Commit Graph

5464 Commits

Author SHA1 Message Date
Damien Miller 43001b3b3b - (djm) [Makefile.in ssh-pkcs11-helper.8] Add manpage for PKCS#11 helper 2010-02-24 18:18:51 +11:00
Damien Miller cfa42d2fd2 - markus@cvs.openbsd.org 2010/02/08 10:52:47
[regress/agent-pkcs11.sh]
     test for PKCS#11 support (currently disabled)
2010-02-24 17:31:20 +11:00
Damien Miller c1739211a6 - djm@cvs.openbsd.org 2010/02/24 06:21:56
[regress/test-exec.sh]
     wait for sshd to fully stop in cleanup() function; avoids races in tests
     that do multiple start_sshd/cleanup cycles; "I hate pidfiles" deraadt@
2010-02-24 17:29:34 +11:00
Damien Miller 8f9492c90d - djm@cvs.openbsd.org 2010/02/09 06:29:02
[regress/Makefile]
     turn on all the malloc(3) checking options when running regression
     tests. this has caught a few bugs for me in the past; ok dtucker@
2010-02-24 17:28:45 +11:00
Damien Miller bb4ae5583b - djm@cvs.openbsd.org 2010/02/09 04:57:36
[regress/addrmatch.sh]
     clean up droppings
2010-02-24 17:26:38 +11:00
Damien Miller 0dff9c7e6d - dtucker@cvs.openbsd.org 2010/01/11 02:53:44
[regress/forwarding.sh]
     regress test for stdio forwarding
2010-02-24 17:25:58 +11:00
Damien Miller b6bd3c2ca8 - dtucker@cvs.openbsd.org 2009/11/09 04:20:04
[regress/Makefile]
     add regression test for ssh-keygen pubkey conversions
2010-02-24 17:24:56 +11:00
Damien Miller a80f1404bb - djm@cvs.openbsd.org 2010/02/11 20:37:47
[pathnames.h]
     correct comment
2010-02-24 17:17:58 +11:00
Damien Miller 05abd2c968 - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
[ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable
2010-02-24 17:16:08 +11:00
Damien Miller b3c9f78711 - (djm) [configure.ac] Enable PKCS#11 support only when we find a working
dlopen()
2010-02-12 10:11:34 +11:00
Damien Miller dfa4156dbd - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
Use ssh_get_progname to fill __progname
2010-02-12 10:06:28 +11:00
Damien Miller 8ad0fbd98e - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
Make it compile on OSX
2010-02-12 09:49:06 +11:00
Damien Miller d8f6002272 - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java]
   Remove obsolete smartcard support
2010-02-12 09:34:22 +11:00
Damien Miller d400da5ba8 - jmc@cvs.openbsd.org 2010/02/11 13:23:29
[ssh.1]
     libarary -> library;
2010-02-12 09:26:23 +11:00
Damien Miller a761844455 - markus@cvs.openbsd.org 2010/02/10 23:20:38
[ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5]
     pkcs#11 is no longer optional; improve wording; ok jmc@
2010-02-12 09:26:02 +11:00
Damien Miller 47cf16b8df - djm@cvs.openbsd.org 2010/02/09 06:18:46
[auth.c]
     unbreak ChrootDirectory+internal-sftp by skipping check for executable
     shell when chrooting; reported by danh AT wzrd.com; ok dtucker@
2010-02-12 09:25:29 +11:00
Damien Miller 8922106fe9 - djm@cvs.openbsd.org 2010/02/09 03:56:28
[buffer.c buffer.h]
     constify the arguments to buffer_len, buffer_ptr and buffer_dump
2010-02-12 09:23:40 +11:00
Damien Miller 86cbb44d47 - djm@cvs.openbsd.org 2010/02/09 00:50:59
[ssh-keygen.c]
     fix -Wall
2010-02-12 09:22:57 +11:00
Damien Miller a183c6edee - djm@cvs.openbsd.org 2010/02/09 00:50:36
[ssh-agent.c]
     fallout from PKCS#11: unbreak -D
2010-02-12 09:22:31 +11:00
Damien Miller 048dc93617 - jmc@cvs.openbsd.org 2010/02/08 22:03:05
[ssh-add.1 ssh-keygen.1 ssh.1 ssh.c]
     tweak previous; ok markus
2010-02-12 09:22:04 +11:00
Damien Miller 7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00
Damien Miller 17751bcab2 - djm@cvs.openbsd.org 2010/02/02 22:49:34
[bufaux.c]
     make buffer_get_string_ret() really non-fatal in all cases (it was
     using buffer_get_int(), which could fatal() on buffer empty);
     ok markus dtucker
2010-02-12 07:35:08 +11:00
Damien Miller 1d2bfc4118 - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for
getseuserbyname; patch from calebcase AT gmail.com via
   cjwatson AT debian.org
2010-02-10 10:19:29 +11:00
Damien Miller d636943d08 - djm@cvs.openbsd.org 2010/01/30 21:12:08
[channels.c]
     fake local addr:port when stdio fowarding as some servers (Tectia at
     least) validate that they are well-formed;
     reported by imorgan AT nas.nasa.gov
     ok dtucker
2010-02-02 17:02:07 +11:00
Damien Miller 74d9825c0f - djm@cvs.openbsd.org 2010/01/30 21:08:33
[sshd.8]
     debug output goes to stderr, not "the system log"; ok markus dtucker
2010-02-02 17:01:46 +11:00
Damien Miller c3ca35f424 - djm@cvs.openbsd.org 2010/01/30 02:54:53
[mux.c]
     don't mark channel as read failed if it is already closing; suppresses
     harmless error messages when connecting to SSH.COM Tectia server
     report by imorgan AT nas.nasa.gov
2010-01-30 17:42:01 +11:00
Damien Miller 0dac03febd - djm@cvs.openbsd.org 2010/01/29 20:16:17
[mux.c]
     kill correct channel (was killing already-dead mux channel, not
     its session channel)
2010-01-30 17:36:33 +11:00
Damien Miller 133d9d313e - djm@cvs.openbsd.org 2010/01/29 00:20:41
[sshd.c]
     set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com
     ok dtucker@
2010-01-30 17:30:04 +11:00
Damien Miller 36f57ebf3b - djm@cvs.openbsd.org 2010/01/28 00:21:18
[clientloop.c]
     downgrade an error() to a debug() - this particular case can be hit in
     normal operation for certain sequences of mux slave vs session closure
     and is harmless
2010-01-30 17:28:34 +11:00
Darren Tucker 19d32cb934 - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config()
after registering the hardware engines, which causes the openssl.cnf file to
   be processed.  See OpenSSL's man page for OPENSSL_config(3) for details.
   Patch from Solomon Peachy, ok djm@.
2010-01-29 10:54:11 +11:00
Damien Miller a1162985a5 - djm@cvs.openbsd.org 2010/01/27 19:21:39
[sftp.c]
     add missing "p" flag to getopt optstring;
     bz#1704 from imorgan AT nas.nasa.gov
2010-01-28 06:27:54 +11:00
Damien Miller a21cdfac2f - djm@cvs.openbsd.org 2010/01/27 13:26:17
[mux.c]
     fix bug introduced in mux rewrite:

     In a mux master, when a socket to a mux slave closes before its server
     session (as may occur when the slave has been signalled), gracefully
     close the server session rather than deleting its channel immediately.
     A server may have more messages on that channel to send (e.g. an exit
     message) that will fatal() the client if they are sent to a channel that
     has been prematurely deleted.

     spotted by imorgan AT nas.nasa.gov
2010-01-28 06:26:59 +11:00
Damien Miller 45a81a0e18 - djm@cvs.openbsd.org 2010/01/26 02:15:20
[mux.c]
     -Wuninitialized and remove a // comment; from portable
     (Id sync only)
2010-01-28 06:26:20 +11:00
Damien Miller e1537f951f - djm@cvs.openbsd.org 2010/01/26 01:28:35
[channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c]
     rewrite ssh(1) multiplexing code to a more sensible protocol.

     The new multiplexing code uses channels for the listener and
     accepted control sockets to make the mux master non-blocking, so
     no stalls when processing messages from a slave.

     avoid use of fatal() in mux master protocol parsing so an errant slave
     process cannot take down a running master.

     implement requesting of port-forwards over multiplexed sessions. Any
     port forwards requested by the slave are added to those the master has
     established.

     add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.

     document master/slave mux protocol so that other tools can use it to
     control a running ssh(1). Note: there are no guarantees that this
     protocol won't be incompatibly changed (though it is versioned).

     feedback Salvador Fandino, dtucker@
     channel changes ok markus@
2010-01-26 13:26:22 +11:00
Damien Miller f589fd1ea8 - dtucker@cvs.openbsd.org 2010/01/18 01:50:27
[roaming_client.c]
     s/long long unsigned/unsigned long long/, from tim via portable
     (Id sync only, change already in portable)
2010-01-26 12:53:06 +11:00
Damien Miller 2e68d793d6 - tedu@cvs.openbsd.org 2010/01/17 21:49:09
[ssh-agent.1]
     Correct and clarify ssh-add's password asking behavior.
     Improved text dtucker and ok jmc
2010-01-26 12:51:13 +11:00
Tim Rice 6761c7417d - (tim) [configure.ac] Due to constraints in Windows Sockets in terms of
socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size
   in Cygwin to 65535. Patch from Corinna Vinschen.
2010-01-22 10:25:15 -08:00
Tim Rice 7bb7471b80 Reword comment in last commit for additional clearity. 2010-01-17 22:49:57 -08:00
Tim Rice 641ebf1f86 - (tim) [configure.ac] Use the C99-conforming functions snprintf() and
vsnprintf() named _xsnprintf() and _xvsnprintf() on SVR5 systems.
2010-01-17 17:05:39 -08:00
Tim Rice 7ab7b9346d - (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too. 2010-01-17 12:48:22 -08:00
Tim Rice 33e48ac7b2 Oops, forgot to document second change to roaming_client.c
s/long long unsigned/unsigned long long/ to keep USL compilers happy.
2010-01-17 07:12:40 -08:00
Tim Rice f37756759f - (tim) [roaming_client.c] Use of <sys/queue.h> is not really portable so
we use "openbsd-compat/sys-queue.h"
2010-01-16 16:48:39 -08:00
Tim Rice 4a7db1ca2f - (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The native
getaddrinfo() is too old and limited for addr_pton() in addrmatch.c.
2010-01-16 12:23:25 -08:00
Tim Rice 999aaf4182 - (tim) [regress/portnum.sh] Shell portability fix. 2010-01-16 11:37:53 -08:00
Darren Tucker 4e21855422 - (dtucker) [openbsd-compat/openbsd-compat.h] Typo. 2010-01-16 23:58:37 +11:00
Darren Tucker 612e400c68 - (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused
variable warnings.
2010-01-16 13:53:52 +11:00
Darren Tucker dab129bef5 - markus@cvs.openbsd.org 2010/01/15 09:24:23
[sftp-common.c]
     unused
2010-01-16 13:43:50 +11:00
Darren Tucker 69371b511b - (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted by
Tim.
2010-01-16 13:30:30 +11:00
Darren Tucker 2563e3f272 - (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid
and group_from_gid.
2010-01-16 11:53:07 +11:00
Darren Tucker ca94485a48 - (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h
so we correctly detect whether or not we have a native user_from_uid.
2010-01-16 11:48:27 +11:00