tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,826 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

5341 Commits

Author SHA1 Message Date
Darren Tucker 876045b0fb - markus@cvs.openbsd.org 2009/11/11 21:37:03 
[channels.c channels.h]
     fix race condition in x11/agent channel allocation: don't read after
     the end of the select read/write fdset and make sure a reused FD
     is not touched before the pre-handlers are called.
     with and ok djm@
 2010-01-08 17:08:00 +11:00
Darren Tucker 6e7fe1c01b - dtucker@cvs.openbsd.org 2009/11/10 04:30:45 
[sshconnect2.c channels.c sshconnect.c]
     Set close-on-exec on various descriptors so they don't get leaked to
     child processes.  bz #1643, patch from jchadima at redhat, ok deraadt.
 2010-01-08 17:07:22 +11:00
Darren Tucker f788a91624 - djm@cvs.openbsd.org 2009/11/10 02:58:56 
[sshd_config.5]
     clarify that StrictModes does not apply to ChrootDirectory. Permissions
     and ownership are always checked when chrooting. bz#1532
 2010-01-08 17:06:47 +11:00
Darren Tucker 78be8c54d6 - djm@cvs.openbsd.org 2009/11/10 02:56:22 
[ssh_config.5]
     explain the constraints on LocalCommand some more so people don't
     try to abuse it.
 2010-01-08 17:05:59 +11:00
Darren Tucker cc117f0deb - jmc@cvs.openbsd.org 2009/10/28 21:45:08 
[sshd_config.5 sftp.1]
     tweak previous;
 2010-01-08 17:05:26 +11:00
Darren Tucker 34e314da1b - reyk@cvs.openbsd.org 2009/10/28 16:38:18 
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
     channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
     sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
     Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
     ok markus@
 2010-01-08 17:03:46 +11:00
Darren Tucker f1de4e5228 - andreas@cvs.openbsd.org 2009/10/24 11:23:42 
[ssh.c]
     Request roaming to be enabled if UseRoaming is true and the server
     supports it.
     ok markus@
 2010-01-08 16:54:59 +11:00
Darren Tucker e730118bf4 - andreas@cvs.openbsd.org 2009/10/24 11:22:37 
[roaming_common.c]
     Do the actual suspend/resume in the client. This won't be useful until
     the server side supports roaming.
     Most code from Martin Forssen, maf at appgate dot com. Some changes by
     me and markus@
     ok markus@
 2010-01-08 16:53:31 +11:00
Darren Tucker f9e6eb8f22 - andreas@cvs.openbsd.org 2009/10/24 11:19:17 
[ssh2.h]
     Define the KEX messages used when resuming a suspended connection.
     ok markus@
 2010-01-08 16:52:32 +11:00
Darren Tucker e32cf43106 - andreas@cvs.openbsd.org 2009/10/24 11:15:29 
[clientloop.c]
     client_loop() must detect if the session has been suspended and resumed,
     and take appropriate action in that case.
     From Martin Forssen, maf at appgate dot com
     ok markus@
 2010-01-08 16:51:40 +11:00
Darren Tucker 36331b5d6c - andreas@cvs.openbsd.org 2009/10/24 11:13:54 
[sshconnect2.c kex.h kex.c]
     Let the client detect if the server supports roaming by looking
     for the resume@appgate.com kex algorithm.
     ok markus@
 2010-01-08 16:50:41 +11:00
Darren Tucker b7b17be4c0 - andreas@cvs.openbsd.org 2009/10/24 11:11:58 
[roaming.h]
     Declarations needed for upcoming changes.
     ok markus@
 2010-01-08 16:49:52 +11:00
Tim Rice 880ab0d84e - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 
Gzip all man pages. Patch from Corinna Vinschen.
 2009-12-26 15:40:47 -08:00
Darren Tucker 1bf3503c9d - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}] 
Bug #1583: Use system's kerberos principal name on AIX if it's available.
   Based on a patch from and tested by Miguel Sanders.
 2009-12-21 10:49:21 +11:00
Darren Tucker c8802aac28 - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, 
based on a patch from Vaclav Ovsik and Colin Watson.  ok djm.
 2009-12-08 13:39:48 +11:00
Darren Tucker d35e0ef616 - (dtucker) Bug #1677: add conditionals around the source for ssh-askpass. 2009-12-07 11:32:36 +11:00
Darren Tucker 1533311f4c - (dtucker) Bug #1160: use pkg-config for opensc config if it's available. 
Tested by Martin Paljak.
 2009-12-07 11:15:43 +11:00
Tim Rice 53e9974007 - (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it. 
Bug 1628. OK dtucker@
 2009-11-20 19:32:15 -08:00
Damien Miller 409661f0d9 - (djm) [ssh-rand-helper.c] Print error and usage() when passed command- 
line arguments as none are supported. Exit when passed unrecognised
   commandline flags. bz#1568 from gson AT araneus.fi
 2009-11-20 15:16:35 +11:00
Damien Miller 2191e04549 - (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal. 
bz#1645, patch from jchadima AT redhat.com
 2009-11-18 17:51:59 +11:00
Damien Miller 04ee0f8f12 - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to 
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
   setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
   report and fix from jan.kratochvil AT redhat.com
 2009-11-18 17:48:30 +11:00
Darren Tucker df6578bb4d - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private 
keys when built with OpenSSL versions that don't do AES.
 2009-11-07 16:03:14 +11:00
Darren Tucker e89ed1cfca - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with 
older versions of OpenSSL.
 2009-11-05 20:43:16 +11:00
Darren Tucker 4d6656b103 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux 
is enabled set the security context to "sftpd_t" before running the
   internal sftp server   Based on a patch from jchadima at redhat.
 2009-10-24 15:04:12 +11:00
Darren Tucker 6ac91a7c83 - (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro. 2009-10-24 11:52:42 +11:00
Darren Tucker 199ee6ff07 - dtucker@cvs.openbsd.org 2009/10/24 00:48:34 
[ssh-keygen.1]
     ssh-keygen now uses AES-128 for private keys
 2009-10-24 11:50:17 +11:00
Darren Tucker 2f29a8caba - djm@cvs.openbsd.org 2009/10/23 01:57:11 
[sshconnect2.c]
     disallow a hostile server from checking jpake auth by sending an
     out-of-sequence success message. (doesn't affect code enabled by default)
 2009-10-24 11:47:58 +11:00
Darren Tucker dfb9b71650 - djm@cvs.openbsd.org 2009/10/22 22:26:13 
[authfile.c]
     switch from 3DES to AES-128 for encryption of passphrase-protected
     SSH protocol 2 private keys; ok several
 2009-10-24 11:46:43 +11:00
Darren Tucker 98c9aec30e - sobrado@cvs.openbsd.org 2009/10/22 15:02:12 
[ssh-agent.1 ssh-add.1 ssh.1]
     write UNIX-domain in a more consistent way; while here, replace a
     few remaining ".Tn UNIX" macros with ".Ux" ones.
     pointed out by ratchov@, thanks!
     ok jmc@
 2009-10-24 11:42:44 +11:00
Darren Tucker ae69e1d010 - sobrado@cvs.openbsd.org 2009/10/22 12:35:53 
[ssh.1 ssh-agent.1 ssh-add.1]
     use the UNIX-related macros (.At and .Ux) where appropriate.
     ok jmc@
 2009-10-24 11:41:34 +11:00
Darren Tucker 49b7e23545 - sobrado@cvs.openbsd.org 2009/10/17 12:10:39 
[sftp-server.c]
     sort flags.
 2009-10-24 11:41:05 +11:00
Darren Tucker 1b118881b8 - (dtucker) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2009/10/11 23:03:15
     [hostfile.c]
     mention the host name that we are looking for in check_host_in_hostfile()
 2009-10-24 11:40:32 +11:00
Darren Tucker e23a79cbed - markus@cvs.openbsd.org 2009/10/08 18:04:27 
[regress/test-exec.sh]
     re-enable protocol v1 for the tests.
 2009-10-12 09:37:22 +11:00
Darren Tucker 438b47320c - dtucker@cvs.openbsd.org 2009/10/11 10:41:26 
[sftp-client.c]
     d_type isn't portable so use lstat to get dirent modes.  Suggested by and
     "looks sane" deraadt@
 2009-10-11 21:52:10 +11:00
Darren Tucker 7a4a76579e - jmc@cvs.openbsd.org 2009/10/08 20:42:12 
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
     some tweaks now that protocol 1 is not offered by default; ok markus
 2009-10-11 21:51:40 +11:00
Darren Tucker bad5076bb5 - (dtucker) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2009/10/08 14:03:41
     [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
     disable protocol 1 by default (after a transition period of about 10 years)
     ok deraadt
 2009-10-11 21:51:08 +11:00
Darren Tucker c182d99376 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for 
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
   lstat.
 2009-10-11 21:50:20 +11:00
Darren Tucker 538738d861 - (dtucker) d_type is not mandated by POSIX, so add fallback code using 
stat(), needed on at least cygwin.
 2009-10-07 18:56:10 +11:00
Darren Tucker 4adeac764e - (dtucker) [configure.ac sftp-client.c] DOTTIF is in fs/ffs/dir.h on at 
least dragonflybsd.
 2009-10-07 15:49:48 +11:00
Darren Tucker a25ab01845 - (dtucker) [regress/portnum.sh] Import new test. 2009-10-07 11:00:58 +11:00
Darren Tucker b707a24382 - dtucker@cvs.openbsd.org 2009/10/06 23:51:49 
[regress/ssh2putty.sh]
     Add OpenBSD tag to make syncs easier
 2009-10-07 10:54:31 +11:00
Darren Tucker c863895e0a - djm@cvs.openbsd.org 2009/08/20 18:43:07 
[ssh-com-sftp.sh]
     fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos
     Silva for Google Summer of Code
 2009-10-07 10:46:29 +11:00
Darren Tucker ed6b0c5fc2 - djm@cvs.openbsd.org 2009/08/13 01:11:55 
[sftp-batch.sh sftp-badcmds.sh sftp.sh sftp-cmds.sh sftp-glob.sh]
     date: 2009/08/13 01:11:19;  author: djm;  state: Exp;  lines: +10 -7
     Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
     add "-P port" to match scp(1). Fortunately, the -P option is only really
     used by our regression scripts.
     part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
     of Code work; ok deraadt markus
 2009-10-07 10:43:57 +11:00
Darren Tucker 287b9329c5 - djm@cvs.openbsd.org 2009/08/13 00:57:17 
[regress/Makefile]
     regression test for port number parsing. written as part of the a2port
     change that went into 5.2 but I forgot to commit it at the time...
 2009-10-07 10:31:56 +11:00
Darren Tucker 7988553585 - dtucker@cvs.openbsd.org 2009/05/05 07:51:36 
[regress/multiplex.sh]
     Always specify ssh_config for multiplex tests: prevents breakage caused
     by options in ~/.ssh/config.  From Dan Peterson.
 2009-10-07 10:30:57 +11:00
Darren Tucker 7023d161d8 - djm@cvs.openbsd.org 2008/12/07 22:17:48 
[regress/addrmatch.sh]
     match string "passwordauthentication" only at start of line, not anywhere
     in sshd -T output
 2009-10-07 10:30:06 +11:00
Darren Tucker 695ed397a5 - djm@cvs.openbsd.org 2009/10/06 04:46:40 
[session.c]
     bz#1596: fflush(NULL) before exec() to ensure that everying (motd
     in particular) has made it out before the streams go away.
 2009-10-07 09:02:18 +11:00
Darren Tucker 759cb2a49a - grunk@cvs.openbsd.org 2009/10/01 11:37:33 
[dh.c]
     fix a cast
     ok djm@ markus@
 2009-10-07 09:01:50 +11:00
Darren Tucker 72473c6b09 - djm@cvs.openbsd.org 2009/09/01 14:43:17 
[ssh-agent.c]
     fix a race condition in ssh-agent that could result in a wedged or
     spinning agent: don't read off the end of the allocated fd_sets, and
     don't issue blocking read/write on agent sockets - just fall back to
     select() on retriable read/write errors. bz#1633 reported and tested
     by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
 2009-10-07 09:01:03 +11:00
Darren Tucker 7bee06ab3b - djm@cvs.openbsd.org 2009/08/31 21:01:29 
[sftp-server.8]
     document -e and -h; prodded by jmc@
 2009-10-07 08:47:47 +11:00