Commit Graph

6936 Commits

Author SHA1 Message Date
Damien Miller 85b45e0918 - markus@cvs.openbsd.org 2013/07/19 07:37:48
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
     [servconf.h session.c sshd.c sshd_config.5]
     add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
     or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
     ok djm@
2013-07-20 13:21:52 +10:00
Damien Miller d93340cbb6 - djm@cvs.openbsd.org 2013/07/18 01:12:26
[ssh.1]
     be more exact wrt perms for ~/.ssh/config; bz#2078
2013-07-18 16:14:34 +10:00
Damien Miller bf836e535d - schwarze@cvs.openbsd.org 2013/07/16 00:07:52
[scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
     use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
2013-07-18 16:14:13 +10:00
Damien Miller 649fe025a4 - djm@cvs.openbsd.org 2013/07/12 05:48:55
[ssh.c]
     set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
2013-07-18 16:13:55 +10:00
Damien Miller 5bb8833e80 - djm@cvs.openbsd.org 2013/07/12 05:42:03
[ssh-keygen.c]
     do_print_resource_record() can never be called with a NULL filename, so
     don't attempt (and bungle) asking for one if it has not been specified
     bz#2127 ok dtucker@
2013-07-18 16:13:37 +10:00
Damien Miller 7313fc9222 - djm@cvs.openbsd.org 2013/07/12 00:43:50
[misc.c]
     in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
     errno == 0. Avoids confusing error message in some broken resolver
     cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
2013-07-18 16:13:19 +10:00
Damien Miller 746d1a6c52 - djm@cvs.openbsd.org 2013/07/12 00:20:00
[sftp.c ssh-keygen.c ssh-pkcs11.c]
     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:13:02 +10:00
Damien Miller ce98654674 - djm@cvs.openbsd.org 2013/07/12 00:19:59
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
     [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:12:44 +10:00
Damien Miller 0d02c3e10e - markus@cvs.openbsd.org 2013/07/02 12:31:43
[dh.c]
     remove extra whitespace
2013-07-18 16:12:06 +10:00
Damien Miller fecfd118d6 - jmc@cvs.openbsd.org 2013/06/27 14:05:37
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     do not use Sx for sections outwith the man page - ingo informs me that
     stuff like html will render with broken links;

     issue reported by Eric S. Raymond, via djm
2013-07-18 16:11:50 +10:00
Damien Miller bc35d92e78 - djm@cvs.openbsd.org 2013/06/22 06:31:57
[scp.c]
     improved time_t overflow check suggested by guenther@
2013-07-18 16:11:25 +10:00
Damien Miller 8158441d01 - djm@cvs.openbsd.org 2013/06/21 05:43:10
[scp.c]
     make this -Wsign-compare clean after time_t conversion
2013-07-18 16:11:07 +10:00
Damien Miller bbeb1dac55 - djm@cvs.openbsd.org 2013/06/21 05:42:32
[dh.c]
     sprinkle in some error() to explain moduli(5) parse failures
2013-07-18 16:10:49 +10:00
Damien Miller 7f2b438ca0 - djm@cvs.openbsd.org 2013/06/21 00:37:49
[ssh_config.5]
     explicitly mention that IdentitiesOnly can be used with IdentityFile
     to control which keys are offered from an agent.
2013-07-18 16:10:29 +10:00
Damien Miller 20bdcd7236 - djm@cvs.openbsd.org 2013/06/21 00:34:49
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
     for hostbased authentication, print the client host and user on
     the auth success/failure line; bz#2064, ok dtucker@
2013-07-18 16:10:09 +10:00
Damien Miller 3071070b39 - markus@cvs.openbsd.org 2013/06/20 19:15:06
[krl.c]
     don't leak the rdata blob on errors; ok djm@
2013-07-18 16:09:44 +10:00
Damien Miller 044bd2a7dd - guenther@cvs.openbsd.org 2013/06/17 04:48:42
[scp.c]
     Handle time_t values as long long's when formatting them and when
     parsing them from remote servers.
     Improve error checking in parsing of 'T' lines.

     ok dtucker@ deraadt@
2013-07-18 16:09:25 +10:00
Damien Miller 9a66155421 - dtucker@cvs.openbsd.org 2013/06/10 19:19:44
[readconf.c]
     revert 1.203 while we investigate crashes reported by okan@
2013-07-18 16:09:04 +10:00
Darren Tucker b7482cff46 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
contrib/cygwin/ssh-user-config] Modernizes and improve readability of
   the Cygwin README file (which hasn't been updated for ages), drop
   unsupported OSes from the ssh-host-config help text, and drop an
   unneeded option from ssh-user-config.  Patch from vinschen at redhat com.
2013-07-02 20:06:46 +10:00
Darren Tucker b8ae92d08b - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
and add some comments so it's clear what goes where.
2013-06-11 12:10:02 +10:00
Darren Tucker 97b62f41ad - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
the required OpenSSL support.  Patch from naddy at freebsd.
2013-06-11 11:47:24 +10:00
Darren Tucker 6d8bd57448 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-11 11:26:10 +10:00
Damien Miller 36187093ea - dtucker@cvs.openbsd.org 2013/06/07 15:37:52
[channels.c channels.h clientloop.c]
     Add an "ABANDONED" channel state and use for mux sessions that are
     disconnected via the ~. escape sequence.  Channels in this state will
     be able to close if the server responds, but do not count as active channels.
     This means that if you ~. all of the mux clients when using ControlPersist
     on a broken network, the backgrounded mux master will exit when the
     Control Persist time expires rather than hanging around indefinitely.
     bz#1917, also reported and tested by tedu@.  ok djm@ markus@.
2013-06-10 13:07:11 +10:00
Darren Tucker ae133d4b31 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
platforms that don't have multibyte character support (specifically,
    mblen).
2013-06-06 08:30:20 +10:00
Darren Tucker 408eaf3ab7 - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
[readconf.c]
     plug another memleak.  bz#1967, from Zhenbo Xu, detected by Melton, ok djm
2013-06-06 08:22:46 +10:00
Darren Tucker e52a260f16 - dtucker@cvs.openbsd.org 2013/06/05 12:52:38
[sshconnect2.c]
     Fix memory leaks found by Zhenbo Xu and the Melton tool.  bz#1967, ok djm
2013-06-06 08:22:05 +10:00
Darren Tucker 0cca17fa18 - dtucker@cvs.openbsd.org 2013/06/05 02:27:50
[sshd.c]
     When running sshd -D, close stderr unless we have explicitly requesting
     logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
     so, err, ok dtucker.
2013-06-06 08:21:14 +10:00
Darren Tucker 746e9067bd - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
[mux.c]
     fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
     ok djm
2013-06-06 08:20:13 +10:00
Darren Tucker ea64721275 - dtucker@cvs.openbsd.org 2013/06/04 20:42:36
[sftp.c]
     Make sftp's libedit interface marginally multibyte aware by building up
     the quoted string by character instead of by byte.  Prevents failures
     when linked against a libedit built with wide character support (bz#1990).
     "looks ok" djm
2013-06-06 08:19:09 +10:00
Darren Tucker 194454d7a8 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
[scp.c]
     use MAXPATHLEN for buffer size instead of fixed value.  ok markus
2013-06-06 08:16:04 +10:00
Darren Tucker 4ac66af091 - dtucker@cvs.openbsd.org 2013/06/03 00:03:18
[mac.c]
     force the MAC output to be 64-bit aligned so umac won't see unaligned
     accesses on strict-alignment architectures.  bz#2101, patch from
     tomas.kuthan at oracle.com, ok djm@
2013-06-06 08:12:37 +10:00
Darren Tucker ea8342c248 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
[clientloop.h clientloop.c mux.c]
     No need for the mux cleanup callback to be visible so restore it to static
     and call it through the detach_user function pointer.  ok djm@
2013-06-06 08:11:40 +10:00
Darren Tucker 5d12b8f05d - dtucker@cvs.openbsd.org 2013/06/02 21:01:51
[channels.h]
     typo in comment
2013-06-06 08:09:10 +10:00
Darren Tucker dc62edbf12 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
modpipe in case there's anything in there we need.
2013-06-06 05:12:35 +10:00
Darren Tucker 2a22873cd8 - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
forwarding test is extremely slow copying data on some machines so switch
   back to copying the much smaller ls binary until we can figure out why
   this is.
2013-06-06 01:59:13 +10:00
Darren Tucker b4e00949f0 - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
Patch from cjwatson at debian.
2013-06-05 22:48:44 +10:00
Darren Tucker 2ea9eb77a7 - (dtucker) Enable sha256 kex methods based on the presence of the necessary
functions, not from the openssl version.
2013-06-05 15:04:00 +10:00
Darren Tucker 16cac190eb - (dtucker) [configure.ac] Some other platforms need sys/types.h before
sys/socket.h.
2013-06-04 12:55:24 +10:00
Darren Tucker 0b43ffe143 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h. 2013-06-03 09:30:44 +10:00
Tim Rice 3f3064c822 - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker 2013-06-02 15:13:09 -07:00
Tim Rice 01ec0af301 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
feedback and ok dtucker
2013-06-02 14:31:27 -07:00
Tim Rice 5ab9b63468 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
   dealing with shell portability issues in regression tests, we let
   configure find us a capable shell on those platforms with an old /bin/sh.
2013-06-02 14:05:48 -07:00
Darren Tucker 898ac935e5 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
Patch from Nathan Osman.
2013-06-03 02:03:25 +10:00
Darren Tucker ef4901c3eb - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
to prevent noise from configure. Patch from Nathan Osman.
2013-06-03 01:59:13 +10:00
Darren Tucker 073f795bc1 - dtucker@cvs.openbsd.org 2013/06/02 13:35:58
[ssh-agent.c]
     Make parent_alive_interval time_t to avoid signed/unsigned comparison
2013-06-02 23:47:11 +10:00
Darren Tucker 00e1abb1eb - dtucker@cvs.openbsd.org 2013/06/02 13:33:05
[progressmeter.c]
     Add misc.h for monotime prototype. (id sync only)
2013-06-02 23:46:24 +10:00
Tim Rice 86211d1738 20130602
- (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
   linking regress/modpipe.
2013-06-01 18:38:23 -07:00
Darren Tucker e9887d1c37 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday. 2013-06-02 09:17:09 +10:00
Darren Tucker 65cf74079a fix typo 2013-06-02 09:11:19 +10:00
Darren Tucker c9a1991b95 - dtucker@cvs.openbsd.org 2013/06/01 22:34:50
[sftp-client.c]
     Update progressmeter when data is acked, not when it's sent.  bz#2108, from
     Debian via Colin Watson, ok djm@
2013-06-02 08:37:05 +10:00