a7a73ee35d
- stevesk@cvs.openbsd.org 2006/08/01 23:22:48
...
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
[auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
[channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
[kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
[monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
[servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
[uuencode.h xmalloc.c]
move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
da82839597
- dtucker@cvs.openbsd.org 2006/08/01 11:34:36
...
[sshconnect.c]
Allow fallback to known_hosts entries without port qualifiers for
non-standard ports too, so that all existing known_hosts entries will be
recognised. Requested by, feedback and ok markus@
2006-08-05 11:35:45 +10:00
1a5b4041fb
- stevesk@cvs.openbsd.org 2006/07/30 20:15:19
...
[atomicio.h]
order includes to KNF
2006-08-05 11:35:23 +10:00
858bb7dc7c
- jmc@cvs.openbsd.org 2006/07/27 08:00:50
...
[ssh_config.5]
avoid confusing wording in HashKnownHosts:
originally spotted by alan amesbury;
ok deraadt
2006-08-05 11:34:51 +10:00
e7a1e5cf63
- stevesk@cvs.openbsd.org 2006/07/26 13:57:17
...
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
[hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
[scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
[sshconnect1.c sshd.c xmalloc.c]
move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
8dbffe7904
- stevesk@cvs.openbsd.org 2006/07/26 02:35:17
...
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
[groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
[packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
[sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
[uidswap.c xmalloc.c]
move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
9aec91948d
- stevesk@cvs.openbsd.org 2006/07/25 02:59:21
...
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
move #include <sys/time.h> out of includes.h
2006-08-05 10:57:45 +10:00
7c6e4b059c
- stevesk@cvs.openbsd.org 2006/07/25 02:01:34
...
[scard.c]
need #include <string.h>
2006-08-05 09:33:15 +10:00
437edb9e66
- stevesk@cvs.openbsd.org 2006/07/24 13:58:22
...
[sshconnect.c]
disable tunnel forwarding when no strict host key checking
and key changed; ok djm@ markus@ dtucker@
2006-08-05 09:11:13 +10:00
f1f4bdd1aa
- (dtucker) [configure.ac] The "crippled AES" test does not work on recent
...
versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
rather than just compiling it. Spotted by dlg@.
2006-08-04 19:44:23 +10:00
88fdc83d4c
- (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype.
2006-08-02 23:33:54 +10:00
94346f8596
- (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW.
2006-07-25 19:52:07 +10:00
28e9ad1bed
- (dtucker) [regress/forcecommand.sh] Portablize.
2006-07-24 23:50:23 +10:00
22c58b0242
- (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including
...
system headers before defines.h will cause conflicting definitions.
2006-07-24 23:19:40 +10:00
7b1877c803
- (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh]
...
[regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh]
Sync regress tests to -current; include dtucker@'s new cfgmatch and
forcecommand tests. Add cipher-speed.sh test (not linked in yet)
2006-07-24 15:31:41 +10:00
24f2a42e53
- (djm) [Makefile.in]
...
Remove generated openbsd-compat/regress/Makefile in distclean target
2006-07-24 15:30:18 +10:00
62da44f064
- (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
...
[openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
[openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
[openbsd-compat/rresvport.c]
These look to need string.h and/or unistd.h (based on a grep for function
names)
2006-07-24 15:08:35 +10:00
ad5ecbf072
- (djm) [session.c]
...
fix compile error with -Werror -Wall: 'path' is only used in
do_setup_env() if HAVE_LOGIN_CAP is not defined
2006-07-24 15:03:06 +10:00
874bc48832
- (djm) [uuencode.c]
...
Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on
some platforms
2006-07-24 14:58:07 +10:00
8b373baf13
- (djm) [openbsd-compat/glob.c]
...
Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles
on OpenBSD (or other platforms with a decent glob implementation) with
-Werror
2006-07-24 14:55:47 +10:00
b8fe89c4d9
- (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
...
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
[gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
[servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
[ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
[openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
[openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
[openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
make the portable tree compile again - sprinkle unistd.h and string.h
back in. Don't redefine __unused, as it turned out to be used in
headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
d8337c5e60
- stevesk@cvs.openbsd.org 2006/07/23 01:11:05
...
[auth.h dispatch.c kex.h sftp-client.c]
#include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
move
2006-07-24 14:14:19 +10:00
e3476ed03b
- stevesk@cvs.openbsd.org 2006/07/22 20:48:23
...
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
5598b4f125
- stevesk@cvs.openbsd.org 2006/07/22 19:08:54
...
[includes.h moduli.c progressmeter.c scp.c sftp-common.c]
[sftp-server.c ssh-agent.c sshlogin.c]
move #include <time.h> out of includes.h
2006-07-24 14:09:40 +10:00
ee0d0db7da
- stevesk@cvs.openbsd.org 2006/07/21 21:26:55
...
[progressmeter.c]
ARGSUSED for signal handler
2006-07-24 14:08:50 +10:00
8473dd85fe
- stevesk@cvs.openbsd.org 2006/07/21 21:13:30
...
[channels.c]
more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
2006-07-24 14:08:32 +10:00
a765cf4b66
- dtucker@cvs.openbsd.org 2006/07/21 12:43:36
...
[channels.c channels.h servconf.c servconf.h sshd_config.5]
Make PermitOpen take a list of permitted ports and act more like most
other keywords (ie the first match is the effective setting). This
also makes it easier to override a previously set PermitOpen. ok djm@
2006-07-24 14:08:13 +10:00
1cdde6f536
- stevesk@cvs.openbsd.org 2006/07/20 15:26:15
...
[auth1.c serverloop.c session.c sshconnect2.c]
missed some needed #include <unistd.h> when KERBEROS5=no; issue from
massimo@cedoc.mo.it
2006-07-24 14:07:35 +10:00
e275443f66
- dtucker@cvs.openbsd.org 2006/07/19 13:07:10
...
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
Add ForceCommand keyword to sshd_config, equivalent to the "command="
key option, man page entry and example in sshd_config.
Feedback & ok djm@, man page corrections & ok jmc@
2006-07-24 14:06:47 +10:00
d1de9950e5
- dtucker@cvs.openbsd.org 2006/07/19 08:56:41
...
[servconf.c sshd_config.5]
Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
Match. ok djm@
2006-07-24 14:05:48 +10:00
f757d22e8b
- stevesk@cvs.openbsd.org 2006/07/18 22:27:55
...
[dh.c]
remove unneeded includes; ok djm@
2006-07-24 14:05:24 +10:00
8c23403b51
- dtucker@cvs.openbsd.org 2006/07/18 08:22:23
...
[sshd_config.5]
Clarify description of Match, with minor correction from jmc@
2006-07-24 14:05:08 +10:00
393821ad72
- jmc@cvs.openbsd.org 2006/07/18 08:03:09
...
[ssh-agent.1 sshd_config.5]
mark up angle brackets;
2006-07-24 14:04:53 +10:00
22d47abbe3
- jmc@cvs.openbsd.org 2006/07/18 07:56:28
...
[scp.1]
replace DIAGNOSTICS with .Ex;
2006-07-24 14:04:36 +10:00
65bc2c4028
- jmc@cvs.openbsd.org 2006/07/18 07:50:40
...
[sshd_config.5]
tweak; ok dtucker
2006-07-24 14:04:16 +10:00
9b439df18a
- dtucker@cvs.openbsd.org 2006/07/17 12:06:00
...
[channels.c channels.h servconf.c sshd_config.5]
Add PermitOpen directive to sshd_config which is equivalent to the
"permitopen" key option. Allows server admin to allow TCP port
forwarding only two specific host/port pairs. Useful when combined
with Match.
If permitopen is used in both sshd_config and a key option, both
must allow a given connection before it will be permitted.
Note that users can still use external forwarders such as netcat,
so to be those must be controlled too for the limits to be effective.
Feedback & ok djm@, man page corrections & ok jmc@.
2006-07-24 14:04:00 +10:00
98299261eb
- dtucker@cvs.openbsd.org 2006/07/17 12:02:24
...
[auth-options.c]
Use '\0' rather than 0 to terminates strings; ok djm@
2006-07-24 14:01:43 +10:00
e6b3b610ec
- stevesk@cvs.openbsd.org 2006/07/17 01:31:10
...
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
[includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
[readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
[sshconnect.c sshlogin.c sshpty.c uidswap.c]
move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
def915b0ff
- stevesk@cvs.openbsd.org 2006/07/14 01:15:28
...
[monitor_wrap.h]
don't need incompletely-typed 'struct passwd' now with
#include <pwd.h>; ok markus@
2006-07-24 13:55:56 +10:00
2d00e63cb8
- stevesk@cvs.openbsd.org 2006/07/12 22:42:32
...
[includes.h ssh.c ssh-rand-helper.c]
move #include <stddef.h> out of includes.h
2006-07-24 13:53:19 +10:00
939878b95f
tidy
2006-07-24 13:52:06 +10:00
be43ebf975
- stevesk@cvs.openbsd.org 2006/07/12 22:28:52
...
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
d04f357ac2
- jmc@cvs.openbsd.org 2006/07/12 13:39:55
...
[sshd_config.5]
- new sentence, new line
- s/The the/The/
- kill a bad comma
2006-07-24 13:46:50 +10:00
341dae59c8
- (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h
2006-07-13 08:45:14 +10:00
2eaea99054
- (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
...
openbsd-compat/rresvport.c] More errno.h.
2006-07-12 23:41:33 +10:00
5998ed03aa
- (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h.
2006-07-12 23:10:33 +10:00
deecec98c7
- (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too.
2006-07-12 22:44:34 +10:00
767e4134f1
- (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h.
2006-07-12 22:43:28 +10:00
2c1a02a8d0
- (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
...
openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
2006-07-12 22:40:50 +10:00
c931c433f6
- (dtucker) [openbsd-compat/xmmap.c] Include <errno.h>.
2006-07-12 22:35:51 +10:00
4515047e47
- dtucker@cvs.openbsd.org 2006/07/12 11:34:58
...
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
Add support for conditional directives to sshd_config via a "Match"
keyword, which works similarly to the "Host" directive in ssh_config.
Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg
AllowTcpForwarding yes
Match User anoncvs
AllowTcpForwarding no
will allow port forwarding by all users except "anoncvs".
Currently only a very small subset of directives are supported.
ok djm@
2006-07-12 22:34:17 +10:00
ba72405026
- stevesk@cvs.openbsd.org 2006/07/11 20:27:56
...
[authfile.c ssh.c]
need <errno.h> here also (it's also included in <openssl/err.h>)
2006-07-12 22:24:22 +10:00
57f4224677
- stevesk@cvs.openbsd.org 2006/07/11 20:16:43
...
[ssh.c]
cast asterisk field precision argument to int to remove warning;
ok markus@
2006-07-12 22:23:35 +10:00
3997249346
- stevesk@cvs.openbsd.org 2006/07/11 20:07:25
...
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
e7d4b19f75
- markus@cvs.openbsd.org 2006/07/11 18:50:48
...
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
channels.h readconf.c]
add ExitOnForwardFailure: terminate the connection if ssh(1)
cannot set up all requested dynamic, local, and remote port
forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
284706a755
- dtucker@cvs.openbsd.org 2006/07/11 10:12:07
...
[ssh.c]
Only copy the part of environment variable that we actually use. Prevents
ssh bailing when SendEnv is used and an environment variable with a really
long value exists. ok djm@
2006-07-12 22:16:23 +10:00
5d19626a04
- stevesk@cvs.openbsd.org 2006/07/10 16:37:36
...
[readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
auth.c packet.c log.c]
move #include <stdarg.h> out of includes.h; ok markus@
2006-07-12 22:15:16 +10:00
1131847684
- jmc@cvs.openbsd.org 2006/07/10 16:04:21
...
[sshd.8]
s/and and/and/
2006-07-12 22:07:59 +10:00
a5362458d0
- stevesk@cvs.openbsd.org 2006/07/10 16:01:57
...
[sftp-glob.c sftp-common.h sftp.c]
buffer.h only needed in sftp-common.h and remove some unneeded
user includes; ok djm@
2006-07-12 22:07:08 +10:00
686852f665
- (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before
...
<netinet/ip.h>.
2006-07-12 19:05:56 +10:00
128a0894a5
- (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
...
for SHUT_RD.
2006-07-12 19:02:56 +10:00
250f1a6901
rewrap
2006-07-12 19:01:29 +10:00
248469bc8d
- (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK
...
if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably
more.
2006-07-12 14:14:31 +10:00
e0e4aad1fd
- (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably
...
others).
2006-07-11 19:01:51 +10:00
44c828fe29
- (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
...
openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally
include paths.h. Fixes build error on Solaris.
2006-07-11 18:00:06 +10:00
4e880e632b
- (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h>
...
for struct sockaddr on platforms that use the fake-rfc stuff.
2006-07-11 00:20:51 +10:00
da34553561
- dtucker@cvs.openbsd.org 2006/07/10 12:46:51
...
[misc.c misc.h sshd.8 sshconnect.c]
Add port identifier to known_hosts for non-default ports, based originally
on a patch from Devin Nate in bz#910.
For any connection using the default port or using a HostKeyAlias the
format is unchanged, otherwise the host name or address is enclosed
within square brackets in the same format as sshd's ListenAddress.
Tested by many, ok markus@.
2006-07-10 23:04:19 +10:00
0f07707267
- djm@cvs.openbsd.org 2006/07/10 12:08:08
...
[channels.c]
fix misparsing of SOCKS 5 packets that could result in a crash;
reported by mk@ ok markus@
2006-07-10 22:21:02 +10:00
3d1a9f4d5d
- djm@cvs.openbsd.org 2006/07/10 12:03:20
...
[scp.c]
duplicate argv at the start of main() because it gets modified later;
pointed out by deraadt@ ok markus@
2006-07-10 22:19:53 +10:00
a1738e4c65
- (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
...
[openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
2006-07-10 21:33:04 +10:00
6444fe996b
- djm@cvs.openbsd.org 2006/07/10 11:25:53
...
[sftp-server.c]
don't log variables that aren't yet set
2006-07-10 21:31:27 +10:00
c718c743c1
- djm@cvs.openbsd.org 2006/07/10 11:24:54
...
[sftp-server.c]
remove optind - it isn't used here
2006-07-10 21:31:00 +10:00
211838d8e2
- stevesk@cvs.openbsd.org 2006/07/09 15:27:59
...
[ssh-add.c]
use O_RDONLY vs. 0 in open(); no binary change
2006-07-10 21:14:00 +10:00
57cf638577
- stevesk@cvs.openbsd.org 2006/07/09 15:15:11
...
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
[readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
[sshlogin.c sshpty.c]
move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
194a1cb018
- stevesk@cvs.openbsd.org 2006/07/08 23:30:06
...
[log.c]
move user includes after /usr/include files
2006-07-10 21:09:22 +10:00
e33b60343b
- stevesk@cvs.openbsd.org 2006/07/08 21:48:53
...
[monitor.c session.c]
missed these from last commit:
move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:34 +10:00
e3b60b524e
- stevesk@cvs.openbsd.org 2006/07/08 21:47:12
...
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
[monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
58059aef05
- stevesk@cvs.openbsd.org 2006/07/06 17:36:37
...
[monitor_wrap.h]
typo in comment
2006-07-10 20:53:45 +10:00
69996104fe
- stevesk@cvs.openbsd.org 2006/07/06 16:22:39
...
[ssh-keygen.c]
move #include "dns.h" up
2006-07-10 20:53:31 +10:00
9f2abc47eb
- stevesk@cvs.openbsd.org 2006/07/06 16:03:53
...
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
[auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
[auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
[monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
[session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
[ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
[uidswap.h]
move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
fef95ad816
- djm@cvs.openbsd.org 2006/07/06 10:47:57
...
[sftp-server.8 sftp-server.c]
add commandline options to enable logging of transactions; ok markus@
2006-07-10 20:46:55 +10:00
917f9b6b6e
- djm@cvs.openbsd.org 2006/07/06 10:47:05
...
[servconf.c servconf.h session.c sshd_config.5]
support arguments to Subsystem commands; ok markus@
2006-07-10 20:36:47 +10:00
8ec8c3e98a
- stevesk@cvs.openbsd.org 2006/07/05 02:42:09
...
[canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
[serverloop.c sshconnect.c uuencode.c]
move #include <netinet/in.h> out of includes.h; ok deraadt@
(also ssh-rand-helper.c logintest.c loginrec.c)
2006-07-10 20:35:38 +10:00
efc04e70b8
- stevesk@cvs.openbsd.org 2006/07/03 17:59:32
...
[channels.c includes.h]
move #include <arpa/inet.h> out of includes.h; old ok djm@
(portable needed session.c too)
2006-07-10 20:26:27 +10:00
b757677d02
- stevesk@cvs.openbsd.org 2006/07/03 08:54:20
...
[includes.h ssh.c sshconnect.c sshd.c]
move #include "version.h" out of includes.h; ok markus@
2006-07-10 20:23:39 +10:00
57e8ad3f5e
- stevesk@cvs.openbsd.org 2006/07/02 23:01:55
...
[clientloop.c ssh.1]
use -KR[bind_address:]port here; ok djm@
2006-07-10 20:20:52 +10:00
427a1d57bb
- stevesk@cvs.openbsd.org 2006/07/02 22:45:59
...
[groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
move #include <grp.h> out of includes.h
(portable needed uidswap.c too)
2006-07-10 20:20:33 +10:00
5d3ac7f7ee
- stevesk@cvs.openbsd.org 2006/07/02 18:36:47
...
[gss-serv-krb5.c gss-serv.c]
no "servconf.h" needed here
(gss-serv-krb5.c change not applied, portable needs the server options)
2006-07-10 20:17:55 +10:00
991dba43e1
- stevesk@cvs.openbsd.org 2006/07/02 17:12:58
...
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
more details and clarity for tun(4) device forwarding; ok and help
jmc@
2006-07-10 20:16:27 +10:00
43020951ad
- djm@cvs.openbsd.org 2006/06/26 10:36:15
...
[clientloop.c]
mention optional bind_address in runtime port forwarding setup
command-line help. patch from santhi.amirta AT gmail.com
2006-07-10 20:16:12 +10:00
1e88ea6556
- OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2006/06/14 10:50:42
[sshconnect.c]
limit the number of pre-banner characters we will accept; ok markus@
2006-07-10 20:15:56 +10:00
e34c96aea1
- (dtucker) [INSTALL] New autoconf version: 2.60.
2006-07-10 12:55:24 +10:00
f32f55259c
- (dtucker) [INSTALL] A bit more info on autoconf.
2006-07-06 19:12:08 +10:00
bdc121279f
- (dtucker) [configure.ac] Try AIX blibpath test in different order when
...
compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
configure would not select the correct libpath linker flags.
2006-07-06 11:56:25 +10:00
365e18db51
whitespace
2006-07-05 22:48:07 +10:00
ee9ee9175c
whitespace
2006-07-05 22:47:21 +10:00
daf6ff4312
- (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
...
target already exists.
2006-07-05 21:35:48 +10:00
db4c54bed1
- (dtucker) [INSTALL] Bug #1202 : Note when autoconf is required and which
...
version.
2006-06-30 16:20:58 +10:00
7243f9db60
- (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
...
prevents warnings on platforms where _res is in the system headers.
2006-06-30 11:47:49 +10:00
66c32d5caa
- (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
...
declaration too. Patch from russ at sludge.net.
2006-06-30 10:51:32 +10:00
8b272ab09b
- (dtucker) [configure.ac] Bug #1203 : Add missing '[', which causes problems
...
with autoconf 2.60. Patch from vapier at gentoo.org.
2006-06-27 11:20:28 +10:00
144e8d60cd
- (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
...
only, otherwise sshd can hang exiting non-interactive sessions.
2006-06-25 08:25:25 +10:00
03890e44cd
- (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
...
#1102 workaround.
2006-06-24 16:58:45 +10:00
0249f93c4d
- (dtucker) [configure.ac] Bug #1193 : Define PASSWD_NEEDS_USERNAME on Solaris.
...
Works around limitation in Solaris' passwd program for changing passwords
where the username is longer than 8 characters. ok djm@
2006-06-24 12:10:07 +10:00
9afe115f0a
- (dtucker) [channels.c configure.ac serverloop.c] Bug #1102 : Around AIX
...
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
on the pty slave as zero-length reads on the pty master, which sshd
interprets as the descriptor closing. Since most things don't do zero
length writes this rarely matters, but occasionally it happens, and when
it does the SSH pty session appears to hang, so we add a special case for
this condition. ok djm@
2006-06-23 21:24:12 +10:00
3eb4834489
- (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
...
tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
from reyk@, tested by anil@
2006-06-23 21:05:12 +10:00
643460803f
- (djm) [getput.h] This file has been replaced by functions in misc.c
2006-06-13 13:15:54 +10:00
a6680a4e35
- djm@cvs.openbsd.org 2006/06/13 01:18:36
...
[ssh-agent.c]
always use a format string, even when printing a constant
- djm@cvs.openbsd.org 2006/06/13 02:17:07
[ssh-agent.c]
revert; i am on drugs. spotted by alexander AT beard.se
2006-06-13 13:10:18 +10:00
2e5fe88ebe
- markus@cvs.openbsd.org 2006/06/08 14:45:49
...
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
do not set the gid, noted by solar; ok djm
2006-06-13 13:10:00 +10:00
6b4069ad56
- markus@cvs.openbsd.org 2006/06/06 10:20:20
...
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
2006-06-13 13:05:15 +10:00
eb13e556e5
- markus@cvs.openbsd.org 2006/06/01 09:21:48
...
[sshd.c]
call get_remote_ipaddr() early; fixes logging after client disconnects;
report mpf@; ok dtucker@
2006-06-13 13:03:53 +10:00
7b1e757b28
- mk@cvs.openbsd.org 2006/05/30 11:46:38
...
[ssh-add.c]
Sync usage() with man page and reality.
ok deraadt dtucker
2006-06-13 13:03:34 +10:00
fbc94c857a
- jmc@cvs.openbsd.org 2006/05/29 16:13:23
...
[ssh.1]
add GSSAPI to the list of authentication methods supported;
2006-06-13 13:03:16 +10:00
3c6ed7bbd5
- jmc@cvs.openbsd.org 2006/05/29 16:10:03
...
[ssh_config.5]
oops - previous was too long; split the list of auths up
2006-06-13 13:01:41 +10:00
81a38928eb
- dtucker@cvs.openbsd.org 2006/05/29 12:56:33
...
[ssh_config]
Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
ssh_config. ok markus@
2006-06-13 13:01:09 +10:00
658f945538
- dtucker@cvs.openbsd.org 2006/05/29 12:54:08
...
[ssh_config.5]
Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2006-06-13 13:00:55 +10:00
ad6b14d274
- miod@cvs.openbsd.org 2006/05/18 21:27:25
...
[kexdhc.c kexgexc.c]
paramter -> parameter
2006-06-13 13:00:41 +10:00
40b5985fe0
- markus@cvs.openbsd.org 2006/05/17 12:43:34
...
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
fix leak; coverity via Kylene Jo Hall
2006-06-13 13:00:25 +10:00
24fd8ddd61
- markus@cvs.openbsd.org 2006/05/16 09:00:00
...
[clientloop.c]
missing free; from Kylene Hall
2006-06-13 13:00:09 +10:00
e250a94e69
- djm@cvs.openbsd.org 2006/05/08 10:49:48
...
[sshconnect2.c]
uint32_t -> u_int32_t (which we use everywhere else)
(Id sync only - portable already had this)
2006-06-13 12:59:53 +10:00
f14b2aa672
- (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
...
and slave, we can remove the special-case handling in the audit hook in
auth_log.
2006-05-21 18:26:40 +10:00
f58b29d515
- (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
...
pointer leak. From kjhall at us.ibm.com, found by coverity.
2006-05-17 22:24:56 +10:00
73373877db
typo
2006-05-15 17:24:25 +10:00
2c77b7f1c1
- (dtucker) [auth-pam.c] Bug #1188 : pass result of do_pam_account back and
...
do not allow kbdint again after the PAM account check fails. ok djm@
2006-05-15 17:22:33 +10:00
cefd8bb36d
- (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
...
default. Patch originally from tim@, ok djm
2006-05-15 17:17:29 +10:00
13c539a4dc
- (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
...
_res, prevents problems on some platforms that have _res as a global but
don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
georg.schwarz at freenet.de, ok djm@.
2006-05-15 17:15:56 +10:00
43ff44e7db
- dtucker@cvs.openbsd.org 2006/05/06 08:35:40
...
[auth-krb5.c]
Add $OpenBSD$ in comment here too
2006-05-06 18:40:53 +10:00
f779f672eb
- djm@cvs.openbsd.org 2006/04/01 05:37:46
...
[OVERVIEW]
$OpenBSD$ in here too
2006-05-06 17:48:48 +10:00
31cde6828d
- djm@cvs.openbsd.org 2006/05/04 14:55:23
...
[dh.c]
tighter DH exponent checks here too; feedback and ok markus@
2006-05-06 17:43:33 +10:00
232b76f9f8
- dtucker@cvs.openbsd.org 2006/04/25 08:02:27
...
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
Prevent ssh from trying to open private keys with bad permissions more than
once or prompting for their passphrases (which it subsequently ignores
anyway), similar to a previous change in ssh-add. bz #1186 , ok djm@
2006-05-06 17:41:51 +10:00
d8093e49bf
- (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
...
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
in Portable-only code; since calloc zeros, remove now-redundant memsets.
Also add a couple of sanity checks. With & ok djm@
2006-05-04 16:24:34 +10:00
596d33801f
- (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
...
and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
"no objections" tim@
2006-05-03 19:01:09 +10:00
7b50b2030b
missing file
2006-04-23 12:31:27 +10:00
2bdd1c117c
- (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
...
sig_atomic_t
2006-04-23 12:28:53 +10:00
08d4b0ca5d
- stevesk@cvs.openbsd.org 2006/04/22 18:29:33
...
[crc32.c]
remove extra spaces
2006-04-23 12:12:24 +10:00
2282c6e305
- djm@cvs.openbsd.org 2006/04/22 04:06:51
...
[uidswap.c]
use setres[ug]id() to permanently revoke privileges; ok deraadt@
(ID Sync only - portable already uses setres[ug]id() whenever possible)
2006-04-23 12:11:57 +10:00
525a0b090f
- djm@cvs.openbsd.org 2006/04/20 21:53:44
...
[includes.h session.c sftp.c]
Switch from using pipes to socketpairs for communication between
sftp/scp and ssh, and between sshd and its subprocesses. This saves
a file descriptor per session and apparently makes userland ppp over
ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
decision on a per-platform basis)
2006-04-23 12:10:49 +10:00
56e5e6ad11
- markus@cvs.openbsd.org 2006/04/20 09:47:59
...
[sshconnect.c]
simplify; ok djm@
2006-04-23 12:08:59 +10:00
97c91f688f
- djm@cvs.openbsd.org 2006/04/20 09:27:09
...
[auth.h clientloop.c dispatch.c dispatch.h kex.h]
replace the last non-sig_atomic_t flag used in a signal handler with a
sig_atomic_t, unfortunately with some knock-on effects in other (non-
signal) contexts in which it is used; ok markus@
2006-04-23 12:08:37 +10:00
58629fad82
- dtucker@cvs.openbsd.org 2006/04/18 10:44:28
...
[bufaux.c bufbn.c]
Move Buffer bignum functions into their own file, bufbn.c. This means
that sftp and sftp-server (which use the Buffer functions in bufaux.c
but not the bignum ones) no longer need to be linked with libcrypto.
ok markus@
2006-04-23 12:08:19 +10:00
b5ea7e7c03
- djm@cvs.openbsd.org 2006/04/16 07:59:00
...
[atomicio.c]
reorder sanity test so that it cannot dereference past the end of the
iov array; well spotted canacar@!
2006-04-23 12:06:49 +10:00
58ca98bfe1
- djm@cvs.openbsd.org 2006/04/16 00:54:10
...
[sftp-client.c]
avoid making a tiny 4-byte write to send the packet length of sftp
commands, which would result in a separate tiny packet on the wire by
using atomiciov(writev, ...) to write the length and the command in one
pass; ok deraadt@
2006-04-23 12:06:35 +10:00
6aa139c41f
- djm@cvs.openbsd.org 2006/04/16 00:52:55
...
[atomicio.c atomicio.h]
introduce atomiciov() function that wraps readv/writev to retry
interrupted transfers like atomicio() does for read/write;
feedback deraadt@ dtucker@ stevesk@ ok deraadt@
2006-04-23 12:06:20 +10:00
499a0d5ada
- djm@cvs.openbsd.org 2006/04/16 00:48:52
...
[buffer.c buffer.h channels.c]
Fix condition where we could exit with a fatal error when an input
buffer became too large and the remote end had advertised a big window.
The problem was a mismatch in the backoff math between the channels code
and the buffer code, so make a buffer_check_alloc() function that the
channels code can use to propsectivly check whether an incremental
allocation will succeed. bz #1131 , debugged with the assistance of
cove AT wildpackets.com; ok dtucker@ deraadt@
2006-04-23 12:06:03 +10:00
63e437f053
- djm@cvs.openbsd.org 2006/04/03 07:10:38
...
[gss-genr.c]
GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
by dleonard AT vintela.com. use xasprintf() to simplify code while in
there; "looks right" deraadt@
2006-04-23 12:05:46 +10:00
603e68f1a2
- dtucker@cvs.openbsd.org 2006/04/02 08:34:52
...
[ssh-keysign.c]
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
2006-04-23 12:05:32 +10:00
7a656f7922
- djm@cvs.openbsd.org 2006/04/01 05:50:29
...
[scp.c]
xasprintification; ok deraadt@
2006-04-23 12:04:46 +10:00
07aa132a5e
- (djm) OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2006/04/01 05:42:20
[scp.c]
minimal lint cleanup (unused crud, and some size_t); ok djm
2006-04-23 12:04:27 +10:00
73b42d2bb0
- (djm) [Makefile.in configure.ac session.c sshpty.c]
...
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
[openbsd-compat/port-linux.h] Add support for SELinux, setting
the execution and TTY contexts. based on patch from Daniel Walsh,
bz #880 ; ok dtucker@
2006-04-22 21:26:08 +10:00
2eaf37d899
- (djm) Reorder IP options check so that it isn't broken by
...
mapped addresses; bz #1179 reported by markw wtech-llc.com;
ok dtucker@
2006-04-18 15:13:16 +10:00
dfc6183f13
- djm@cvs.openbsd.org 2006/03/31 09:13:56
...
[ssh_config.5]
remote user escape is %r not %h; spotted by jmc@
2006-03-31 23:14:57 +11:00
c6437cf00a
- jmc@cvs.openbsd.org 2006/03/31 09:09:30
...
[ssh_config.5]
kill trailing whitespace;
2006-03-31 23:14:41 +11:00
7a8f5b330d
- dtucker@cvs.openbsd.org 2006/03/30 11:40:21
...
[auth.c monitor.c]
Prevent duplicate log messages when privsep=yes; ok djm@
2006-03-31 23:14:23 +11:00
e23209f434
- dtucker@cvs.openbsd.org 2006/03/30 11:05:17
...
[ssh-keygen.c]
Correctly handle truncated files while converting keys; ok djm@
2006-03-31 23:13:35 +11:00
6b1d53c2b0
- djm@cvs.openbsd.org 2006/03/30 10:41:25
...
[ssh.c ssh_config.5]
add percent escape chars to the IdentityFile option, bz #1159 based
on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2006-03-31 23:13:21 +11:00
3f9418893e
- djm@cvs.openbsd.org 2006/03/30 09:58:16
...
[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
[monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
replace {GET,PUT}_XXBIT macros with functionally similar functions,
silencing a heap of lint warnings. also allows them to use
__bounded__ checking which can't be applied to macros; requested
by and feedback from deraadt@
2006-03-31 23:13:02 +11:00
d79b424e8a
- djm@cvs.openbsd.org 2006/03/30 09:41:25
...
[channels.c]
ARGSUSED for dispatch table-driven functions
2006-03-31 23:11:44 +11:00
89c3fe4a9e
- deraadt@cvs.openbsd.org 2006/03/28 01:53:43
...
[ssh-agent.c]
use strtonum() to parse the pid from the file, and range check it
better; ok djm
2006-03-31 23:11:28 +11:00
57c4e875f8
- deraadt@cvs.openbsd.org 2006/03/28 01:52:28
...
[channels.c]
do not accept unreasonable X ports numbers; ok djm
2006-03-31 23:11:07 +11:00
ddd63ab1d0
- deraadt@cvs.openbsd.org 2006/03/28 00:12:31
...
[README.tun ssh.c]
spacing
2006-03-31 23:10:51 +11:00
2b5a0de903
- djm@cvs.openbsd.org 2006/03/27 23:15:46
...
[sftp.c]
always use a format string for addargs; spotted by mouring@
2006-03-31 23:10:31 +11:00
5a73c1a34d
- deraadt@cvs.openbsd.org 2006/03/27 13:03:54
...
[dh.c]
use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
2006-03-31 23:09:41 +11:00
da380becc6
- OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2006/03/27 01:21:18
[xmalloc.c]
we can do the size & nmemb check before the integer overflow check;
evol
2006-03-31 23:09:17 +11:00
b3cdc220c4
- deraadt@cvs.openbsd.org 2006/03/26 01:31:48
...
[uuencode.c]
typo
2006-03-26 14:30:33 +11:00
51096383e9
- djm@cvs.openbsd.org 2006/03/25 22:22:43
...
[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
[bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
[compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
[dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
[gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
[misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
[myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
[scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
[ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
[ttymodes.h uidswap.h uuencode.h xmalloc.h]
standardise spacing in $OpenBSD$ tags; requested by deraadt@
2006-03-26 14:30:00 +11:00
e3b21a5f59
- deraadt@cvs.openbsd.org 2006/03/25 18:58:10
...
[channels.c]
delete cast not required
2006-03-26 14:29:06 +11:00
a0fdce9a47
- deraadt@cvs.openbsd.org 2006/03/25 18:56:55
...
[bufaux.c channels.c packet.c]
remove (char *) casts to a function that accepts void * for the arg
2006-03-26 14:28:50 +11:00
08d61505d7
- deraadt@cvs.openbsd.org 2006/03/25 18:43:30
...
[channels.c]
use strtonum() instead of atoi() [limit X screens to 400, sorry]
2006-03-26 14:28:32 +11:00
1c13bd8d79
- deraadt@cvs.openbsd.org 2006/03/25 18:41:45
...
[ssh-agent.c]
mark two more signal handlers ARGSUSED
2006-03-26 14:28:14 +11:00
5f340065fc
- deraadt@cvs.openbsd.org 2006/03/25 18:40:14
...
[ssh-keygen.c]
cast strtonum() result to right type
2006-03-26 14:27:57 +11:00
a1690d08b4
- deraadt@cvs.openbsd.org 2006/03/25 18:36:15
...
[sshlogin.c sshlogin.h]
nicer size_t and time_t types
2006-03-26 14:27:35 +11:00
90fdfaf69c
- deraadt@cvs.openbsd.org 2006/03/25 18:30:55
...
[clientloop.c serverloop.c]
spacing
2006-03-26 14:25:37 +11:00
8ba29fe72d
- deraadt@cvs.openbsd.org 2006/03/25 18:29:35
...
[auth-rsa.c authfd.c packet.c]
needed casts (always will be needed)
2006-03-26 14:25:19 +11:00
48c4ed2b78
oops, rewrap
2006-03-26 14:25:05 +11:00
57c30117c1
- djm@cvs.openbsd.org 2006/03/25 13:17:03
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
55b04f1d77
- djm@cvs.openbsd.org 2006/03/25 01:30:23
...
[sftp.c]
"abormally" is a perfectly cromulent word, but "abnormally" is better
2006-03-26 14:23:17 +11:00
36812092ec
- djm@cvs.openbsd.org 2006/03/25 01:13:23
...
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
[uidswap.c]
change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is
almost always allocating "n * size" bytes, so this is a far safer
API; ok deraadt@
2006-03-26 14:22:47 +11:00
07d86bec5e
- djm@cvs.openbsd.org 2006/03/25 00:05:41
...
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
[clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
[monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
[xmalloc.c xmalloc.h]
introduce xcalloc() and xasprintf() failure-checked allocations
functions and use them throughout openssh
xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it
to die
feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
a5a2859275
- deraadt@cvs.openbsd.org 2006/03/20 21:11:53
...
[ttymodes.c]
spacing
2006-03-26 14:10:34 +11:00
4f7becb44f
- deraadt@cvs.openbsd.org 2006/03/20 18:48:34
...
[channels.c fatal.c kex.c packet.c serverloop.c]
spacing
2006-03-26 14:10:14 +11:00
1d2b6706ba
- deraadt@cvs.openbsd.org 2006/03/20 18:42:27
...
[canohost.c match.c ssh.c sshconnect.c]
be strict with tolower() casting
2006-03-26 14:09:54 +11:00
1ff7c642ee
- deraadt@cvs.openbsd.org 2006/03/20 18:41:43
...
[dns.c]
cast xstrdup to propert u_char *
2006-03-26 14:09:09 +11:00
4ae97f1885
- deraadt@cvs.openbsd.org 2006/03/20 18:35:12
...
[channels.c]
x11_fake_data is only ever used as u_char *
2006-03-26 14:08:10 +11:00
9f3bd53acd
- deraadt@cvs.openbsd.org 2006/03/20 18:27:50
...
[monitor.c]
spacing
2006-03-26 14:07:52 +11:00
9096740f6c
- deraadt@cvs.openbsd.org 2006/03/20 18:26:55
...
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
[ssh-rsa.c ssh.c sshlogin.c]
annoying spacing fixes getting in the way of real diffs
2006-03-26 14:07:26 +11:00
91d4b12fcb
- deraadt@cvs.openbsd.org 2006/03/20 18:17:20
...
[auth1.c auth2.c sshd.c]
sprinkle some ARGSUSED for table driven functions (which sometimes
must ignore their args)
2006-03-26 14:05:20 +11:00
1b81a49f86
rewrap
2006-03-26 14:05:02 +11:00
71a7367130
- deraadt@cvs.openbsd.org 2006/03/20 18:14:02
...
[channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
[ssh.c sshpty.c sshpty.h]
sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 14:04:36 +11:00
6d39bcf898
- deraadt@cvs.openbsd.org 2006/03/20 17:17:23
...
[ssh-rsa.c]
in a switch (), break after return or goto is stupid
2006-03-26 14:03:21 +11:00
bbaad7772a
- deraadt@cvs.openbsd.org 2006/03/20 17:13:16
...
[key.c]
djm did a typo
2006-03-26 14:03:03 +11:00
69b7203e6f
- deraadt@cvs.openbsd.org 2006/03/20 17:10:19
...
[auth.c key.c misc.c packet.c ssh-add.c]
in a switch (), break after return or goto is stupid
2006-03-26 14:02:35 +11:00
429fcc23db
- djm@cvs.openbsd.org 2006/03/20 11:38:46
...
[key.c]
(really) last of the Coverity diffs: avoid possible NULL deref in
key_free. via elad AT netbsd.org; markus@ ok
2006-03-26 14:02:16 +11:00
96937bd914
- djm@cvs.openbsd.org 2006/03/20 04:09:44
...
[monitor.c]
memory leaks detected by Coverity via elad AT netbsd.org;
deraadt@ ok
that should be all of them now
2006-03-26 14:01:54 +11:00
3305f5591f
- deraadt@cvs.openbsd.org 2006/03/19 18:59:09
...
[authfile.c]
whoever thought that break after return was a good idea needs to
get their head examimed
2006-03-26 14:00:31 +11:00
4662d3492f
- deraadt@cvs.openbsd.org 2006/03/19 18:59:30
...
[ssh.c]
spacing
2006-03-26 13:59:59 +11:00
3bbaba6075
- deraadt@cvs.openbsd.org 2006/03/19 18:59:49
...
[ssh-keyscan.c]
please lint
2006-03-26 13:59:38 +11:00
f0b15dfc52
- deraadt@cvs.openbsd.org 2006/03/19 18:56:41
...
[clientloop.c progressmeter.c serverloop.c sshd.c]
ARGSUSED for signal handlers
2006-03-26 13:59:20 +11:00
c91e556d8a
- deraadt@cvs.openbsd.org 2006/03/19 18:53:12
...
[kex.c kex.h monitor.c myproposal.h session.c]
spacing
2006-03-26 13:58:55 +11:00
d62f2ca376
- deraadt@cvs.openbsd.org 2006/03/19 18:52:11
...
[auth1.c authfd.c channels.c]
spacing
2006-03-26 13:57:41 +11:00
78f16cb07b
- dtucker@cvs.openbsd.org 2006/03/19 11:51:52
...
[servconf.c]
Correct strdelim null test; ok djm@
2006-03-26 13:54:37 +11:00
5790b5910b
- djm@cvs.openbsd.org 2006/03/19 07:41:30
...
[sshconnect2.c]
memory leaks detected by Coverity via elad AT netbsd.org;
deraadt@ ok
2006-03-26 13:54:03 +11:00
928b23684a
- djm@cvs.openbsd.org 2006/03/19 02:24:05
...
[dh.c readconf.c servconf.c]
potential NULL pointer dereferences detected by Coverity
via elad AT netbsd.org; ok deraadt@
2006-03-26 13:53:32 +11:00
6db780e259
- djm@cvs.openbsd.org 2006/03/19 02:23:26
...
[hostfile.c]
FILE* leak detected by Coverity via elad AT netbsd.org;
ok deraadt@
2006-03-26 13:52:20 +11:00
e0b90a6766
- djm@cvs.openbsd.org 2006/03/19 02:22:56
...
[sftp.c]
more memory leaks detected by Coverity via elad AT netbsd.org;
deraadt@ ok
2006-03-26 13:51:44 +11:00
6f98a1fea7
- djm@cvs.openbsd.org 2006/03/19 02:22:32
...
[serverloop.c]
memory leaks detected by Coverity via elad AT netbsd.org;
ok deraadt@ dtucker@
2006-03-26 13:51:08 +11:00
304a940889
- djm@cvs.openbsd.org 2006/03/17 22:31:11
...
[authfd.c]
unreachanble statement, found by lint
2006-03-26 13:50:37 +11:00
5b83232b48
- djm@cvs.openbsd.org 2006/03/17 22:31:50
...
[authfd.c]
another unreachable found by lint
2006-03-26 13:50:14 +11:00
745570cd79
- biorn@cvs.openbsd.org 2006/03/16 10:31:45
...
[scp.c]
Try to display errormessage even if remout == -1
ok djm@, markus@
2006-03-26 13:49:43 +11:00
cb314828eb
- OpenBSD CVS Sync
...
- jakob@cvs.openbsd.org 2006/03/15 08:46:44
[ssh-keygen.c]
if no key file are given when printing the DNS host record, use the
host key file(s) as default. ok djm@
2006-03-26 13:48:01 +11:00
2dbbf8e9fc
[deattack.c deattack.h]
...
remove IV support from the CRC attack detector, OpenSSH has never used
it - it only applied to IDEA-CFB, which we don't support.
prompted by NetBSD Coverity report via elad AT netbsd.org;
feedback markus@ "nuke it" deraadt@
2006-03-26 00:11:46 +11:00
a1b3d636ab
- jakob@cvs.openbsd.org 2006/03/22 21:16:24
...
[ssh.1]
simplify SSHFP example; ok jmc@
2006-03-26 00:07:02 +11:00
5996294a95
- deraadt@cvs.openbsd.org 2006/03/20 18:41:43
...
[dns.c]
cast xstrdup to propert u_char *
2006-03-26 00:06:48 +11:00
1345e617da
- deraadt@cvs.openbsd.org 2006/03/20 18:26:55
...
[session.h]
annoying spacing fixes getting in the way of real diffs
2006-03-26 00:06:32 +11:00
ed3986a004
- deraadt@cvs.openbsd.org 2006/03/20 18:14:02
...
[monitor_wrap.h sshpty.h]
sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 00:06:14 +11:00
91a2d9746a
- djm@cvs.openbsd.org 2006/03/20 04:08:18
...
[gss-serv.c]
last lot of GSSAPI related leaks detected by Coverity via
elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:05:44 +11:00
a66cf68dd7
- djm@cvs.openbsd.org 2006/03/20 04:07:49
...
[gss-genr.c]
more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:05:23 +11:00
f23c09670a
- djm@cvs.openbsd.org 2006/03/20 04:07:22
...
[auth2-gss.c]
GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:04:53 +11:00
51b4f82123
- deraadt@cvs.openbsd.org 2006/03/19 18:53:12
...
[kex.h myproposal.h]
spacing
2006-03-26 00:04:32 +11:00
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
3e96d74274
- djm@cvs.openbsd.org 2006/03/16 04:24:42
...
[ssh.1]
Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
that OpenSSH supports
2006-03-25 23:39:29 +11:00
9834cab32e
- (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173 : make fmtint() take
...
a LLONG rather than a long. Fixes scp'ing of large files on platforms
with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
2006-03-19 00:07:07 +11:00
66f9eb65ff
- (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
...
elad AT NetBSD.org
2006-03-18 23:04:49 +11:00
b309203ce0
- (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
...
OpenSSL; ok tim
2006-03-16 18:22:18 +11:00
425a6886f9
- (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] Disable
...
sha256 when openssl < 0.9.7. Patch from djm@. Corrections/testing by me.
2006-03-15 20:17:05 -08:00
c495301bf8
- (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
...
/usr/include/crypto. Hint from djm@.
2006-03-16 08:14:34 +11:00
d82cbcb9da
- (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
2006-03-16 07:21:35 +11:00
8bb9e2c900
- (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD.
2006-03-15 22:28:17 +11:00
dc6118e127
- (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs
...
sys/ioctl.h for struct winsize.
2006-03-15 22:25:54 +11:00
b0024914c9
- (djm) [includes.h] Put back paths.h, it is needed in defines.h
2006-03-15 21:48:54 +11:00
486d95e6f7
- (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE
2006-03-15 21:31:39 +11:00
4b23f7c660
- (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some
...
includes removed from includes.h
2006-03-14 22:09:50 -08:00
7a4cf232c9
- (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:"
...
warnings.
2006-03-14 21:04:18 -08:00
6645e7a70d
- (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
...
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
[sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/glob.c openbsd-compat/mktemp.c]
[openbsd-compat/readpassphrase.c] Lots of include fixes for
OpenSolaris
2006-03-15 14:42:54 +11:00
34877d2e17
- (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out
...
SHA384, which we don't need and doesn't compile without tweaks
2006-03-15 14:36:55 +11:00
42fb06898e
- (djm) [ssh-agent.c] Restore dropped stat.h
2006-03-15 14:03:06 +11:00
3717cdac60
- (djm) [ssh-rand-helper.c] Needs a bunch of headers
2006-03-15 14:02:36 +11:00
a623807860
- (djm) [openbsd-compat/sha2.h] Avoid include macro clash with
...
system sha2.h
2006-03-15 14:02:01 +11:00
627725281e
- (djm) [loginrec.c] Need stat.h
2006-03-15 14:01:11 +11:00
b3b4ba3fba
- (djm) [regress/.cvsignore] Ignore Makefile here
2006-03-15 13:13:27 +11:00
41e364bcfa
- (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present
2006-03-15 13:12:41 +11:00
471e9b3ca6
- (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files
2006-03-15 13:09:18 +11:00
dcf4ca110e
- (djm) [includes.h] Restore accidentally dropped netinet/in.h
2006-03-15 13:07:48 +11:00
af87af165f
- (djm) [configure.ac defines.h kex.c md-sha256.c]
...
[openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
[openbsd-compat/sha2.c] First stab at portability glue for SHA256
KEX support, should work with libc SHA256 support or OpenSSL
EVP_sha256 if present
2006-03-15 13:02:28 +11:00
a63128d1a8
- djm@cvs.openbsd.org 2006/03/07 09:07:40
...
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
Implement the diffie-hellman-group-exchange-sha256 key exchange method
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY
NB. no portability bits committed yet
2006-03-15 12:08:28 +11:00
cc3e8ba3c2
- markus@cvs.openbsd.org 2006/03/14 16:32:48
...
[ssh_config.5 sshd_config.5]
*AliveCountMax applies to protcol v2 only; ok dtucker, djm
2006-03-15 12:06:55 +11:00
de85a28825
- djm@cvs.openbsd.org 2006/03/14 00:15:39
...
[canohost.c]
log the originating address and not just the name when a reverse
mapping check fails, requested by linux AT linuon.com
2006-03-15 12:06:41 +11:00
8275fade44
- dtucker@cvs.openbsd.org 2006/03/13 10:26:52
...
[authfile.c authfile.h ssh-add.c]
Make ssh-add check file permissions before attempting to load private
key files multiple times; it will fail anyway and this prevents confusing
multiple prompts and warnings. mindrot #1138 , ok djm@
2006-03-15 12:06:23 +11:00
306d118f72
- dtucker@cvs.openbsd.org 2006/03/13 10:14:29
...
[misc.c ssh_config.5 sshd_config.5]
Allow config directives to contain whitespace by surrounding them by double
quotes. mindrot #482 , man page help from jmc@, ok djm@
2006-03-15 12:05:59 +11:00
8056a9d46a
- dtucker@cvs.openbsd.org 2006/03/13 08:43:16
...
[ssh-keygen.c]
Make ssh-keygen handle CR and CRLF line termination when converting IETF
format keys, in adition to vanilla LF. mindrot #1157 , tested by Chris
Pepper, ok djm@
2006-03-15 12:05:40 +11:00
314dd4b2f3
- dtucker@cvs.openbsd.org 2006/03/13 08:33:00
...
[packet.c]
Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
poor performance and protocol stalls under some network conditions (mindrot
bugs #556 and #981 ). Patch originally from markus@, ok djm@
2006-03-15 12:05:22 +11:00
Damien Miller
Darren Tucker
Tim Rice