1.4alpha4 23-NOV-1999 Fix bug in monitor.c that causes server to stop accepting new connections if more than max_clients simultaneous connections occur. The code path handling the connect rejection failed to unlock a mutex resulting in deadlock. Inspection of the port forwarding code shows an apparent memory leak, modify server_session.c to cleanup the allocated buffer. --- (1.4alpha3 26-MAY-1999) Fix missing return statement in helper_com.c that caused startup failure on VAX. Fix too-long branch in build_ft_accpornam.com on VAX. Make sshcipher.c compatible with OpenSSL 9.3xxx ---- Consolidate common code in helper programs into a helper_com.c module. This module handles the mailbox I/O and deadman lock creation. The helper programs rsa_engine.c, key_generator.c, and initiator.c were update to use the new module. Modify helper_com.c to properly handle kernel threads in an SMP environment. Helper programs verify sender PID for mailbox messages and this can change when using kernel threads. Added hack to have the server load the remote connect info into the TT_ACCPORNAM of the pseudo terminal. The string added is of the format "host: nnn.nnn.nnn.nnn port: nnnn", same as the first equivalence string of the SSH_PTY_MAP logicals. This feature entails kernel mode code and is disabled by default. Two new parameter file entries control this feature: pty_accpornam Flag value to enable (1) or disable (0) the set accpornam feature. pty_accpornam_image Directory specificaion for loading of FT_ACCPORNAM.EXE shareable image. The FT_ACCPORNAM hack references symbols in the OS kernel and is therefore closely tied to the OS version. After an OS upgrade, you must use the BUILD_FT_ACCPORNAM.COM procedure to build a new FT_ACCPORNAM.EXE shareable image (the server should not require a rebuild). --- Rework build procedure, sshcryptoshr.exe is now linked by command procedure sshcryptoshr_link.com which supports both VAX and Alpha. Sshcryptoshr*.opt files are now embedded within sshcryptoshr_link.com Modified descrip.mms to provide option for building images without sshcryptoshr shareable image (NOSHARE and SSLCRYPTO macros). Add support for openssl to sshrsa_rpc.c and sshcipher.c. 1.3alpha3 17-MAR-1999 Add vt300 terminal type to terminal_defs.dat. Add small optimization to wrapper completion in file completion_port.c Fix bug in cport_pty.c causing errors to be reported when disconnecting. Fix bugs in synchronization logic for QIO's when kernel threads present, file cport_ucx.c. Also file bugs in timeout handling. Improve forwarder table cleanup in port_forwarder.c Fix bug in server_session.c's rundown handling. Modify build procedures to enable kernel threads where applicable. 1.3alpha 29-JAN-1999 Add fwd_map_table and fwd_map_enable parameters. If present, fwd_map_table will create a system logical name table by that name (default SSH_FWD_TABLE). Any port forward requests with a target port number matching a fwd_map_enable value will add an entry to the fwd_map_table logical name table. These entries use the local port number as the logical name and the authenticated username as the resulting value. Modified port_forwarder.c, port_fwd_dispatch.c, cport_ucx.c to support the new forward mapping parameters. 1.2 22-DEC-1998 Cleanup ident setting in linker options files. 1.2alpha2 4-DEC-1998 Bug fix cport_x11.c deassign_client. 1.2alpha1 26-NOV-1998 Add support for Decnet-based X11 port forwarding. If the new x11_decnet_node parameter is defined, the X11 pseudo-servers will use DECnet transport rather than TCP/IP. When using DECnet transport, the X11 client's username must match the authenticated username and the remote node must match a x11_decnet_node entry (which is a list type). Note that since the server discriminates by username, it multiplexes all unique usernames to the same server number (i.e. SMITH and JONES will both use server 1 for their first login, if JONES logs in a second time it will use server 2). Define additional bit for port_forward parameter - bit 2 is flag to enable hack to work arround broken port forwarding in older versions of SecureCRT betas. Modify miscellaneous cport_* driver file to ensure internal-only routines are declared static. Modify build to check for crypto libraries in different order. 1.1 16-NOV-1998 Modifiy build to check for libcrypto.olb. Bug fix in ssh_server_startup.com, define logical for INITIAL_KEY mode. 1.1alpha3 11-NOV-1998 Modify cport_ucx.c to restart blocked writes at 512 bytes maximum rather than the full request length to reduce thrashing by the server. Add interactive mode option to key_generator.exe to permit creation of new keys. Modified ssh_server_startup.com to generate new keys if P1 is specified as INITIAL_KEY. Also modified readme file. Fix bug in parameters.c, symbol substitution now correctly terminates strings. Fix bug in port_fwd_dispatch that was causing accvio's due to read attempts on closed TCP channels. 1.1alpha2 3-NOV-1998 Fix bugs in port forwarding, module port_fwd_dispatch.c. Allocation failure now returns correct remote channel number to SSH client. Continue properly from open failure. Keep TCP open failure from killing forwarder thread. Change /noprocess mode examine input and kill thread on control-Z (allows SSH client to gracefully close connection). 1.1alpha1 1-NOV-1998 Added new parameters: pty_mode enable/disable pseudo terminals + set auth. options pty_map_table Name of logical name table to hold pty mapping info. required_id Control access to SSH login based on VMS rights ident. port_forward Enable/disable port forwarding, bit mask (def=3). (see ssh_parameters.dat for more information). Support generic port forwarding (SSH_MSG_PORT_OPEN and SSH_CMSG_PORT_FORWARD_REQUEST). Originator string is not supported. Modified SSH_SERVER_STARTUP.COM to read parameters from ssh_parameters.dat initially rather than embedding it in the command procedure. Added restart option to /administrate commands CLOSE and SHUTDOWN (e.g. mcr sethost_ssh -l system/admin localhost close restart). Restart does not work in TEST mode (logical name collisions), and you must update start server using SSH_SERVER_STARTUP.COM included with 1.1. Added support for /noprocess login mode. If '/noprocess' is appended to the username specified by the SSH client, a special connection is created that stays open until close by the client but does not have a process associated with it. This hack is to get around sub-optimal operation of SecureCRT's port forwarding (SecureCRT creates a new SSH connection for each port forward open). To better support disconnectable terminals, a new logical name table is updated when a pseudo-terminal is created (name set by pty_map_table parameter, default: SSH_PTY_MAP). The names in the pty_map_table are the FTAxx device names created and the equivalences names are the connect info, SSH-authenticated username, and X11 info (if present). The login_map and login_info tables are still updated as well if the initiator is used to create the process. Recoginize SSH_CMSG_MAX_PACKET_SIZE and acknowlege, allows server to interoperate with SecureCRT 2.3b2. 1.0 19-OCT-1998 Changed parameters.c to use LIB$GET_SYMBOL for substitution of quoted names instead (e.g. port 'test_port') of getenv(). The problem with getenv is it takes logical names or DCL symbols with logical names taking precedence. Changed ssh_server_startup.com to reflect change. Fixed bug in port_fwd_dispatch.c which resulted in connection slots for X11 connections being incorrectly marked allocated. Change cport_cmd.c to close input mailbox after closing Tweak to cport_pty.c to improve memory locality on attributes table. 1.0alpha4 26-SEP-1998 Added new 'mlist' parameter type, which allows build 2-level heirarchies of parameter lists. Added special .include directive to parameter file, allowing parameter file to include other files. Added tt_type parameter and changed tt_char parameter to the mlist type, allowing terminal settings for incoming PTY connections to be set based upon remote terminal type. Changed cport_pipe.c to treat 'master' thread reads differently than partner thread reads (if no partner streams assigned, master will block). This change eliminates looping condition incurred by admin interface. Change cport_cmd.c to explicitly kill process on disconnected sessions. Fix bug in port_fwd_dispatch.c related to handling of listen socket create failure. 1.0alpha2 21-SEP-1998 Modified ssh_loginout.c to set display for 'command mode' connections. Modified cport_ucx.c to deassign accept channels on stream destroy. Fix numerous bugs in port forwarder modules. Fix bugs in cport_pipe.c related to stream rundown. 1.0alpha 17-SEP-1998 Fix bug in cport_sshmsg.c, failing to initialize allocated structures properly. Added initial support for X11 forwarding. Note that since VMS DECwindows apps do not support non-host-based authentication on TCP connections, use of X11 forwarding presents a security risk. See the description of the x11_* parameters in ssh_server_startup.com for more information. The X11 support work was done against the SSH-1.2.25 client, and may have interoperability problems with previous SSH versions (untested). Added special 'admin' interface for managing the server via an ssh login. The parameter file designates users that send administrative commands to the server by appending "/admininistrate" to the username, (e.g. unix-host> ssh -l system/administrate hostname help). Commands initially present are: HELP Show available commands CLOSE Stop accepting new connections (active connections continue). SHOW xxx Show: SESSIONS List current SSH clients. SHUTDOWN Stop the server. 0.9c 5-SEP-1998 Fix bug in cport_sshlogin so that lookup failures on RSA authenticates are not fatal errors. Modified cport_pty.c to handle window change messages from client. Caveats: If a read or write is pending on the terminal, the set terminal does not occur until that operation completes. Currently running applications do not get notification of the size change and will continue as if the original size was in effect. Further, these applications often reset the terminal characteristics on exit back to what they where when the program started. Removed stray printf from cport_ucx.c Modified key generator to support optional 'initial delay' parameter on the command line, which is number of minutes to wait before the firt key is generated. 0.9b 8-AUG-1998 Fix bug in event_report.c in handling %x directives. Modify user_info.c and cport_sshlogin.c to update user's logfails field on authentication failure. Modify ssh_server.c and parameters.h/.c to make the port parameter a list instead of a single integer. The server will listen on all the ports in the list. Modify parameters.c to support environment variables in the parameters file. A parameter value surrounded by single quotes is assumed to be an environment variable name and the parameter is set to the value of this environment variable or "**UNDEFINED**" if unknown. Add routine cport_copy_timeout to completion_port.c for use by stream handlers to propagate timeout settings for a stream to an internal stream. Modify cport_sshpad.c and cport_sshmsg.c to use the new function. Fix bug in completion_port.c causing cancel operation on stream to hang (deadlock on mutex). 0.9a 25-JUL-1998 Optimize cport_sshpad.c to use fewer I/O calls, reading data into larger buffers and saving the excess. Fix bug in server_session call to the initiator. Verify file owner of authorized keys file being read is the target user. Extend writing of SSH_LOGIN_MAP logicals by initiator_client to include terminal name and remote host/port info. Add ssh_login.com as a template for modifying sys$sylogin, added new program ssh_loginout.exe to be run by this procedure. 0.9 16-JUL-1998 Fix memory leak in cport_sshsess. Added allow_authtype parameter to parameters file, the 2 recognized types are "password" and "rsa". Add support for RSA authentication (SSH_AUTH_RSA). User_keyfile parameter specifies an SSH-1.2.xx style authorized_keys file that lists the public keys known to the user. A new function was added to sshcryptoshr, therefore the GSMATCH version has been increased. Client processes are now created via an initiator process that logs in processes without an explicit password (required to support RSA authtype). Set the initiator parameter to a null string ("") to revert to the previous behaviour. DECnet is still used for 'command' mode unless new parameter 'decnet_cmd' is set to 0. A side effect of creating processes via the initiator is that it the PRC$M_NOPASSWORD flag supresses display of SYS$WELCOME, newmail, last login, and log fails messages. Nor will loginout prompt for virtual terminal reconnect. 0.8a 10-JUL-1998 Added tt_char parameter to parameter file, which allows explicit enable/disable of terminal characteristics. Note the characteristic names are derived from the $TTDEF/$TT2DEF macro names and not "SET TERMINAL" qualifier names. Do more consistency checks on received packets (cport_sshmsg.c). Test for invalid key length combinations, server key and host key must differ by at least 256 bits. Fix RC4 support in sshcipher.c, it now works correctly. Modified build procedure to search for both ssleaylib-axp.olb or crypto-axp.olb reference the first found via logical name. Preserve case in received password (fixes problem with Pathworks V6 external authentication). Bug fix in check_files.coms - properly initialize CRC table. Fix miscellaneous compile problems. Fix typo in aaareadme.txt.