Commit Graph

72 Commits

Author SHA1 Message Date
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Darren Tucker 655a5e0987 - markus@cvs.openbsd.org 2003/11/02 11:01:03
[auth2-gss.c compat.c compat.h sshconnect2.c]
     remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
2003-11-03 20:09:03 +11:00
Damien Miller 7630ee2fa6 - markus@cvs.openbsd.org 2003/08/29 10:03:15
[compat.c compat.h]
     SSH_BUG_K5USER is unused; ok henning@
2003-09-02 22:52:00 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller d32090426b - markus@cvs.openbsd.org 2003/04/01 10:31:26
[compat.c compat.h kex.c]
     bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
     tested by ho@ and myself
2003-04-01 21:44:37 +10:00
Damien Miller e9264973ad - (djm) OpenBSD CVS Sync
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
     [compat.c compat.h sshd.c]
     add a generic match for a prober, such as sie big brother;
     idea from stevesk@; markus@ ok
2002-09-30 11:59:21 +10:00
Damien Miller a0e4559d72 - (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/19 14:53:14
     [compat.c]
2002-09-22 01:25:35 +10:00
Ben Lindstrom c822638794 - markus@cvs.openbsd.org 2002/04/10 08:21:47
[auth1.c compat.c compat.h]
     strip '@' from username only for KerbV and known broken clients, bug #204

Don't mind me.. I just commited a changelog with no patch. <sigh>
2002-04-10 16:22:09 +00:00
Ben Lindstrom cf15944c23 - markus@cvs.openbsd.org 2002/03/25 21:13:51
[channels.c channels.h compat.c compat.h nchan.c]
     don't send stderr data after EOF, accept this from older known (broken)
     sshd servers only, fixes http://bugzilla.mindrot.org/show_bug.cgi?id=179
2002-03-26 03:26:24 +00:00
Damien Miller 4e431d4b8e - markus@cvs.openbsd.org 2002/03/06 00:24:39
[compat.c]
     compat.c
2002-03-07 12:59:02 +11:00
Damien Miller 6d6c5d202f - markus@cvs.openbsd.org 2002/03/06 00:23:27
[compat.c dh.c]
     undo
2002-03-07 12:58:42 +11:00
Damien Miller 6ba693f70e - OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/03/06 00:20:54
     [compat.c dh.c]
     compat.c
2002-03-07 12:58:24 +11:00
Damien Miller 914bef437e - markus@cvs.openbsd.org 2002/01/21 22:30:12
[cipher.c compat.c myproposal.h]
     remove "rijndael-*", just use "aes-" since this how rijndael is called
     in the drafts; ok stevesk@
2002-01-22 23:34:35 +11:00
Damien Miller 0e3b87279c - markus@cvs.openbsd.org 2002/01/13 17:57:37
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom 9eab262f1c - markus@cvs.openbsd.org 2001/12/05 16:54:51
[compat.c match.c match.h]
     make theo and djm happy: bye bye regexp
2001-12-06 18:06:05 +00:00
Ben Lindstrom 1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
2001-12-06 18:00:18 +00:00
Ben Lindstrom f558cf6580 - markus@cvs.openbsd.org 2001/09/20 13:50:40
[compat.c compat.h ssh.c]
     bug compat: request a dummy channel for -N (no shell) sessions +
     cleanup; vinschen@redhat.com
2001-09-20 23:13:49 +00:00
Ben Lindstrom 3b4d42c240 - markus@cvs.openbsd.org 2001/09/17 21:09:47
[compat.c]
     more versions suffering the SSH_BUG_DEBUG bug;
     3.0.x reported by dbutts@maddog.storability.com
2001-09-18 05:55:10 +00:00
Ben Lindstrom 4469723325 - markus@cvs.openbsd.org 2001/06/25 08:25:41
[channels.c channels.h cipher.c clientloop.c compat.c compat.h
      hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
      session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
     update copyright for 2001
2001-07-04 03:32:30 +00:00
Ben Lindstrom aebd0b66fd - markus@cvs.openbsd.org 2001/04/30 16:02:49
[compat.c]
     ssh-2.0.10 has the weak-key-bug, too.
2001-04-30 23:09:45 +00:00
Ben Lindstrom 8c96392255 - markus@cvs.openbsd.org 2001/04/30 15:50:46
[compat.c compat.h kex.c]
     allow interop with weaker key generation used by ssh-2.0.x, x < 10
2001-04-30 23:06:57 +00:00
Ben Lindstrom f343674d5e - markus@cvs.openbsd.org 2001/04/29 19:16:52
[channels.c clientloop.c compat.c compat.h serverloop.c]
     more ssh.com-2.0.x bug-compat; from per@appgate.com
2001-04-29 19:52:00 +00:00
Ben Lindstrom 671388f233 - markus@cvs.openbsd.org 2001/04/18 23:43:26
[auth2.c compat.c sshconnect2.c]
     more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
     (however the 2.1.0 server seems to work only if debug is enabled...)
2001-04-19 20:40:45 +00:00
Ben Lindstrom 5eabda303a - markus@cvs.openbsd.org 2001/04/12 19:15:26
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
      sshconnect2.c sshd_config]
     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
     similar to RhostRSAAuthentication unless you enable (the experimental)
     HostbasedUsesNameFromPacketOnly option.  please test. :)
2001-04-12 23:34:34 +00:00
Ben Lindstrom a8baf36d41 - markus@cvs.openbsd.org 2001/04/05 11:09:17
[clientloop.c compat.c compat.h]
     add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
2001-04-05 23:28:36 +00:00
Ben Lindstrom 4f3ae4c550 - markus@cvs.openbsd.org 2001/04/05 10:00:06
[compat.c]
     2.3.x does old  GEX, too; report jakob@
2001-04-05 23:19:21 +00:00
Ben Lindstrom 78c261ab4a - markus@cvs.openbsd.org 2001/04/04 15:50:55
[compat.c]
     f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
2001-04-04 23:43:26 +00:00
Ben Lindstrom df221391e6 - provos@cvs.openbsd.org 2001/03/27 17:46:50
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
     make dh group exchange more flexible, allow min and max group size,
     okay markus@, deraadt@
2001-03-29 00:36:16 +00:00
Ben Lindstrom 60a4381f1a - markus@cvs.openbsd.org 2001/03/27 10:57:00
[compat.c compat.h ssh-rsa.c]
     some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
     signatures in SSH protocol 2, ok djm@
2001-03-29 00:32:56 +00:00
Ben Lindstrom c8530c7f5c - djm@cvs.openbsd.org 2001/03/23 11:04:07
[compat.c compat.h sshconnect2.c sshd.c]
     Compat for OpenSSH with broken Rijndael/AES. ok markus@
2001-03-24 00:35:19 +00:00
Damien Miller 27dbe6f37e - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
[compat.c compat.h sshd.c]
     specifically version match on ssh scanners.  do not log scan
     information to the console
2001-03-19 22:36:20 +11:00
Tim Rice b399be4436 - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
openbsd-compat/fake-regex.h
2001-03-17 18:43:16 -08:00
Ben Lindstrom d20d0f3e27 - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
[compat.c compat.h sshconnect.c]
     all known netscreen ssh versions, and older versions of OSU ssh cannot
     handle password padding (newer OSU is fixed)
2001-03-10 17:22:20 +00:00
Ben Lindstrom 266dfdfd62 - markus@cvs.openbsd.org 2001/03/08 21:42:33
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
     implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
     no need to do enter passphrase or do expensive sign operations if the
     server does not accept key).
2001-03-09 00:12:22 +00:00
Ben Lindstrom 5de86cc736 - markus@cvs.openbsd.org 2001/02/27 11:00:11
[compat.c]
     support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
2001-03-05 06:08:19 +00:00
Damien Miller 225736c73a - OpenBSD CVS Sync:
- reinhard@cvs.openbsd.org        2001/02/17 08:24:40
     [sftp.1]
     typo
   - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
     [ssh.c]
     cleanup -V output; noted by millert
   - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
     [sshd.8]
     it's the OpenSSH one
   - markus@cvs.openbsd.org  2001/02/18 11:33:54
     [dispatch.c]
     typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
   - markus@cvs.openbsd.org  2001/02/19 02:53:32
     [compat.c compat.h serverloop.c]
     ssh-1.2.{18-22} has broken handling of ignore messages; report from
     itojun@
   - markus@cvs.openbsd.org  2001/02/19 03:35:23
     [version.h]
     OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
   - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
     [scp.c]
     np is changed by recursion; vinschen@redhat.com
2001-02-19 21:51:08 +11:00
Ben Lindstrom 9646f3b3f9 #error no longer required, dealt with in configure.in now. 2001-02-16 03:36:46 +00:00
Kevin Steves bcc862755d - (stevesk) compat.c: more friendly cpp error 2001-02-11 18:49:23 +00:00
Kevin Steves 2b725a056a RCSID 2001-02-05 18:16:28 +00:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom 401d58f361 - (bal) Slight auth2-pam.c clean up.
- (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
   but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
2001-01-19 17:11:43 +00:00
Ben Lindstrom 48bd7c118a - (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2001/01/08 22:29:05
     [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
      sshd_config version.h]
     implement option 'Banner /etc/issue.net' for ssh2, move version to
     2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
     is enabled).
   - markus@cvs.openbsd.org 2001/01/08 22:03:23
     [channels.c ssh-keyscan.c]
     O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/08 21:55:41
     [sshconnect1.c]
     more cleanups and fixes from stevesk@pobox.com:
     1) try_agent_authentication() for loop will overwrite key just
        allocated with key_new(); don't alloc
     2) call ssh_close_authentication_connection() before exit
        try_agent_authentication()
     3) free mem on bad passphrase in try_rsa_authentication()
   - markus@cvs.openbsd.org 2001/01/08 21:48:17
     [kex.c]
     missing free; thanks stevesk@pobox.com
2001-01-09 00:35:42 +00:00
Kevin Steves 48d0d25722 type cpp comment 2000-12-15 23:05:57 +00:00
Ben Lindstrom 971c97317f Another CVS sync w/ OpenBSD
- provos@cvs.openbsd.org 2000/12/09 23:51:11
     [compat.c]
     remove unnecessary '\n'
2000-12-10 02:01:50 +00:00
Ben Lindstrom a14ee47f2e 20001207
- (bal) OpenSSH CVS updates:
   - markus@cvs.openbsd.org 2000/12/06 22:58:14
     [compat.c compat.h packet.c]
     disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
2000-12-07 01:24:58 +00:00
Ben Lindstrom d121f61370 20001204
- (bal) More C functions defined in NeXT that are unaccessable without
   defining -POSIX.
 - (bal) OpenBSD CVS updates:
   - markus@cvs.openbsd.org 2000/12/03 11:29:04
     [compat.c]
     remove fallback to SSH_BUG_HMAC now that the drafts are updated
   - markus@cvs.openbsd.org 2000/12/03 11:27:55
     [compat.c]
     correctly match "2.1.0.pl2 SSH" etc; from pekkas@netcore.fi/bugzilla.redhat
   - markus@cvs.openbsd.org 2000/12/03 11:15:03
     [auth2.c compat.c compat.h sshconnect2.c]
     support f-secure/ssh.com 2.0.12; ok niels@
2000-12-03 17:00:47 +00:00