249 Commits

Author SHA1 Message Date
Ben Lindstrom
3dc40f997b - markus@cvs.openbsd.org 2002/03/24 16:00:27
[serverloop.c]
     remove unused debug
2002-03-26 02:01:30 +00:00
Ben Lindstrom
7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
2002-03-22 02:30:41 +00:00
Damien Miller
699d003e3a - markus@cvs.openbsd.org 2002/02/06 14:55:16
[channels.c clientloop.c serverloop.c ssh.c]
     channel_new never returns NULL, mouring@; ok djm@
2002-02-08 22:07:16 +11:00
Damien Miller
c7ef63dd41 - markus@cvs.openbsd.org 2002/02/03 17:53:25
[auth1.c serverloop.c session.c session.h]
     don't use channel_input_channel_request and callback
     use new server_input_channel_req() instead:
     	server_input_channel_req does generic request parsing on server side
     	session_input_channel_req handles just session specific things now
     ok djm@
2002-02-05 12:21:42 +11:00
Damien Miller
664d6b9a8e - markus@cvs.openbsd.org 2002/01/31 15:00:05
[serverloop.c]
     no need for WNOHANG; ok stevesk@
2002-02-05 12:20:16 +11:00
Damien Miller
b16461ce45 - markus@cvs.openbsd.org 2002/01/16 13:17:51
[channels.c channels.h serverloop.c ssh.c]
     wrapper for channel_setup_fwd_listener
2002-01-22 23:29:22 +11:00
Damien Miller
056cf73d35 - markus@cvs.openbsd.org 2002/01/10 11:13:29
[serverloop.c]
     skip client_alive_check until there are channels; ok beck@
2002-01-22 23:21:39 +11:00
Damien Miller
630d6f4479 - markus@cvs.openbsd.org 2001/12/28 15:06:00
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
Damien Miller
dff5099f13 - markus@cvs.openbsd.org 2001/12/28 14:50:54
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
Damien Miller
48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller
66823cddbe - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:38 +11:00
Damien Miller
7c31809c4a - markus@cvs.openbsd.org 2001/12/21 12:17:33
[serverloop.c]
     remove ifdef for USE_PIPES since fdin != fdout; ok djm@
2002-01-22 23:06:22 +11:00
Damien Miller
278f907a2d - djm@cvs.openbsd.org 2001/12/20 22:50:24
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
     [sshconnect2.c]
     Conformance fix: we should send failing packet sequence number when
     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
     yakk@yakk.dot.net; ok markus@
2001-12-21 15:00:19 +11:00
Damien Miller
f6681a3a96 - markus@cvs.openbsd.org 2001/12/19 16:09:39
[serverloop.c]
     fix race between SIGCHLD and select with an additional pipe.  writing
     to the pipe on SIGCHLD wakes up select(). using pselect() is not
     portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
     initial idea by pmenage@ensim.com; ok deraadt@, djm@
2001-12-21 14:53:11 +11:00
Damien Miller
9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom
f8f065bc75 - itojun@cvs.openbsd.org 2001/12/05 03:50:01
[clientloop.c serverloop.c sshd.c]
     deal with LP64 printf issue with sig_atomic_t.  from thorpej
2001-12-06 17:52:16 +00:00
Ben Lindstrom
5e71c54b8c - markus@cvs.openbsd.org 2001/11/22 12:34:22
[clientloop.c serverloop.c sshd.c]
     volatile sig_atomic_t
2001-12-06 16:48:14 +00:00
Damien Miller
79faeff2c1 - markus@cvs.openbsd.org 2001/11/09 18:59:23
[clientloop.c serverloop.c]
     don't memset too much memory, ok millert@
     original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
2001-11-12 11:06:32 +11:00
Damien Miller
3ec2759ad4 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/10/10 22:18:47
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c session.h]
     try to keep channels open until an exit-status message is sent.
     don't kill the login shells if the shells stdin/out/err is closed.
     this should now work:
     ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
2001-10-12 11:35:04 +10:00
Damien Miller
52b77beb65 - markus@cvs.openbsd.org 2001/10/09 21:59:41
[channels.c channels.h serverloop.c session.c session.h]
     simplify session close: no more delayed session_close, no more blocking wait() calls.
2001-10-10 15:14:37 +10:00
Damien Miller
c71f4e40b6 - markus@cvs.openbsd.org 2001/10/09 19:51:18
[serverloop.c]
     close all channels if the connection to the remote host has been closed,
     should fix sshd's hanging with WCHAN==wait
2001-10-10 15:08:36 +10:00
Damien Miller
8c3902afde - markus@cvs.openbsd.org 2001/10/04 15:12:37
[serverloop.c]
     client_alive_check cleanup
2001-10-10 15:01:40 +10:00
Damien Miller
af5f2e641c - markus@cvs.openbsd.org 2001/10/04 15:05:40
[channels.c serverloop.c]
     comment out bogus conditions for selecting on connection_in
2001-10-10 15:01:16 +10:00
Ben Lindstrom
6d218f404f - markus@cvs.openbsd.org 2001/09/17 21:04:02
[channels.c serverloop.c]
     don't send fake dummy packets on CR (\r)
     bugreport from yyua@cs.sfu.ca via solar@@openwall.com
2001-09-18 05:53:12 +00:00
Kevin Steves
e26a155415 - (stevesk) use mysignal() in protocol 1 loop now that the SIGCHLD
handler has converged.
2001-07-26 17:51:49 +00:00
Ben Lindstrom
16d29d57e8 - markus@cvs.openbsd.org 2001/07/17 21:04:58
[channels.c channels.h clientloop.c nchan.c serverloop.c]
     keep track of both maxfd and the size of the malloc'ed fdsets.
     update maxfd if maxfd gets closed.
2001-07-18 16:01:46 +00:00
Ben Lindstrom
36857f6b8b - markus@cvs.openbsd.org 2001/07/15 16:17:08
[serverloop.c]
     schedule client alive for ssh2 only, greg@cheers.bungi.com
2001-07-18 15:48:57 +00:00
Ben Lindstrom
809744e912 - markus@cvs.openbsd.org 2001/07/02 22:52:57
[channels.c channels.h serverloop.c]
     improve cleanup/exit logic in ssh2:
     stop listening to channels, detach channel users (e.g. sessions).
     wait for children (i.e. dying sessions), send exit messages,
     cleanup all channels.
2001-07-04 05:26:06 +00:00
Ben Lindstrom
4983d5ebd5 - markus@cvs.openbsd.org 2001/07/02 13:59:15
[serverloop.c session.c session.h]
     wait until !session_have_children(); bugreport from
     Lutz.Jaenicke@aet.TU-Cottbus.DE
2001-07-04 05:17:40 +00:00
Ben Lindstrom
bddd551e11 - markus@cvs.openbsd.org 2001/06/27 02:12:54
[serverloop.c serverloop.h session.c session.h]
     quick hack to make ssh2 work again.
2001-07-04 04:53:53 +00:00
Ben Lindstrom
4469723325 - markus@cvs.openbsd.org 2001/06/25 08:25:41
[channels.c channels.h cipher.c clientloop.c compat.c compat.h
      hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
      session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
     update copyright for 2001
2001-07-04 03:32:30 +00:00
Ben Lindstrom
bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
2001-06-25 05:01:22 +00:00
Ben Lindstrom
601e43638e - markus@cvs.openbsd.org 2001/06/20 13:56:39
[channels.c channels.h clientloop.c packet.c serverloop.c]
     move from channel_stop_listening to channel_free_all,
     call channel_free_all before calling waitpid() in serverloop.
     fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
2001-06-21 03:19:23 +00:00
Ben Lindstrom
ec46e0b5fd - markus@cvs.openbsd.org 2001/06/04 23:07:21
[clientloop.c serverloop.c sshd.c]
     set flags in the signal handlers, do real work in the main loop,
     ok provos@
2001-06-09 01:27:31 +00:00
Ben Lindstrom
c763767f18 [NOTE: Next patch will sync nchan.c, channels.c and channels.h and all this
pain will be over.]
   - markus@cvs.openbsd.org 2001/05/31 10:30:17
     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
      packet.c serverloop.c session.c ssh.c]
     undo the .c file split, just merge the header and keep the cvs
     history
2001-06-09 00:36:26 +00:00
Ben Lindstrom
e6455aee8f [NOTE: File split is was not done in Portabl Tree]
- markus@cvs.openbsd.org 2001/05/30 12:55:13
     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
      packet.c serverloop.c session.c ssh.c ssh1.h]
     channel layer cleanup: merge header files and split .c files
2001-06-09 00:17:10 +00:00
Ben Lindstrom
6912866893 - markus@cvs.openbsd.org 2001/05/08 19:17:31
[channels.c serverloop.c]
     adds correct error reporting to async connect()s
     fixes the server-discards-data-before-connected-bug found by
     onoe@sm.sony.co.jp
2001-05-08 20:07:39 +00:00
Ben Lindstrom
99c73b377a - markus@cvs.openbsd.org 2001/05/04 23:47:34
[channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
     move to Channel **channels (instead of Channel *channels), fixes realloc
     problems.  channel_new now returns a Channel *, favour Channel * over
     channel id.  remove old channel_allocate interface.
2001-05-05 04:09:47 +00:00
Ben Lindstrom
f343674d5e - markus@cvs.openbsd.org 2001/04/29 19:16:52
[channels.c clientloop.c compat.c compat.h serverloop.c]
     more ssh.com-2.0.x bug-compat; from per@appgate.com
2001-04-29 19:52:00 +00:00
Ben Lindstrom
2f0304c768 - markus@cvs.openbsd.org 2001/04/29 18:32:52
[serverloop.c]
     fix whitespace
2001-04-29 19:49:14 +00:00
Ben Lindstrom
5744dc421d - beck@cvs.openbsd.org 2001/04/13 22:46:54
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
     Add options ClientAliveInterval and ClientAliveCountMax to sshd.
     This gives the ability to do a "keepalive" via the encrypted channel
     which can't be spoofed (unlike TCP keepalives). Useful for when you want
     to use ssh connections to authenticate people for something, and know
     relatively quickly when they are no longer authenticated. Disabled
     by default (of course). ok markus@
2001-04-13 23:28:01 +00:00
Ben Lindstrom
e34ab4c04e - markus@cvs.openbsd.org 2001/04/05 23:39:20
[serverloop.c]
     keep the ssh session even if there is no active channel.
     this is more in line with the protocol spec and makes
        ssh -N -L 1234:server:110 host
     more useful.
     based on discussion with <mats@mindbright.se> long time ago
     and recent mail from <res@shore.net>
2001-04-07 01:12:11 +00:00
Ben Lindstrom
a3700050ec - markus@cvs.openbsd.org 2001/04/05 10:42:57
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
      mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
      sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
      sshconnect2.c sshd.c]
     fix whitespace: unexpand + trailing spaces.
2001-04-05 23:26:32 +00:00
Ben Lindstrom
8e312f3db0 - markus@cvs.openbsd.org 2001/04/04 22:04:35
[kex.c kexgex.c serverloop.c]
     parse full kexinit packet.
     make server-side more robust, too.
2001-04-04 23:50:21 +00:00
Ben Lindstrom
be2cc43c3a - markus@cvs.openbsd.org 2001/04/04 20:25:38
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
      sshconnect2.c sshd.c]
     more robust rekeying
     don't send channel data after rekeying is started.
2001-04-04 23:46:07 +00:00
Ben Lindstrom
8ac9106c3d - markus@cvs.openbsd.org 2001/04/04 14:34:58
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
     enable server side rekeying + some rekey related clientup.
     todo: we should not send any non-KEX messages after we send KEXINIT
2001-04-04 17:57:54 +00:00
Damien Miller
b44fe0617d - (djm) Pull out our own SIGPIPE hacks 2001-03-24 15:39:38 +11:00
Ben Lindstrom
7bb8b49596 - markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
     implement "permitopen" key option, restricts -L style forwarding to
     to specified host:port pairs. based on work by harlan@genua.de
2001-03-17 00:47:54 +00:00
Ben Lindstrom
9c5324422e - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c 2001-03-05 07:33:14 +00:00
Ben Lindstrom
92a2e38f8e - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
2001-03-05 06:59:27 +00:00