
rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
@@ -318,7 +318,7 @@
rdata = &rrset->rri_rdatas[index_ans++];
if (rr->class == rrset->rri_rdclass &&
- rr->type == T_SIG)
+ rr->type == T_RRSIG)
rdata = &rrset->rri_sigs[index_sig++];
if (rdata) {
Modified: trunk/openbsd-compat/getrrsetbyname.h
===================================================================
--- trunk/openbsd-compat/getrrsetbyname.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/getrrsetbyname.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -62,8 +62,8 @@
#define HFIXEDSZ 12
#endif
-#ifndef T_SIG
-#define T_SIG 24
+#ifndef T_RRSIG
+#define T_RRSIG 46
#endif
/*
Modified: trunk/openbsd-compat/glob.c
===================================================================
--- trunk/openbsd-compat/glob.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/glob.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: glob.c,v 1.25 2005/08/08 08:05:34 espie Exp $ */
+/* $OpenBSD: glob.c,v 1.26 2005/11/28 17:50:12 deraadt Exp $ */
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
@@ -48,7 +48,8 @@
#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \
!defined(GLOB_HAS_GL_MATCHC) || \
- !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0
+ !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \
+ defined(BROKEN_GLOB)
static long
get_arg_max(void)
@@ -149,7 +150,7 @@
static int glob1(Char *, Char *, glob_t *, size_t *);
static int glob2(Char *, Char *, Char *, Char *, Char *, Char *,
glob_t *, size_t *);
-static int glob3(Char *, Char *, Char *, Char *, Char *, Char *,
+static int glob3(Char *, Char *, Char *, Char *, Char *,
Char *, Char *, glob_t *, size_t *);
static int globextend(const Char *, glob_t *, size_t *);
static const Char *
@@ -571,16 +572,16 @@
} else
/* Need expansion, recurse. */
return(glob3(pathbuf, pathbuf_last, pathend,
- pathend_last, pattern, pattern_last,
- p, pattern_last, pglob, limitp));
+ pathend_last, pattern, p, pattern_last,
+ pglob, limitp));
}
/* NOTREACHED */
}
static int
glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
- Char *pattern, Char *pattern_last, Char *restpattern,
- Char *restpattern_last, glob_t *pglob, size_t *limitp)
+ Char *pattern, Char *restpattern, Char *restpattern_last, glob_t *pglob,
+ size_t *limitp)
{
struct dirent *dp;
DIR *dirp;
Modified: trunk/openbsd-compat/glob.h
===================================================================
--- trunk/openbsd-compat/glob.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/glob.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: glob.h,v 1.9 2004/10/07 16:56:11 millert Exp $ */
+/* $OpenBSD: glob.h,v 1.10 2005/12/13 00:35:22 millert Exp $ */
/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */
/*
@@ -39,7 +39,8 @@
#if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \
!defined(GLOB_HAS_GL_MATCHC) || \
- !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0
+ !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \
+ defined(BROKEN_GLOB)
#ifndef _GLOB_H_
#define _GLOB_H_
@@ -66,7 +67,6 @@
int (*gl_stat)(const char *, struct stat *);
} glob_t;
-/* Flags */
#define GLOB_APPEND 0x0001 /* Append to output from previous call. */
#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */
#define GLOB_ERR 0x0004 /* Return on error. */
@@ -75,6 +75,13 @@
#define GLOB_NOSORT 0x0020 /* Don't sort. */
#define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */
+/* Error values returned by glob(3) */
+#define GLOB_NOSPACE (-1) /* Malloc call failed. */
+#define GLOB_ABORTED (-2) /* Unignored error. */
+#define GLOB_NOMATCH (-3) /* No match and GLOB_NOCHECK not set. */
+#define GLOB_NOSYS (-4) /* Function not supported. */
+#define GLOB_ABEND GLOB_ABORTED
+
#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */
#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */
#define GLOB_MAGCHAR 0x0100 /* Pattern had globbing characters. */
@@ -83,13 +90,6 @@
#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */
#define GLOB_LIMIT 0x2000 /* Limit pattern match output to ARG_MAX */
-/* Error values returned by glob(3) */
-#define GLOB_NOSPACE (-1) /* Malloc call failed. */
-#define GLOB_ABORTED (-2) /* Unignored error. */
-#define GLOB_NOMATCH (-3) /* No match and GLOB_NOCHECK not set. */
-#define GLOB_NOSYS (-4) /* Function not supported. */
-#define GLOB_ABEND GLOB_ABORTED
-
int glob(const char *, int, int (*)(const char *, int), glob_t *);
void globfree(glob_t *);
Modified: trunk/openbsd-compat/openbsd-compat.h
===================================================================
--- trunk/openbsd-compat/openbsd-compat.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/openbsd-compat.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.43 2007/06/25 12:15:13 dtucker Exp $ */
+/* $Id: openbsd-compat.h,v 1.46 2008/06/08 17:32:29 dtucker Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -101,6 +101,11 @@
char *dirname(const char *path);
#endif
+#ifndef HAVE_FMT_SCALED
+#define FMT_SCALED_STRSIZE 7
+int fmt_scaled(long long number, char *result);
+#endif
+
#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
char *inet_ntoa(struct in_addr in);
#endif
@@ -139,6 +144,7 @@
/* Home grown routines */
#include "bsd-misc.h"
+#include "bsd-statvfs.h"
#include "bsd-waitpid.h"
#include "bsd-poll.h"
@@ -151,6 +157,14 @@
void arc4random_stir(void);
#endif /* !HAVE_ARC4RANDOM */
+#ifndef HAVE_ARC4RANDOM_BUF
+void arc4random_buf(void *, size_t);
+#endif
+
+#ifndef HAVE_ARC4RANDOM_UNIFORM
+u_int32_t arc4random_uniform(u_int32_t);
+#endif
+
#ifndef HAVE_ASPRINTF
int asprintf(char **, const char *, ...);
#endif
Modified: trunk/openbsd-compat/openssl-compat.c
===================================================================
--- trunk/openbsd-compat/openssl-compat.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/openssl-compat.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.4 2006/02/22 11:24:47 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.6 2008/02/28 08:13:52 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker at zip.com.au>
Modified: trunk/openbsd-compat/openssl-compat.h
===================================================================
--- trunk/openbsd-compat/openssl-compat.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/openssl-compat.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.10 2007/06/14 13:47:31 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.12 2008/02/28 08:22:04 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker at zip.com.au>
@@ -19,6 +19,11 @@
#include "includes.h"
#include <openssl/evp.h>
+/* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */
+#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f)
+# define OPENSSL_free(x) Free(x)
+#endif
+
#if OPENSSL_VERSION_NUMBER < 0x00906000L
# define SSH_OLD_EVP
# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
@@ -79,8 +84,8 @@
# ifdef SSLeay_add_all_algorithms
# undef SSLeay_add_all_algorithms
# endif
-# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms()
-#endif
+# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms()
+# endif
int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
unsigned char *, int);
Modified: trunk/openbsd-compat/port-aix.c
===================================================================
--- trunk/openbsd-compat/port-aix.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/port-aix.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,7 +1,7 @@
/*
*
* Copyright (c) 2001 Gert Doering. All rights reserved.
- * Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved.
+ * Copyright (c) 2003,2004,2005,2006 Darren Tucker. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -394,4 +394,47 @@
}
# endif /* AIX_GETNAMEINFO_HACK */
+# if defined(USE_GETGRSET)
+# include <stdlib.h>
+int
+getgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt)
+{
+ char *cp, *grplist, *grp;
+ gid_t gid;
+ int ret = 0, ngroups = 0, maxgroups;
+ long l;
+
+ maxgroups = *grpcnt;
+
+ if ((cp = grplist = getgrset(user)) == NULL)
+ return -1;
+
+ /* handle zero-length case */
+ if (maxgroups <= 0) {
+ *grpcnt = 0;
+ return -1;
+ }
+
+ /* copy primary group */
+ groups[ngroups++] = pgid;
+
+ /* copy each entry from getgrset into group list */
+ while ((grp = strsep(&grplist, ",")) != NULL) {
+ l = strtol(grp, NULL, 10);
+ if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) {
+ ret = -1;
+ goto out;
+ }
+ gid = (gid_t)l;
+ if (gid == pgid)
+ continue; /* we have already added primary gid */
+ groups[ngroups++] = gid;
+ }
+out:
+ free(cp);
+ *grpcnt = ngroups;
+ return ret;
+}
+# endif /* USE_GETGRSET */
+
#endif /* _AIX */
Modified: trunk/openbsd-compat/port-aix.h
===================================================================
--- trunk/openbsd-compat/port-aix.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/port-aix.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,9 +1,9 @@
-/* $Id: port-aix.h,v 1.27 2006/09/18 13:54:33 dtucker Exp $ */
+/* $Id: port-aix.h,v 1.29 2008/03/09 05:36:55 dtucker Exp $ */
/*
*
* Copyright (c) 2001 Gert Doering. All rights reserved.
- * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
+ * Copyright (c) 2004,2005,2006 Darren Tucker. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -103,4 +103,14 @@
# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g))
#endif
+/*
+ * We use getgrset in preference to multiple getgrent calls for efficiency
+ * plus it supports NIS and LDAP groups.
+ */
+#if !defined(HAVE_GETGROUPLIST) && defined(HAVE_GETGRSET)
+# define HAVE_GETGROUPLIST
+# define USE_GETGRSET
+int getgrouplist(const char *, gid_t, gid_t *, int *);
+#endif
+
#endif /* _AIX */
Modified: trunk/openbsd-compat/port-linux.c
===================================================================
--- trunk/openbsd-compat/port-linux.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/port-linux.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.4 2007/06/27 22:48:03 djm Exp $ */
+/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */
/*
* Copyright (c) 2005 Daniel Walsh <dwalsh at redhat.com>
@@ -52,7 +52,7 @@
extern Authctxt *the_authctxt;
/* Wrapper around is_selinux_enabled() to log its return value once only */
-static int
+int
ssh_selinux_enabled(void)
{
static int enabled = -1;
Modified: trunk/openbsd-compat/port-linux.h
===================================================================
--- trunk/openbsd-compat/port-linux.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/port-linux.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.1 2006/04/22 11:26:08 djm Exp $ */
+/* $Id: port-linux.h,v 1.2 2008/03/26 20:27:21 dtucker Exp $ */
/*
* Copyright (c) 2006 Damien Miller <djm at openbsd.org>
@@ -20,6 +20,7 @@
#define _PORT_LINUX_H
#ifdef WITH_SELINUX
+int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
#endif
Modified: trunk/openbsd-compat/port-tun.c
===================================================================
--- trunk/openbsd-compat/port-tun.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/port-tun.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -29,6 +29,7 @@
#include <string.h>
#include <unistd.h>
+#include "openbsd-compat/sys-queue.h"
#include "log.h"
#include "misc.h"
#include "buffer.h"
Modified: trunk/openbsd-compat/regress/closefromtest.c
===================================================================
--- trunk/openbsd-compat/regress/closefromtest.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/regress/closefromtest.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -57,4 +57,5 @@
for (i = 0; i < NUM_OPENS; i++)
if (close(fds[i]) != -1)
fail("failed to close from lowest fd");
+ return 0;
}
Modified: trunk/openbsd-compat/regress/strtonumtest.c
===================================================================
--- trunk/openbsd-compat/regress/strtonumtest.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/regress/strtonumtest.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -21,6 +21,20 @@
#include <stdio.h>
#include <stdlib.h>
+/* LLONG_MAX is known as LONGLONG_MAX on AIX */
+#if defined(LONGLONG_MAX) && !defined(LLONG_MAX)
+# define LLONG_MAX LONGLONG_MAX
+# define LLONG_MIN LONGLONG_MIN
+#endif
+
+/* LLONG_MAX is known as LONG_LONG_MAX on HP-UX */
+#if defined(LONG_LONG_MAX) && !defined(LLONG_MAX)
+# define LLONG_MAX LONG_LONG_MAX
+# define LLONG_MIN LONG_LONG_MIN
+#endif
+
+long long strtonum(const char *, long long, long long, const char **);
+
int fail;
void
Modified: trunk/openbsd-compat/rresvport.c
===================================================================
--- trunk/openbsd-compat/rresvport.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/rresvport.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -44,6 +44,7 @@
#include <errno.h>
#include <stdlib.h>
#include <string.h>
+#include <unistd.h>
#if 0
int
Modified: trunk/openbsd-compat/setenv.c
===================================================================
--- trunk/openbsd-compat/setenv.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/setenv.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -47,7 +47,7 @@
* Explicitly removes '=' in argument name.
*/
static char *
-__findenv(const char *name, int *offset)
+__findenv(const char *name, size_t *offset)
{
extern char **environ;
int len, i;
@@ -82,7 +82,7 @@
{
static char **lastenv; /* last value of environ */
char *C;
- int l_value, offset;
+ size_t l_value, offset;
if (*value == '=') /* no `=' in value */
++value;
@@ -133,7 +133,7 @@
unsetenv(const char *name)
{
char **P;
- int offset;
+ size_t offset;
while (__findenv(name, &offset)) /* if set multiple times */
for (P = &environ[offset];; ++P)
Modified: trunk/openbsd-compat/setproctitle.c
===================================================================
--- trunk/openbsd-compat/setproctitle.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/setproctitle.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -43,6 +43,8 @@
#endif
#include <string.h>
+#include <vis.h>
+
#define SPT_NONE 0 /* don't use it at all */
#define SPT_PSTAT 1 /* use pstat(PSTAT_SETCMD, ...) */
#define SPT_REUSEARGV 2 /* cover argv with title information */
@@ -121,7 +123,7 @@
{
#if SPT_TYPE != SPT_NONE
va_list ap;
- char buf[1024];
+ char buf[1024], ptitle[1024];
size_t len;
extern char *__progname;
#if SPT_TYPE == SPT_PSTAT
@@ -142,14 +144,16 @@
vsnprintf(buf + len, sizeof(buf) - len , fmt, ap);
}
va_end(ap);
+ strnvis(ptitle, buf, sizeof(ptitle),
+ VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL);
#if SPT_TYPE == SPT_PSTAT
- pst.pst_command = buf;
- pstat(PSTAT_SETCMD, pst, strlen(buf), 0, 0);
+ pst.pst_command = ptitle;
+ pstat(PSTAT_SETCMD, pst, strlen(ptitle), 0, 0);
#elif SPT_TYPE == SPT_REUSEARGV
/* debug("setproctitle: copy \"%s\" into len %d",
buf, argv_env_len); */
- len = strlcpy(argv_start, buf, argv_env_len);
+ len = strlcpy(argv_start, ptitle, argv_env_len);
for(; len < argv_env_len; len++)
argv_start[len] = SPT_PADCHAR;
#endif
Modified: trunk/openbsd-compat/sigact.c
===================================================================
--- trunk/openbsd-compat/sigact.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/sigact.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -36,6 +36,7 @@
/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */
#include "includes.h"
+#include <errno.h>
#include <signal.h>
#include "sigact.h"
@@ -47,28 +48,39 @@
int
sigaction(int sig, struct sigaction *sigact, struct sigaction *osigact)
{
- return sigvec(sig, &(sigact->sv), &(osigact->sv));
+ return sigvec(sig, sigact ? &sigact->sv : NULL,
+ osigact ? &osigact->sv : NULL);
}
int
-sigemptyset (sigset_t * mask)
+sigemptyset (sigset_t *mask)
{
+ if (!mask) {
+ errno = EINVAL;
+ return -1;
+ }
*mask = 0;
return 0;
}
int
-sigprocmask (int mode, sigset_t * mask, sigset_t * omask)
+sigprocmask (int mode, sigset_t *mask, sigset_t *omask)
{
sigset_t current = sigsetmask(0);
- if (omask) *omask = current;
+ if (!mask) {
+ errno = EINVAL;
+ return -1;
+ }
- if (mode==SIG_BLOCK)
+ if (omask)
+ *omask = current;
+
+ if (mode == SIG_BLOCK)
current |= *mask;
- else if (mode==SIG_UNBLOCK)
+ else if (mode == SIG_UNBLOCK)
current &= ~*mask;
- else if (mode==SIG_SETMASK)
+ else if (mode == SIG_SETMASK)
current = *mask;
sigsetmask(current);
@@ -76,28 +88,44 @@
}
int
-sigsuspend (sigset_t * mask)
+sigsuspend (sigset_t *mask)
{
+ if (!mask) {
+ errno = EINVAL;
+ return -1;
+ }
return sigpause(*mask);
}
int
-sigdelset (sigset_t * mask, int sig)
+sigdelset (sigset_t *mask, int sig)
{
+ if (!mask) {
+ errno = EINVAL;
+ return -1;
+ }
*mask &= ~sigmask(sig);
return 0;
}
int
-sigaddset (sigset_t * mask, int sig)
+sigaddset (sigset_t *mask, int sig)
{
+ if (!mask) {
+ errno = EINVAL;
+ return -1;
+ }
*mask |= sigmask(sig);
return 0;
}
int
-sigismember (sigset_t * mask, int sig)
+sigismember (sigset_t *mask, int sig)
{
+ if (!mask) {
+ errno = EINVAL;
+ return -1;
+ }
return (*mask & sigmask(sig)) != 0;
}
Modified: trunk/openbsd-compat/sys-queue.h
===================================================================
--- trunk/openbsd-compat/sys-queue.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/sys-queue.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: queue.h,v 1.25 2004/04/08 16:08:21 henning Exp $ */
+/* $OpenBSD: queue.h,v 1.32 2007/04/30 18:42:34 pedro Exp $ */
/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
/*
@@ -167,6 +167,12 @@
* For details on the use of these macros, see the queue(3) manual page.
*/
+#if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC))
+#define _Q_INVALIDATE(a) (a) = ((void *)-1)
+#else
+#define _Q_INVALIDATE(a)
+#endif
+
/*
* Singly-linked List definitions.
*/
@@ -229,13 +235,14 @@
#define SLIST_REMOVE(head, elm, type, field) do { \
if ((head)->slh_first == (elm)) { \
SLIST_REMOVE_HEAD((head), field); \
- } \
- else { \
+ } else { \
struct type *curelm = (head)->slh_first; \
- while( curelm->field.sle_next != (elm) ) \
+ \
+ while (curelm->field.sle_next != (elm)) \
curelm = curelm->field.sle_next; \
curelm->field.sle_next = \
curelm->field.sle_next->field.sle_next; \
+ _Q_INVALIDATE((elm)->field.sle_next); \
} \
} while (0)
@@ -303,6 +310,8 @@
(elm)->field.le_next->field.le_prev = \
(elm)->field.le_prev; \
*(elm)->field.le_prev = (elm)->field.le_next; \
+ _Q_INVALIDATE((elm)->field.le_prev); \
+ _Q_INVALIDATE((elm)->field.le_next); \
} while (0)
#define LIST_REPLACE(elm, elm2, field) do { \
@@ -311,6 +320,8 @@
&(elm2)->field.le_next; \
(elm2)->field.le_prev = (elm)->field.le_prev; \
*(elm2)->field.le_prev = (elm2); \
+ _Q_INVALIDATE((elm)->field.le_prev); \
+ _Q_INVALIDATE((elm)->field.le_next); \
} while (0)
/*
@@ -369,8 +380,8 @@
(listelm)->field.sqe_next = (elm); \
} while (0)
-#define SIMPLEQ_REMOVE_HEAD(head, elm, field) do { \
- if (((head)->sqh_first = (elm)->field.sqe_next) == NULL) \
+#define SIMPLEQ_REMOVE_HEAD(head, field) do { \
+ if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \
(head)->sqh_last = &(head)->sqh_first; \
} while (0)
@@ -465,6 +476,8 @@
else \
(head)->tqh_last = (elm)->field.tqe_prev; \
*(elm)->field.tqe_prev = (elm)->field.tqe_next; \
+ _Q_INVALIDATE((elm)->field.tqe_prev); \
+ _Q_INVALIDATE((elm)->field.tqe_next); \
} while (0)
#define TAILQ_REPLACE(head, elm, elm2, field) do { \
@@ -475,6 +488,8 @@
(head)->tqh_last = &(elm2)->field.tqe_next; \
(elm2)->field.tqe_prev = (elm)->field.tqe_prev; \
*(elm2)->field.tqe_prev = (elm2); \
+ _Q_INVALIDATE((elm)->field.tqe_prev); \
+ _Q_INVALIDATE((elm)->field.tqe_next); \
} while (0)
/*
@@ -575,6 +590,8 @@
else \
(elm)->field.cqe_prev->field.cqe_next = \
(elm)->field.cqe_next; \
+ _Q_INVALIDATE((elm)->field.cqe_prev); \
+ _Q_INVALIDATE((elm)->field.cqe_next); \
} while (0)
#define CIRCLEQ_REPLACE(head, elm, elm2, field) do { \
@@ -588,6 +605,8 @@
(head).cqh_first = (elm2); \
else \
(elm2)->field.cqe_prev->field.cqe_next = (elm2); \
+ _Q_INVALIDATE((elm)->field.cqe_prev); \
+ _Q_INVALIDATE((elm)->field.cqe_next); \
} while (0)
#endif /* !_FAKE_QUEUE_H_ */
Modified: trunk/openbsd-compat/sys-tree.h
===================================================================
--- trunk/openbsd-compat/sys-tree.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/openbsd-compat/sys-tree.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */
+/* $OpenBSD: tree.h,v 1.10 2007/10/29 23:49:41 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* All rights reserved.
@@ -289,7 +289,7 @@
(x) != NULL; \
(x) = SPLAY_NEXT(name, head, x))
-/* Macros that define a red-back tree */
+/* Macros that define a red-black tree */
#define RB_HEAD(name, type) \
struct name { \
struct type *rbh_root; /* root of the tree */ \
@@ -381,10 +381,10 @@
struct type *name##_RB_REMOVE(struct name *, struct type *); \
struct type *name##_RB_INSERT(struct name *, struct type *); \
struct type *name##_RB_FIND(struct name *, struct type *); \
-struct type *name##_RB_NEXT(struct name *, struct type *); \
-struct type *name##_RB_MINMAX(struct name *, int); \
- \
+struct type *name##_RB_NEXT(struct type *); \
+struct type *name##_RB_MINMAX(struct name *, int);
+
/* Main rb operation.
* Moves node close to the key of elm to top
*/
@@ -626,7 +626,7 @@
} \
\
struct type * \
-name##_RB_NEXT(struct name *head, struct type *elm) \
+name##_RB_NEXT(struct type *elm) \
{ \
if (RB_RIGHT(elm, field)) { \
elm = RB_RIGHT(elm, field); \
@@ -667,13 +667,13 @@
#define RB_INSERT(name, x, y) name##_RB_INSERT(x, y)
#define RB_REMOVE(name, x, y) name##_RB_REMOVE(x, y)
#define RB_FIND(name, x, y) name##_RB_FIND(x, y)
-#define RB_NEXT(name, x, y) name##_RB_NEXT(x, y)
+#define RB_NEXT(name, x, y) name##_RB_NEXT(y)
#define RB_MIN(name, x) name##_RB_MINMAX(x, RB_NEGINF)
#define RB_MAX(name, x) name##_RB_MINMAX(x, RB_INF)
#define RB_FOREACH(x, name, head) \
for ((x) = RB_MIN(name, head); \
(x) != NULL; \
- (x) = name##_RB_NEXT(head, x))
+ (x) = name##_RB_NEXT(x))
#endif /* _SYS_TREE_H_ */
Modified: trunk/packet.c
===================================================================
--- trunk/packet.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/packet.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.148 2007/06/07 19:37:34 pvalchev Exp $ */
+/* $OpenBSD: packet.c,v 1.157 2008/07/10 18:08:11 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -93,8 +93,6 @@
static int connection_in = -1;
static int connection_out = -1;
-static int setup_timeout = -1;
-
/* Protocol flags for the remote side. */
static u_int remote_protocol_flags = 0;
@@ -138,12 +136,18 @@
/* Set to true if we are authenticated. */
static int after_authentication = 0;
+int keep_alive_timeouts = 0;
+
+/* Set to the maximum time that we will wait to send or receive a packet */
+static int packet_timeout_ms = -1;
+
/* Session key information for Encryption and MAC */
Newkeys *newkeys[MODE_MAX];
static struct packet_state {
u_int32_t seqnr;
u_int32_t packets;
u_int64_t blocks;
+ u_int64_t bytes;
} p_read, p_send;
static u_int64_t max_blocks_in, max_blocks_out;
@@ -168,7 +172,7 @@
* packet_set_encryption_key is called.
*/
void
-packet_set_connection(int fd_in, int fd_out, int new_setup_timeout)
+packet_set_connection(int fd_in, int fd_out)
{
Cipher *none = cipher_by_name("none");
@@ -176,7 +180,6 @@
fatal("packet_set_connection: cannot load cipher 'none'");
connection_in = fd_in;
connection_out = fd_out;
- setup_timeout = new_setup_timeout;
cipher_init(&send_context, none, (const u_char *)"",
0, NULL, 0, CIPHER_ENCRYPT);
cipher_init(&receive_context, none, (const u_char *)"",
@@ -189,9 +192,23 @@
buffer_init(&outgoing_packet);
buffer_init(&incoming_packet);
TAILQ_INIT(&outgoing);
+ p_send.packets = p_read.packets = 0;
}
}
+void
+packet_set_timeout(int timeout, int count)
+{
+ if (timeout == 0 || count == 0) {
+ packet_timeout_ms = -1;
+ return;
+ }
+ if ((INT_MAX / 1000) / count < timeout)
+ packet_timeout_ms = INT_MAX;
+ else
+ packet_timeout_ms = timeout * count * 1000;
+}
+
/* Returns 1 if remote host is connected via socket, 0 if not. */
int
@@ -296,18 +313,25 @@
}
void
-packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets)
+packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets,
+ u_int64_t *bytes)
{
struct packet_state *state;
state = (mode == MODE_IN) ? &p_read : &p_send;
- *seqnr = state->seqnr;
- *blocks = state->blocks;
- *packets = state->packets;
+ if (seqnr)
+ *seqnr = state->seqnr;
+ if (blocks)
+ *blocks = state->blocks;
+ if (packets)
+ *packets = state->packets;
+ if (bytes)
+ *bytes = state->bytes;
}
void
-packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets)
+packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets,
+ u_int64_t bytes)
{
struct packet_state *state;
@@ -315,6 +339,7 @@
state->seqnr = seqnr;
state->blocks = blocks;
state->packets = packets;
+ state->bytes = bytes;
}
/* returns 1 if connection is via ipv4 */
@@ -593,7 +618,8 @@
fprintf(stderr, "encrypted: ");
buffer_dump(&output);
#endif
-
+ p_send.packets++;
+ p_send.bytes += len + buffer_len(&outgoing_packet);
buffer_clear(&outgoing_packet);
/*
@@ -819,6 +845,7 @@
if (!(datafellows & SSH_BUG_NOREKEY))
fatal("XXX too many packets with same key");
p_send.blocks += (packet_length + 4) / block_size;
+ p_send.bytes += packet_length + 4;
buffer_clear(&outgoing_packet);
if (type == SSH2_MSG_NEWKEYS)
@@ -892,10 +919,11 @@
int
packet_read_seqnr(u_int32_t *seqnr_p)
{
- int type, len;
+ int type, len, ret, ms_remain;
fd_set *setp;
char buf[8192];
- struct timeval tv, *tvp;
+ struct timeval timeout, start, *timeoutp = NULL;
+
DBG(debug("packet_read()"));
setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),
@@ -927,21 +955,35 @@
sizeof(fd_mask));
FD_SET(connection_in, setp);
- if (setup_timeout > 0) {
- tvp = &tv;
- tv.tv_sec = setup_timeout;
- tv.tv_usec = 0;
- } else
- tvp = NULL;
-
+ if (packet_timeout_ms > 0) {
+ ms_remain = packet_timeout_ms;
+ timeoutp = &timeout;
+ }
/* Wait for some data to arrive. */
- while (select(connection_in + 1, setp, NULL, NULL, tvp) == -1 &&
- (errno == EAGAIN || errno == EINTR))
- ;
-
- if (!FD_ISSET(connection_in, setp))
- fatal("packet_read: Setup timeout expired, giving up");
-
+ for (;;) {
+ if (packet_timeout_ms != -1) {
+ ms_to_timeval(&timeout, ms_remain);
+ gettimeofday(&start, NULL);
+ }
+ if ((ret = select(connection_in + 1, setp, NULL,
+ NULL, timeoutp)) >= 0)
+ break;
+ if (errno != EAGAIN && errno != EINTR &&
+ errno != EWOULDBLOCK)
+ break;
+ if (packet_timeout_ms == -1)
+ continue;
+ ms_subtract_diff(&start, &ms_remain);
+ if (ms_remain <= 0) {
+ ret = 0;
+ break;
+ }
+ }
+ if (ret == 0) {
+ logit("Connection to %.200s timed out while "
+ "waiting to read", get_remote_ipaddr());
+ cleanup_exit(255);
+ }
/* Read data from the socket. */
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
@@ -1066,6 +1108,8 @@
buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
buffer_len(&compression_buffer));
}
+ p_read.packets++;
+ p_read.bytes += padded_len + 4;
type = buffer_get_char(&incoming_packet);
if (type < SSH_MSG_MIN || type > SSH_MSG_MAX)
packet_disconnect("Invalid ssh1 packet type: %d", type);
@@ -1108,7 +1152,8 @@
#ifdef PACKET_DEBUG
buffer_dump(&incoming_packet);
#endif
- packet_disconnect("Bad packet length %u.", packet_length);
+ packet_disconnect("Bad packet length %-10u",
+ packet_length);
}
DBG(debug("input: packet len %u", packet_length+4));
buffer_consume(&input, block_size);
@@ -1117,9 +1162,11 @@
need = 4 + packet_length - block_size;
DBG(debug("partial packet %d, need %d, maclen %d", block_size,
need, maclen));
- if (need % block_size != 0)
- fatal("padding error: need %d block %d mod %d",
+ if (need % block_size != 0) {
+ logit("padding error: need %d block %d mod %d",
need, block_size, need % block_size);
+ packet_disconnect("Bad packet length %-10u", packet_length);
+ }
/*
* check if the entire packet has been received and
* decrypt into incoming_packet
@@ -1154,6 +1201,7 @@
if (!(datafellows & SSH_BUG_NOREKEY))
fatal("XXX too many packets with same key");
p_read.blocks += (packet_length + 4) / block_size;
+ p_read.bytes += packet_length + 4;
/* get padlen */
cp = buffer_ptr(&incoming_packet);
@@ -1206,10 +1254,13 @@
for (;;) {
if (compat20) {
type = packet_read_poll2(seqnr_p);
- if (type)
+ if (type) {
+ keep_alive_timeouts = 0;
DBG(debug("received packet type %d", type));
+ }
switch (type) {
case SSH2_MSG_IGNORE:
+ debug3("Received SSH2_MSG_IGNORE");
break;
case SSH2_MSG_DEBUG:
packet_get_char();
@@ -1342,6 +1393,12 @@
return buffer_get_string(&incoming_packet, length_ptr);
}
+void *
+packet_get_string_ptr(u_int *length_ptr)
+{
+ return buffer_get_string_ptr(&incoming_packet, length_ptr);
+}
+
/*
* Sends a diagnostic message from the server to the client. This message
* can be sent at any time (but not while constructing another message). The
@@ -1436,16 +1493,19 @@
if (len > 0) {
len = write(connection_out, buffer_ptr(&output), len);
- if (len <= 0) {
- if (errno == EAGAIN)
+ if (len == -1) {
+ if (errno == EINTR || errno == EAGAIN ||
+ errno == EWOULDBLOCK)
return;
- else
- fatal("Write failed: %.100s", strerror(errno));
+ fatal("Write failed: %.100s", strerror(errno));
}
+ if (len == 0)
+ fatal("Write connection closed");
buffer_consume(&output, len);
}
}
+
/*
* Calls packet_write_poll repeatedly until all pending output data has been
* written.
@@ -1455,6 +1515,8 @@
packet_write_wait(void)
{
fd_set *setp;
+ int ret, ms_remain;
+ struct timeval start, timeout, *timeoutp = NULL;
setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
sizeof(fd_mask));
@@ -1463,9 +1525,35 @@
memset(setp, 0, howmany(connection_out + 1, NFDBITS) *
sizeof(fd_mask));
FD_SET(connection_out, setp);
- while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 &&
- (errno == EAGAIN || errno == EINTR))
- ;
+
+ if (packet_timeout_ms > 0) {
+ ms_remain = packet_timeout_ms;
+ timeoutp = &timeout;
+ }
+ for (;;) {
+ if (packet_timeout_ms != -1) {
+ ms_to_timeval(&timeout, ms_remain);
+ gettimeofday(&start, NULL);
+ }
+ if ((ret = select(connection_out + 1, NULL, setp,
+ NULL, timeoutp)) >= 0)
+ break;
+ if (errno != EAGAIN && errno != EINTR &&
+ errno != EWOULDBLOCK)
+ break;
+ if (packet_timeout_ms == -1)
+ continue;
+ ms_subtract_diff(&start, &ms_remain);
+ if (ms_remain <= 0) {
+ ret = 0;
+ break;
+ }
+ }
+ if (ret == 0) {
+ logit("Connection to %.200s timed out while "
+ "waiting to write", get_remote_ipaddr());
+ cleanup_exit(255);
+ }
packet_write_poll();
}
xfree(setp);
Modified: trunk/packet.h
===================================================================
--- trunk/packet.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/packet.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.45 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: packet.h,v 1.49 2008/07/10 18:08:11 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -20,7 +20,8 @@
#include <openssl/bn.h>
-void packet_set_connection(int, int, int);
+void packet_set_connection(int, int);
+void packet_set_timeout(int, int);
void packet_set_nonblocking(void);
int packet_get_connection_in(void);
int packet_get_connection_out(void);
@@ -58,6 +59,7 @@
void packet_get_bignum2(BIGNUM * value);
void *packet_get_raw(u_int *length_ptr);
void *packet_get_string(u_int *length_ptr);
+void *packet_get_string_ptr(u_int *length_ptr);
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
@@ -66,8 +68,8 @@
void packet_get_keyiv(int, u_char *, u_int);
int packet_get_keycontext(int, u_char *);
void packet_set_keycontext(int, u_char *);
-void packet_get_state(int, u_int32_t *, u_int64_t *, u_int32_t *);
-void packet_set_state(int, u_int32_t, u_int64_t, u_int32_t);
+void packet_get_state(int, u_int32_t *, u_int64_t *, u_int32_t *, u_int64_t *);
+void packet_set_state(int, u_int32_t, u_int64_t, u_int32_t, u_int64_t);
int packet_get_ssh1_cipher(void);
void packet_set_iv(int, u_char *);
@@ -86,6 +88,7 @@
void tty_parse_modes(int, int *);
extern u_int max_packet_size;
+extern int keep_alive_timeouts;
int packet_set_maxsize(u_int);
#define packet_get_maxsize() max_packet_size
Modified: trunk/readconf.c
===================================================================
--- trunk/readconf.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/readconf.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.162 2007/03/20 03:56:12 tedu Exp $ */
+/* $OpenBSD: readconf.c,v 1.167 2008/06/26 11:46:31 grunk Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -125,6 +125,7 @@
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+ oUseBlacklistedKeys,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -134,6 +135,7 @@
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+ oVisualHostKey,
oProtocolKeepAlives, oSetupTimeOut,
oDeprecated, oUnsupported
} OpCodes;
@@ -155,6 +157,7 @@
{ "passwordauthentication", oPasswordAuthentication },
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
{ "kbdinteractivedevices", oKbdInteractiveDevices },
+ { "useblacklistedkeys", oUseBlacklistedKeys },
{ "rsaauthentication", oRSAAuthentication },
{ "pubkeyauthentication", oPubkeyAuthentication },
{ "dsaauthentication", oPubkeyAuthentication }, /* alias */
@@ -235,6 +238,7 @@
{ "tunneldevice", oTunnelDevice },
{ "localcommand", oLocalCommand },
{ "permitlocalcommand", oPermitLocalCommand },
+ { "visualhostkey", oVisualHostKey },
{ "protocolkeepalives", oProtocolKeepAlives },
{ "setuptimeout", oSetupTimeOut },
{ NULL, oBadOption }
@@ -337,6 +341,7 @@
{
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
int opcode, *intptr, value, value2, scale;
+ LogLevel *log_level_ptr;
long long orig, val64;
size_t len;
Forward fwd;
@@ -448,6 +453,10 @@
intptr = &options->challenge_response_authentication;
goto parse_flag;
+ case oUseBlacklistedKeys:
+ intptr = &options->use_blacklisted_keys;
+ goto parse_flag;
+
case oGssAuthentication:
intptr = &options->gss_authentication;
goto parse_flag;
@@ -517,7 +526,6 @@
goto parse_int;
case oRekeyLimit:
- intptr = &options->rekey_limit;
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing argument.", filename, linenum);
@@ -545,14 +553,14 @@
}
val64 *= scale;
/* detect integer wrap and too-large limits */
- if ((val64 / scale) != orig || val64 > INT_MAX)
+ if ((val64 / scale) != orig || val64 > UINT_MAX)
fatal("%.200s line %d: RekeyLimit too large",
filename, linenum);
if (val64 < 16)
fatal("%.200s line %d: RekeyLimit too small",
filename, linenum);
- if (*activep && *intptr == -1)
- *intptr = (int)val64;
+ if (*activep && options->rekey_limit == -1)
+ options->rekey_limit = (u_int32_t)val64;
break;
case oIdentityFile:
@@ -711,14 +719,14 @@
break;
case oLogLevel:
- intptr = (int *) &options->log_level;
+ log_level_ptr = &options->log_level;
arg = strdelim(&s);
value = log_level_number(arg);
if (value == SYSLOG_LEVEL_NOT_SET)
fatal("%.200s line %d: unsupported log level '%s'",
filename, linenum, arg ? arg : "<NONE>");
- if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
- *intptr = (LogLevel) value;
+ if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
+ *log_level_ptr = (LogLevel) value;
break;
case oLocalForward:
@@ -838,6 +846,7 @@
case oServerAliveInterval:
case oProtocolKeepAlives: /* Debian-specific compatibility alias */
+ case oSetupTimeOut: /* Debian-specific compatibility alias */
intptr = &options->server_alive_interval;
goto parse_time;
@@ -935,9 +944,9 @@
intptr = &options->permit_local_command;
goto parse_flag;
- case oSetupTimeOut:
- intptr = &options->setuptimeout;
- goto parse_int;
+ case oVisualHostKey:
+ intptr = &options->visual_host_key;
+ goto parse_flag;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
@@ -1061,12 +1070,12 @@
options->kbd_interactive_devices = NULL;
options->rhosts_rsa_authentication = -1;
options->hostbased_authentication = -1;
+ options->use_blacklisted_keys = -1;
options->batch_mode = -1;
options->check_host_ip = -1;
options->strict_host_key_checking = -1;
options->compression = -1;
options->tcp_keep_alive = -1;
- options->setuptimeout = -1;
options->compression_level = -1;
options->port = -1;
options->address_family = -1;
@@ -1111,6 +1120,7 @@
options->tun_remote = -1;
options->local_command = NULL;
options->permit_local_command = -1;
+ options->visual_host_key = -1;
}
/*
@@ -1159,6 +1169,8 @@
options->rhosts_rsa_authentication = 0;
if (options->hostbased_authentication == -1)
options->hostbased_authentication = 0;
+ if (options->use_blacklisted_keys == -1)
+ options->use_blacklisted_keys = 0;
if (options->batch_mode == -1)
options->batch_mode = 0;
if (options->check_host_ip == -1)
@@ -1254,13 +1266,8 @@
options->tun_remote = SSH_TUNID_ANY;
if (options->permit_local_command == -1)
options->permit_local_command = 0;
- if (options->setuptimeout == -1) {
- /* in batch mode, default is 5mins */
- if (options->batch_mode == 1)
- options->setuptimeout = 300;
- else
- options->setuptimeout = 0;
- }
+ if (options->visual_host_key == -1)
+ options->visual_host_key = 0;
/* options->local_command should not be set by default */
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
@@ -1317,7 +1324,7 @@
xfree(p);
- if (fwd->listen_port == 0 && fwd->connect_port == 0)
+ if (fwd->listen_port == 0 || fwd->connect_port == 0)
goto fail_free;
if (fwd->connect_host != NULL &&
@@ -1327,9 +1334,13 @@
return (i);
fail_free:
- if (fwd->connect_host != NULL)
+ if (fwd->connect_host != NULL) {
xfree(fwd->connect_host);
- if (fwd->listen_host != NULL)
+ fwd->connect_host = NULL;
+ }
+ if (fwd->listen_host != NULL) {
xfree(fwd->listen_host);
+ fwd->connect_host = NULL;
+ }
return (0);
}
Modified: trunk/readconf.h
===================================================================
--- trunk/readconf.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/readconf.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.71 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: readconf.h,v 1.74 2008/06/26 11:46:31 grunk Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -51,6 +51,7 @@
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
+ int use_blacklisted_keys; /* If true, send */
int batch_mode; /* Batch mode: do not ask for passwords. */
int check_host_ip; /* Also keep track of keys for IP address */
int strict_host_key_checking; /* Strict host key checking. */
@@ -58,7 +59,6 @@
int compression_level; /* Compression level 1 (fast) to 9
* (best). */
int tcp_keep_alive; /* Set SO_KEEPALIVE. */
- int setuptimeout; /* timeout in the protocol banner exchange */
LogLevel log_level; /* Level for logging. */
int port; /* Port to connect. */
@@ -103,7 +103,7 @@
int clear_forwardings;
int enable_ssh_keysign;
- int rekey_limit;
+ int64_t rekey_limit;
int no_host_authentication_for_localhost;
int identities_only;
int server_alive_interval;
@@ -123,6 +123,7 @@
char *local_command;
int permit_local_command;
+ int visual_host_key;
} Options;
Modified: trunk/regress/Makefile
===================================================================
--- trunk/regress/Makefile 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/Makefile 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,10 +1,15 @@
-# $OpenBSD: Makefile,v 1.42 2006/07/19 13:34:52 dtucker Exp $
+# $OpenBSD: Makefile,v 1.48 2008/06/28 13:57:25 djm Exp $
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec
tests: $(REGRESS_TARGETS)
+# Interop tests are not run by default
+interop interop-tests: t-exec-interop
+
clean:
for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done
+ rm -rf $(OBJ).putty
+
distclean: clean
LTESTS= connect \
@@ -29,6 +34,7 @@
agent-ptrace \
keyscan \
keygen-change \
+ key-options \
scp \
sftp \
sftp-cmds \
@@ -42,8 +48,13 @@
reexec \
brokenkeys \
cfgmatch \
+ addrmatch \
+ localcommand \
forcecommand
+INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
+#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
+
USER!= id -un
CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
authorized_keys_${USER} known_hosts pidfile \
@@ -52,10 +63,9 @@
rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
ls.copy banner.in banner.out empty.in \
scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \
- sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv
+ sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \
+ putty.rsa2
-#LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
-
t1:
ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
@@ -96,3 +106,11 @@
echo "run test $${TEST}" ... 1>&2; \
(env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
done
+
+t-exec-interop: ${INTEROP_TESTS:=.sh}
+ @if [ "x$?" = "x" ]; then exit 0; fi; \
+ for TEST in ""$?; do \
+ echo "run test $${TEST}" ... 1>&2; \
+ (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+ done
+
Modified: trunk/regress/agent-getpeereid.sh
===================================================================
--- trunk/regress/agent-getpeereid.sh 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/agent-getpeereid.sh 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,11 +1,11 @@
-# $OpenBSD: agent-getpeereid.sh,v 1.3 2006/07/06 12:01:53 grunk Exp $
+# $OpenBSD: agent-getpeereid.sh,v 1.4 2007/11/25 15:35:09 jmc Exp $
# Placed in the Public Domain.
tid="disallow agent attach from other uid"
UNPRIV=nobody
ASOCK=${OBJ}/agent
-SSH_AUTH_SOCK=/nonexistant
+SSH_AUTH_SOCK=/nonexistent
if grep "#undef.*HAVE_GETPEEREID" ${BUILDDIR}/config.h >/dev/null 2>&1 && \
grep "#undef.*HAVE_GETPEERUCRED" ${BUILDDIR}/config.h >/dev/null && \
Modified: trunk/regress/agent.sh
===================================================================
--- trunk/regress/agent.sh 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/agent.sh 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,9 +1,9 @@
-# $OpenBSD: agent.sh,v 1.6 2002/03/15 13:08:56 markus Exp $
+# $OpenBSD: agent.sh,v 1.7 2007/11/25 15:35:09 jmc Exp $
# Placed in the Public Domain.
tid="simple agent test"
-SSH_AUTH_SOCK=/nonexistant ${SSHADD} -l > /dev/null 2>&1
+SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1
if [ $? -ne 2 ]; then
fail "ssh-add -l did not fail with exit code 2"
fi
Modified: trunk/regress/cfgmatch.sh
===================================================================
--- trunk/regress/cfgmatch.sh 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/cfgmatch.sh 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $OpenBSD: cfgmatch.sh,v 1.2 2006/07/22 01:50:00 dtucker Exp $
+# $OpenBSD: cfgmatch.sh,v 1.4 2006/12/13 08:36:36 dtucker Exp $
# Placed in the Public Domain.
tid="sshd_config match"
@@ -35,7 +35,7 @@
rm -f $pidfile
trace "match permitopen localhost proto $p"
${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \
- "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\
+ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match permitopen proto $p sshd failed"
sleep 1;
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
@@ -48,7 +48,7 @@
rm -f $pidfile
trace "match permitopen proxy proto $p"
${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
- "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\
+ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match permitopen proxy proto $p sshd failed"
sleep 1;
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
@@ -65,7 +65,7 @@
rm -f $pidfile
trace "match permitopen proxy w/key opts proto $p"
${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
- "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\
+ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match permitopen w/key opt proto $p sshd failed"
sleep 1;
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
@@ -79,7 +79,7 @@
rm -f $pidfile
trace "match permitopen localhost proto $p"
${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \
- "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\
+ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match permitopen proto $p sshd failed"
sleep 1;
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
@@ -97,10 +97,29 @@
rm -f $pidfile
trace "match permitopen proxy w/key opts proto $p"
${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
- "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\
+ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
fail "match override permitopen proto $p sshd failed"
sleep 1;
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
fail "match override permitopen proto $p"
stop_client
done
+
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy
+echo "Match User NoSuchUser" >>$OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy
+
+# Test that a rule that doesn't match doesn't override, plus test a
+# PermitOpen entry that's not at the start of the list
+for p in 1 2; do
+ rm -f $pidfile
+ trace "nomatch permitopen proxy w/key opts proto $p"
+ ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
+ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
+ fail "nomatch override permitopen proto $p sshd failed"
+ sleep 1;
+ ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
+ fail "nomatch override permitopen proto $p"
+ stop_client
+done
Modified: trunk/regress/cipher-speed.sh
===================================================================
--- trunk/regress/cipher-speed.sh 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/cipher-speed.sh 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $OpenBSD: cipher-speed.sh,v 1.2 2005/05/24 04:09:54 djm Exp $
+# $OpenBSD: cipher-speed.sh,v 1.3 2007/06/07 19:41:46 pvalchev Exp $
# Placed in the Public Domain.
tid="cipher speed"
@@ -12,7 +12,7 @@
DATA=/bin/ls
DATA=/bsd
-macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96"
+macs="hmac-sha1 hmac-md5 umac-64 at openssh.com hmac-sha1-96 hmac-md5-96"
ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc aes128-ctr"
Modified: trunk/regress/sftp-badcmds.sh
===================================================================
--- trunk/regress/sftp-badcmds.sh 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/sftp-badcmds.sh 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $OpenBSD: sftp-badcmds.sh,v 1.2 2003/05/15 04:07:12 mouring Exp $
+# $OpenBSD: sftp-badcmds.sh,v 1.3 2008/03/24 21:46:54 djm Exp $
# Placed in the Public Domain.
tid="sftp invalid commands"
@@ -45,17 +45,6 @@
|| fail "rename nonexist failed"
test -f ${COPY}.1 && fail "file exists after rename nonexistent"
-rm -f ${COPY} ${COPY}.1
-cp $DATA $COPY
-cp $DATA2 ${COPY}.1
-verbose "$tid: rename target exists"
-echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
- || fail "rename target exists failed"
-test -f ${COPY} || fail "oldname missing after rename target exists"
-test -f ${COPY}.1 || fail "newname missing after rename target exists"
-cmp $DATA ${COPY} >/dev/null 2>&1 || fail "corrupted oldname after rename target exists"
-cmp $DATA2 ${COPY}.1 >/dev/null 2>&1 || fail "corrupted newname after rename target exists"
-
rm -rf ${COPY} ${COPY}.dd
cp $DATA $COPY
mkdir ${COPY}.dd
Modified: trunk/regress/sftp-cmds.sh
===================================================================
--- trunk/regress/sftp-cmds.sh 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/sftp-cmds.sh 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $OpenBSD: sftp-cmds.sh,v 1.6 2003/10/07 07:04:52 djm Exp $
+# $OpenBSD: sftp-cmds.sh,v 1.9 2007/12/12 05:04:03 djm Exp $
# Placed in the Public Domain.
# XXX - TODO:
@@ -34,15 +34,23 @@
# Path with embedded quote
QUOTECOPY=${COPY}".\"blah\""
QUOTECOPY_ARG=${COPY}'.\"blah\"'
+# File with spaces
+SPACECOPY="${COPY} this has spaces.txt"
+SPACECOPY_ARG="${COPY}\ this\ has\ spaces.txt"
+# File with glob metacharacters
+GLOBMETACOPY="${COPY} [metachar].txt"
rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2
mkdir ${COPY}.dd
verbose "$tid: lls"
-echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
- || fail "lls failed"
-# XXX always successful
+(echo "lcd ${OBJ}" ; echo "lls") | ${SFTP} -P ${SFTPSERVER} 2>&1 | \
+ grep copy.dd >/dev/null 2>&1 || fail "lls failed"
+verbose "$tid: lls w/path"
+echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} 2>&1 | \
+ grep copy.dd >/dev/null 2>&1 || fail "lls w/path failed"
+
verbose "$tid: ls"
echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "ls failed"
@@ -89,12 +97,27 @@
rm -f ${QUOTECOPY}
cp $DATA ${QUOTECOPY}
verbose "$tid: get filename with quotes"
-echo "get \"$QUOTECOPY_ARG\" ${COPY}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
- || fail "put failed"
+echo "get \"$QUOTECOPY_ARG\" ${COPY}" | \
+ ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ || fail "get failed"
cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes"
rm -f ${QUOTECOPY} ${COPY}
fi
+rm -f "$SPACECOPY" ${COPY}
+cp $DATA "$SPACECOPY"
+verbose "$tid: get filename with spaces"
+echo "get ${SPACECOPY_ARG} ${COPY}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+cmp ${COPY} "$SPACECOPY" || fail "corrupted copy after get with spaces"
+
+rm -f "$GLOBMETACOPY" ${COPY}
+cp $DATA "$GLOBMETACOPY"
+verbose "$tid: get filename with glob metacharacters"
+echo "get \"${GLOBMETACOPY}\" ${COPY}" | \
+ ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "get failed"
+cmp ${COPY} "$GLOBMETACOPY" || \
+ fail "corrupted copy after get with glob metacharacters"
+
rm -f ${COPY}.dd/*
verbose "$tid: get to directory"
echo "get $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
@@ -125,18 +148,24 @@
rm -f ${COPY}
verbose "$tid: put"
-echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
- || fail "put failed"
+echo "put $DATA $COPY" | \
+ ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed"
cmp $DATA ${COPY} || fail "corrupted copy after put"
if [ "$os" != "cygwin" ]; then
rm -f ${QUOTECOPY}
verbose "$tid: put filename with quotes"
-echo "put $DATA \"$QUOTECOPY_ARG\"" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
- || fail "put failed"
+echo "put $DATA \"$QUOTECOPY_ARG\"" | \
+ ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed"
cmp $DATA ${QUOTECOPY} || fail "corrupted copy after put with quotes"
fi
+rm -f "$SPACECOPY"
+verbose "$tid: put filename with spaces"
+echo "put $DATA ${SPACECOPY_ARG}" | \
+ ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed"
+cmp $DATA "$SPACECOPY" || fail "corrupted copy after put with spaces"
+
rm -f ${COPY}.dd/*
verbose "$tid: put to directory"
echo "put $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
@@ -145,7 +174,7 @@
rm -f ${COPY}.dd/*
verbose "$tid: glob put to directory"
-echo "put /bin/l* ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+echo "put /bin/l? ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "put failed"
for x in $GLOBFILES; do
cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put"
@@ -159,7 +188,7 @@
rm -f ${COPY}.dd/*
verbose "$tid: glob put to local dir"
-(echo "cd ${COPY}.dd"; echo "put /bin/l*") | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+(echo "cd ${COPY}.dd"; echo "put /bin/l?") | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "put failed"
for x in $GLOBFILES; do
cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put"
@@ -172,8 +201,9 @@
cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename"
verbose "$tid: rename directory"
-echo "rename ${COPY}.dd ${COPY}.dd2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
- || fail "rename directory failed"
+echo "rename ${COPY}.dd ${COPY}.dd2" | \
+ ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || \
+ fail "rename directory failed"
test -d ${COPY}.dd && fail "oldname exists after rename directory"
test -d ${COPY}.dd2 || fail "missing newname after rename directory"
@@ -207,5 +237,5 @@
|| fail "lchdir failed"
rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2
+rm -rf ${QUOTECOPY} "$SPACECOPY" "$GLOBMETACOPY"
-
Modified: trunk/regress/sftp-glob.sh
===================================================================
--- trunk/regress/sftp-glob.sh 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/sftp-glob.sh 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,28 +1,68 @@
-# $OpenBSD: sftp-glob.sh,v 1.1 2004/12/10 01:31:30 fgsch Exp $
+# $OpenBSD: sftp-glob.sh,v 1.3 2007/10/26 05:30:01 djm Exp $
# Placed in the Public Domain.
tid="sftp glob"
+sftp_ls() {
+ target=$1
+ errtag=$2
+ expected=$3
+ unexpected=$4
+ verbose "$tid: $errtag"
+ printf "ls -l %s" "${target}" | \
+ ${SFTP} -b - -P ${SFTPSERVER} 2>/dev/null | \
+ grep -v "^sftp>" > ${RESULTS}
+ if [ $? -ne 0 ]; then
+ fail "$errtag failed"
+ fi
+ if test "x$expected" != "x" ; then
+ if fgrep "$expected" ${RESULTS} >/dev/null 2>&1 ; then
+ :
+ else
+ fail "$expected missing from $errtag results"
+ fi
+ fi
+ if test "x$unexpected" != "x" && \
+ fgrep "$unexpected" ${RESULTS} >/dev/null 2>&1 ; then
+ fail "$unexpected present in $errtag results"
+ fi
+ rm -f ${RESULTS}
+}
+
BASE=${OBJ}/glob
+RESULTS=${OBJ}/results
DIR=${BASE}/dir
DATA=${DIR}/file
+GLOB1="${DIR}/g-wild*"
+GLOB2="${DIR}/g-wildx"
+QUOTE="${DIR}/g-quote\""
+SLASH="${DIR}/g-sl\\ash"
+ESLASH="${DIR}/g-slash\\"
+QSLASH="${DIR}/g-qs\\\""
+SPACE="${DIR}/g-q space"
+
rm -rf ${BASE}
mkdir -p ${DIR}
-touch ${DATA}
+touch "${DATA}" "${GLOB1}" "${GLOB2}" "${QUOTE}"
+touch "${QSLASH}" "${ESLASH}" "${SLASH}" "${SPACE}"
-verbose "$tid: ls file"
-echo "ls -l ${DIR}/fil*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \
- grep ${DATA} >/dev/null 2>&1
-if [ $? -ne 0 ]; then
- fail "globbed ls file failed"
-fi
+# target message expected unexpected
+sftp_ls "${DIR}/fil*" "file glob" "${DATA}" ""
+sftp_ls "${BASE}/d*" "dir glob" "`basename ${DATA}`" ""
+sftp_ls "${DIR}/g-wild\"*\"" "quoted glob" "g-wild*" "g-wildx"
+sftp_ls "${DIR}/g-wild\*" "escaped glob" "g-wild*" "g-wildx"
+sftp_ls "${DIR}/g-quote\\\"" "escaped quote" "g-quote\"" ""
+sftp_ls "\"${DIR}/g-quote\\\"\"" "quoted quote" "g-quote\"" ""
+sftp_ls "'${DIR}/g-quote\"'" "single-quoted quote" "g-quote\"" ""
+sftp_ls "${DIR}/g-sl\\\\ash" "escaped slash" "g-sl\\ash" ""
+sftp_ls "'${DIR}/g-sl\\\\ash'" "quoted slash" "g-sl\\ash" ""
+sftp_ls "${DIR}/g-slash\\\\" "escaped slash at EOL" "g-slash\\" ""
+sftp_ls "'${DIR}/g-slash\\\\'" "quoted slash at EOL" "g-slash\\" ""
+sftp_ls "${DIR}/g-qs\\\\\\\"" "escaped slash+quote" "g-qs\\\"" ""
+sftp_ls "'${DIR}/g-qs\\\\\"'" "quoted slash+quote" "g-qs\\\"" ""
+sftp_ls "${DIR}/g-q\\ space" "escaped space" "g-q space" ""
+sftp_ls "'${DIR}/g-q space'" "quoted space" "g-q space" ""
-verbose "$tid: ls dir"
-echo "ls -l ${BASE}/d*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \
- grep file >/dev/null 2>&1
-if [ $? -ne 0 ]; then
- fail "globbed ls dir failed"
-fi
+rm -rf ${BASE}
-rm -rf ${BASE}
Modified: trunk/regress/test-exec.sh
===================================================================
--- trunk/regress/test-exec.sh 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/test-exec.sh 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $
+# $OpenBSD: test-exec.sh,v 1.35 2008/06/28 13:57:25 djm Exp $
# Placed in the Public Domain.
#SUDO=sudo
@@ -69,6 +69,11 @@
SFTPSERVER=/usr/libexec/openssh/sftp-server
SCP=scp
+# Interop testing
+PLINK=plink
+PUTTYGEN=puttygen
+CONCH=conch
+
if [ "x$TEST_SSH_SSH" != "x" ]; then
SSH="${TEST_SSH_SSH}"
fi
@@ -96,6 +101,27 @@
if [ "x$TEST_SSH_SCP" != "x" ]; then
SCP="${TEST_SSH_SCP}"
fi
+if [ "x$TEST_SSH_PLINK" != "x" ]; then
+ # Find real binary, if it exists
+ case "${TEST_SSH_PLINK}" in
+ /*) PLINK="${TEST_SSH_PLINK}" ;;
+ *) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;;
+ esac
+fi
+if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
+ # Find real binary, if it exists
+ case "${TEST_SSH_PUTTYGEN}" in
+ /*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;;
+ *) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;;
+ esac
+fi
+if [ "x$TEST_SSH_CONCH" != "x" ]; then
+ # Find real binary, if it exists
+ case "${TEST_SSH_CONCH}" in
+ /*) CONCH="${TEST_SSH_CONCH}" ;;
+ *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
+ esac
+fi
# Path to sshd must be absolute for rexec
case "$SSHD" in
@@ -269,6 +295,49 @@
done
chmod 644 $OBJ/authorized_keys_$USER
+# Activate Twisted Conch tests if the binary is present
+REGRESS_INTEROP_CONCH=no
+if test -x "$CONCH" ; then
+ REGRESS_INTEROP_CONCH=yes
+fi
+
+# If PuTTY is present and we are running a PuTTY test, prepare keys and
+# configuration
+REGRESS_INTEROP_PUTTY=no
+if test -x "$PUTTYGEN" -a -x "$PLINK" ; then
+ REGRESS_INTEROP_PUTTY=yes
+fi
+case "$SCRIPT" in
+*putty*) ;;
+*) REGRESS_INTEROP_PUTTY=no ;;
+esac
+
+if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
+ mkdir -p ${OBJ}/.putty
+
+ # Add a PuTTY key to authorized_keys
+ rm -f ${OBJ}/putty.rsa2
+ puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
+ puttygen -O public-openssh ${OBJ}/putty.rsa2 \
+ >> $OBJ/authorized_keys_$USER
+
+ # Convert rsa2 host key to PuTTY format
+ ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
+ ${OBJ}/.putty/sshhostkeys
+ ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
+ ${OBJ}/.putty/sshhostkeys
+
+ # Setup proxied session
+ mkdir -p ${OBJ}/.putty/sessions
+ rm -f ${OBJ}/.putty/sessions/localhost_proxy
+ echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
+
+ REGRESS_INTEROP_PUTTY=yes
+fi
+
# create a proxy version of the client config
(
cat $OBJ/ssh_config
@@ -281,8 +350,8 @@
start_sshd ()
{
# start sshd
- $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken"
- $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1
+ $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
+ $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1
trace "wait for sshd"
i=0;
Modified: trunk/regress/try-ciphers.sh
===================================================================
--- trunk/regress/try-ciphers.sh 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/regress/try-ciphers.sh 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $OpenBSD: try-ciphers.sh,v 1.10 2005/05/24 04:10:54 djm Exp $
+# $OpenBSD: try-ciphers.sh,v 1.11 2007/06/07 19:41:46 pvalchev Exp $
# Placed in the Public Domain.
tid="try ciphers"
@@ -7,7 +7,7 @@
arcfour128 arcfour256 arcfour
aes192-cbc aes256-cbc rijndael-cbc at lysator.liu.se
aes128-ctr aes192-ctr aes256-ctr"
-macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96"
+macs="hmac-sha1 hmac-md5 umac-64 at openssh.com hmac-sha1-96 hmac-md5-96"
for c in $ciphers; do
for m in $macs; do
Modified: trunk/scp.0
===================================================================
--- trunk/scp.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/scp.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -14,9 +14,11 @@
as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if
they are needed for authentication.
- Any file name may contain a host and user specification to indicate that
- the file is to be copied to/from that host. Copies between two remote
- hosts are permitted.
+ File names may contain a user and host specification to indicate that the
+ file is to be copied to/from that host. Local file names can be made ex-
+ plicit using absolute or relative pathnames to avoid scp treating file
+ names containing `:' as host specifiers. Copies between two remote hosts
+ are also permitted.
The options are as follows:
@@ -43,8 +45,8 @@
This option is directly passed to ssh(1).
-i identity_file
- Selects the file from which the identity (private key) for RSA
- authentication is read. This option is directly passed to
+ Selects the file from which the identity (private key) for public
+ key authentication is read. This option is directly passed to
ssh(1).
-l limit
@@ -115,9 +117,11 @@
-p Preserves modification times, access times, and modes from the
original file.
- -q Disables the progress meter.
+ -q Quiet mode: disables the progress meter as well as warning and
+ diagnostic messages from ssh(1).
- -r Recursively copy entire directories.
+ -r Recursively copy entire directories. Note that scp follows sym-
+ bolic links encountered in the tree traversal.
-S program
Name of program to use for the encrypted connection. The program
@@ -141,4 +145,4 @@
Timo Rinne <tri at iki.fi>
Tatu Ylonen <ylo at cs.hut.fi>
-OpenBSD 4.2 August 8, 2007 3
+OpenBSD 4.4 July 12, 2008 3
Modified: trunk/scp.1
===================================================================
--- trunk/scp.1 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/scp.1 2009-06-23 21:31:15 UTC (rev 57)
@@ -9,9 +9,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.42 2007/08/06 19:16:06 sobrado Exp $
+.\" $OpenBSD: scp.1,v 1.46 2008/07/12 05:33:41 djm Exp $
.\"
-.Dd $Mdocdate: August 8 2007 $
+.Dd $Mdocdate: July 12 2008 $
.Dt SCP 1
.Os
.Sh NAME
@@ -56,9 +56,15 @@
will ask for passwords or passphrases if they are needed for
authentication.
.Pp
-Any file name may contain a host and user specification to indicate
+File names may contain a user and host specification to indicate
that the file is to be copied to/from that host.
-Copies between two remote hosts are permitted.
+Local file names can be made explicit using absolute or relative pathnames
+to avoid
+.Nm
+treating file names containing
+.Sq :\&
+as host specifiers.
+Copies between two remote hosts are also permitted.
.Pp
The options are as follows:
.Bl -tag -width Ds
@@ -98,7 +104,7 @@
This option is directly passed to
.Xr ssh 1 .
.It Fl i Ar identity_file
-Selects the file from which the identity (private key) for RSA
+Selects the file from which the identity (private key) for public key
authentication is read.
This option is directly passed to
.Xr ssh 1 .
@@ -178,9 +184,14 @@
Preserves modification times, access times, and modes from the
original file.
.It Fl q
-Disables the progress meter.
+Quiet mode: disables the progress meter as well as warning and diagnostic
+messages from
+.Xr ssh 1 .
.It Fl r
Recursively copy entire directories.
+Note that
+.Nm
+follows symbolic links encountered in the tree traversal.
.It Fl S Ar program
Name of
.Ar program
Modified: trunk/scp.c
===================================================================
--- trunk/scp.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/scp.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.160 2007/08/06 19:16:06 sobrado Exp $ */
+/* $OpenBSD: scp.c,v 1.163 2008/06/13 18:55:22 dtucker Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -78,6 +78,13 @@
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
+#ifdef HAVE_POLL_H
+#include <poll.h>
+#else
+# ifdef HAVE_SYS_POLL_H
+# include <sys/poll.h>
+# endif
+#endif
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
@@ -109,6 +116,8 @@
extern char *__progname;
+#define COPY_BUFLEN 16384
+
int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout);
void bwlimit(int);
@@ -290,6 +299,7 @@
void source(int, char *[]);
void tolocal(int, char *[]);
void toremote(char *, int, char *[]);
+size_t scpio(ssize_t (*)(int, void *, size_t), int, void *, size_t, off_t *);
void usage(void);
int
@@ -449,6 +459,43 @@
exit(errs != 0);
}
+/*
+ * atomicio-like wrapper that also applies bandwidth limits and updates
+ * the progressmeter counter.
+ */
+size_t
+scpio(ssize_t (*f)(int, void *, size_t), int fd, void *_p, size_t l, off_t *c)
+{
+ u_char *p = (u_char *)_p;
+ size_t offset;
+ ssize_t r;
+ struct pollfd pfd;
+
+ pfd.fd = fd;
+ pfd.events = f == read ? POLLIN : POLLOUT;
+ for (offset = 0; offset < l;) {
+ r = f(fd, p + offset, l - offset);
+ if (r == 0) {
+ errno = EPIPE;
+ return offset;
+ }
+ if (r < 0) {
+ if (errno == EINTR)
+ continue;
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ (void)poll(&pfd, 1, -1); /* Ignore errors */
+ continue;
+ }
+ return offset;
+ }
+ offset += (size_t)r;
+ *c += (off_t)r;
+ if (limit_rate)
+ bwlimit(r);
+ }
+ return offset;
+}
+
void
toremote(char *targ, int argc, char **argv)
{
@@ -590,8 +637,8 @@
struct stat stb;
static BUF buffer;
BUF *bp;
- off_t i, amt, statbytes;
- size_t result;
+ off_t i, statbytes;
+ size_t amt;
int fd = -1, haderr, indx;
char *last, *name, buf[2048], encname[MAXPATHLEN];
int len;
@@ -612,6 +659,10 @@
syserr: run_err("%s: %s", name, strerror(errno));
goto next;
}
+ if (stb.st_size < 0) {
+ run_err("%s: %s", name, "Negative file size");
+ goto next;
+ }
unset_nonblock(fd);
switch (stb.st_mode & S_IFMT) {
case S_IFREG:
@@ -637,8 +688,14 @@
* versions expecting microseconds.
*/
(void) snprintf(buf, sizeof buf, "T%lu 0 %lu 0\n",
- (u_long) stb.st_mtime,
- (u_long) stb.st_atime);
+ (u_long) (stb.st_mtime < 0 ? 0 : stb.st_mtime),
+ (u_long) (stb.st_atime < 0 ? 0 : stb.st_atime));
+ if (verbose_mode) {
+ fprintf(stderr, "File mtime %ld atime %ld\n",
+ (long)stb.st_mtime, (long)stb.st_atime);
+ fprintf(stderr, "Sending file timestamps: %s",
+ buf);
+ }
(void) atomicio(vwrite, remout, buf, strlen(buf));
if (response() < 0)
goto next;
@@ -653,7 +710,7 @@
(void) atomicio(vwrite, remout, buf, strlen(buf));
if (response() < 0)
goto next;
- if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) {
+ if ((bp = allocbuf(&buffer, fd, COPY_BUFLEN)) == NULL) {
next: if (fd != -1) {
(void) close(fd);
fd = -1;
@@ -662,27 +719,25 @@
}
if (showprogress)
start_progress_meter(curfile, stb.st_size, &statbytes);
- /* Keep writing after an error so that we stay sync'd up. */
+ set_nonblock(remout);
for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
amt = bp->cnt;
- if (i + amt > stb.st_size)
+ if (i + (off_t)amt > stb.st_size)
amt = stb.st_size - i;
if (!haderr) {
- result = atomicio(read, fd, bp->buf, amt);
- if (result != amt)
+ if (atomicio(read, fd, bp->buf, amt) != amt)
haderr = errno;
}
- if (haderr)
- (void) atomicio(vwrite, remout, bp->buf, amt);
- else {
- result = atomicio(vwrite, remout, bp->buf, amt);
- if (result != amt)
- haderr = errno;
- statbytes += result;
+ /* Keep writing after error to retain sync */
+ if (haderr) {
+ (void)atomicio(vwrite, remout, bp->buf, amt);
+ continue;
}
- if (limit_rate)
- bwlimit(amt);
+ if (scpio(vwrite, remout, bp->buf, amt,
+ &statbytes) != amt)
+ haderr = errno;
}
+ unset_nonblock(remout);
if (showprogress)
stop_progress_meter();
@@ -788,10 +843,10 @@
thresh /= 2;
if (thresh < 2048)
thresh = 2048;
- } else if (bwend.tv_usec < 100) {
+ } else if (bwend.tv_usec < 10000) {
thresh *= 2;
- if (thresh > 32768)
- thresh = 32768;
+ if (thresh > COPY_BUFLEN * 4)
+ thresh = COPY_BUFLEN * 4;
}
TIMEVAL_TO_TIMESPEC(&bwend, &ts);
@@ -982,7 +1037,7 @@
continue;
}
(void) atomicio(vwrite, remout, "", 1);
- if ((bp = allocbuf(&buffer, ofd, 4096)) == NULL) {
+ if ((bp = allocbuf(&buffer, ofd, COPY_BUFLEN)) == NULL) {
(void) close(ofd);
continue;
}
@@ -992,26 +1047,24 @@
statbytes = 0;
if (showprogress)
start_progress_meter(curfile, size, &statbytes);
- for (count = i = 0; i < size; i += 4096) {
- amt = 4096;
+ set_nonblock(remin);
+ for (count = i = 0; i < size; i += bp->cnt) {
+ amt = bp->cnt;
if (i + amt > size)
amt = size - i;
count += amt;
do {
- j = atomicio(read, remin, cp, amt);
+ j = scpio(read, remin, cp, amt, &statbytes);
if (j == 0) {
- run_err("%s", j ? strerror(errno) :
+ run_err("%s", j != EPIPE ?
+ strerror(errno) :
"dropped connection");
exit(1);
}
amt -= j;
cp += j;
- statbytes += j;
} while (amt > 0);
- if (limit_rate)
- bwlimit(4096);
-
if (count == bp->cnt) {
/* Keep reading so we stay sync'd up. */
if (wrerr == NO) {
@@ -1025,6 +1078,7 @@
cp = bp->buf;
}
}
+ unset_nonblock(remin);
if (showprogress)
stop_progress_meter();
if (count != 0 && wrerr == NO &&
Modified: trunk/servconf.c
===================================================================
--- trunk/servconf.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/servconf.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.172 2007/04/23 10:15:39 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.186 2008/07/04 03:44:59 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -23,7 +23,9 @@
#include <signal.h>
#include <unistd.h>
#include <stdarg.h>
+#include <errno.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "log.h"
@@ -102,6 +104,7 @@
options->use_login = -1;
options->compression = -1;
options->allow_tcp_forwarding = -1;
+ options->allow_agent_forwarding = -1;
options->num_allow_users = 0;
options->num_deny_users = 0;
options->num_allow_groups = 0;
@@ -115,6 +118,7 @@
options->max_startups_rate = -1;
options->max_startups = -1;
options->max_authtries = -1;
+ options->max_sessions = -1;
options->banner = NULL;
options->use_dns = -1;
options->client_alive_interval = -1;
@@ -125,6 +129,7 @@
options->permit_tun = -1;
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
+ options->chroot_directory = NULL;
}
void
@@ -156,7 +161,7 @@
if (options->pid_file == NULL)
options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
if (options->server_key_bits == -1)
- options->server_key_bits = 768;
+ options->server_key_bits = 1024;
if (options->login_grace_time == -1)
options->login_grace_time = 120;
if (options->key_regeneration_time == -1)
@@ -231,6 +236,8 @@
options->compression = COMP_DELAYED;
if (options->allow_tcp_forwarding == -1)
options->allow_tcp_forwarding = 1;
+ if (options->allow_agent_forwarding == -1)
+ options->allow_agent_forwarding = 1;
if (options->gateway_ports == -1)
options->gateway_ports = 0;
if (options->max_startups == -1)
@@ -241,6 +248,8 @@
options->max_startups_begin = options->max_startups;
if (options->max_authtries == -1)
options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
+ if (options->max_sessions == -1)
+ options->max_sessions = DEFAULT_SESSIONS_MAX;
if (options->use_dns == -1)
options->use_dns = 1;
if (options->client_alive_interval == -1)
@@ -295,15 +304,15 @@
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
- sMaxStartups, sMaxAuthTries,
+ sMaxStartups, sMaxAuthTries, sMaxSessions,
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
sGssKeyEx,
sAcceptEnv, sPermitTunnel,
- sMatch, sPermitOpen, sForceCommand,
- sUsePrivilegeSeparation,
+ sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -332,7 +341,7 @@
{ "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
{ "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL },
- { "permitrootlogin", sPermitRootLogin, SSHCFG_GLOBAL },
+ { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
{ "loglevel", sLogLevel, SSHCFG_GLOBAL },
{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
@@ -398,6 +407,7 @@
{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
+ { "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
{ "allowusers", sAllowUsers, SSHCFG_GLOBAL },
{ "denyusers", sDenyUsers, SSHCFG_GLOBAL },
{ "allowgroups", sAllowGroups, SSHCFG_GLOBAL },
@@ -408,7 +418,8 @@
{ "gatewayports", sGatewayPorts, SSHCFG_ALL },
{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
- { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
+ { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
+ { "maxsessions", sMaxSessions, SSHCFG_ALL },
{ "banner", sBanner, SSHCFG_ALL },
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
@@ -423,9 +434,21 @@
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
+ { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
+static struct {
+ int val;
+ char *text;
+} tunmode_desc[] = {
+ { SSH_TUNMODE_NO, "no" },
+ { SSH_TUNMODE_POINTOPOINT, "point-to-point" },
+ { SSH_TUNMODE_ETHERNET, "ethernet" },
+ { SSH_TUNMODE_YES, "yes" },
+ { -1, NULL }
+};
+
/*
* Returns the number of the token pointed to by cp or sBadOption.
*/
@@ -478,7 +501,7 @@
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
fatal("bad addr or host: %s (%s)",
addr ? addr : "<NULL>",
- gai_strerror(gaierr));
+ ssh_gai_strerror(gaierr));
for (ai = aitop; ai->ai_next; ai = ai->ai_next)
;
ai->ai_next = options->listen_addrs;
@@ -522,24 +545,8 @@
match_cfg_line_group(const char *grps, int line, const char *user)
{
int result = 0;
- u_int ngrps = 0;
- char *arg, *p, *cp, *grplist[MAX_MATCH_GROUPS];
struct passwd *pw;
- /*
- * Even if we do not have a user yet, we still need to check for
- * valid syntax.
- */
- arg = cp = xstrdup(grps);
- while ((p = strsep(&cp, ",")) != NULL && *p != '\0') {
- if (ngrps >= MAX_MATCH_GROUPS) {
- error("line %d: too many groups in Match Group", line);
- result = -1;
- goto out;
- }
- grplist[ngrps++] = p;
- }
-
if (user == NULL)
goto out;
@@ -549,17 +556,16 @@
} else if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
debug("Can't Match group because user %.100s not in any group "
"at line %d", user, line);
- } else if (ga_match(grplist, ngrps) != 1) {
- debug("user %.100s does not match group %.100s at line %d",
- user, arg, line);
+ } else if (ga_match_pattern_list(grps) != 1) {
+ debug("user %.100s does not match group list %.100s at line %d",
+ user, grps, line);
} else {
- debug("user %.100s matched group %.100s at line %d", user,
- arg, line);
+ debug("user %.100s matched group list %.100s at line %d", user,
+ grps, line);
result = 1;
}
out:
ga_free();
- xfree(arg);
return result;
}
@@ -612,15 +618,18 @@
debug("connection from %.100s matched 'Host "
"%.100s' at line %d", host, arg, line);
} else if (strcasecmp(attrib, "address") == 0) {
- if (!address) {
+ switch (addr_match_list(address, arg)) {
+ case 1:
+ debug("connection from %.100s matched 'Address "
+ "%.100s' at line %d", address, arg, line);
+ break;
+ case 0:
+ case -1:
result = 0;
- continue;
+ break;
+ case -2:
+ return -1;
}
- if (match_hostname(address, arg, len) != 1)
- result = 0;
- else
- debug("connection from %.100s matched 'Address "
- "%.100s' at line %d", address, arg, line);
} else {
error("Unsupported Match attribute %s", attrib);
return -1;
@@ -641,6 +650,8 @@
{
char *cp, **charptr, *arg, *p;
int cmdline = 0, *intptr, value, n;
+ SyslogFacility *log_facility_ptr;
+ LogLevel *log_level_ptr;
ServerOpCodes opcode;
u_short port;
u_int i, flags = 0;
@@ -706,7 +717,7 @@
case sServerKeyBits:
intptr = &options->server_key_bits;
-parse_int:
+ parse_int:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing integer value.",
@@ -718,7 +729,7 @@
case sLoginGraceTime:
intptr = &options->login_grace_time;
-parse_time:
+ parse_time:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing time value.",
@@ -787,7 +798,7 @@
fatal("%s line %d: too many host keys specified (max %d).",
filename, linenum, MAX_HOSTKEYS);
charptr = &options->host_key_files[*intptr];
-parse_filename:
+ parse_filename:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing file name.",
@@ -824,13 +835,13 @@
fatal("%s line %d: Bad yes/"
"without-password/forced-commands-only/no "
"argument: %s", filename, linenum, arg);
- if (*intptr == -1)
+ if (*activep && *intptr == -1)
*intptr = value;
break;
case sIgnoreRhosts:
intptr = &options->ignore_rhosts;
-parse_flag:
+ parse_flag:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing yes/no argument.",
@@ -1008,31 +1019,35 @@
goto parse_flag;
case sLogFacility:
- intptr = (int *) &options->log_facility;
+ log_facility_ptr = &options->log_facility;
arg = strdelim(&cp);
value = log_facility_number(arg);
if (value == SYSLOG_FACILITY_NOT_SET)
fatal("%.200s line %d: unsupported log facility '%s'",
filename, linenum, arg ? arg : "<NONE>");
- if (*intptr == -1)
- *intptr = (SyslogFacility) value;
+ if (*log_facility_ptr == -1)
+ *log_facility_ptr = (SyslogFacility) value;
break;
case sLogLevel:
- intptr = (int *) &options->log_level;
+ log_level_ptr = &options->log_level;
arg = strdelim(&cp);
value = log_level_number(arg);
if (value == SYSLOG_LEVEL_NOT_SET)
fatal("%.200s line %d: unsupported log level '%s'",
filename, linenum, arg ? arg : "<NONE>");
- if (*intptr == -1)
- *intptr = (LogLevel) value;
+ if (*log_level_ptr == -1)
+ *log_level_ptr = (LogLevel) value;
break;
case sAllowTcpForwarding:
intptr = &options->allow_tcp_forwarding;
goto parse_flag;
+ case sAllowAgentForwarding:
+ intptr = &options->allow_agent_forwarding;
+ goto parse_flag;
+
case sUsePrivilegeSeparation:
intptr = &use_privsep;
goto parse_flag;
@@ -1174,9 +1189,14 @@
intptr = &options->max_authtries;
goto parse_int;
+ case sMaxSessions:
+ intptr = &options->max_sessions;
+ goto parse_int;
+
case sBanner:
charptr = &options->banner;
goto parse_filename;
+
/*
* These options can contain %X options expanded at
* connect time, so that you can specify paths like:
@@ -1219,16 +1239,13 @@
if (!arg || *arg == '\0')
fatal("%s line %d: Missing yes/point-to-point/"
"ethernet/no argument.", filename, linenum);
- value = 0; /* silence compiler */
- if (strcasecmp(arg, "ethernet") == 0)
- value = SSH_TUNMODE_ETHERNET;
- else if (strcasecmp(arg, "point-to-point") == 0)
- value = SSH_TUNMODE_POINTOPOINT;
- else if (strcasecmp(arg, "yes") == 0)
- value = SSH_TUNMODE_YES;
- else if (strcasecmp(arg, "no") == 0)
- value = SSH_TUNMODE_NO;
- else
+ value = -1;
+ for (i = 0; tunmode_desc[i].val != -1; i++)
+ if (strcmp(tunmode_desc[i].text, arg) == 0) {
+ value = tunmode_desc[i].val;
+ break;
+ }
+ if (value == -1)
fatal("%s line %d: Bad yes/point-to-point/ethernet/"
"no argument: %s", filename, linenum, arg);
if (*intptr == -1)
@@ -1285,6 +1302,17 @@
options->adm_forced_command = xstrdup(cp + len);
return 0;
+ case sChrootDirectory:
+ charptr = &options->chroot_directory;
+
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing file name.",
+ filename, linenum);
+ if (*activep && *charptr == NULL)
+ *charptr = xstrdup(arg);
+ break;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
@@ -1381,17 +1409,22 @@
M_CP_INTOPT(kerberos_authentication);
M_CP_INTOPT(hostbased_authentication);
M_CP_INTOPT(kbd_interactive_authentication);
+ M_CP_INTOPT(permit_root_login);
M_CP_INTOPT(allow_tcp_forwarding);
+ M_CP_INTOPT(allow_agent_forwarding);
M_CP_INTOPT(gateway_ports);
M_CP_INTOPT(x11_display_offset);
M_CP_INTOPT(x11_forwarding);
M_CP_INTOPT(x11_use_localhost);
+ M_CP_INTOPT(max_sessions);
+ M_CP_INTOPT(max_authtries);
M_CP_STROPT(banner);
if (preauth)
return;
M_CP_STROPT(adm_forced_command);
+ M_CP_STROPT(chroot_directory);
}
#undef M_CP_INTOPT
@@ -1419,3 +1452,216 @@
fatal("%s: terminating, %d bad configuration options",
filename, bad_options);
}
+
+static const char *
+fmt_intarg(ServerOpCodes code, int val)
+{
+ if (code == sAddressFamily) {
+ switch (val) {
+ case AF_INET:
+ return "inet";
+ case AF_INET6:
+ return "inet6";
+ case AF_UNSPEC:
+ return "any";
+ default:
+ return "UNKNOWN";
+ }
+ }
+ if (code == sPermitRootLogin) {
+ switch (val) {
+ case PERMIT_NO_PASSWD:
+ return "without-passord";
+ case PERMIT_FORCED_ONLY:
+ return "forced-commands-only";
+ case PERMIT_YES:
+ return "yes";
+ }
+ }
+ if (code == sProtocol) {
+ switch (val) {
+ case SSH_PROTO_1:
+ return "1";
+ case SSH_PROTO_2:
+ return "2";
+ case (SSH_PROTO_1|SSH_PROTO_2):
+ return "2,1";
+ default:
+ return "UNKNOWN";
+ }
+ }
+ if (code == sGatewayPorts && val == 2)
+ return "clientspecified";
+ if (code == sCompression && val == COMP_DELAYED)
+ return "delayed";
+ switch (val) {
+ case -1:
+ return "unset";
+ case 0:
+ return "no";
+ case 1:
+ return "yes";
+ }
+ return "UNKNOWN";
+}
+
+static const char *
+lookup_opcode_name(ServerOpCodes code)
+{
+ u_int i;
+
+ for (i = 0; keywords[i].name != NULL; i++)
+ if (keywords[i].opcode == code)
+ return(keywords[i].name);
+ return "UNKNOWN";
+}
+
+static void
+dump_cfg_int(ServerOpCodes code, int val)
+{
+ printf("%s %d\n", lookup_opcode_name(code), val);
+}
+
+static void
+dump_cfg_fmtint(ServerOpCodes code, int val)
+{
+ printf("%s %s\n", lookup_opcode_name(code), fmt_intarg(code, val));
+}
+
+static void
+dump_cfg_string(ServerOpCodes code, const char *val)
+{
+ if (val == NULL)
+ return;
+ printf("%s %s\n", lookup_opcode_name(code), val);
+}
+
+static void
+dump_cfg_strarray(ServerOpCodes code, u_int count, char **vals)
+{
+ u_int i;
+
+ for (i = 0; i < count; i++)
+ printf("%s %s\n", lookup_opcode_name(code), vals[i]);
+}
+
+void
+dump_config(ServerOptions *o)
+{
+ u_int i;
+ int ret;
+ struct addrinfo *ai;
+ char addr[NI_MAXHOST], port[NI_MAXSERV], *s = NULL;
+
+ /* these are usually at the top of the config */
+ for (i = 0; i < o->num_ports; i++)
+ printf("port %d\n", o->ports[i]);
+ dump_cfg_fmtint(sProtocol, o->protocol);
+ dump_cfg_fmtint(sAddressFamily, o->address_family);
+
+ /* ListenAddress must be after Port */
+ for (ai = o->listen_addrs; ai; ai = ai->ai_next) {
+ if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
+ sizeof(addr), port, sizeof(port),
+ NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
+ error("getnameinfo failed: %.100s",
+ (ret != EAI_SYSTEM) ? gai_strerror(ret) :
+ strerror(errno));
+ } else {
+ if (ai->ai_family == AF_INET6)
+ printf("listenaddress [%s]:%s\n", addr, port);
+ else
+ printf("listenaddress %s:%s\n", addr, port);
+ }
+ }
+
+ /* integer arguments */
+ dump_cfg_int(sServerKeyBits, o->server_key_bits);
+ dump_cfg_int(sLoginGraceTime, o->login_grace_time);
+ dump_cfg_int(sKeyRegenerationTime, o->key_regeneration_time);
+ dump_cfg_int(sX11DisplayOffset, o->x11_display_offset);
+ dump_cfg_int(sMaxAuthTries, o->max_authtries);
+ dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
+ dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
+
+ /* formatted integer arguments */
+ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
+ dump_cfg_fmtint(sIgnoreRhosts, o->ignore_rhosts);
+ dump_cfg_fmtint(sIgnoreUserKnownHosts, o->ignore_user_known_hosts);
+ dump_cfg_fmtint(sRhostsRSAAuthentication, o->rhosts_rsa_authentication);
+ dump_cfg_fmtint(sHostbasedAuthentication, o->hostbased_authentication);
+ dump_cfg_fmtint(sHostbasedUsesNameFromPacketOnly,
+ o->hostbased_uses_name_from_packet_only);
+ dump_cfg_fmtint(sRSAAuthentication, o->rsa_authentication);
+ dump_cfg_fmtint(sPubkeyAuthentication, o->pubkey_authentication);
+ dump_cfg_fmtint(sKerberosAuthentication, o->kerberos_authentication);
+ dump_cfg_fmtint(sKerberosOrLocalPasswd, o->kerberos_or_local_passwd);
+ dump_cfg_fmtint(sKerberosTicketCleanup, o->kerberos_ticket_cleanup);
+ dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
+ dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
+ dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
+ dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
+ dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
+ dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
+ dump_cfg_fmtint(sKbdInteractiveAuthentication,
+ o->kbd_interactive_authentication);
+ dump_cfg_fmtint(sChallengeResponseAuthentication,
+ o->challenge_response_authentication);
+ dump_cfg_fmtint(sPrintMotd, o->print_motd);
+ dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
+ dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
+ dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
+ dump_cfg_fmtint(sStrictModes, o->strict_modes);
+ dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
+ dump_cfg_fmtint(sPermitBlacklistedKeys, o->permit_blacklisted_keys);
+ dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
+ dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
+ dump_cfg_fmtint(sUseLogin, o->use_login);
+ dump_cfg_fmtint(sCompression, o->compression);
+ dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
+ dump_cfg_fmtint(sUseDNS, o->use_dns);
+ dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
+ dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
+
+ /* string arguments */
+ dump_cfg_string(sPidFile, o->pid_file);
+ dump_cfg_string(sXAuthLocation, o->xauth_location);
+ dump_cfg_string(sCiphers, o->ciphers);
+ dump_cfg_string(sMacs, o->macs);
+ dump_cfg_string(sBanner, o->banner);
+ dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
+ dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
+ dump_cfg_string(sForceCommand, o->adm_forced_command);
+
+ /* string arguments requiring a lookup */
+ dump_cfg_string(sLogLevel, log_level_name(o->log_level));
+ dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
+
+ /* string array arguments */
+ dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
+ o->host_key_files);
+ dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
+ dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
+ dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
+ dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
+ dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
+
+ /* other arguments */
+ for (i = 0; i < o->num_subsystems; i++)
+ printf("subsystem %s %s\n", o->subsystem_name[i],
+ o->subsystem_args[i]);
+
+ printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
+ o->max_startups_rate, o->max_startups);
+
+ for (i = 0; tunmode_desc[i].val != -1; i++)
+ if (tunmode_desc[i].val == o->permit_tun) {
+ s = tunmode_desc[i].text;
+ break;
+ }
+ dump_cfg_string(sPermitTunnel, s);
+
+ printf("permitopen");
+ channel_print_adm_permitted_opens();
+ printf("\n");
+}
Modified: trunk/servconf.h
===================================================================
--- trunk/servconf.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/servconf.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.80 2007/02/19 10:45:58 dtucker Exp $ */
+/* $OpenBSD: servconf.h,v 1.85 2008/06/10 04:50:25 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -35,7 +35,11 @@
#define PERMIT_YES 3
#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
+#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
+/* Magic name for internal sftp-server */
+#define INTERNAL_SFTP_NAME "internal-sftp"
+
typedef struct {
u_int num_ports;
u_int ports_from_cmdline;
@@ -101,6 +105,7 @@
int use_login; /* If true, login(1) is used */
int compression; /* If true, compression is allowed */
int allow_tcp_forwarding;
+ int allow_agent_forwarding;
u_int num_allow_users;
char *allow_users[MAX_ALLOW_USERS];
u_int num_deny_users;
@@ -122,6 +127,7 @@
int max_startups_rate;
int max_startups;
int max_authtries;
+ int max_sessions;
char *banner; /* SSH-2 banner message */
int use_dns;
int client_alive_interval; /*
@@ -144,6 +150,8 @@
int permit_tun;
int num_permitted_opens;
+
+ char *chroot_directory;
} ServerOptions;
void initialize_server_options(ServerOptions *);
@@ -156,5 +164,6 @@
void parse_server_match_config(ServerOptions *, const char *, const char *,
const char *);
void copy_set_server_options(ServerOptions *, ServerOptions *, int);
+void dump_config(ServerOptions *);
#endif /* SERVCONF_H */
Modified: trunk/serverloop.c
===================================================================
--- trunk/serverloop.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/serverloop.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.145 2006/10/11 12:38:03 markus Exp $ */
+/* $OpenBSD: serverloop.c,v 1.153 2008/06/30 12:15:39 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -56,6 +56,7 @@
#include <unistd.h>
#include <stdarg.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
@@ -104,7 +105,7 @@
static int connection_out; /* Connection to client (output). */
static int connection_closed = 0; /* Connection to client closed. */
static u_int buffer_high; /* "Soft" max buffer size. */
-static int client_alive_timeouts = 0;
+static int no_more_sessions = 0; /* Disallow further sessions. */
/*
* This SIGCHLD kludge is used to detect when the child exits. The server
@@ -248,7 +249,7 @@
int channel_id;
/* timeout, check to see how many we have had */
- if (++client_alive_timeouts > options.client_alive_count_max) {
+ if (++keep_alive_timeouts > options.client_alive_count_max) {
logit("Timeout, client not responding.");
cleanup_exit(255);
}
@@ -399,7 +400,8 @@
return;
cleanup_exit(255);
} else if (len < 0) {
- if (errno != EINTR && errno != EAGAIN) {
+ if (errno != EINTR && errno != EAGAIN &&
+ errno != EWOULDBLOCK) {
verbose("Read error from remote host "
"%.100s: %.100s",
get_remote_ipaddr(), strerror(errno));
@@ -417,8 +419,8 @@
if (!fdout_eof && FD_ISSET(fdout, readset)) {
errno = 0;
len = read(fdout, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR ||
- (errno == EAGAIN && !child_terminated))) {
+ if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+ errno == EWOULDBLOCK) && !child_terminated))) {
/* do nothing */
#ifndef PTY_ZEROREAD
} else if (len <= 0) {
@@ -436,8 +438,8 @@
if (!fderr_eof && FD_ISSET(fderr, readset)) {
errno = 0;
len = read(fderr, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR ||
- (errno == EAGAIN && !child_terminated))) {
+ if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
+ errno == EWOULDBLOCK) && !child_terminated))) {
/* do nothing */
#ifndef PTY_ZEROREAD
} else if (len <= 0) {
@@ -468,7 +470,8 @@
data = buffer_ptr(&stdin_buffer);
dlen = buffer_len(&stdin_buffer);
len = write(fdin, data, dlen);
- if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ if (len < 0 &&
+ (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) {
/* do nothing */
} else if (len <= 0) {
if (fdin != fdout)
@@ -887,7 +890,7 @@
* even if this was generated by something other than
* the bogus CHANNEL_REQUEST we send for keepalives.
*/
- client_alive_timeouts = 0;
+ keep_alive_timeouts = 0;
}
static void
@@ -938,7 +941,6 @@
server_request_direct_tcpip(void)
{
Channel *c;
- int sock;
char *target, *originator;
int target_port, originator_port;
@@ -948,18 +950,16 @@
originator_port = packet_get_int();
packet_check_eom();
- debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
- originator, originator_port, target, target_port);
+ debug("server_request_direct_tcpip: originator %s port %d, target %s "
+ "port %d", originator, originator_port, target, target_port);
/* XXX check permission */
- sock = channel_connect_to(target, target_port);
+ c = channel_connect_to(target, target_port,
+ "direct-tcpip", "direct-tcpip");
+
+ xfree(originator);
xfree(target);
- xfree(originator);
- if (sock < 0)
- return NULL;
- c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
- sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
- CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
+
return c;
}
@@ -1000,7 +1000,7 @@
#if defined(SSH_TUN_FILTER)
if (mode == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
- sys_tun_outfilter);
+ sys_tun_outfilter, NULL, NULL);
#endif
done:
@@ -1016,6 +1016,12 @@
debug("input_session_request");
packet_check_eom();
+
+ if (no_more_sessions) {
+ packet_disconnect("Possible attack: attempt to open a session "
+ "after additional sessions disabled");
+ }
+
/*
* A server session has no fd to read or write until a
* CHANNEL_REQUEST for a shell is made, so we set the type to
@@ -1136,6 +1142,9 @@
success = channel_cancel_rport_listener(cancel_address,
cancel_port);
xfree(cancel_address);
+ } else if (strcmp(rtype, "no-more-sessions at openssh.com") == 0) {
+ no_more_sessions = 1;
+ success = 1;
}
if (want_reply) {
packet_start(success ?
@@ -1163,7 +1172,11 @@
if ((c = channel_lookup(id)) == NULL)
packet_disconnect("server_input_channel_req: "
"unknown channel %d", id);
- if (c->type == SSH_CHANNEL_LARVAL || c->type == SSH_CHANNEL_OPEN)
+ if (!strcmp(rtype, "eow at openssh.com")) {
+ packet_check_eom();
+ chan_rcvd_eow(c);
+ } else if ((c->type == SSH_CHANNEL_LARVAL ||
+ c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0)
success = session_input_channel_req(c, rtype);
if (reply) {
packet_start(success ?
@@ -1189,8 +1202,9 @@
dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
+ dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm);
+ dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm);
/* client_alive */
- dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
/* rekeying */
Modified: trunk/session.c
===================================================================
--- trunk/session.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/session.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.221 2007/01/21 01:41:54 stevesk Exp $ */
+/* $OpenBSD: session.c,v 1.241 2008/06/16 13:22:53 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -59,6 +59,7 @@
#include <string.h>
#include <unistd.h>
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
@@ -84,9 +85,11 @@
#include "sshlogin.h"
#include "serverloop.h"
#include "canohost.h"
+#include "misc.h"
#include "session.h"
#include "kex.h"
#include "monitor_wrap.h"
+#include "sftp.h"
#if defined(KRB5) && defined(USE_AFS)
#include <kafs.h>
@@ -95,13 +98,13 @@
/* func */
Session *session_new(void);
-void session_set_fds(Session *, int, int, int);
+void session_set_fds(Session *, int, int, int, int);
void session_pty_cleanup(Session *);
void session_proctitle(Session *);
int session_setup_x11fwd(Session *);
-void do_exec_pty(Session *, const char *);
-void do_exec_no_pty(Session *, const char *);
-void do_exec(Session *, const char *);
+int do_exec_pty(Session *, const char *);
+int do_exec_no_pty(Session *, const char *);
+int do_exec(Session *, const char *);
void do_login(Session *, const char *);
#ifdef LOGIN_NEEDS_UTMPX
static void do_pre_login(Session *s);
@@ -129,9 +132,14 @@
const char *original_command = NULL;
/* data */
-#define MAX_SESSIONS 64
-Session sessions[MAX_SESSIONS];
+static int sessions_first_unused = -1;
+static int sessions_nalloc = 0;
+static Session *sessions = NULL;
+#define SUBSYSTEM_NONE 0
+#define SUBSYSTEM_EXT 1
+#define SUBSYSTEM_INT_SFTP 2
+
#ifdef HAVE_LOGIN_CAP
login_cap_t *lc;
#endif
@@ -160,7 +168,7 @@
auth_input_request_forwarding(struct passwd * pw)
{
Channel *nc;
- int sock;
+ int sock = -1;
struct sockaddr_un sunaddr;
if (auth_sock_name != NULL) {
@@ -172,43 +180,48 @@
temporarily_use_uid(pw);
/* Allocate a buffer for the socket name, and format the name. */
- auth_sock_name = xmalloc(MAXPATHLEN);
- auth_sock_dir = xmalloc(MAXPATHLEN);
- strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
+ auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");
/* Create private directory for socket */
if (mkdtemp(auth_sock_dir) == NULL) {
packet_send_debug("Agent forwarding disabled: "
"mkdtemp() failed: %.100s", strerror(errno));
restore_uid();
- xfree(auth_sock_name);
xfree(auth_sock_dir);
- auth_sock_name = NULL;
auth_sock_dir = NULL;
- return 0;
+ goto authsock_err;
}
- snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%ld",
- auth_sock_dir, (long) getpid());
+ xasprintf(&auth_sock_name, "%s/agent.%ld",
+ auth_sock_dir, (long) getpid());
+
/* Create the socket. */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
- if (sock < 0)
- packet_disconnect("socket: %.100s", strerror(errno));
+ if (sock < 0) {
+ error("socket: %.100s", strerror(errno));
+ restore_uid();
+ goto authsock_err;
+ }
/* Bind it to the name. */
memset(&sunaddr, 0, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, auth_sock_name, sizeof(sunaddr.sun_path));
- if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0)
- packet_disconnect("bind: %.100s", strerror(errno));
+ if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
+ error("bind: %.100s", strerror(errno));
+ restore_uid();
+ goto authsock_err;
+ }
/* Restore the privileged uid. */
restore_uid();
/* Start listening on the socket. */
- if (listen(sock, SSH_LISTEN_BACKLOG) < 0)
- packet_disconnect("listen: %.100s", strerror(errno));
+ if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
+ error("listen: %.100s", strerror(errno));
+ goto authsock_err;
+ }
/* Allocate a channel for the authentication agent socket. */
nc = channel_new("auth socket",
@@ -217,6 +230,19 @@
0, "auth socket", 1);
strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
return 1;
+
+ authsock_err:
+ if (auth_sock_name != NULL)
+ xfree(auth_sock_name);
+ if (auth_sock_dir != NULL) {
+ rmdir(auth_sock_dir);
+ xfree(auth_sock_dir);
+ }
+ if (sock != -1)
+ close(sock);
+ auth_sock_name = NULL;
+ auth_sock_dir = NULL;
+ return 0;
}
static void
@@ -329,7 +355,8 @@
break;
case SSH_CMSG_AGENT_REQUEST_FORWARDING:
- if (no_agent_forwarding_flag || compat13) {
+ if (!options.allow_agent_forwarding ||
+ no_agent_forwarding_flag || compat13) {
debug("Authentication agent forwarding not permitted for this authentication.");
break;
}
@@ -365,10 +392,14 @@
if (type == SSH_CMSG_EXEC_CMD) {
command = packet_get_string(&dlen);
debug("Exec command '%.500s'", command);
- do_exec(s, command);
+ if (do_exec(s, command) != 0)
+ packet_disconnect(
+ "command execution failed");
xfree(command);
} else {
- do_exec(s, NULL);
+ if (do_exec(s, NULL) != 0)
+ packet_disconnect(
+ "shell execution failed");
}
packet_check_eom();
session_close(s);
@@ -393,46 +424,84 @@
}
}
+#define USE_PIPES
/*
* This is called to fork and execute a command when we have no tty. This
* will call do_child from the child, and server_loop from the parent after
* setting up file descriptors and such.
*/
-void
+int
do_exec_no_pty(Session *s, const char *command)
{
pid_t pid;
#ifdef USE_PIPES
int pin[2], pout[2], perr[2];
+
/* Allocate pipes for communicating with the program. */
- if (pipe(pin) < 0 || pipe(pout) < 0 || pipe(perr) < 0)
- packet_disconnect("Could not create pipes: %.100s",
- strerror(errno));
-#else /* USE_PIPES */
+ if (pipe(pin) < 0) {
+ error("%s: pipe in: %.100s", __func__, strerror(errno));
+ return -1;
+ }
+ if (pipe(pout) < 0) {
+ error("%s: pipe out: %.100s", __func__, strerror(errno));
+ close(pin[0]);
+ close(pin[1]);
+ return -1;
+ }
+ if (pipe(perr) < 0) {
+ error("%s: pipe err: %.100s", __func__, strerror(errno));
+ close(pin[0]);
+ close(pin[1]);
+ close(pout[0]);
+ close(pout[1]);
+ return -1;
+ }
+#else
int inout[2], err[2];
+
/* Uses socket pairs to communicate with the program. */
- if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0 ||
- socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0)
- packet_disconnect("Could not create socket pairs: %.100s",
- strerror(errno));
-#endif /* USE_PIPES */
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) {
+ error("%s: socketpair #1: %.100s", __func__, strerror(errno));
+ return -1;
+ }
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
+ error("%s: socketpair #2: %.100s", __func__, strerror(errno));
+ close(inout[0]);
+ close(inout[1]);
+ return -1;
+ }
+#endif
+
if (s == NULL)
fatal("do_exec_no_pty: no session");
session_proctitle(s);
-#if defined(USE_PAM)
- if (options.use_pam && !use_privsep)
- do_pam_setcred(1);
-#endif /* USE_PAM */
-
/* Fork the child. */
- if ((pid = fork()) == 0) {
+ switch ((pid = fork())) {
+ case -1:
+ error("%s: fork: %.100s", __func__, strerror(errno));
+#ifdef USE_PIPES
+ close(pin[0]);
+ close(pin[1]);
+ close(pout[0]);
+ close(pout[1]);
+ close(perr[0]);
+ close(perr[1]);
+#else
+ close(inout[0]);
+ close(inout[1]);
+ close(err[0]);
+ close(err[1]);
+#endif
+ return -1;
+ case 0:
is_child = 1;
/* Child. Reinitialize the log since the pid has changed. */
- log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ log_init(__progname, options.log_level,
+ options.log_facility, log_stderr);
/*
* Create a new session and process group since the 4.4BSD
@@ -462,7 +531,7 @@
if (dup2(perr[1], 2) < 0)
perror("dup2 stderr");
close(perr[1]);
-#else /* USE_PIPES */
+#else
/*
* Redirect stdin, stdout, and stderr. Stdin and stdout will
* use the same socket, as some programs (particularly rdist)
@@ -472,12 +541,15 @@
close(err[1]);
if (dup2(inout[0], 0) < 0) /* stdin */
perror("dup2 stdin");
- if (dup2(inout[0], 1) < 0) /* stdout. Note: same socket as stdin. */
+ if (dup2(inout[0], 1) < 0) /* stdout (same as stdin) */
perror("dup2 stdout");
+ close(inout[0]);
if (dup2(err[0], 2) < 0) /* stderr */
perror("dup2 stderr");
-#endif /* USE_PIPES */
+ close(err[0]);
+#endif
+
#ifdef _UNICOS
cray_init_job(s->pw); /* set up cray jid and tmpdir */
#endif
@@ -485,7 +557,10 @@
/* Do processing for the child (exec command etc). */
do_child(s, command);
/* NOTREACHED */
+ default:
+ break;
}
+
#ifdef _UNICOS
signal(WJSIGNAL, cray_job_termination_handler);
#endif /* _UNICOS */
@@ -493,11 +568,18 @@
if (is_winnt)
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
#endif
- if (pid < 0)
- packet_disconnect("fork failed: %.100s", strerror(errno));
+
s->pid = pid;
/* Set interactive/non-interactive mode. */
packet_set_interactive(s->display != NULL);
+
+ /*
+ * Clear loginmsg, since it's the child's responsibility to display
+ * it to the user, otherwise multiple sessions may accumulate
+ * multiple copies of the login messages.
+ */
+ buffer_clear(&loginmsg);
+
#ifdef USE_PIPES
/* We are the parent. Close the child sides of the pipes. */
close(pin[0]);
@@ -509,35 +591,32 @@
close(perr[0]);
perr[0] = -1;
}
- session_set_fds(s, pin[1], pout[0], perr[0]);
+ session_set_fds(s, pin[1], pout[0], perr[0], 0);
} else {
/* Enter the interactive session. */
server_loop(pid, pin[1], pout[0], perr[0]);
/* server_loop has closed pin[1], pout[0], and perr[0]. */
}
-#else /* USE_PIPES */
+#else
/* We are the parent. Close the child sides of the socket pairs. */
close(inout[0]);
close(err[0]);
/*
- * Clear loginmsg, since it's the child's responsibility to display
- * it to the user, otherwise multiple sessions may accumulate
- * multiple copies of the login messages.
- */
- buffer_clear(&loginmsg);
-
- /*
* Enter the interactive session. Note: server_loop must be able to
* handle the case that fdin and fdout are the same.
*/
if (compat20) {
- session_set_fds(s, inout[1], inout[1], s->is_subsystem ? -1 : err[1]);
+ session_set_fds(s, inout[1], inout[1],
+ s->is_subsystem ? -1 : err[1], 0);
+ if (s->is_subsystem)
+ close(err[1]);
} else {
server_loop(pid, inout[1], inout[1], err[1]);
/* server_loop has closed inout[1] and err[1]. */
}
-#endif /* USE_PIPES */
+#endif
+ return 0;
}
/*
@@ -546,7 +625,7 @@
* setting up file descriptors, controlling tty, updating wtmp, utmp,
* lastlog, and other such operations.
*/
-void
+int
do_exec_pty(Session *s, const char *command)
{
int fdout, ptyfd, ttyfd, ptymaster;
@@ -557,20 +636,46 @@
ptyfd = s->ptyfd;
ttyfd = s->ttyfd;
-#if defined(USE_PAM)
- if (options.use_pam) {
- do_pam_set_tty(s->tty);
- if (!use_privsep)
- do_pam_setcred(1);
+ /*
+ * Create another descriptor of the pty master side for use as the
+ * standard input. We could use the original descriptor, but this
+ * simplifies code in server_loop. The descriptor is bidirectional.
+ * Do this before forking (and cleanup in the child) so as to
+ * detect and gracefully fail out-of-fd conditions.
+ */
+ if ((fdout = dup(ptyfd)) < 0) {
+ error("%s: dup #1: %s", __func__, strerror(errno));
+ close(ttyfd);
+ close(ptyfd);
+ return -1;
}
-#endif
+ /* we keep a reference to the pty master */
+ if ((ptymaster = dup(ptyfd)) < 0) {
+ error("%s: dup #2: %s", __func__, strerror(errno));
+ close(ttyfd);
+ close(ptyfd);
+ close(fdout);
+ return -1;
+ }
/* Fork the child. */
- if ((pid = fork()) == 0) {
+ switch ((pid = fork())) {
+ case -1:
+ error("%s: fork: %.100s", __func__, strerror(errno));
+ close(fdout);
+ close(ptymaster);
+ close(ttyfd);
+ close(ptyfd);
+ return -1;
+ case 0:
is_child = 1;
+ close(fdout);
+ close(ptymaster);
+
/* Child. Reinitialize the log because the pid has changed. */
- log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ log_init(__progname, options.log_level,
+ options.log_facility, log_stderr);
/* Close the master side of the pseudo tty. */
close(ptyfd);
@@ -601,11 +706,16 @@
do_pre_login(s);
# endif
#endif
+ /*
+ * Do common processing for the child, such as execing
+ * the command.
+ */
+ do_child(s, command);
+ /* NOTREACHED */
+ default:
+ break;
+ }
- /* Do common processing for the child, such as execing the command. */
- do_child(s, command);
- /* NOTREACHED */
- }
#ifdef _UNICOS
signal(WJSIGNAL, cray_job_termination_handler);
#endif /* _UNICOS */
@@ -613,36 +723,22 @@
if (is_winnt)
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
#endif
- if (pid < 0)
- packet_disconnect("fork failed: %.100s", strerror(errno));
+
s->pid = pid;
/* Parent. Close the slave side of the pseudo tty. */
close(ttyfd);
- /*
- * Create another descriptor of the pty master side for use as the
- * standard input. We could use the original descriptor, but this
- * simplifies code in server_loop. The descriptor is bidirectional.
- */
- fdout = dup(ptyfd);
- if (fdout < 0)
- packet_disconnect("dup #1 failed: %.100s", strerror(errno));
-
- /* we keep a reference to the pty master */
- ptymaster = dup(ptyfd);
- if (ptymaster < 0)
- packet_disconnect("dup #2 failed: %.100s", strerror(errno));
+ /* Enter interactive session. */
s->ptymaster = ptymaster;
-
- /* Enter interactive session. */
packet_set_interactive(1);
if (compat20) {
- session_set_fds(s, ptyfd, fdout, -1);
+ session_set_fds(s, ptyfd, fdout, -1, 1);
} else {
server_loop(pid, ptyfd, fdout, -1);
/* server_loop _has_ closed ptyfd and fdout. */
}
+ return 0;
}
#ifdef LOGIN_NEEDS_UTMPX
@@ -677,16 +773,26 @@
* This is called to fork and execute a command. If another command is
* to be forced, execute that instead.
*/
-void
+int
do_exec(Session *s, const char *command)
{
+ int ret;
+
if (options.adm_forced_command) {
original_command = command;
command = options.adm_forced_command;
+ if (strcmp(INTERNAL_SFTP_NAME, command) == 0)
+ s->is_subsystem = SUBSYSTEM_INT_SFTP;
+ else if (s->is_subsystem)
+ s->is_subsystem = SUBSYSTEM_EXT;
debug("Forced command (config) '%.900s'", command);
} else if (forced_command) {
original_command = command;
command = forced_command;
+ if (strcmp(INTERNAL_SFTP_NAME, command) == 0)
+ s->is_subsystem = SUBSYSTEM_INT_SFTP;
+ else if (s->is_subsystem)
+ s->is_subsystem = SUBSYSTEM_EXT;
debug("Forced command (key option) '%.900s'", command);
}
@@ -701,11 +807,10 @@
PRIVSEP(audit_run_command(shell));
}
#endif
-
if (s->ttyfd != -1)
- do_exec_pty(s, command);
+ ret = do_exec_pty(s, command);
else
- do_exec_no_pty(s, command);
+ ret = do_exec_no_pty(s, command);
original_command = NULL;
@@ -715,6 +820,8 @@
* multiple copies of the login messages.
*/
buffer_clear(&loginmsg);
+
+ return ret;
}
/* administrative, login(1)-like work */
@@ -897,8 +1004,9 @@
;
if (!*cp || *cp == '#' || *cp == '\n')
continue;
- if (strchr(cp, '\n'))
- *strchr(cp, '\n') = '\0';
+
+ cp[strcspn(cp, "\n")] = '\0';
+
value = strchr(cp, '=');
if (value == NULL) {
fprintf(stderr, "Bad line %u in %.100s\n", lineno,
@@ -1203,7 +1311,7 @@
/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
if (!s->is_subsystem && options.adm_forced_command == NULL &&
- !no_user_rc && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+ !no_user_rc && stat(_PATH_SSH_USER_RC, &st) >= 0) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
if (debug_flag)
@@ -1284,10 +1392,72 @@
}
}
+/*
+ * Chroot into a directory after checking it for safety: all path components
+ * must be root-owned directories with strict permissions.
+ */
+static void
+safely_chroot(const char *path, uid_t uid)
+{
+ const char *cp;
+ char component[MAXPATHLEN];
+ struct stat st;
+
+ if (*path != '/')
+ fatal("chroot path does not begin at root");
+ if (strlen(path) >= sizeof(component))
+ fatal("chroot path too long");
+
+ /*
+ * Descend the path, checking that each component is a
+ * root-owned directory with strict permissions.
+ */
+ for (cp = path; cp != NULL;) {
+ if ((cp = strchr(cp, '/')) == NULL)
+ strlcpy(component, path, sizeof(component));
+ else {
+ cp++;
+ memcpy(component, path, cp - path);
+ component[cp - path] = '\0';
+ }
+
+ debug3("%s: checking '%s'", __func__, component);
+
+ if (stat(component, &st) != 0)
+ fatal("%s: stat(\"%s\"): %s", __func__,
+ component, strerror(errno));
+ if (st.st_uid != 0 || (st.st_mode & 022) != 0)
+ fatal("bad ownership or modes for chroot "
+ "directory %s\"%s\"",
+ cp == NULL ? "" : "component ", component);
+ if (!S_ISDIR(st.st_mode))
+ fatal("chroot path %s\"%s\" is not a directory",
+ cp == NULL ? "" : "component ", component);
+
+ }
+
+ if (chdir(path) == -1)
+ fatal("Unable to chdir to chroot path \"%s\": "
+ "%s", path, strerror(errno));
+ if (chroot(path) == -1)
+ fatal("chroot(\"%s\"): %s", path, strerror(errno));
+ if (chdir("/") == -1)
+ fatal("%s: chdir(/) after chroot: %s",
+ __func__, strerror(errno));
+ verbose("Changed root directory to \"%s\"", path);
+}
+
/* Set login name, uid, gid, and groups. */
void
do_setusercontext(struct passwd *pw)
{
+ char *chroot_path, *tmp;
+
+#ifdef WITH_SELINUX
+ /* Cache selinux status for later use */
+ (void)ssh_selinux_enabled();
+#endif
+
#ifndef HAVE_CYGWIN
if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */
@@ -1301,21 +1471,13 @@
# ifdef __bsdi__
setpgid(0, 0);
# endif
-#ifdef GSSAPI
- if (options.gss_authentication) {
- temporarily_use_uid(pw);
- ssh_gssapi_storecreds();
- restore_uid();
- }
-#endif
# ifdef USE_PAM
if (options.use_pam) {
- do_pam_session();
do_pam_setcred(use_privsep);
}
# endif /* USE_PAM */
if (setusercontext(lc, pw, pw->pw_uid,
- (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
+ (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
perror("unable to set user context");
exit(1);
}
@@ -1338,13 +1500,6 @@
exit(1);
}
endgrent();
-#ifdef GSSAPI
- if (options.gss_authentication) {
- temporarily_use_uid(pw);
- ssh_gssapi_storecreds();
- restore_uid();
- }
-#endif
# ifdef USE_PAM
/*
* PAM credentials may take the form of supplementary groups.
@@ -1352,21 +1507,39 @@
* Reestablish them here.
*/
if (options.use_pam) {
- do_pam_session();
do_pam_setcred(use_privsep);
}
# endif /* USE_PAM */
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
irix_setusercontext(pw);
-# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
+# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
# ifdef _AIX
aix_usrinfo(pw);
# endif /* _AIX */
-#ifdef USE_LIBIAF
+# ifdef USE_LIBIAF
if (set_id(pw->pw_name) != 0) {
exit(1);
}
-#endif /* USE_LIBIAF */
+# endif /* USE_LIBIAF */
+#endif
+
+ if (options.chroot_directory != NULL &&
+ strcasecmp(options.chroot_directory, "none") != 0) {
+ tmp = tilde_expand_filename(options.chroot_directory,
+ pw->pw_uid);
+ chroot_path = percent_expand(tmp, "h", pw->pw_dir,
+ "u", pw->pw_name, (char *)NULL);
+ safely_chroot(chroot_path, pw->pw_uid);
+ free(tmp);
+ free(chroot_path);
+ }
+
+#ifdef HAVE_LOGIN_CAP
+ if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
+ perror("unable to set user context (setuser)");
+ exit(1);
+ }
+#else
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif
@@ -1465,14 +1638,16 @@
* environment, closing extra file descriptors, setting the user and group
* ids, and executing the command or shell.
*/
+#define ARGV_MAX 10
void
do_child(Session *s, const char *command)
{
extern char **environ;
char **env;
- char *argv[10];
+ char *argv[ARGV_MAX];
const char *shell, *shell0, *hostname = NULL;
struct passwd *pw = s->pw;
+ int r = 0;
/* remove hostkey from the child's memory */
destroy_sensitive_data();
@@ -1588,20 +1763,42 @@
/* Change current directory to the user's home directory. */
if (chdir(pw->pw_dir) < 0) {
- fprintf(stderr, "Could not chdir to home directory %s: %s\n",
- pw->pw_dir, strerror(errno));
+ /* Suppress missing homedir warning for chroot case */
#ifdef HAVE_LOGIN_CAP
- if (login_getcapbool(lc, "requirehome", 0))
+ r = login_getcapbool(lc, "requirehome", 0);
+#endif
+ if (r || options.chroot_directory == NULL)
+ fprintf(stderr, "Could not chdir to home "
+ "directory %s: %s\n", pw->pw_dir,
+ strerror(errno));
+ if (r)
exit(1);
-#endif
}
+ closefrom(STDERR_FILENO + 1);
+
if (!options.use_login)
do_rc_files(s, shell);
/* restore SIGPIPE for child */
signal(SIGPIPE, SIG_DFL);
+ if (s->is_subsystem == SUBSYSTEM_INT_SFTP) {
+ extern int optind, optreset;
+ int i;
+ char *p, *args;
+
+ setproctitle("%s at internal-sftp-server", s->pw->pw_name);
+ args = strdup(command ? command : "sftp-server");
+ for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
+ if (i < ARGV_MAX - 1)
+ argv[i++] = p;
+ argv[i] = NULL;
+ optind = optreset = 1;
+ __progname = argv[0];
+ exit(sftp_server_main(i, argv, s->pw));
+ }
+
if (options.use_login) {
launch_login(pw, hostname);
/* NEVERREACHED */
@@ -1653,43 +1850,79 @@
exit(1);
}
+void
+session_unused(int id)
+{
+ debug3("%s: session id %d unused", __func__, id);
+ if (id >= options.max_sessions ||
+ id >= sessions_nalloc) {
+ fatal("%s: insane session id %d (max %d nalloc %d)",
+ __func__, id, options.max_sessions, sessions_nalloc);
+ }
+ bzero(&sessions[id], sizeof(*sessions));
+ sessions[id].self = id;
+ sessions[id].used = 0;
+ sessions[id].chanid = -1;
+ sessions[id].ptyfd = -1;
+ sessions[id].ttyfd = -1;
+ sessions[id].ptymaster = -1;
+ sessions[id].x11_chanids = NULL;
+ sessions[id].next_unused = sessions_first_unused;
+ sessions_first_unused = id;
+}
+
Session *
session_new(void)
{
- int i;
- static int did_init = 0;
- if (!did_init) {
- debug("session_new: init");
- for (i = 0; i < MAX_SESSIONS; i++) {
- sessions[i].used = 0;
+ Session *s, *tmp;
+
+ if (sessions_first_unused == -1) {
+ if (sessions_nalloc >= options.max_sessions)
+ return NULL;
+ debug2("%s: allocate (allocated %d max %d)",
+ __func__, sessions_nalloc, options.max_sessions);
+ tmp = xrealloc(sessions, sessions_nalloc + 1,
+ sizeof(*sessions));
+ if (tmp == NULL) {
+ error("%s: cannot allocate %d sessions",
+ __func__, sessions_nalloc + 1);
+ return NULL;
}
- did_init = 1;
+ sessions = tmp;
+ session_unused(sessions_nalloc++);
}
- for (i = 0; i < MAX_SESSIONS; i++) {
- Session *s = &sessions[i];
- if (! s->used) {
- memset(s, 0, sizeof(*s));
- s->chanid = -1;
- s->ptyfd = -1;
- s->ttyfd = -1;
- s->used = 1;
- s->self = i;
- s->x11_chanids = NULL;
- debug("session_new: session %d", i);
- return s;
- }
+
+ if (sessions_first_unused >= sessions_nalloc ||
+ sessions_first_unused < 0) {
+ fatal("%s: insane first_unused %d max %d nalloc %d",
+ __func__, sessions_first_unused, options.max_sessions,
+ sessions_nalloc);
}
- return NULL;
+
+ s = &sessions[sessions_first_unused];
+ if (s->used) {
+ fatal("%s: session %d already used",
+ __func__, sessions_first_unused);
+ }
+ sessions_first_unused = s->next_unused;
+ s->used = 1;
+ s->next_unused = -1;
+ debug("session_new: session %d", s->self);
+
+ return s;
}
static void
session_dump(void)
{
int i;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
- debug("dump: used %d session %d %p channel %d pid %ld",
+
+ debug("dump: used %d next_unused %d session %d %p "
+ "channel %d pid %ld",
s->used,
+ s->next_unused,
s->self,
s,
s->chanid,
@@ -1719,7 +1952,7 @@
session_by_tty(char *tty)
{
int i;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used && s->ttyfd != -1 && strcmp(s->tty, tty) == 0) {
debug("session_by_tty: session %d tty %s", i, tty);
@@ -1735,10 +1968,11 @@
session_by_channel(int id)
{
int i;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used && s->chanid == id) {
- debug("session_by_channel: session %d channel %d", i, id);
+ debug("session_by_channel: session %d channel %d",
+ i, id);
return s;
}
}
@@ -1752,7 +1986,7 @@
{
int i, j;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->x11_chanids == NULL || !s->used)
@@ -1775,7 +2009,7 @@
{
int i;
debug("session_by_pid: pid %ld", (long)pid);
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used && s->pid == pid)
return s;
@@ -1831,7 +2065,8 @@
/* Allocate a pty and open it. */
debug("Allocating pty.");
- if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)))) {
+ if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
+ sizeof(s->tty)))) {
if (s->term)
xfree(s->term);
s->term = NULL;
@@ -1874,15 +2109,17 @@
if (strcmp(subsys, options.subsystem_name[i]) == 0) {
prog = options.subsystem_command[i];
cmd = options.subsystem_args[i];
- if (stat(prog, &st) < 0) {
+ if (!strcmp(INTERNAL_SFTP_NAME, prog)) {
+ s->is_subsystem = SUBSYSTEM_INT_SFTP;
+ } else if (stat(prog, &st) < 0) {
error("subsystem: cannot stat %s: %s", prog,
strerror(errno));
break;
+ } else {
+ s->is_subsystem = SUBSYSTEM_EXT;
}
debug("subsystem: exec() %s", cmd);
- s->is_subsystem = 1;
- do_exec(s, cmd);
- success = 1;
+ success = do_exec(s, cmd) == 0;
break;
}
}
@@ -1925,19 +2162,19 @@
session_shell_req(Session *s)
{
packet_check_eom();
- do_exec(s, NULL);
- return 1;
+ return do_exec(s, NULL) == 0;
}
static int
session_exec_req(Session *s)
{
- u_int len;
+ u_int len, success;
+
char *command = packet_get_string(&len);
packet_check_eom();
- do_exec(s, command);
+ success = do_exec(s, command) == 0;
xfree(command);
- return 1;
+ return success;
}
static int
@@ -1947,8 +2184,7 @@
packet_get_int(); /* ignored */
packet_check_eom();
- if (s->ttyfd == -1 ||
- tcsendbreak(s->ttyfd, 0) < 0)
+ if (s->ttyfd == -1 || tcsendbreak(s->ttyfd, 0) < 0)
return 0;
return 1;
}
@@ -1993,7 +2229,7 @@
{
static int called = 0;
packet_check_eom();
- if (no_agent_forwarding_flag) {
+ if (no_agent_forwarding_flag || !options.allow_agent_forwarding) {
debug("session_auth_agent_req: no_agent_forwarding_flag");
return 0;
}
@@ -2049,7 +2285,7 @@
}
void
-session_set_fds(Session *s, int fdin, int fdout, int fderr)
+session_set_fds(Session *s, int fdin, int fdout, int fderr, int is_tty)
{
if (!compat20)
fatal("session_set_fds: called for proto != 2.0");
@@ -2062,8 +2298,7 @@
channel_set_fds(s->chanid,
fdout, fdin, fderr,
fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
- 1,
- CHAN_SES_WINDOW_DEFAULT);
+ 1, is_tty, CHAN_SES_WINDOW_DEFAULT);
}
/*
@@ -2095,8 +2330,9 @@
* the pty cleanup, so that another process doesn't get this pty
* while we're still cleaning up.
*/
- if (close(s->ptymaster) < 0)
- error("close(s->ptymaster/%d): %s", s->ptymaster, strerror(errno));
+ if (s->ptymaster != -1 && close(s->ptymaster) < 0)
+ error("close(s->ptymaster/%d): %s",
+ s->ptymaster, strerror(errno));
/* unlink pty from session */
s->ttyfd = -1;
@@ -2204,7 +2440,7 @@
channel_request_start(s->chanid, "exit-signal", 0);
packet_put_cstring(sig2name(WTERMSIG(status)));
#ifdef WCOREDUMP
- packet_put_char(WCOREDUMP(status));
+ packet_put_char(WCOREDUMP(status)? 1 : 0);
#else /* WCOREDUMP */
packet_put_char(0);
#endif /* WCOREDUMP */
@@ -2256,7 +2492,6 @@
xfree(s->auth_data);
if (s->auth_proto)
xfree(s->auth_proto);
- s->used = 0;
if (s->env != NULL) {
for (i = 0; i < s->num_env; i++) {
xfree(s->env[i].name);
@@ -2265,6 +2500,7 @@
xfree(s->env);
}
session_proctitle(s);
+ session_unused(s->self);
}
void
@@ -2328,7 +2564,7 @@
session_destroy_all(void (*closefunc)(Session *))
{
int i;
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used) {
if (closefunc != NULL)
@@ -2347,7 +2583,7 @@
char *cp;
buf[0] = '\0';
- for (i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < sessions_nalloc; i++) {
Session *s = &sessions[i];
if (s->used && s->ttyfd != -1) {
Modified: trunk/session.h
===================================================================
--- trunk/session.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/session.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.h,v 1.29 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -31,6 +31,7 @@
struct Session {
int used;
int self;
+ int next_unused;
struct passwd *pw;
Authctxt *authctxt;
pid_t pid;
@@ -65,6 +66,7 @@
void do_cleanup(Authctxt *);
int session_open(Authctxt *, int);
+void session_unused(int);
int session_input_channel_req(Channel *, const char *);
void session_close_by_pid(pid_t, int);
void session_close_by_channel(int, void *);
Modified: trunk/sftp-client.c
===================================================================
--- trunk/sftp-client.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sftp-client.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.76 2007/01/22 11:32:50 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.86 2008/06/26 06:10:09 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -24,6 +24,9 @@
#include <sys/types.h>
#include <sys/param.h>
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
#include "openbsd-compat/sys-queue.h"
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
@@ -65,6 +68,10 @@
u_int num_requests;
u_int version;
u_int msg_id;
+#define SFTP_EXT_POSIX_RENAME 0x00000001
+#define SFTP_EXT_STATVFS 0x00000002
+#define SFTP_EXT_FSTATVFS 0x00000004
+ u_int exts;
};
static void
@@ -236,10 +243,61 @@
return(a);
}
+static int
+get_decode_statvfs(int fd, struct sftp_statvfs *st, u_int expected_id,
+ int quiet)
+{
+ Buffer msg;
+ u_int type, id, flag;
+
+ buffer_init(&msg);
+ get_msg(fd, &msg);
+
+ type = buffer_get_char(&msg);
+ id = buffer_get_int(&msg);
+
+ debug3("Received statvfs reply T:%u I:%u", type, id);
+ if (id != expected_id)
+ fatal("ID mismatch (%u != %u)", id, expected_id);
+ if (type == SSH2_FXP_STATUS) {
+ int status = buffer_get_int(&msg);
+
+ if (quiet)
+ debug("Couldn't statvfs: %s", fx2txt(status));
+ else
+ error("Couldn't statvfs: %s", fx2txt(status));
+ buffer_free(&msg);
+ return -1;
+ } else if (type != SSH2_FXP_EXTENDED_REPLY) {
+ fatal("Expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u",
+ SSH2_FXP_EXTENDED_REPLY, type);
+ }
+
+ bzero(st, sizeof(*st));
+ st->f_bsize = buffer_get_int64(&msg);
+ st->f_frsize = buffer_get_int64(&msg);
+ st->f_blocks = buffer_get_int64(&msg);
+ st->f_bfree = buffer_get_int64(&msg);
+ st->f_bavail = buffer_get_int64(&msg);
+ st->f_files = buffer_get_int64(&msg);
+ st->f_ffree = buffer_get_int64(&msg);
+ st->f_favail = buffer_get_int64(&msg);
+ st->f_fsid = buffer_get_int64(&msg);
+ flag = buffer_get_int64(&msg);
+ st->f_namemax = buffer_get_int64(&msg);
+
+ st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0;
+ st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0;
+
+ buffer_free(&msg);
+
+ return 0;
+}
+
struct sftp_conn *
do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
{
- u_int type;
+ u_int type, exts = 0;
int version;
Buffer msg;
struct sftp_conn *ret;
@@ -268,8 +326,27 @@
while (buffer_len(&msg) > 0) {
char *name = buffer_get_string(&msg, NULL);
char *value = buffer_get_string(&msg, NULL);
+ int known = 0;
- debug2("Init extension: \"%s\"", name);
+ if (strcmp(name, "posix-rename at openssh.com") == 0 &&
+ strcmp(value, "1") == 0) {
+ exts |= SFTP_EXT_POSIX_RENAME;
+ known = 1;
+ } else if (strcmp(name, "statvfs at openssh.com") == 0 &&
+ strcmp(value, "2") == 0) {
+ exts |= SFTP_EXT_STATVFS;
+ known = 1;
+ } if (strcmp(name, "fstatvfs at openssh.com") == 0 &&
+ strcmp(value, "2") == 0) {
+ exts |= SFTP_EXT_FSTATVFS;
+ known = 1;
+ }
+ if (known) {
+ debug2("Server supports extension \"%s\" revision %s",
+ name, value);
+ } else {
+ debug2("Unrecognised server extension \"%s\"", name);
+ }
xfree(name);
xfree(value);
}
@@ -283,6 +360,7 @@
ret->num_requests = num_requests;
ret->version = version;
ret->msg_id = 1;
+ ret->exts = exts;
/* Some filexfer v.0 servers don't support large packets */
if (version == 0)
@@ -534,6 +612,7 @@
return(get_decode_stat(conn->fd_in, id, quiet));
}
+#ifdef notyet
Attrib *
do_fstat(struct sftp_conn *conn, char *handle, u_int handle_len, int quiet)
{
@@ -545,6 +624,7 @@
return(get_decode_stat(conn->fd_in, id, quiet));
}
+#endif
int
do_setstat(struct sftp_conn *conn, char *path, Attrib *a)
@@ -637,13 +717,20 @@
/* Send rename request */
id = conn->msg_id++;
- buffer_put_char(&msg, SSH2_FXP_RENAME);
- buffer_put_int(&msg, id);
+ if ((conn->exts & SFTP_EXT_POSIX_RENAME)) {
+ buffer_put_char(&msg, SSH2_FXP_EXTENDED);
+ buffer_put_int(&msg, id);
+ buffer_put_cstring(&msg, "posix-rename at openssh.com");
+ } else {
+ buffer_put_char(&msg, SSH2_FXP_RENAME);
+ buffer_put_int(&msg, id);
+ }
buffer_put_cstring(&msg, oldpath);
buffer_put_cstring(&msg, newpath);
send_msg(conn->fd_out, &msg);
- debug3("Sent message SSH2_FXP_RENAME \"%s\" -> \"%s\"", oldpath,
- newpath);
+ debug3("Sent message %s \"%s\" -> \"%s\"",
+ (conn->exts & SFTP_EXT_POSIX_RENAME) ? "posix-rename at openssh.com" :
+ "SSH2_FXP_RENAME", oldpath, newpath);
buffer_free(&msg);
status = get_status(conn->fd_in, id);
@@ -686,6 +773,7 @@
return(status);
}
+#ifdef notyet
char *
do_readlink(struct sftp_conn *conn, char *path)
{
@@ -732,7 +820,62 @@
return(filename);
}
+#endif
+int
+do_statvfs(struct sftp_conn *conn, const char *path, struct sftp_statvfs *st,
+ int quiet)
+{
+ Buffer msg;
+ u_int id;
+
+ if ((conn->exts & SFTP_EXT_STATVFS) == 0) {
+ error("Server does not support statvfs at openssh.com extension");
+ return -1;
+ }
+
+ id = conn->msg_id++;
+
+ buffer_init(&msg);
+ buffer_clear(&msg);
+ buffer_put_char(&msg, SSH2_FXP_EXTENDED);
+ buffer_put_int(&msg, id);
+ buffer_put_cstring(&msg, "statvfs at openssh.com");
+ buffer_put_cstring(&msg, path);
+ send_msg(conn->fd_out, &msg);
+ buffer_free(&msg);
+
+ return get_decode_statvfs(conn->fd_in, st, id, quiet);
+}
+
+#ifdef notyet
+int
+do_fstatvfs(struct sftp_conn *conn, const char *handle, u_int handle_len,
+ struct sftp_statvfs *st, int quiet)
+{
+ Buffer msg;
+ u_int id;
+
+ if ((conn->exts & SFTP_EXT_FSTATVFS) == 0) {
+ error("Server does not support fstatvfs at openssh.com extension");
+ return -1;
+ }
+
+ id = conn->msg_id++;
+
+ buffer_init(&msg);
+ buffer_clear(&msg);
+ buffer_put_char(&msg, SSH2_FXP_EXTENDED);
+ buffer_put_int(&msg, id);
+ buffer_put_cstring(&msg, "fstatvfs at openssh.com");
+ buffer_put_string(&msg, handle, handle_len);
+ send_msg(conn->fd_out, &msg);
+ buffer_free(&msg);
+
+ return get_decode_statvfs(conn->fd_in, st, id, quiet);
+}
+#endif
+
static void
send_read_request(int fd_out, u_int id, u_int64_t offset, u_int len,
char *handle, u_int handle_len)
@@ -777,7 +920,7 @@
if (a == NULL)
return(-1);
- /* XXX: should we preserve set[ug]id? */
+ /* Do not preserve set[ug]id here, as we do not preserve ownership */
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
mode = a->perm & 0777;
else
@@ -819,6 +962,7 @@
if (local_fd == -1) {
error("Couldn't open local file \"%s\" for writing: %s",
local_path, strerror(errno));
+ do_close(conn, handle, handle_len);
buffer_free(&msg);
xfree(handle);
return(-1);
@@ -992,9 +1136,10 @@
do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
int pflag)
{
- int local_fd, status;
+ int local_fd;
+ int status = SSH2_FX_OK;
u_int handle_len, id, type;
- u_int64_t offset;
+ off_t offset;
char *handle, *data;
Buffer msg;
struct stat sb;
@@ -1004,7 +1149,7 @@
struct outstanding_ack {
u_int id;
u_int len;
- u_int64_t offset;
+ off_t offset;
TAILQ_ENTRY(outstanding_ack) tq;
};
TAILQ_HEAD(ackhead, outstanding_ack) acks;
@@ -1054,7 +1199,7 @@
if (handle == NULL) {
close(local_fd);
buffer_free(&msg);
- return(-1);
+ return -1;
}
startid = ackid = id + 1;
@@ -1074,11 +1219,12 @@
* Simulate an EOF on interrupt, allowing ACKs from the
* server to drain.
*/
- if (interrupted)
+ if (interrupted || status != SSH2_FX_OK)
len = 0;
else do
len = read(local_fd, data, conn->transfer_buflen);
- while ((len == -1) && (errno == EINTR || errno == EAGAIN));
+ while ((len == -1) &&
+ (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
if (len == -1)
fatal("Couldn't read from \"%s\": %s", local_path,
@@ -1130,46 +1276,40 @@
if (ack == NULL)
fatal("Can't find request for ID %u", r_id);
TAILQ_REMOVE(&acks, ack, tq);
-
- if (status != SSH2_FX_OK) {
- error("Couldn't write to remote file \"%s\": %s",
- remote_path, fx2txt(status));
- if (showprogress)
- stop_progress_meter();
- do_close(conn, handle, handle_len);
- close(local_fd);
- xfree(data);
- xfree(ack);
- status = -1;
- goto done;
- }
- debug3("In write loop, ack for %u %u bytes at %llu",
- ack->id, ack->len, (unsigned long long)ack->offset);
+ debug3("In write loop, ack for %u %u bytes at %lld",
+ ack->id, ack->len, (long long)ack->offset);
++ackid;
xfree(ack);
}
offset += len;
+ if (offset < 0)
+ fatal("%s: offset < 0", __func__);
}
+ buffer_free(&msg);
+
if (showprogress)
stop_progress_meter();
xfree(data);
+ if (status != SSH2_FX_OK) {
+ error("Couldn't write to remote file \"%s\": %s",
+ remote_path, fx2txt(status));
+ status = -1;
+ }
+
if (close(local_fd) == -1) {
error("Couldn't close local file \"%s\": %s", local_path,
strerror(errno));
- do_close(conn, handle, handle_len);
status = -1;
- goto done;
}
/* Override umask and utimes if asked */
if (pflag)
do_fsetstat(conn, handle, handle_len, &a);
- status = do_close(conn, handle, handle_len);
+ if (do_close(conn, handle, handle_len) != SSH2_FX_OK)
+ status = -1;
+ xfree(handle);
-done:
- xfree(handle);
- buffer_free(&msg);
- return(status);
+ return status;
}
Modified: trunk/sftp-client.h
===================================================================
--- trunk/sftp-client.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sftp-client.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.h,v 1.14 2005/04/26 12:59:02 jmc Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.17 2008/06/08 20:15:29 dtucker Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
@@ -30,6 +30,24 @@
};
/*
+ * Used for statvfs responses on the wire from the server, because the
+ * server's native format may be larger than the client's.
+ */
+struct sftp_statvfs {
+ u_int64_t f_bsize;
+ u_int64_t f_frsize;
+ u_int64_t f_blocks;
+ u_int64_t f_bfree;
+ u_int64_t f_bavail;
+ u_int64_t f_files;
+ u_int64_t f_ffree;
+ u_int64_t f_favail;
+ u_int64_t f_fsid;
+ u_int64_t f_flag;
+ u_int64_t f_namemax;
+};
+
+/*
* Initialise a SSH filexfer connection. Returns NULL on error or
* a pointer to a initialized sftp_conn struct on success.
*/
@@ -61,9 +79,6 @@
/* Get file attributes of 'path' (does not follow symlinks) */
Attrib *do_lstat(struct sftp_conn *, char *, int);
-/* Get file attributes of open file 'handle' */
-Attrib *do_fstat(struct sftp_conn *, char *, u_int, int);
-
/* Set file attributes of 'path' */
int do_setstat(struct sftp_conn *, char *, Attrib *);
@@ -73,15 +88,15 @@
/* Canonicalise 'path' - caller must free result */
char *do_realpath(struct sftp_conn *, char *);
+/* Get statistics for filesystem hosting file at "path" */
+int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int);
+
/* Rename 'oldpath' to 'newpath' */
int do_rename(struct sftp_conn *, char *, char *);
/* Rename 'oldpath' to 'newpath' */
int do_symlink(struct sftp_conn *, char *, char *);
-/* Return target of symlink 'path' - caller must free result */
-char *do_readlink(struct sftp_conn *, char *);
-
/* XXX: add callbacks to do_download/do_upload so we can do progress meter */
/*
Modified: trunk/sftp-server.0
===================================================================
--- trunk/sftp-server.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sftp-server.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -31,6 +31,10 @@
are equivalent. DEBUG2 and DEBUG3 each specify higher levels of
debugging output. The default is ERROR.
+ For logging to work, sftp-server must be able to access /dev/log. Use of
+ sftp-server in a chroot configuation therefore requires that syslogd(8)
+ establish a logging socket inside the chroot directory.
+
SEE ALSO
sftp(1), ssh(1), sshd_config(5), sshd(8)
@@ -43,4 +47,4 @@
AUTHORS
Markus Friedl <markus at openbsd.org>
-OpenBSD 4.2 June 5, 2007 1
+OpenBSD 4.4 July 18, 2008 1
Modified: trunk/sftp-server.8
===================================================================
--- trunk/sftp-server.8 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sftp-server.8 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.12 2007/05/31 19:20:16 jmc Exp $
+.\" $OpenBSD: sftp-server.8,v 1.14 2008/07/18 22:51:01 jmc Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 5 2007 $
+.Dd $Mdocdate: July 18 2008 $
.Dt SFTP-SERVER 8
.Os
.Sh NAME
@@ -72,6 +72,16 @@
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
The default is ERROR.
.El
+.Pp
+For logging to work,
+.Nm
+must be able to access
+.Pa /dev/log .
+Use of
+.Nm
+in a chroot configuation therefore requires that
+.Xr syslogd 8
+establish a logging socket inside the chroot directory.
.Sh SEE ALSO
.Xr sftp 1 ,
.Xr ssh 1 ,
Modified: trunk/sftp-server.c
===================================================================
--- trunk/sftp-server.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sftp-server.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.73 2007/05/17 07:55:29 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.84 2008/06/26 06:10:09 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@@ -23,6 +23,12 @@
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
#include <dirent.h>
#include <errno.h>
@@ -98,6 +104,9 @@
case EINVAL:
ret = SSH2_FX_BAD_MESSAGE;
break;
+ case ENOSYS:
+ ret = SSH2_FX_OP_UNSUPPORTED;
+ break;
default:
ret = SSH2_FX_FAILURE;
break;
@@ -169,6 +178,7 @@
int fd;
char *name;
u_int64_t bytes_read, bytes_write;
+ int next_unused;
};
enum {
@@ -177,40 +187,46 @@
HANDLE_FILE
};
-Handle handles[100];
+Handle *handles = NULL;
+u_int num_handles = 0;
+int first_unused_handle = -1;
-static void
-handle_init(void)
+static void handle_unused(int i)
{
- u_int i;
-
- for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
- handles[i].use = HANDLE_UNUSED;
+ handles[i].use = HANDLE_UNUSED;
+ handles[i].next_unused = first_unused_handle;
+ first_unused_handle = i;
}
static int
handle_new(int use, const char *name, int fd, DIR *dirp)
{
- u_int i;
+ int i;
- for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
- if (handles[i].use == HANDLE_UNUSED) {
- handles[i].use = use;
- handles[i].dirp = dirp;
- handles[i].fd = fd;
- handles[i].name = xstrdup(name);
- handles[i].bytes_read = handles[i].bytes_write = 0;
- return i;
- }
+ if (first_unused_handle == -1) {
+ if (num_handles + 1 <= num_handles)
+ return -1;
+ num_handles++;
+ handles = xrealloc(handles, num_handles, sizeof(Handle));
+ handle_unused(num_handles - 1);
}
- return -1;
+
+ i = first_unused_handle;
+ first_unused_handle = handles[i].next_unused;
+
+ handles[i].use = use;
+ handles[i].dirp = dirp;
+ handles[i].fd = fd;
+ handles[i].name = xstrdup(name);
+ handles[i].bytes_read = handles[i].bytes_write = 0;
+
+ return i;
}
static int
handle_is_ok(int i, int type)
{
- return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) &&
- handles[i].use == type;
+ return i >= 0 && (u_int)i < num_handles && handles[i].use == type;
}
static int
@@ -300,12 +316,12 @@
if (handle_is_ok(handle, HANDLE_FILE)) {
ret = close(handles[handle].fd);
- handles[handle].use = HANDLE_UNUSED;
xfree(handles[handle].name);
+ handle_unused(handle);
} else if (handle_is_ok(handle, HANDLE_DIR)) {
ret = closedir(handles[handle].dirp);
- handles[handle].use = HANDLE_UNUSED;
xfree(handles[handle].name);
+ handle_unused(handle);
} else {
errno = ENOENT;
}
@@ -333,7 +349,7 @@
{
u_int i;
- for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
+ for (i = 0; i < num_handles; i++)
if (handles[i].use != HANDLE_UNUSED)
handle_log_close(i, "forced");
}
@@ -468,6 +484,33 @@
buffer_free(&msg);
}
+static void
+send_statvfs(u_int32_t id, struct statvfs *st)
+{
+ Buffer msg;
+ u_int64_t flag;
+
+ flag = (st->f_flag & ST_RDONLY) ? SSH2_FXE_STATVFS_ST_RDONLY : 0;
+ flag |= (st->f_flag & ST_NOSUID) ? SSH2_FXE_STATVFS_ST_NOSUID : 0;
+
+ buffer_init(&msg);
+ buffer_put_char(&msg, SSH2_FXP_EXTENDED_REPLY);
+ buffer_put_int(&msg, id);
+ buffer_put_int64(&msg, st->f_bsize);
+ buffer_put_int64(&msg, st->f_frsize);
+ buffer_put_int64(&msg, st->f_blocks);
+ buffer_put_int64(&msg, st->f_bfree);
+ buffer_put_int64(&msg, st->f_bavail);
+ buffer_put_int64(&msg, st->f_files);
+ buffer_put_int64(&msg, st->f_ffree);
+ buffer_put_int64(&msg, st->f_favail);
+ buffer_put_int64(&msg, FSID_TO_ULONG(st->f_fsid));
+ buffer_put_int64(&msg, flag);
+ buffer_put_int64(&msg, st->f_namemax);
+ send_msg(&msg);
+ buffer_free(&msg);
+}
+
/* parse incoming */
static void
@@ -480,6 +523,15 @@
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_VERSION);
buffer_put_int(&msg, SSH2_FILEXFER_VERSION);
+ /* POSIX rename extension */
+ buffer_put_cstring(&msg, "posix-rename at openssh.com");
+ buffer_put_cstring(&msg, "1"); /* version */
+ /* statvfs extension */
+ buffer_put_cstring(&msg, "statvfs at openssh.com");
+ buffer_put_cstring(&msg, "2"); /* version */
+ /* fstatvfs extension */
+ buffer_put_cstring(&msg, "fstatvfs at openssh.com");
+ buffer_put_cstring(&msg, "2"); /* version */
send_msg(&msg);
buffer_free(&msg);
}
@@ -711,7 +763,7 @@
}
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
logit("set \"%s\" mode %04o", name, a->perm);
- ret = chmod(name, a->perm & 0777);
+ ret = chmod(name, a->perm & 07777);
if (ret == -1)
status = errno_to_portable(errno);
}
@@ -765,9 +817,9 @@
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
logit("set \"%s\" mode %04o", name, a->perm);
#ifdef HAVE_FCHMOD
- ret = fchmod(fd, a->perm & 0777);
+ ret = fchmod(fd, a->perm & 07777);
#else
- ret = chmod(name, a->perm & 0777);
+ ret = chmod(name, a->perm & 07777);
#endif
if (ret == -1)
status = errno_to_portable(errno);
@@ -918,7 +970,7 @@
name = get_string(NULL);
a = get_attrib();
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
- a->perm & 0777 : 0777;
+ a->perm & 07777 : 0777;
debug3("request %u: mkdir", id);
logit("mkdir name \"%s\" mode 0%o", name, mode);
ret = mkdir(name, mode);
@@ -990,6 +1042,9 @@
/* Race-free rename of regular files */
if (link(oldpath, newpath) == -1) {
if (errno == EOPNOTSUPP
+#ifdef EXDEV
+ || errno == EXDEV
+#endif
#ifdef LINK_OPNOTSUPP_ERRNO
|| errno == LINK_OPNOTSUPP_ERRNO
#endif
@@ -1073,6 +1128,59 @@
}
static void
+process_extended_posix_rename(u_int32_t id)
+{
+ char *oldpath, *newpath;
+
+ oldpath = get_string(NULL);
+ newpath = get_string(NULL);
+ debug3("request %u: posix-rename", id);
+ logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath);
+ if (rename(oldpath, newpath) == -1)
+ send_status(id, errno_to_portable(errno));
+ else
+ send_status(id, SSH2_FX_OK);
+ xfree(oldpath);
+ xfree(newpath);
+}
+
+static void
+process_extended_statvfs(u_int32_t id)
+{
+ char *path;
+ struct statvfs st;
+
+ path = get_string(NULL);
+ debug3("request %u: statfs", id);
+ logit("statfs \"%s\"", path);
+
+ if (statvfs(path, &st) != 0)
+ send_status(id, errno_to_portable(errno));
+ else
+ send_statvfs(id, &st);
+ xfree(path);
+}
+
+static void
+process_extended_fstatvfs(u_int32_t id)
+{
+ int handle, fd;
+ struct statvfs st;
+
+ handle = get_handle();
+ debug("request %u: fstatvfs \"%s\" (handle %u)",
+ id, handle_to_name(handle), handle);
+ if ((fd = handle_to_fd(handle)) < 0) {
+ send_status(id, SSH2_FX_FAILURE);
+ return;
+ }
+ if (fstatvfs(fd, &st) != 0)
+ send_status(id, errno_to_portable(errno));
+ else
+ send_statvfs(id, &st);
+}
+
+static void
process_extended(void)
{
u_int32_t id;
@@ -1080,7 +1188,14 @@
id = get_int();
request = get_string(NULL);
- send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
+ if (strcmp(request, "posix-rename at openssh.com") == 0)
+ process_extended_posix_rename(id);
+ else if (strcmp(request, "statvfs at openssh.com") == 0)
+ process_extended_statvfs(id);
+ else if (strcmp(request, "fstatvfs at openssh.com") == 0)
+ process_extended_fstatvfs(id);
+ else
+ send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
xfree(request);
}
@@ -1103,7 +1218,7 @@
if (msg_len > SFTP_MAX_MSG_LENGTH) {
error("bad message from %s local user %s",
client_addr, pw->pw_name);
- cleanup_exit(11);
+ sftp_server_cleanup_exit(11);
}
if (buf_len < msg_len + 4)
return;
@@ -1176,18 +1291,22 @@
break;
}
/* discard the remaining bytes from the current packet */
- if (buf_len < buffer_len(&iqueue))
- fatal("iqueue grew unexpectedly");
+ if (buf_len < buffer_len(&iqueue)) {
+ error("iqueue grew unexpectedly");
+ sftp_server_cleanup_exit(255);
+ }
consumed = buf_len - buffer_len(&iqueue);
- if (msg_len < consumed)
- fatal("msg_len %d < consumed %d", msg_len, consumed);
+ if (msg_len < consumed) {
+ error("msg_len %d < consumed %d", msg_len, consumed);
+ sftp_server_cleanup_exit(255);
+ }
if (msg_len > consumed)
buffer_consume(&iqueue, msg_len - consumed);
}
/* Cleanup handler that logs active handles upon normal exit */
void
-cleanup_exit(int i)
+sftp_server_cleanup_exit(int i)
{
if (pw != NULL && client_addr != NULL) {
handle_log_exit();
@@ -1198,7 +1317,7 @@
}
static void
-usage(void)
+sftp_server_usage(void)
{
extern char *__progname;
@@ -1208,7 +1327,7 @@
}
int
-main(int argc, char **argv)
+sftp_server_main(int argc, char **argv, struct passwd *user_pw)
{
fd_set *rset, *wset;
int in, out, max, ch, skipargs = 0, log_stderr = 0;
@@ -1219,9 +1338,6 @@
extern char *optarg;
extern char *__progname;
- /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
- sanitise_stdfd();
-
__progname = ssh_get_progname(argv[0]);
log_init(__progname, log_level, log_facility, log_stderr);
@@ -1244,12 +1360,12 @@
break;
case 'f':
log_facility = log_facility_number(optarg);
- if (log_level == SYSLOG_FACILITY_NOT_SET)
+ if (log_facility == SYSLOG_FACILITY_NOT_SET)
error("Invalid log facility \"%s\"", optarg);
break;
case 'h':
default:
- usage();
+ sftp_server_usage();
}
}
@@ -1257,22 +1373,20 @@
if ((cp = getenv("SSH_CONNECTION")) != NULL) {
client_addr = xstrdup(cp);
- if ((cp = strchr(client_addr, ' ')) == NULL)
- fatal("Malformed SSH_CONNECTION variable: \"%s\"",
+ if ((cp = strchr(client_addr, ' ')) == NULL) {
+ error("Malformed SSH_CONNECTION variable: \"%s\"",
getenv("SSH_CONNECTION"));
+ sftp_server_cleanup_exit(255);
+ }
*cp = '\0';
} else
client_addr = xstrdup("UNKNOWN");
- if ((pw = getpwuid(getuid())) == NULL)
- fatal("No user found for uid %lu", (u_long)getuid());
- pw = pwcopy(pw);
+ pw = pwcopy(user_pw);
logit("session opened for local user %s from [%s]",
pw->pw_name, client_addr);
- handle_init();
-
in = dup(STDIN_FILENO);
out = dup(STDOUT_FILENO);
@@ -1315,7 +1429,7 @@
if (errno == EINTR)
continue;
error("select: %s", strerror(errno));
- cleanup_exit(2);
+ sftp_server_cleanup_exit(2);
}
/* copy stdin to iqueue */
@@ -1323,10 +1437,10 @@
len = read(in, buf, sizeof buf);
if (len == 0) {
debug("read eof");
- cleanup_exit(0);
+ sftp_server_cleanup_exit(0);
} else if (len < 0) {
error("read: %s", strerror(errno));
- cleanup_exit(1);
+ sftp_server_cleanup_exit(1);
} else {
buffer_append(&iqueue, buf, len);
}
@@ -1336,7 +1450,7 @@
len = write(out, buffer_ptr(&oqueue), olen);
if (len < 0) {
error("write: %s", strerror(errno));
- cleanup_exit(1);
+ sftp_server_cleanup_exit(1);
} else {
buffer_consume(&oqueue, len);
}
Modified: trunk/sftp.0
===================================================================
--- trunk/sftp.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sftp.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -43,8 +43,8 @@
batchfile of `-' may be used to indicate standard input. sftp
will abort if any of the following commands fail: get, put,
rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp,
- lpwd and lmkdir. Termination on error can be suppressed on a
- command by command basis by prefixing the command with a `-'
+ lpwd, df, and lmkdir. Termination on error can be suppressed on
+ a command by command basis by prefixing the command with a `-'
character (for example, -rm /tmp/blah*).
-C Enables compression (via ssh's -C flag).
@@ -117,7 +117,7 @@
-R num_requests
Specify how many requests may be outstanding at any one time.
Increasing this may slightly improve file transfer speed but will
- increase memory usage. The default is 16 outstanding requests.
+ increase memory usage. The default is 64 outstanding requests.
-S program
Name of the program to use for the encrypted connection. The
@@ -155,6 +155,14 @@
Change owner of file path to own. path may contain glob(3) char-
acters and may match multiple files. own must be a numeric UID.
+ df [-hi] [path]
+ Display usage information for the filesystem holding the current
+ directory (or path if specified). If the -h flag is specified,
+ the capacity information will be displayed using "human-readable"
+ suffixes. The -i flag requests display of inode information in
+ addition to capacity information. This command is only supported
+ on servers that implement the ``statvfs at openssh.com'' extension.
+
exit Quit sftp.
get [-P] remote-path [local-path]
@@ -263,4 +271,4 @@
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
filexfer-00.txt, January 2001, work in progress material.
-OpenBSD 4.2 June 5, 2007 4
+OpenBSD 4.4 July 15, 2008 5
Modified: trunk/sftp.1
===================================================================
--- trunk/sftp.1 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sftp.1 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.64 2007/05/31 19:20:16 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.67 2008/07/15 02:23:14 djm Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 5 2007 $
+.Dd $Mdocdate: July 15 2008 $
.Dt SFTP 1
.Os
.Sh NAME
@@ -112,7 +112,8 @@
commands fail:
.Ic get , put , rename , ln ,
.Ic rm , mkdir , chdir , ls ,
-.Ic lchdir , chmod , chown , chgrp , lpwd
+.Ic lchdir , chmod , chown ,
+.Ic chgrp , lpwd , df ,
and
.Ic lmkdir .
Termination on error can be suppressed on a command by command basis by
@@ -203,7 +204,7 @@
Specify how many requests may be outstanding at any one time.
Increasing this may slightly improve file transfer speed
but will increase memory usage.
-The default is 16 outstanding requests.
+The default is 64 outstanding requests.
.It Fl S Ar program
Name of the
.Ar program
@@ -272,6 +273,24 @@
characters and may match multiple files.
.Ar own
must be a numeric UID.
+.It Xo Ic df
+.Op Fl hi
+.Op Ar path
+.Xc
+Display usage information for the filesystem holding the current directory
+(or
+.Ar path
+if specified).
+If the
+.Fl h
+flag is specified, the capacity information will be displayed using
+"human-readable" suffixes.
+The
+.Fl i
+flag requests display of inode information in addition to capacity information.
+This command is only supported on servers that implement the
+.Dq statvfs at openssh.com
+extension.
.It Ic exit
Quit
.Nm sftp .
Modified: trunk/sftp.c
===================================================================
--- trunk/sftp.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sftp.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.96 2007/01/03 04:09:15 stevesk Exp $ */
+/* $OpenBSD: sftp.c,v 1.103 2008/07/13 22:16:03 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -25,7 +25,11 @@
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/wait.h>
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+#include <ctype.h>
#include <errno.h>
#ifdef HAVE_PATHS_H
@@ -43,6 +47,14 @@
#include <unistd.h>
#include <stdarg.h>
+#ifdef HAVE_UTIL_H
+# include <util.h>
+#endif
+
+#ifdef HAVE_LIBUTIL_H
+# include <libutil.h>
+#endif
+
#include "xmalloc.h"
#include "log.h"
#include "pathnames.h"
@@ -63,7 +75,7 @@
size_t copy_buffer_len = 32768;
/* Number of concurrent outstanding requests */
-size_t num_requests = 16;
+size_t num_requests = 64;
/* PID of ssh transport process */
static pid_t sshpid = -1;
@@ -103,6 +115,7 @@
#define I_CHGRP 2
#define I_CHMOD 3
#define I_CHOWN 4
+#define I_DF 24
#define I_GET 5
#define I_HELP 6
#define I_LCHDIR 7
@@ -135,6 +148,7 @@
{ "chgrp", I_CHGRP },
{ "chmod", I_CHMOD },
{ "chown", I_CHOWN },
+ { "df", I_DF },
{ "dir", I_LS },
{ "exit", I_QUIT },
{ "get", I_GET },
@@ -199,6 +213,8 @@
printf("chgrp grp path Change group of file 'path' to 'grp'\n");
printf("chmod mode path Change permissions of file 'path' to 'mode'\n");
printf("chown own path Change owner of file 'path' to 'own'\n");
+ printf("df [path] Display statistics for current directory or\n");
+ printf(" filesystem containing 'path'\n");
printf("help Display this help text\n");
printf("get remote-path [local-path] Download file\n");
printf("lls [ls-options [path]] Display local directory listing\n");
@@ -346,144 +362,105 @@
}
static int
-parse_getput_flags(const char **cpp, int *pflag)
+parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag)
{
- const char *cp = *cpp;
+ extern int opterr, optind, optopt, optreset;
+ int ch;
- /* Check for flags */
- if (cp[0] == '-' && cp[1] && strchr(WHITESPACE, cp[2])) {
- switch (cp[1]) {
+ optind = optreset = 1;
+ opterr = 0;
+
+ *pflag = 0;
+ while ((ch = getopt(argc, argv, "Pp")) != -1) {
+ switch (ch) {
case 'p':
case 'P':
*pflag = 1;
break;
default:
- error("Invalid flag -%c", cp[1]);
- return(-1);
+ error("%s: Invalid flag -%c", cmd, optopt);
+ return -1;
}
- cp += 2;
- *cpp = cp + strspn(cp, WHITESPACE);
}
- return(0);
+ return optind;
}
static int
-parse_ls_flags(const char **cpp, int *lflag)
+parse_ls_flags(char **argv, int argc, int *lflag)
{
- const char *cp = *cpp;
+ extern int opterr, optind, optopt, optreset;
+ int ch;
- /* Defaults */
+ optind = optreset = 1;
+ opterr = 0;
+
*lflag = LS_NAME_SORT;
-
- /* Check for flags */
- if (cp++[0] == '-') {
- for (; strchr(WHITESPACE, *cp) == NULL; cp++) {
- switch (*cp) {
- case 'l':
- *lflag &= ~VIEW_FLAGS;
- *lflag |= LS_LONG_VIEW;
- break;
- case '1':
- *lflag &= ~VIEW_FLAGS;
- *lflag |= LS_SHORT_VIEW;
- break;
- case 'n':
- *lflag &= ~VIEW_FLAGS;
- *lflag |= LS_NUMERIC_VIEW|LS_LONG_VIEW;
- break;
- case 'S':
- *lflag &= ~SORT_FLAGS;
- *lflag |= LS_SIZE_SORT;
- break;
- case 't':
- *lflag &= ~SORT_FLAGS;
- *lflag |= LS_TIME_SORT;
- break;
- case 'r':
- *lflag |= LS_REVERSE_SORT;
- break;
- case 'f':
- *lflag &= ~SORT_FLAGS;
- break;
- case 'a':
- *lflag |= LS_SHOW_ALL;
- break;
- default:
- error("Invalid flag -%c", *cp);
- return(-1);
- }
+ while ((ch = getopt(argc, argv, "1Saflnrt")) != -1) {
+ switch (ch) {
+ case '1':
+ *lflag &= ~VIEW_FLAGS;
+ *lflag |= LS_SHORT_VIEW;
+ break;
+ case 'S':
+ *lflag &= ~SORT_FLAGS;
+ *lflag |= LS_SIZE_SORT;
+ break;
+ case 'a':
+ *lflag |= LS_SHOW_ALL;
+ break;
+ case 'f':
+ *lflag &= ~SORT_FLAGS;
+ break;
+ case 'l':
+ *lflag &= ~VIEW_FLAGS;
+ *lflag |= LS_LONG_VIEW;
+ break;
+ case 'n':
+ *lflag &= ~VIEW_FLAGS;
+ *lflag |= LS_NUMERIC_VIEW|LS_LONG_VIEW;
+ break;
+ case 'r':
+ *lflag |= LS_REVERSE_SORT;
+ break;
+ case 't':
+ *lflag &= ~SORT_FLAGS;
+ *lflag |= LS_TIME_SORT;
+ break;
+ default:
+ error("ls: Invalid flag -%c", optopt);
+ return -1;
}
- *cpp = cp + strspn(cp, WHITESPACE);
}
- return(0);
+ return optind;
}
static int
-get_pathname(const char **cpp, char **path)
+parse_df_flags(const char *cmd, char **argv, int argc, int *hflag, int *iflag)
{
- const char *cp = *cpp, *end;
- char quot;
- u_int i, j;
+ extern int opterr, optind, optopt, optreset;
+ int ch;
- cp += strspn(cp, WHITESPACE);
- if (!*cp) {
- *cpp = cp;
- *path = NULL;
- return (0);
- }
+ optind = optreset = 1;
+ opterr = 0;
- *path = xmalloc(strlen(cp) + 1);
-
- /* Check for quoted filenames */
- if (*cp == '\"' || *cp == '\'') {
- quot = *cp++;
-
- /* Search for terminating quote, unescape some chars */
- for (i = j = 0; i <= strlen(cp); i++) {
- if (cp[i] == quot) { /* Found quote */
- i++;
- (*path)[j] = '\0';
- break;
- }
- if (cp[i] == '\0') { /* End of string */
- error("Unterminated quote");
- goto fail;
- }
- if (cp[i] == '\\') { /* Escaped characters */
- i++;
- if (cp[i] != '\'' && cp[i] != '\"' &&
- cp[i] != '\\') {
- error("Bad escaped character '\\%c'",
- cp[i]);
- goto fail;
- }
- }
- (*path)[j++] = cp[i];
+ *hflag = *iflag = 0;
+ while ((ch = getopt(argc, argv, "hi")) != -1) {
+ switch (ch) {
+ case 'h':
+ *hflag = 1;
+ break;
+ case 'i':
+ *iflag = 1;
+ break;
+ default:
+ error("%s: Invalid flag -%c", cmd, optopt);
+ return -1;
}
-
- if (j == 0) {
- error("Empty quotes");
- goto fail;
- }
- *cpp = cp + i + strspn(cp + i, WHITESPACE);
- } else {
- /* Read to end of filename */
- end = strpbrk(cp, WHITESPACE);
- if (end == NULL)
- end = strchr(cp, '\0');
- *cpp = end + strspn(end, WHITESPACE);
-
- memcpy(*path, cp, end - cp);
- (*path)[end - cp] = '\0';
}
- return (0);
- fail:
- xfree(*path);
- *path = NULL;
- return (-1);
+ return optind;
}
static int
@@ -499,17 +476,6 @@
}
static int
-is_reg(char *path)
-{
- struct stat sb;
-
- if (stat(path, &sb) == -1)
- fatal("stat %s: %s", path, strerror(errno));
-
- return(S_ISREG(sb.st_mode));
-}
-
-static int
remote_is_dir(struct sftp_conn *conn, char *path)
{
Attrib *a;
@@ -597,6 +563,7 @@
glob_t g;
int err = 0;
int i;
+ struct stat sb;
if (dst) {
tmp_dst = xstrdup(dst);
@@ -605,7 +572,7 @@
memset(&g, 0, sizeof(g));
debug3("Looking up %s", src);
- if (glob(src, 0, NULL, &g)) {
+ if (glob(src, GLOB_NOCHECK, NULL, &g)) {
error("File \"%s\" not found.", src);
err = -1;
goto out;
@@ -620,7 +587,13 @@
}
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
- if (!is_reg(g.gl_pathv[i])) {
+ if (stat(g.gl_pathv[i], &sb) == -1) {
+ err = -1;
+ error("stat %s: %s", g.gl_pathv[i], strerror(errno));
+ continue;
+ }
+
+ if (!S_ISREG(sb.st_mode)) {
error("skipping non-regular file %s",
g.gl_pathv[i]);
continue;
@@ -867,14 +840,238 @@
}
static int
-parse_args(const char **cpp, int *pflag, int *lflag, int *iflag,
+do_df(struct sftp_conn *conn, char *path, int hflag, int iflag)
+{
+ struct sftp_statvfs st;
+ char s_used[FMT_SCALED_STRSIZE];
+ char s_avail[FMT_SCALED_STRSIZE];
+ char s_root[FMT_SCALED_STRSIZE];
+ char s_total[FMT_SCALED_STRSIZE];
+
+ if (do_statvfs(conn, path, &st, 1) == -1)
+ return -1;
+ if (iflag) {
+ printf(" Inodes Used Avail "
+ "(root) %%Capacity\n");
+ printf("%11llu %11llu %11llu %11llu %3llu%%\n",
+ (unsigned long long)st.f_files,
+ (unsigned long long)(st.f_files - st.f_ffree),
+ (unsigned long long)st.f_favail,
+ (unsigned long long)st.f_ffree,
+ (unsigned long long)(100 * (st.f_files - st.f_ffree) /
+ st.f_files));
+ } else if (hflag) {
+ strlcpy(s_used, "error", sizeof(s_used));
+ strlcpy(s_avail, "error", sizeof(s_avail));
+ strlcpy(s_root, "error", sizeof(s_root));
+ strlcpy(s_total, "error", sizeof(s_total));
+ fmt_scaled((st.f_blocks - st.f_bfree) * st.f_frsize, s_used);
+ fmt_scaled(st.f_bavail * st.f_frsize, s_avail);
+ fmt_scaled(st.f_bfree * st.f_frsize, s_root);
+ fmt_scaled(st.f_blocks * st.f_frsize, s_total);
+ printf(" Size Used Avail (root) %%Capacity\n");
+ printf("%7sB %7sB %7sB %7sB %3llu%%\n",
+ s_total, s_used, s_avail, s_root,
+ (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
+ st.f_blocks));
+ } else {
+ printf(" Size Used Avail "
+ "(root) %%Capacity\n");
+ printf("%12llu %12llu %12llu %12llu %3llu%%\n",
+ (unsigned long long)(st.f_frsize * st.f_blocks / 1024),
+ (unsigned long long)(st.f_frsize *
+ (st.f_blocks - st.f_bfree) / 1024),
+ (unsigned long long)(st.f_frsize * st.f_bavail / 1024),
+ (unsigned long long)(st.f_frsize * st.f_bfree / 1024),
+ (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
+ st.f_blocks));
+ }
+ return 0;
+}
+
+/*
+ * Undo escaping of glob sequences in place. Used to undo extra escaping
+ * applied in makeargv() when the string is destined for a function that
+ * does not glob it.
+ */
+static void
+undo_glob_escape(char *s)
+{
+ size_t i, j;
+
+ for (i = j = 0;;) {
+ if (s[i] == '\0') {
+ s[j] = '\0';
+ return;
+ }
+ if (s[i] != '\\') {
+ s[j++] = s[i++];
+ continue;
+ }
+ /* s[i] == '\\' */
+ ++i;
+ switch (s[i]) {
+ case '?':
+ case '[':
+ case '*':
+ case '\\':
+ s[j++] = s[i++];
+ break;
+ case '\0':
+ s[j++] = '\\';
+ s[j] = '\0';
+ return;
+ default:
+ s[j++] = '\\';
+ s[j++] = s[i++];
+ break;
+ }
+ }
+}
+
+/*
+ * Split a string into an argument vector using sh(1)-style quoting,
+ * comment and escaping rules, but with some tweaks to handle glob(3)
+ * wildcards.
+ * Returns NULL on error or a NULL-terminated array of arguments.
+ */
+#define MAXARGS 128
+#define MAXARGLEN 8192
+static char **
+makeargv(const char *arg, int *argcp)
+{
+ int argc, quot;
+ size_t i, j;
+ static char argvs[MAXARGLEN];
+ static char *argv[MAXARGS + 1];
+ enum { MA_START, MA_SQUOTE, MA_DQUOTE, MA_UNQUOTED } state, q;
+
+ *argcp = argc = 0;
+ if (strlen(arg) > sizeof(argvs) - 1) {
+ args_too_longs:
+ error("string too long");
+ return NULL;
+ }
+ state = MA_START;
+ i = j = 0;
+ for (;;) {
+ if (isspace(arg[i])) {
+ if (state == MA_UNQUOTED) {
+ /* Terminate current argument */
+ argvs[j++] = '\0';
+ argc++;
+ state = MA_START;
+ } else if (state != MA_START)
+ argvs[j++] = arg[i];
+ } else if (arg[i] == '"' || arg[i] == '\'') {
+ q = arg[i] == '"' ? MA_DQUOTE : MA_SQUOTE;
+ if (state == MA_START) {
+ argv[argc] = argvs + j;
+ state = q;
+ } else if (state == MA_UNQUOTED)
+ state = q;
+ else if (state == q)
+ state = MA_UNQUOTED;
+ else
+ argvs[j++] = arg[i];
+ } else if (arg[i] == '\\') {
+ if (state == MA_SQUOTE || state == MA_DQUOTE) {
+ quot = state == MA_SQUOTE ? '\'' : '"';
+ /* Unescape quote we are in */
+ /* XXX support \n and friends? */
+ if (arg[i + 1] == quot) {
+ i++;
+ argvs[j++] = arg[i];
+ } else if (arg[i + 1] == '?' ||
+ arg[i + 1] == '[' || arg[i + 1] == '*') {
+ /*
+ * Special case for sftp: append
+ * double-escaped glob sequence -
+ * glob will undo one level of
+ * escaping. NB. string can grow here.
+ */
+ if (j >= sizeof(argvs) - 5)
+ goto args_too_longs;
+ argvs[j++] = '\\';
+ argvs[j++] = arg[i++];
+ argvs[j++] = '\\';
+ argvs[j++] = arg[i];
+ } else {
+ argvs[j++] = arg[i++];
+ argvs[j++] = arg[i];
+ }
+ } else {
+ if (state == MA_START) {
+ argv[argc] = argvs + j;
+ state = MA_UNQUOTED;
+ }
+ if (arg[i + 1] == '?' || arg[i + 1] == '[' ||
+ arg[i + 1] == '*' || arg[i + 1] == '\\') {
+ /*
+ * Special case for sftp: append
+ * escaped glob sequence -
+ * glob will undo one level of
+ * escaping.
+ */
+ argvs[j++] = arg[i++];
+ argvs[j++] = arg[i];
+ } else {
+ /* Unescape everything */
+ /* XXX support \n and friends? */
+ i++;
+ argvs[j++] = arg[i];
+ }
+ }
+ } else if (arg[i] == '#') {
+ if (state == MA_SQUOTE || state == MA_DQUOTE)
+ argvs[j++] = arg[i];
+ else
+ goto string_done;
+ } else if (arg[i] == '\0') {
+ if (state == MA_SQUOTE || state == MA_DQUOTE) {
+ error("Unterminated quoted argument");
+ return NULL;
+ }
+ string_done:
+ if (state == MA_UNQUOTED) {
+ argvs[j++] = '\0';
+ argc++;
+ }
+ break;
+ } else {
+ if (state == MA_START) {
+ argv[argc] = argvs + j;
+ state = MA_UNQUOTED;
+ }
+ if ((state == MA_SQUOTE || state == MA_DQUOTE) &&
+ (arg[i] == '?' || arg[i] == '[' || arg[i] == '*')) {
+ /*
+ * Special case for sftp: escape quoted
+ * glob(3) wildcards. NB. string can grow
+ * here.
+ */
+ if (j >= sizeof(argvs) - 3)
+ goto args_too_longs;
+ argvs[j++] = '\\';
+ argvs[j++] = arg[i];
+ } else
+ argvs[j++] = arg[i];
+ }
+ i++;
+ }
+ *argcp = argc;
+ return argv;
+}
+
+static int
+parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, int *hflag,
unsigned long *n_arg, char **path1, char **path2)
{
const char *cmd, *cp = *cpp;
- char *cp2;
+ char *cp2, **argv;
int base = 0;
long l;
- int i, cmdnum;
+ int i, cmdnum, optidx, argc;
/* Skip leading whitespace */
cp = cp + strspn(cp, WHITESPACE);
@@ -890,17 +1087,13 @@
cp++;
}
+ if ((argv = makeargv(cp, &argc)) == NULL)
+ return -1;
+
/* Figure out which command we have */
- for (i = 0; cmds[i].c; i++) {
- int cmdlen = strlen(cmds[i].c);
-
- /* Check for command followed by whitespace */
- if (!strncasecmp(cp, cmds[i].c, cmdlen) &&
- strchr(WHITESPACE, cp[cmdlen])) {
- cp += cmdlen;
- cp = cp + strspn(cp, WHITESPACE);
+ for (i = 0; cmds[i].c != NULL; i++) {
+ if (strcasecmp(cmds[i].c, argv[0]) == 0)
break;
- }
}
cmdnum = cmds[i].n;
cmd = cmds[i].c;
@@ -911,40 +1104,44 @@
cmdnum = I_SHELL;
} else if (cmdnum == -1) {
error("Invalid command.");
- return (-1);
+ return -1;
}
/* Get arguments and parse flags */
- *lflag = *pflag = *n_arg = 0;
+ *lflag = *pflag = *hflag = *n_arg = 0;
*path1 = *path2 = NULL;
+ optidx = 1;
switch (cmdnum) {
case I_GET:
case I_PUT:
- if (parse_getput_flags(&cp, pflag))
- return(-1);
+ if ((optidx = parse_getput_flags(cmd, argv, argc, pflag)) == -1)
+ return -1;
/* Get first pathname (mandatory) */
- if (get_pathname(&cp, path1))
- return(-1);
- if (*path1 == NULL) {
+ if (argc - optidx < 1) {
error("You must specify at least one path after a "
"%s command.", cmd);
- return(-1);
+ return -1;
}
- /* Try to get second pathname (optional) */
- if (get_pathname(&cp, path2))
- return(-1);
+ *path1 = xstrdup(argv[optidx]);
+ /* Get second pathname (optional) */
+ if (argc - optidx > 1) {
+ *path2 = xstrdup(argv[optidx + 1]);
+ /* Destination is not globbed */
+ undo_glob_escape(*path2);
+ }
break;
case I_RENAME:
case I_SYMLINK:
- if (get_pathname(&cp, path1))
- return(-1);
- if (get_pathname(&cp, path2))
- return(-1);
- if (!*path1 || !*path2) {
+ if (argc - optidx < 2) {
error("You must specify two paths after a %s "
"command.", cmd);
- return(-1);
+ return -1;
}
+ *path1 = xstrdup(argv[optidx]);
+ *path2 = xstrdup(argv[optidx + 1]);
+ /* Paths are not globbed */
+ undo_glob_escape(*path1);
+ undo_glob_escape(*path2);
break;
case I_RM:
case I_MKDIR:
@@ -953,59 +1150,69 @@
case I_LCHDIR:
case I_LMKDIR:
/* Get pathname (mandatory) */
- if (get_pathname(&cp, path1))
- return(-1);
- if (*path1 == NULL) {
+ if (argc - optidx < 1) {
error("You must specify a path after a %s command.",
cmd);
- return(-1);
+ return -1;
}
+ *path1 = xstrdup(argv[optidx]);
+ /* Only "rm" globs */
+ if (cmdnum != I_RM)
+ undo_glob_escape(*path1);
break;
+ case I_DF:
+ if ((optidx = parse_df_flags(cmd, argv, argc, hflag,
+ iflag)) == -1)
+ return -1;
+ /* Default to current directory if no path specified */
+ if (argc - optidx < 1)
+ *path1 = NULL;
+ else {
+ *path1 = xstrdup(argv[optidx]);
+ undo_glob_escape(*path1);
+ }
+ break;
case I_LS:
- if (parse_ls_flags(&cp, lflag))
+ if ((optidx = parse_ls_flags(argv, argc, lflag)) == -1)
return(-1);
/* Path is optional */
- if (get_pathname(&cp, path1))
- return(-1);
+ if (argc - optidx > 0)
+ *path1 = xstrdup(argv[optidx]);
break;
case I_LLS:
+ /* Skip ls command and following whitespace */
+ cp = cp + strlen(cmd) + strspn(cp, WHITESPACE);
case I_SHELL:
/* Uses the rest of the line */
break;
case I_LUMASK:
- base = 8;
case I_CHMOD:
base = 8;
case I_CHOWN:
case I_CHGRP:
/* Get numeric arg (mandatory) */
+ if (argc - optidx < 1)
+ goto need_num_arg;
errno = 0;
- l = strtol(cp, &cp2, base);
- if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) &&
- errno == ERANGE) || l < 0) {
+ l = strtol(argv[optidx], &cp2, base);
+ if (cp2 == argv[optidx] || *cp2 != '\0' ||
+ ((l == LONG_MIN || l == LONG_MAX) && errno == ERANGE) ||
+ l < 0) {
+ need_num_arg:
error("You must supply a numeric argument "
"to the %s command.", cmd);
- return(-1);
+ return -1;
}
- cp = cp2;
*n_arg = l;
- if (cmdnum == I_LUMASK && strchr(WHITESPACE, *cp))
+ if (cmdnum == I_LUMASK)
break;
- if (cmdnum == I_LUMASK || !strchr(WHITESPACE, *cp)) {
- error("You must supply a numeric argument "
- "to the %s command.", cmd);
- return(-1);
- }
- cp += strspn(cp, WHITESPACE);
-
/* Get pathname (mandatory) */
- if (get_pathname(&cp, path1))
- return(-1);
- if (*path1 == NULL) {
+ if (argc - optidx < 2) {
error("You must specify a path after a %s command.",
cmd);
- return(-1);
+ return -1;
}
+ *path1 = xstrdup(argv[optidx + 1]);
break;
case I_QUIT:
case I_PWD:
@@ -1027,7 +1234,7 @@
int err_abort)
{
char *path1, *path2, *tmp;
- int pflag, lflag, iflag, cmdnum, i;
+ int pflag, lflag, iflag, hflag, cmdnum, i;
unsigned long n_arg;
Attrib a, *aa;
char path_buf[MAXPATHLEN];
@@ -1035,7 +1242,7 @@
glob_t g;
path1 = path2 = NULL;
- cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &n_arg,
+ cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &hflag, &n_arg,
&path1, &path2);
if (iflag != 0)
@@ -1129,6 +1336,13 @@
path1 = make_absolute(path1, *pwd);
err = do_globbed_ls(conn, path1, tmp, lflag);
break;
+ case I_DF:
+ /* Default to current directory if no path specified */
+ if (path1 == NULL)
+ path1 = xstrdup(*pwd);
+ path1 = make_absolute(path1, *pwd);
+ err = do_df(conn, path1, hflag, iflag);
+ break;
case I_LCHDIR:
if (chdir(path1) == -1) {
error("Couldn't change local directory to "
Modified: trunk/sftp.h
===================================================================
--- trunk/sftp.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sftp.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.h,v 1.5 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: sftp.h,v 1.9 2008/06/13 00:12:02 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -79,6 +79,10 @@
#define SSH2_FXF_TRUNC 0x00000010
#define SSH2_FXF_EXCL 0x00000020
+/* statvfs at openssh.com f_flag flags */
+#define SSH2_FXE_STATVFS_ST_RDONLY 0x00000001
+#define SSH2_FXE_STATVFS_ST_NOSUID 0x00000002
+
/* status messages */
#define SSH2_FX_OK 0
#define SSH2_FX_EOF 1
@@ -90,3 +94,8 @@
#define SSH2_FX_CONNECTION_LOST 7
#define SSH2_FX_OP_UNSUPPORTED 8
#define SSH2_FX_MAX 8
+
+struct passwd;
+
+int sftp_server_main(int, char **, struct passwd *);
+void sftp_server_cleanup_exit(int) __attribute__((noreturn));
Modified: trunk/ssh-add.0
===================================================================
--- trunk/ssh-add.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-add.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -103,4 +103,4 @@
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.2 June 12, 2007 2
+OpenBSD 4.4 June 12, 2007 2
Modified: trunk/ssh-add.1
===================================================================
--- trunk/ssh-add.1 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-add.1 2009-06-23 21:31:15 UTC (rev 57)
@@ -75,6 +75,10 @@
.Nm
to work.
.Pp
+Any keys recorded in the blacklist of known-compromised keys (see
+.Xr ssh-vulnkey 1 )
+will be refused.
+.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl c
@@ -174,6 +178,7 @@
.Xr ssh 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
+.Xr ssh-vulnkey 1 ,
.Xr sshd 8
.Sh AUTHORS
OpenSSH is a derivative of the original and free
Modified: trunk/ssh-add.c
===================================================================
--- trunk/ssh-add.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-add.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.89 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.90 2007/09/09 11:38:01 sobrado Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -42,6 +42,7 @@
#include <sys/param.h>
#include <openssl/evp.h>
+#include "openbsd-compat/openssl-compat.h"
#include <fcntl.h>
#include <pwd.h>
@@ -138,7 +139,7 @@
add_file(AuthenticationConnection *ac, const char *filename)
{
Key *private;
- char *comment = NULL;
+ char *comment = NULL, *fp;
char msg[1024];
int fd, perms_ok, ret = -1;
@@ -183,6 +184,14 @@
"Bad passphrase, try again for %.200s: ", comment);
}
}
+ if (blacklisted_key(private, &fp) == 1) {
+ fprintf(stderr, "Public key %s blacklisted (see "
+ "ssh-vulnkey(1)); refusing to add it\n", fp);
+ xfree(fp);
+ key_free(private);
+ xfree(comment);
+ return -1;
+ }
if (ssh_add_identity_constrained(ac, private, comment, lifetime,
confirm)) {
@@ -309,7 +318,7 @@
static void
usage(void)
{
- fprintf(stderr, "Usage: %s [options] [file ...]\n", __progname);
+ fprintf(stderr, "usage: %s [options] [file ...]\n", __progname);
fprintf(stderr, "Options:\n");
fprintf(stderr, " -l List fingerprints of all identities.\n");
fprintf(stderr, " -L List public key parameters of all identities.\n");
Modified: trunk/ssh-agent.0
===================================================================
--- trunk/ssh-agent.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-agent.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -4,7 +4,7 @@
ssh-agent - authentication agent
SYNOPSIS
- ssh-agent [-a bind_address] [-c | -s] [-t life] [-d] [command [args ...]]
+ ssh-agent [-c | -s] [-d] [-a bind_address] [-t life] [command [arg ...]]
ssh-agent [-c | -s] -k
DESCRIPTION
@@ -24,12 +24,15 @@
-c Generate C-shell commands on stdout. This is the default if
SHELL looks like it's a csh style of shell.
- -s Generate Bourne shell commands on stdout. This is the default if
- SHELL does not look like it's a csh style of shell.
+ -d Debug mode. When this option is specified ssh-agent will not
+ fork.
-k Kill the current agent (given by the SSH_AGENT_PID environment
variable).
+ -s Generate Bourne shell commands on stdout. This is the default if
+ SHELL does not look like it's a csh style of shell.
+
-t life
Set a default value for the maximum lifetime of identities added
to the agent. The lifetime may be specified in seconds or in a
@@ -37,9 +40,6 @@
for an identity with ssh-add(1) overrides this value. Without
this option the default maximum lifetime is forever.
- -d Debug mode. When this option is specified ssh-agent will not
- fork.
-
If a commandline is given, this is executed as a subprocess of the agent.
When the command dies, so does the agent.
@@ -114,4 +114,4 @@
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.2 June 5, 2007 2
+OpenBSD 4.4 June 5, 2007 2
Modified: trunk/ssh-agent.1
===================================================================
--- trunk/ssh-agent.1 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-agent.1 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.45 2007/05/31 19:20:16 jmc Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.46 2007/09/09 11:38:01 sobrado Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -42,11 +42,11 @@
.Nd authentication agent
.Sh SYNOPSIS
.Nm ssh-agent
+.Op Fl c Li | Fl s
+.Op Fl d
.Op Fl a Ar bind_address
-.Op Fl c Li | Fl s
.Op Fl t Ar life
-.Op Fl d
-.Op Ar command Op Ar args ...
+.Op Ar command Op Ar arg ...
.Nm ssh-agent
.Op Fl c Li | Fl s
.Fl k
@@ -77,16 +77,21 @@
This is the default if
.Ev SHELL
looks like it's a csh style of shell.
+.It Fl d
+Debug mode.
+When this option is specified
+.Nm
+will not fork.
+.It Fl k
+Kill the current agent (given by the
+.Ev SSH_AGENT_PID
+environment variable).
.It Fl s
Generate Bourne shell commands on
.Dv stdout .
This is the default if
.Ev SHELL
does not look like it's a csh style of shell.
-.It Fl k
-Kill the current agent (given by the
-.Ev SSH_AGENT_PID
-environment variable).
.It Fl t Ar life
Set a default value for the maximum lifetime of identities added to the agent.
The lifetime may be specified in seconds or in a time format specified in
@@ -95,11 +100,6 @@
.Xr ssh-add 1
overrides this value.
Without this option the default maximum lifetime is forever.
-.It Fl d
-Debug mode.
-When this option is specified
-.Nm
-will not fork.
.El
.Pp
If a commandline is given, this is executed as a subprocess of the agent.
Modified: trunk/ssh-agent.c
===================================================================
--- trunk/ssh-agent.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-agent.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.155 2007/03/19 12:16:42 dtucker Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.159 2008/06/28 14:05:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -51,6 +51,7 @@
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include "openbsd-compat/openssl-compat.h"
#include <errno.h>
#include <fcntl.h>
@@ -311,6 +312,7 @@
u_char *blob, *data, *signature = NULL;
u_int blen, dlen, slen = 0;
extern int datafellows;
+ int odatafellows;
int ok = -1, flags;
Buffer msg;
Key *key;
@@ -321,6 +323,7 @@
data = buffer_get_string(&e->request, &dlen);
flags = buffer_get_int(&e->request);
+ odatafellows = datafellows;
if (flags & SSH_AGENT_OLD_SIGNATURE)
datafellows = SSH_BUG_SIGBLOB;
@@ -346,6 +349,7 @@
xfree(blob);
if (signature != NULL)
xfree(signature);
+ datafellows = odatafellows;
}
/* shared */
@@ -457,6 +461,7 @@
process_add_identity(SocketEntry *e, int version)
{
Idtab *tab = idtab_lookup(version);
+ Identity *id;
int type, success = 0, death = 0, confirm = 0;
char *type_name, *comment;
Key *k = NULL;
@@ -524,9 +529,8 @@
xfree(comment);
goto send;
}
- success = 1;
while (buffer_len(&e->request)) {
- switch (buffer_get_char(&e->request)) {
+ switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
break;
@@ -534,24 +538,29 @@
confirm = 1;
break;
default:
- break;
+ error("process_add_identity: "
+ "Unknown constraint type %d", type);
+ xfree(comment);
+ key_free(k);
+ goto send;
}
}
+ success = 1;
if (lifetime && !death)
death = time(NULL) + lifetime;
- if (lookup_identity(k, version) == NULL) {
- Identity *id = xmalloc(sizeof(Identity));
+ if ((id = lookup_identity(k, version)) == NULL) {
+ id = xmalloc(sizeof(Identity));
id->key = k;
- id->comment = comment;
- id->death = death;
- id->confirm = confirm;
TAILQ_INSERT_TAIL(&tab->idlist, id, next);
/* Increment the number of identities. */
tab->nentries++;
} else {
key_free(k);
- xfree(comment);
+ xfree(id->comment);
}
+ id->comment = comment;
+ id->death = death;
+ id->confirm = confirm;
send:
buffer_put_int(&e->output, 1);
buffer_put_char(&e->output,
@@ -602,10 +611,10 @@
#ifdef SMARTCARD
static void
-process_add_smartcard_key (SocketEntry *e)
+process_add_smartcard_key(SocketEntry *e)
{
char *sc_reader_id = NULL, *pin;
- int i, version, success = 0, death = 0, confirm = 0;
+ int i, type, version, success = 0, death = 0, confirm = 0;
Key **keys, *k;
Identity *id;
Idtab *tab;
@@ -614,7 +623,7 @@
pin = buffer_get_string(&e->request, NULL);
while (buffer_len(&e->request)) {
- switch (buffer_get_char(&e->request)) {
+ switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
break;
@@ -622,7 +631,11 @@
confirm = 1;
break;
default:
- break;
+ error("process_add_smartcard_key: "
+ "Unknown constraint type %d", type);
+ xfree(sc_reader_id);
+ xfree(pin);
+ goto send;
}
}
if (lifetime && !death)
@@ -948,7 +961,8 @@
buffer_ptr(&sockets[i].output),
buffer_len(&sockets[i].output));
if (len == -1 && (errno == EAGAIN ||
- errno == EINTR))
+ errno == EINTR ||
+ errno == EWOULDBLOCK))
continue;
break;
} while (1);
@@ -962,7 +976,8 @@
do {
len = read(sockets[i].fd, buf, sizeof(buf));
if (len == -1 && (errno == EAGAIN ||
- errno == EINTR))
+ errno == EINTR ||
+ errno == EWOULDBLOCK))
continue;
break;
} while (1);
@@ -1016,7 +1031,7 @@
static void
usage(void)
{
- fprintf(stderr, "Usage: %s [options] [command [args ...]]\n",
+ fprintf(stderr, "usage: %s [options] [command [arg ...]]\n",
__progname);
fprintf(stderr, "Options:\n");
fprintf(stderr, " -c Generate C-shell commands on stdout.\n");
Modified: trunk/ssh-keygen.0
===================================================================
--- trunk/ssh-keygen.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-keygen.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -130,7 +130,9 @@
-l Show fingerprint of specified public key file. Private RSA1 keys
are also supported. For RSA and DSA keys ssh-keygen tries to
- find the matching public key file and prints its fingerprint.
+ find the matching public key file and prints its fingerprint. If
+ combined with -v, an ASCII art representation of the key is sup-
+ plied with the fingerprint.
-M memory
Specify the amount of memory to use (in megabytes) when generat-
@@ -284,4 +286,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.2 June 5, 2007 5
+OpenBSD 4.4 June 12, 2008 5
Modified: trunk/ssh-keygen.1
===================================================================
--- trunk/ssh-keygen.1 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-keygen.1 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.75 2007/05/31 19:20:16 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.78 2008/06/12 19:10:09 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -37,7 +37,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 5 2007 $
+.Dd $Mdocdate: June 12 2008 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -262,6 +262,9 @@
For RSA and DSA keys
.Nm
tries to find the matching public key file and prints its fingerprint.
+If combined with
+.Fl v ,
+an ASCII art representation of the key is supplied with the fingerprint.
.It Fl M Ar memory
Specify the amount of memory to use (in megabytes) when generating
candidate moduli for DH-GEX.
@@ -447,6 +450,7 @@
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
+.Xr ssh-vulnkey 1 ,
.Xr moduli 5 ,
.Xr sshd 8
.Rs
Modified: trunk/ssh-keygen.c
===================================================================
--- trunk/ssh-keygen.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-keygen.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.160 2007/01/21 01:41:54 stevesk Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.171 2008/07/13 21:22:52 sthen Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -21,6 +21,7 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
+#include "openbsd-compat/openssl-compat.h"
#include <errno.h>
#include <fcntl.h>
@@ -71,6 +72,8 @@
int quiet = 0;
+int log_level = SYSLOG_LEVEL_INFO;
+
/* Flag indicating that we want to hash a known_hosts file */
int hash_hosts = 0;
/* Flag indicating that we want lookup a host in known_hosts file */
@@ -141,8 +144,7 @@
fprintf(stderr, "%s (%s): ", prompt, identity_file);
if (fgets(buf, sizeof(buf), stdin) == NULL)
exit(1);
- if (strchr(buf, '\n'))
- *strchr(buf, '\n') = 0;
+ buf[strcspn(buf, "\n")] = '\0';
if (strcmp(buf, "") != 0)
strlcpy(identity_file, buf, sizeof(identity_file));
have_identity = 1;
@@ -504,8 +506,8 @@
{
FILE *f;
Key *public;
- char *comment = NULL, *cp, *ep, line[16*1024], *fp;
- int i, skip = 0, num = 1, invalid = 1;
+ char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra;
+ int i, skip = 0, num = 0, invalid = 1;
enum fp_rep rep;
enum fp_type fptype;
struct stat st;
@@ -522,9 +524,14 @@
public = key_load_public(identity_file, &comment);
if (public != NULL) {
fp = key_fingerprint(public, fptype, rep);
- printf("%u %s %s\n", key_size(public), fp, comment);
+ ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART);
+ printf("%u %s %s (%s)\n", key_size(public), fp, comment,
+ key_type(public));
+ if (log_level >= SYSLOG_LEVEL_VERBOSE)
+ printf("%s\n", ra);
key_free(public);
xfree(comment);
+ xfree(ra);
xfree(fp);
exit(0);
}
@@ -536,9 +543,9 @@
f = fopen(identity_file, "r");
if (f != NULL) {
while (fgets(line, sizeof(line), f)) {
- i = strlen(line) - 1;
- if (line[i] != '\n') {
- error("line %d too long: %.40s...", num, line);
+ if ((cp = strchr(line, '\n')) == NULL) {
+ error("line %d too long: %.40s...",
+ num + 1, line);
skip = 1;
continue;
}
@@ -547,7 +554,7 @@
skip = 0;
continue;
}
- line[i] = '\0';
+ *cp = '\0';
/* Skip leading whitespace, empty and comment lines. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -582,8 +589,12 @@
}
comment = *cp ? cp : comment;
fp = key_fingerprint(public, fptype, rep);
- printf("%u %s %s\n", key_size(public), fp,
- comment ? comment : "no comment");
+ ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART);
+ printf("%u %s %s (%s)\n", key_size(public), fp,
+ comment ? comment : "no comment", key_type(public));
+ if (log_level >= SYSLOG_LEVEL_VERBOSE)
+ printf("%s\n", ra);
+ xfree(ra);
xfree(fp);
key_free(public);
invalid = 0;
@@ -598,14 +609,31 @@
}
static void
-print_host(FILE *f, char *name, Key *public, int hash)
+print_host(FILE *f, const char *name, Key *public, int hash)
{
- if (hash && (name = host_hash(name, NULL, 0)) == NULL)
- fatal("hash_host failed");
- fprintf(f, "%s ", name);
- if (!key_write(public, f))
- fatal("key_write failed");
- fprintf(f, "\n");
+ if (print_fingerprint) {
+ enum fp_rep rep;
+ enum fp_type fptype;
+ char *fp, *ra;
+
+ fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
+ rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
+ fp = key_fingerprint(public, fptype, rep);
+ ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART);
+ printf("%u %s %s (%s)\n", key_size(public), fp, name,
+ key_type(public));
+ if (log_level >= SYSLOG_LEVEL_VERBOSE)
+ printf("%s\n", ra);
+ xfree(ra);
+ xfree(fp);
+ } else {
+ if (hash && (name = host_hash(name, NULL, 0)) == NULL)
+ fatal("hash_host failed");
+ fprintf(f, "%s ", name);
+ if (!key_write(public, f))
+ fatal("key_write failed");
+ fprintf(f, "\n");
+ }
}
static void
@@ -615,7 +643,7 @@
Key *public;
char *cp, *cp2, *kp, *kp2;
char line[16*1024], tmp[MAXPATHLEN], old[MAXPATHLEN];
- int c, i, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
+ int c, skip = 0, inplace = 0, num = 0, invalid = 0, has_unhashed = 0;
if (!have_identity) {
cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@@ -650,19 +678,18 @@
}
while (fgets(line, sizeof(line), in)) {
- num++;
- i = strlen(line) - 1;
- if (line[i] != '\n') {
- error("line %d too long: %.40s...", num, line);
+ if ((cp = strchr(line, '\n')) == NULL) {
+ error("line %d too long: %.40s...", num + 1, line);
skip = 1;
invalid = 1;
continue;
}
+ num++;
if (skip) {
skip = 0;
continue;
}
- line[i] = '\0';
+ *cp = '\0';
/* Skip leading whitespace, empty and comment lines. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -726,7 +753,8 @@
printf("# Host %s found: "
"line %d type %s\n", name,
num, key_type(public));
- print_host(out, cp, public, hash_hosts);
+ print_host(out, name, public,
+ hash_hosts);
}
if (delete_host && !c)
print_host(out, cp, public, 0);
@@ -750,7 +778,7 @@
fclose(in);
if (invalid) {
- fprintf(stderr, "%s is not a valid known_host file.\n",
+ fprintf(stderr, "%s is not a valid known_hosts file.\n",
identity_file);
if (inplace) {
fprintf(stderr, "Not replacing existing known_hosts "
@@ -962,8 +990,7 @@
key_free(private);
exit(1);
}
- if (strchr(new_comment, '\n'))
- *strchr(new_comment, '\n') = 0;
+ new_comment[strcspn(new_comment, "\n")] = '\0';
}
/* Save the file using the new passphrase. */
@@ -1006,7 +1033,7 @@
static void
usage(void)
{
- fprintf(stderr, "Usage: %s [options]\n", __progname);
+ fprintf(stderr, "usage: %s [options]\n", __progname);
fprintf(stderr, "Options:\n");
fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n");
fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
@@ -1059,7 +1086,6 @@
int opt, type, fd, download = 0;
u_int32_t memory = 0, generator_wanted = 0, trials = 100;
int do_gen_candidates = 0, do_screen_candidates = 0;
- int log_level = SYSLOG_LEVEL_INFO;
BIGNUM *start = NULL;
FILE *f;
const char *errstr;
@@ -1232,6 +1258,10 @@
printf("Can only have one of -p and -c.\n");
usage();
}
+ if (print_fingerprint && (delete_host || hash_hosts)) {
+ printf("Cannot use -l with -D or -R.\n");
+ usage();
+ }
if (delete_host || hash_hosts || find_host)
do_known_hosts(pw, rr_hostname);
if (print_fingerprint || print_bubblebabble)
@@ -1436,10 +1466,15 @@
if (!quiet) {
char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
+ char *ra = key_fingerprint(public, SSH_FP_MD5,
+ SSH_FP_RANDOMART);
printf("Your public key has been saved in %s.\n",
identity_file);
printf("The key fingerprint is:\n");
printf("%s %s\n", fp, comment);
+ printf("The key's randomart image is:\n");
+ printf("%s\n", ra);
+ xfree(ra);
xfree(fp);
}
Modified: trunk/ssh-keyscan.0
===================================================================
--- trunk/ssh-keyscan.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-keyscan.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -50,7 +50,7 @@
The possible values are ``rsa1'' for protocol version 1 and
``rsa'' or ``dsa'' for protocol version 2. Multiple values may
be specified by separating them with commas. The default is
- ``rsa1''.
+ ``rsa''.
-v Verbose mode. Causes ssh-keyscan to print debugging messages
about its progress.
@@ -104,4 +104,4 @@
This is because it opens a connection to the ssh port, reads the public
key, and drops the connection as soon as it gets the key.
-OpenBSD 4.2 June 5, 2007 2
+OpenBSD 4.4 April 30, 2008 2
Modified: trunk/ssh-keyscan.1
===================================================================
--- trunk/ssh-keyscan.1 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-keyscan.1 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.23 2007/05/31 19:20:16 jmc Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.24 2008/04/30 10:14:03 djm Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
.\"
@@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
-.Dd $Mdocdate: June 5 2007 $
+.Dd $Mdocdate: April 30 2008 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@@ -94,7 +94,7 @@
for protocol version 2.
Multiple values may be specified by separating them with commas.
The default is
-.Dq rsa1 .
+.Dq rsa .
.It Fl v
Verbose mode.
Causes
Modified: trunk/ssh-keyscan.c
===================================================================
--- trunk/ssh-keyscan.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-keyscan.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.74 2006/10/06 02:29:19 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.76 2008/04/30 10:14:03 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
*
@@ -56,7 +56,7 @@
#define KT_DSA 2
#define KT_RSA 4
-int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */
+int get_keytypes = KT_RSA; /* Get only RSA keys by default */
int hash_hosts = 0; /* Hash hostname on output */
@@ -358,7 +358,7 @@
{
int j;
- packet_set_connection(c->c_fd, c->c_fd, timeout);
+ packet_set_connection(c->c_fd, c->c_fd);
enable_compat20();
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
"ssh-dss": "ssh-rsa";
@@ -410,7 +410,7 @@
hints.ai_family = IPv4or6;
hints.ai_socktype = SOCK_STREAM;
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
- fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
+ fatal("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
for (ai = aitop; ai; ai = ai->ai_next) {
s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (s < 0) {
@@ -656,7 +656,7 @@
memcpy(e, read_wait, read_wait_nfdset * sizeof(fd_mask));
while (select(maxfd, r, NULL, e, &seltime) == -1 &&
- (errno == EAGAIN || errno == EINTR))
+ (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
;
for (i = 0; i < maxfd; i++) {
Modified: trunk/ssh-keysign.0
===================================================================
--- trunk/ssh-keysign.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-keysign.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -39,4 +39,4 @@
AUTHORS
Markus Friedl <markus at openbsd.org>
-OpenBSD 4.2 June 5, 2007 1
+OpenBSD 4.4 May 31, 2007 1
Modified: trunk/ssh-keysign.8
===================================================================
--- trunk/ssh-keysign.8 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-keysign.8 2009-06-23 21:31:15 UTC (rev 57)
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 5 2007 $
+.Dd $Mdocdate: May 31 2007 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
Modified: trunk/ssh-rand-helper.0
===================================================================
--- trunk/ssh-rand-helper.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-rand-helper.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -48,4 +48,4 @@
SEE ALSO
ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
-OpenBSD 4.2 April 14, 2002 1
+OpenBSD 4.4 April 14, 2002 1
Modified: trunk/ssh-vulnkey.c
===================================================================
--- trunk/ssh-vulnkey.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh-vulnkey.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -64,6 +64,10 @@
static int verbosity = 0;
+static int some_keys = 0;
+static int some_unknown = 0;
+static int some_compromised = 0;
+
static void
usage(void)
{
@@ -101,17 +105,21 @@
int blacklist_status;
int ret = 1;
+ some_keys = 1;
+
public = key_demote(key);
if (public->type == KEY_RSA1)
public->type = KEY_RSA;
blacklist_status = blacklisted_key(public, NULL);
- if (blacklist_status == -1)
+ if (blacklist_status == -1) {
describe_key(filename, linenum,
"Unknown (blacklist file not installed)", key, comment, 0);
- else if (blacklist_status == 1) {
+ some_unknown = 1;
+ } else if (blacklist_status == 1) {
describe_key(filename, linenum,
"COMPROMISED", key, comment, 0);
+ some_compromised = 1;
ret = 0;
} else
describe_key(filename, linenum,
@@ -356,5 +364,25 @@
ret = 0;
}
+ if (verbosity >= 0) {
+ if (some_unknown) {
+ printf("#\n");
+ printf("# The status of some keys on your system is unknown.\n");
+ printf("# You may need to install additional blacklist files.\n");
+ }
+ if (some_compromised) {
+ printf("#\n");
+ printf("# Some keys on your system have been compromised!\n");
+ printf("# You must replace them using ssh-keygen(1).\n");
+ }
+ if (some_unknown || some_compromised) {
+ printf("#\n");
+ printf("# See the ssh-vulnkey(1) manual page for further advice.\n");
+ } else if (some_keys && verbosity > 0) {
+ printf("#\n");
+ printf("# No blacklisted keys!\n");
+ }
+ }
+
return ret;
}
Modified: trunk/ssh.0
===================================================================
--- trunk/ssh.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -130,6 +130,11 @@
The recommended way to start X11 programs at a remote site is
with something like ssh -f host xterm.
+ If the ExitOnForwardFailure configuration option is set to
+ ``yes'', then a client started with -f will wait for all remote
+ port forwards to be successfully established before placing it-
+ self in the background.
+
-g Allows remote hosts to connect to local forwarded ports.
-I smartcard_device
@@ -274,13 +279,14 @@
User
UserKnownHostsFile
VerifyHostKeyDNS
+ VisualHostKey
XAuthLocation
-p port
Port to connect to on the remote host. This can be specified on
a per-host basis in the configuration file.
- -q Quiet mode. Causes all warning and diagnostic messages to be
+ -q Quiet mode. Causes most warning and diagnostic messages to be
suppressed.
-R [bind_address:]port:host:hostport
@@ -571,13 +577,28 @@
$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
- If the fingerprint is already known, it can be matched and verified, and
- the key can be accepted. If the fingerprint is unknown, an alternative
- method of verification is available: SSH fingerprints verified by DNS.
- An additional resource record (RR), SSHFP, is added to a zonefile and the
- connecting client is able to match the fingerprint with that of the key
- presented.
+ If the fingerprint is already known, it can be matched and the key can be
+ accepted or rejected. Because of the difficulty of comparing host keys
+ just by looking at hex strings, there is also support to compare host
+ keys visually, using random art. By setting the VisualHostKey option to
+ ``yes'', a small ASCII graphic gets displayed on every login to a server,
+ no matter if the session itself is interactive or not. By learning the
+ pattern a known server produces, a user can easily find out that the host
+ key has changed when a completely different pattern is displayed. Be-
+ cause these patterns are not unambiguous however, a pattern that looks
+ similar to the pattern remembered only gives a good probability that the
+ host key is the same, not guaranteed proof.
+ To get a listing of the fingerprints along with their random art for all
+ known hosts, the following command line can be used:
+
+ $ ssh-keygen -lv -f ~/.ssh/known_hosts
+
+ If the fingerprint is unknown, an alternative method of verification is
+ available: SSH fingerprints verified by DNS. An additional resource
+ record (RR), SSHFP, is added to a zonefile and the connecting client is
+ able to match the fingerprint with that of the key presented.
+
In this example, we are connecting a client to a server,
``host.example.com''. The SSHFP resource records should first be added
to the zonefile for host.example.com:
@@ -714,6 +735,13 @@
host-based authentication without permitting login with
rlogin/rsh.
+ ~/.ssh/
+ This directory is the default location for all user-specific con-
+ figuration and authentication information. There is no general
+ requirement to keep the entire contents of this directory secret,
+ but the recommended permissions are read/write/execute for the
+ user, and not accessible by others.
+
~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in
as this user. The format of this file is described in the
@@ -825,6 +853,10 @@
The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006.
+ A. Perrig and D. Song, Hash Visualization: a New Technique to improve
+ Real-World Security, 1999, International Workshop on Cryptographic
+ Techniques and E-Commerce (CrypTEC '99).
+
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
@@ -832,4 +864,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.2 June 12, 2007 13
+OpenBSD 4.4 July 2, 2008 14
Modified: trunk/ssh.1
===================================================================
--- trunk/ssh.1 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh.1 2009-06-23 21:31:15 UTC (rev 57)
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.270 2007/06/12 13:43:55 jmc Exp $
-.Dd $Mdocdate: June 12 2007 $
+.\" $OpenBSD: ssh.1,v 1.277 2008/07/02 13:47:39 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
.Dt SSH 1
.Os
.Sh NAME
@@ -290,6 +290,15 @@
The recommended way to start X11 programs at a remote site is with
something like
.Ic ssh -f host xterm .
+.Pp
+If the
+.Cm ExitOnForwardFailure
+configuration option is set to
+.Dq yes ,
+then a client started with
+.Fl f
+will wait for all remote port forwards to be successfully established
+before placing itself in the background.
.It Fl g
Allows remote hosts to connect to local forwarded ports.
.It Fl I Ar smartcard_device
@@ -498,6 +507,7 @@
.It User
.It UserKnownHostsFile
.It VerifyHostKeyDNS
+.It VisualHostKey
.It XAuthLocation
.El
.It Fl p Ar port
@@ -506,7 +516,7 @@
per-host basis in the configuration file.
.It Fl q
Quiet mode.
-Causes all warning and diagnostic messages to be suppressed.
+Causes most warning and diagnostic messages to be suppressed.
Only fatal errors are displayed.
If a second
.Fl q
@@ -1035,9 +1045,31 @@
.Pp
.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
.Pp
-If the fingerprint is already known,
-it can be matched and verified,
-and the key can be accepted.
+If the fingerprint is already known, it can be matched
+and the key can be accepted or rejected.
+Because of the difficulty of comparing host keys
+just by looking at hex strings,
+there is also support to compare host keys visually,
+using
+.Em random art .
+By setting the
+.Cm VisualHostKey
+option to
+.Dq yes ,
+a small ASCII graphic gets displayed on every login to a server, no matter
+if the session itself is interactive or not.
+By learning the pattern a known server produces, a user can easily
+find out that the host key has changed when a completely different pattern
+is displayed.
+Because these patterns are not unambiguous however, a pattern that looks
+similar to the pattern remembered only gives a good probability that the
+host key is the same, not guaranteed proof.
+.Pp
+To get a listing of the fingerprints along with their random art for
+all known hosts, the following command line can be used:
+.Pp
+.Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts
+.Pp
If the fingerprint is unknown,
an alternative method of verification is available:
SSH fingerprints verified by DNS.
@@ -1253,6 +1285,13 @@
but allows host-based authentication without permitting login with
rlogin/rsh.
.Pp
+.It ~/.ssh/
+This directory is the default location for all user-specific configuration
+and authentication information.
+There is no general requirement to keep the entire contents of this directory
+secret, but the recommended permissions are read/write/execute for the user,
+and not accessible by others.
+.Pp
.It ~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described in the
@@ -1372,6 +1411,7 @@
.Xr ssh-argv0 1 ,
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
+.Xr ssh-vulnkey 1 ,
.Xr tun 4 ,
.Xr hosts.equiv 5 ,
.Xr ssh_config 5 ,
@@ -1437,6 +1477,13 @@
.%T "The Secure Shell (SSH) Public Key File Format"
.%D 2006
.Re
+.Rs
+.%T "Hash Visualization: a New Technique to improve Real-World Security"
+.%A A. Perrig
+.%A D. Song
+.%D 1999
+.%O "International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)"
+.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
Modified: trunk/ssh.c
===================================================================
--- trunk/ssh.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.301 2007/08/07 07:32:53 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.318 2008/07/02 13:47:39 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -49,7 +49,6 @@
#include <sys/resource.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
-#include <sys/un.h>
#include <ctype.h>
#include <errno.h>
@@ -72,6 +71,8 @@
#include <openssl/evp.h>
#include <openssl/err.h>
+#include "openbsd-compat/openssl-compat.h"
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
@@ -97,7 +98,6 @@
#include "sshpty.h"
#include "match.h"
#include "msg.h"
-#include "monitor_fdpass.h"
#include "uidswap.h"
#include "version.h"
@@ -107,7 +107,7 @@
extern char *__progname;
-/* Flag indicating whether debug mode is on. This can be set on the command line. */
+/* Flag indicating whether debug mode is on. May be set on the command line. */
int debug_flag = 0;
/* Flag indicating whether a tty should be allocated */
@@ -164,21 +164,15 @@
int subsystem_flag = 0;
/* # of replies received for global requests */
-static int client_global_request_id = 0;
+static int remote_forward_confirms_received = 0;
/* pid of proxycommand child process */
pid_t proxy_command_pid = 0;
-/* fd to control socket */
-int control_fd = -1;
+/* mux.c */
+extern int muxserver_sock;
+extern u_int muxclient_command;
-/* Multiplexing control command */
-static u_int mux_command = 0;
-
-/* Only used in control client mode */
-volatile sig_atomic_t control_client_terminate = 0;
-u_int control_server_pid = 0;
-
/* Prints a help message to the user. This function never returns. */
static void
@@ -198,8 +192,11 @@
static int ssh_session(void);
static int ssh_session2(void);
static void load_public_identity_files(void);
-static void control_client(const char *path);
+/* from muxclient.c */
+void muxclient(const char *);
+void muxserver_listen(void);
+
/*
* Main program for the ssh client.
*/
@@ -210,7 +207,7 @@
char *p, *cp, *line, buf[256];
struct stat st;
struct passwd *pw;
- int dummy;
+ int dummy, timeout_ms;
extern int optind, optreset;
extern char *optarg;
struct servent *sp;
@@ -264,15 +261,18 @@
*/
umask(022);
- /* Initialize option structure to indicate that no values have been set. */
+ /*
+ * Initialize option structure to indicate that no values have been
+ * set.
+ */
initialize_options(&options);
/* Parse command-line arguments. */
host = NULL;
again:
- while ((opt = getopt(ac, av,
- "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+ "ACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
switch (opt) {
case '1':
options.protocol = SSH_PROTO_1;
@@ -308,9 +308,9 @@
break;
case 'O':
if (strcmp(optarg, "check") == 0)
- mux_command = SSHMUX_COMMAND_ALIVE_CHECK;
+ muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK;
else if (strcmp(optarg, "exit") == 0)
- mux_command = SSHMUX_COMMAND_TERMINATE;
+ muxclient_command = SSHMUX_COMMAND_TERMINATE;
else
fatal("Invalid multiplex command.");
break;
@@ -377,7 +377,8 @@
options.tun_open = SSH_TUNMODE_DEFAULT;
options.tun_local = a2tun(optarg, &options.tun_remote);
if (options.tun_local == SSH_TUNID_ERR) {
- fprintf(stderr, "Bad tun device '%s'\n", optarg);
+ fprintf(stderr,
+ "Bad tun device '%s'\n", optarg);
exit(255);
}
break;
@@ -485,7 +486,8 @@
}
if (cp != NULL) {
fwd.listen_port = a2port(cp);
- fwd.listen_host = cleanhostname(fwd.listen_host);
+ fwd.listen_host =
+ cleanhostname(fwd.listen_host);
} else {
fwd.listen_port = a2port(fwd.listen_host);
fwd.listen_host = NULL;
@@ -591,8 +593,10 @@
}
/* Cannot fork to background if no command. */
- if (fork_after_authentication_flag && buffer_len(&command) == 0 && !no_shell_flag)
- fatal("Cannot fork into background without a command to execute.");
+ if (fork_after_authentication_flag && buffer_len(&command) == 0 &&
+ !no_shell_flag)
+ fatal("Cannot fork into background without a command "
+ "to execute.");
/* Allocate a tty by default if no command specified. */
if (buffer_len(&command) == 0)
@@ -604,7 +608,8 @@
/* Do not allocate a tty if stdin is not a tty. */
if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) {
if (tty_flag && options.log_level > SYSLOG_LEVEL_QUIET)
- logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
+ logit("Pseudo-terminal will not be allocated because "
+ "stdin is not a terminal.");
tty_flag = 0;
}
@@ -612,7 +617,8 @@
* Initialize "log" output. Since we are the client all output
* actually goes to stderr.
*/
- log_init(av[0], options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
+ log_init(av[0],
+ options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
SYSLOG_FACILITY_USER, 1);
/*
@@ -646,6 +652,28 @@
if (options.user == NULL)
options.user = xstrdup(pw->pw_name);
+ /* Get default port if port has not been set. */
+ if (options.port == 0) {
+ sp = getservbyname(SSH_SERVICE_NAME, "tcp");
+ options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
+ }
+
+ if (options.local_command != NULL) {
+ char thishost[NI_MAXHOST];
+
+ if (gethostname(thishost, sizeof(thishost)) == -1)
+ fatal("gethostname: %s", strerror(errno));
+ snprintf(buf, sizeof(buf), "%d", options.port);
+ debug3("expanding LocalCommand: %s", options.local_command);
+ cp = options.local_command;
+ options.local_command = percent_expand(cp, "d", pw->pw_dir,
+ "h", options.hostname? options.hostname : host,
+ "l", thishost, "n", host, "r", options.user, "p", buf,
+ "u", pw->pw_name, (char *)NULL);
+ debug3("expanded LocalCommand: %s", options.local_command);
+ xfree(cp);
+ }
+
if (options.hostname != NULL)
host = options.hostname;
@@ -656,18 +684,16 @@
*p = (char)tolower(*p);
}
- /* Get default port if port has not been set. */
- if (options.port == 0) {
- sp = getservbyname(SSH_SERVICE_NAME, "tcp");
- options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
- }
-
if (options.proxy_command != NULL &&
- strcmp(options.proxy_command, "none") == 0)
+ strcmp(options.proxy_command, "none") == 0) {
+ xfree(options.proxy_command);
options.proxy_command = NULL;
+ }
if (options.control_path != NULL &&
- strcmp(options.control_path, "none") == 0)
+ strcmp(options.control_path, "none") == 0) {
+ xfree(options.control_path);
options.control_path = NULL;
+ }
if (options.control_path != NULL) {
char thishost[NI_MAXHOST];
@@ -677,18 +703,22 @@
snprintf(buf, sizeof(buf), "%d", options.port);
cp = tilde_expand_filename(options.control_path,
original_real_uid);
+ xfree(options.control_path);
options.control_path = percent_expand(cp, "p", buf, "h", host,
"r", options.user, "l", thishost, (char *)NULL);
xfree(cp);
}
- if (mux_command != 0 && options.control_path == NULL)
+ if (muxclient_command != 0 && options.control_path == NULL)
fatal("No ControlPath specified for \"-O\" command");
if (options.control_path != NULL)
- control_client(options.control_path);
+ muxclient(options.control_path);
+ timeout_ms = options.connection_timeout * 1000;
+
/* Open a connection to the remote host. */
if (ssh_connect(host, &hostaddr, options.port,
- options.address_family, options.connection_attempts,
+ options.address_family, options.connection_attempts, &timeout_ms,
+ options.tcp_keep_alive,
#ifdef HAVE_CYGWIN
options.use_privileged_port,
#else
@@ -697,6 +727,9 @@
options.proxy_command) != 0)
exit(255);
+ if (timeout_ms > 0)
+ debug3("timeout: %d ms remain after connect", timeout_ms);
+
/*
* If we successfully made the connection, load the host private key
* in case we will need it later for combined rsa-rhosts
@@ -750,7 +783,8 @@
* Now that we are back to our own permissions, create ~/.ssh
* directory if it doesn't already exist.
*/
- snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
+ snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir,
+ strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
if (stat(buf, &st) < 0)
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
@@ -771,8 +805,9 @@
signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
- /* Log into the remote system. This never returns if the login fails. */
- ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, pw);
+ /* Log into the remote system. Never returns if the login fails. */
+ ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,
+ pw, timeout_ms);
/* We no longer need the private host keys. Clear them now. */
if (sensitive_data.nkeys != 0) {
@@ -800,7 +835,7 @@
exit_status = compat20 ? ssh_session2() : ssh_session();
packet_close();
- if (options.control_path != NULL && control_fd != -1)
+ if (options.control_path != NULL && muxserver_sock != -1)
unlink(options.control_path);
/*
@@ -813,7 +848,35 @@
return exit_status;
}
+/* Callback for remote forward global requests */
static void
+ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
+{
+ Forward *rfwd = (Forward *)ctxt;
+
+ debug("remote forward %s for: listen %d, connect %s:%d",
+ type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
+ rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
+ if (type == SSH2_MSG_REQUEST_FAILURE) {
+ if (options.exit_on_forward_failure)
+ fatal("Error: remote port forwarding failed for "
+ "listen port %d", rfwd->listen_port);
+ else
+ logit("Warning: remote port forwarding failed for "
+ "listen port %d", rfwd->listen_port);
+ }
+ if (++remote_forward_confirms_received == options.num_remote_forwards) {
+ debug("All remote forwarding requests processed");
+ if (fork_after_authentication_flag) {
+ fork_after_authentication_flag = 0;
+ if (daemon(1, 1) < 0)
+ fatal("daemon() failed: %.200s",
+ strerror(errno));
+ }
+ }
+}
+
+static void
ssh_init_forwarding(void)
{
int success = 0;
@@ -861,6 +924,8 @@
logit("Warning: Could not request remote "
"forwarding.");
}
+ client_register_global_confirm(ssh_confirm_remote_forward,
+ &options.remote_forwards[i]);
}
/* Initiate tunnel forwarding. */
@@ -897,10 +962,13 @@
/* Enable compression if requested. */
if (options.compression) {
- debug("Requesting compression at level %d.", options.compression_level);
+ debug("Requesting compression at level %d.",
+ options.compression_level);
- if (options.compression_level < 1 || options.compression_level > 9)
- fatal("Compression level must be from 1 (fast) to 9 (slow, best).");
+ if (options.compression_level < 1 ||
+ options.compression_level > 9)
+ fatal("Compression level must be from 1 (fast) to "
+ "9 (slow, best).");
/* Send the request. */
packet_start(SSH_CMSG_REQUEST_COMPRESSION);
@@ -913,7 +981,8 @@
else if (type == SSH_SMSG_FAILURE)
logit("Warning: Remote host refused compression.");
else
- packet_disconnect("Protocol error waiting for compression response.");
+ packet_disconnect("Protocol error waiting for "
+ "compression response.");
}
/* Allocate a pseudo tty if appropriate. */
if (tty_flag) {
@@ -950,9 +1019,11 @@
interactive = 1;
have_tty = 1;
} else if (type == SSH_SMSG_FAILURE)
- logit("Warning: Remote host failed or refused to allocate a pseudo tty.");
+ logit("Warning: Remote host failed or refused to "
+ "allocate a pseudo tty.");
else
- packet_disconnect("Protocol error waiting for pty request response.");
+ packet_disconnect("Protocol error waiting for pty "
+ "request response.");
}
/* Request X11 forwarding if enabled and DISPLAY is set. */
display = getenv("DISPLAY");
@@ -962,7 +1033,8 @@
client_x11_get_proto(display, options.xauth_location,
options.forward_x11_trusted, &proto, &data);
/* Request forwarding with authentication spoofing. */
- debug("Requesting X11 forwarding with authentication spoofing.");
+ debug("Requesting X11 forwarding with authentication "
+ "spoofing.");
x11_request_forwarding_with_spoofing(0, display, proto, data);
/* Read response from the server. */
@@ -972,7 +1044,8 @@
} else if (type == SSH_SMSG_FAILURE) {
logit("Warning: Remote host denied X11 forwarding.");
} else {
- packet_disconnect("Protocol error waiting for X11 forwarding");
+ packet_disconnect("Protocol error waiting for X11 "
+ "forwarding");
}
}
/* Tell the packet module whether this is an interactive session. */
@@ -995,10 +1068,22 @@
/* Initiate port forwardings. */
ssh_init_forwarding();
- /* If requested, let ssh continue in the background. */
- if (fork_after_authentication_flag)
+ /* Execute a local command */
+ if (options.local_command != NULL &&
+ options.permit_local_command)
+ ssh_local_cmd(options.local_command);
+
+ /*
+ * If requested and we are not interested in replies to remote
+ * forwarding requests, then let ssh continue in the background.
+ */
+ if (fork_after_authentication_flag &&
+ (!options.exit_on_forward_failure ||
+ options.num_remote_forwards == 0)) {
+ fork_after_authentication_flag = 0;
if (daemon(1, 1) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
+ }
/*
* If a command was specified on the command line, execute the
@@ -1008,7 +1093,8 @@
int len = buffer_len(&command);
if (len > 900)
len = 900;
- debug("Sending command: %.*s", len, (u_char *)buffer_ptr(&command));
+ debug("Sending command: %.*s", len,
+ (u_char *)buffer_ptr(&command));
packet_start(SSH_CMSG_EXEC_CMD);
packet_put_string(buffer_ptr(&command), buffer_len(&command));
packet_send();
@@ -1025,88 +1111,6 @@
options.escape_char : SSH_ESCAPECHAR_NONE, 0);
}
-static void
-ssh_subsystem_reply(int type, u_int32_t seq, void *ctxt)
-{
- int id, len;
-
- id = packet_get_int();
- len = buffer_len(&command);
- if (len > 900)
- len = 900;
- packet_check_eom();
- if (type == SSH2_MSG_CHANNEL_FAILURE)
- fatal("Request for subsystem '%.*s' failed on channel %d",
- len, (u_char *)buffer_ptr(&command), id);
-}
-
-void
-client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt)
-{
- int i;
-
- i = client_global_request_id++;
- if (i >= options.num_remote_forwards)
- return;
- debug("remote forward %s for: listen %d, connect %s:%d",
- type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
- options.remote_forwards[i].listen_port,
- options.remote_forwards[i].connect_host,
- options.remote_forwards[i].connect_port);
- if (type == SSH2_MSG_REQUEST_FAILURE) {
- if (options.exit_on_forward_failure)
- fatal("Error: remote port forwarding failed for "
- "listen port %d",
- options.remote_forwards[i].listen_port);
- else
- logit("Warning: remote port forwarding failed for "
- "listen port %d",
- options.remote_forwards[i].listen_port);
- }
-}
-
-static void
-ssh_control_listener(void)
-{
- struct sockaddr_un addr;
- mode_t old_umask;
- int addr_len;
-
- if (options.control_path == NULL ||
- options.control_master == SSHCTL_MASTER_NO)
- return;
-
- debug("setting up multiplex master socket");
-
- memset(&addr, '\0', sizeof(addr));
- addr.sun_family = AF_UNIX;
- addr_len = offsetof(struct sockaddr_un, sun_path) +
- strlen(options.control_path) + 1;
-
- if (strlcpy(addr.sun_path, options.control_path,
- sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
- fatal("ControlPath too long");
-
- if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
- fatal("%s socket(): %s", __func__, strerror(errno));
-
- old_umask = umask(0177);
- if (bind(control_fd, (struct sockaddr *)&addr, addr_len) == -1) {
- control_fd = -1;
- if (errno == EINVAL || errno == EADDRINUSE)
- fatal("ControlSocket %s already exists",
- options.control_path);
- else
- fatal("%s bind(): %s", __func__, strerror(errno));
- }
- umask(old_umask);
-
- if (listen(control_fd, 64) == -1)
- fatal("%s listen(): %s", __func__, strerror(errno));
-
- set_nonblock(control_fd);
-}
-
/* request pty/x11/agent/tcpfwd/shell for channel */
static void
ssh_session2_setup(int id, void *arg)
@@ -1122,7 +1126,8 @@
client_x11_get_proto(display, options.xauth_location,
options.forward_x11_trusted, &proto, &data);
/* Request forwarding with authentication spoofing. */
- debug("Requesting X11 forwarding with authentication spoofing.");
+ debug("Requesting X11 forwarding with authentication "
+ "spoofing.");
x11_request_forwarding_with_spoofing(id, display, proto, data);
interactive = 1;
/* XXX wait for reply */
@@ -1136,7 +1141,7 @@
}
client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
- NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply);
+ NULL, fileno(stdin), &command, environ);
packet_set_interactive(interactive);
}
@@ -1182,7 +1187,8 @@
channel_send_open(c->self);
if (!no_shell_flag)
- channel_register_confirm(c->self, ssh_session2_setup, NULL);
+ channel_register_open_confirm(c->self,
+ ssh_session2_setup, NULL);
return c->self;
}
@@ -1198,18 +1204,30 @@
if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
id = ssh_session2_open();
+ /* If we don't expect to open a new session, then disallow it */
+ if (options.control_master == SSHCTL_MASTER_NO &&
+ (datafellows & SSH_NEW_OPENSSH)) {
+ debug("Requesting no-more-sessions at openssh.com");
+ packet_start(SSH2_MSG_GLOBAL_REQUEST);
+ packet_put_cstring("no-more-sessions at openssh.com");
+ packet_put_char(0);
+ packet_send();
+ }
+
/* Execute a local command */
if (options.local_command != NULL &&
options.permit_local_command)
ssh_local_cmd(options.local_command);
/* Start listening for multiplex clients */
- ssh_control_listener();
+ muxserver_listen();
/* If requested, let ssh continue in the background. */
- if (fork_after_authentication_flag)
+ if (fork_after_authentication_flag) {
+ fork_after_authentication_flag = 0;
if (daemon(1, 1) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
+ }
return client_loop(tty_flag, tty_flag ?
options.escape_char : SSH_ESCAPECHAR_NONE, id);
@@ -1218,7 +1236,8 @@
static void
load_public_identity_files(void)
{
- char *filename, *cp, thishost[NI_MAXHOST];
+ char *filename, *cp, thishost[NI_MAXHOST], *fp;
+ char *pwdir = NULL, *pwname = NULL;
int i = 0;
Key *public;
struct passwd *pw;
@@ -1231,9 +1250,11 @@
int count = 0;
for (i = 0; keys[i] != NULL; i++) {
count++;
- memmove(&options.identity_files[1], &options.identity_files[0],
+ memmove(&options.identity_files[1],
+ &options.identity_files[0],
sizeof(char *) * (SSH_MAX_IDENTITY_FILES - 1));
- memmove(&options.identity_keys[1], &options.identity_keys[0],
+ memmove(&options.identity_keys[1],
+ &options.identity_keys[0],
sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
options.num_identity_files++;
options.identity_keys[0] = keys[i];
@@ -1247,248 +1268,43 @@
#endif /* SMARTCARD */
if ((pw = getpwuid(original_real_uid)) == NULL)
fatal("load_public_identity_files: getpwuid failed");
+ pwname = xstrdup(pw->pw_name);
+ pwdir = xstrdup(pw->pw_dir);
if (gethostname(thishost, sizeof(thishost)) == -1)
fatal("load_public_identity_files: gethostname: %s",
strerror(errno));
for (; i < options.num_identity_files; i++) {
cp = tilde_expand_filename(options.identity_files[i],
original_real_uid);
- filename = percent_expand(cp, "d", pw->pw_dir,
- "u", pw->pw_name, "l", thishost, "h", host,
+ filename = percent_expand(cp, "d", pwdir,
+ "u", pwname, "l", thishost, "h", host,
"r", options.user, (char *)NULL);
xfree(cp);
public = key_load_public(filename, NULL);
debug("identity file %s type %d", filename,
public ? public->type : -1);
+ if (public && blacklisted_key(public, &fp) == 1) {
+ if (options.use_blacklisted_keys)
+ logit("Public key %s blacklisted (see "
+ "ssh-vulnkey(1)); continuing anyway", fp);
+ else
+ logit("Public key %s blacklisted (see "
+ "ssh-vulnkey(1)); refusing to send it",
+ fp);
+ xfree(fp);
+ if (!options.use_blacklisted_keys) {
+ key_free(public);
+ xfree(filename);
+ filename = NULL;
+ public = NULL;
+ }
+ }
xfree(options.identity_files[i]);
options.identity_files[i] = filename;
options.identity_keys[i] = public;
}
+ bzero(pwname, strlen(pwname));
+ xfree(pwname);
+ bzero(pwdir, strlen(pwdir));
+ xfree(pwdir);
}
-
-static void
-control_client_sighandler(int signo)
-{
- control_client_terminate = signo;
-}
-
-static void
-control_client_sigrelay(int signo)
-{
- if (control_server_pid > 1)
- kill(control_server_pid, signo);
-}
-
-static int
-env_permitted(char *env)
-{
- int i, ret;
- char name[1024], *cp;
-
- if ((cp = strchr(env, '=')) == NULL || cp == env)
- return (0);
- ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
- if (ret <= 0 || (size_t)ret >= sizeof(name))
- fatal("env_permitted: name '%.100s...' too long", env);
-
- for (i = 0; i < options.num_send_env; i++)
- if (match_pattern(name, options.send_env[i]))
- return (1);
-
- return (0);
-}
-
-static void
-control_client(const char *path)
-{
- struct sockaddr_un addr;
- int i, r, fd, sock, exitval[2], num_env, addr_len;
- Buffer m;
- char *term;
- extern char **environ;
- u_int flags;
-
- if (mux_command == 0)
- mux_command = SSHMUX_COMMAND_OPEN;
-
- switch (options.control_master) {
- case SSHCTL_MASTER_AUTO:
- case SSHCTL_MASTER_AUTO_ASK:
- debug("auto-mux: Trying existing master");
- /* FALLTHROUGH */
- case SSHCTL_MASTER_NO:
- break;
- default:
- return;
- }
-
- memset(&addr, '\0', sizeof(addr));
- addr.sun_family = AF_UNIX;
- addr_len = offsetof(struct sockaddr_un, sun_path) +
- strlen(path) + 1;
-
- if (strlcpy(addr.sun_path, path,
- sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
- fatal("ControlPath too long");
-
- if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
- fatal("%s socket(): %s", __func__, strerror(errno));
-
- if (connect(sock, (struct sockaddr *)&addr, addr_len) == -1) {
- if (mux_command != SSHMUX_COMMAND_OPEN) {
- fatal("Control socket connect(%.100s): %s", path,
- strerror(errno));
- }
- if (errno == ENOENT)
- debug("Control socket \"%.100s\" does not exist", path);
- else {
- error("Control socket connect(%.100s): %s", path,
- strerror(errno));
- }
- close(sock);
- return;
- }
-
- if (stdin_null_flag) {
- if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)
- fatal("open(/dev/null): %s", strerror(errno));
- if (dup2(fd, STDIN_FILENO) == -1)
- fatal("dup2: %s", strerror(errno));
- if (fd > STDERR_FILENO)
- close(fd);
- }
-
- term = getenv("TERM");
-
- flags = 0;
- if (tty_flag)
- flags |= SSHMUX_FLAG_TTY;
- if (subsystem_flag)
- flags |= SSHMUX_FLAG_SUBSYS;
- if (options.forward_x11)
- flags |= SSHMUX_FLAG_X11_FWD;
- if (options.forward_agent)
- flags |= SSHMUX_FLAG_AGENT_FWD;
-
- buffer_init(&m);
-
- /* Send our command to server */
- buffer_put_int(&m, mux_command);
- buffer_put_int(&m, flags);
- if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)
- fatal("%s: msg_send", __func__);
- buffer_clear(&m);
-
- /* Get authorisation status and PID of controlee */
- if (ssh_msg_recv(sock, &m) == -1)
- fatal("%s: msg_recv", __func__);
- if (buffer_get_char(&m) != SSHMUX_VER)
- fatal("%s: wrong version", __func__);
- if (buffer_get_int(&m) != 1)
- fatal("Connection to master denied");
- control_server_pid = buffer_get_int(&m);
-
- buffer_clear(&m);
-
- switch (mux_command) {
- case SSHMUX_COMMAND_ALIVE_CHECK:
- fprintf(stderr, "Master running (pid=%d)\r\n",
- control_server_pid);
- exit(0);
- case SSHMUX_COMMAND_TERMINATE:
- fprintf(stderr, "Exit request sent.\r\n");
- exit(0);
- case SSHMUX_COMMAND_OPEN:
- /* continue below */
- break;
- default:
- fatal("silly mux_command %d", mux_command);
- }
-
- /* SSHMUX_COMMAND_OPEN */
- buffer_put_cstring(&m, term ? term : "");
- buffer_append(&command, "\0", 1);
- buffer_put_cstring(&m, buffer_ptr(&command));
-
- if (options.num_send_env == 0 || environ == NULL) {
- buffer_put_int(&m, 0);
- } else {
- /* Pass environment */
- num_env = 0;
- for (i = 0; environ[i] != NULL; i++)
- if (env_permitted(environ[i]))
- num_env++; /* Count */
-
- buffer_put_int(&m, num_env);
-
- for (i = 0; environ[i] != NULL && num_env >= 0; i++)
- if (env_permitted(environ[i])) {
- num_env--;
- buffer_put_cstring(&m, environ[i]);
- }
- }
-
- if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)
- fatal("%s: msg_send", __func__);
-
- mm_send_fd(sock, STDIN_FILENO);
- mm_send_fd(sock, STDOUT_FILENO);
- mm_send_fd(sock, STDERR_FILENO);
-
- /* Wait for reply, so master has a chance to gather ttymodes */
- buffer_clear(&m);
- if (ssh_msg_recv(sock, &m) == -1)
- fatal("%s: msg_recv", __func__);
- if (buffer_get_char(&m) != SSHMUX_VER)
- fatal("%s: wrong version", __func__);
- buffer_free(&m);
-
- signal(SIGHUP, control_client_sighandler);
- signal(SIGINT, control_client_sighandler);
- signal(SIGTERM, control_client_sighandler);
- signal(SIGWINCH, control_client_sigrelay);
-
- if (tty_flag)
- enter_raw_mode();
-
- /*
- * Stick around until the controlee closes the client_fd.
- * Before it does, it is expected to write this process' exit
- * value (one int). This process must read the value and wait for
- * the closure of the client_fd; if this one closes early, the
- * multiplex master will terminate early too (possibly losing data).
- */
- exitval[0] = 0;
- for (i = 0; !control_client_terminate && i < (int)sizeof(exitval);) {
- r = read(sock, (char *)exitval + i, sizeof(exitval) - i);
- if (r == 0) {
- debug2("Received EOF from master");
- break;
- }
- if (r == -1) {
- if (errno == EINTR)
- continue;
- fatal("%s: read %s", __func__, strerror(errno));
- }
- i += r;
- }
-
- close(sock);
- leave_raw_mode();
- if (i > (int)sizeof(int))
- fatal("%s: master returned too much data (%d > %lu)",
- __func__, i, sizeof(int));
- if (control_client_terminate) {
- debug2("Exiting on signal %d", control_client_terminate);
- exitval[0] = 255;
- } else if (i < (int)sizeof(int)) {
- debug2("Control master terminated unexpectedly");
- exitval[0] = 255;
- } else
- debug2("Received exit status from master %d", exitval[0]);
-
- if (tty_flag && options.log_level > SYSLOG_LEVEL_QUIET)
- fprintf(stderr, "Shared connection to %s closed.\r\n", host);
-
- exit(exitval[0]);
-}
Modified: trunk/ssh_config
===================================================================
--- trunk/ssh_config 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh_config 2009-06-23 21:31:15 UTC (rev 57)
@@ -48,5 +48,5 @@
# PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts yes
-# GSSAPIAuthentication yes
-# GSSAPIDelegateCredentials no
+ GSSAPIAuthentication yes
+ GSSAPIDelegateCredentials no
Modified: trunk/ssh_config.0
===================================================================
--- trunk/ssh_config.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh_config.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -40,10 +40,12 @@
Host Restricts the following declarations (up to the next Host key-
word) to be only for those hosts that match one of the patterns
- given after the keyword. A single `*' as a pattern can be used
- to provide global defaults for all hosts. The host is the
- hostname argument given on the command line (i.e. the name is not
- converted to a canonicalized host name before matching).
+ given after the keyword. If more than one pattern is provided,
+ they should be separated by whitepsace. A single `*' as a pat-
+ tern can be used to provide global defaults for all hosts. The
+ host is the hostname argument given on the command line (i.e. the
+ name is not converted to a canonicalized host name before match-
+ ing).
See PATTERNS for more information on patterns.
@@ -324,6 +326,11 @@
It is possible to have multiple identity files specified in con-
figuration files; all these identities will be tried in sequence.
+ KbdInteractiveAuthentication
+ Specifies whether to use keyboard-interactive authentication.
+ The argument to this keyword must be ``yes'' or ``no''. The de-
+ fault is ``yes''.
+
KbdInteractiveDevices
Specifies the list of methods to use in keyboard-interactive au-
thentication. Multiple method names must be comma-separated.
@@ -335,8 +342,13 @@
LocalCommand
Specifies a command to execute on the local machine after suc-
cessfully connecting to the server. The command string extends
- to the end of the line, and is executed with /bin/sh. This di-
- rective is ignored unless PermitLocalCommand has been enabled.
+ to the end of the line, and is executed with the user's shell.
+ The following escape character substitutions will be performed:
+ `%d' (local user's home directory), `%h' (remote host name), `%l'
+ (local host name), `%n' (host name as provided on the command
+ line), `%p' (remote port), `%r' (remote user name) or `%u' (local
+ user name). This directive is ignored unless PermitLocalCommand
+ has been enabled.
LocalForward
Specifies that a TCP port on the local machine be forwarded over
@@ -413,16 +425,16 @@
ProxyCommand
Specifies the command to use to connect to the server. The com-
mand string extends to the end of the line, and is executed with
- /bin/sh. In the command string, `%h' will be substituted by the
- host name to connect and `%p' by the port. The command can be
- basically anything, and should read from its standard input and
- write to its standard output. It should eventually connect an
- sshd(8) server running on some machine, or execute sshd -i some-
- where. Host key management will be done using the HostName of
- the host being connected (defaulting to the name typed by the us-
- er). Setting the command to ``none'' disables this option en-
- tirely. Note that CheckHostIP is not available for connects with
- a proxy command.
+ the user's shell. In the command string, `%h' will be substitut-
+ ed by the host name to connect and `%p' by the port. The command
+ can be basically anything, and should read from its standard in-
+ put and write to its standard output. It should eventually con-
+ nect an sshd(8) server running on some machine, or execute sshd
+ -i somewhere. Host key management will be done using the Host-
+ Name of the host being connected (defaulting to the name typed by
+ the user). Setting the command to ``none'' disables this option
+ entirely. Note that CheckHostIP is not available for connects
+ with a proxy command.
This directive is useful in conjunction with nc(1) and its proxy
support. For example, the following directive would connect via
@@ -595,6 +607,12 @@
See also VERIFYING HOST KEYS in ssh(1).
+ VisualHostKey
+ If this flag is set to ``yes'', an ASCII art representation of
+ the remote host key fingerprint is printed additionally to the
+ hex fingerprint string. If this flag is set to ``no'', only the
+ hex fingerprint string will be printed. The default is ``no''.
+
XAuthLocation
Specifies the full pathname of the xauth(1) program. The default
is /usr/X11R6/bin/xauth.
@@ -644,4 +662,4 @@
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.2 August 15, 2007 10
+OpenBSD 4.4 June 26, 2008 11
Modified: trunk/ssh_config.5
===================================================================
--- trunk/ssh_config.5 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ssh_config.5 2009-06-23 21:31:15 UTC (rev 57)
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.102 2007/08/15 12:13:41 stevesk Exp $
-.Dd $Mdocdate: August 15 2007 $
+.\" $OpenBSD: ssh_config.5,v 1.111 2008/06/26 11:46:31 grunk Exp $
+.Dd $Mdocdate: June 26 2008 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -119,6 +119,7 @@
.Cm Host
keyword) to be only for those hosts that match one of the patterns
given after the keyword.
+If more than one pattern is provided, they should be separated by whitepsace.
A single
.Ql *
as a pattern can be used to provide global
@@ -145,9 +146,7 @@
passphrase/password querying will be disabled.
In addition, the
.Cm ServerAliveInterval
-and
-.Cm SetupTimeOut
-options will both be set to 300 seconds by default.
+option will be set to 300 seconds by default.
This option is useful in scripts and other batch jobs where no user
is present to supply the password,
and where it is desirable to detect a broken network swiftly.
@@ -619,6 +618,14 @@
It is possible to have
multiple identity files specified in configuration files; all these
identities will be tried in sequence.
+.It Cm KbdInteractiveAuthentication
+Specifies whether to use keyboard-interactive authentication.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
.It Cm KbdInteractiveDevices
Specifies the list of methods to use in keyboard-interactive authentication.
Multiple method names must be comma-separated.
@@ -634,7 +641,22 @@
Specifies a command to execute on the local machine after successfully
connecting to the server.
The command string extends to the end of the line, and is executed with
-.Pa /bin/sh .
+the user's shell.
+The following escape character substitutions will be performed:
+.Ql %d
+(local user's home directory),
+.Ql %h
+(remote host name),
+.Ql %l
+(local host name),
+.Ql %n
+(host name as provided on the command line),
+.Ql %p
+(remote port),
+.Ql %r
+(remote user name) or
+.Ql %u
+(local user name).
This directive is ignored unless
.Cm PermitLocalCommand
has been enabled.
@@ -758,7 +780,7 @@
Specifies the command to use to connect to the server.
The command
string extends to the end of the line, and is executed with
-.Pa /bin/sh .
+the user's shell.
In the command string,
.Ql %h
will be substituted by the host name to
@@ -936,24 +958,9 @@
option is set.
This option applies to protocol version 2 only.
.Cm ProtocolKeepAlives
-is a Debian-specific compatibility alias for this option.
-.It Cm SetupTimeOut
-Normally,
-.Nm ssh
-blocks indefinitely whilst waiting to receive the ssh banner and other
-setup protocol from the server, during the session setup.
-This can cause
-.Nm ssh
-to hang under certain circumstances.
-If this option is set,
-.Nm ssh
-will give up if no data from the server is received for the specified
-number of seconds.
-The argument must be an integer.
-The default is 0 (disabled), or 300 if
-.Cm BatchMode
-is set.
-This is a Debian-specific option.
+and
+.Cm SetupTimeOut
+are Debian-specific compatibility aliases for this option.
.It Cm SmartcardDevice
Specifies which smartcard device to use.
The argument to this keyword is the device
@@ -1056,6 +1063,23 @@
.Dq any .
The default is
.Dq any:any .
+.It Cm UseBlacklistedKeys
+Specifies whether
+.Xr ssh 1
+should use keys recorded in its blacklist of known-compromised keys (see
+.Xr ssh-vulnkey 1 )
+for authentication.
+If
+.Dq yes ,
+then attempts to use compromised keys for authentication will be logged but
+accepted.
+It is strongly recommended that this be used only to install new authorized
+keys on the remote system, and even then only with the utmost care.
+If
+.Dq no ,
+then attempts to use compromised keys for authentication will be prevented.
+The default is
+.Dq no .
.It Cm UsePrivilegedPort
Specifies whether to use a privileged port for outgoing connections.
The argument must be
@@ -1110,6 +1134,16 @@
.Sx VERIFYING HOST KEYS
in
.Xr ssh 1 .
+.It Cm VisualHostKey
+If this flag is set to
+.Dq yes ,
+an ASCII art representation of the remote host key fingerprint is
+printed additionally to the hex fingerprint string.
+If this flag is set to
+.Dq no ,
+only the hex fingerprint string will be printed.
+The default is
+.Dq no .
.It Cm XAuthLocation
Specifies the full pathname of the
.Xr xauth 1
Modified: trunk/sshconnect.c
===================================================================
--- trunk/sshconnect.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshconnect.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.211 2008/07/01 07:24:22 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -74,13 +74,6 @@
#define INET6_ADDRSTRLEN 46
#endif
-static sig_atomic_t banner_timedout;
-
-static void banner_alarm_catch (int signum)
-{
- banner_timedout = 1;
-}
-
static int show_other_keys(const char *, Key *);
static void warn_changed_key(Key *);
@@ -93,8 +86,11 @@
char *command_string, *tmp;
int pin[2], pout[2];
pid_t pid;
- char strport[NI_MAXSERV];
+ char *shell, strport[NI_MAXSERV];
+ if ((shell = getenv("SHELL")) == NULL)
+ shell = _PATH_BSHELL;
+
/* Convert the port number into a string. */
snprintf(strport, sizeof strport, "%hu", port);
@@ -139,14 +135,14 @@
/* Stderr is left as it is so that error messages get
printed on the user's terminal. */
- argv[0] = _PATH_BSHELL;
+ argv[0] = shell;
argv[1] = "-c";
argv[2] = command_string;
argv[3] = NULL;
/* Execute the proxy command. Note that we gave up any
extra privileges above. */
- execv(argv[0], argv);
+ execvp(argv[0], argv);
perror(argv[0]);
exit(1);
}
@@ -164,7 +160,9 @@
xfree(command_string);
/* Set the connection file descriptors. */
- packet_set_connection(pout[0], pin[1], options.setuptimeout);
+ packet_set_connection(pout[0], pin[1]);
+ packet_set_timeout(options.server_alive_interval,
+ options.server_alive_count_max);
/* Indicate OK return */
return 0;
@@ -208,10 +206,10 @@
hints.ai_socktype = ai->ai_socktype;
hints.ai_protocol = ai->ai_protocol;
hints.ai_flags = AI_PASSIVE;
- gaierr = getaddrinfo(options.bind_address, "0", &hints, &res);
+ gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
if (gaierr) {
error("getaddrinfo: %s: %s", options.bind_address,
- gai_strerror(gaierr));
+ ssh_gai_strerror(gaierr));
close(sock);
return -1;
}
@@ -227,30 +225,36 @@
static int
timeout_connect(int sockfd, const struct sockaddr *serv_addr,
- socklen_t addrlen, int timeout)
+ socklen_t addrlen, int *timeoutp)
{
fd_set *fdset;
- struct timeval tv;
+ struct timeval tv, t_start;
socklen_t optlen;
int optval, rc, result = -1;
- if (timeout <= 0)
- return (connect(sockfd, serv_addr, addrlen));
+ gettimeofday(&t_start, NULL);
+ if (*timeoutp <= 0) {
+ result = connect(sockfd, serv_addr, addrlen);
+ goto done;
+ }
+
set_nonblock(sockfd);
rc = connect(sockfd, serv_addr, addrlen);
if (rc == 0) {
unset_nonblock(sockfd);
- return (0);
+ result = 0;
+ goto done;
}
- if (errno != EINPROGRESS)
- return (-1);
+ if (errno != EINPROGRESS) {
+ result = -1;
+ goto done;
+ }
fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
sizeof(fd_mask));
FD_SET(sockfd, fdset);
- tv.tv_sec = timeout;
- tv.tv_usec = 0;
+ ms_to_timeval(&tv, *timeoutp);
for (;;) {
rc = select(sockfd + 1, NULL, fdset, NULL, &tv);
@@ -289,6 +293,16 @@
}
xfree(fdset);
+
+ done:
+ if (result == 0 && *timeoutp > 0) {
+ ms_subtract_diff(&t_start, timeoutp);
+ if (*timeoutp <= 0) {
+ errno = ETIMEDOUT;
+ result = -1;
+ }
+ }
+
return (result);
}
@@ -305,8 +319,8 @@
*/
int
ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
- u_short port, int family, int connection_attempts,
- int needpriv, const char *proxy_command)
+ u_short port, int family, int connection_attempts, int *timeout_ms,
+ int want_keepalive, int needpriv, const char *proxy_command)
{
int gaierr;
int on = 1;
@@ -327,8 +341,8 @@
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%u", port);
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
- fatal("%s: %.100s: %s", __progname, host,
- gai_strerror(gaierr));
+ fatal("%s: Could not resolve hostname %.100s: %s", __progname,
+ host, ssh_gai_strerror(gaierr));
for (attempt = 0; attempt < connection_attempts; attempt++) {
if (attempt > 0) {
@@ -359,7 +373,7 @@
continue;
if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
- options.connection_timeout) >= 0) {
+ timeout_ms) >= 0) {
/* Successful connection. */
memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
break;
@@ -386,13 +400,15 @@
debug("Connection established.");
/* Set SO_KEEPALIVE if requested. */
- if (options.tcp_keep_alive &&
+ if (want_keepalive &&
setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
sizeof(on)) < 0)
error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
/* Set the connection. */
- packet_set_connection(sock, sock, options.setuptimeout);
+ packet_set_connection(sock, sock);
+ packet_set_timeout(options.server_alive_interval,
+ options.server_alive_count_max);
return 0;
}
@@ -402,7 +418,7 @@
* identification string.
*/
static void
-ssh_exchange_identification(void)
+ssh_exchange_identification(int timeout_ms)
{
char buf[256], remote_version[256]; /* must be same size! */
int remote_major, remote_minor, mismatch;
@@ -410,40 +426,44 @@
int connection_out = packet_get_connection_out();
int minor1 = PROTOCOL_MINOR_1;
u_int i, n;
- struct sigaction sa, osa;
+ size_t len;
+ int fdsetsz, remaining, rc;
+ struct timeval t_start, t_remaining;
+ fd_set *fdset;
- /* Read other side's version identification.
- * If SetupTimeOut has been set, give up after the specified amount
- * of time.
- */
- if (options.setuptimeout > 0) {
- memset(&sa, 0, sizeof(sa));
- sa.sa_handler = banner_alarm_catch;
- /* throw away any pending alarms, since we'd block otherwise */
- alarm(0);
- sigaction(SIGALRM, &sa, &osa);
- alarm(options.setuptimeout);
- }
+ fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask);
+ fdset = xcalloc(1, fdsetsz);
+
/* Read other side's version identification. */
+ remaining = timeout_ms;
for (n = 0;;) {
- for (i = 0; i < sizeof(buf) - 1; ) {
- ssize_t len = read(connection_in, &buf[i], 1);
- if (banner_timedout)
- fatal("ssh_exchange_identification: Timeout waiting for version information.");
- if (len == 0)
- errno = EPIPE;
+ for (i = 0; i < sizeof(buf) - 1; i++) {
+ if (timeout_ms > 0) {
+ gettimeofday(&t_start, NULL);
+ ms_to_timeval(&t_remaining, remaining);
+ FD_SET(connection_in, fdset);
+ rc = select(connection_in + 1, fdset, NULL,
+ fdset, &t_remaining);
+ ms_subtract_diff(&t_start, &remaining);
+ if (rc == 0 || remaining <= 0)
+ fatal("Connection timed out during "
+ "banner exchange");
+ if (rc == -1) {
+ if (errno == EINTR)
+ continue;
+ fatal("ssh_exchange_identification: "
+ "select: %s", strerror(errno));
+ }
+ }
+ len = atomicio(read, connection_in, &buf[i], 1);
+
if (len != 1 && errno == EPIPE)
- fatal("ssh_exchange_identification: Connection closed by remote host");
- else if (len != 1) {
-#ifdef EWOULDBLOCK
- if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)
-#else
- if (errno == EINTR || errno == EAGAIN)
-#endif
- continue;
- fatal("ssh_exchange_identification: read: %.100s", strerror(errno));
- }
+ fatal("ssh_exchange_identification: "
+ "Connection closed by remote host");
+ else if (len != 1)
+ fatal("ssh_exchange_identification: "
+ "read: %.100s", strerror(errno));
if (buf[i] == '\r') {
buf[i] = '\n';
buf[i + 1] = 0;
@@ -453,13 +473,9 @@
buf[i + 1] = 0;
break;
}
- if (buf[i] == '\r') {
- buf[i] = '\n';
- buf[i + 1] = 0; /**XXX wait for \n */
- }
if (++n > 65536)
- fatal("ssh_exchange_identification: No banner received");
- i++;
+ fatal("ssh_exchange_identification: "
+ "No banner received");
}
buf[sizeof(buf) - 1] = 0;
if (strncmp(buf, "SSH-", 4) == 0)
@@ -467,15 +483,8 @@
debug("ssh_exchange_identification: %s", buf);
}
server_version_string = xstrdup(buf);
+ xfree(fdset);
- /* If SetupTimeOut has been set, unset the alarm now, and
- * put the correct handler for SIGALRM back.
- */
- if (options.setuptimeout > 0) {
- alarm(0);
- sigaction(SIGALRM, &osa, NULL);
- }
-
/*
* Check that the versions match. In future this might accept
* several versions and set appropriate flags to handle them.
@@ -528,10 +537,10 @@
(options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
remote_major);
/* Send our own protocol version identification. */
- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
+ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
compat20 ? PROTOCOL_MINOR_2 : minor1,
- SSH_RELEASE);
+ SSH_RELEASE, compat20 ? "\r\n" : "\n");
if (atomicio(vwrite, connection_out, buf, strlen(buf)) != strlen(buf))
fatal("write: %.100s", strerror(errno));
client_version_string = xstrdup(buf);
@@ -580,14 +589,14 @@
Key *file_key;
const char *type = key_type(host_key);
char *ip = NULL, *host = NULL;
- char hostline[1000], *hostp, *fp;
+ char hostline[1000], *hostp, *fp, *ra;
HostStatus host_status;
HostStatus ip_status;
int r, local = 0, host_ip_differ = 0;
int salen;
char ntop[NI_MAXHOST];
char msg[1024];
- int len, host_line, ip_line;
+ int len, host_line, ip_line, cancelled_forwarding = 0;
const char *host_file = NULL, *ip_file = NULL;
/*
@@ -634,6 +643,7 @@
} else {
ip = xstrdup("<no hostip for proxy command>");
}
+
/*
* Turn off check_host_ip if the connection is to localhost, via proxy
* command or if we don't have a hostname to compare with
@@ -718,6 +728,13 @@
logit("Warning: Permanently added the %s host "
"key for IP address '%.128s' to the list "
"of known hosts.", type, ip);
+ } else if (options.visual_host_key) {
+ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+ ra = key_fingerprint(host_key, SSH_FP_MD5,
+ SSH_FP_RANDOMART);
+ logit("Host key fingerprint is %s\n%s\n", fp, ra);
+ xfree(ra);
+ xfree(fp);
}
break;
case HOST_NEW:
@@ -753,6 +770,8 @@
snprintf(msg1, sizeof(msg1), ".");
/* The default */
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+ ra = key_fingerprint(host_key, SSH_FP_MD5,
+ SSH_FP_RANDOMART);
msg2[0] = '\0';
if (options.verify_host_key_dns) {
if (matching_host_key_dns)
@@ -767,10 +786,14 @@
snprintf(msg, sizeof(msg),
"The authenticity of host '%.200s (%s)' can't be "
"established%s\n"
- "%s key fingerprint is %s.\n%s"
+ "%s key fingerprint is %s.%s%s\n%s"
"Are you sure you want to continue connecting "
"(yes/no)? ",
- host, ip, msg1, type, fp, msg2);
+ host, ip, msg1, type, fp,
+ options.visual_host_key ? "\n" : "",
+ options.visual_host_key ? ra : "",
+ msg2);
+ xfree(ra);
xfree(fp);
if (!confirm(msg))
goto fail;
@@ -823,7 +846,7 @@
error("@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("The %s host key for %s has changed,", type, host);
- error("and the key for the according IP address %s", ip);
+ error("and the key for the corresponding IP address %s", ip);
error("%s. This could either mean that", key_msg);
error("DNS SPOOFING is happening or the IP address for the host");
error("and its host key have changed at the same time.");
@@ -855,27 +878,32 @@
error("Password authentication is disabled to avoid "
"man-in-the-middle attacks.");
options.password_authentication = 0;
+ cancelled_forwarding = 1;
}
if (options.kbd_interactive_authentication) {
error("Keyboard-interactive authentication is disabled"
" to avoid man-in-the-middle attacks.");
options.kbd_interactive_authentication = 0;
options.challenge_response_authentication = 0;
+ cancelled_forwarding = 1;
}
if (options.challenge_response_authentication) {
error("Challenge/response authentication is disabled"
" to avoid man-in-the-middle attacks.");
options.challenge_response_authentication = 0;
+ cancelled_forwarding = 1;
}
if (options.forward_agent) {
error("Agent forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.forward_agent = 0;
+ cancelled_forwarding = 1;
}
if (options.forward_x11) {
error("X11 forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.forward_x11 = 0;
+ cancelled_forwarding = 1;
}
if (options.num_local_forwards > 0 ||
options.num_remote_forwards > 0) {
@@ -883,12 +911,18 @@
"man-in-the-middle attacks.");
options.num_local_forwards =
options.num_remote_forwards = 0;
+ cancelled_forwarding = 1;
}
if (options.tun_open != SSH_TUNMODE_NO) {
error("Tunnel forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.tun_open = SSH_TUNMODE_NO;
+ cancelled_forwarding = 1;
}
+ if (options.exit_on_forward_failure && cancelled_forwarding)
+ fatal("Error: forwarding disabled due to host key "
+ "check failure");
+
/*
* XXX Should permit the user to change to use the new id.
* This could be done by converting the host key to an
@@ -987,7 +1021,7 @@
*/
void
ssh_login(Sensitive *sensitive, const char *orighost,
- struct sockaddr *hostaddr, struct passwd *pw)
+ struct sockaddr *hostaddr, struct passwd *pw, int timeout_ms)
{
char *host, *cp;
char *server_user, *local_user;
@@ -1002,7 +1036,7 @@
*cp = (char)tolower(*cp);
/* Exchange protocol version identification strings with the server. */
- ssh_exchange_identification();
+ ssh_exchange_identification(timeout_ms);
/* Put the connection into non-blocking mode. */
packet_set_nonblocking();
@@ -1041,18 +1075,20 @@
show_key_from_file(const char *file, const char *host, int keytype)
{
Key *found;
- char *fp;
+ char *fp, *ra;
int line, ret;
found = key_new(keytype);
if ((ret = lookup_key_in_hostfile_by_type(file, host,
keytype, found, &line))) {
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+ ra = key_fingerprint(found, SSH_FP_MD5, SSH_FP_RANDOMART);
logit("WARNING: %s key found for host %s\n"
"in %s:%d\n"
- "%s key fingerprint %s.",
+ "%s key fingerprint %s.\n%s\n",
key_type(found), host, file, line,
- key_type(found), fp);
+ key_type(found), fp, ra);
+ xfree(ra);
xfree(fp);
}
key_free(found);
@@ -1133,7 +1169,7 @@
pid = fork();
if (pid == 0) {
debug3("Executing %s -c \"%s\"", shell, args);
- execl(shell, shell, "-c", args, (char *)NULL);
+ execlp(shell, shell, "-c", args, (char *)NULL);
error("Couldn't execute %s -c \"%s\": %s",
shell, args, strerror(errno));
_exit(1);
Modified: trunk/sshconnect.h
===================================================================
--- trunk/sshconnect.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshconnect.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.24 2007/09/04 11:15:56 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -33,10 +33,10 @@
int
ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int,
- int, const char *);
+ int *, int, int, const char *);
void
-ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *);
+ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *, int);
int verify_host_key(char *, struct sockaddr *, Key *);
Modified: trunk/sshconnect2.c
===================================================================
--- trunk/sshconnect2.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshconnect2.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.164 2007/05/17 23:53:41 jolan Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.166 2008/07/17 08:48:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -38,6 +38,9 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
+#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
+#include <vis.h>
+#endif
#include "openbsd-compat/sys-queue.h"
@@ -165,7 +168,7 @@
#endif
if (options.rekey_limit)
- packet_set_rekey_limit(options.rekey_limit);
+ packet_set_rekey_limit((u_int32_t)options.rekey_limit);
/* start key exchange */
kex = kex_setup(myproposal);
@@ -429,14 +432,22 @@
void
input_userauth_banner(int type, u_int32_t seq, void *ctxt)
{
- char *msg, *lang;
+ char *msg, *raw, *lang;
+ u_int len;
debug3("input_userauth_banner");
- msg = packet_get_string(NULL);
+ raw = packet_get_string(&len);
lang = packet_get_string(NULL);
- if (options.log_level >= SYSLOG_LEVEL_INFO)
+ if (options.log_level >= SYSLOG_LEVEL_INFO) {
+ if (len > 65536)
+ len = 65536;
+ msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
+ strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL);
+ msg[len*4] = '\0';
fprintf(stderr, "%s", msg);
- xfree(msg);
+ xfree(msg);
+ }
+ xfree(raw);
xfree(lang);
}
@@ -1156,6 +1167,8 @@
/* list of keys stored in the filesystem */
for (i = 0; i < options.num_identity_files; i++) {
+ if (options.identity_files[i] == NULL)
+ continue;
key = options.identity_keys[i];
if (key && key->type == KEY_RSA1)
continue;
@@ -1246,7 +1259,7 @@
if (id->key && id->key->type != KEY_RSA1) {
debug("Offering public key: %s", id->filename);
sent = send_pubkey_test(authctxt, id);
- } else if (id->key == NULL) {
+ } else if (id->key == NULL && id->filename) {
debug("Trying private key: %s", id->filename);
id->key = load_identity_file(id->filename);
if (id->key != NULL) {
Modified: trunk/sshd.0
===================================================================
--- trunk/sshd.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshd.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -4,8 +4,9 @@
sshd - OpenSSH SSH daemon
SYNOPSIS
- sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]
- [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
+ sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file]
+ [-g login_grace_time] [-h host_key_file] [-k key_gen_time]
+ [-o option] [-p port] [-u len]
DESCRIPTION
sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these
@@ -31,8 +32,18 @@
-b bits
Specifies the number of bits in the ephemeral protocol version 1
- server key (default 768).
+ server key (default 1024).
+ -C connection_spec
+ Specify the connection parameters to use for the -T extended test
+ mode. If provided, any Match directives in the configuration
+ file that would apply to the specified user, host, and address
+ will be set before the configuration is written to standard out-
+ put. The connection parameters are supplied as keyword=value
+ pairs. The keywords are ``user'', ``host'', and ``addr''. All
+ are required and may be supplied in any order, either with multi-
+ ple -C options or as a comma-separated list.
+
-D When this option is specified, sshd will not detach and does not
become a daemon. This allows easy monitoring of sshd.
@@ -98,6 +109,11 @@
ginning, authentication, and termination of each connection is
logged.
+ -T Extended test mode. Check the validity of the configuration
+ file, output the effective configuration to stdout and then exit.
+ Optionally, Match rules may be applied by specifying the connec-
+ tion parameters using one or more -C options.
+
-t Test mode. Only check the validity of the configuration file and
sanity of the keys. This is useful for updating sshd reliably as
configuration options may change.
@@ -289,19 +305,23 @@
This option is automatically disabled if UseLogin is enabled.
from="pattern-list"
- Specifies that in addition to public key authentication, the
- canonical name of the remote host must be present in the comma-
- separated list of patterns. The purpose of this option is to op-
- tionally increase security: public key authentication by itself
- does not trust the network or name servers or anything (but the
- key); however, if somebody somehow steals the key, the key per-
- mits an intruder to log in from anywhere in the world. This ad-
- ditional option makes using a stolen key more difficult (name
- servers and/or routers would have to be compromised in addition
- to just the key).
+ Specifies that in addition to public key authentication, either
+ the canonical name of the remote host or its IP address must be
+ present in the comma-separated list of patterns. See PATTERNS in
+ ssh_config(5) for more information on patterns.
- See PATTERNS in ssh_config(5) for more information on patterns.
+ In addition to the wildcard matching that may be applied to host-
+ names or addresses, a from stanza may match IP addressess using
+ CIDR address/masklen notation.
+ The purpose of this option is to optionally increase security:
+ public key authentication by itself does not trust the network or
+ name servers or anything (but the key); however, if somebody
+ somehow steals the key, the key permits an intruder to log in
+ from anywhere in the world. This additional option makes using a
+ stolen key more difficult (name servers and/or routers would have
+ to be compromised in addition to just the key).
+
no-agent-forwarding
Forbids authentication agent forwarding when this key is used for
authentication.
@@ -313,6 +333,9 @@
no-pty Prevents tty allocation (a request to allocate a pty will fail).
+ no-user-rc
+ Disables execution of ~/.ssh/rc.
+
no-X11-forwarding
Forbids X11 forwarding when this key is used for authentication.
Any X11 forward requests by the client will return an error.
@@ -417,6 +440,13 @@
host-based authentication without permitting login with
rlogin/rsh.
+ ~/.ssh/
+ This directory is the default location for all user-specific con-
+ figuration and authentication information. There is no general
+ requirement to keep the entire contents of this directory secret,
+ but the recommended permissions are read/write/execute for the
+ user, and not accessible by others.
+
~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in
as this user. The format of this file is described above. The
@@ -542,4 +572,4 @@
System security is not improved unless rshd, rlogind, and rexecd are dis-
abled (thus completely disabling rlogin and rsh into the machine).
-OpenBSD 4.2 August 16, 2007 9
+OpenBSD 4.4 July 2, 2008 9
Modified: trunk/sshd.8
===================================================================
--- trunk/sshd.8 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshd.8 2009-06-23 21:31:15 UTC (rev 57)
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.237 2007/06/07 19:37:34 pvalchev Exp $
-.Dd $Mdocdate: August 16 2007 $
+.\" $OpenBSD: sshd.8,v 1.246 2008/07/02 02:24:18 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
.Dt SSHD 8
.Os
.Sh NAME
@@ -44,8 +44,9 @@
.Sh SYNOPSIS
.Nm sshd
.Bk -words
-.Op Fl 46Ddeiqt
+.Op Fl 46DdeiqTt
.Op Fl b Ar bits
+.Op Fl C Ar connection_spec
.Op Fl f Ar config_file
.Op Fl g Ar login_grace_time
.Op Fl h Ar host_key_file
@@ -99,7 +100,25 @@
to use IPv6 addresses only.
.It Fl b Ar bits
Specifies the number of bits in the ephemeral protocol version 1
-server key (default 768).
+server key (default 1024).
+.It Fl C Ar connection_spec
+Specify the connection parameters to use for the
+.Fl T
+extended test mode.
+If provided, any
+.Cm Match
+directives in the configuration file
+that would apply to the specified user, host, and address will be set before
+the configuration is written to standard output.
+The connection parameters are supplied as keyword=value pairs.
+The keywords are
+.Dq user ,
+.Dq host ,
+and
+.Dq addr .
+All are required and may be supplied in any order, either with multiple
+.Fl C
+options or as a comma-separated list.
.It Fl D
When this option is specified,
.Nm
@@ -194,6 +213,15 @@
If a second
.Fl q
is given then nothing is sent to the system log.
+.It Fl T
+Extended test mode.
+Check the validity of the configuration file, output the effective configuration
+to stdout and then exit.
+Optionally,
+.Cm Match
+rules may be applied by specifying the connection parameters using one or more
+.Fl C
+options.
.It Fl t
Test mode.
Only check the validity of the configuration file and sanity of the keys.
@@ -506,23 +534,27 @@
.Cm UseLogin
is enabled.
.It Cm from="pattern-list"
-Specifies that in addition to public key authentication, the canonical name
-of the remote host must be present in the comma-separated list of
-patterns.
-The purpose
-of this option is to optionally increase security: public key authentication
-by itself does not trust the network or name servers or anything (but
-the key); however, if somebody somehow steals the key, the key
-permits an intruder to log in from anywhere in the world.
-This additional option makes using a stolen key more difficult (name
-servers and/or routers would have to be compromised in addition to
-just the key).
-.Pp
+Specifies that in addition to public key authentication, either the canonical
+name of the remote host or its IP address must be present in the
+comma-separated list of patterns.
See
.Sx PATTERNS
in
.Xr ssh_config 5
for more information on patterns.
+.Pp
+In addition to the wildcard matching that may be applied to hostnames or
+addresses, a
+.Cm from
+stanza may match IP addressess using CIDR address/masklen notation.
+.Pp
+The purpose of this option is to optionally increase security: public key
+authentication by itself does not trust the network or name servers or
+anything (but the key); however, if somebody somehow steals the key, the key
+permits an intruder to log in from anywhere in the world.
+This additional option makes using a stolen key more difficult (name
+servers and/or routers would have to be compromised in addition to
+just the key).
.It Cm no-agent-forwarding
Forbids authentication agent forwarding when this key is used for
authentication.
@@ -535,7 +567,7 @@
.It Cm no-pty
Prevents tty allocation (a request to allocate a pty will fail).
.It Cm no-user-rc
-Disables execution of
+Disables execution of
.Pa ~/.ssh/rc .
.It Cm no-X11-forwarding
Forbids X11 forwarding when this key is used for authentication.
@@ -688,6 +720,13 @@
but allows host-based authentication without permitting login with
rlogin/rsh.
.Pp
+.It ~/.ssh/
+This directory is the default location for all user-specific configuration
+and authentication information.
+There is no general requirement to keep the entire contents of this directory
+secret, but the recommended permissions are read/write/execute for the user,
+and not accessible by others.
+.Pp
.It ~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
The format of this file is described above.
@@ -837,6 +876,7 @@
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
+.Xr ssh-vulnkey 1 ,
.Xr chroot 2 ,
.Xr hosts_access 5 ,
.Xr login.conf 5 ,
Modified: trunk/sshd.c
===================================================================
--- trunk/sshd.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshd.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.351 2007/05/22 10:18:52 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.364 2008/07/10 18:08:11 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -54,6 +54,7 @@
# include <sys/time.h>
#endif
#include "openbsd-compat/sys-tree.h"
+#include "openbsd-compat/sys-queue.h"
#include <sys/wait.h>
#include <errno.h>
@@ -75,6 +76,8 @@
#include <openssl/bn.h>
#include <openssl/md5.h>
#include <openssl/rand.h>
+#include "openbsd-compat/openssl-compat.h"
+
#ifdef HAVE_SECUREWARE
#include <sys/security.h>
#include <prot.h>
@@ -124,8 +127,8 @@
#ifdef LIBWRAP
#include <tcpd.h>
#include <syslog.h>
-int allow_severity = LOG_INFO;
-int deny_severity = LOG_WARNING;
+int allow_severity;
+int deny_severity;
#endif /* LIBWRAP */
#ifndef O_NOCTTY
@@ -375,9 +378,6 @@
static void
generate_ephemeral_server_key(void)
{
- u_int32_t rnd = 0;
- int i;
-
verbose("Generating %s%d bit RSA key.",
sensitive_data.server_key ? "new " : "", options.server_key_bits);
if (sensitive_data.server_key != NULL)
@@ -386,12 +386,7 @@
options.server_key_bits);
verbose("RSA key generation complete.");
- for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- sensitive_data.ssh1_cookie[i] = rnd & 0xff;
- rnd >>= 8;
- }
+ arc4random_buf(sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
arc4random_stir();
}
@@ -413,7 +408,7 @@
int mismatch;
int remote_major, remote_minor;
int major, minor;
- char *s;
+ char *s, *newline = "\n";
char buf[256]; /* Must not be larger than remote_version. */
char remote_version[256]; /* Must be at least as big as buf. */
@@ -424,11 +419,13 @@
} else if (options.protocol & SSH_PROTO_2) {
major = PROTOCOL_MAJOR_2;
minor = PROTOCOL_MINOR_2;
+ newline = "\r\n";
} else {
major = PROTOCOL_MAJOR_1;
minor = PROTOCOL_MINOR_1;
}
- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_RELEASE);
+ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
+ SSH_RELEASE, newline);
server_version_string = xstrdup(buf);
/* Send our protocol version identification. */
@@ -590,15 +587,14 @@
static void
privsep_preauth_child(void)
{
- u_int32_t rnd[256];
+ u_int32_t rnd[256];
gid_t gidset[1];
- int i;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
- for (i = 0; i < 256; i++)
- rnd[i] = arc4random();
+ arc4random_stir();
+ arc4random_buf(rnd, sizeof(rnd));
RAND_seed(rnd, sizeof(rnd));
/* Demote the private keys to public keys. */
@@ -671,6 +667,8 @@
static void
privsep_postauth(Authctxt *authctxt)
{
+ u_int32_t rnd[256];
+
#ifdef DISABLE_FD_PASSING
if (1) {
#else
@@ -688,7 +686,7 @@
if (pmonitor->m_pid == -1)
fatal("fork of unprivileged child failed");
else if (pmonitor->m_pid != 0) {
- debug2("User child is on pid %ld", (long)pmonitor->m_pid);
+ verbose("User child is on pid %ld", (long)pmonitor->m_pid);
close(pmonitor->m_recvfd);
buffer_clear(&loginmsg);
monitor_child_postauth(pmonitor);
@@ -702,6 +700,10 @@
/* Demote the private keys to public keys. */
demote_sensitive_data();
+ arc4random_stir();
+ arc4random_buf(rnd, sizeof(rnd));
+ RAND_seed(rnd, sizeof(rnd));
+
/* Drop privileges */
do_setusercontext(authctxt->pw);
@@ -801,7 +803,7 @@
p *= startups - options.max_startups_begin;
p /= options.max_startups - options.max_startups_begin;
p += options.max_startups_rate;
- r = arc4random() % 100;
+ r = arc4random_uniform(100);
debug("drop_connection: p %d, r %d", p, r);
return (r < p) ? 1 : 0;
@@ -813,8 +815,9 @@
fprintf(stderr, "%s, %s\n",
SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
fprintf(stderr,
-"usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]\n"
-" [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]\n"
+"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file]\n"
+" [-g login_grace_time] [-h host_key_file] [-k key_gen_time]\n"
+" [-o option] [-p port] [-u len]\n"
);
exit(1);
}
@@ -921,7 +924,7 @@
{
const char *oom_adj = getenv("SSHD_OOM_ADJUST");
- if (!oom_adj)
+ if (!oom_adj || !*oom_adj)
return;
oom_adj_get(oom_adj_save, sizeof(oom_adj_save));
oom_adj_set(oom_adj);
@@ -987,8 +990,7 @@
ntop, sizeof(ntop), strport, sizeof(strport),
NI_NUMERICHOST|NI_NUMERICSERV)) != 0) {
error("getnameinfo failed: %.100s",
- (ret != EAI_SYSTEM) ? gai_strerror(ret) :
- strerror(errno));
+ ssh_gai_strerror(ret));
continue;
}
/* Create socket for listening. */
@@ -1011,6 +1013,16 @@
&on, sizeof(on)) == -1)
error("setsockopt SO_REUSEADDR: %s", strerror(errno));
+#ifdef IPV6_V6ONLY
+ /* Only communicate in IPv6 over AF_INET6 sockets. */
+ if (ai->ai_family == AF_INET6) {
+ if (setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY,
+ &on, sizeof(on)) == -1)
+ error("setsockopt IPV6_V6ONLY: %s",
+ strerror(errno));
+ }
+#endif
+
debug("Bind to port %s on %s.", strport, ntop);
/* Bind the socket to the desired port. */
@@ -1118,7 +1130,8 @@
*newsock = accept(listen_socks[i],
(struct sockaddr *)&from, &fromlen);
if (*newsock < 0) {
- if (errno != EINTR && errno != EWOULDBLOCK)
+ if (errno != EINTR && errno != EAGAIN &&
+ errno != EWOULDBLOCK)
error("accept: %.100s", strerror(errno));
continue;
}
@@ -1265,9 +1278,12 @@
int opt, i, on = 1;
int sock_in = -1, sock_out = -1, newsock = -1;
const char *remote_ip;
+ char *test_user = NULL, *test_host = NULL, *test_addr = NULL;
int remote_port;
- char *line;
+ char *line, *p, *cp;
int config_s[2] = { -1 , -1 };
+ u_int64_t ibytes, obytes;
+ mode_t new_umask;
Key *key;
Authctxt *authctxt;
@@ -1301,7 +1317,7 @@
initialize_server_options(&options);
/* Parse command-line arguments. */
- while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) {
+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) {
switch (opt) {
case '4':
options.address_family = AF_INET;
@@ -1384,6 +1400,25 @@
case 't':
test_flag = 1;
break;
+ case 'T':
+ test_flag = 2;
+ break;
+ case 'C':
+ cp = optarg;
+ while ((p = strsep(&cp, ",")) && *p != '\0') {
+ if (strncmp(p, "addr=", 5) == 0)
+ test_addr = xstrdup(p + 5);
+ else if (strncmp(p, "host=", 5) == 0)
+ test_host = xstrdup(p + 5);
+ else if (strncmp(p, "user=", 5) == 0)
+ test_user = xstrdup(p + 5);
+ else {
+ fprintf(stderr, "Invalid test "
+ "mode specification %s\n", p);
+ exit(1);
+ }
+ }
+ break;
case 'u':
utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);
if (utmp_len > MAXHOSTNAMELEN) {
@@ -1406,7 +1441,7 @@
}
if (rexeced_flag || inetd_flag)
rexec_flag = 0;
- if (rexec_flag && (av[0] == NULL || *av[0] != '/'))
+ if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
fatal("sshd re-exec requires execution with an absolute path");
if (rexeced_flag)
closefrom(REEXEC_MIN_FREE_FD);
@@ -1445,6 +1480,21 @@
sensitive_data.have_ssh1_key = 0;
sensitive_data.have_ssh2_key = 0;
+ /*
+ * If we're doing an extended config test, make sure we have all of
+ * the parameters we need. If we're not doing an extended test,
+ * do not silently ignore connection test params.
+ */
+ if (test_flag >= 2 &&
+ (test_user != NULL || test_host != NULL || test_addr != NULL)
+ && (test_user == NULL || test_host == NULL || test_addr == NULL))
+ fatal("user, host and addr are all required when testing "
+ "Match configs");
+ if (test_flag < 2 && (test_user != NULL || test_host != NULL ||
+ test_addr != NULL))
+ fatal("Config test connection parameter (-C) provided without "
+ "test mode (-T)");
+
/* Fetch our configuration */
buffer_init(&cfg);
if (rexeced_flag)
@@ -1581,6 +1631,13 @@
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
}
+ if (test_flag > 1) {
+ if (test_user != NULL && test_addr != NULL && test_host != NULL)
+ parse_server_match_config(&options, test_user,
+ test_host, test_addr);
+ dump_config(&options);
+ }
+
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
@@ -1605,6 +1662,10 @@
rexec_argv[rexec_argc + 1] = NULL;
}
+ /* Ensure that umask disallows at least group and world write */
+ new_umask = umask(0077) | 0022;
+ (void) umask(new_umask);
+
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && (!inetd_flag || rexeced_flag))
log_stderr = 1;
@@ -1652,10 +1713,6 @@
/* Get a connection, either from inetd or a listening TCP socket */
if (inetd_flag) {
server_accept_inetd(&sock_in, &sock_out);
-
- if ((options.protocol & SSH_PROTO_1) &&
- sensitive_data.server_key == NULL)
- generate_ephemeral_server_key();
} else {
server_listen();
@@ -1767,7 +1824,7 @@
* Register our connection. This turns encryption off because we do
* not have a key.
*/
- packet_set_connection(sock_in, sock_out, -1);
+ packet_set_connection(sock_in, sock_out);
packet_set_server();
/* Set SO_KEEPALIVE if requested. */
@@ -1796,6 +1853,8 @@
audit_connection_from(remote_ip, remote_port);
#endif
#ifdef LIBWRAP
+ allow_severity = options.log_facility|LOG_INFO;
+ deny_severity = options.log_facility|LOG_WARNING;
/* Check whether logins are denied from this host. */
if (packet_connection_is_on_socket()) {
struct request_info req;
@@ -1883,6 +1942,10 @@
sshd_exchange_identification(sock_in, sock_out);
+ /* In inetd mode, generate ephemeral key only for proto 1 connections */
+ if (!compat20 && inetd_flag && sensitive_data.server_key == NULL)
+ generate_ephemeral_server_key();
+
packet_set_nonblocking();
/* allocate authentication context */
@@ -1935,6 +1998,20 @@
audit_event(SSH_AUTH_SUCCESS);
#endif
+#ifdef GSSAPI
+ if (options.gss_authentication) {
+ temporarily_use_uid(authctxt->pw);
+ ssh_gssapi_storecreds();
+ restore_uid();
+ }
+#endif
+#ifdef USE_PAM
+ if (options.use_pam) {
+ do_pam_setcred(1);
+ do_pam_session();
+ }
+#endif
+
/*
* In privilege separation, we fork another child and prepare
* file descriptor passing.
@@ -1946,12 +2023,19 @@
destroy_sensitive_data();
}
+ packet_set_timeout(options.client_alive_interval,
+ options.client_alive_count_max);
+
/* Start session. */
do_authenticated(authctxt);
/* The connection has been terminated. */
- verbose("Closing connection to %.100s", remote_ip);
+ packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
+ packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
+ verbose("Transferred: sent %llu, received %llu bytes", obytes, ibytes);
+ verbose("Closing connection to %.500s port %d", remote_ip, remote_port);
+
#ifdef USE_PAM
if (options.use_pam)
finish_pam();
@@ -2030,7 +2114,6 @@
u_char session_key[SSH_SESSION_KEY_LENGTH];
u_char cookie[8];
u_int cipher_type, auth_mask, protocol_flags;
- u_int32_t rnd = 0;
/*
* Generate check bytes that the client must send back in the user
@@ -2041,12 +2124,7 @@
* cookie. This only affects rhosts authentication, and this is one
* of the reasons why it is inherently insecure.
*/
- for (i = 0; i < 8; i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- cookie[i] = rnd & 0xff;
- rnd >>= 8;
- }
+ arc4random_buf(cookie, sizeof(cookie));
/*
* Send our public key. We include in the packet 64 bits of random
Modified: trunk/sshd_config
===================================================================
--- trunk/sshd_config 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshd_config 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
+# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -28,7 +28,7 @@
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
-#ServerKeyBits 768
+#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
@@ -41,6 +41,7 @@
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
+#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
@@ -86,6 +87,7 @@
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
+#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
@@ -104,9 +106,10 @@
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
+#ChrootDirectory none
# no default banner path
-#Banner /some/path
+#Banner none
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
Modified: trunk/sshd_config.0
===================================================================
--- trunk/sshd_config.0 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshd_config.0 2009-06-23 21:31:15 UTC (rev 57)
@@ -34,6 +34,12 @@
arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6''
(use IPv6 only). The default is ``any''.
+ AllowAgentForwarding
+ Specifies whether ssh-agent(1) forwarding is permitted. The de-
+ fault is ``yes''. Note that disabling agent forwarding does not
+ improve security unless users are also denied shell access, as
+ they can always install their own forwarders.
+
AllowGroups
This keyword can be followed by a list of group name patterns,
separated by spaces. If specified, login is allowed only for
@@ -76,10 +82,9 @@
path or one relative to the user's home directory. The default
is ``.ssh/authorized_keys''.
- Banner In some jurisdictions, sending a warning message before authenti-
- cation may be relevant for getting legal protection. The con-
- tents of the specified file are sent to the remote user before
- authentication is allowed. This option is only available for
+ Banner The contents of the specified file are sent to the remote user
+ before authentication is allowed. If the argument is ``none''
+ then no banner is displayed. This option is only available for
protocol version 2. By default, no banner is displayed.
ChallengeResponseAuthentication
@@ -87,6 +92,28 @@
All authentication styles from login.conf(5) are supported. The
default is ``yes''.
+ ChrootDirectory
+ Specifies a path to chroot(2) to after authentication. This
+ path, and all its components, must be root-owned directories that
+ are not writable by any other user or group.
+
+ The path may contain the following tokens that are expanded at
+ runtime once the connecting user has been authenticated: %% is
+ replaced by a literal '%', %h is replaced by the home directory
+ of the user being authenticated, and %u is replaced by the user-
+ name of that user.
+
+ The ChrootDirectory must contain the necessary files and directo-
+ ries to support the users' session. For an interactive session
+ this requires at least a shell, typically sh(1), and basic /dev
+ nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
+ arandom(4) and tty(4) devices. For file transfer sessions using
+ ``sftp'', no additional configuration of the environment is nec-
+ essary if the in-process sftp server is used (see Subsystem for
+ details).
+
+ The default is not to chroot(2).
+
Ciphers
Specifies the ciphers allowed for protocol version 2. Multiple
ciphers must be comma-separated. The supported ciphers are
@@ -156,12 +183,15 @@
ForceCommand
Forces the execution of the command specified by ForceCommand,
- ignoring any command supplied by the client. The command is in-
- voked by using the user's login shell with the -c option. This
- applies to shell, command, or subsystem execution. It is most
- useful inside a Match block. The command originally supplied by
- the client is available in the SSH_ORIGINAL_COMMAND environment
- variable.
+ ignoring any command supplied by the client and ~/.ssh/rc if pre-
+ sent. The command is invoked by using the user's login shell
+ with the -c option. This applies to shell, command, or subsystem
+ execution. It is most useful inside a Match block. The command
+ originally supplied by the client is available in the
+ SSH_ORIGINAL_COMMAND environment variable. Specifying a command
+ of ``internal-sftp'' will force the use of an in-process sftp
+ server that requires no support files when used with
+ ChrootDirectory.
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports
@@ -290,22 +320,40 @@
Match Introduces a conditional block. If all of the criteria on the
Match line are satisfied, the keywords on the following lines
override those set in the global section of the config file, un-
- til either another Match line or the end of the file. The argu-
- ments to Match are one or more criteria-pattern pairs. The
- available criteria are User, Group, Host, and Address. Only a
- subset of keywords may be used on the lines following a Match
- keyword. Available keywords are AllowTcpForwarding, Banner,
- ForceCommand, GatewayPorts, GSSApiAuthentication,
+ til either another Match line or the end of the file.
+
+ The arguments to Match are one or more criteria-pattern pairs.
+ The available criteria are User, Group, Host, and Address. The
+ match patterns may consist of single entries or comma-separated
+ lists and may use the wildcard and negation operators described
+ in the PATTERNS section of ssh_config(5).
+
+ The patterns in an Address criteria may additionally contain ad-
+ dresses to match in CIDR address/masklen format, e.g.
+ ``192.0.2.0/24'' or ``3ffe:ffff::/32''. Note that the mask
+ length provided must be consistent with the address - it is an
+ error to specify a mask length that is too long for the address
+ or one with bits set in this host portion of the address. For
+ example, ``192.0.2.0/33'' and ``192.0.2.0/8'' respectively.
+
+ Only a subset of keywords may be used on the lines following a
+ Match keyword. Available keywords are AllowTcpForwarding,
+ Banner, ChrootDirectory, ForceCommand, GatewayPorts,
+ GSSAPIAuthentication, HostbasedAuthentication,
KbdInteractiveAuthentication, KerberosAuthentication,
- PasswordAuthentication, PermitOpen, RhostsRSAAuthentication,
- RSAAuthentication, X11DisplayOffset, X11Forwarding, and
- X11UseLocalHost.
+ MaxAuthTries, MaxSessions, PasswordAuthentication, PermitOpen,
+ PermitRootLogin, RhostsRSAAuthentication, RSAAuthentication,
+ X11DisplayOffset, X11Forwarding, and X11UseLocalHost.
MaxAuthTries
Specifies the maximum number of authentication attempts permitted
per connection. Once the number of failures reaches half this
value, additional failures are logged. The default is 6.
+ MaxSessions
+ Specifies the maximum number of open sessions permitted per net-
+ work connection. The default is 10.
+
MaxStartups
Specifies the maximum number of concurrent unauthenticated con-
nections to the SSH daemon. Additional connections will be
@@ -416,7 +464,7 @@
ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1
- server key. The minimum value is 512, and the default is 768.
+ server key. The minimum value is 512, and the default is 1024.
StrictModes
Specifies whether sshd(8) should check file modes and ownership
@@ -428,8 +476,15 @@
Subsystem
Configures an external subsystem (e.g. file transfer daemon).
Arguments should be a subsystem name and a command (with optional
- arguments) to execute upon subsystem request. The command
- sftp-server(8) implements the ``sftp'' file transfer subsystem.
+ arguments) to execute upon subsystem request.
+
+ The command sftp-server(8) implements the ``sftp'' file transfer
+ subsystem.
+
+ Alternately the name ``internal-sftp'' implements an in-process
+ ``sftp'' server. This may simplify configurations using
+ ChrootDirectory to force a different filesystem root on clients.
+
By default no subsystems are defined. Note that this option ap-
plies to protocol version 2 only.
@@ -572,4 +627,4 @@
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
for privilege separation.
-OpenBSD 4.2 June 11, 2007 9
+OpenBSD 4.4 July 2, 2008 10
Modified: trunk/sshd_config.5
===================================================================
--- trunk/sshd_config.5 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshd_config.5 2009-06-23 21:31:15 UTC (rev 57)
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.77 2007/06/08 07:48:09 jmc Exp $
-.Dd $Mdocdate: June 11 2007 $
+.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -122,6 +122,15 @@
(use IPv6 only).
The default is
.Dq any .
+.It Cm AllowAgentForwarding
+Specifies whether
+.Xr ssh-agent 1
+forwarding is permitted.
+The default is
+.Dq yes .
+Note that disabling agent forwarding does not improve security
+unless users are also denied shell access, as they can always install
+their own forwarders.
.It Cm AllowGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.
@@ -186,10 +195,11 @@
The default is
.Dq .ssh/authorized_keys .
.It Cm Banner
-In some jurisdictions, sending a warning message before authentication
-may be relevant for getting legal protection.
The contents of the specified file are sent to the remote user before
authentication is allowed.
+If the argument is
+.Dq none
+then no banner is displayed.
This option is only available for protocol version 2.
By default, no banner is displayed.
.It Cm ChallengeResponseAuthentication
@@ -199,6 +209,45 @@
are supported.
The default is
.Dq yes .
+.It Cm ChrootDirectory
+Specifies a path to
+.Xr chroot 2
+to after authentication.
+This path, and all its components, must be root-owned directories that are
+not writable by any other user or group.
+.Pp
+The path may contain the following tokens that are expanded at runtime once
+the connecting user has been authenticated: %% is replaced by a literal '%',
+%h is replaced by the home directory of the user being authenticated, and
+%u is replaced by the username of that user.
+.Pp
+The
+.Cm ChrootDirectory
+must contain the necessary files and directories to support the
+users' session.
+For an interactive session this requires at least a shell, typically
+.Xr sh 1 ,
+and basic
+.Pa /dev
+nodes such as
+.Xr null 4 ,
+.Xr zero 4 ,
+.Xr stdin 4 ,
+.Xr stdout 4 ,
+.Xr stderr 4 ,
+.Xr arandom 4
+and
+.Xr tty 4
+devices.
+For file transfer sessions using
+.Dq sftp ,
+no additional configuration of the environment is necessary if the
+in-process sftp server is used (see
+.Cm Subsystem
+for details).
+.Pp
+The default is not to
+.Xr chroot 2 .
.It Cm Ciphers
Specifies the ciphers allowed for protocol version 2.
Multiple ciphers must be comma-separated.
@@ -322,6 +371,11 @@
The command originally supplied by the client is available in the
.Ev SSH_ORIGINAL_COMMAND
environment variable.
+Specifying a command of
+.Dq internal-sftp
+will force the use of an in-process sftp server that requires no support
+files when used with
+.Cm ChrootDirectory .
.It Cm GatewayPorts
Specifies whether remote hosts are allowed to connect to ports
forwarded for the client.
@@ -553,6 +607,7 @@
set in the global section of the config file, until either another
.Cm Match
line or the end of the file.
+.Pp
The arguments to
.Cm Match
are one or more criteria-pattern pairs.
@@ -562,19 +617,46 @@
.Cm Host ,
and
.Cm Address .
+The match patterns may consist of single entries or comma-separated
+lists and may use the wildcard and negation operators described in the
+.Sx PATTERNS
+section of
+.Xr ssh_config 5 .
+.Pp
+The patterns in an
+.Cm Address
+criteria may additionally contain addresses to match in CIDR
+address/masklen format, e.g.\&
+.Dq 192.0.2.0/24
+or
+.Dq 3ffe:ffff::/32 .
+Note that the mask length provided must be consistent with the address -
+it is an error to specify a mask length that is too long for the address
+or one with bits set in this host portion of the address.
+For example,
+.Dq 192.0.2.0/33
+and
+.Dq 192.0.2.0/8
+respectively.
+.Pp
Only a subset of keywords may be used on the lines following a
.Cm Match
keyword.
Available keywords are
.Cm AllowTcpForwarding ,
.Cm Banner ,
+.Cm ChrootDirectory ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
-.Cm GSSApiAuthentication ,
+.Cm GSSAPIAuthentication ,
+.Cm HostbasedAuthentication ,
.Cm KbdInteractiveAuthentication ,
.Cm KerberosAuthentication ,
+.Cm MaxAuthTries ,
+.Cm MaxSessions ,
.Cm PasswordAuthentication ,
.Cm PermitOpen ,
+.Cm PermitRootLogin ,
.Cm RhostsRSAAuthentication ,
.Cm RSAAuthentication ,
.Cm X11DisplayOffset ,
@@ -587,6 +669,9 @@
Once the number of failures reaches half this value,
additional failures are logged.
The default is 6.
+.It Cm MaxSessions
+Specifies the maximum number of open sessions permitted per network connection.
+The default is 10.
.It Cm MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the
SSH daemon.
@@ -790,7 +875,7 @@
This option applies to protocol version 1 only.
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
-The minimum value is 512, and the default is 768.
+The minimum value is 512, and the default is 1024.
.It Cm StrictModes
Specifies whether
.Xr sshd 8
@@ -804,11 +889,22 @@
Configures an external subsystem (e.g. file transfer daemon).
Arguments should be a subsystem name and a command (with optional arguments)
to execute upon subsystem request.
+.Pp
The command
.Xr sftp-server 8
implements the
.Dq sftp
file transfer subsystem.
+.Pp
+Alternately the name
+.Dq internal-sftp
+implements an in-process
+.Dq sftp
+server.
+This may simplify configurations using
+.Cm ChrootDirectory
+to force a different filesystem root on clients.
+.Pp
By default no subsystems are defined.
Note that this option applies to protocol version 2 only.
.It Cm SyslogFacility
Modified: trunk/sshlogin.c
===================================================================
--- trunk/sshlogin.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshlogin.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshlogin.c,v 1.25 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sshlogin.c,v 1.26 2007/09/11 15:47:17 gilles Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -98,8 +98,7 @@
if (last_login_time != 0) {
time_string = ctime(&last_login_time);
- if (strchr(time_string, '\n'))
- *strchr(time_string, '\n') = '\0';
+ time_string[strcspn(time_string, "\n")] = '\0';
if (strcmp(hostname, "") == 0)
snprintf(buf, sizeof(buf), "Last login: %s\r\n",
time_string);
Modified: trunk/sshpty.c
===================================================================
--- trunk/sshpty.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshpty.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshpty.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sshpty.c,v 1.28 2007/09/11 23:49:09 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
Modified: trunk/sshpty.h
===================================================================
--- trunk/sshpty.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshpty.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshpty.h,v 1.10 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sshpty.h,v 1.11 2008/05/19 15:45:07 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -16,7 +16,7 @@
#include <termios.h>
-struct termios get_saved_tio(void);
+struct termios *get_saved_tio(void);
void leave_raw_mode(void);
void enter_raw_mode(void);
Modified: trunk/sshtty.c
===================================================================
--- trunk/sshtty.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/sshtty.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshtty.c,v 1.12 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sshtty.c,v 1.13 2008/05/19 15:45:07 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -47,10 +47,10 @@
static struct termios _saved_tio;
static int _in_raw_mode = 0;
-struct termios
+struct termios *
get_saved_tio(void)
{
- return _saved_tio;
+ return _in_raw_mode ? &_saved_tio : NULL;
}
void
Modified: trunk/ttymodes.c
===================================================================
--- trunk/ttymodes.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/ttymodes.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ttymodes.c,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ttymodes.c,v 1.28 2008/07/07 00:31:41 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -298,6 +298,10 @@
}
if (tiop == NULL) {
+ if (fd == -1) {
+ debug("tty_make_modes: no fd or tio");
+ goto end;
+ }
if (tcgetattr(fd, &tio) == -1) {
logit("tcgetattr: %.100s", strerror(errno));
goto end;
@@ -317,12 +321,10 @@
/* Store values of mode flags. */
#define TTYCHAR(NAME, OP) \
- debug3("tty_make_modes: %d %d", OP, tio.c_cc[NAME]); \
buffer_put_char(&buf, OP); \
put_arg(&buf, special_char_encode(tio.c_cc[NAME]));
#define TTYMODE(NAME, FIELD, OP) \
- debug3("tty_make_modes: %d %d", OP, ((tio.FIELD & NAME) != 0)); \
buffer_put_char(&buf, OP); \
put_arg(&buf, ((tio.FIELD & NAME) != 0));
@@ -353,7 +355,7 @@
int n_bytes = 0;
int failure = 0;
u_int (*get_arg)(void);
- int arg, arg_size;
+ int arg_size;
if (compat20) {
*n_bytes_ptr = packet_get_int();
@@ -410,16 +412,14 @@
case OP: \
n_bytes += arg_size; \
tio.c_cc[NAME] = special_char_decode(get_arg()); \
- debug3("tty_parse_modes: %d %d", OP, tio.c_cc[NAME]); \
break;
#define TTYMODE(NAME, FIELD, OP) \
case OP: \
n_bytes += arg_size; \
- if ((arg = get_arg())) \
+ if (get_arg()) \
tio.FIELD |= NAME; \
else \
tio.FIELD &= ~NAME; \
- debug3("tty_parse_modes: %d %d", OP, arg); \
break;
#include "ttymodes.h"
Modified: trunk/umac.c
===================================================================
--- trunk/umac.c 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/umac.c 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.c,v 1.1 2007/06/07 19:37:34 pvalchev Exp $ */
+/* $OpenBSD: umac.c,v 1.3 2008/05/12 20:52:20 pvalchev Exp $ */
/* -----------------------------------------------------------------------
*
* umac.c -- C Implementation UMAC Message Authentication
@@ -66,6 +66,7 @@
#include "includes.h"
#include <sys/types.h>
+#include "xmalloc.h"
#include "umac.h"
#include <string.h>
#include <stdlib.h>
@@ -135,12 +136,14 @@
return (UINT32)temp;
}
+# if (__LITTLE_ENDIAN__)
static void STORE_UINT32_REVERSED(void *ptr, UINT32 x)
{
UINT32 i = (UINT32)x;
*(UINT32 *)ptr = (i >> 24) | ((i & 0x00FF0000) >> 8 )
| ((i & 0x0000FF00) << 8 ) | (i << 24);
}
+# endif /* __LITTLE_ENDIAN */
#endif /* HAVE_SWAP32 */
/* The following definitions use the above reversal-primitives to do the right
@@ -178,14 +181,14 @@
/* The user-supplied UMAC key is stretched using AES in a counter
* mode to supply all random bits needed by UMAC. The kdf function takes
* an AES internal key representation 'key' and writes a stream of
- * 'nbytes' bytes to the memory pointed at by 'buffer_ptr'. Each distinct
+ * 'nbytes' bytes to the memory pointed at by 'bufp'. Each distinct
* 'ndx' causes a distinct byte stream.
*/
-static void kdf(void *buffer_ptr, aes_int_key key, UINT8 ndx, int nbytes)
+static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes)
{
UINT8 in_buf[AES_BLOCK_LEN] = {0};
UINT8 out_buf[AES_BLOCK_LEN];
- UINT8 *dst_buf = (UINT8 *)buffer_ptr;
+ UINT8 *dst_buf = (UINT8 *)bufp;
int i;
/* Setup the initial value */
@@ -543,6 +546,7 @@
/* ---------------------------------------------------------------------- */
+#if (__LITTLE_ENDIAN__)
static void endian_convert(void *buf, UWORD bpw, UINT32 num_bytes)
/* We endian convert the keys on little-endian computers to */
/* compensate for the lack of big-endian memory reads during hashing. */
@@ -565,7 +569,6 @@
} while (--iters);
}
}
-#if (__LITTLE_ENDIAN__)
#define endian_convert_if_le(x,y,z) endian_convert((x),(y),(z))
#else
#define endian_convert_if_le(x,y,z) do{}while(0) /* Do nothing */
@@ -1042,7 +1045,8 @@
*/
{
UWORD bytes_hashed, bytes_remaining;
- UINT8 nh_result[STREAMS*sizeof(UINT64)];
+ UINT64 result_buf[STREAMS];
+ UINT8 *nh_result = (UINT8 *)&result_buf;
if (ctx->msg_len + len <= L1_KEY_LEN) {
nh_update(&ctx->hash, (UINT8 *)input, len);
@@ -1094,7 +1098,8 @@
static int uhash_final(uhash_ctx_t ctx, u_char *res)
/* Incorporate any pending data, pad, and generate tag */
{
- UINT8 nh_result[STREAMS*sizeof(UINT64)];
+ UINT64 result_buf[STREAMS];
+ UINT8 *nh_result = (UINT8 *)&result_buf;
if (ctx->msg_len > L1_KEY_LEN) {
if (ctx->msg_len % L1_KEY_LEN) {
@@ -1196,7 +1201,7 @@
if (ctx) {
if (ALLOC_BOUNDARY)
ctx = (struct umac_ctx *)ctx->free_ptr;
- free(ctx);
+ xfree(ctx);
}
return (1);
}
@@ -1212,7 +1217,7 @@
size_t bytes_to_add;
aes_int_key prf_key;
- octx = ctx = malloc(sizeof(*ctx) + ALLOC_BOUNDARY);
+ octx = ctx = xmalloc(sizeof(*ctx) + ALLOC_BOUNDARY);
if (ctx) {
if (ALLOC_BOUNDARY) {
bytes_to_add = ALLOC_BOUNDARY -
Modified: trunk/version.h
===================================================================
--- trunk/version.h 2008-07-05 12:51:34 UTC (rev 56)
+++ trunk/version.h 2009-06-23 21:31:15 UTC (rev 57)
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.50 2007/08/15 08:16:49 markus Exp $ */
+/* $OpenBSD: version.h,v 1.54 2008/07/21 08:19:07 djm Exp $ */
-#define SSH_VERSION "OpenSSH_4.7"
+#define SSH_VERSION "OpenSSH_5.1"
#define SSH_PORTABLE "p1"
#ifdef SSH_EXTRAVERSION
More information about the Openssh-commits
mailing list