tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,997 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

6493 Commits

Author SHA1 Message Date
Tim Rice 01ec0af301 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr. 
feedback and ok dtucker
 2013-06-02 14:31:27 -07:00
Tim Rice 5ab9b63468 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we 
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
   dealing with shell portability issues in regression tests, we let
   configure find us a capable shell on those platforms with an old /bin/sh.
 2013-06-02 14:05:48 -07:00
Darren Tucker 898ac935e5 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android. 
Patch from Nathan Osman.
 2013-06-03 02:03:25 +10:00
Darren Tucker ef4901c3eb - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms 
to prevent noise from configure. Patch from Nathan Osman.
 2013-06-03 01:59:13 +10:00
Darren Tucker 073f795bc1 - dtucker@cvs.openbsd.org 2013/06/02 13:35:58 
[ssh-agent.c]
     Make parent_alive_interval time_t to avoid signed/unsigned comparison
 2013-06-02 23:47:11 +10:00
Darren Tucker 00e1abb1eb - dtucker@cvs.openbsd.org 2013/06/02 13:33:05 
[progressmeter.c]
     Add misc.h for monotime prototype. (id sync only)
 2013-06-02 23:46:24 +10:00
Tim Rice 86211d1738 20130602 
- (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
   linking regress/modpipe.
 2013-06-01 18:38:23 -07:00
Darren Tucker e9887d1c37 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday. 2013-06-02 09:17:09 +10:00
Darren Tucker 65cf74079a fix typo 2013-06-02 09:11:19 +10:00
Darren Tucker c9a1991b95 - dtucker@cvs.openbsd.org 2013/06/01 22:34:50 
[sftp-client.c]
     Update progressmeter when data is acked, not when it's sent.  bz#2108, from
     Debian via Colin Watson, ok djm@
 2013-06-02 08:37:05 +10:00
Darren Tucker a710891659 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall 
back to time(NULL) if we can't find it anywhere.
 2013-06-02 08:18:31 +10:00
Darren Tucker f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c 
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
 2013-06-02 08:07:31 +10:00
Darren Tucker 3750fce6ac - dtucker@cvs.openbsd.org 2013/06/01 20:59:25 
[scp.c sftp-client.c]
     Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is.  Patch
     from Nathan Osman via bz#2113.  ok deraadt.

(note: corrected bug number from 2085)
 2013-06-02 07:52:21 +10:00
Darren Tucker b759c9c2ef - dtucker@cvs.openbsd.org 2013/06/01 13:15:52 
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
     channels.c sandbox-systrace.c]
     Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
     keepalives and rekeying will work properly over clock steps.  Suggested by
     markus@, "looks good" djm@.
 2013-06-02 07:46:16 +10:00
Darren Tucker 55119253c6 - dtucker@cvs.openbsd.org 2013/05/31 12:28:10 
[ssh-agent.c]
     Use time_t where appropriate.  ok djm
 2013-06-02 07:43:59 +10:00
Darren Tucker 0acca3797d - djm@cvs.openbsd.org 2013/05/19 02:42:42 
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
     Standardise logging of supplemental information during userauth. Keys
     and ruser is now logged in the auth success/failure message alongside
     the local username, remote host/port and protocol in use. Certificates
     contents and CA are logged too.
     Pushing all logging onto a single line simplifies log analysis as it is
     no longer necessary to relate information scattered across multiple log
     entries. "I like it" markus@
 2013-06-02 07:41:51 +10:00
Darren Tucker 74836ae0fa - djm@cvs.openbsd.org 2013/05/19 02:38:28 
[auth2-pubkey.c]
     fix failure to recognise cert-authority keys if a key of a different type
     appeared in authorized_keys before it; ok markus@
 2013-06-02 07:32:00 +10:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13 
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
 2013-06-02 07:31:17 +10:00
Darren Tucker c7aad0058c - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS 
rather than trying to enumerate the plaforms that don't have them.
   Based on a patch from Nathan Osman, with help from tim@.
 2013-06-02 07:18:47 +10:00
Darren Tucker c0c3373216 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to 
using openssl's DES_crpyt function on platorms that don't have a native
   one, eg Android.  Based on a patch from Nathan Osman.
 2013-06-02 06:28:03 +10:00
Darren Tucker efdf534214 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null 
implementation of endgrent for platforms that don't have it (eg Android).
    Loosely based on a patch from Nathan Osman, ok djm
 2013-05-30 08:29:08 +10:00
Darren Tucker 9b42d32738 - dtucker@cvs.openbsd.org 2013/05/17 10:35:43 
[regress/scp.sh]
     use a file extention that's not special on some platforms.  from portable
     (id sync only)
 2013-05-17 20:48:59 +10:00
Darren Tucker 0a404b0ed7 - dtucker@cvs.openbsd.org 2013/05/17 10:34:30 
[regress/portnum.sh]
     use a more portable negated if structure.  from portable (id sync only)
 2013-05-17 20:47:29 +10:00
Darren Tucker 62ee222e6f - dtucker@cvs.openbsd.org 2013/05/17 10:33:09 
[regress/agent-getpeereid.sh]
     don't redirect stdout from sudo.  from portable (id sync only)
 2013-05-17 20:46:00 +10:00
Darren Tucker 00478d30cb - dtucker@cvs.openbsd.org 2013/05/17 10:30:07 
[regress/test-exec.sh]
     wait a bit longer for startup and use case for absolute path.
     from portable (id sync only)
 2013-05-17 20:45:06 +10:00
Darren Tucker 98989eb95e - dtucker@cvs.openbsd.org 2013/05/17 10:28:11 
[regress/sftp.sh]
     only compare copied data if sftp succeeds.  from portable (id sync only)
 2013-05-17 20:44:09 +10:00
Darren Tucker 438f60eb9a - dtucker@cvs.openbsd.org 2013/05/17 10:26:26 
[regress/sftp-badcmds.sh]
     remove unused BATCH variable. (id sync only)
 2013-05-17 20:43:13 +10:00
Darren Tucker 1466bd25a8 - dtucker@cvs.openbsd.org 2013/05/17 10:24:48 
[localcommand.sh]
     use backticks for portability. (id sync only)
 2013-05-17 20:42:05 +10:00
Darren Tucker 05b5e518c9 - dtucker@cvs.openbsd.org 2013/05/17 10:23:52 
[regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
     Use SUDO when cat'ing pid files and running the sshd log wrapper so that
     it works with a restrictive umask and the pid files are not world readable.
     Changes from -portable.  (id sync only)
 2013-05-17 20:41:07 +10:00
Darren Tucker dd669173f9 - dtucker@cvs.openbsd.org 2013/05/17 10:16:26 
[regress/try-ciphers.sh]
     use expr for math to keep diffs vs portable down
     (id sync only)
 2013-05-17 20:39:57 +10:00
Darren Tucker 044f32f4c6 - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by 
rev 1.6 which calls wait.
 2013-05-17 20:12:57 +10:00
Darren Tucker 9cc8ff7b63 - (dtucker) [regress/runtests.sh] Remove obsolete test driver script. 2013-05-17 20:01:52 +10:00
Darren Tucker f8d5b34517 - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5 
helper function to the portable part of test-exec.sh.
 2013-05-17 19:53:25 +10:00
Darren Tucker 6f66981ed3 - (dtucker) [regress/test-exec.sh] Move the portable-specific functions 
together and add a couple of missing lines from openbsd.
 2013-05-17 19:28:51 +10:00
Darren Tucker 5f1a89a3b6 - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh] 
Move the jot helper function to portable-specific part of test-exec.sh.
 2013-05-17 19:17:58 +10:00
Darren Tucker 96457a54d0 - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd. 2013-05-17 19:03:38 +10:00
Darren Tucker 7f19323659 - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd. 2013-05-17 19:02:28 +10:00
Darren Tucker 8654dd2d73 - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits. 2013-05-17 16:03:48 +10:00
Darren Tucker 59d928d3b4 - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 
[regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
     regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
     regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
     regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
     regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
     regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
     regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
     regress/multiplex.sh]
     Move the setting of DATA and COPY into test-exec.sh
 2013-05-17 15:32:29 +10:00
Darren Tucker 34035be27b - dtucker@cvs.openbsd.org 2013/05/17 01:32:11 
[regress/integrity.sh]
     don't print output from ssh before getting it (it's available in ssh.log)
 2013-05-17 14:47:51 +10:00
Darren Tucker b8b96b0aa6 - dtucker@cvs.openbsd.org 2013/05/17 01:16:09 
[regress/agent-timeout.sh]
     Pull back some portability changes from -portable:
      - TIMEOUT is a read-only variable in some shells
      - not all greps have -q so redirect to /dev/null instead.
     (ID sync only)
 2013-05-17 14:46:20 +10:00
Darren Tucker 56347efe79 - dtucker@cvs.openbsd.org 2013/05/17 00:37:40 
[regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
     regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
     regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
     regress/ssh-com.sh]
     replace 'echo -n' with 'printf' since it's more portable
     also remove "echon" hack.
 2013-05-17 13:28:36 +10:00
Darren Tucker 91af05c516 - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange 
methods.  When the openssl version doesn't support ECDH then next one on
   the list is DH group exchange, but that causes a bit more traffic which can
   mean that the tests flip bits in the initial exchange rather than the MACed
   traffic and we get different errors to what the tests look for.
 2013-05-17 13:16:59 +10:00
Darren Tucker 6e1e60c3c2 - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it 
in portable and it's long gone in openbsd.
 2013-05-17 11:23:41 +10:00
Darren Tucker 982b0cbc4c - dtucker@cvs.openbsd.org 2013/05/16 05:48:31 
[regress/rekey.sh]
     add tests for RekeyLimit parsing
 2013-05-17 09:45:12 +10:00
Darren Tucker 14490fe7b0 - dtucker@cvs.openbsd.org 2013/05/16 04:26:10 
[regress/rekey.sh]
     add server-side rekey test
 2013-05-17 09:44:20 +10:00
Darren Tucker c31c8729c1 - dtucker@cvs.openbsd.org 2013/05/16 03:33:30 
[regress/rekey.sh]
     test rekeying when there's no data being transferred
 2013-05-17 09:43:33 +10:00
Darren Tucker a8a62fcc46 - dtucker@cvs.openbsd.org 2013/05/16 02:10:35 
[rekey.sh]
     Add test for time-based rekeying
 2013-05-17 09:42:34 +10:00
Darren Tucker 5e95173715 - djm@cvs.openbsd.org 2013/05/10 03:46:14 
[modpipe.c]
     sync some portability changes from portable OpenSSH (id sync only)
 2013-05-17 09:41:33 +10:00
Darren Tucker a4df65b9fc - dtucker@cvs.openbsd.org 2013/04/22 07:28:53 
[multiplex.sh]
     Add tests for -Oforward and -Ocancel for local and remote forwards
 2013-05-17 09:37:31 +10:00
Darren Tucker 40aaff7e4b - dtucker@cvs.openbsd.org 2013/04/22 07:23:08 
[multiplex.sh]
     Write mux master logs to regress.log instead of ssh.log to keep separate
 2013-05-17 09:36:20 +10:00
Darren Tucker f3568fc62b - djm@cvs.openbsd.org 2013/04/18 02:46:12 
[Makefile regress/sftp-chroot.sh]
     test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
 2013-05-17 09:35:26 +10:00
Darren Tucker dfea3bcdd7 - dtucker@cvs.openbsd.org 2013/04/07 02:16:03 
[regress/Makefile regress/rekey.sh regress/integrity.sh
     regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
     use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
     save the output from any failing tests.  If a test fails the debug output
     from ssh and sshd for the failing tests (and only the failing tests) should
     be available in failed-ssh{,d}.log.
 2013-05-17 09:31:39 +10:00
Darren Tucker 75129025a2 - dtucker@cvs.openbsd.org 2013/04/06 06:00:22 
[regress/rekey.sh regress/test-exec.sh regress/integrity.sh
     regress/multiplex.sh Makefile regress/cfgmatch.sh]
     Split the regress log into 3 parts: the debug output from ssh, the debug
     log from sshd and the output from the client command (ssh, scp or sftp).
     Somewhat functional now, will become more useful when ssh/sshd -E is added.
 2013-05-17 09:19:10 +10:00
Darren Tucker 7c8b1e7233 - dtucker@cvs.openbsd.org 2013/03/23 11:09:43 
[test-exec.sh]
     Only regenerate host keys if they don't exist or if ssh-keygen has changed
     since they were.  Reduces test runtime by 5-30% depending on machine
     speed.
 2013-05-17 09:10:20 +10:00
Darren Tucker 712de4d110 - djm@cvs.openbsd.org 2013/03/07 00:20:34 
[regress/proxy-connect.sh]
     repeat test with a style appended to the username
 2013-05-17 09:07:12 +10:00
Darren Tucker 09c0f0325b - dtucker@cvs.openbsd.org 2013/05/16 10:44:06 
[servconf.c]
     remove another now-unused variable
 2013-05-16 20:48:57 +10:00
Darren Tucker 9113d0c238 - dtucker@cvs.openbsd.org 2013/05/16 10:43:34 
[servconf.c readconf.c]
     remove now-unused variables
 2013-05-16 20:48:14 +10:00
Darren Tucker e194ba4111 - (dtucker) [configure.ac readconf.c servconf.c 
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
 2013-05-16 20:47:31 +10:00
Darren Tucker b7ee852144 - dtucker@cvs.openbsd.org 2013/05/16 09:12:31 
[readconf.c servconf.c]
     switch RekeyLimit traffic volume parsing to scan_scaled.  ok djm@
 2013-05-16 20:33:10 +10:00
Darren Tucker dbee308253 - dtucker@cvs.openbsd.org 2013/05/16 09:08:41 
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
     Fix some "unused result" warnings found via clang and -portable.
     ok markus@
 2013-05-16 20:32:29 +10:00
Darren Tucker 64d22946d6 - jmc@cvs.openbsd.org 2013/05/16 06:30:06 
[sshd_config.5]
     oops! avoid Xr to self;
 2013-05-16 20:31:29 +10:00
Darren Tucker 63e0df2b93 - jmc@cvs.openbsd.org 2013/05/16 06:28:45 
[ssh_config.5]
     put IgnoreUnknown in the right place;
 2013-05-16 20:30:31 +10:00
Darren Tucker 0763698f71 - djm@cvs.openbsd.org 2013/05/16 04:27:50 
[ssh_config.5 readconf.h readconf.c]
     add the ability to ignore specific unrecognised ssh_config options;
     bz#866; ok markus@
 2013-05-16 20:30:03 +10:00
Darren Tucker 5f96f3b4be - dtucker@cvs.openbsd.org 2013/05/16 04:09:14 
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
     page.
 2013-05-16 20:29:28 +10:00
Darren Tucker c53c2af173 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34 
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
     ssh_config.5 packet.h]
     Add an optional second argument to RekeyLimit in the client to allow
     rekeying based on elapsed time in addition to amount of traffic.
     with djm@ jmc@, ok djm
 2013-05-16 20:28:16 +10:00
Darren Tucker 64c6fceecd - dtucker@cvs.openbsd.org 2013/05/10 10:13:50 
[ssh-pkcs11-helper.c]
     remove unused extern optarg.  ok markus@
 2013-05-16 20:27:14 +10:00
Darren Tucker caf0010934 - djm@cvs.openbsd.org 2013/05/10 04:08:01 
[key.c]
     memleak in cert_free(), wasn't actually freeing the struct;
     bz#2096 from shm AT digitalsun.pl
 2013-05-16 20:26:18 +10:00
Darren Tucker 7e831edbf7 add missing attribution 2013-05-16 20:25:40 +10:00
Darren Tucker 54da6be320 - djm@cvs.openbsd.org 2013/05/10 03:40:07 
[sshconnect2.c]
     fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
 2013-05-16 20:25:04 +10:00
Darren Tucker 5d8b702d95 - dtucker@cvs.openbsd.org 2013/05/06 07:35:12 
[sftp-server.8]
     Reference the version of the sftp draft we actually implement.  ok djm@
 2013-05-16 20:24:23 +10:00
Darren Tucker 026d9db3fb - tedu@cvs.openbsd.org 2013/04/24 16:01:46 
[misc.c]
     remove extra parens noticed by nicm
 2013-05-16 20:23:52 +10:00
Darren Tucker 2ca51bf140 - tedu@cvs.openbsd.org 2013/04/23 17:49:45 
[misc.c]
     use xasprintf instead of a series of strlcats and strdup. ok djm
 2013-05-16 20:22:46 +10:00
Damien Miller 6aa3eacc5e - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be 
executed if mktemp failed; bz#2105 ok dtucker@
 2013-05-16 11:10:17 +10:00
Darren Tucker c54e3e0741 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so 
we don't get a warning on compilers that *don't* support it.  Add
   -Wno-unknown-warning-option.  Move both to the start of the list for
   maximum noise suppression.  Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
 2013-05-10 18:53:14 +10:00
Darren Tucker a75d247a18 - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the 
underlying libraries support them.
 2013-05-10 18:11:55 +10:00
Darren Tucker 0abfb559e3 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c 
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
  in to use it when we're using our own getopt.
 2013-05-10 18:08:49 +10:00
Darren Tucker ccfdfceacb - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c 
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
   portability code to getopt_long.c and switch over Makefile and the ugly
   hack in modpipe.c.  Fixes bz#1448.
 2013-05-10 16:28:55 +10:00
Darren Tucker 3933202007 - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No 
portability changes yet.
 2013-05-10 15:38:11 +10:00
Darren Tucker 35b2fe99be - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to 
getopt.c.  Preprocessed source is identical other than line numbers.
 2013-05-10 15:35:26 +10:00
Darren Tucker abbc7a7c02 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler 
supports it.  Mentioned by Colin Watson in bz#2100, ok djm.
 2013-05-10 13:54:23 +10:00
Damien Miller bc02f163f6 - dtucker@cvs.openbsd.org 2013/04/22 01:17:18 
[mux.c]
     typo in debug output: evitval->exitval
 2013-04-23 19:25:49 +10:00
Damien Miller f8b894e31d - djm@cvs.openbsd.org 2013/04/19 12:07:08 
[kex.c]
     remove duplicated list entry pointed out by naddy@
 2013-04-23 19:25:29 +10:00
Damien Miller 34bd20a1e5 - djm@cvs.openbsd.org 2013/04/19 11:10:18 
[ssh.c]
     add -Q to usage; reminded by jmc@
 2013-04-23 19:25:00 +10:00
Damien Miller ea11119eee - djm@cvs.openbsd.org 2013/04/19 01:06:50 
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
     [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
     add the ability to query supported ciphers, MACs, key type and KEX
     algorithms to ssh. Includes some refactoring of KEX and key type handling
     to be table-driven; ok markus@
 2013-04-23 19:24:32 +10:00
Damien Miller a56086b990 - djm@cvs.openbsd.org 2013/04/19 01:03:01 
[session.c]
     reintroduce 1.262 without the connection-killing bug:
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
 2013-04-23 15:24:18 +10:00
Damien Miller 0d6771b464 - djm@cvs.openbsd.org 2013/04/19 01:01:00 
[ssh-keygen.c]
     fix some memory leaks; bz#2088 ok dtucker@
 2013-04-23 15:23:24 +10:00
Damien Miller 467b00c38b - djm@cvs.openbsd.org 2013/04/19 01:00:10 
[sshd_config.5]
     document the requirment that the AuthorizedKeysCommand be owned by root;
     ok dtucker@ markus@
 2013-04-23 15:23:07 +10:00
Damien Miller 9303e6527b - djm@cvs.openbsd.org 2013/04/18 02:16:07 
[sftp.c]
     make "sftp -q" do what it says on the sticker: hush everything but errors;
 2013-04-23 15:22:40 +10:00
Damien Miller f1a02aea35 - dtucker@cvs.openbsd.org 2013/04/17 09:04:09 
[session.c]
     revert rev 1.262; it fails because uid is already set here.  ok djm@
 2013-04-23 15:22:13 +10:00
Damien Miller d5edefd27a - djm@cvs.openbsd.org 2013/04/11 02:27:50 
[packet.c]
     quiet disconnect notifications on the server from error() back to logit()
     if it is a normal client closure; bz#2057 ok+feedback dtucker@
 2013-04-23 15:21:39 +10:00
Damien Miller 6901032b05 - dtucker@cvs.openbsd.org 2013/04/07 09:40:27 
[sshd.8]
     clarify -e text. suggested by & ok jmc@
 2013-04-23 15:21:24 +10:00
Damien Miller 03d4d7e60b - dtucker@cvs.openbsd.org 2013/04/07 02:10:33 
[log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
     Add -E option to ssh and sshd to append debugging logs to a specified file
     instead of stderr or syslog.  ok markus@, man page help jmc@
 2013-04-23 15:21:06 +10:00
Damien Miller 37f1c08473 - markus@cvs.openbsd.org 2013/04/06 16:07:00 
[channels.c sshd.c]
     handle ECONNABORTED for accept(); ok deraadt some time ago...
 2013-04-23 15:20:43 +10:00
Damien Miller 172859cff7 - djm@cvs.openbsd.org 2013/04/05 00:58:51 
[mux.c]
     cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
     (in addition to ones already in OPEN); bz#2079, ok dtucker@
 2013-04-23 15:19:27 +10:00
Damien Miller 9f12b5dcd5 - djm@cvs.openbsd.org 2013/04/05 00:31:49 
[pathnames.h]
     use the existing _PATH_SSH_USER_RC define to construct the other
     pathnames; bz#2077, ok dtucker@ (no binary change)
 2013-04-23 15:19:11 +10:00
Damien Miller d677ad14ff - djm@cvs.openbsd.org 2013/04/05 00:14:00 
[auth2-gss.c krl.c sshconnect2.c]
     hush some {unused, printf type} warnings
 2013-04-23 15:18:51 +10:00
Damien Miller 508b6c3d3b - djm@cvs.openbsd.org 2013/03/08 06:32:58 
[ssh.c]
     allow "ssh -f none ..." ok markus@
 2013-04-23 15:18:28 +10:00
Damien Miller 91a55f28f3 - markus@cvs.openbsd.org 2013/03/07 19:27:25 
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
     add submethod support to AuthenticationMethods; ok and freedback djm@
 2013-04-23 15:18:10 +10:00
Damien Miller 4ce189d910 - djm@cvs.openbsd.org 2013/03/07 00:19:59 
[auth2-pubkey.c monitor.c]
     reconstruct the original username that was sent by the client, which may
     have included a style (e.g. "root:skey") when checking public key
     signatures. Fixes public key and hostbased auth when the client specified
     a style; ok markus@
 2013-04-23 15:17:52 +10:00
Damien Miller 5cbec4c259 - djm@cvs.openbsd.org 2013/03/06 23:36:53 
[readconf.c]
     g/c unused variable (-Wunused)
 2013-04-23 15:17:12 +10:00
Damien Miller 998cc56b65 - djm@cvs.openbsd.org 2013/03/06 23:35:23 
[session.c]
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
 2013-04-23 15:16:43 +10:00
Damien Miller 62e9c4f9b6 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2013/03/05 20:16:09
     [sshconnect2.c]
     reset pubkey order on partial success; ok djm@
 2013-04-23 15:15:49 +10:00
Damien Miller 6332da2ae8 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support 
platforms, such as Android, that lack struct passwd.pw_gecos. Report
   and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
 2013-04-23 14:25:52 +10:00
Darren Tucker ce1c9574fc - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from 
unused argument warnings (in particular, -fno-builtin-memset) from clang.
 2013-04-18 21:36:19 +10:00
Damien Miller bc68f2451b - (djm) [config.guess config.sub] Update to last versions before they switch 
to GPL3. ok dtucker@
 2013-04-18 11:26:25 +10:00
Darren Tucker 15fd19c4c9 - djm@cvs.openbsd.org 2013/02/22 22:09:01 
[ssh.c]
     Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
     version)
 2013-04-05 11:22:26 +11:00
Darren Tucker 5d1d9541a7 - markus@cvs.openbsd.org 2013/02/22 19:13:56 
[sshconnect.c]
     support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
 2013-04-05 11:20:00 +11:00
Darren Tucker aefa368243 - dtucker@cvs.openbsd.org 2013/02/22 04:45:09 
[ssh.c readconf.c readconf.h]
     Don't complain if IdentityFiles specified in system-wide configs are
     missing.  ok djm, deraadt
 2013-04-05 11:18:35 +11:00
Darren Tucker f3c3814243 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47 
[krl.c]
     Remove bogus include.  ok djm
(id sync only)
 2013-04-05 11:16:52 +11:00
Darren Tucker 1910478c2d - dtucker@cvs.openbsd.org 2013/02/17 23:16:57 
[readconf.c ssh.c readconf.h sshconnect2.c]
     Keep track of which IndentityFile options were manually supplied and which
     were default options, and don't warn if the latter are missing.
     ok markus@
 2013-04-05 11:13:08 +11:00
Darren Tucker c9627cdbc6 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h 
to avoid conflicting definitions of __int64, adding the required bits.
   Patch from Corinna Vinschen.
 2013-04-01 12:40:48 +11:00
Tim Rice 75db01d2ce - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit. 2013-03-22 10:14:32 -07:00
Darren Tucker 221b4b2436 - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before 
defining it again.  Prevents warnings if someone, eg, sets it in CFLAGS.
 2013-03-22 12:51:09 +11:00
Darren Tucker c8a0f27c6d - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype. 2013-03-22 12:49:14 +11:00
Damien Miller eed8dc2610 - (djm) Release 6.2p1 2013-03-22 10:25:22 +11:00
Damien Miller 83efe7c861 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil 
Hands' greatly revised version.
 2013-03-22 10:17:36 +11:00
Damien Miller 63b4bcd04e - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] 
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
   so mark it as broken. Patch from des AT des.no
 2013-03-20 12:55:14 +11:00
Tim Rice aa86c3970f - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none 
of the bits the configure test looks for.
 2013-03-16 20:55:46 -07:00
Damien Miller 5852840190 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to 
occur after UID switch; patch from John Marshall via des AT des.no;
   ok dtucker@
 2013-03-15 11:22:37 +11:00
Damien Miller f4db77d766 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 
Add a usleep replacement for platforms that lack it; ok dtucker
 2013-03-15 10:34:25 +11:00
Damien Miller a2438bbd28 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform 
is unable to successfully compile them. Based on patch from des AT
    des.no
 2013-03-15 10:23:07 +11:00
Darren Tucker aa97d13fa2 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") 
in addition to root as an owner of system directories on AIX and HP-UX.
   ok djm@
 2013-03-12 11:31:05 +11:00
Darren Tucker fe10a28e08 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] 
Improve portability of cipher-speed test, based mostly on a patch from
   Iain Morgan.
 2013-03-12 11:19:40 +11:00
Damien Miller e4f4347822 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a 
chance to complete on broken systems; ok dtucker@
 2013-03-08 12:14:22 +11:00
Tim Rice 2b6ea47106 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days 
ago.
 2013-03-07 07:37:13 -08:00
Darren Tucker 4d1a0fe029 remove extra word 2013-03-07 20:14:34 +11:00
Darren Tucker 9243ef086f - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it is 
was removed in configure.ac rev 1.481 as it was redundant.
 2013-03-07 20:06:13 +11:00
Darren Tucker b3cd503742 - (dtucker) [INSTALL] Bump documented autoconf version to what we're 
currently using.
 2013-03-07 12:33:35 +11:00
Darren Tucker ff008ded7f - (dtucker) [configure.ac] test that we can set number of file descriptors 
to zero with setrlimit before enabling the rlimit sandbox.  This affects
   (at least) HPUX 11.11.
 2013-03-06 17:48:48 +11:00
Darren Tucker 834a0d6d54 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding 
connection to start so that the test works on slower machines.
 2013-03-06 14:06:48 +11:00
Tim Rice ff8bda8f05 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov. 2013-03-05 14:23:58 -08:00
Darren Tucker 29c7151d20 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure 
build breakage on (at least) HP-UX 11.11.  Found by Amit Kulkarni and Kevin
   Brott.
 2013-03-05 21:50:09 +11:00
Darren Tucker fef9f7c3d1 add Amit. 2013-03-05 20:02:24 +11:00
Darren Tucker 5f0e54c892 - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by 
Kevin Brott.
 2013-03-05 19:57:39 +11:00
Damien Miller 43e5e60bad - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for 
HP/UX. Spotted by Kevin Brott
 2013-03-05 09:49:00 +11:00
Tim Rice 21f591b6d9 - (tim) [regress/krl.sh] keep old solaris awk from hanging. 2013-02-26 22:48:31 -08:00
Tim Rice ada7e17ae5 - (tim) [regress/integrity.sh] keep old solaris awk from hanging. 2013-02-26 21:49:09 -08:00
Tim Rice f9e2060ca9 - (tim) [regress/integrity.sh] shell portability fix. 2013-02-26 20:27:29 -08:00
Tim Rice a514bc05b1 - (tim) [regress/forward-control.sh] use sh in case login shell is csh. 2013-02-26 19:35:26 -08:00
Damien Miller c0cc7ce166 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 
[contrib/suse/openssh.spec] Crank version numbers
 2013-02-27 10:48:18 +11:00
Damien Miller 6c21bb8c4a - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage 
for UsePAM=yes configuration
 2013-02-26 19:41:30 +11:00
Damien Miller 1e657d592d - djm@cvs.openbsd.org 2013/02/20 08:27:50 
[integrity.sh]
     Add an option to modpipe that warns if the modification offset it not
     reached in it's stream and turn it on for t-integrity. This should catch
     cases where the session is not fuzzed for being too short (cf. my last
     "oops" commit)
 2013-02-26 18:58:06 +11:00
Darren Tucker 03978c61f3 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed 
to use Solaris native GSS libs.  Patch from Pierre Ossman.
 2013-02-25 11:24:44 +11:00
Darren Tucker a423fefb89 welcome to 2013 2013-02-25 10:32:27 +11:00
Damien Miller b87f6b70f8 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer 
bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
   ok tim
 2013-02-23 09:12:23 +11:00
Damien Miller 91f40d8592 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux 
seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
       ok dtucker
 2013-02-22 11:37:00 +11:00
Darren Tucker a2b5a4c746 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named 
libgss too.  Patch from Pierre Ossman, ok djm.
 2013-02-22 10:43:15 +11:00
Darren Tucker 964de184a8 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to 
ssh(1) since they're not needed.  Patch from Pierre Ossman.
 2013-02-22 10:39:59 +11:00
Tim Rice 0ec7423692 - (tim) [regress/forward-control.sh] shell portability fix. 2013-02-20 21:37:55 -08:00