From mouse Mon May 1 02:36:35 2006 Return-Path: Received: (from mouse@localhost) by Sparkle.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id CAA19305; Mon, 1 May 2006 02:36:35 -0400 (EDT) From: der Mouse Message-Id: <200605010636.CAA19305@Sparkle.Rodents.Montreal.QC.CA> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. X-Message-Flag: Microsoft: the company who gave us the botnet zombies. Date: Mon, 1 May 2006 01:44:41 -0400 (EDT) To: mouseware Subject: Mouseware update It's been over a month, I thought perhaps I should drop you people an update...especially in view of the number of things I've done to moussh. copytolog: 20060323 Overhaul in an attempt to make it actually work right in certain stress cases - found the hard way :( libparsedate: 2.1 Complete rewrite, entirely in C, to make it work right when DST changeovers are involved. mcgrep: 20060311 Get rid of all the config flags I haven't used in ages; as a result, some parts of the code actually become readable. Rewrite some of the code to make it possible to search things that can't be mmap()ped (I specifically wanted disk devices, but this also works for pipes) - they are read into a large buffer and the search algorithm is applied to that. Add -r and -R. Add a good deal of internal commenting. Some slight manpage rewording. moussh: 20060430 Replace all abort()s with calls to a new panic(), plus code to save debugging info in a directory in /tmp on panic, if configured to do so. Fix rekeying to actually work (it managed to lose track of host-key algorithms, thus leading the server to complain that it has no host keys, upon rekeying). Improve internal commenting of bpp_setup(). Init a couple of variables previously forgotten. Reorder the struct slightly. Convert manifest constants to enums in client.c, config.c, connshare-s.c. Fix connection sharing to preseve global-request response order! Move a freeaddrinfo() call in client.c so some data stays valid when it needs to. Rework forwarding support in client.c, and connshare-s.c, so that -R forwardings get torn down correctly when the client goes away. Don't print key-exchange stuff on client command-line "status" if we're doing connection sharing, 'cause there's no bpp then. Add address, CIDR, and set datatypes to the config-file language, including [rdns], [fdns], and [in] functions. Note that sets are type-homogenous and duplicates-removed. Rework how config-file conditionals are handled, so they actually work the way it looks as though it should. (Before this fix, doing something like if !?user & .... user = "root" fwd = "-agent" endif would skip the second assignment. This explains some very frustrating config-file mysteries.) Add support for functions which take expressions, rather than values, as arguments. In particular, add map, which needs this. Add explicit type-conversion/construction functions: [bool], [str], [int], [addr], [cidr], [set]. Add <= and >= comparisons. Support integer comparisons. Change how -share-kill and -share-stop work, so you can do "machinename -share-kill" instead of having to do "moussh -share-kill FOO" where FOO is whatever your config file ends up setting share-path to. Make [matchsub] actually work. Add some new drafts. Add debugging variables holding stdin/stdout/stderr, to avoid having to use __sF[] in gdb. Update moussh's copy of lcs-cvt and local-prog. Add a connection-sharing-friendly cancel-TCP-forwarding request. (I was using the stock cancel-forwarding request, but the forwarding rework pointed out that that can't work right with connection sharing.) NUL-terminate correctly when setproctitle()ing. nc: 20060403 Complete rewrite, converting to a paradigm stolen from moussh, to support -lockstep. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From mouse Wed May 24 00:20:14 2006 Return-Path: Received: (from mouse@localhost) by Sparkle.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id AAA20246; Wed, 24 May 2006 00:20:14 -0400 (EDT) From: der Mouse Message-Id: <200605240420.AAA20246@Sparkle.Rodents.Montreal.QC.CA> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. X-Message-Flag: Microsoft: the company who gave us the botnet zombies. Date: Tue, 23 May 2006 23:59:00 -0400 (EDT) To: mouseware Subject: New moussh New version of moussh - 20060523. In this version: config-file string concatenation is now a real operator (spelled ".", a la perl) rather than mere juxtaposition a la awk. THIS IS A NON-BACKWARD-COMPATIBLE CHANGE; YOU LIKELY NEED TO CHANGE YOUR CONFIG FILES IF YOU UPDATE TO THIS VERSION. -ua now works for the server as well. README's description of -sshdir brought into better match with reality. Typo fix in README's description of -badhk. README's description of -badhk updated to include the full current list of options. -esc now accepts specs of the form 0xXX; doc updated to match. Manpage description of c- prefix updated to match the reality. Useless code removed from client.c (the cfxconns variable) and x.h (the CFXCONN type). config-file parser updated to support integer arithmetic. This involves forbidding variable names beginning with a - (which would always have been an error anyway because no such variables were ever defined, and user-defined variables all begin with $). config-file functions [md5] and [sha1] added, including doc. config.doc removed. It was rather out of date, and as far as I could see contained nothing not present in moussh.1. Manpage description of [matchsub] improved. Manpage descriptions of [bool], [str], [int], [addr], [cidr], [set], [in], [rdns], [fdns], and [map] added (the actual code was already there in the 20060514 version). A beginning of real internals-doc comments added: affected files are writev.h and x.h. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From mouse Thu May 25 02:15:53 2006 Return-Path: Received: (from mouse@localhost) by Sparkle.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id CAA24239; Thu, 25 May 2006 02:15:53 -0400 (EDT) From: der Mouse Message-Id: <200605250615.CAA24239@Sparkle.Rodents.Montreal.QC.CA> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. X-Message-Flag: Microsoft: the company who gave us the botnet zombies. Date: Thu, 25 May 2006 01:58:26 -0400 (EDT) To: mouseware Subject: moussh now at 20060524 [The two of you who haven't been added to the mouseware list yet are getting Bcc:s - I didn't add you to the list unilaterally! I'll wait a few more days in case you want on the list, then stop Bcc:ing you off-list on copies of updates like this one, unless you specifically ask me to continue. Not that I expect to have too many more updates all that soon....] I did some more to moussh today. It's now at 20060524. Changes: - The server now does password authentication. This means it now has to link with -lcrypt. There's also a way to build it without even containing the code for server-side password auth, for those who want something surer than just disabling it in the server config file. I added a note to INSTALL about all this. The server also logs something for each password auth attempt, and the log message is different for (1) a nonexistent user, (2) an existing user with never-auth set, (3) a user which would work if the right password were given but a wrong password was actually given, and (4) a successful auth (good user, right password). There is currently no support for password changing via CHANGEREQ messages, in either direction. - The server now keeps count of authentication attempts, both globally (per connection) and per authentication algorithm. These are exported to the config file through new variables auth-attempts and auth-alg-attempts. - Improved the config file engine treatmept of [map] so it won't constantly reevaluate the call just because you touch the dummy variables' non-dummy values. This is just a performance optimization; it should not affect correctness. - Added a user-uid config-file variable, to give the config file access to the UID of the user the client is trying to authenticate as (this was motivated by a desire to make it possible to do something akin to PermitRootLogin, but of course it actually supports a lot more than just that). - Added an auth-alg config-file variable, to give the config file access to which authentication algorithm authentication is being attempted via. This is primarily so that, eg, you can dump connections after three failed password attempts without affecting public-key attempts. The FTPable copy is updated. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From mouse Sun May 28 04:54:08 2006 Return-Path: Received: (from mouse@localhost) by Sparkle.Rodents.Montreal.QC.CA (8.8.8/8.8.8) id EAA14605; Sun, 28 May 2006 04:54:08 -0400 (EDT) From: der Mouse Message-Id: <200605280854.EAA14605@Sparkle.Rodents.Montreal.QC.CA> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. X-Message-Flag: Microsoft: the company who gave us the botnet zombies. Date: Sun, 28 May 2006 04:37:22 -0400 (EDT) To: mouseware Subject: new moussh moussh now at 20060528, FTPable copy updated. New in this version: - First start at addressing the nested-function declaration issue. See the remark in INSTALL. (Still to go is lcs-cvt, which is a bit of a sticking point because it exists not just in the moussh source dir.) - Internals-doc comments written for config.c. - Minor cleanup in config.c - collecting variables, eliminating a completely unused struct element, that sort of thing. - Bugfix - negating a conditional used to swap the arms of the conditional; I don't know what I was on when I thought that amounted to negating it. (It actually amounts to negating the test portion.) - Bugfix - -nofwd did the same thing as -fwd (!!). - Better error checking - check for junk after if and elif expressions. - Fix minor memory leaks in certain error cases. - Fix debugging output of strings. (It got quoting wrong sometimes.) - Improve debugging output of expressions (use « », which have no syntactic significance rather than [ ]). - Fix equality comparison of sets. (I'm not sure it was wrong before, but it wasn't clearly right.) - Make unset & false -> false rather than unset; similarly, make unset | true -> true. This allows conditionals like if ?foo & (foo == 0) to do what they're supposed to. - Simplify the code for string @ string operations. - Clarify some documentation on macro variables. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@rodents.montreal.qc.ca / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B