Commit Graph

4747 Commits

Author SHA1 Message Date
Darren Tucker 54e1b2291c - (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth
process so that any logging it does is with the right timezone.  From
   Scott Strickler, ok djm@.
2006-09-17 11:57:46 +10:00
Damien Miller dd1f9b307e - (djm) Add openssh.xml to .cvsignore and sort it 2006-09-17 08:05:03 +10:00
Damien Miller 3c9c1fbd21 - djm@cvs.openbsd.org 2006/09/16 19:53:37
[deattack.c deattack.h packet.c]
     limit maximum work performed by the CRC compensation attack detector,
     problem reported by Tavis Ormandy, Google Security Team;
     ok markus@ deraadt@
2006-09-17 06:08:53 +10:00
Damien Miller 223897a01a - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
Support SMF in Solaris Packages if enabled by configure. Patch from
   Chad Mynhier, tested by dtucker@
2006-09-12 21:54:10 +10:00
Darren Tucker 5d8a9acef0 - (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted
by Pekka Savola.
2006-09-11 20:46:13 +10:00
Darren Tucker 57b2920ad8 - (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB. 2006-09-10 20:25:51 +10:00
Darren Tucker f376669328 - (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available. 2006-09-10 13:24:18 +10:00
Darren Tucker 733a292c11 - (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@ 2006-09-09 20:41:25 +10:00
Darren Tucker 19a66dbf4f - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user. 2006-09-09 20:34:15 +10:00
Darren Tucker 08432d54fa - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h. 2006-09-09 15:59:43 +10:00
Darren Tucker 6d0d6fbfdf - (dtucker) [configure.ac] The BSM header test needs time.h in some cases. 2006-09-09 01:05:21 +10:00
Darren Tucker 17da530d60 - (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
from Chris Adams.
2006-09-08 09:54:41 +10:00
Darren Tucker 89f59cea1c - (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better
chance of winning.
2006-09-08 00:03:05 +10:00
Darren Tucker f19bbc3883 - (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H. 2006-09-07 22:57:53 +10:00
Tim Rice b8f00193d8 - (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6 2006-09-06 18:11:29 -07:00
Damien Miller 6433df036e - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
   Magnus Abrante; suggestion and feedback dtucker@
   NB. this change will require that the privilege separation user must
   exist on all the time, not just when UsePrivilegeSeparation=yes
2006-09-07 10:36:43 +10:00
Darren Tucker 6e1033318c - (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP. 2006-09-05 19:25:19 +10:00
Darren Tucker e1fe09968d - (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov. 2006-09-05 07:53:38 +10:00
Darren Tucker 3e0891093a - (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
updwdtmp seems to generate invalid wtmp entries.  From Roger Cornelius,
   ok djm@
2006-09-04 22:37:41 +10:00
Darren Tucker ed0b59218e - (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
declaration of writev(2) and declare it ourselves if necessary.  Makes
   the atomiciov() calls build on really old systems.  ok djm@
2006-09-03 22:44:49 +10:00
Darren Tucker 46aa3e0ce1 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
   openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
   for hton* and ntoh* macros.  Required on (at least) HP-UX since we define
   _XOPEN_SOURCE_EXTENDED.  Found by santhi.amirta at gmail com.
2006-09-02 15:32:40 +10:00
Darren Tucker 25fa0ee693 - (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan. 2006-09-02 12:38:56 +10:00
Darren Tucker 9fdeb66f67 - (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank
versions.
2006-09-01 21:32:53 +10:00
Darren Tucker 096faecdea - (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
test for GLOB_NOMATCH and use our glob functions if it's not found.
   Stops sftp from segfaulting when attempting to get a nonexistent file on
   Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
   from and tested by Corinna Vinschen.
2006-09-01 20:29:10 +10:00
Darren Tucker 0646ca6be8 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration
warnings for binary_open and binary_close.  Patch from Corinna Vinschen.
2006-09-01 19:29:01 +10:00
Damien Miller 607aede26c - (djm) [includes.h monitor.c openbsd-compat/bindresvport.c]
[openbsd-compat/rresvport.c] Some more headers: netinet/in.h
   sys/socket.h and unistd.h in various places
2006-09-01 15:48:19 +10:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Darren Tucker 288cbbd59e - (dtucker) [contrib/cygwin/ssh-host-config] Add SeTcbPrivilege privilege
while setting up the ssh service account.  Patch from Corinna Vinschen.
2006-08-31 11:28:49 +10:00
Damien Miller 1b06dc30ad - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
   [openbsd-compat/port-solaris.h] Add support for Solaris process
   contracts, enabled with --use-solaris-contracts. Patch from Chad
   Mynhier, tweaked by dtucker@ and myself; ok dtucker@
2006-08-31 03:24:41 +10:00
Darren Tucker 26d4e19caa - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
loginsuccess on AIX immediately after authentication to clear the failed
   login count.  Previously this would only happen when an interactive
   session starts (ie when a pty is allocated) but this means that accounts
   that have primarily non-interactive sessions (eg scp's) may gradually
   accumulate enough failures to lock out an account.  This change may have
   a side effect of creating two audit records, one with a tty of "ssh"
   corresponding to the authentication and one with the allocated pty per
   interactive session.
2006-08-30 22:33:09 +10:00
Damien Miller 8ff1da81ec - (djm) [openbsd-compat/xcrypt.c] needs unistd.h 2006-08-30 17:52:03 +10:00
Damien Miller 6ba5740941 - djm@cvs.openbsd.org 2006/08/30 00:14:37
[version.h]
     crank to 4.4
2006-08-30 11:09:01 +10:00
Damien Miller 2125887a94 - dtucker@cvs.openbsd.org 2006/08/30 00:06:51
[sshconnect2.c]
     Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL
     where previously it weren't.  bz #1221, found by Dean Kopesky, ok djm@
2006-08-30 11:08:33 +10:00
Damien Miller 76758b6423 - dtucker@cvs.openbsd.org 2006/08/29 12:02:30
[gss-genr.c]
     Work around a problem in Heimdal that occurs when KRB5CCNAME file is
     missing, by checking whether or not kerberos allocated us a context
     before attempting to free it.  Patch from Simon Wilkinson, tested by
     biorn@, ok djm@
2006-08-30 11:08:04 +10:00
Damien Miller d5fe0baa73 - djm@cvs.openbsd.org 2006/08/29 10:40:19
[channels.c session.c]
     normalise some inconsistent (but harmless) NULL pointer checks
     spotted by the Stanford SATURN tool, via Isil Dillig;
     ok markus@ deraadt@
2006-08-30 11:07:39 +10:00
Damien Miller 5d43d49014 - dtucker@cvs.openbsd.org 2006/08/21 08:15:57
[sshd.8]
     Add more detail about what permissions are and aren't accepted for
     authorized_keys files.  Corrections jmc@, ok djm@, "looks good" jmc@
2006-08-30 11:07:00 +10:00
Damien Miller b594f38bae - (djm) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2006/08/21 08:14:01
     [sshd_config.5]
     Document HostbasedUsesNameFromPacketOnly.  Corrections from jmc@,
     ok jmc@ djm@
2006-08-30 11:06:34 +10:00
Darren Tucker e83a83c7be - (dtucker) [openbsd-compat/xmmap.c] Move #define HAVE_MMAP to prevent
unused variable warning when we have a broken or missing mmap(2).
2006-08-24 19:55:41 +10:00
Darren Tucker c1abe8e3e8 - (dtucker) [openbsd-compat/rresvport.c] Include <stdlib.h> for malloc. 2006-08-24 19:53:40 +10:00
Darren Tucker f80f5ec81b - (dtucker) [openbsd-compat/bsd-openpty.c] Include for ioctl(2). 2006-08-24 19:52:30 +10:00
Darren Tucker 450d2af2a3 - (dtucker) [openbsd-compat/bsd-misc.c] Include <sys/select.h> for select(2)
on POSIX systems.
2006-08-24 19:45:33 +10:00
Darren Tucker e086955531 - (dtucker) [openbsd-compat/bsd-misc.c] Add includes needed for select(2) on
older systems.
2006-08-24 19:43:16 +10:00
Darren Tucker fe408b4826 - (dtucker) [openbsd-compat/basename.c] Include errno.h. 2006-08-24 19:41:03 +10:00
Darren Tucker 12259d9680 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in
Makefile.  Patch from santhi.amirta at gmail, ok djm.
2006-08-22 22:24:10 +10:00
Darren Tucker 0eb810015f - (dtucker) [configure.ac] Remove errant "-". 2006-08-20 21:43:19 +10:00
Darren Tucker 639bbe8bfe - (dtucker) [configure.ac] Bug #1181: Explicitly test to see if OpenSSL
(0.9.8a and presumably newer) requires -ldl to successfully link.
2006-08-20 20:17:53 +10:00
Darren Tucker 3e6bde483d - (dtucker) [configure.ac] Relocate --with-pam parts in preparation for
fixing bug #1181.  No changes yet.
2006-08-20 20:03:50 +10:00
Darren Tucker 4ba387337c - (dtucker) [configure.ac] Save $LIBS during PAM library tests and restore
afterward.  Removes the need to mangle $LIBS later to remove -lpam and -ldl.
2006-08-20 19:55:02 +10:00
Darren Tucker aa1517ca1e - (dtucker) [log.c] Move ifdef to prevent unused variable warning. 2006-08-20 17:55:54 +10:00
Darren Tucker f0625699df - (dtucker) [openbsd-compat/regress/Makefile.in] Add $(EXEEXT) and add a
single rule for the test progs.
2006-08-19 19:12:14 +10:00
Damien Miller deccaa7d0f - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2006/08/18 22:41:29
     [gss-genr.c]
     GSSAPI error code should be 0 and not -1; from simon@sxw.org.uk
2006-08-19 08:50:57 +10:00
Damien Miller bb59814cd6 - (djm) Disable sigdie() for platforms that cannot safely syslog inside
a signal handler (basically all of them, excepting OpenBSD);
   ok dtucker@
2006-08-19 08:38:23 +10:00
Damien Miller 3d2d6e90e4 - djm@cvs.openbsd.org 2006/08/18 14:40:34
[gss-genr.c ssh-gss.h]
     constify host argument to match the rest of the GSSAPI functions and
     unbreak compilation with -Werror
2006-08-19 00:46:43 +10:00
Damien Miller a1cb9f334b - djm@cvs.openbsd.org 2006/08/18 13:54:54
[gss-genr.c ssh-gss.h sshconnect2.c]
     bz #1218 - disable SPNEGO as per RFC4462; diff from simon AT sxw.org.uk
     ok markus@
2006-08-19 00:33:34 +10:00
Damien Miller bdf00ca0bd - djm@cvs.openbsd.org 2006/08/18 10:27:16
[misc.h]
     reorder so prototypes are sorted by the files they refer to; no
     binary change
2006-08-19 00:33:05 +10:00
Damien Miller 3f8123c804 - markus@cvs.openbsd.org 2006/08/18 09:15:20
[auth.h session.c sshd.c]
     delay authentication related cleanups until we're authenticated and
     all alarms have been cancelled; ok deraadt
2006-08-19 00:32:46 +10:00
Damien Miller 99a648e592 - deraadt@cvs.openbsd.org 2006/08/18 09:13:26
[log.c log.h sshd.c]
     make signal handler termination path shorter; risky code pointed out by
     mark dowd; ok djm markus
2006-08-19 00:32:20 +10:00
Damien Miller a1f6840a4f - djm@cvs.openbsd.org 2006/08/16 11:47:15
[sshd.c]
     factor inetd connection, TCP listen and main TCP accept loop out of
     main() into separate functions to improve readability; ok markus@
2006-08-19 00:31:39 +10:00
Damien Miller 565ca3f600 - dtucker@cvs.openbsd.org 2006/08/14 12:40:25
[servconf.c servconf.h sshd_config.5]
     Add ability to match groups to Match keyword in sshd_config.  Feedback
     djm@, stevesk@, ok stevesk@.
2006-08-19 00:23:15 +10:00
Damien Miller 1c89ce0749 - miod@cvs.openbsd.org 2006/08/12 20:46:46
[monitor.c monitor_wrap.c]
     Revert previous include file ordering change, for ssh to compile under
     gcc2 (or until openssl include files are cleaned of parameter names
     in function prototypes)
2006-08-19 00:22:40 +10:00
Damien Miller 63b94128cb - (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2006/08/06 01:13:32
     [compress.c monitor.c monitor_wrap.c]
     "zlib.h" can be <zlib.h>; ok djm@ markus@
2006-08-19 00:21:46 +10:00
Darren Tucker 637c80aa6f - (dtucker) [openbsd-compat/regress/Makefile.in] Use implicit rules for the
test progs instead; they work better than what we have.
2006-08-18 20:56:18 +10:00
Darren Tucker ec4e4daa6c - (dtucker) [openbsd-compat/regress/snprintftest.c] Newline on error. 2006-08-18 20:09:32 +10:00
Darren Tucker 43d3ccdbdd - (dtucker) [openbsd-compat/bsd-closefrom.c] Comment out rcsid. 2006-08-18 19:49:58 +10:00
Darren Tucker d018b2e9c8 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Resync with
closefrom.c from sudo.
2006-08-18 18:51:20 +10:00
Darren Tucker c889ffdbc6 - (dtucker) [openbsd-compat/regress/{Makefile.in,closefromtest.c}] Regress
test for closefrom() in compat code.
2006-08-17 19:40:35 +10:00
Darren Tucker 3083bc2b52 - (dtucker) [configure.ac openbsd-compat/bsd-closefrom.c] Use F_CLOSEM fcntl
for closefrom() on AIX.  Pointed out by William Ahern.
2006-08-17 19:35:49 +10:00
Darren Tucker e6b641a9a1 - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c]
Include stdlib.h for malloc and friends.
2006-08-17 18:55:27 +10:00
Damien Miller 56799c3f2a - (djm) [audit-bsm.c] Sprinkle in some headers 2006-08-16 11:40:45 +10:00
Darren Tucker 533418138f - (dtucker) [LICENCE] Add Reyk to the list for the compat dir. 2006-08-15 18:21:32 +10:00
Damien Miller 0e5143e88e - (djm) [openbsd-compat/bsd-getpeereid.c] Add some headers to quiet warnings
on Solaris 10
2006-08-07 11:26:36 +10:00
Darren Tucker f78fb54412 - (dtucker) [openbsd-compat/{bsd-asprintf.c,bsd-openpty.c,bsd-snprintf.c,
glob.c}] Include stdlib.h for malloc and friends in compat code.
2006-08-06 21:25:24 +10:00
Darren Tucker 32ab2ae3f3 - (dtucker) [defines.h] With the includes.h changes we no longer get the
name clash on "YES" so we can remove the workaround for it.
2006-08-06 21:23:27 +10:00
Darren Tucker 3e714514e8 - (dtucker) [audit-bsm.c] Add additional headers now required. 2006-08-06 00:12:54 +10:00
Darren Tucker 79ba868fbe - (dtucker) [audit.c audit.h] Repair headers. 2006-08-06 00:05:09 +10:00
Darren Tucker 6e1a9aa9b9 - (dtucker) [auth-skey.c] monitor_wrap.h needs ssh-gss.h. 2006-08-05 19:56:00 +10:00
Darren Tucker 2b4e38b712 - (dtucker) [openbsd-compat/fake-rfc2553.c] Add headers needed for inet_ntoa. 2006-08-05 19:18:08 +10:00
Darren Tucker 92350103fc - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Add headers required to compile
on Cygwin.
2006-08-05 19:08:16 +10:00
Darren Tucker f676c57958 - dtucker@cvs.openbsd.org 2006/08/05 08:34:04
[packet.c]
     Typo in comment
2006-08-05 18:51:08 +10:00
Darren Tucker d6a23f2057 - dtucker@cvs.openbsd.org 2006/08/05 08:28:24
[monitor_wrap.c auth-skey.c auth2-chall.c]
     Zap unused variables in -DSKEY code.  ok djm@
2006-08-05 18:50:35 +10:00
Darren Tucker 260cb3519d - dtucker@cvs.openbsd.org 2006/08/05 08:00:33
[auth-skey.c]
     Add headers required to build with -DSKEY.  ok djm@
2006-08-05 18:48:01 +10:00
Darren Tucker 1a3d6e7bdd - dtucker@cvs.openbsd.org 2006/08/05 07:52:52
[auth2-none.c sshd.c monitor_wrap.c]
     Add headers required to build with KERBEROS5=no.  ok djm@
2006-08-05 18:46:47 +10:00
Darren Tucker 8a15f01aff - (dtucker) [openbsd-compat/strtonum.c] Include stdlib.h for strtoll,
otherwise it is implicitly declared as returning an int.
2006-08-05 16:27:20 +10:00
Darren Tucker d8aec107fe - (dtucker) [openbsd-compat/getrrsetbyname.c] Nees stdlib.h for malloc. 2006-08-05 16:12:15 +10:00
Darren Tucker 4c65543c89 - (dtucker) [ssh-rand-helper.c] Needs stdarg.h for log.h. 2006-08-05 15:57:40 +10:00
Darren Tucker ecf28ba7aa - (dtucker) [entropy.c] Needs unistd.h too. 2006-08-05 15:50:20 +10:00
Darren Tucker e7eec90f38 - (dtucker) [openbsd-compat/{bsd-arc4random.c,port-tun.c,xmmap.c}] Lots of
#include stdarg.h, needed for log.h.
2006-08-05 15:47:26 +10:00
Darren Tucker 8c6fedaf22 - (dtucker) [auth2-gss.c] We still need the #ifdef GSSAPI in -portable. 2006-08-05 15:24:59 +10:00
Darren Tucker 90659f8166 - (dtucker) [cleanup.c] Need defines.h for __dead. 2006-08-05 14:46:27 +10:00
Damien Miller 75bb664458 - (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c]
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more
   includes for Linux in
2006-08-05 14:07:20 +10:00
Damien Miller d04db59ad9 - (djm) [openbsd-compat/regress/snprintftest.c]
[openbsd-compat/regress/strduptest.c] Add missing includes so they pass
   compilation with "-Wall -Werror"
2006-08-05 13:27:29 +10:00
Damien Miller 36cbe41ceb - (djm) [auth.c loginrec.c] Missing netinet/in.h for loginrec 2006-08-05 12:54:24 +10:00
Damien Miller 4cbfe8ebeb - (djm) [auth-pam.c auth.c bufaux.h entropy.c openbsd-compat/port-tun.c]
remove last traces of bufaux.h - it was merged into buffer.h in the big
   includes.h commit
2006-08-05 12:49:30 +10:00
Damien Miller 2ab323e0bd - (djm) [auth-pam.c defines.h] Move PAM related bits to auth-pam.c 2006-08-05 12:43:32 +10:00
Damien Miller 9ab00b44c1 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05
[monitor.c session.c ssh-agent.c]
     spaces
2006-08-05 12:40:11 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller 4dec5d75da - stevesk@cvs.openbsd.org 2006/08/01 23:36:12
[authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c]
     clean extra spaces
2006-08-05 11:38:40 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller da82839597 - dtucker@cvs.openbsd.org 2006/08/01 11:34:36
[sshconnect.c]
     Allow fallback to known_hosts entries without port qualifiers for
     non-standard ports too, so that all existing known_hosts entries will be
     recognised.  Requested by, feedback and ok markus@
2006-08-05 11:35:45 +10:00
Damien Miller 1a5b4041fb - stevesk@cvs.openbsd.org 2006/07/30 20:15:19
[atomicio.h]
     order includes to KNF
2006-08-05 11:35:23 +10:00
Damien Miller 858bb7dc7c - jmc@cvs.openbsd.org 2006/07/27 08:00:50
[ssh_config.5]
     avoid confusing wording in HashKnownHosts:
     originally spotted by alan amesbury;
     ok deraadt
2006-08-05 11:34:51 +10:00
Damien Miller e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller 8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
Damien Miller 9aec91948d - stevesk@cvs.openbsd.org 2006/07/25 02:59:21
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
     move #include <sys/time.h> out of includes.h
2006-08-05 10:57:45 +10:00
Damien Miller 7c6e4b059c - stevesk@cvs.openbsd.org 2006/07/25 02:01:34
[scard.c]
     need #include <string.h>
2006-08-05 09:33:15 +10:00
Damien Miller 437edb9e66 - stevesk@cvs.openbsd.org 2006/07/24 13:58:22
[sshconnect.c]
     disable tunnel forwarding when no strict host key checking
     and key changed; ok djm@ markus@ dtucker@
2006-08-05 09:11:13 +10:00
Darren Tucker f1f4bdd1aa - (dtucker) [configure.ac] The "crippled AES" test does not work on recent
versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
   rather than just compiling it.  Spotted by dlg@.
2006-08-04 19:44:23 +10:00
Darren Tucker 88fdc83d4c - (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype. 2006-08-02 23:33:54 +10:00
Darren Tucker 94346f8596 - (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW. 2006-07-25 19:52:07 +10:00
Darren Tucker 28e9ad1bed - (dtucker) [regress/forcecommand.sh] Portablize. 2006-07-24 23:50:23 +10:00
Darren Tucker 22c58b0242 - (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including
system headers before defines.h will cause conflicting definitions.
2006-07-24 23:19:40 +10:00
Damien Miller 7b1877c803 - (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh]
[regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh]
   Sync regress tests to -current; include dtucker@'s new cfgmatch and
   forcecommand tests. Add cipher-speed.sh test (not linked in yet)
2006-07-24 15:31:41 +10:00
Damien Miller 24f2a42e53 - (djm) [Makefile.in]
Remove generated openbsd-compat/regress/Makefile in distclean target
2006-07-24 15:30:18 +10:00
Damien Miller 62da44f064 - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
[openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
   [openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
   [openbsd-compat/rresvport.c]
   These look to need string.h and/or unistd.h (based on a grep for function
   names)
2006-07-24 15:08:35 +10:00
Damien Miller ad5ecbf072 - (djm) [session.c]
fix compile error with -Werror -Wall: 'path' is only used in
   do_setup_env() if HAVE_LOGIN_CAP is not defined
2006-07-24 15:03:06 +10:00
Damien Miller 874bc48832 - (djm) [uuencode.c]
Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on
   some platforms
2006-07-24 14:58:07 +10:00
Damien Miller 8b373baf13 - (djm) [openbsd-compat/glob.c]
Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles
   on OpenBSD (or other platforms with a decent glob implementation) with
   -Werror
2006-07-24 14:55:47 +10:00
Damien Miller b8fe89c4d9 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
Damien Miller d8337c5e60 - stevesk@cvs.openbsd.org 2006/07/23 01:11:05
[auth.h dispatch.c kex.h sftp-client.c]
     #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
     move
2006-07-24 14:14:19 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller 5598b4f125 - stevesk@cvs.openbsd.org 2006/07/22 19:08:54
[includes.h moduli.c progressmeter.c scp.c sftp-common.c]
     [sftp-server.c ssh-agent.c sshlogin.c]
     move #include <time.h> out of includes.h
2006-07-24 14:09:40 +10:00
Damien Miller ee0d0db7da - stevesk@cvs.openbsd.org 2006/07/21 21:26:55
[progressmeter.c]
     ARGSUSED for signal handler
2006-07-24 14:08:50 +10:00
Damien Miller 8473dd85fe - stevesk@cvs.openbsd.org 2006/07/21 21:13:30
[channels.c]
     more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
2006-07-24 14:08:32 +10:00
Damien Miller a765cf4b66 - dtucker@cvs.openbsd.org 2006/07/21 12:43:36
[channels.c channels.h servconf.c servconf.h sshd_config.5]
     Make PermitOpen take a list of permitted ports and act more like most
     other keywords (ie the first match is the effective setting). This
     also makes it easier to override a previously set PermitOpen. ok djm@
2006-07-24 14:08:13 +10:00
Damien Miller 1cdde6f536 - stevesk@cvs.openbsd.org 2006/07/20 15:26:15
[auth1.c serverloop.c session.c sshconnect2.c]
     missed some needed #include <unistd.h> when KERBEROS5=no; issue from
     massimo@cedoc.mo.it
2006-07-24 14:07:35 +10:00
Damien Miller e275443f66 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
     Add ForceCommand keyword to sshd_config, equivalent to the "command="
     key option, man page entry and example in sshd_config.
     Feedback & ok djm@, man page corrections & ok jmc@
2006-07-24 14:06:47 +10:00
Damien Miller d1de9950e5 - dtucker@cvs.openbsd.org 2006/07/19 08:56:41
[servconf.c sshd_config.5]
     Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
     Match.  ok djm@
2006-07-24 14:05:48 +10:00
Damien Miller f757d22e8b - stevesk@cvs.openbsd.org 2006/07/18 22:27:55
[dh.c]
     remove unneeded includes; ok djm@
2006-07-24 14:05:24 +10:00
Damien Miller 8c23403b51 - dtucker@cvs.openbsd.org 2006/07/18 08:22:23
[sshd_config.5]
     Clarify description of Match, with minor correction from jmc@
2006-07-24 14:05:08 +10:00
Damien Miller 393821ad72 - jmc@cvs.openbsd.org 2006/07/18 08:03:09
[ssh-agent.1 sshd_config.5]
     mark up angle brackets;
2006-07-24 14:04:53 +10:00
Damien Miller 22d47abbe3 - jmc@cvs.openbsd.org 2006/07/18 07:56:28
[scp.1]
     replace DIAGNOSTICS with .Ex;
2006-07-24 14:04:36 +10:00
Damien Miller 65bc2c4028 - jmc@cvs.openbsd.org 2006/07/18 07:50:40
[sshd_config.5]
     tweak; ok dtucker
2006-07-24 14:04:16 +10:00
Damien Miller 9b439df18a - dtucker@cvs.openbsd.org 2006/07/17 12:06:00
[channels.c channels.h servconf.c sshd_config.5]
     Add PermitOpen directive to sshd_config which is equivalent to the
     "permitopen" key option.  Allows server admin to allow TCP port
     forwarding only two specific host/port pairs.  Useful when combined
     with Match.
     If permitopen is used in both sshd_config and a key option, both
     must allow a given connection before it will be permitted.
     Note that users can still use external forwarders such as netcat,
     so to be those must be controlled too for the limits to be effective.
     Feedback & ok djm@, man page corrections & ok jmc@.
2006-07-24 14:04:00 +10:00
Damien Miller 98299261eb - dtucker@cvs.openbsd.org 2006/07/17 12:02:24
[auth-options.c]
     Use '\0' rather than 0 to terminates strings; ok djm@
2006-07-24 14:01:43 +10:00
Damien Miller e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
Damien Miller def915b0ff - stevesk@cvs.openbsd.org 2006/07/14 01:15:28
[monitor_wrap.h]
     don't need incompletely-typed 'struct passwd' now with
     #include <pwd.h>; ok markus@
2006-07-24 13:55:56 +10:00
Damien Miller 2d00e63cb8 - stevesk@cvs.openbsd.org 2006/07/12 22:42:32
[includes.h ssh.c ssh-rand-helper.c]
     move #include <stddef.h> out of includes.h
2006-07-24 13:53:19 +10:00
Damien Miller 939878b95f tidy 2006-07-24 13:52:06 +10:00
Damien Miller be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Damien Miller d04f357ac2 - jmc@cvs.openbsd.org 2006/07/12 13:39:55
[sshd_config.5]
      - new sentence, new line
      - s/The the/The/
      - kill a bad comma
2006-07-24 13:46:50 +10:00
Darren Tucker 341dae59c8 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h 2006-07-13 08:45:14 +10:00
Darren Tucker 2eaea99054 - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
openbsd-compat/rresvport.c] More errno.h.
2006-07-12 23:41:33 +10:00
Darren Tucker 5998ed03aa - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h. 2006-07-12 23:10:33 +10:00
Darren Tucker deecec98c7 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. 2006-07-12 22:44:34 +10:00
Darren Tucker 767e4134f1 - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. 2006-07-12 22:43:28 +10:00
Darren Tucker 2c1a02a8d0 - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
   openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
2006-07-12 22:40:50 +10:00
Darren Tucker c931c433f6 - (dtucker) [openbsd-compat/xmmap.c] Include <errno.h>. 2006-07-12 22:35:51 +10:00
Darren Tucker 4515047e47 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
     Add support for conditional directives to sshd_config via a "Match"
     keyword, which works similarly to the "Host" directive in ssh_config.
     Lines after a Match line override the default set in the main section
     if the condition on the Match line is true, eg
     AllowTcpForwarding yes
     Match User anoncvs
             AllowTcpForwarding no
     will allow port forwarding by all users except "anoncvs".
     Currently only a very small subset of directives are supported.
     ok djm@
2006-07-12 22:34:17 +10:00
Darren Tucker ba72405026 - stevesk@cvs.openbsd.org 2006/07/11 20:27:56
[authfile.c ssh.c]
     need <errno.h> here also (it's also included in <openssl/err.h>)
2006-07-12 22:24:22 +10:00
Darren Tucker 57f4224677 - stevesk@cvs.openbsd.org 2006/07/11 20:16:43
[ssh.c]
     cast asterisk field precision argument to int to remove warning;
     ok markus@
2006-07-12 22:23:35 +10:00
Darren Tucker 3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
Darren Tucker e7d4b19f75 - markus@cvs.openbsd.org 2006/07/11 18:50:48
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
     channels.h readconf.c]
     add ExitOnForwardFailure: terminate the connection if ssh(1)
     cannot set up all requested dynamic, local, and remote port
     forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
Darren Tucker 284706a755 - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
[ssh.c]
     Only copy the part of environment variable that we actually use.  Prevents
     ssh bailing when SendEnv is used and an environment variable with a really
     long value exists.  ok djm@
2006-07-12 22:16:23 +10:00
Darren Tucker 5d19626a04 - stevesk@cvs.openbsd.org 2006/07/10 16:37:36
[readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
     auth.c packet.c log.c]
     move #include <stdarg.h> out of includes.h; ok markus@
2006-07-12 22:15:16 +10:00
Darren Tucker 1131847684 - jmc@cvs.openbsd.org 2006/07/10 16:04:21
[sshd.8]
     s/and and/and/
2006-07-12 22:07:59 +10:00
Darren Tucker a5362458d0 - stevesk@cvs.openbsd.org 2006/07/10 16:01:57
[sftp-glob.c sftp-common.h sftp.c]
     buffer.h only needed in sftp-common.h and remove some unneeded
     user includes; ok djm@
2006-07-12 22:07:08 +10:00
Darren Tucker 686852f665 - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before
<netinet/ip.h>.
2006-07-12 19:05:56 +10:00
Darren Tucker 128a0894a5 - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
for SHUT_RD.
2006-07-12 19:02:56 +10:00
Darren Tucker 250f1a6901 rewrap 2006-07-12 19:01:29 +10:00
Darren Tucker 248469bc8d - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK
if they're really needed.  Fixes build errors on HP-UX, old Linuxes and probably
   more.
2006-07-12 14:14:31 +10:00
Darren Tucker e0e4aad1fd - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably
others).
2006-07-11 19:01:51 +10:00
Darren Tucker 44c828fe29 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
openbsd-compat/daemon.c] Add includes needed by open(2).  Conditionally
   include paths.h.  Fixes build error on Solaris.
2006-07-11 18:00:06 +10:00
Darren Tucker 4e880e632b - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h>
for struct sockaddr on platforms that use the fake-rfc stuff.
2006-07-11 00:20:51 +10:00
Darren Tucker da34553561 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
[misc.c misc.h sshd.8 sshconnect.c]
     Add port identifier to known_hosts for non-default ports, based originally
     on a patch from Devin Nate in bz#910.
     For any connection using the default port or using a HostKeyAlias the
     format is unchanged, otherwise the host name or address is enclosed
     within square brackets in the same format as sshd's ListenAddress.
     Tested by many, ok markus@.
2006-07-10 23:04:19 +10:00
Damien Miller 0f07707267 - djm@cvs.openbsd.org 2006/07/10 12:08:08
[channels.c]
     fix misparsing of SOCKS 5 packets that could result in a crash;
     reported by mk@ ok markus@
2006-07-10 22:21:02 +10:00
Damien Miller 3d1a9f4d5d - djm@cvs.openbsd.org 2006/07/10 12:03:20
[scp.c]
     duplicate argv at the start of main() because it gets modified later;
     pointed out by deraadt@ ok markus@
2006-07-10 22:19:53 +10:00
Damien Miller a1738e4c65 - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
[openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
2006-07-10 21:33:04 +10:00
Damien Miller 6444fe996b - djm@cvs.openbsd.org 2006/07/10 11:25:53
[sftp-server.c]
     don't log variables that aren't yet set
2006-07-10 21:31:27 +10:00
Damien Miller c718c743c1 - djm@cvs.openbsd.org 2006/07/10 11:24:54
[sftp-server.c]
     remove optind - it isn't used here
2006-07-10 21:31:00 +10:00
Damien Miller 211838d8e2 - stevesk@cvs.openbsd.org 2006/07/09 15:27:59
[ssh-add.c]
     use O_RDONLY vs. 0 in open(); no binary change
2006-07-10 21:14:00 +10:00
Damien Miller 57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
Damien Miller 194a1cb018 - stevesk@cvs.openbsd.org 2006/07/08 23:30:06
[log.c]
     move user includes after /usr/include files
2006-07-10 21:09:22 +10:00
Damien Miller e33b60343b - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
[monitor.c session.c]
     missed these from last commit:
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:34 +10:00
Damien Miller e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
Damien Miller 58059aef05 - stevesk@cvs.openbsd.org 2006/07/06 17:36:37
[monitor_wrap.h]
     typo in comment
2006-07-10 20:53:45 +10:00
Damien Miller 69996104fe - stevesk@cvs.openbsd.org 2006/07/06 16:22:39
[ssh-keygen.c]
     move #include "dns.h" up
2006-07-10 20:53:31 +10:00
Damien Miller 9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Damien Miller fef95ad816 - djm@cvs.openbsd.org 2006/07/06 10:47:57
[sftp-server.8 sftp-server.c]
     add commandline options to enable logging of transactions; ok markus@
2006-07-10 20:46:55 +10:00
Damien Miller 917f9b6b6e - djm@cvs.openbsd.org 2006/07/06 10:47:05
[servconf.c servconf.h session.c sshd_config.5]
     support arguments to Subsystem commands; ok markus@
2006-07-10 20:36:47 +10:00
Damien Miller 8ec8c3e98a - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
[canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
     [serverloop.c sshconnect.c uuencode.c]
     move #include <netinet/in.h> out of includes.h; ok deraadt@
     (also ssh-rand-helper.c logintest.c loginrec.c)
2006-07-10 20:35:38 +10:00
Damien Miller efc04e70b8 - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
[channels.c includes.h]
     move #include <arpa/inet.h> out of includes.h; old ok djm@
     (portable needed session.c too)
2006-07-10 20:26:27 +10:00
Damien Miller b757677d02 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
[includes.h ssh.c sshconnect.c sshd.c]
     move #include "version.h" out of includes.h; ok markus@
2006-07-10 20:23:39 +10:00
Damien Miller 57e8ad3f5e - stevesk@cvs.openbsd.org 2006/07/02 23:01:55
[clientloop.c ssh.1]
     use -KR[bind_address:]port here; ok djm@
2006-07-10 20:20:52 +10:00
Damien Miller 427a1d57bb - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
[groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
     move #include <grp.h> out of includes.h
     (portable needed uidswap.c too)
2006-07-10 20:20:33 +10:00
Damien Miller 5d3ac7f7ee - stevesk@cvs.openbsd.org 2006/07/02 18:36:47
[gss-serv-krb5.c gss-serv.c]
     no "servconf.h" needed here
     (gss-serv-krb5.c change not applied, portable needs the server options)
2006-07-10 20:17:55 +10:00
Damien Miller 991dba43e1 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
     more details and clarity for tun(4) device forwarding; ok and help
     jmc@
2006-07-10 20:16:27 +10:00
Damien Miller 43020951ad - djm@cvs.openbsd.org 2006/06/26 10:36:15
[clientloop.c]
     mention optional bind_address in runtime port forwarding setup
     command-line help. patch from santhi.amirta AT gmail.com
2006-07-10 20:16:12 +10:00
Damien Miller 1e88ea6556 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2006/06/14 10:50:42
     [sshconnect.c]
     limit the number of pre-banner characters we will accept; ok markus@
2006-07-10 20:15:56 +10:00
Darren Tucker e34c96aea1 - (dtucker) [INSTALL] New autoconf version: 2.60. 2006-07-10 12:55:24 +10:00
Darren Tucker f32f55259c - (dtucker) [INSTALL] A bit more info on autoconf. 2006-07-06 19:12:08 +10:00
Darren Tucker bdc121279f - (dtucker) [configure.ac] Try AIX blibpath test in different order when
compiling with gcc.  gcc 4.1.x will accept (but ignore) -b flags so
   configure would not select the correct libpath linker flags.
2006-07-06 11:56:25 +10:00
Damien Miller 365e18db51 whitespace 2006-07-05 22:48:07 +10:00
Damien Miller ee9ee9175c whitespace 2006-07-05 22:47:21 +10:00
Darren Tucker daf6ff4312 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
target already exists.
2006-07-05 21:35:48 +10:00
Darren Tucker db4c54bed1 - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which
version.
2006-06-30 16:20:58 +10:00
Darren Tucker 7243f9db60 - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
prevents warnings on platforms where _res is in the system headers.
2006-06-30 11:47:49 +10:00
Darren Tucker 66c32d5caa - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
declaration too.  Patch from russ at sludge.net.
2006-06-30 10:51:32 +10:00
Darren Tucker 8b272ab09b - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems
with autoconf 2.60.  Patch from vapier at gentoo.org.
2006-06-27 11:20:28 +10:00
Darren Tucker 144e8d60cd - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
only, otherwise sshd can hang exiting non-interactive sessions.
2006-06-25 08:25:25 +10:00
Darren Tucker 03890e44cd - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
#1102 workaround.
2006-06-24 16:58:45 +10:00
Darren Tucker 0249f93c4d - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.
Works around limitation in Solaris' passwd program for changing passwords
   where the username is longer than 8 characters.  ok djm@
2006-06-24 12:10:07 +10:00
Darren Tucker 9afe115f0a - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
   on the pty slave as zero-length reads on the pty master, which sshd
   interprets as the descriptor closing.  Since most things don't do zero
   length writes this rarely matters, but occasionally it happens, and when
   it does the SSH pty session appears to hang, so we add a special case for
   this condition.  ok djm@
2006-06-23 21:24:12 +10:00
Darren Tucker 3eb4834489 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
tunnel support for Mac OS X/Darwin via a third-party tun driver.  Patch
   from reyk@, tested by anil@
2006-06-23 21:05:12 +10:00
Damien Miller 643460803f - (djm) [getput.h] This file has been replaced by functions in misc.c 2006-06-13 13:15:54 +10:00
Damien Miller a6680a4e35 - djm@cvs.openbsd.org 2006/06/13 01:18:36
[ssh-agent.c]
     always use a format string, even when printing a constant
   - djm@cvs.openbsd.org 2006/06/13 02:17:07
     [ssh-agent.c]
     revert; i am on drugs. spotted by alexander AT beard.se
2006-06-13 13:10:18 +10:00
Damien Miller 2e5fe88ebe - markus@cvs.openbsd.org 2006/06/08 14:45:49
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
     do not set the gid, noted by solar; ok djm
2006-06-13 13:10:00 +10:00
Damien Miller 6b4069ad56 - markus@cvs.openbsd.org 2006/06/06 10:20:20
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
     replace remaining setuid() calls with permanently_set_uid() and
     check seteuid() return values; report Marcus Meissner; ok dtucker djm
2006-06-13 13:05:15 +10:00
Damien Miller eb13e556e5 - markus@cvs.openbsd.org 2006/06/01 09:21:48
[sshd.c]
     call get_remote_ipaddr() early; fixes logging after client disconnects;
     report mpf@; ok dtucker@
2006-06-13 13:03:53 +10:00
Damien Miller 7b1e757b28 - mk@cvs.openbsd.org 2006/05/30 11:46:38
[ssh-add.c]
     Sync usage() with man page and reality.
     ok deraadt dtucker
2006-06-13 13:03:34 +10:00
Damien Miller fbc94c857a - jmc@cvs.openbsd.org 2006/05/29 16:13:23
[ssh.1]
     add GSSAPI to the list of authentication methods supported;
2006-06-13 13:03:16 +10:00
Damien Miller 3c6ed7bbd5 - jmc@cvs.openbsd.org 2006/05/29 16:10:03
[ssh_config.5]
     oops - previous was too long; split the list of auths up
2006-06-13 13:01:41 +10:00
Damien Miller 81a38928eb - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
[ssh_config]
     Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
     ssh_config.  ok markus@
2006-06-13 13:01:09 +10:00
Damien Miller 658f945538 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
[ssh_config.5]
     Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2006-06-13 13:00:55 +10:00
Damien Miller ad6b14d274 - miod@cvs.openbsd.org 2006/05/18 21:27:25
[kexdhc.c kexgexc.c]
     paramter -> parameter
2006-06-13 13:00:41 +10:00
Damien Miller 40b5985fe0 - markus@cvs.openbsd.org 2006/05/17 12:43:34
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
     fix leak; coverity via Kylene Jo Hall
2006-06-13 13:00:25 +10:00
Damien Miller 24fd8ddd61 - markus@cvs.openbsd.org 2006/05/16 09:00:00
[clientloop.c]
     missing free; from Kylene Hall
2006-06-13 13:00:09 +10:00
Damien Miller e250a94e69 - djm@cvs.openbsd.org 2006/05/08 10:49:48
[sshconnect2.c]
     uint32_t -> u_int32_t (which we use everywhere else)
     (Id sync only - portable already had this)
2006-06-13 12:59:53 +10:00
Darren Tucker f14b2aa672 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
and slave, we can remove the special-case handling in the audit hook in
   auth_log.
2006-05-21 18:26:40 +10:00
Darren Tucker f58b29d515 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
pointer leak.  From kjhall at us.ibm.com, found by coverity.
2006-05-17 22:24:56 +10:00
Darren Tucker 73373877db typo 2006-05-15 17:24:25 +10:00
Darren Tucker 2c77b7f1c1 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
do not allow kbdint again after the PAM account check fails.  ok djm@
2006-05-15 17:22:33 +10:00
Darren Tucker cefd8bb36d - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
default.  Patch originally from tim@, ok djm
2006-05-15 17:17:29 +10:00
Darren Tucker 13c539a4dc - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
_res, prevents problems on some platforms that have _res as a global but
   don't have getrrsetbyname(), eg IRIX 5.3.  Found and tested by
   georg.schwarz at freenet.de, ok djm@.
2006-05-15 17:15:56 +10:00
Darren Tucker 43ff44e7db - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
[auth-krb5.c]
     Add $OpenBSD$ in comment here too
2006-05-06 18:40:53 +10:00
Darren Tucker f779f672eb - djm@cvs.openbsd.org 2006/04/01 05:37:46
[OVERVIEW]
     $OpenBSD$ in here too
2006-05-06 17:48:48 +10:00
Darren Tucker 31cde6828d - djm@cvs.openbsd.org 2006/05/04 14:55:23
[dh.c]
     tighter DH exponent checks here too; feedback and ok markus@
2006-05-06 17:43:33 +10:00
Darren Tucker 232b76f9f8 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
     Prevent ssh from trying to open private keys with bad permissions more than
     once or prompting for their passphrases (which it subsequently ignores
     anyway), similar to a previous change in ssh-add.  bz #1186, ok djm@
2006-05-06 17:41:51 +10:00
Darren Tucker d8093e49bf - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
   in Portable-only code; since calloc zeros, remove now-redundant memsets.
   Also add a couple of sanity checks.  With & ok djm@
2006-05-04 16:24:34 +10:00
Darren Tucker 596d33801f - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
and double including it on IRIX 5.3 causes problems.  From Georg Schwarz,
   "no objections" tim@
2006-05-03 19:01:09 +10:00
Damien Miller 7b50b2030b missing file 2006-04-23 12:31:27 +10:00
Damien Miller 2bdd1c117c - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
sig_atomic_t
2006-04-23 12:28:53 +10:00
Damien Miller 08d4b0ca5d - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
[crc32.c]
     remove extra spaces
2006-04-23 12:12:24 +10:00
Damien Miller 2282c6e305 - djm@cvs.openbsd.org 2006/04/22 04:06:51
[uidswap.c]
     use setres[ug]id() to permanently revoke privileges; ok deraadt@
     (ID Sync only - portable already uses setres[ug]id() whenever possible)
2006-04-23 12:11:57 +10:00
Damien Miller 525a0b090f - djm@cvs.openbsd.org 2006/04/20 21:53:44
[includes.h session.c sftp.c]
     Switch from using pipes to socketpairs for communication between
     sftp/scp and ssh, and between sshd and its subprocesses. This saves
     a file descriptor per session and apparently makes userland ppp over
     ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
     decision on a per-platform basis)
2006-04-23 12:10:49 +10:00
Damien Miller 56e5e6ad11 - markus@cvs.openbsd.org 2006/04/20 09:47:59
[sshconnect.c]
     simplify; ok djm@
2006-04-23 12:08:59 +10:00
Damien Miller 97c91f688f - djm@cvs.openbsd.org 2006/04/20 09:27:09
[auth.h clientloop.c dispatch.c dispatch.h kex.h]
     replace the last non-sig_atomic_t flag used in a signal handler with a
     sig_atomic_t, unfortunately with some knock-on effects in other (non-
     signal) contexts in which it is used; ok markus@
2006-04-23 12:08:37 +10:00
Damien Miller 58629fad82 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
[bufaux.c bufbn.c]
     Move Buffer bignum functions into their own file, bufbn.c. This means
     that sftp and sftp-server (which use the Buffer functions in bufaux.c
     but not the bignum ones) no longer need to be linked with libcrypto.
     ok markus@
2006-04-23 12:08:19 +10:00
Damien Miller b5ea7e7c03 - djm@cvs.openbsd.org 2006/04/16 07:59:00
[atomicio.c]
     reorder sanity test so that it cannot dereference past the end of the
     iov array; well spotted canacar@!
2006-04-23 12:06:49 +10:00
Damien Miller 58ca98bfe1 - djm@cvs.openbsd.org 2006/04/16 00:54:10
[sftp-client.c]
     avoid making a tiny 4-byte write to send the packet length of sftp
     commands, which would result in a separate tiny packet on the wire by
     using atomiciov(writev, ...) to write the length and the command in one
     pass; ok deraadt@
2006-04-23 12:06:35 +10:00
Damien Miller 6aa139c41f - djm@cvs.openbsd.org 2006/04/16 00:52:55
[atomicio.c atomicio.h]
     introduce atomiciov() function that wraps readv/writev to retry
     interrupted transfers like atomicio() does for read/write;
     feedback deraadt@ dtucker@ stevesk@ ok deraadt@
2006-04-23 12:06:20 +10:00
Damien Miller 499a0d5ada - djm@cvs.openbsd.org 2006/04/16 00:48:52
[buffer.c buffer.h channels.c]
     Fix condition where we could exit with a fatal error when an input
     buffer became too large and the remote end had advertised a big window.
     The problem was a mismatch in the backoff math between the channels code
     and the buffer code, so make a buffer_check_alloc() function that the
     channels code can use to propsectivly check whether an incremental
     allocation will succeed.  bz #1131, debugged with the assistance of
     cove AT wildpackets.com; ok dtucker@ deraadt@
2006-04-23 12:06:03 +10:00
Damien Miller 63e437f053 - djm@cvs.openbsd.org 2006/04/03 07:10:38
[gss-genr.c]
     GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
     by dleonard AT vintela.com. use xasprintf() to simplify code while in
     there; "looks right" deraadt@
2006-04-23 12:05:46 +10:00
Damien Miller 603e68f1a2 - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
[ssh-keysign.c]
     sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
2006-04-23 12:05:32 +10:00
Damien Miller 7a656f7922 - djm@cvs.openbsd.org 2006/04/01 05:50:29
[scp.c]
     xasprintification; ok deraadt@
2006-04-23 12:04:46 +10:00
Damien Miller 07aa132a5e - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2006/04/01 05:42:20
     [scp.c]
     minimal lint cleanup (unused crud, and some size_t); ok djm
2006-04-23 12:04:27 +10:00
Damien Miller 73b42d2bb0 - (djm) [Makefile.in configure.ac session.c sshpty.c]
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
   [openbsd-compat/port-linux.h] Add support for SELinux, setting
   the execution and TTY contexts. based on patch from Daniel Walsh,
   bz #880; ok dtucker@
2006-04-22 21:26:08 +10:00
Damien Miller 2eaf37d899 - (djm) Reorder IP options check so that it isn't broken by
mapped addresses; bz #1179 reported by markw wtech-llc.com;
   ok dtucker@
2006-04-18 15:13:16 +10:00
Damien Miller dfc6183f13 - djm@cvs.openbsd.org 2006/03/31 09:13:56
[ssh_config.5]
     remote user escape is %r not %h; spotted by jmc@
2006-03-31 23:14:57 +11:00
Damien Miller c6437cf00a - jmc@cvs.openbsd.org 2006/03/31 09:09:30
[ssh_config.5]
     kill trailing whitespace;
2006-03-31 23:14:41 +11:00
Damien Miller 7a8f5b330d - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
[auth.c monitor.c]
     Prevent duplicate log messages when privsep=yes; ok djm@
2006-03-31 23:14:23 +11:00