d6725f04e2
- dtucker@cvs.openbsd.org 2007/12/28 15:32:24
...
[clientloop.c serverloop.c packet.c]
Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
ServerAlive and ClientAlive timers. Prevents dropping a connection
when these are enabled but the peer does not support our keepalives.
bz #1307 , ok djm@.
2007-12-29 02:45:07 +11:00
e42bd24b22
- (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52 )
...
when closing a tty session when a background process still holds tty
fds open. Great detective work and patch by Marc Aurele La France,
slightly tweaked by me; ok dtucker@
2007-01-29 10:16:28 +11:00
985a4485f5
- markus@cvs.openbsd.org 2006/10/11 12:38:03
...
[clientloop.c serverloop.c]
exit instead of doing a blocking tcp send if we detect a client/server
timeout, since the tcp sendqueue might be already full (of alive
requests); ok dtucker, report mpf
2006-10-24 03:02:41 +10:00
d783435315
- deraadt@cvs.openbsd.org 2006/08/03 03:34:42
...
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
8dbffe7904
- stevesk@cvs.openbsd.org 2006/07/26 02:35:17
...
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
[groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
[packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
[sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
[uidswap.c xmalloc.c]
move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
9aec91948d
- stevesk@cvs.openbsd.org 2006/07/25 02:59:21
...
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
move #include <sys/time.h> out of includes.h
2006-08-05 10:57:45 +10:00
e3476ed03b
- stevesk@cvs.openbsd.org 2006/07/22 20:48:23
...
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
1cdde6f536
- stevesk@cvs.openbsd.org 2006/07/20 15:26:15
...
[auth1.c serverloop.c session.c sshconnect2.c]
missed some needed #include <unistd.h> when KERBEROS5=no; issue from
massimo@cedoc.mo.it
2006-07-24 14:07:35 +10:00
3997249346
- stevesk@cvs.openbsd.org 2006/07/11 20:07:25
...
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
57cf638577
- stevesk@cvs.openbsd.org 2006/07/09 15:15:11
...
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
[readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
[sshlogin.c sshpty.c]
move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
9f2abc47eb
- stevesk@cvs.openbsd.org 2006/07/06 16:03:53
...
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
[auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
[auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
[monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
[session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
[ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
[uidswap.h]
move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
8ec8c3e98a
- stevesk@cvs.openbsd.org 2006/07/05 02:42:09
...
[canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
[serverloop.c sshconnect.c uuencode.c]
move #include <netinet/in.h> out of includes.h; ok deraadt@
(also ssh-rand-helper.c logintest.c loginrec.c)
2006-07-10 20:35:38 +10:00
144e8d60cd
- (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
...
only, otherwise sshd can hang exiting non-interactive sessions.
2006-06-25 08:25:25 +10:00
03890e44cd
- (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
...
#1102 workaround.
2006-06-24 16:58:45 +10:00
9afe115f0a
- (dtucker) [channels.c configure.ac serverloop.c] Bug #1102 : Around AIX
...
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
on the pty slave as zero-length reads on the pty master, which sshd
interprets as the descriptor closing. Since most things don't do zero
length writes this rarely matters, but occasionally it happens, and when
it does the SSH pty session appears to hang, so we add a special case for
this condition. ok djm@
2006-06-23 21:24:12 +10:00
90fdfaf69c
- deraadt@cvs.openbsd.org 2006/03/25 18:30:55
...
[clientloop.c serverloop.c]
spacing
2006-03-26 14:25:37 +11:00
57c30117c1
- djm@cvs.openbsd.org 2006/03/25 13:17:03
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
4f7becb44f
- deraadt@cvs.openbsd.org 2006/03/20 18:48:34
...
[channels.c fatal.c kex.c packet.c serverloop.c]
spacing
2006-03-26 14:10:14 +11:00
71a7367130
- deraadt@cvs.openbsd.org 2006/03/20 18:14:02
...
[channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
[ssh.c sshpty.c sshpty.h]
sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 14:04:36 +11:00
f0b15dfc52
- deraadt@cvs.openbsd.org 2006/03/19 18:56:41
...
[clientloop.c progressmeter.c serverloop.c sshd.c]
ARGSUSED for signal handlers
2006-03-26 13:59:20 +11:00
6f98a1fea7
- djm@cvs.openbsd.org 2006/03/19 02:22:32
...
[serverloop.c]
memory leaks detected by Coverity via elad AT netbsd.org;
ok deraadt@ dtucker@
2006-03-26 13:51:08 +11:00
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
ec04f360eb
- djm@cvs.openbsd.org 2006/03/04 04:12:58
...
[serverloop.c]
move a debug() outside of a signal handler; ok markus@ a little while back
2006-03-15 12:01:34 +11:00
6ff3caddb6
oops, this commit is really:
...
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
the previous was:
- stevesk@cvs.openbsd.org 2006/02/20 17:19:54
[auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
[authfile.c clientloop.c includes.h readconf.c scp.c session.c]
[sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
[sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
[sshconnect2.c sshd.c sshpty.c]
move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
9cf6d077fb
- stevesk@cvs.openbsd.org 2006/02/10 01:44:27
...
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
[sftp.c sshconnect.c sshconnect2.c sshd.c]
move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 11:29:24 +11:00
99bd21e3fe
- stevesk@cvs.openbsd.org 2006/02/07 01:42:00
...
[channels.c clientloop.c clientloop.h includes.h packet.h]
[serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
move #include <termios.h> out of includes.h; ok markus@
2006-03-15 11:11:28 +11:00
598bbc2d8f
- (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
...
[serverloop.c ssh.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
compatability support for Linux, diff from reyk@
2005-12-31 16:33:36 +11:00
0d0e8f0173
- (dtucker) OpenBSD CVS Sync
...
- reyk@cvs.openbsd.org 2005/12/13 15:03:02
[serverloop.c]
if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
2005-12-20 16:08:42 +11:00
7b58e80036
- reyk@cvs.openbsd.org 2005/12/08 18:34:11
...
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
[serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
two changes to the new ssh tunnel support. this breaks compatibility
with the initial commit but is required for a portable approach.
- make the tunnel id u_int and platform friendly, use predefined types.
- support configuration of layer 2 (ethernet) or layer 3
(point-to-point, default) modes. configuration is done using the
Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
in sshd_config(5).
ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
d27b947178
- reyk@cvs.openbsd.org 2005/12/06 22:38:28
...
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
24ecf61261
- dtucker@cvs.openbsd.org 2005/11/03 13:38:29
...
[canohost.c]
Cache reverse lookups with and without DNS separately; ok markus@
2005-11-05 15:16:52 +11:00
788f212aed
- djm@cvs.openbsd.org 2005/10/30 08:52:18
...
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
[ssh.c sshconnect.c sshconnect1.c sshd.c]
no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
39eda6eb6a
- djm@cvs.openbsd.org 2005/10/10 10:23:08
...
[channels.c channels.h clientloop.c serverloop.c session.c]
fix regression I introduced in 4.2: X11 forwardings initiated after
a session has exited (e.g. "(sleep 5; xterm) &") would not start.
bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
2005-11-05 14:52:50 +11:00
b6f72f5294
-(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
...
[ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
2005-07-17 17:26:43 +10:00
0dc1bef12d
- djm@cvs.openbsd.org 2005/07/17 07:17:55
...
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
[cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
[serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
[sshconnect.c sshconnect2.c]
knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
c7a6fc41bf
- avsm@cvs.openbsd.org 2004/08/11 21:43:05
...
[channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
some signed/unsigned int comparison cleanups; markus@ ok
2004-08-13 21:18:00 +10:00
e7066dfde3
- djm@cvs.openbsd.org 2004/05/21 11:33:11
...
[channels.c channels.h clientloop.c serverloop.c ssh.1]
bz #756 : add support for the cancel-tcpip-forward request for the server and
the client (through the ~C commandline). reported by z3p AT twistedmatrix.com;
ok markus@
2004-05-24 10:18:05 +10:00
fb1310eded
- markus@cvs.openbsd.org 2004/01/19 21:25:15
...
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
2004-01-21 11:02:50 +11:00
b5820f40bf
20031217
...
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/12/09 15:28:43
[serverloop.c]
make ClientKeepAlive work for ssh -N, too (no login shell requested).
1) send a bogus channel request if we find a channel
2) send a bogus global request if we don't have a channel
ok + test beck@
2003-12-17 16:27:32 +11:00
4bb1dd3166
- (djm) OpenBSD CVS Sync
...
- dtucker@cvs.openbsd.org 2003/11/18 00:40:05
[serverloop.c]
Correct check for authctxt->valid. ok djm@
2003-11-18 22:01:25 +11:00
3e3b5145e5
- djm@cvs.openbsd.org 2003/11/04 08:54:09
...
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
502d384b74
- markus@cvs.openbsd.org 2003/06/24 08:23:46
...
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
int -> u_int; ok djm@, deraadt@, mouring@
2003-06-28 12:38:01 +10:00
9fc7c699af
- djm@cvs.openbsd.org 2003/06/04 12:03:59
...
[serverloop.c]
remove bitrotten commet; ok markus@
2003-06-04 22:50:54 +10:00
b1ca8bb159
- markus@cvs.openbsd.org 2003/05/11 20:30:25
...
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
2003-05-14 13:45:42 +10:00
a5539d2698
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/04/02 09:48:07
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
reapply rekeying chage, tested by henning@, ok djm@
2003-04-09 20:50:06 +10:00
2dc074ef4b
- markus@cvs.openbsd.org 2003/04/01 10:10:23
...
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
2003-04-01 21:43:39 +10:00
81ed518b9b
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
...
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
16aed05578
- stevesk@cvs.openbsd.org 2002/09/19 16:03:15
...
[serverloop.c]
log IP address also; ok markus@
2002-09-22 01:26:27 +10:00
99a4e14fe0
- (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
...
lacking that concept can share it. Patch by vinschen@redhat.com
2002-07-09 14:06:40 +00:00
4fed2be856
- markus@cvs.openbsd.org 2002/06/24 14:33:27
...
[channels.c channels.h clientloop.c serverloop.c]
move channel counter to u_int
2002-06-25 23:17:36 +00:00
ce0f634270
- mpech@cvs.openbsd.org 2002/06/11 05:46:20
...
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
pid_t cleanup. Markus need this now to keep hacking.
markus@, millert@ ok
2002-06-11 16:42:49 +00:00
47fd8112b5
- markus@cvs.openbsd.org 2002/03/30 18:51:15
...
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
check waitpid for EINTR; based on patch from peter@ifm.liu.se
2002-04-02 20:48:19 +00:00
3dc40f997b
- markus@cvs.openbsd.org 2002/03/24 16:00:27
...
[serverloop.c]
remove unused debug
2002-03-26 02:01:30 +00:00
7a2073c50b
- provos@cvs.openbsd.org 2002/03/18 17:50:31
...
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-22 02:30:41 +00:00
699d003e3a
- markus@cvs.openbsd.org 2002/02/06 14:55:16
...
[channels.c clientloop.c serverloop.c ssh.c]
channel_new never returns NULL, mouring@; ok djm@
2002-02-08 22:07:16 +11:00
c7ef63dd41
- markus@cvs.openbsd.org 2002/02/03 17:53:25
...
[auth1.c serverloop.c session.c session.h]
don't use channel_input_channel_request and callback
use new server_input_channel_req() instead:
server_input_channel_req does generic request parsing on server side
session_input_channel_req handles just session specific things now
ok djm@
2002-02-05 12:21:42 +11:00
664d6b9a8e
- markus@cvs.openbsd.org 2002/01/31 15:00:05
...
[serverloop.c]
no need for WNOHANG; ok stevesk@
2002-02-05 12:20:16 +11:00
b16461ce45
- markus@cvs.openbsd.org 2002/01/16 13:17:51
...
[channels.c channels.h serverloop.c ssh.c]
wrapper for channel_setup_fwd_listener
2002-01-22 23:29:22 +11:00
056cf73d35
- markus@cvs.openbsd.org 2002/01/10 11:13:29
...
[serverloop.c]
skip client_alive_check until there are channels; ok beck@
2002-01-22 23:21:39 +11:00
630d6f4479
- markus@cvs.openbsd.org 2001/12/28 15:06:00
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
dff5099f13
- markus@cvs.openbsd.org 2001/12/28 14:50:54
...
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
48b03fc546
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
66823cddbe
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:38 +11:00
7c31809c4a
- markus@cvs.openbsd.org 2001/12/21 12:17:33
...
[serverloop.c]
remove ifdef for USE_PIPES since fdin != fdout; ok djm@
2002-01-22 23:06:22 +11:00
278f907a2d
- djm@cvs.openbsd.org 2001/12/20 22:50:24
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net ; ok markus@
2001-12-21 15:00:19 +11:00
f6681a3a96
- markus@cvs.openbsd.org 2001/12/19 16:09:39
...
[serverloop.c]
fix race between SIGCHLD and select with an additional pipe. writing
to the pipe on SIGCHLD wakes up select(). using pselect() is not
portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
initial idea by pmenage@ensim.com ; ok deraadt@, djm@
2001-12-21 14:53:11 +11:00
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
f8f065bc75
- itojun@cvs.openbsd.org 2001/12/05 03:50:01
...
[clientloop.c serverloop.c sshd.c]
deal with LP64 printf issue with sig_atomic_t. from thorpej
2001-12-06 17:52:16 +00:00
5e71c54b8c
- markus@cvs.openbsd.org 2001/11/22 12:34:22
...
[clientloop.c serverloop.c sshd.c]
volatile sig_atomic_t
2001-12-06 16:48:14 +00:00
79faeff2c1
- markus@cvs.openbsd.org 2001/11/09 18:59:23
...
[clientloop.c serverloop.c]
don't memset too much memory, ok millert@
original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
2001-11-12 11:06:32 +11:00
3ec2759ad4
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2001/10/10 22:18:47
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c session.h]
try to keep channels open until an exit-status message is sent.
don't kill the login shells if the shells stdin/out/err is closed.
this should now work:
ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
2001-10-12 11:35:04 +10:00
52b77beb65
- markus@cvs.openbsd.org 2001/10/09 21:59:41
...
[channels.c channels.h serverloop.c session.c session.h]
simplify session close: no more delayed session_close, no more blocking wait() calls.
2001-10-10 15:14:37 +10:00
c71f4e40b6
- markus@cvs.openbsd.org 2001/10/09 19:51:18
...
[serverloop.c]
close all channels if the connection to the remote host has been closed,
should fix sshd's hanging with WCHAN==wait
2001-10-10 15:08:36 +10:00
8c3902afde
- markus@cvs.openbsd.org 2001/10/04 15:12:37
...
[serverloop.c]
client_alive_check cleanup
2001-10-10 15:01:40 +10:00
af5f2e641c
- markus@cvs.openbsd.org 2001/10/04 15:05:40
...
[channels.c serverloop.c]
comment out bogus conditions for selecting on connection_in
2001-10-10 15:01:16 +10:00
6d218f404f
- markus@cvs.openbsd.org 2001/09/17 21:04:02
...
[channels.c serverloop.c]
don't send fake dummy packets on CR (\r)
bugreport from yyua@cs.sfu.ca via solar@@openwall.com
2001-09-18 05:53:12 +00:00
e26a155415
- (stevesk) use mysignal() in protocol 1 loop now that the SIGCHLD
...
handler has converged.
2001-07-26 17:51:49 +00:00
16d29d57e8
- markus@cvs.openbsd.org 2001/07/17 21:04:58
...
[channels.c channels.h clientloop.c nchan.c serverloop.c]
keep track of both maxfd and the size of the malloc'ed fdsets.
update maxfd if maxfd gets closed.
2001-07-18 16:01:46 +00:00
36857f6b8b
- markus@cvs.openbsd.org 2001/07/15 16:17:08
...
[serverloop.c]
schedule client alive for ssh2 only, greg@cheers.bungi.com
2001-07-18 15:48:57 +00:00
809744e912
- markus@cvs.openbsd.org 2001/07/02 22:52:57
...
[channels.c channels.h serverloop.c]
improve cleanup/exit logic in ssh2:
stop listening to channels, detach channel users (e.g. sessions).
wait for children (i.e. dying sessions), send exit messages,
cleanup all channels.
2001-07-04 05:26:06 +00:00
4983d5ebd5
- markus@cvs.openbsd.org 2001/07/02 13:59:15
...
[serverloop.c session.c session.h]
wait until !session_have_children(); bugreport from
Lutz.Jaenicke@aet.TU-Cottbus.DE
2001-07-04 05:17:40 +00:00
bddd551e11
- markus@cvs.openbsd.org 2001/06/27 02:12:54
...
[serverloop.c serverloop.h session.c session.h]
quick hack to make ssh2 work again.
2001-07-04 04:53:53 +00:00
4469723325
- markus@cvs.openbsd.org 2001/06/25 08:25:41
...
[channels.c channels.h cipher.c clientloop.c compat.c compat.h
hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
update copyright for 2001
2001-07-04 03:32:30 +00:00
bba81213b9
- itojun@cvs.openbsd.org 2001/06/23 15:12:20
...
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
2001-06-25 05:01:22 +00:00
601e43638e
- markus@cvs.openbsd.org 2001/06/20 13:56:39
...
[channels.c channels.h clientloop.c packet.c serverloop.c]
move from channel_stop_listening to channel_free_all,
call channel_free_all before calling waitpid() in serverloop.
fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
2001-06-21 03:19:23 +00:00
ec46e0b5fd
- markus@cvs.openbsd.org 2001/06/04 23:07:21
...
[clientloop.c serverloop.c sshd.c]
set flags in the signal handlers, do real work in the main loop,
ok provos@
2001-06-09 01:27:31 +00:00
c763767f18
[NOTE: Next patch will sync nchan.c, channels.c and channels.h and all this
...
pain will be over.]
- markus@cvs.openbsd.org 2001/05/31 10:30:17
[auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
packet.c serverloop.c session.c ssh.c]
undo the .c file split, just merge the header and keep the cvs
history
2001-06-09 00:36:26 +00:00
e6455aee8f
[NOTE: File split is was not done in Portabl Tree]
...
- markus@cvs.openbsd.org 2001/05/30 12:55:13
[auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
packet.c serverloop.c session.c ssh.c ssh1.h]
channel layer cleanup: merge header files and split .c files
2001-06-09 00:17:10 +00:00
6912866893
- markus@cvs.openbsd.org 2001/05/08 19:17:31
...
[channels.c serverloop.c]
adds correct error reporting to async connect()s
fixes the server-discards-data-before-connected-bug found by
onoe@sm.sony.co.jp
2001-05-08 20:07:39 +00:00
99c73b377a
- markus@cvs.openbsd.org 2001/05/04 23:47:34
...
[channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
move to Channel **channels (instead of Channel *channels), fixes realloc
problems. channel_new now returns a Channel *, favour Channel * over
channel id. remove old channel_allocate interface.
2001-05-05 04:09:47 +00:00
f343674d5e
- markus@cvs.openbsd.org 2001/04/29 19:16:52
...
[channels.c clientloop.c compat.c compat.h serverloop.c]
more ssh.com-2.0.x bug-compat; from per@appgate.com
2001-04-29 19:52:00 +00:00
2f0304c768
- markus@cvs.openbsd.org 2001/04/29 18:32:52
...
[serverloop.c]
fix whitespace
2001-04-29 19:49:14 +00:00
5744dc421d
- beck@cvs.openbsd.org 2001/04/13 22:46:54
...
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
Add options ClientAliveInterval and ClientAliveCountMax to sshd.
This gives the ability to do a "keepalive" via the encrypted channel
which can't be spoofed (unlike TCP keepalives). Useful for when you want
to use ssh connections to authenticate people for something, and know
relatively quickly when they are no longer authenticated. Disabled
by default (of course). ok markus@
2001-04-13 23:28:01 +00:00
e34ab4c04e
- markus@cvs.openbsd.org 2001/04/05 23:39:20
...
[serverloop.c]
keep the ssh session even if there is no active channel.
this is more in line with the protocol spec and makes
ssh -N -L 1234:server:110 host
more useful.
based on discussion with <mats@mindbright.se> long time ago
and recent mail from <res@shore.net>
2001-04-07 01:12:11 +00:00
a3700050ec
- markus@cvs.openbsd.org 2001/04/05 10:42:57
...
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
sshconnect2.c sshd.c]
fix whitespace: unexpand + trailing spaces.
2001-04-05 23:26:32 +00:00
8e312f3db0
- markus@cvs.openbsd.org 2001/04/04 22:04:35
...
[kex.c kexgex.c serverloop.c]
parse full kexinit packet.
make server-side more robust, too.
2001-04-04 23:50:21 +00:00
be2cc43c3a
- markus@cvs.openbsd.org 2001/04/04 20:25:38
...
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
sshconnect2.c sshd.c]
more robust rekeying
don't send channel data after rekeying is started.
2001-04-04 23:46:07 +00:00
8ac9106c3d
- markus@cvs.openbsd.org 2001/04/04 14:34:58
...
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
enable server side rekeying + some rekey related clientup.
todo: we should not send any non-KEX messages after we send KEXINIT
2001-04-04 17:57:54 +00:00
b44fe0617d
- (djm) Pull out our own SIGPIPE hacks
2001-03-24 15:39:38 +11:00
Darren Tucker
Damien Miller
Tim Rice
Ben Lindstrom
Kevin Steves