diff -u openssh-3.5p1/auth-passwd.c nw-openssh-3.5p1/auth-passwd.c --- openssh-3.5p1/auth-passwd.c Wed Sep 25 17:14:16 2002 +++ nw-openssh-3.5p1/auth-passwd.c Tue Mar 11 10:49:25 2003 @@ -100,6 +100,10 @@ if (*password == '\0' && options.permit_empty_passwd == 0) return 0; return auth_sia_password(authctxt, password); +#elif defined(USE_EDIR) + if (*password == '\0' && options.permit_empty_passwd == 0) + return 0; + return auth_edir_password(authctxt, password); #else struct passwd * pw = authctxt->pw; char *encrypted_password; diff -u openssh-3.5p1/auth-rsa.c nw-openssh-3.5p1/auth-rsa.c --- openssh-3.5p1/auth-rsa.c Tue Jun 11 09:47:42 2002 +++ nw-openssh-3.5p1/auth-rsa.c Tue Mar 11 10:49:25 2003 @@ -42,7 +42,11 @@ * Session identifier that is used to bind key exchange and authentication * responses to a particular session. */ +#ifndef HAVE_NETWARE extern u_char session_id[16]; +#else +#define session_id (NWGetThreadDataPtr()->session_id) +#endif /* * The .ssh/authorized_keys file contains public keys, one per line, in the diff -u openssh-3.5p1/auth.c nw-openssh-3.5p1/auth.c --- openssh-3.5p1/auth.c Sat Sep 21 09:26:53 2002 +++ nw-openssh-3.5p1/auth.c Tue Mar 11 10:49:23 2003 @@ -127,7 +127,6 @@ * legal, and means /bin/sh. */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; - /* deny if shell does not exists or is not executable */ if (stat(shell, &st) != 0) { log("User %.100s not allowed because shell %.100s does not exist", @@ -135,7 +134,11 @@ return 0; } if (S_ISREG(st.st_mode) == 0 || +#ifndef HAVE_NETWARE (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { +#else + (0)) { +#endif log("User %.100s not allowed because shell %.100s is not executable", pw->pw_name, shell); return 0; diff -u openssh-3.5p1/auth.h nw-openssh-3.5p1/auth.h --- openssh-3.5p1/auth.h Thu Sep 26 21:26:01 2002 +++ nw-openssh-3.5p1/auth.h Tue Mar 11 10:49:24 2003 @@ -134,6 +134,9 @@ #include "auth-pam.h" #include "auth2-pam.h" +#ifdef USE_EDIR +#include "auth-edir.h" +#endif Authctxt *do_authentication(void); Authctxt *do_authentication2(void); diff -u openssh-3.5p1/auth1.c nw-openssh-3.5p1/auth1.c --- openssh-3.5p1/auth1.c Thu Sep 26 21:26:01 2002 +++ nw-openssh-3.5p1/auth1.c Tue Mar 11 10:49:23 2003 @@ -338,6 +338,9 @@ if (!use_privsep && authenticated && !do_pam_account(pw->pw_name, client_user)) authenticated = 0; +#elif defined(USE_EDIR) + if(!check_edir_auth()) + authenticated = 0; #endif /* Log before sending the reply */ @@ -407,6 +410,8 @@ #ifdef USE_PAM PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user)); +#elif defined(USE_EDIR) + PRIVSEP(start_edir(authctxt->pw == NULL ? "NOUSER" : user)); #endif /* diff -u openssh-3.5p1/auth2-hostbased.c nw-openssh-3.5p1/auth2-hostbased.c --- openssh-3.5p1/auth2-hostbased.c Thu Jun 6 14:27:56 2002 +++ nw-openssh-3.5p1/auth2-hostbased.c Tue Mar 11 10:49:23 2003 @@ -41,8 +41,10 @@ /* import */ extern ServerOptions options; +#ifndef HAVE_NETWARE extern u_char *session_id2; extern int session_id2_len; +#endif static int userauth_hostbased(Authctxt *authctxt) diff -u openssh-3.5p1/auth2-pubkey.c nw-openssh-3.5p1/auth2-pubkey.c --- openssh-3.5p1/auth2-pubkey.c Thu Jun 6 14:27:56 2002 +++ nw-openssh-3.5p1/auth2-pubkey.c Tue Mar 11 10:49:23 2003 @@ -43,8 +43,10 @@ /* import */ extern ServerOptions options; +#ifndef HAVE_NETWARE extern u_char *session_id2; extern int session_id2_len; +#endif static int userauth_pubkey(Authctxt *authctxt) diff -u openssh-3.5p1/auth2.c nw-openssh-3.5p1/auth2.c --- openssh-3.5p1/auth2.c Wed Sep 25 18:38:49 2002 +++ nw-openssh-3.5p1/auth2.c Tue Mar 11 10:49:23 2003 @@ -38,10 +38,12 @@ /* import */ extern ServerOptions options; +#ifndef HAVE_NETWARE extern u_char *session_id2; extern int session_id2_len; Authctxt *x_authctxt = NULL; +#endif /* methods */ @@ -158,11 +160,15 @@ debug2("input_userauth_request: setting up authctxt for %s", user); #ifdef USE_PAM PRIVSEP(start_pam(authctxt->pw->pw_name)); +#elif defined(USE_EDIR) + PRIVSEP(start_edir(authctxt->pw->pw_name)); #endif } else { log("input_userauth_request: illegal user %s", user); #ifdef USE_PAM PRIVSEP(start_pam("NOUSER")); +#elif defined(USE_EDIR) + PRIVSEP(start_edir("NOUSER")); #endif } setproctitle("%s%s", authctxt->pw ? user : "unknown", @@ -214,6 +220,9 @@ if (!use_privsep && authenticated && authctxt->user && !do_pam_account(authctxt->user, NULL)) authenticated = 0; +#elif defined(USE_EDIR) + if(!check_edir_auth()) + authenticated = 0; #endif /* USE_PAM */ #ifdef _UNICOS diff -u openssh-3.5p1/authfd.c nw-openssh-3.5p1/authfd.c --- openssh-3.5p1/authfd.c Wed Sep 11 17:52:47 2002 +++ nw-openssh-3.5p1/authfd.c Tue Mar 11 10:49:24 2003 @@ -415,7 +415,9 @@ u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { +#ifndef HAVE_NETWARE extern int datafellows; +#endif Buffer msg; u_char *blob; u_int blen; Common subdirectories: openssh-3.5p1/autom4te-2.53.cache and nw-openssh-3.5p1/autom4te-2.53.cache Only in nw-openssh-3.5p1: autom4te-2.53.cache.tmp diff -u openssh-3.5p1/canohost.c nw-openssh-3.5p1/canohost.c --- openssh-3.5p1/canohost.c Tue Sep 24 20:19:09 2002 +++ nw-openssh-3.5p1/canohost.c Tue Mar 11 10:49:26 2003 @@ -179,8 +179,10 @@ const char * get_canonical_hostname(int verify_reverse_mapping) { +#ifndef HAVE_NETWARE static char *canonical_host_name = NULL; static int verify_reverse_mapping_done = 0; +#endif /* Check if we have previously retrieved name with same option. */ if (canonical_host_name != NULL) { @@ -268,7 +270,9 @@ const char * get_remote_ipaddr(void) { +#ifndef HAVE_NETWARE static char *canonical_host_ip = NULL; +#endif /* Check whether we have cached the ipaddr. */ if (canonical_host_ip == NULL) { @@ -288,7 +292,11 @@ const char * get_remote_name_or_ip(u_int utmp_len, int verify_reverse_mapping) { +#ifndef HAVE_NETWARE static const char *remote = ""; +#else +#define remote (NWGetThreadDataPtr()->remote) +#endif if (utmp_len > 0) remote = get_canonical_hostname(verify_reverse_mapping); if (utmp_len == 0 || strlen(remote) > utmp_len) diff -u openssh-3.5p1/channels.c nw-openssh-3.5p1/channels.c --- openssh-3.5p1/channels.c Wed Sep 18 19:54:55 2002 +++ nw-openssh-3.5p1/channels.c Tue Mar 11 10:49:27 2003 @@ -55,6 +55,12 @@ #include "authfd.h" #include "pathnames.h" +#ifdef HAVE_NETWARE +#define MAX_DISPLAYS 1000 +#define read(x, y, z) recv(x, y, z, 0) +#define write(x, y, z) send(x, y, z, 0) +#define buf (NWGetThreadDataPtr()->channel_buf) +#else /* -- channel core */ @@ -122,6 +128,7 @@ */ static char *x11_fake_data = NULL; static u_int x11_fake_data_len; +#endif // HAVE_NETWARE /* -- agent forwarding */ @@ -342,6 +349,9 @@ c->remote_name = NULL; } channels[c->self] = NULL; +#ifdef HAVE_NETWARE + NXThreadDelay(50); +#endif xfree(c); } @@ -524,7 +534,11 @@ { Buffer buffer; Channel *c; +#ifndef HAVE_NETWARE char buf[1024], *cp; +#else + char *cp; +#endif int i; buffer_init(&buffer); @@ -673,8 +687,10 @@ * have events pending. */ typedef void chan_fn(Channel *c, fd_set * readset, fd_set * writeset); +#ifndef HAVE_NETWARE chan_fn *channel_pre[SSH_CHANNEL_MAX_TYPE]; chan_fn *channel_post[SSH_CHANNEL_MAX_TYPE]; +#endif static void channel_pre_listener(Channel *c, fd_set * readset, fd_set * writeset) @@ -989,7 +1005,11 @@ struct sockaddr addr; int newsock; socklen_t addrlen; +#ifndef HAVE_NETWARE char buf[16384], *remote_ipaddr; +#else + char *remote_ipaddr; +#endif int remote_port; if (FD_ISSET(c->sock, readset)) { @@ -1045,7 +1065,9 @@ port_open_helper(Channel *c, char *rtype) { int direct; +#ifndef HAVE_NETWARE char buf[1024]; +#endif char *remote_ipaddr = get_peer_ipaddr(c->sock); u_short remote_port = get_peer_port(c->sock); @@ -1238,7 +1260,9 @@ static int channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) { +#ifndef HAVE_NETWARE char buf[16*1024]; +#endif int len; if (c->rfd != -1 && @@ -1332,7 +1356,9 @@ static int channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) { +#ifndef HAVE_NETWARE char buf[16*1024]; +#endif int len; /** XXX handle drain efd, too */ @@ -1525,7 +1551,11 @@ static void channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset) { +#ifndef HAVE_NETWARE static int did_init = 0; +#else +#define did_init (NWGetThreadDataPtr()->did_init) +#endif int i; Channel *c; @@ -1884,6 +1914,9 @@ /* Record the remote channel number and mark that the channel is now open. */ c->remote_id = remote_id; c->type = SSH_CHANNEL_OPEN; +#ifdef HAVE_NETWARE + nw_login_complete(); +#endif if (compat20) { c->remote_window = packet_get_int(); @@ -2478,7 +2511,11 @@ { int display_number, sock = 0; const char *display; +#ifndef HAVE_NETWARE char buf[1024], *cp; +#else + char *cp; +#endif struct addrinfo hints, *ai, *aitop; char strport[NI_MAXSERV]; int gaierr; diff -u openssh-3.5p1/cipher.c nw-openssh-3.5p1/cipher.c --- openssh-3.5p1/cipher.c Tue Sep 10 06:26:18 2002 +++ nw-openssh-3.5p1/cipher.c Tue Mar 11 10:49:27 2003 @@ -53,7 +53,9 @@ static const EVP_CIPHER *evp_rijndael(void); #endif static const EVP_CIPHER *evp_ssh1_3des(void); +#ifndef NICI // Not supported by NetWare International Cryptography Infrastructure. static const EVP_CIPHER *evp_ssh1_bf(void); +#endif struct Cipher { char *name; @@ -64,12 +66,16 @@ } ciphers[] = { { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, +#ifndef NICI // Not supported by NetWare International Cryptography Infrastructure. { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, +#endif { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, +#ifndef NICI // Not supported by NetWare International Cryptography Infrastructure. { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, +#endif { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, #if OPENSSL_VERSION_NUMBER < 0x00907000L { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, @@ -111,6 +117,7 @@ u_int cipher_mask_ssh1(int client) { +#ifndef NICI u_int mask = 0; mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ mask |= 1 << SSH_CIPHER_BLOWFISH; @@ -118,6 +125,15 @@ mask |= 1 << SSH_CIPHER_DES; } return mask; +#else +// u_int mask = 0; +// mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ +// if (client) { +// mask |= 1 << SSH_CIPHER_DES; +// } +// return mask; + return (1 << SSH_CIPHER_DES); // TODO: Change this before shipping! +#endif } Cipher * @@ -224,6 +240,9 @@ type = (*cipher->evptype)(); EVP_CIPHER_CTX_init(&cc->evp); +#ifdef NICI + EVP_CIPHER_CTX_set_padding(&cc->evp, 0); +#endif #ifdef SSH_OLD_EVP if (type->key_len > 0 && type->key_len != keylen) { debug("cipher_init: set keylen (%d -> %d)", @@ -405,9 +424,12 @@ ssh1_3des.block_size = 8; ssh1_3des.iv_len = 0; ssh1_3des.key_len = 16; +#ifndef NICI // EVP_CIPHER structure no longer has these fields. Is there + // another way to achieve the same. ssh1_3des.init = ssh1_3des_init; ssh1_3des.cleanup = ssh1_3des_cleanup; ssh1_3des.do_cipher = ssh1_3des_cbc; +#endif #ifndef SSH_OLD_EVP ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; #endif @@ -462,6 +484,7 @@ return (ret); } +#ifndef NICI // Not supported by NetWare International Cryptography Infrastructure. static const EVP_CIPHER * evp_ssh1_bf(void) { @@ -477,6 +500,7 @@ ssh1_bf.key_len = 32; return (&ssh1_bf); } +#endif #if OPENSSL_VERSION_NUMBER < 0x00907000L /* RIJNDAEL */ @@ -715,6 +739,11 @@ int cipher_get_keycontext(CipherContext *cc, u_char *dat) { +#ifndef NICI // From the macros above EVP_X_STATE and EVP_X_STATE_LEN + // the field c is no longer in EVP_CIPHER_CTX. Even if + // the field were still there, OPENSSL_VERSION_NUMBER is set + // to 0x1000000fL for NTLS and the wrong macro definition + // would be used. Cipher *c = cc->cipher; int plen = 0; @@ -725,11 +754,15 @@ memcpy(dat, EVP_X_STATE(cc->evp), plen); } return (plen); +#else + return(0); +#endif } void cipher_set_keycontext(CipherContext *cc, u_char *dat) { +#ifndef NICI // Same thing for EVP_X_STATE and EVP_X_STATE_LEN macros Cipher *c = cc->cipher; int plen; @@ -737,4 +770,5 @@ plen = EVP_X_STATE_LEN(cc->evp); memcpy(EVP_X_STATE(cc->evp), dat, plen); } +#endif } diff -u openssh-3.5p1/clientloop.c nw-openssh-3.5p1/clientloop.c --- openssh-3.5p1/clientloop.c Wed Sep 4 00:32:13 2002 +++ nw-openssh-3.5p1/clientloop.c Tue Mar 11 10:49:28 2003 @@ -109,11 +109,13 @@ static int in_non_blocking_mode = 0; /* Common data for the client loop code. */ -static int quit_pending; /* Set to non-zero to quit the client loop. */ static int escape_char; /* Escape character. */ static int escape_pending; /* Last character was the escape character */ static int last_was_cr; /* Last character was a newline. */ static int exit_status; /* Used to store the exit status of the command. */ +static int need_rekeying; /* Set to non-zero if rekeying is requested. */ +#ifndef HAVE_NETWARE +static int quit_pending; /* Set to non-zero to quit the client loop. */ static int stdin_eof; /* EOF has been encountered on standard error. */ static Buffer stdin_buffer; /* Buffer for stdin data. */ static Buffer stdout_buffer; /* Buffer for stdout data. */ @@ -122,14 +124,24 @@ static u_int buffer_high;/* Soft max buffer size. */ static int connection_in; /* Connection to server (input). */ static int connection_out; /* Connection to server (output). */ -static int need_rekeying; /* Set to non-zero if rekeying is requested. */ static int session_closed = 0; /* In SSH2: login session closed. */ +#else +#define atomicio NWSSH_atomicio +#define read(x, y, z) recv(x, y, z, 0) +#define quit_pending (NWGetThreadDataPtr()->quit_pending) +#define connection_in (NWGetThreadDataPtr()->sl_connection_in) +#define connection_out (NWGetThreadDataPtr()->sl_connection_out) +#define session_closed (NWGetThreadDataPtr()->connection_closed) +extern int g_bExitSystem; +#endif static void client_init_dispatch(void); int session_ident = -1; /*XXX*/ +#ifndef HAVE_NETWARE extern Kex *xxx_kex; +#endif /* Restores stdin to blocking mode. */ @@ -173,8 +185,12 @@ static void signal_handler(int sig) { +#ifndef HAVE_NETWARE received_signal = sig; quit_pending = 1; +#else + SSH_NetWareShutdown( sig ); +#endif } /* @@ -321,6 +337,9 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, int *nallocp, int rekeying) { +#ifdef HAVE_NETWARE + struct timeval tv; +#endif /* Add any selections by the channel mechanism. */ channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying); @@ -368,7 +387,14 @@ * SSH_MSG_IGNORE packet when the timeout expires. */ +#ifndef HAVE_NETWARE if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL) < 0) { +#else + tv.tv_sec = 0; + tv.tv_usec = 50000; + + if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, &tv) < 0) { +#endif char buf[100]; /* @@ -598,6 +624,7 @@ "%c& [backgrounded]\n", escape_char); buffer_append(berr, string, strlen(string)); +#ifndef HAVE_NETWARE /* Fork into background. */ pid = fork(); if (pid < 0) { @@ -608,6 +635,7 @@ /* The parent just exits. */ exit(0); } +#endif /* The child continues serving connections. */ if (compat20) { buffer_append(bin, "\004", 1); @@ -886,6 +914,10 @@ buffer_init(&stdout_buffer); buffer_init(&stderr_buffer); +#ifdef HAVE_NETWARE + start_client_threads(); +#endif + client_init_dispatch(); /* Set signal handlers to restore non-blocking mode. */ @@ -990,6 +1022,13 @@ /* Send as much buffered packet data as possible to the sender. */ if (FD_ISSET(connection_out, writeset)) packet_write_poll(); +#ifdef HAVE_NETWARE + if( g_bExitSystem ) + { + debug( "client_loop() g_bExitSystem = 1, breaking out of loop." ); + break; + } +#endif } if (readset) xfree(readset); diff -u openssh-3.5p1/compat.c nw-openssh-3.5p1/compat.c --- openssh-3.5p1/compat.c Sun Sep 29 19:59:22 2002 +++ nw-openssh-3.5p1/compat.c Tue Mar 11 10:49:28 2003 @@ -32,9 +32,11 @@ #include "log.h" #include "match.h" +#ifndef HAVE_NETWARE int compat13 = 0; int compat20 = 0; int datafellows = 0; +#endif void enable_compat20(void) diff -u openssh-3.5p1/compat.h nw-openssh-3.5p1/compat.h --- openssh-3.5p1/compat.h Sun Sep 29 19:59:23 2002 +++ nw-openssh-3.5p1/compat.h Tue Mar 11 10:49:28 2003 @@ -62,7 +62,9 @@ int proto_spec(const char *); char *compat_cipher_proposal(char *); +#ifndef HAVE_NETWARE extern int compat13; extern int compat20; extern int datafellows; #endif +#endif diff -u openssh-3.5p1/compress.c nw-openssh-3.5p1/compress.c --- openssh-3.5p1/compress.c Thu Mar 21 18:51:25 2002 +++ nw-openssh-3.5p1/compress.c Tue Mar 11 10:49:28 2003 @@ -19,12 +19,14 @@ #include "zlib.h" #include "compress.h" +#ifndef HAVE_NETWARE z_stream incoming_stream; z_stream outgoing_stream; static int compress_init_send_called = 0; static int compress_init_recv_called = 0; static int inflate_failed = 0; static int deflate_failed = 0; +#endif /* * Initializes compression; level is compression level from 1 to 9 Common subdirectories: openssh-3.5p1/contrib and nw-openssh-3.5p1/contrib Only in nw-openssh-3.5p1: contrib.tmp diff -u openssh-3.5p1/deattack.c nw-openssh-3.5p1/deattack.c --- openssh-3.5p1/deattack.c Mon Mar 4 18:53:05 2002 +++ nw-openssh-3.5p1/deattack.c Tue Mar 11 10:49:35 2003 @@ -84,8 +84,13 @@ int detect_attack(u_char *buf, u_int32_t len, u_char *IV) { +#ifndef HAVE_NETWARE static u_int16_t *h = (u_int16_t *) NULL; static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; +#else +#define h (NWGetThreadDataPtr()->deattack_h) +#define n (NWGetThreadDataPtr()->deattack_n) +#endif u_int32_t i, j; u_int32_t l; u_char *c; diff -u openssh-3.5p1/dh.c nw-openssh-3.5p1/dh.c --- openssh-3.5p1/dh.c Wed Jul 3 18:03:56 2002 +++ nw-openssh-3.5p1/dh.c Tue Mar 11 10:49:35 2003 @@ -112,7 +112,9 @@ if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL && (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) { +#ifndef NICI log("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI); +#endif return (dh_new_group1()); } @@ -202,6 +204,7 @@ fatal("dh_gen_key: group too small: %d (2*need %d)", BN_num_bits(dh->p), 2*need); do { +#ifndef NICI // The priv_key field is not in the DH structure with NICI if (dh->priv_key != NULL) BN_clear_free(dh->priv_key); if ((dh->priv_key = BN_new()) == NULL) @@ -209,13 +212,16 @@ /* generate a 2*need bits random private exponent */ if (!BN_rand(dh->priv_key, 2*need, 0, 0)) fatal("dh_gen_key: BN_rand failed"); +#endif if (DH_generate_key(dh) == 0) fatal("DH_generate_key"); +#ifndef NICI // The priv_key field is not in the DH structure with NICI for (i = 0; i <= BN_num_bits(dh->priv_key); i++) if (BN_is_bit_set(dh->priv_key, i)) bits_set++; debug("dh_gen_key: priv key bits set: %d/%d", bits_set, BN_num_bits(dh->priv_key)); +#endif if (tries++ > 10) fatal("dh_gen_key: too many bad keys: giving up"); } while (!dh_pub_is_valid(dh, dh->pub_key)); @@ -285,5 +291,9 @@ return (1024); /* O(2**86) */ if (bits < 192) return (2048); /* O(2**116) */ +#ifndef NICI return (4096); /* O(2**156) */ +#else + return (2048); /* NICI Maximum is 2048 */ +#endif } diff -u openssh-3.5p1/dh.h nw-openssh-3.5p1/dh.h --- openssh-3.5p1/dh.h Tue Jul 3 22:46:57 2001 +++ nw-openssh-3.5p1/dh.h Tue Mar 11 10:49:36 2003 @@ -45,4 +45,8 @@ #define DH_GRP_MIN 1024 #define DH_GRP_MAX 8192 +#ifdef NICI +# define NICI_DH_GRP_MAX 2048 +#endif + #endif diff -u openssh-3.5p1/dispatch.c nw-openssh-3.5p1/dispatch.c --- openssh-3.5p1/dispatch.c Tue Jan 22 05:24:15 2002 +++ nw-openssh-3.5p1/dispatch.c Tue Mar 11 10:49:36 2003 @@ -34,7 +34,9 @@ #define DISPATCH_MIN 0 #define DISPATCH_MAX 255 +#ifndef HAVE_NETWARE dispatch_fn *dispatch[DISPATCH_MAX]; +#endif void dispatch_protocol_error(int type, u_int32_t seq, void *ctxt) diff -u openssh-3.5p1/includes.h nw-openssh-3.5p1/includes.h --- openssh-3.5p1/includes.h Wed Sep 25 18:38:48 2002 +++ nw-openssh-3.5p1/includes.h Tue Mar 11 10:49:36 2003 @@ -28,6 +28,9 @@ #include #include #include +#ifdef HAVE_NETWARE +# include "contrib/netware/src/nw-includ.h" +#endif #include #include #include @@ -98,7 +101,9 @@ #endif #include +#ifndef HAVE_NETWARE #include +#endif #include #include #ifdef HAVE_SYS_TIME_H @@ -159,12 +164,16 @@ #include /* For OPENSSL_VERSION_NUMBER */ +#ifndef HAVE_NETWARE #include "defines.h" +#endif #include "version.h" +#ifndef HAVE_NETWARE #include "openbsd-compat/openbsd-compat.h" #include "openbsd-compat/bsd-cygwin_util.h" #include "openbsd-compat/bsd-nextstep.h" +#endif #include "entropy.h" diff -u openssh-3.5p1/kex.c nw-openssh-3.5p1/kex.c --- openssh-3.5p1/kex.c Tue Jun 25 17:19:13 2002 +++ nw-openssh-3.5p1/kex.c Tue Mar 11 10:49:36 2003 @@ -421,7 +421,11 @@ return digest; } +#ifndef HAVE_NETWARE Newkeys *current_keys[MODE_MAX]; +#else +#define current_keys (NWGetThreadDataPtr()->current_keys) +#endif #define NKEYS 6 void diff -u openssh-3.5p1/kexgex.c nw-openssh-3.5p1/kexgex.c --- openssh-3.5p1/kexgex.c Mon Mar 25 19:20:07 2002 +++ nw-openssh-3.5p1/kexgex.c Tue Mar 11 10:49:37 2003 @@ -53,7 +53,11 @@ BIGNUM *shared_secret) { Buffer b; +#ifndef HAVE_NETWARE static u_char digest[EVP_MAX_MD_SIZE]; +#else +#define digest (NWGetThreadDataPtr()->kexgex_digest) +#endif const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; @@ -120,13 +124,21 @@ packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD); packet_put_int(nbits); min = DH_GRP_MIN; +#ifndef NICI max = DH_GRP_MAX; +#else + max = NICI_DH_GRP_MAX; +#endif } else { debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent"); /* New GEX request */ min = DH_GRP_MIN; +#ifndef NICI max = DH_GRP_MAX; +#else + max = NICI_DH_GRP_MAX; +#endif packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST); packet_put_int(min); packet_put_int(nbits); diff -u openssh-3.5p1/mac.c nw-openssh-3.5p1/mac.c --- openssh-3.5p1/mac.c Thu Jun 6 13:48:16 2002 +++ nw-openssh-3.5p1/mac.c Tue Mar 11 10:49:38 2003 @@ -43,8 +43,10 @@ { "hmac-sha1-96", EVP_sha1, 96 }, { "hmac-md5", EVP_md5, 0 }, { "hmac-md5-96", EVP_md5, 96 }, +#ifndef NICI { "hmac-ripemd160", EVP_ripemd160, 0 }, { "hmac-ripemd160@openssh.com", EVP_ripemd160, 0 }, +#endif { NULL, NULL, 0 } }; @@ -72,7 +74,11 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) { HMAC_CTX c; +#ifndef HAVE_NETWARE static u_char m[EVP_MAX_MD_SIZE]; +#else +#define m (NWGetThreadDataPtr()->mac_buf) +#endif u_char b[4]; if (mac->key == NULL) diff -u openssh-3.5p1/monitor_wrap.h nw-openssh-3.5p1/monitor_wrap.h --- openssh-3.5p1/monitor_wrap.h Thu Sep 26 21:26:04 2002 +++ nw-openssh-3.5p1/monitor_wrap.h Tue Mar 11 10:49:41 2003 @@ -31,8 +31,11 @@ #include "buffer.h" extern int use_privsep; +#ifndef HAVE_NETWARE #define PRIVSEP(x) (use_privsep ? mm_##x : x) - +#else +#define PRIVSEP(x) (x) +#endif enum mm_keytype {MM_NOKEY, MM_HOSTKEY, MM_USERKEY, MM_RSAHOSTKEY, MM_RSAUSERKEY}; struct monitor; diff -u openssh-3.5p1/myproposal.h nw-openssh-3.5p1/myproposal.h --- openssh-3.5p1/myproposal.h Thu Apr 4 15:10:39 2002 +++ nw-openssh-3.5p1/myproposal.h Tue Mar 11 10:49:41 2003 @@ -25,6 +25,7 @@ */ #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" +#ifndef NICI #define KEX_DEFAULT_ENCRYPT \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \ "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se" @@ -32,6 +33,14 @@ "hmac-md5,hmac-sha1,hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ "hmac-sha1-96,hmac-md5-96" +#else +#define KEX_DEFAULT_ENCRYPT \ + "aes128-cbc,3des-cbc,arcfour," \ + "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se" +#define KEX_DEFAULT_MAC \ + "hmac-md5,hmac-sha1," \ + "hmac-sha1-96,hmac-md5-96" +#endif #define KEX_DEFAULT_COMP "none,zlib" #define KEX_DEFAULT_LANG "" diff -u openssh-3.5p1/nchan.c nw-openssh-3.5p1/nchan.c --- openssh-3.5p1/nchan.c Thu Jun 20 18:41:52 2002 +++ nw-openssh-3.5p1/nchan.c Tue Mar 11 10:49:41 2003 @@ -450,10 +450,14 @@ "shutdown() failed for fd%d: %.100s", c->self, c->sock, strerror(errno)); } else { +#ifndef HAVE_NETWARE if (channel_close_fd(&c->wfd) < 0) log("channel %d: chan_shutdown_write: " "close() failed for fd%d: %.100s", c->self, c->wfd, strerror(errno)); +#else + session_close_by_id(c->self); +#endif } } static void @@ -475,9 +479,13 @@ c->self, c->sock, c->istate, c->ostate, strerror(errno)); } else { +#ifndef HAVE_NETWARE if (channel_close_fd(&c->rfd) < 0) log("channel %d: chan_shutdown_read: " "close() failed for fd%d: %.100s", c->self, c->rfd, strerror(errno)); +#else + session_close_by_id(c->self); +#endif } } Common subdirectories: openssh-3.5p1/openbsd-compat and nw-openssh-3.5p1/openbsd-compat Only in nw-openssh-3.5p1: openbsd-compat.tmp diff -u openssh-3.5p1/packet.c nw-openssh-3.5p1/packet.c --- openssh-3.5p1/packet.c Sun Jul 7 16:11:51 2002 +++ nw-openssh-3.5p1/packet.c Tue Mar 11 10:49:41 2003 @@ -61,13 +61,14 @@ #include "canohost.h" #include "misc.h" #include "ssh.h" - +//#define PACKET_DEBUG 1 #ifdef PACKET_DEBUG #define DBG(x) x #else #define DBG(x) #endif +#ifndef HAVE_NETWARE /* * This variable contains the file descriptors used for communicating with * the other side. connection_in is used for reading; connection_out for @@ -126,6 +127,24 @@ /* roundup current message to extra_pad bytes */ static u_char extra_pad = 0; +#else // !HAVE_NETWARE +#define read(x, y, z) recv(x, y, z, 0) +#define write(x, y, z) send(x, y, z, 0) +#define connection_in (NWGetThreadDataPtr()->connection_in) +#define connection_out (NWGetThreadDataPtr()->connection_out) +#define cipher_type (NWGetThreadDataPtr()->cipher_type) +#define input (NWGetThreadDataPtr()->input) +#define output (NWGetThreadDataPtr()->output) +#define newkeys (NWGetThreadDataPtr()->newkeys) +#define send_seqnr (NWGetThreadDataPtr()->send_seqnr) +#define read_seqnr (NWGetThreadDataPtr()->read_seqnr) +#define extra_pad (NWGetThreadDataPtr()->extra_pad) +#define ssh1_key (NWGetThreadDataPtr()->ssh1_key) +#define ssh1_keylen (NWGetThreadDataPtr()->ssh1_keylen) +#define fprintf NetWareFprintf +#define buffer_dump NWBufferDump +#endif // !HAVE_NETWARE + /* * Sets the descriptors used for communication. Disables encryption until * packet_set_encryption_key is called. @@ -432,6 +451,9 @@ u_char buf[9]; int len; +#ifdef HAVE_NETWARE + NXLock( NWGetThreadDataPtr()->packetSendLock ); +#endif DBG(debug("packet_start[%d]", type)); len = compat20 ? 6 : 9; memset(buf, 0, len - 1); @@ -594,6 +616,11 @@ enc = &newkeys[mode]->enc; mac = &newkeys[mode]->mac; comp = &newkeys[mode]->comp; +#ifdef HAVE_NETWARE + NWGetThreadDataPtr()->cipher_name = xstrdup( enc->name ); + NWGetThreadDataPtr()->mac_name = xstrdup( mac->name ); + NWGetThreadDataPtr()->comp_name = xstrdup( comp->name ); +#endif if (mac->md != NULL) mac->enabled = 1; DBG(debug("cipher_init_context: %d", mode)); @@ -731,6 +758,9 @@ else packet_send1(); DBG(debug("packet_send done")); +#ifdef HAVE_NETWARE + NXUnlock( NWGetThreadDataPtr()->packetSendLock ); +#endif } /* @@ -744,7 +774,11 @@ { int type, len; fd_set *setp; +#ifndef HAVE_NETWARE char buf[8192]; +#else +#define buf (NWGetThreadDataPtr()->packet_buf) +#endif DBG(debug("packet_read()")); setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) * @@ -793,6 +827,9 @@ packet_process_incoming(buf, len); } /* NOTREACHED */ +#ifdef HAVE_NETWARE +#undef buf +#endif } int @@ -905,7 +942,11 @@ static int packet_read_poll2(u_int32_t *seqnr_p) { +#ifndef HAVE_NETWARE static u_int packet_length = 0; +#else +#define packet_length (NWGetThreadDataPtr()->packet_length) +#endif u_int padlen, need; u_char *macbuf, *cp, type; int maclen, block_size; @@ -1212,7 +1253,11 @@ { char buf[1024]; va_list args; +#ifndef HAVE_NETWARE static int disconnecting = 0; +#else +#define disconnecting (NWGetThreadDataPtr()->disconnecting) +#endif if (disconnecting) /* Guard against recursive invocations. */ fatal("packet_disconnect called recursively."); @@ -1318,7 +1363,11 @@ void packet_set_interactive(int interactive) { +#ifndef HAVE_NETWARE static int called = 0; +#else +#define called (NWGetThreadDataPtr()->set_interactive_called) +#endif #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) int lowdelay = IPTOS_LOWDELAY; int throughput = IPTOS_THROUGHPUT; @@ -1375,7 +1424,11 @@ int packet_set_maxsize(int s) { +#ifndef HAVE_NETWARE static int called = 0; +#else +#define called (NWGetThreadDataPtr()->set_maxsize_called) +#endif if (called) { log("packet_set_maxsize: called twice: old %d new %d", diff -u openssh-3.5p1/packet.h nw-openssh-3.5p1/packet.h --- openssh-3.5p1/packet.h Thu Jun 20 18:43:43 2002 +++ nw-openssh-3.5p1/packet.h Tue Mar 11 10:49:41 2003 @@ -81,7 +81,9 @@ void tty_make_modes(int, struct termios *); void tty_parse_modes(int, int *); +#ifndef HAVE_NETWARE extern int max_packet_size; +#endif // HAVE_NETWARE int packet_set_maxsize(int); #define packet_get_maxsize() max_packet_size diff -u openssh-3.5p1/pathnames.h nw-openssh-3.5p1/pathnames.h --- openssh-3.5p1/pathnames.h Thu Jun 6 13:57:34 2002 +++ nw-openssh-3.5p1/pathnames.h Tue Mar 11 10:49:41 2003 @@ -43,6 +43,7 @@ /* Backwards compatibility */ #define _PATH_DH_PRIMES SSHDIR "/primes" +#ifndef HAVE_NETWARE #ifndef _PATH_SSH_PROGRAM #define _PATH_SSH_PROGRAM "/usr/bin/ssh" #endif @@ -96,8 +97,62 @@ /* backward compat for protocol v2 */ #define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" +#else // HAVE_NETWARE +#ifndef _PATH_SSH_PROGRAM +#define _PATH_SSH_PROGRAM "sys:/system/ssh.nlm" +#endif + +/* + * The process id of the daemon listening for connections is saved here to + * make it easier to kill the correct daemon when necessary. + */ +#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid" + +/* + * The directory in user\'s home directory in which the files reside. The + * directory should be world-readable (though not all files are). + */ +#define _PATH_SSH_USER_DIR "etc/ssh" + +/* + * Per-user file containing host keys of known hosts. This file need not be + * readable by anyone except the user him/herself, though this does not + * contain anything particularly secret. + */ +#define _PATH_SSH_USER_HOSTFILE "/etc/ssh/known_hosts" +/* backward compat for protocol 2 */ +#define _PATH_SSH_USER_HOSTFILE2 "/etc/ssh/known_hosts2" + +/* + * Name of the default file containing client-side authentication key. This + * file should only be readable by the user him/herself. + */ +#define _PATH_SSH_CLIENT_IDENTITY "etc/ssh/identity" +#define _PATH_SSH_CLIENT_ID_DSA "etc/ssh/id_dsa" +#define _PATH_SSH_CLIENT_ID_RSA "etc/ssh/id_rsa" + +/* + * Configuration file in user\'s home directory. This file need not be + * readable by anyone but the user him/herself, but does not contain anything + * particularly secret. If the user\'s home directory resides on an NFS + * volume where root is mapped to nobody, this may need to be world-readable. + */ +#define _PATH_SSH_USER_CONFFILE "etc/ssh/config" /* + * File containing a list of those rsa keys that permit logging in as this + * user. This file need not be readable by anyone but the user him/herself, + * but does not contain anything particularly secret. If the user\'s home + * directory resides on an NFS volume where root is mapped to nobody, this + * may need to be world-readable. (This file is read by the daemon which is + * running as root.) + */ +#define _PATH_SSH_USER_PERMITTED_KEYS "etc/ssh/authorized_keys" + +/* backward compat for protocol v2 */ +#define _PATH_SSH_USER_PERMITTED_KEYS2 "etc/ssh/authorized_keys2" +#endif // HAVE_NETWARE +/* * Per-user and system-wide ssh "rc" files. These files are executed with * /bin/sh before starting the shell or command if they exist. They will be * passed "proto cookie" as arguments if X11 forwarding with spoofing is in diff -u openssh-3.5p1/readpass.c nw-openssh-3.5p1/readpass.c --- openssh-3.5p1/readpass.c Wed Mar 27 10:28:47 2002 +++ nw-openssh-3.5p1/readpass.c Tue Mar 11 10:49:42 2003 @@ -34,6 +34,7 @@ static char * ssh_askpass(char *askpass, const char *msg) { +#ifndef HAVE_NETWARE pid_t pid; size_t len; char *pass; @@ -83,6 +84,9 @@ pass = xstrdup(buf); memset(buf, 0, sizeof(buf)); return pass; +#else // HAVE_NETWARE + return NULL; +#endif // HAVE_NETWARE } /* Common subdirectories: openssh-3.5p1/regress and nw-openssh-3.5p1/regress Only in nw-openssh-3.5p1: regress.tmp Common subdirectories: openssh-3.5p1/scard and nw-openssh-3.5p1/scard Only in nw-openssh-3.5p1: scard.tmp diff -u openssh-3.5p1/scp.c nw-openssh-3.5p1/scp.c --- openssh-3.5p1/scp.c Thu Jun 20 18:41:52 2002 +++ nw-openssh-3.5p1/scp.c Tue Mar 11 10:49:44 2003 @@ -83,6 +83,15 @@ #include "log.h" #include "misc.h" +#ifdef HAVE_NETWARE +#include "nw-scps.h" + +#define fprintf nw_scp_fprintf +#define system MySystem +#include "servconf.h" +extern int g_bExitSystem; +ServerOptions options; +#endif #ifdef HAVE___PROGNAME extern char *__progname; #else @@ -101,6 +110,7 @@ int getttywidth(void); int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc); +#ifndef HAVE_NETWARE /* Struct for addargs */ arglist args; @@ -124,6 +134,24 @@ /* This is the program to execute for the secured connection. ("ssh" or -S) */ char *ssh_program = _PATH_SSH_PROGRAM; +#else // !HAVE_NETWARE +// Handle atomicio properly for the pipes used for scp. +ssize_t scp_atomicio(ssize_t (*f)(), int fd, void *s, size_t n); +#define atomicio scp_atomicio + +#define statbytes (NWGetThreadDataPtr()->statbytes) +#define totalbytes (NWGetThreadDataPtr()->totalbytes) +#define curfile (NWGetThreadDataPtr()->curfile) +#define args (NWGetThreadDataPtr()->args) +#define buffer (NWGetThreadDataPtr()->scp_buffer) +#define start (NWGetThreadDataPtr()->scp_start) +#define namebuf (NWGetThreadDataPtr()->scp_namebuf) +#define cursize (NWGetThreadDataPtr()->scp_cursize) +#undef exit +int verbose_mode = 0; +int showprogress = 1; +char *ssh_program = _PATH_SSH_PROGRAM; +#endif // !HAVE_NETWARE /* * This function executes the given command as the specified user on the @@ -134,6 +162,7 @@ int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc) { +#ifndef HAVE_NETWARE int pin[2], pout[2], reserved[2]; if (verbose_mode) @@ -183,13 +212,39 @@ *fdout = pin[1]; close(pout[1]); *fdin = pout[0]; +#else // HAVE_NETWARE + wiring_t wire = { FD_UNUSED, FD_UNUSED, FD_UNUSED }; + + args.list[0] = ssh_program; + if (remuser != NULL) + addargs(&args, "-l%s", remuser); + addargs(&args, "%s", host); + addargs(&args, "%s", cmd); + addargs(&args, "%d", SCPOnConnectionEstablished); + addargs(&args, "%d", SCPOnConnectionFailed); + + wire.infd = NWGetThreadDataPtr()->_stdout[0]; + wire.outfd = NWGetThreadDataPtr()->_stdin[1]; + + procve(ssh_program, PROC_CURRENT_SPACE, (const char **)___environ(), &wire, NULL, NULL, 0, NULL, (const char **)(args.list) ); + + close(wire.infd); + close(wire.outfd); + + fprintf(stderr, "exec: %s: %s\n", ssh_program, strerror(errno)); + + while( ( !g_bExitSystem ) && ( NWGetThreadDataPtr()->bSSHConnected != 1) ) + delay( 1 ); +#endif // HAVE_NETWARE return 0; } +#ifndef HAVE_NETWARE typedef struct { int cnt; char *buf; } BUF; +#endif BUF *allocbuf(BUF *, int, int); void lostconn(int); @@ -198,10 +253,25 @@ void run_err(const char *,...); void verifydir(char *); +#ifndef HAVE_NETWARE struct passwd *pwd; uid_t userid; int errs, remin, remout; int pflag, iamremote, iamrecursive, targetshouldbedirectory; +#else // HAVE_NETWARE +#define pwd (NWGetThreadDataPtr()->pwd) +#define userid (NWGetThreadDataPtr()->userid) +#define errs (NWGetThreadDataPtr()->errs) +#define remin (NWGetThreadDataPtr()->_stdin[0]) +#define remout (NWGetThreadDataPtr()->_stdout[1]) +#define pflag (NWGetThreadDataPtr()->pflag) +#define iamremote (NWGetThreadDataPtr()->iamremote) +#define iamrecursive (NWGetThreadDataPtr()->iamrecursive) +#define targetshouldbedirectory (NWGetThreadDataPtr()->targetshouldbedirectory) + +#define main(c, v) scp_main(c, v) +#define exit(exitCode) return(exitCode) +#endif // HAVE_NETWARE #define CMDNEEDS 64 char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ @@ -297,8 +367,10 @@ if (!isatty(STDERR_FILENO)) showprogress = 0; +#ifndef HAVE_NETWARE remin = STDIN_FILENO; remout = STDOUT_FILENO; +#endif if (fflag) { /* Follow "protocol", send data. */ @@ -316,7 +388,9 @@ if (argc > 2) targetshouldbedirectory = 1; +#ifndef HAVE_NETWARE remin = remout = -1; +#endif /* Command to be executed on remote system using "ssh". */ (void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s", verbose_mode ? " -v" : "", @@ -335,6 +409,9 @@ exit(errs != 0); } +#ifdef HAVE_NETWARE +#define exit SCP_NWExit +#endif void toremote(targ, argc, argv) char *targ, *argv[]; @@ -404,7 +481,11 @@ (void) system(bp); (void) xfree(bp); } else { /* local to remote */ +#ifndef HAVE_NETWARE if (remin == -1) { +#else + { +#endif len = strlen(targ) + CMDNEEDS + 20; bp = xmalloc(len); (void) snprintf(bp, len, "%s -t %s", cmd, targ); @@ -480,7 +561,9 @@ char *argv[]; { struct stat stb; +#ifndef HAVE_NETWARE static BUF buffer; +#endif BUF *bp; off_t i, amt, result; int fd, haderr, indx; @@ -528,8 +611,13 @@ * versions expecting microseconds. */ (void) snprintf(buf, sizeof buf, "T%lu 0 %lu 0\n", +#ifndef HAVE_NETWARE (u_long) stb.st_mtime, (u_long) stb.st_atime); +#else + (u_long) stb.st_mtime.tv_sec, + (u_long) stb.st_atime.tv_sec); +#endif (void) atomicio(write, remout, buf, strlen(buf)); if (response() < 0) goto next; @@ -576,6 +664,10 @@ result = atomicio(write, remout, bp->buf, amt); if (result != amt) haderr = result >= 0 ? EIO : errno; +#ifdef HAVE_NETWARE +// NXThreadYield(); + progressmeter(0); +#endif statbytes += result; } } @@ -612,8 +704,13 @@ last++; if (pflag) { (void) snprintf(path, sizeof(path), "T%lu 0 %lu 0\n", +#ifndef HAVE_NETWARE (u_long) statp->st_mtime, (u_long) statp->st_atime); +#else + (u_long) statp->st_mtime.tv_sec, + (u_long) statp->st_atime.tv_sec); +#endif (void) atomicio(write, remout, path, strlen(path)); if (response() < 0) { closedir(dirp); @@ -652,7 +749,9 @@ int argc; char *argv[]; { +#ifndef HAVE_NETWARE static BUF buffer; +#endif struct stat stb; enum { YES, NO, DISPLAYED @@ -683,7 +782,14 @@ (void) atomicio(write, remout, "", 1); if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) +#ifndef HAVE_NETWARE targisdir = 1; +#else + { + debug("sink() setting targisdir = 1, stb.st_mode = %x", stb.st_mode); + targisdir = 1; + } +#endif for (first = 1;; first = 0) { cp = buf; if (atomicio(read, remin, cp, 1) <= 0) @@ -760,8 +866,10 @@ if (*cp++ != ' ') SCREWUP("size not delimited"); if (targisdir) { +#ifndef HAVE_NETWARE static char *namebuf; static int cursize; +#endif size_t need; need = strlen(targ) + strlen(cp) + 250; @@ -835,7 +943,12 @@ do { j = read(remin, cp, amt); if (j == -1 && (errno == EINTR || +#ifndef HAVE_NETWARE errno == EAGAIN)) { +#else + errno == EAGAIN || errno == EWOULDBLOCK)) { + NXThreadYield(); +#endif continue; } else if (j <= 0) { run_err("%s", j ? strerror(errno) : @@ -845,6 +958,9 @@ amt -= j; cp += j; statbytes += j; +#ifdef HAVE_NETWARE + progressmeter(0); +#endif } while (amt > 0); if (count == bp->cnt) { /* Keep reading so we stay sync'd up. */ @@ -1091,11 +1207,18 @@ return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 && ctty_pgrp == pgrp); #else +#ifndef HAVE_NETWARE return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 && ctty_pgrp == pgrp)); +#else + return 1; +#endif #endif } +#ifdef HAVE_NETWARE +#undef cursize +#endif void progressmeter(int flag) { diff -u openssh-3.5p1/servconf.c nw-openssh-3.5p1/servconf.c --- openssh-3.5p1/servconf.c Wed Sep 4 22:35:15 2002 +++ nw-openssh-3.5p1/servconf.c Tue Mar 11 10:49:44 2003 @@ -40,6 +40,14 @@ #include "kex.h" #include "mac.h" +#ifdef USE_EDIR +#include "auth-edir.h" +#endif + +#ifdef HAVE_NETWARE +#define fatal error +#endif + static void add_listen_addr(ServerOptions *, char *, u_short); static void add_one_listen_addr(ServerOptions *, char *, u_short); @@ -123,6 +131,14 @@ options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; +#ifdef USE_EDIR + options->num_edir_contexts = 0; +#endif +#ifdef HAVE_NETWARE + options->log_max_file_size = -1; + options->log_max_files = -1; + options->log_rotate_interval = -1; +#endif /* Needs to be accessable in many places */ use_privsep = -1; @@ -255,10 +271,26 @@ } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; +#ifdef USE_EDIR + if (options->num_edir_contexts == 0) + fatal("no eDirectory search contexts specified."); +#endif +#ifdef HAVE_NETWARE + if(options->log_max_file_size == -1) + options->log_max_file_size = 4; + if(options->log_max_files == -1) + options->log_max_files = 7; + if(options->log_rotate_interval == -1) + options->log_rotate_interval = 24; +#endif /* Turn privilege separation on by default */ if (use_privsep == -1) +#ifndef HAVE_NETWARE use_privsep = 1; +#else + use_privsep = 0; +#endif #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { @@ -302,6 +334,12 @@ sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sUsePrivilegeSeparation, +#ifdef USE_EDIR + seDirNameContext, +#endif +#ifdef HAVE_NETWARE + sLogPath, sLogMaxFileSize, sLogMaxRotateFiles, sLogRotationInterval, +#endif sDeprecated } ServerOpCodes; @@ -380,6 +418,15 @@ { "authorizedkeysfile", sAuthorizedKeysFile }, { "authorizedkeysfile2", sAuthorizedKeysFile2 }, { "useprivilegeseparation", sUsePrivilegeSeparation}, +#ifdef USE_EDIR + { "edirnamecontext", seDirNameContext }, +#endif +#ifdef HAVE_NETWARE + { "logpath", sLogPath }, + { "logmaxfilesize", sLogMaxFileSize }, + { "logmaxrotatefiles", sLogMaxRotateFiles }, + { "logrotationinterval", sLogRotationInterval }, +#endif { NULL, sBadOption } }; @@ -583,13 +630,13 @@ "without-password/forced-commands-only/no " "argument.", filename, linenum); value = 0; /* silence compiler */ - if (strcmp(arg, "without-password") == 0) + if (strcasecmp(arg, "without-password") == 0) value = PERMIT_NO_PASSWD; - else if (strcmp(arg, "forced-commands-only") == 0) + else if (strcasecmp(arg, "forced-commands-only") == 0) value = PERMIT_FORCED_ONLY; - else if (strcmp(arg, "yes") == 0) + else if (strcasecmp(arg, "yes") == 0) value = PERMIT_YES; - else if (strcmp(arg, "no") == 0) + else if (strcasecmp(arg, "no") == 0) value = PERMIT_NO; else fatal("%s line %d: Bad yes/" @@ -607,9 +654,9 @@ fatal("%s line %d: missing yes/no argument.", filename, linenum); value = 0; /* silence compiler */ - if (strcmp(arg, "yes") == 0) + if (strcasecmp(arg, "yes") == 0) value = 1; - else if (strcmp(arg, "no") == 0) + else if (strcasecmp(arg, "no") == 0) value = 0; else fatal("%s line %d: Bad yes/no argument: %s", @@ -915,7 +962,35 @@ while (arg) arg = strdelim(&cp); break; +#ifdef USE_EDIR + case seDirNameContext: + if (options->num_edir_contexts >= MAX_EDIR_CONTEXTS) + fatal("%s line %d: too many eDirectory contexts.", + filename, linenum); + arg = edir_strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing eDir Name Context.", filename, linenum); + debug("process_server_config_line() seDirNameContext = '%s'", arg); + options->eDirNameContext[options->num_edir_contexts++] = xstrdup(arg); + break; +#endif +#ifdef HAVE_NETWARE + case sLogPath: + charptr = &options->log_path; + goto parse_filename; + case sLogMaxFileSize: + intptr = &options->log_max_file_size; + goto parse_int; + + case sLogMaxRotateFiles: + intptr = &options->log_max_files; + goto parse_int; + + case sLogRotationInterval: + intptr = &options->log_rotate_interval; + goto parse_int; +#endif default: fatal("%s line %d: Missing handler for opcode %s (%d)", filename, linenum, arg, opcode); diff -u openssh-3.5p1/servconf.h nw-openssh-3.5p1/servconf.h --- openssh-3.5p1/servconf.h Wed Jul 31 19:28:39 2002 +++ nw-openssh-3.5p1/servconf.h Tue Mar 11 10:49:44 2003 @@ -24,6 +24,9 @@ #define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ #define MAX_HOSTKEYS 256 /* Max # hostkeys. */ +#ifdef USE_EDIR +#define MAX_EDIR_CONTEXTS 1024/* Max # eDirectory search contexts. */ +#endif /* permit_root_login */ #define PERMIT_NOT_SET -1 @@ -132,6 +135,16 @@ char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; +#ifdef USE_EDIR + int num_edir_contexts; + char *eDirNameContext[MAX_EDIR_CONTEXTS]; +#endif +#ifdef HAVE_NETWARE + char *log_path; + int log_max_file_size; + int log_max_files; + int log_rotate_interval; +#endif } ServerOptions; void initialize_server_options(ServerOptions *); diff -u openssh-3.5p1/serverloop.c nw-openssh-3.5p1/serverloop.c --- openssh-3.5p1/serverloop.c Wed Sep 25 18:38:49 2002 +++ nw-openssh-3.5p1/serverloop.c Tue Mar 11 10:49:45 2003 @@ -58,6 +58,7 @@ extern ServerOptions options; +#ifndef HAVE_NETWARE /* XXX */ extern Kex *xxx_kex; static Authctxt *xxx_authctxt; @@ -90,9 +91,23 @@ static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */ +#else // !HAVE_NETWARE +#define read(x, y, z) recv(x, y, z, 0) +#define buf (NWGetThreadDataPtr()->server_loop_buf) +#define fdin (NWGetThreadDataPtr()->fdin) +#define fdout (NWGetThreadDataPtr()->fdout) +#define fderr (NWGetThreadDataPtr()->fderr) +#define connection_in (NWGetThreadDataPtr()->sl_connection_in) +#define connection_out (NWGetThreadDataPtr()->sl_connection_out) +#define connection_closed (NWGetThreadDataPtr()->connection_closed) + +extern int g_bExitSystem; +#endif // !HAVE_NETWARE + /* prototypes */ static void server_init_dispatch(void); +#ifndef HAVE_NETWARE /* * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated @@ -137,6 +152,18 @@ while (read(notify_pipe[0], &c, 1) != -1) debug2("notify_done: reading"); } +#else // HAVE_NETWARE +static int notify_pipe[2]; +static void notify_setup(){ + memset(notify_pipe, 0, sizeof(notify_pipe)); +} +static void notify_parent(){ +} +static void notify_prepare(){ +} +static void notify_done(){ +} +#endif // HAVE_NETWARE static void sigchld_handler(int sig) @@ -332,7 +359,9 @@ error("select: %.100s", strerror(errno)); } else if (ret == 0 && client_alive_scheduled) client_alive_check(); - +#ifdef HAVE_NETWARE + delay(1); +#endif notify_done(*readsetp); } @@ -344,7 +373,9 @@ process_input(fd_set * readset) { int len; +#ifndef HAVE_NETWARE char buf[16384]; +#endif /* Read and buffer any input data from the client. */ if (FD_ISSET(connection_in, readset)) { @@ -371,6 +402,7 @@ if (compat20) return; +#ifndef HAVE_NETWARE /* Read and buffer any available stdout data from the program. */ if (!fdout_eof && FD_ISSET(fdout, readset)) { len = read(fdout, buf, sizeof(buf)); @@ -394,6 +426,7 @@ buffer_append(&stderr_buffer, buf, len); } } +#endif } /* @@ -407,6 +440,7 @@ u_int dlen; int len; +#ifndef HAVE_NETWARE /* Write buffered data to program stdin. */ if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) { data = buffer_ptr(&stdin_buffer); @@ -438,6 +472,7 @@ stdin_bytes += len; } } +#endif /* Send any buffered packet data to the client. */ if (FD_ISSET(connection_out, writeset)) packet_write_poll(); @@ -629,7 +664,11 @@ /* Sleep in select() until we can do something. */ wait_until_can_do_something(&readset, &writeset, &max_fd, +#ifndef HAVE_NETWARE &nalloc, max_time_milliseconds); +#else + &nalloc, 10); +#endif /* Process any channel events. */ channel_after_select(readset, writeset); @@ -639,6 +678,10 @@ /* Process output to the client and to program stdin. */ process_output(writeset); +#ifdef HAVE_NETWARE + if( connection_closed ) + fatal_cleanup(); +#endif } if (readset) xfree(readset); @@ -720,6 +763,7 @@ static void collect_children(void) { +#ifndef HAVE_NETWARE pid_t pid; sigset_t oset, nset; int status; @@ -736,6 +780,7 @@ child_terminated = 0; } sigprocmask(SIG_SETMASK, &oset, NULL); +#endif } void @@ -768,7 +813,11 @@ if (!rekeying && packet_not_very_much_data_to_write()) channel_output_poll(); wait_until_can_do_something(&readset, &writeset, &max_fd, +#ifndef HAVE_NETWARE &nalloc, 0); +#else + &nalloc, 10); +#endif collect_children(); if (!rekeying) @@ -833,6 +882,9 @@ debug("EOF received for stdin."); packet_check_eom(); stdin_eof = 1; +#ifdef HAVE_NETWARE + connection_closed = 1; +#endif } static void diff -u openssh-3.5p1/session.c nw-openssh-3.5p1/session.c --- openssh-3.5p1/session.c Wed Sep 25 18:38:50 2002 +++ nw-openssh-3.5p1/session.c Tue Mar 11 10:49:45 2003 @@ -64,6 +64,11 @@ #define is_winnt (GetVersion() < 0x80000000) #endif +#ifdef HAVE_NETWARE +#include "getput.h" +#include "nw-scps.h" +#endif + /* func */ Session *session_new(void); @@ -96,6 +101,7 @@ extern int startup_pipe; extern void destroy_sensitive_data(void); +#ifndef HAVE_NETWARE /* original command from peer. */ const char *original_command = NULL; @@ -110,6 +116,7 @@ #ifdef HAVE_LOGIN_CAP login_cap_t *lc; #endif +#endif // !HAVE_NETWARE /* Name and directory of socket for authentication agent forwarding. */ static char *auth_sock_name = NULL; @@ -424,6 +431,7 @@ } } +#ifndef HAVE_NETWARE /* * This is called to fork and execute a command when we have no tty. This * will call do_child from the child, and server_loop from the parent after @@ -664,6 +672,7 @@ /* server_loop _has_ closed ptyfd and fdout. */ } } +#endif // !HAVE_NETWARE #ifdef LOGIN_NEEDS_UTMPX static void @@ -701,7 +710,11 @@ do_exec(Session *s, const char *command) { if (forced_command) { +#ifndef HAVE_NETWARE original_command = command; +#else + original_command = (char *)command; +#endif command = forced_command; debug("Forced command '%.900s'", command); } @@ -1274,6 +1287,7 @@ exit(1); } +#ifndef HAVE_NETWARE /* * Performs common processing for the child, such as setting up the * environment, closing extra file descriptors, setting the user and group @@ -1449,6 +1463,7 @@ perror(shell); exit(1); } +#endif // !HAVE_NETWARE Session * session_new(void) @@ -1608,6 +1623,7 @@ s->term = NULL; } +#ifndef HAVE_NETWARE /* Allocate a pty and open it. */ debug("Allocating pty."); if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)))) { @@ -1636,6 +1652,10 @@ /* Set window size from the packet. */ pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); +#else + while( packet_remaining() ) + packet_get_char(); +#endif packet_check_eom(); session_proctitle(s); @@ -1657,11 +1677,13 @@ for (i = 0; i < options.num_subsystems; i++) { if (strcmp(subsys, options.subsystem_name[i]) == 0) { cmd = options.subsystem_command[i]; +#ifndef HAVE_NETWARE if (stat(cmd, &st) < 0) { error("subsystem: cannot stat %s: %s", cmd, strerror(errno)); break; } +#endif debug("subsystem: exec() %s", cmd); s->is_subsystem = 1; do_exec(s, cmd); diff -u openssh-3.5p1/session.h nw-openssh-3.5p1/session.h --- openssh-3.5p1/session.h Wed Jul 3 18:14:18 2002 +++ nw-openssh-3.5p1/session.h Tue Mar 11 10:49:45 2003 @@ -28,6 +28,7 @@ #define TTYSZ 64 typedef struct Session Session; +#ifndef HAVE_NETWARE struct Session { int used; int self; @@ -54,6 +55,7 @@ int chanid; int is_subsystem; }; +#endif void do_authenticated(Authctxt *); diff -u openssh-3.5p1/sftp-client.c nw-openssh-3.5p1/sftp-client.c --- openssh-3.5p1/sftp-client.c Wed Sep 11 18:43:31 2002 +++ nw-openssh-3.5p1/sftp-client.c Tue Mar 11 10:49:46 2003 @@ -43,6 +43,14 @@ #include "sftp-common.h" #include "sftp-client.h" +#ifdef HAVE_NETWARE +#define error nw_sftp_error +#define fgets nw_sftp_fgets +#define printf nw_sftp_printf +#define atomicio scp_atomicio +#undef oqueue +#endif + /* Minimum amount of data to read at at time */ #define MIN_READ_SIZE 512 @@ -74,6 +82,7 @@ buffer_free(&oqueue); } +#ifndef HAVE_NETWARE static void get_msg(int fd, Buffer *m) { @@ -101,6 +110,7 @@ buffer_append(m, buf, len); } } +#endif // HAVE_NETWARE static void send_string_request(int fd, u_int id, u_int code, char *s, @@ -1048,6 +1058,9 @@ send_msg(conn->fd_out, &msg); debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u", id, (unsigned long long)offset, len); +#ifdef HAVE_NETWARE + delay(250); +#endif } else if (TAILQ_FIRST(&acks) == NULL) break; diff -u openssh-3.5p1/sftp-common.c nw-openssh-3.5p1/sftp-common.c --- openssh-3.5p1/sftp-common.c Wed Sep 11 17:54:26 2002 +++ nw-openssh-3.5p1/sftp-common.c Tue Mar 11 10:49:46 2003 @@ -61,8 +61,13 @@ a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; a->perm = st->st_mode; a->flags |= SSH2_FILEXFER_ATTR_ACMODTIME; +#ifndef HAVE_NETWARE a->atime = st->st_atime; a->mtime = st->st_mtime; +#else + a->atime = st->st_atime.tv_sec; + a->mtime = st->st_mtime.tv_sec; +#endif } /* Convert from filexfer attribs to struct stat */ @@ -80,8 +85,13 @@ if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) st->st_mode = a->perm; if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { +#ifndef HAVE_NETWARE st->st_atime = a->atime; st->st_mtime = a->mtime; +#else + st->st_atime.tv_sec = a->atime; + st->st_mtime.tv_sec = a->mtime; +#endif } } @@ -197,7 +207,11 @@ group = gbuf; } if (ltime != NULL) { +#ifndef HAVE_NETWARE if (time(NULL) - st->st_mtime < (365*24*60*60)/2) +#else + if (time(NULL) - st->st_mtime.tv_sec < (365*24*60*60)/2) +#endif sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime); else sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime); diff -u openssh-3.5p1/sftp-int.c nw-openssh-3.5p1/sftp-int.c --- openssh-3.5p1/sftp-int.c Wed Sep 11 18:34:15 2002 +++ nw-openssh-3.5p1/sftp-int.c Tue Mar 11 10:49:46 2003 @@ -74,6 +74,12 @@ #define I_SYMLINK 21 #define I_VERSION 22 +#ifdef HAVE_NETWARE +#define fgets nw_sftp_fgets +#define printf nw_sftp_printf +#define error nw_sftp_error +#endif + struct CMD { const char *c; const int n; @@ -109,7 +115,9 @@ { "rmdir", I_RMDIR }, { "symlink", I_SYMLINK }, { "version", I_VERSION }, +#ifndef HAVE_NETWARE { "!", I_SHELL }, +#endif { "?", I_HELP }, { NULL, -1} }; @@ -141,11 +149,14 @@ printf("rm path Delete remote file\n"); printf("symlink oldpath newpath Symlink remote file\n"); printf("version Show SFTP version\n"); +#ifndef HAVE_NETWARE printf("!command Execute 'command' in local shell\n"); printf("! Escape to local shell\n"); +#endif printf("? Synonym for help\n"); } +#ifndef HAVE_NETWARE static void local_do_shell(const char *args) { @@ -199,6 +210,7 @@ xfree(buf); } } +#endif // HAVE_NETWARE /* Strip one path (usually the pwd) from the start of another */ static char * @@ -541,6 +553,7 @@ xfree(abs_dst); if (tmp_dst) xfree(tmp_dst); + globfree(&g); return(err); } @@ -557,19 +570,27 @@ static int do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) { - int n; + int n, c, columns, m = 0; + struct winsize ws; + char fmt[10]; SFTP_DIRENT **d; + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) + return; + if ((n = do_readdir(conn, path, &d)) != 0) return (n); - /* Count entries for sort */ + /* Count entries for sort and find longest filename */ for (n = 0; d[n] != NULL; n++) - ; + m = MAX(m, strlen(d[n]->filename)); + + columns = ws.ws_col / (m + 2); + sprintf(fmt, "%c-%ds", '%', ws.ws_col / columns); qsort(d, n, sizeof(*d), sdirent_comp); - for (n = 0; d[n] != NULL; n++) { + for (c = 1,n = 0; d[n] != NULL; n++) { char *tmp, *fname; tmp = path_append(path, d[n]->filename); @@ -586,13 +607,20 @@ printf("%s\n", lname); xfree(lname); } else { - /* XXX - multicolumn display would be nice here */ - printf("%s\n", fname); + if(c++ < columns) { + printf(fmt, fname); + } else { + c = 1; + printf("%s\n", fname); + } } xfree(fname); } + if((!lflag) && (c != 1)) + printf("\n"); + free_sftp_dirents(d); return (0); } @@ -697,11 +725,15 @@ cmdnum = cmds[i].n; cmd = cmds[i].c; +#ifndef HAVE_NETWARE /* Special case */ if (*cp == '!') { cp++; cmdnum = I_SHELL; } else if (cmdnum == -1) { +#else + if (cmdnum == -1) { +#endif error("Invalid command."); return(-1); } @@ -925,10 +957,16 @@ } break; case I_LLS: +#ifndef HAVE_NETWARE local_do_ls(cmd); +#else + local_do_ls(getcwd(path_buf, sizeof(path_buf)), cmd); +#endif break; case I_SHELL: +#ifndef HAVE_NETWARE local_do_shell(cmd); +#endif break; case I_LUMASK: umask(n_arg); @@ -983,7 +1021,11 @@ printf("Remote working directory: %s\n", *pwd); break; case I_LPWD: +#ifndef HAVE_NETWARE if (!getcwd(path_buf, sizeof(path_buf))) +#else + if (!getcwdpath(path_buf, NULL, NULL)) +#endif error("Couldn't get local cwd: %s", strerror(errno)); else @@ -1057,9 +1099,11 @@ setvbuf(stdout, NULL, _IOLBF, 0); setvbuf(infile, NULL, _IOLBF, 0); #else +#ifndef HAVE_NETWARE setlinebuf(stdout); setlinebuf(infile); #endif +#endif for (;;) { char *cp; diff -u openssh-3.5p1/sftp-server.c nw-openssh-3.5p1/sftp-server.c --- openssh-3.5p1/sftp-server.c Wed Sep 11 17:54:27 2002 +++ nw-openssh-3.5p1/sftp-server.c Tue Mar 11 10:49:47 2003 @@ -33,6 +33,15 @@ #include "sftp.h" #include "sftp-common.h" +#ifdef HAVE_NETWARE +# include "nw-sftp.h" +# include "servconf.h" +ServerOptions options; +int g_bExitSystem = 0; +#define exit(rc) SFTP_Server_NetWareExit(rc) +#undef iqueue +#undef oqueue +#endif /* helper */ #define get_int64() buffer_get_int64(&iqueue); #define get_int() buffer_get_int(&iqueue); @@ -426,7 +435,11 @@ static void process_read(void) { +#ifndef HAVE_NETWARE char buf[64*1024]; +#else + char *buf = NULL; +#endif u_int32_t id, len; int handle, fd, ret, status = SSH2_FX_FAILURE; u_int64_t off; @@ -437,11 +450,16 @@ len = get_int(); TRACE("read id %u handle %d off %llu len %d", id, handle, +#ifndef HAVE_NETWARE (u_int64_t)off, len); if (len > sizeof buf) { len = sizeof buf; log("read change len %d", len); } +#else + (u_int64_t)off, len); + buf = (char *)xmalloc(len); +#endif fd = handle_to_fd(handle); if (fd >= 0) { if (lseek(fd, off, SEEK_SET) < 0) { @@ -461,6 +479,10 @@ } if (status != SSH2_FX_OK) send_status(id, status); +#ifdef HAVE_NETWARE + if( buf ) + xfree(buf); +#endif } static void @@ -725,7 +747,11 @@ } /* XXX OVERFLOW ? */ snprintf(pathname, sizeof pathname, "%s%s%s", path, +#ifndef HAVE_NETWARE strcmp(path, "/") ? "/" : "", dp->d_name); +#else + "", dp->d_name); +#endif if (lstat(pathname, &st) < 0) continue; stat_to_attrib(&st, &(stats[count].attrib)); @@ -853,6 +879,7 @@ static void process_readlink(void) { +#ifndef HAVE_NETWARE u_int32_t id; int len; char link[MAXPATHLEN]; @@ -872,11 +899,16 @@ send_names(id, 1, &s); } xfree(path); +#else + u_int32_t id = get_int(); + send_status( id, SSH2_FX_OP_UNSUPPORTED ); +#endif } static void process_symlink(void) { +#ifndef HAVE_NETWARE u_int32_t id; struct stat st; char *oldpath, *newpath; @@ -894,6 +926,10 @@ send_status(id, status); xfree(oldpath); xfree(newpath); +#else + u_int32_t id = get_int(); + send_status( id, SSH2_FX_OP_UNSUPPORTED ); +#endif } static void @@ -1011,6 +1047,7 @@ int main(int ac, char **av) { +#ifndef HAVE_NETWARE fd_set *rset, *wset; int in, out, max; ssize_t len, olen, set_size; @@ -1087,4 +1124,90 @@ /* process requests from client */ process(); } +#else // HAVE_NETWARE + TSD *pTSD; + IOOpen *ioOpen; + IOProc *ioRead; + IOProc *ioWrite; + IOClose *ioClose; + + long nHandle; + int *quit = 0; + ssize_t rlen, wlen, olen; + char *buf = NULL; + + // Since NetWare does not support stdin stdout they are simulated. + // ie: sftp-server + if( ac < 6 ) + { + fprintf( stderr, "sftp-svr can't be loaded from the system console!\n" ); + exit( 1 ); + } + + SFTP_Server_NetWareInit( "sftp-server" ); + NetWareTSDInit(); + + pTSD = NWGetThreadDataPtr(); + + ioOpen = (IOOpen *)atol( av[1] ); + ioRead = (IOProc *)atol( av[2] ); + ioWrite = (IOProc *)atol( av[3] ); + ioClose = (IOClose *)atol( av[4] ); + nHandle = atol( av[5] ); + + buffer_init(&iqueue); + buffer_init(&oqueue); + + buf = (char *)xmalloc(8*4096); + + if( !buf ) + exit( 1 ); + + if(ioOpen(nHandle, &quit)) + { + while( !(*quit) ) { + rlen = ioRead( nHandle, buf, 8*4096); + if (rlen < 0) { + TRACE("main() read failed: rc = %d, error = '%s'", rlen, strerror(errno) ); + error("read error"); + (*quit) = 1; + break; + } else if (rlen > 0) { + buffer_append(&iqueue, buf, rlen); + } + + olen = buffer_len(&oqueue); + if( olen > 0 ) + { + wlen = ioWrite( nHandle, buffer_ptr(&oqueue), olen); + if (wlen <= 0) { + error("write error"); + (*quit) = 1; + break; + } else { + buffer_consume(&oqueue, wlen); + NXThreadDelay(20); + } + } + + if( buffer_len(&iqueue) >= 5 ) + process(); + + if( ( rlen == 0 ) && ( olen == 0 ) ) + NXThreadDelay(5); + else + NXThreadDelay(1); + } + } + + ioClose( nHandle ); + + if( buf ) + xfree( buf ); + + + TSDCleanupProc( pTSD ); + + exit(0); +#endif // HAVE_NETWARE } diff -u openssh-3.5p1/sftp.c nw-openssh-3.5p1/sftp.c --- openssh-3.5p1/sftp.c Wed Jul 31 19:25:01 2002 +++ nw-openssh-3.5p1/sftp.c Tue Mar 11 10:49:45 2003 @@ -39,6 +39,14 @@ #include "sftp-client.h" #include "sftp-int.h" +#ifdef HAVE_NETWARE +#include "servconf.h" +#define exit(rc) SFTP_NWExit(rc) +ServerOptions options; +int g_bExitSystem = 0; +extern TSD *g_pTSD; +#endif + #ifdef HAVE___PROGNAME extern char *__progname; #else @@ -52,6 +60,7 @@ static void connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid) { +#ifndef HAVE_NETWARE int c_in, c_out; #ifdef USE_PIPES @@ -91,6 +100,27 @@ close(c_in); close(c_out); +#else // HAVE_NETWARE + wiring_t wire = { FD_UNUSED, FD_UNUSED, FD_UNUSED }; + int c_in, c_out; + int pin[2], pout[2]; + + if ((pipe(pin) == -1) || (pipe(pout) == -1)) + fatal("pipe: %s", strerror(errno)); + + *in = pin[0]; + *out = pout[1]; + c_in = pout[0]; + c_out = pin[1]; + + wire.infd = pout[0]; + wire.outfd = pin[1]; + + procve(path, PROC_CURRENT_SPACE, (const char **)___environ(), &wire, NULL, NULL, 0, NULL, (const char **)args); + + close(pout[0]); + close(pin[1]); +#endif // HAVE_NETWARE } static void @@ -99,9 +129,14 @@ extern char *__progname; fprintf(stderr, +#ifndef HAVE_NETWARE "usage: %s [-vC1] [-b batchfile] [-o option] [-s subsystem|path] [-B buffer_size]\n" " [-F config] [-P direct server path] [-S program]\n" " [user@]host[:file [file]]\n", __progname); +#else + "usage: sftp [-vC1] [-b batchfile] [-o option] [-B buffer_size]\n" + " [-F config] [user@]host[:file [file]]\n"); +#endif exit(1); } @@ -119,6 +154,9 @@ extern int optind; extern char *optarg; +#ifdef HAVE_NETWARE + SFTP_NetWareInit( argv[0] ); +#endif __progname = get_progname(argv[0]); args.list = NULL; addargs(&args, "ssh"); /* overwritten with ssh_program */ @@ -149,12 +187,14 @@ if (sftp_server == NULL) sftp_server = _PATH_SFTP_SERVER; break; +#ifndef HAVE_NETWARE case 's': sftp_server = optarg; break; case 'S': ssh_program = optarg; break; +#endif case 'b': if (infile == stdin) { infile = fopen(optarg, "r"); @@ -163,9 +203,11 @@ } else fatal("Filename already specified."); break; +#ifndef HAVE_NETWARE case 'P': sftp_direct = optarg; break; +#endif case 'B': copy_buffer_len = strtol(optarg, &cp, 10); if (copy_buffer_len == 0 || *cp != '\0') @@ -189,6 +231,9 @@ if (optind == argc || argc > (optind + 2)) usage(); +#ifdef HAVE_NETWARE + SFTP_NetWareTSDInit(); +#endif userhost = xstrdup(argv[optind]); file2 = argv[optind+1]; @@ -225,6 +270,10 @@ sftp_server : "sftp")); args.list[0] = ssh_program; +#ifdef HAVE_NETWARE + addargs(&args, "%d", SFTPOnConnectionEstablished); + addargs(&args, "%d", SFTPOnConnectionFailed); +#endif fprintf(stderr, "Connecting to %s...\n", host); connect_to_server(ssh_program, args.list, &in, &out, &sshpid); @@ -237,6 +286,10 @@ &sshpid); } +#ifdef HAVE_NETWARE + while( ( !g_bExitSystem ) && ( g_pTSD->bSSHConnected != 1) ) + delay( 1 ); +#endif interactive_loop(in, out, file1, file2); #if !defined(USE_PIPES) diff -u openssh-3.5p1/ssh-keygen.c nw-openssh-3.5p1/ssh-keygen.c --- openssh-3.5p1/ssh-keygen.c Sat Jul 20 13:05:40 2002 +++ nw-openssh-3.5p1/ssh-keygen.c Tue Mar 11 10:49:52 2003 @@ -32,6 +32,13 @@ #include "scard.h" #endif +#ifdef HAVE_NETWARE +#include "servconf.h" +ServerOptions options; +int g_bExitSystem = 0; +#define exit SSH_KeyGen_NWExit +#endif + /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ int bits = 1024; @@ -758,6 +765,11 @@ extern int optind; extern char *optarg; +#ifdef HAVE_NETWARE + SSH_KeyGen_NetWareInit( av[0] ); + NetWareTSDInit(); +#endif + __progname = get_progname(av[0]); SSLeay_add_all_algorithms(); diff -u openssh-3.5p1/ssh-keyscan.c nw-openssh-3.5p1/ssh-keyscan.c --- openssh-3.5p1/ssh-keyscan.c Wed Sep 11 18:43:32 2002 +++ nw-openssh-3.5p1/ssh-keyscan.c Tue Mar 11 10:49:52 2003 @@ -29,6 +29,13 @@ #include "atomicio.h" #include "misc.h" +#ifdef HAVE_NETWARE +#include "servconf.h" +ServerOptions options; +int g_bExitSystem = 0; +#define exit SSH_KeyGen_NWExit +#endif + /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ #ifdef IPV4_DEFAULT @@ -666,6 +673,7 @@ } } +#ifndef HAVE_NETWARE void fatal(const char *fmt,...) { @@ -679,6 +687,7 @@ else fatal_cleanup(); } +#endif static void usage(void) @@ -699,6 +708,11 @@ extern int optind; extern char *optarg; +#ifdef HAVE_NETWARE + SSH_KeyGen_NetWareInit( argv[0] ); + NetWareTSDInit(); +#endif + __progname = get_progname(argv[0]); init_rng(); seed_rng(); diff -u openssh-3.5p1/ssh.c nw-openssh-3.5p1/ssh.c --- openssh-3.5p1/ssh.c Wed Sep 18 20:05:04 2002 +++ nw-openssh-3.5p1/ssh.c Tue Mar 11 10:49:48 2003 @@ -73,6 +73,13 @@ #include "scard.h" #endif +#ifdef HAVE_NETWARE +#define exit SSH_NWExit +#define main ssh_main + +int g_bExitSystem = 0; +#endif + #ifdef HAVE___PROGNAME extern char *__progname; #else @@ -222,6 +229,10 @@ extern int optind, optreset; extern char *optarg; +#ifdef HAVE_NETWARE + SSH_NetWareInit( av[0] ); +#endif + __progname = get_progname(av[0]); init_rng(); @@ -273,6 +284,9 @@ /* Parse command-line arguments. */ host = NULL; +#ifdef HAVE_NETWARE + SSH_NetWareTSDInit(); +#endif again: while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVX")) != -1) { @@ -427,10 +441,35 @@ case 'L': case 'R': +#ifndef HAVE_NETWARE if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]", sfwd_port, buf, sfwd_host_port) != 3 && sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]", sfwd_port, buf, sfwd_host_port) != 3) { +#else + cp = strtok(optarg, ":"); + dummy = 0; + + if( cp ) + { + dummy++; + strcpy(sfwd_port, cp); + cp = strtok(NULL, ":"); + if( cp ) + { + dummy++; + strcpy(buf, cp); + cp = strtok(NULL, ":"); + if( cp ) + { + dummy++; + strcpy(sfwd_host_port, cp); + } + } + } + + if( dummy != 3 ) { +#endif fprintf(stderr, "Bad forwarding specification '%s'\n", optarg); @@ -524,6 +563,9 @@ /* Initialize the command to execute on remote host. */ buffer_init(&command); +#ifdef HAVE_NETWARE + NetWareEventsInit( ac ? av[0] : "ssh", options.user, host ); +#endif /* * Save the command to execute on the remote host in a buffer. There * is no limit on the length of the command, except by the maximum @@ -546,6 +588,9 @@ } } +#ifdef HAVE_NETWARE + nw_parse_command( buffer_ptr( &command ), buffer_len( &command ) ); +#endif /* Cannot fork to background if no command. */ if (fork_after_authentication_flag && buffer_len(&command) == 0 && !no_shell_flag) fatal("Cannot fork into background without a command to execute."); @@ -568,8 +613,13 @@ * Initialize "log" output. Since we are the client all output * actually goes to stderr. */ +#ifndef HAVE_NETWARE log_init(av[0], options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, SYSLOG_FACILITY_USER, 1); +#else + log_init(__progname, options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, + SYSLOG_FACILITY_USER, 1); +#endif /* * Read per-user configuration file. Ignore the system wide config @@ -592,7 +642,11 @@ fill_default_options(&options); /* reinit */ +#ifndef HAVE_NETWARE log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); +#else + log_init(__progname, options.log_level, SYSLOG_FACILITY_USER, 1); +#endif seed_rng(); @@ -733,7 +787,11 @@ if (proxy_command_pid > 1) kill(proxy_command_pid, SIGHUP); +#ifndef HAVE_NETWARE return exit_status; +#else + return SSH_NetWareExit(); +#endif } static void @@ -776,8 +834,10 @@ if (f && fgets(line, sizeof(line), f) && sscanf(line, "%*s %511s %511s", proto, data) == 2) got_data = 1; +#ifndef HAVE_NETWARE if (f) pclose(f); +#endif } /* * If we didn't get authentication data, just make up some @@ -1033,7 +1093,11 @@ char *cp; cp = getenv("TERM"); if (!cp) +#ifndef HAVE_NETWARE cp = ""; +#else + cp = "ansi"; +#endif /* Store window size in the packet. */ if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) memset(&ws, 0, sizeof(ws)); @@ -1127,11 +1191,18 @@ packetmax >>= 1; } c = channel_new( +#ifndef HAVE_NETWARE "session", SSH_CHANNEL_OPENING, in, out, err, +#else + "session", SSH_CHANNEL_OPENING, -1, -1, -1, +#endif window, packetmax, CHAN_EXTENDED_WRITE, xstrdup("client-session"), /*nonblock*/0); debug3("ssh_session2_open: channel_new: %d", c->self); +#ifdef HAVE_NETWARE + NWGetThreadDataPtr()->ssh_chanid = c->self; +#endif channel_send_open(c->self); if (!no_shell_flag) diff -u openssh-3.5p1/ssh.h nw-openssh-3.5p1/ssh.h --- openssh-3.5p1/ssh.h Sun Jul 21 17:59:39 2002 +++ nw-openssh-3.5p1/ssh.h Tue Mar 11 10:49:51 2003 @@ -15,12 +15,26 @@ #ifndef SSH_H #define SSH_H +#ifndef HAVE_NETWARE #include /* For struct sockaddr_in */ #include /* For struct pw */ #include /* For va_list */ #include /* For LOG_AUTH and friends */ #include /* For struct sockaddr_storage */ #include "openbsd-compat/fake-socket.h" /* For struct sockaddr_storage */ +#else +#define IN_LOOPBACKNET 127 /* official! */ +#define _PATH_DEVNULL "" +#define _PATH_RSH "" +#define sleep(x) delay(x) +struct winsize +{ + int ws_row; + int ws_col; + int ws_xpixel; + int ws_ypixel; +}; +#endif #ifdef HAVE_SYS_SELECT_H # include #endif @@ -60,6 +74,10 @@ */ #define SSH_SERVICE_NAME "ssh" +#if defined(USE_PAM) && !defined(SSHD_PAM_SERVICE) +# define SSHD_PAM_SERVICE __progname +#endif + /* * Name of the environment variable containing the process ID of the * authentication agent. diff -u openssh-3.5p1/sshconnect.c nw-openssh-3.5p1/sshconnect.c --- openssh-3.5p1/sshconnect.c Wed Sep 18 20:05:04 2002 +++ nw-openssh-3.5p1/sshconnect.c Tue Mar 11 10:49:50 2003 @@ -33,8 +33,14 @@ #include "misc.h" #include "readpass.h" +#ifndef HAVE_NETWARE char *client_version_string = NULL; char *server_version_string = NULL; +#else +#define atomicio NWSSH_atomicio +#define client_version_string (NWGetThreadDataPtr()->client_version_string) +#define server_version_string (NWGetThreadDataPtr()->server_version_string) +#endif /* import */ extern Options options; @@ -105,6 +111,7 @@ debug("Executing proxy command: %.500s", command_string); +#ifndef HAVE_NETWARE /* Fork and execute the proxy command. */ if ((pid = fork()) == 0) { char *argv[10]; @@ -139,6 +146,9 @@ perror(argv[0]); exit(1); } +#else + pid = 0; +#endif /* Parent. */ if (pid < 0) fatal("fork failed: %.100s", strerror(errno)); @@ -175,7 +185,11 @@ if (privileged) { int p = IPPORT_RESERVED - 1; PRIV_START; +#ifndef HAVE_NETWARE sock = rresvport_af(&p, family); +#else + sock = -1; +#endif PRIV_END; if (sock < 0) error("rresvport: af=%d %.100s", family, strerror(errno)); @@ -393,7 +407,11 @@ * Check that the versions match. In future this might accept * several versions and set appropriate flags to handle them. */ +#ifndef HAVE_NETWARE if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n", +#else + if (sscanf(server_version_string, "SSH-%d.%d-%s[^\n]\n", +#endif &remote_major, &remote_minor, remote_version) != 3) fatal("Bad remote protocol version identification: '%.100s'", buf); debug("Remote protocol version %d.%d, remote software version %.100s", diff -u openssh-3.5p1/sshconnect2.c nw-openssh-3.5p1/sshconnect2.c --- openssh-3.5p1/sshconnect2.c Wed Oct 2 23:45:55 2002 +++ nw-openssh-3.5p1/sshconnect2.c Tue Mar 11 10:49:49 2003 @@ -48,22 +48,28 @@ #include "msg.h" #include "pathnames.h" +#ifndef HAVE_NETWARE /* import */ extern char *client_version_string; extern char *server_version_string; +#endif extern Options options; /* * SSH2 key exchange */ +#ifndef HAVE_NETWARE u_char *session_id2 = NULL; int session_id2_len = 0; +#endif char *xxx_host; struct sockaddr *xxx_hostaddr; +#ifndef HAVE_NETWARE Kex *xxx_kex = NULL; +#endif static int verify_host_key_callback(Key *hostkey) @@ -110,16 +116,34 @@ /* start key exchange */ kex = kex_setup(myproposal); +#ifndef HAVE_NETWARE kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; +#else +#undef client_version_string +#undef server_version_string + kex->client_version_string=NWGetThreadDataPtr()->client_version_string; + kex->server_version_string=NWGetThreadDataPtr()->server_version_string; +#endif kex->verify_host_key=&verify_host_key_callback; xxx_kex = kex; dispatch_run(DISPATCH_BLOCK, &kex->done, kex); +#ifndef HAVE_NETWARE session_id2 = kex->session_id; session_id2_len = kex->session_id_len; +#else +#undef session_id +#undef session_id2 +#undef session_id2_len + NWGetThreadDataPtr()->session_id2 = kex->session_id; + NWGetThreadDataPtr()->session_id2_len = kex->session_id_len; +#define session_id (NWGetThreadDataPtr()->session_id) +#define session_id2 (NWGetThreadDataPtr()->session_id2) +#define session_id2_len (NWGetThreadDataPtr()->session_id2_len) +#endif #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ @@ -135,6 +159,10 @@ * Authenticate user */ +#ifdef HAVE_NETWARE +#define Authctxt AuthContext +#define Authmethod AuthMethod +#else typedef struct Authctxt Authctxt; typedef struct Authmethod Authmethod; @@ -166,6 +194,7 @@ int *enabled; /* flag in option struct that enables method */ int *batch_flag; /* flag in option struct that disables method */ }; +#endif void input_userauth_success(int, u_int32_t, void *); void input_userauth_failure(int, u_int32_t, void *); @@ -901,6 +930,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { +#ifndef HAVE_NETWARE Buffer b; struct stat st; pid_t pid; @@ -968,6 +998,7 @@ } *sigp = buffer_get_string(&b, lenp); buffer_clear(&b); +#endif return 0; } diff -u openssh-3.5p1/sshd.c nw-openssh-3.5p1/sshd.c --- openssh-3.5p1/sshd.c Sun Sep 29 19:59:23 2002 +++ nw-openssh-3.5p1/sshd.c Tue Mar 11 10:49:51 2003 @@ -85,6 +85,11 @@ #include "monitor_wrap.h" #include "monitor_fdpass.h" +#ifdef HAVE_NETWARE +#define exit(rc) NWExit(rc) +#define atomicio NWSSH_atomicio +#endif + #ifdef LIBWRAP #include #include @@ -150,6 +155,7 @@ int listen_socks[MAX_LISTEN_SOCKS]; int num_listen_socks = 0; +#ifndef HAVE_NETWARE /* * the client's version string, passed by sshd2 in compat mode. if != NULL, * sshd will skip the version-number exchange @@ -159,6 +165,7 @@ /* for rekeying XXX fixme */ Kex *xxx_kex; +#endif /* * Any really sensitive data in the application is contained in this @@ -187,12 +194,14 @@ static volatile sig_atomic_t received_sighup = 0; static volatile sig_atomic_t received_sigterm = 0; +#ifndef HAVE_NETWARE /* session identifier, used by RSA-auth */ u_char session_id[16]; /* same for ssh2 */ u_char *session_id2 = NULL; int session_id2_len = 0; +#endif /* record remote hostname or ip */ u_int utmp_len = MAXHOSTNAMELEN; @@ -209,8 +218,20 @@ void destroy_sensitive_data(void); void demote_sensitive_data(void); +#ifndef HAVE_NETWARE static void do_ssh1_kex(void); static void do_ssh2_kex(void); +#else +void do_ssh1_kex(void); +void do_ssh2_kex(void); + +int g_bExitSystem = 0; + +#define client_version_string (NWGetThreadDataPtr()->client_version_string) +#define server_version_string (NWGetThreadDataPtr()->server_version_string) +#define sensitive_data (NWGetThreadDataPtr()->sensitive_data) +#define session_id (NWGetThreadDataPtr()->session_id) +#endif /* * Close all listening sockets @@ -273,7 +294,11 @@ static void sigterm_handler(int sig) { +#ifndef HAVE_NETWARE received_sigterm = sig; +#else + NetWareShutdown( sig ); +#endif } /* @@ -347,7 +372,11 @@ key_do_regen = 1; } +#ifndef HAVE_NETWARE static void +#else +void +#endif sshd_exchange_identification(int sock_in, int sock_out) { int i, mismatch; @@ -409,7 +438,11 @@ * Check that the versions match. In future this might accept * several versions and set appropriate flags to handle them. */ +#ifndef HAVE_NETWARE if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n", +#else + if (sscanf(client_version_string, "SSH-%d.%d-%s[^\n]\n", +#endif &remote_major, &remote_minor, remote_version) != 3) { s = "Protocol mismatch.\n"; (void) atomicio(write, sock_out, s, strlen(s)); @@ -490,17 +523,23 @@ int i; if (sensitive_data.server_key) { +#ifndef HAVE_NETWARE key_free(sensitive_data.server_key); +#endif sensitive_data.server_key = NULL; } for (i = 0; i < options.num_host_key_files; i++) { if (sensitive_data.host_keys[i]) { +#ifndef HAVE_NETWARE key_free(sensitive_data.host_keys[i]); +#endif sensitive_data.host_keys[i] = NULL; } } sensitive_data.ssh1_host_key = NULL; +#ifndef HAVE_NETWARE memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH); +#endif } /* Demote private to public keys for network child */ @@ -628,7 +667,9 @@ static void privsep_postauth(Authctxt *authctxt) { +#ifndef HAVE_NETWARE extern Authctxt *x_authctxt; +#endif /* XXX - Remote port forwarding */ x_authctxt = authctxt; @@ -779,7 +820,9 @@ fprintf(stderr, "Options:\n"); fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE); fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n"); +#ifndef HAVE_NETWARE fprintf(stderr, " -i Started from inetd\n"); +#endif fprintf(stderr, " -D Do not fork into daemon mode\n"); fprintf(stderr, " -t Only test configuration file and keys\n"); fprintf(stderr, " -q Quiet (no logging)\n"); @@ -824,6 +867,13 @@ #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); #endif +#ifdef HAVE_NETWARE + NetWareInit( av[0] ); +#endif +#ifdef USE_EDIR + // Initialize eDirectory. + init_edir(); +#endif __progname = get_progname(av[0]); init_rng(); @@ -864,7 +914,9 @@ log_stderr = 1; break; case 'i': +#ifndef HAVE_NETWARE inetd_flag = 1; +#endif break; case 'Q': /* ignored */ @@ -969,6 +1021,7 @@ debug("sshd version %.100s", SSH_VERSION); +#ifndef HAVE_NETWARE /* load private host keys */ sensitive_data.host_keys = xmalloc(options.num_host_key_files * sizeof(Key *)); @@ -1001,6 +1054,12 @@ debug("private host key: #%d type %d %s", i, key->type, key_type(key)); } +#else + NetWareTSDInit(); +#endif +#ifdef USE_EDIR + fatal_add_cleanup(cleanup_edir, NULL); +#endif if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { log("Disabling protocol version 1. Could not load host key"); options.protocol &= ~SSH_PROTO_1; @@ -1066,6 +1125,7 @@ if (test_flag) exit(0); +#ifndef HAVE_NETWARE /* * Clear out any supplemental groups we may have inherited. This * prevents inadvertent creation of files with bad modes (in the @@ -1075,6 +1135,7 @@ */ if (setgroups(0, NULL) < 0) debug("setgroups() failed: %.200s", strerror(errno)); +#endif // !HAVE_NETWARE /* Initialize the log (it is reinitialized below in case we forked). */ if (debug_flag && !inetd_flag) @@ -1225,18 +1286,28 @@ for (i = 0; i < num_listen_socks; i++) if (listen_socks[i] > maxfd) maxfd = listen_socks[i]; +#ifndef HAVE_NETWARE /* pipes connected to unauthenticated childs */ startup_pipes = xmalloc(options.max_startups * sizeof(int)); for (i = 0; i < options.max_startups; i++) startup_pipes[i] = -1; +#else + NetWareEventsInit( "sshd", NULL, NULL ); + RegisterOurConsoleCommand(); +#endif /* * Stay listening for connections until the system crashes or * the daemon is killed with a signal. */ for (;;) { +#ifndef HAVE_NETWARE if (received_sighup) sighup_restart(); +#else + if (g_bExitSystem) + break; +#endif if (fdset != NULL) xfree(fdset); fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask); @@ -1245,14 +1316,33 @@ for (i = 0; i < num_listen_socks; i++) FD_SET(listen_socks[i], fdset); +#ifndef HAVE_NETWARE for (i = 0; i < options.max_startups; i++) if (startup_pipes[i] != -1) FD_SET(startup_pipes[i], fdset); +#endif /* Wait in select until there is a connection. */ +#ifndef HAVE_NETWARE ret = select(maxfd+1, fdset, NULL, NULL, NULL); +#else + { + struct timeval tv; + tv.tv_sec = 0; + tv.tv_usec = 500000; + + ret = select(maxfd+1, fdset, NULL, NULL, &tv); + } +#endif if (ret < 0 && errno != EINTR) +#ifndef HAVE_NETWARE error("select: %.100s", strerror(errno)); +#else + { + error("select: %.100s", strerror(errno)); + exit(0); + } +#endif if (received_sigterm) { log("Received signal %d; terminating.", (int) received_sigterm); @@ -1268,6 +1358,7 @@ if (ret < 0) continue; +#ifndef HAVE_NETWARE for (i = 0; i < options.max_startups; i++) if (startup_pipes[i] != -1 && FD_ISSET(startup_pipes[i], fdset)) { @@ -1281,6 +1372,7 @@ startup_pipes[i] = -1; startups--; } +#endif for (i = 0; i < num_listen_socks; i++) { if (!FD_ISSET(listen_socks[i], fdset)) continue; @@ -1292,6 +1384,7 @@ error("accept: %.100s", strerror(errno)); continue; } +#ifndef HAVE_NETWARE if (fcntl(newsock, F_SETFL, 0) < 0) { error("newsock del O_NONBLOCK: %s", strerror(errno)); close(newsock); @@ -1364,6 +1457,11 @@ debug("Forked child %ld.", (long)pid); close(startup_p[1]); +#else + // On NetWare spawn new thread to handle client connection. + // fork is not supported on NetWare. + NetWareNewSessionThread( newsock ); +#endif /* Mark that the key has been used (it was "given" to the child). */ if ((options.protocol & SSH_PROTO_1) && @@ -1376,8 +1474,10 @@ arc4random_stir(); +#ifndef HAVE_NETWARE /* Close the new socket (the child is now taking care of it). */ close(newsock); +#endif } /* child process check (or debug mode) */ if (num_listen_socks < 0) @@ -1385,6 +1485,7 @@ } } +#ifndef HAVE_NETWARE /* This is the child processing a new connection. */ /* @@ -1530,6 +1631,10 @@ /* The connection has been terminated. */ verbose("Closing connection to %.100s", remote_ip); +#ifdef USE_EDIR + // Uninitialize eDirectory. + deinit_edir(); +#endif #ifdef USE_PAM finish_pam(); #endif /* USE_PAM */ @@ -1540,6 +1645,13 @@ mm_terminate(); exit(0); +#else // !HAVE_NETWARE +#ifdef USE_EDIR + // Uninitialize eDirectory. + deinit_edir(); +#endif + return NetWareExit(); +#endif // HAVE_NETWARE } /* @@ -1589,7 +1701,11 @@ /* * SSH1 key exchange */ +#ifndef HAVE_NETWARE static void +#else +void +#endif do_ssh1_kex(void) { int i, len; @@ -1763,6 +1879,9 @@ /* Destroy the decrypted integer. It is no longer needed. */ BN_clear_free(session_key_int); +#ifdef HAVE_NETWARE + NWGetThreadDataPtr()->cipher_name = xstrdup( cipher_name( cipher_type ) ); +#endif /* Set the session key. From this on all communications will be encrypted. */ packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); @@ -1780,7 +1899,11 @@ /* * SSH2 key exchange: diffie-hellman-group1-sha1 */ +#ifndef HAVE_NETWARE static void +#else +void +#endif do_ssh2_kex(void) { Kex *kex; @@ -1807,8 +1930,15 @@ /* start key exchange */ kex = kex_setup(myproposal); kex->server = 1; +#ifndef HAVE_NETWARE kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; +#else +#undef client_version_string +#undef server_version_string + kex->client_version_string=NWGetThreadDataPtr()->client_version_string; + kex->server_version_string=NWGetThreadDataPtr()->server_version_string; +#endif kex->load_host_key=&get_hostkey_by_type; kex->host_key_index=&get_hostkey_index; @@ -1816,8 +1946,16 @@ dispatch_run(DISPATCH_BLOCK, &kex->done, kex); +#ifndef HAVE_NETWARE session_id2 = kex->session_id; session_id2_len = kex->session_id_len; +#else +#undef session_id +#undef session_id2 +#undef session_id2_len + NWGetThreadDataPtr()->session_id2 = kex->session_id; + NWGetThreadDataPtr()->session_id2_len = kex->session_id_len; +#endif #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ diff -u openssh-3.5p1/sshtty.c nw-openssh-3.5p1/sshtty.c --- openssh-3.5p1/sshtty.c Mon Mar 4 18:53:05 2002 +++ nw-openssh-3.5p1/sshtty.c Tue Mar 11 10:49:53 2003 @@ -58,6 +58,7 @@ void leave_raw_mode(void) { +#ifndef HAVE_NETWARE if (!_in_raw_mode) return; if (tcsetattr(fileno(stdin), TCSADRAIN, &_saved_tio) == -1) @@ -66,11 +67,13 @@ _in_raw_mode = 0; fatal_remove_cleanup((void (*) (void *)) leave_raw_mode, NULL); +#endif } void enter_raw_mode(void) { +#ifndef HAVE_NETWARE struct termios tio; if (tcgetattr(fileno(stdin), &tio) == -1) { @@ -93,4 +96,5 @@ _in_raw_mode = 1; fatal_add_cleanup((void (*) (void *)) leave_raw_mode, NULL); +#endif } diff -u openssh-3.5p1/uuencode.c nw-openssh-3.5p1/uuencode.c --- openssh-3.5p1/uuencode.c Wed Sep 11 17:49:18 2002 +++ nw-openssh-3.5p1/uuencode.c Tue Mar 11 10:49:53 2003 @@ -28,6 +28,10 @@ #include "xmalloc.h" #include "uuencode.h" +#ifdef HAVE_NETWARE +#include "base64.h" +#endif + int uuencode(u_char *src, u_int srclength, char *target, size_t targsize) diff -u openssh-3.5p1/xmalloc.h nw-openssh-3.5p1/xmalloc.h --- openssh-3.5p1/xmalloc.h Thu Jun 20 18:41:53 2002 +++ nw-openssh-3.5p1/xmalloc.h Tue Mar 11 10:49:53 2003 @@ -19,9 +19,28 @@ #ifndef XMALLOC_H #define XMALLOC_H +#ifndef HAVE_NETWARE void *xmalloc(size_t); void *xrealloc(void *, size_t); void xfree(void *); char *xstrdup(const char *); +#else // HAVE_NETWARE +#include "nw-memtrak.h" +#ifdef LOG_MEM_ROUTINES +void *nw_xmalloc(size_t, char *, int); +void *nw_xrealloc(void *, size_t, char *, int); +void nw_xfree(void *, char *, int); +char *nw_xstrdup(const char *, char *, int); +#define xmalloc( s ) nw_xmalloc( (s), __FILE__, __LINE__ ) +#define xrealloc( p, s ) nw_xrealloc( (p), (s), __FILE__, __LINE__ ) +#define xfree( p ) nw_xfree( (p), __FILE__, __LINE__ ) +#define xstrdup( p ) nw_xstrdup( (p), __FILE__, __LINE__ ) +#else +void *xmalloc(size_t); +void *xrealloc(void *, size_t); +void xfree(void *); +char *xstrdup(const char *); +#endif +#endif // HAVE_NETWARE #endif /* XMALLOC_H */ diff -u openssh-3.5p1/openbsd-compat/base64.c nw-openssh-3.5p1/openbsd-compat/base64.c --- openssh-3.5p1/openbsd-compat/base64.c Tue Sep 10 18:29:12 2002 +++ nw-openssh-3.5p1/openbsd-compat/base64.c Tue Mar 11 10:49:54 2003 @@ -48,7 +48,9 @@ #include #include +#ifndef HAVE_NETWARE #include +#endif #include #include diff -u openssh-3.5p1/openbsd-compat/bsd-arc4random.c nw-openssh-3.5p1/openbsd-compat/bsd-arc4random.c --- openssh-3.5p1/openbsd-compat/bsd-arc4random.c Wed May 8 16:57:18 2002 +++ nw-openssh-3.5p1/openbsd-compat/bsd-arc4random.c Tue Mar 11 10:49:54 2003 @@ -39,13 +39,17 @@ /* Number of bytes to reseed after */ #define REKEY_BYTES (1 << 24) +#ifndef HAVE_NETWARE static int rc4_ready = 0; static RC4_KEY rc4; +#endif unsigned int arc4random(void) { unsigned int r = 0; +#ifndef HAVE_NETWARE static int first_time = 1; +#endif if (rc4_ready <= 0) { if (first_time) diff -u openssh-3.5p1/openbsd-compat/dirname.c nw-openssh-3.5p1/openbsd-compat/dirname.c --- openssh-3.5p1/openbsd-compat/dirname.c Tue Sep 10 18:29:13 2002 +++ nw-openssh-3.5p1/openbsd-compat/dirname.c Tue Mar 11 10:49:55 2003 @@ -44,6 +44,18 @@ { static char bname[MAXPATHLEN]; register const char *endp; +#ifdef HAVE_NETWARE + const char *startp = path; + endp = path + strlen(path) - 1; + + while( startp < endp && *startp != ':' ) + startp++; + + if( startp == endp ) + startp = path; + else + startp++; +#endif /* Empty or NULL string gets treated as "." */ if (path == NULL || *path == '\0') { @@ -74,7 +86,12 @@ errno = ENAMETOOLONG; return(NULL); } +#ifndef HAVE_NETWARE strlcpy(bname, path, endp - path + 2); +#else + strlcpy(bname, startp, endp - startp + 2); + bname[endp - startp + 2] = 0; +#endif return(bname); } #endif diff -u openssh-3.5p1/openbsd-compat/fake-getaddrinfo.c nw-openssh-3.5p1/openbsd-compat/fake-getaddrinfo.c --- openssh-3.5p1/openbsd-compat/fake-getaddrinfo.c Thu Feb 8 18:55:36 2001 +++ nw-openssh-3.5p1/openbsd-compat/fake-getaddrinfo.c Tue Mar 11 10:49:55 2003 @@ -10,6 +10,7 @@ */ #include "includes.h" +#include "xmalloc.h" #include "ssh.h" RCSID("$Id: fake-getaddrinfo.c,v 1.2 2001/02/09 01:55:36 djm Exp $"); @@ -35,7 +36,7 @@ do { next = ai->ai_next; - free(ai); + xfree(ai); } while (NULL != (ai = next)); } #endif /* !HAVE_FREEADDRINFO */ @@ -45,7 +46,7 @@ { struct addrinfo *ai; - ai = malloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); + ai = xmalloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); if (ai == NULL) return(NULL); diff -u openssh-3.5p1/openbsd-compat/glob.c nw-openssh-3.5p1/openbsd-compat/glob.c --- openssh-3.5p1/openbsd-compat/glob.c Tue Sep 10 18:29:13 2002 +++ nw-openssh-3.5p1/openbsd-compat/glob.c Tue Mar 11 10:49:55 2003 @@ -379,12 +379,16 @@ #if 0 if (issetugid() != 0 || (h = getenv("HOME")) == NULL) { #endif +#ifndef HAVE_NETWARE if ((getuid() != geteuid()) || (h = getenv("HOME")) == NULL) { if ((pwd = getpwuid(getuid())) == NULL) return pattern; else h = pwd->pw_dir; } +#else + return pattern; +#endif } else { /* * Expand a ~user