tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,691 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

294 Commits

Author SHA1 Message Date
Darren Tucker 3e78a516a0 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 
[ssh-agent.c]
     Check current parent process ID against saved one to determine if the parent
     has exited, rather than attempting to send a zero signal, since the latter
     won't work if the parent has changed privs.  bz#1905, patch from Daniel Kahn
     Gillmor, ok djm@
 2011-06-03 14:14:16 +10:00
Damien Miller f22019bdbf - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] 
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
   [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
   [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
   [regress/README.regress] Remove ssh-rand-helper and all its
   tentacles. PRNGd seeding has been rolled into entropy.c directly.
   Thanks to tim@ for testing on affected platforms.
 2011-05-05 13:48:37 +10:00
Damien Miller 2cd629349d - djm@cvs.openbsd.org 2010/11/21 01:01:13 
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
     honour $TMPDIR for client xauth and ssh-agent temporary directories;
     feedback and ok markus@
 2010-12-01 11:50:35 +11:00
Damien Miller 195dbaff7a - (djm) [ssh-agent.c] Fix type for curve name. 2010-10-07 22:05:11 +11:00
Darren Tucker 8ccb7392e7 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs 
for missing headers and compiler warnings.
 2010-09-10 12:28:24 +10:00
Damien Miller 6af914a15c - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] 
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
   [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
   platforms that don't have the requisite OpenSSL support. ok dtucker@
 2010-09-10 11:39:26 +10:00
Damien Miller 4314c2b548 - djm@cvs.openbsd.org 2010/08/31 12:33:38 
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     reintroduce commit from tedu@, which I pulled out for release
     engineering:
       OpenSSL_add_all_algorithms is the name of the function we have a
       man page for, so use that.  ok djm
 2010-09-10 11:12:09 +10:00
Damien Miller eb8b60e320 - djm@cvs.openbsd.org 2010/08/31 11:54:45 
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
     [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
     [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
     [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
     [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
     [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
     Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
     host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
     better performance than plain DH and DSA at the same equivalent symmetric
     key length, as well as much shorter keys.

     Only the mandatory sections of RFC5656 are implemented, specifically the
     three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
     ECDSA. Point compression (optional in RFC5656 is NOT implemented).

     Certificate host and user keys using the new ECDSA key types are supported.

     Note that this code has not been tested for interoperability and may be
     subject to change.

     feedback and ok markus@
 2010-08-31 22:41:14 +10:00
Damien Miller d96546f5b0 - djm@cvs.openbsd.org 2010/08/16 04:06:06 
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     backout previous temporarily; discussed with deraadt@
 2010-08-31 22:32:12 +10:00
Damien Miller 9b87e79538 - tedu@cvs.openbsd.org 2010/08/12 23:34:39 
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     OpenSSL_add_all_algorithms is the name of the function we have a man page
     for, so use that.  ok djm
 2010-08-31 22:31:37 +10:00
Damien Miller 4e270b05dd - djm@cvs.openbsd.org 2010/04/16 01:47:26 
[PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
     [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
     following changes:

     move the nonce field to the beginning of the certificate where it can
     better protect against chosen-prefix attacks on the signature hash

     Rename "constraints" field to "critical options"

     Add a new non-critical "extensions" field

     Add a serial number

     The older format is still support for authentication and cert generation
     (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)

     ok markus@
 2010-04-16 15:56:21 +10:00
Damien Miller 0a80ca190a - OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2010/02/26 20:29:54
     [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
     [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
     [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
     [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
     [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
     [sshconnect2.c sshd.8 sshd.c sshd_config.5]
     Add support for certificate key types for users and hosts.

     OpenSSH certificate key types are not X.509 certificates, but a much
     simpler format that encodes a public key, identity information and
     some validity constraints and signs it with a CA key. CA keys are
     regular SSH keys. This certificate style avoids the attack surface
     of X.509 certificates and is very easy to deploy.

     Certified host keys allow automatic acceptance of new host keys
     when a CA certificate is marked as sh/known_hosts.
     see VERIFYING HOST KEYS in ssh(1) for details.

     Certified user keys allow authentication of users when the signing
     CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
     FILE FORMAT" in sshd(8) for details.

     Certificates are minted using ssh-keygen(1), documentation is in
     the "CERTIFICATES" section of that manpage.

     Documentation on the format of certificates is in the file
     PROTOCOL.certkeys

     feedback and ok markus@
 2010-02-27 07:55:05 +11:00
Damien Miller a183c6edee - djm@cvs.openbsd.org 2010/02/09 00:50:36 
[ssh-agent.c]
     fallout from PKCS#11: unbreak -D
 2010-02-12 09:22:31 +11:00
Damien Miller 7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20 
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
 2010-02-12 09:21:02 +11:00
Darren Tucker 72473c6b09 - djm@cvs.openbsd.org 2009/09/01 14:43:17 
[ssh-agent.c]
     fix a race condition in ssh-agent that could result in a wedged or
     spinning agent: don't read off the end of the allocated fd_sets, and
     don't issue blocking read/write on agent sockets - just fall back to
     select() on retriable read/write errors. bz#1633 reported and tested
     by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
 2009-10-07 09:01:03 +11:00
Darren Tucker 9013323644 - tobias@cvs.openbsd.org 2009/03/23 19:38:04 
[ssh-agent.c]
     My previous commit didn't fix the problem at all, so stick at my first
     version of the fix presented to dtucker.
     Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
     ok dtucker
 2009-06-21 17:50:15 +10:00
Darren Tucker a0964504e1 - tobias@cvs.openbsd.org 2009/03/23 08:31:19 
[ssh-agent.c]
     Fixed a possible out-of-bounds memory access if the environment variable
     SHELL is shorter than 3 characters.
     with input by and ok dtucker
 2009-06-21 17:49:36 +10:00
Damien Miller d8968adb5f - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h] 
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
   [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
   some platforms (HP nonstop) it is a distinct errno;
   bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
 2008-07-04 23:10:49 +10:00
Damien Miller 471db5c2eb - djm@cvs.openbsd.org 2008/06/28 14:05:15 
[ssh-agent.c]
     reset global compat flag after processing a protocol 2 signature
     request with the legacy DSA encoding flag set; ok markus
 2008-06-30 00:05:48 +10:00
Damien Miller 1cfadabc0e - djm@cvs.openbsd.org 2008/06/28 13:58:23 
[ssh-agent.c]
     refuse to add a key that has unknown constraints specified;
     ok markus
 2008-06-30 00:05:21 +10:00
Darren Tucker bfaaf960a0 - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c 
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
   header to after OpenSSL headers, since some versions of OpenSSL have
   SSLeay_add_all_algorithms as a macro already.
 2008-02-28 19:13:52 +11:00
Damien Miller 4c7728c651 - canacar@cvs.openbsd.org 2007/09/25 23:48:57 
[ssh-agent.c]
     When adding a key that already exists, update the properties
     (time, confirm, comment) instead of discarding them. ok djm@ markus@
 2007-10-26 14:25:31 +10:00
Damien Miller 5cbe7ca18d - sobrado@cvs.openbsd.org 2007/09/09 11:38:01 
[ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
     sort synopsis and options in ssh-agent(1); usage is lowercase
     ok jmc@
 2007-09-17 16:05:50 +10:00
Darren Tucker 2812dc9285 - dtucker@cvs.openbsd.org 2007/03/19 12:16:42 
[ssh-agent.c]
     Remove the signal handler that checks if the agent's parent process
     has gone away, instead check when the select loop returns.  Record when
     the next key will expire when scanning for expired keys.  Set the select
     timeout to whichever of these two things happens next.  With djm@, with &
     ok deraadt@ markus@
 2007-03-21 20:45:06 +11:00
Darren Tucker cf0d2db2fa - dtucker@cvs.openbsd.org 2007/02/28 00:55:30 
[ssh-agent.c]
     Remove expired keys periodically so they don't remain in memory when
     the agent is entirely idle, as noted by David R. Piegdon.  This is the
     simple fix, a more efficient one will be done later.  With markus,
     deraadt, with & ok djm.
 2007-02-28 21:19:58 +11:00
Damien Miller 952dce6593 - djm@cvs.openbsd.org 2006/10/06 02:29:19 
[ssh-agent.c ssh-keyscan.c ssh.c]
     sys/resource.h needs sys/time.h; prompted by brad@
     (NB. Id sync only for portable)
 2006-10-24 03:01:16 +10:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] 
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
 2006-09-01 15:38:36 +10:00
Damien Miller 9ab00b44c1 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05 
[monitor.c session.c ssh-agent.c]
     spaces
 2006-08-05 12:40:11 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
 2006-08-05 12:39:39 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
 2006-08-05 11:37:59 +10:00
Damien Miller e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
 2006-08-05 11:34:19 +10:00
Damien Miller 8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
 2006-08-05 11:02:17 +10:00
Damien Miller 9aec91948d - stevesk@cvs.openbsd.org 2006/07/25 02:59:21 
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
     move #include <sys/time.h> out of includes.h
 2006-08-05 10:57:45 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Damien Miller 5598b4f125 - stevesk@cvs.openbsd.org 2006/07/22 19:08:54 
[includes.h moduli.c progressmeter.c scp.c sftp-common.c]
     [sftp-server.c ssh-agent.c sshlogin.c]
     move #include <time.h> out of includes.h
 2006-07-24 14:09:40 +10:00
Damien Miller e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
 2006-07-24 14:01:23 +10:00
Darren Tucker 3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
 2006-07-12 22:22:46 +10:00
Damien Miller 57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
 2006-07-10 21:13:46 +10:00
Damien Miller e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
 2006-07-10 21:08:03 +10:00
Damien Miller a6680a4e35 - djm@cvs.openbsd.org 2006/06/13 01:18:36 
[ssh-agent.c]
     always use a format string, even when printing a constant
   - djm@cvs.openbsd.org 2006/06/13 02:17:07
     [ssh-agent.c]
     revert; i am on drugs. spotted by alexander AT beard.se
 2006-06-13 13:10:18 +10:00
Damien Miller 40b5985fe0 - markus@cvs.openbsd.org 2006/05/17 12:43:34 
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
     fix leak; coverity via Kylene Jo Hall
 2006-06-13 13:00:25 +10:00
Damien Miller 3f9418893e - djm@cvs.openbsd.org 2006/03/30 09:58:16 
[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
     [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
     replace {GET,PUT}_XXBIT macros with functionally similar functions,
     silencing a heap of lint warnings. also allows them to use
     __bounded__ checking which can't be applied to macros; requested
     by and feedback from deraadt@
 2006-03-31 23:13:02 +11:00
Damien Miller 89c3fe4a9e - deraadt@cvs.openbsd.org 2006/03/28 01:53:43 
[ssh-agent.c]
     use strtonum() to parse the pid from the file, and range check it
     better; ok djm
 2006-03-31 23:11:28 +11:00
Damien Miller 1c13bd8d79 - deraadt@cvs.openbsd.org 2006/03/25 18:41:45 
[ssh-agent.c]
     mark two more signal handlers ARGSUSED
 2006-03-26 14:28:14 +11:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller 36812092ec - djm@cvs.openbsd.org 2006/03/25 01:13:23 
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
     [uidswap.c]
     change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
     to xrealloc(p, new_nmemb, new_itemsize).

     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@
 2006-03-26 14:22:47 +11:00
Damien Miller 07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41 
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
 2006-03-26 14:19:21 +11:00
Damien Miller 9096740f6c - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
     [ssh-rsa.c ssh.c sshlogin.c]
     annoying spacing fixes getting in the way of real diffs
 2006-03-26 14:07:26 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Damien Miller 42fb06898e - (djm) [ssh-agent.c] Restore dropped stat.h 2006-03-15 14:03:06 +11:00
Damien Miller 6ff3caddb6 oops, this commit is really: 
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
     [clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@

the previous was:

   - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
     [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
     [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
     [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
     [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
     [sshconnect2.c sshd.c sshpty.c]
     move #include <sys/stat.h> out of includes.h; ok markus@
 2006-03-15 11:52:09 +11:00
Damien Miller 574c41fdb3 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15 
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
     move #include <sys/un.h> out of includes.h; ok djm@
 2006-03-15 11:40:10 +11:00
Damien Miller cd4223c245 - stevesk@cvs.openbsd.org 2006/02/08 14:31:30 
[includes.h ssh-agent.c ssh-keyscan.c ssh.c]
     move #include <sys/resource.h> out of includes.h; ok markus@
 2006-03-15 11:22:47 +11:00
Damien Miller a9263d065d fix spacing of include 2006-03-15 11:18:26 +11:00
Damien Miller 03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
 2006-03-15 11:16:59 +11:00
Damien Miller 2eb6340ddd - stevesk@cvs.openbsd.org 2006/02/07 01:18:09 
[includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
     move #include <sys/queue.h> out of includes.h; ok markus@
 2006-03-15 11:09:42 +11:00
Damien Miller 788f212aed - djm@cvs.openbsd.org 2005/10/30 08:52:18 
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
     [ssh.c sshconnect.c sshconnect1.c sshd.c]
     no need to escape single quotes in comments, no binary change
 2005-11-05 15:14:59 +11:00
Darren Tucker ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07 
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
 2005-10-03 18:11:24 +10:00
Darren Tucker ce327b62ac - djm@cvs.openbsd.org 2004/10/29 22:53:56 
[clientloop.c misc.h readpass.c ssh-agent.c]
     factor out common permission-asking code to separate function; ok markus@
 2004-11-05 20:38:03 +11:00
Darren Tucker 1dee8683fb - djm@cvs.openbsd.org 2004/10/07 10:12:36 
[ssh-agent.c]
     don't unlink agent socket when bind() fails, spotted by rich AT
     rich-paul.net, ok markus@
 2004-11-05 20:26:49 +11:00
Damien Miller 928a19ad9e - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ 2004-09-11 15:18:05 +10:00
Darren Tucker c7a6fc41bf - avsm@cvs.openbsd.org 2004/08/11 21:43:05 
[channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
     some signed/unsigned int comparison cleanups; markus@ ok
 2004-08-13 21:18:00 +10:00
Darren Tucker ba6de952a0 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c 
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
   openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c.  Reduces
   diff vs OpenBSD; ok mouring@, tested by tim@ too.
 2004-07-17 14:07:42 +10:00
Damien Miller 232711f6db - djm@cvs.openbsd.org 2004/06/14 01:44:39 
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
     [sshd.c]
     set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
 2004-06-15 10:35:30 +10:00
Darren Tucker e608ca2965 - djm@cvs.openbsd.org 2004/05/08 00:21:31 
[clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
     sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
     kill a tiny header; ok deraadt@
 2004-05-13 16:15:47 +10:00
Damien Miller 6c4914afcc - (djm) [configure.ac ssh-agent.c] Use prctl to prevent ptrace on ssh-agent 
ok dtucker
 2004-03-03 11:08:59 +11:00
Darren Tucker 3175eb9a5a - markus@cvs.openbsd.org 2003/12/02 17:01:15 
[channels.c session.c ssh-agent.c ssh.h sshd.c]
     use SSH_LISTEN_BACKLOG (=128) in listen(2).
 2003-12-09 19:15:11 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Darren Tucker 072a7b178c - markus@cvs.openbsd.org 2003/10/14 19:54:39 
[session.c ssh-agent.c]
     10X for mkdtemp; djm@
 2003-10-15 16:10:25 +10:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11 
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
 2003-10-02 16:12:36 +10:00
Darren Tucker 6fa8abd58b - markus@cvs.openbsd.org 2003/09/19 11:29:40 
[ssh-agent.c]
     provide a ssh-agent specific fatal() function; ok deraadt
 2003-09-22 21:10:21 +10:00
Darren Tucker fb16b2411e - markus@cvs.openbsd.org 2003/09/18 08:49:45 
[deattack.c misc.c session.c ssh-agent.c]
     more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
     ok millert@
 2003-09-22 21:04:23 +10:00
Damien Miller 59d3d5b8b4 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal 
-lbroken; ok dtucker
 2003-08-22 09:34:41 +10:00
Damien Miller 56a0bb07c4 - markus@cvs.openbsd.org 2003/06/12 19:12:03 
[scard.c scard.h ssh-agent.c ssh.c]
     add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
 2003-06-18 20:28:40 +10:00
Damien Miller d94f20d28e - djm@cvs.openbsd.org 2003/06/11 11:18:38 
[authfd.c authfd.h ssh-add.c ssh-agent.c]
     make agent constraints (lifetime, confirm) work with smartcard keys;
     ok markus@
 2003-06-11 22:06:33 +10:00
Damien Miller 0cbb9dea05 - (djm) Always use mysignal() for SIGALRM 2003-06-04 22:56:15 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller c51d0735a4 - markus@cvs.openbsd.org 2003/03/13 11:44:50 
[ssh-agent.c]
     ssh-agent is similar to ssh-keysign (allows other processes to use
     private rsa keys). however, it gets key over socket and not from
     a file, so we have to do blinding here as well.
 2003-03-15 11:37:09 +11:00
Damien Miller 6c71179f68 - markus@cvs.openbsd.org 2003/01/23 13:50:27 
[authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c]
     ssh-add -c, prompt user for confirmation (using ssh-askpass) when
     private agent key is used; with djm@; test by dugsong@, djm@;
     ok deraadt@
 2003-01-24 11:36:23 +11:00
Damien Miller 53d81483f0 - (djm) OpenBSD CVS Sync 
- marc@cvs.openbsd.org 2003/01/21 18:14:36
     [ssh-agent.1 ssh-agent.c]
     Add a -t life option to ssh-agent that set the default lifetime.
     The default can still be overriden by using -t in ssh-add.
     OK markus@
 2003-01-22 11:47:19 +11:00
Damien Miller af9de38c43 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2002/10/01 20:34:12
     [ssh-agent.c]
     allow root to access the agent, since there is no protection from root.
 2002-10-03 11:54:35 +10:00
Damien Miller db30b12d7b - (djm) OpenBSD CVS Sync 
- stevesk@cvs.openbsd.org 2002/09/12 19:11:52
     [ssh-agent.c]
     %u for uid print; ok markus@
 2002-09-19 11:46:58 +10:00
Damien Miller 9b481510bb - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and 
fake-queue.h to sys-tree.h and sys-queue.h
 2002-09-12 10:43:29 +10:00
Damien Miller 538f1819d8 - markus@cvs.openbsd.org 2002/09/10 20:24:47 
[ssh-agent.c]
     check the euid of the connecting process with getpeereid(2);
     ok provos deraadt stevesk
 2002-09-12 09:51:10 +10:00
Damien Miller 061d5b144f - stevesk@cvs.openbsd.org 2002/08/22 20:57:19 
[ssh-agent.c]
     shutdown(SHUT_RDWR) not needed before close here; ok markus@
 2002-09-04 16:33:31 +10:00
Damien Miller 58f3486c74 - stevesk@cvs.openbsd.org 2002/08/22 19:27:53 
[ssh-agent.c]
     use common close function; ok markus@
 2002-09-04 16:31:21 +10:00
Damien Miller 4efdfff6ba - stevesk@cvs.openbsd.org 2002/08/21 20:10:28 
[ssh-agent.c]
     raise listen backlog; ok markus@
 2002-09-04 16:28:18 +10:00
Damien Miller 6cffb9a8cd - markus@cvs.openbsd.org 2002/08/12 10:46:35 
[ssh-agent.c]
     make ssh-agent setgid, disallow ptrace.
     (note: change not yet made in Makefile)
 2002-09-04 16:20:26 +10:00
Ben Lindstrom 82ec9836b2 - (bal) sync ID w/ ssh-agent.c 2002-07-23 21:05:17 +00:00
Ben Lindstrom c5a7f4fdf9 - markus@cvs.openbsd.org 2002/06/24 14:55:38 
[authfile.c kex.c ssh-agent.c]
     cat to (void) when output from buffer_get_X is ignored
 2002-06-25 23:19:13 +00:00
Ben Lindstrom 822b634099 - deraadt@cvs.openbsd.org 2002/06/23 10:29:52 
[ssh-agent.c sshd.c]
     some minor KNF and %u
 2002-06-23 21:38:49 +00:00
Ben Lindstrom 883844dc07 - (bal) add extern char *getopt. Based on report by dtucker@zip.com.au 2002-06-23 00:20:50 +00:00
Ben Lindstrom 1a1b851775 - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset. 2002-06-23 00:18:15 +00:00
Ben Lindstrom cb72e4f6d2 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55 
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
 2002-06-21 00:41:51 +00:00
Ben Lindstrom 2b266b7f08 - markus@cvs.openbsd.org 2002/06/15 01:27:48 
[authfd.c authfd.h ssh-add.c ssh-agent.c]
     remove the CONSTRAIN_IDENTITY messages and introduce a new
     ADD_ID message with contraints instead. contraints can be
     only added together with the private key.
 2002-06-21 00:08:39 +00:00
Ben Lindstrom c90f8a98ea - markus@cvs.openbsd.org 2002/06/15 00:07:38 
[authfd.c authfd.h ssh-add.c ssh-agent.c]
     fix stupid typo
 2002-06-21 00:06:54 +00:00
Ben Lindstrom 4eb4c4e1ef - markus@cvs.openbsd.org 2002/06/15 00:01:36 
[authfd.c authfd.h ssh-add.c ssh-agent.c]
     break agent key lifetime protocol and allow other contraints for key
     usage.
 2002-06-21 00:04:48 +00:00
Ben Lindstrom ce0f634270 - mpech@cvs.openbsd.org 2002/06/11 05:46:20 
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
     pid_t cleanup. Markus need this now to keep hacking.
     markus@, millert@ ok
 2002-06-11 16:42:49 +00:00
Ben Lindstrom 494709decb - (bal) ssh-agent.c RCSD fix (|unexpand already done) 2002-06-11 15:42:53 +00:00
Ben Lindstrom 5a6abdae0f unexpand 2002-06-09 19:41:48 +00:00
Ben Lindstrom 61d328acf9 - markus@cvs.openbsd.org 2002/06/05 21:55:44 
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
     ssh-add -t life,  Set lifetime (in seconds) when adding identities;
     ok provos@
 2002-06-06 21:54:57 +00:00
Ben Lindstrom 2f71704b42 - markus@cvs.openbsd.org 2002/06/05 19:57:12 
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
     ssh-add -x for lock and -X for unlocking the agent.
     todo: encrypt private keys with locked...
 2002-06-06 21:52:03 +00:00
Ben Lindstrom 21d1ed8303 - markus@cvs.openbsd.org 2002/06/05 16:48:54 
[ssh-agent.c]
     copy current request into an extra buffer and just flush this
     request on errors, ok provos@
 2002-06-06 21:48:57 +00:00
Ben Lindstrom b7788f3ebe - markus@cvs.openbsd.org 2002/06/05 16:08:07 
[ssh-agent.1 ssh-agent.c]
     '-a bind_address' binds the agent to user-specified unix-domain
     socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
 2002-06-06 21:46:08 +00:00
Ben Lindstrom 924144e650 - (bal) Too many <sys/queue.h> issues. Remove all workarounds and 
using internal version only.
 2002-04-05 20:23:35 +00:00
Ben Lindstrom eecdf23531 - markus@cvs.openbsd.org 2002/04/02 11:49:39 
[ssh-agent.c]
     check $SHELL for -k and -d, too;
     http://bugzilla.mindrot.org/show_bug.cgi?id=199
 2002-04-02 21:03:51 +00:00
Ben Lindstrom 0936a5bb72 - markus@cvs.openbsd.org 2002/03/25 17:34:27 
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
     change sc_get_key to sc_get_keys and hide smartcard details in scard.c
 2002-03-26 03:17:42 +00:00
Ben Lindstrom ba72d30aa5 - rees@cvs.openbsd.org 2002/03/21 22:44:05 
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
     Add PIN-protection for secret key.
 2002-03-22 03:51:06 +00:00
Kevin Steves 399ec97bc2 whitespace sync 2002-03-05 18:59:45 +00:00
Ben Lindstrom 05764b9286 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39 
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@
 2002-03-05 01:53:02 +00:00
Damien Miller c653b89b5a - stevesk@cvs.openbsd.org 2002/02/05 15:50:12 
[ssh-agent.c]
     use log interface and remove perror() in child.  use
     fatal_add_cleanup() vs. atexit().  ok mouring@ markus@
 2002-02-08 22:05:41 +11:00
Damien Miller 4d4d53f399 - stevesk@cvs.openbsd.org 2002/02/04 00:53:39 
[ssh-agent.c]
     unneeded includes
 2002-02-05 12:25:28 +11:00
Damien Miller ec52d7c093 - (djm) Use local sys/queue.h if necessary in ssh-agent.c 2002-01-22 23:52:17 +11:00
Damien Miller 4a8ed54361 - stevesk@cvs.openbsd.org 2002/01/18 18:14:17 
[authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
     unneeded cast cleanup; ok markus@
 2002-01-22 23:33:31 +11:00
Damien Miller 1a534ae97f - provos@cvs.openbsd.org 2002/01/13 17:27:07 
[ssh-agent.c]
     change to use queue.h macros; okay markus@
 2002-01-22 23:26:13 +11:00
Damien Miller 708d21c802 - stevesk@cvs.openbsd.org 2001/12/29 21:56:01 
[authfile.c channels.c compress.c packet.c sftp-server.c ssh-agent.c ssh-keygen.c]
     remove unneeded casts and some char->u_char cleanup; ok markus@
 2002-01-22 23:18:15 +11:00
Damien Miller da7551677b - markus@cvs.openbsd.org 2001/12/27 18:22:16 
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
     call fatal() for openssl allocation failures
 2002-01-22 23:09:22 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Ben Lindstrom 1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12 
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
 2001-12-06 18:00:18 +00:00
Ben Lindstrom 65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34 
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
 2001-12-06 16:32:47 +00:00
Ben Lindstrom ddfb1e3a89 - jakob@cvs.openbsd.org 2001/08/03 10:31:30 
[ssh-add.c ssh-agent.c ssh-keyscan.c]
     improve usage(). ok markus@
 2001-08-06 22:06:35 +00:00
Ben Lindstrom bcc1808bf2 - jakob@cvs.openbsd.org 2001/08/02 16:14:05 
[scard.c ssh-agent.c ssh.c ssh-keygen.c]
     clean up some /* SMARTCARD */. ok markus@
 2001-08-06 21:59:25 +00:00
Ben Lindstrom ffce147638 - jakob@cvs.openbsd.org 2001/08/02 15:43:57 
[ssh-agent.c ssh.c ssh-keygen.c]
     add /* SMARTCARD */ to #else/#endif. ok markus@
 2001-08-06 21:57:31 +00:00
Ben Lindstrom f7db3bb64c - markus@cvs.openbsd.org 2001/08/01 22:03:33 
[authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c
      ssh-agent.c ssh.c]
     use strings instead of ints for smartcard reader ids
 2001-08-06 21:35:51 +00:00
Ben Lindstrom 0250da057d - markus@cvs.openbsd.org 2001/07/20 14:46:11 
[ssh-agent.c]
     do not exit() from signal handlers; ok deraadt@
 2001-07-22 20:44:00 +00:00
Ben Lindstrom 3fdf876107 - stevesk@cvs.openbsd.org 2001/07/18 21:40:40 
[ssh-agent.c]
     chdir("/") from bbraun@synack.net; ok markus@
 2001-07-22 20:40:24 +00:00
Ben Lindstrom a3d5a4c2db - markus@cvs.openbsd.org 2001/07/17 20:48:42 
[ssh-agent.c]
     update maxfd if maxfd is closed; report from jmcelroy@dtgnet.com
 2001-07-18 15:58:08 +00:00
Ben Lindstrom a7fc2f7434 - stevesk@cvs.openbsd.org 2001/07/15 16:58:29 
[ssh-agent.c]
     typo in usage; ok markus@
 2001-07-18 15:53:39 +00:00
Damien Miller f3512d9ba7 - OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2001/07/04 23:49:27
     [ssh-agent.c]
     handle mutiple adds of the same smartcard key
 2001-07-14 12:14:27 +10:00
Damien Miller 8d4bf17036 - OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2001/07/04 23:39:07
     [ssh-agent.c]
     for smartcards remove both RSA1/2 keys
 2001-07-14 12:13:49 +10:00
Damien Miller 694be4b1d5 - OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2001/07/04 23:13:10
     [scard.c scard.h ssh-agent.c]
     handle card removal more gracefully, add sc_close() to scard.h
 2001-07-14 12:13:26 +10:00
Damien Miller 48bfa9cafa - OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2001/07/04 22:47:19
     [ssh-agent.c]
     ignore SIGPIPE when debugging, too
 2001-07-14 12:12:55 +10:00
Ben Lindstrom f7297dd79d - markus@cvs.openbsd.org 2001/06/27 05:42:25 
[rsa.c rsa.h ssh-agent.c ssh-keygen.c]
     s/generate_additional_parameters/rsa_generate_additional_parameters/
     http://www.humppa.com/
 2001-07-04 05:02:23 +00:00
Ben Lindstrom 3f471630bb - markus@cvs.openbsd.org 2001/06/26 05:33:34 
[ssh-agent.c]
     more smartcard support.
 2001-07-04 03:53:15 +00:00
Ben Lindstrom db6b276f5a - markus@cvs.openbsd.org 2001/06/26 05:07:43 
[ssh-agent.c]
     update usage
 2001-07-04 03:51:35 +00:00
Ben Lindstrom d94580c708 - markus@cvs.openbsd.org 2001/06/26 04:07:06 
[ssh-agent.1 ssh-agent.c]
     add debug flag
 2001-07-04 03:48:02 +00:00
Ben Lindstrom 4469723325 - markus@cvs.openbsd.org 2001/06/25 08:25:41 
[channels.c channels.h cipher.c clientloop.c compat.c compat.h
      hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
      session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
     update copyright for 2001
 2001-07-04 03:32:30 +00:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20 
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
 2001-06-25 05:01:22 +00:00
Ben Lindstrom 3524d69737 - (bal) Avoid socket file security issues in ssh-agent for Cygwin. 
Patch by Egor Duda <deo@logos-m.ru>
 2001-05-03 22:59:24 +00:00
Ben Lindstrom 86ebcb6cf5 - stevesk@cvs.openbsd.org 2001/04/03 13:56:11 
[sftp-glob.c ssh-agent.c ssh-keygen.c]
     free() -> xfree()
 2001-04-04 01:53:20 +00:00
Ben Lindstrom d09fcf5f6e - markus@cvs.openbsd.org 2001/03/26 23:23:24 
[rsa.c rsa.h ssh-agent.c ssh-keygen.c]
     try to read private f-secure ssh v2 rsa keys.
 2001-03-29 00:29:54 +00:00
Damien Miller 60bc517356 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to 
do it implicitly.
 2001-03-19 09:38:15 +11:00
Ben Lindstrom b3144e58e7 - deraadt@cvs.openbsd.org 2001/03/06 00:33:04 
[authfd.c cli.c ssh-agent.c]
     EINTR/EAGAIN handling is required in more cases
 2001-03-06 03:31:34 +00:00
Ben Lindstrom 92a2e38f8e - deraadt@cvs.openbsd.org 2001/03/02 18:54:31 
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
 2001-03-05 06:59:27 +00:00
Ben Lindstrom 28072eb10c - itojun@cvs.openbsd.org 2001/02/08 19:30:52 
sync with netbsd tree changes.
     - more strict prototypes, include necessary headers
     - use paths.h/pathnames.h decls
     - size_t typecase to int -> u_long
 2001-02-10 23:13:41 +00:00
Kevin Steves ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27 
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
 2001-02-05 12:42:17 +00:00
Damien Miller 7650bc6842 - (djm) OpenBSD CVS Sync: 
- markus@cvs.openbsd.org  2001/01/29 12:47:32
     [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
     handle rsa_private_decrypt failures; helps against the Bleichenbacher
     pkcs#1 attack
 2001-01-30 09:27:26 +11:00
Ben Lindstrom 77808aba58 - deraadt@cvs.openbsd.org 2001/01/25 8:06:33 
[ssh-agent.c]
     call _exit() in signal handler
 2001-01-26 05:10:34 +00:00
Kevin Steves 2926586a42 whitespace sync 2001-01-24 14:06:28 +00:00