3dc71ad865
- djm@cvs.openbsd.org 2009/01/22 10:02:34
...
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
[serverloop.c ssh-keyscan.c ssh.c sshd.c]
make a2port() return -1 when it encounters an invalid port number
rather than 0, which it will now treat as valid (needed for future work)
adjust current consumers of a2port() to check its return value is <= 0,
which in turn required some things to be converted from u_short => int
make use of int vs. u_short consistent in some other places too
feedback & ok markus@
2009-01-28 16:31:22 +11:00
e7261c7e36
- stevesk@cvs.openbsd.org 2008/10/30 19:31:16
...
[clientloop.c sshd.c]
don't need to #include "monitor_fdpass.h"
2008-11-03 19:25:40 +11:00
b61f3fc31f
- markus@cvs.openbsd.org 2008/07/10 18:08:11
...
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c]
sync v1 and v2 traffic accounting; add it to sshd, too;
ok djm@, dtucker@
2008-07-11 17:36:48 +10:00
d8968adb5f
- (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
...
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
[sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
some platforms (HP nonstop) it is a distinct errno;
bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-07-04 23:10:49 +10:00
d7bdc0c8e8
- dtucker@cvs.openbsd.org 2008/07/01 07:24:22
...
[sshconnect.c sshd.c]
Send CR LF during protocol banner exchanges, but only for Protocol 2 only,
in order to comply with RFC 4253. bz #1443 , ok djm@
2008-07-02 22:34:30 +10:00
6ca16c63c2
- dtucker@cvs.openbsd.org 2008/06/14 17:07:11
...
[sshd.c]
ensure default umask disallows at least group and world write; ok djm@
2008-06-16 07:50:58 +10:00
2a6284782d
- OpenBSD CVS Sync
...
- dtucker@cvs.openbsd.org 2008/06/14 15:49:48
[sshd.c]
wrap long line at 80 chars
2008-06-16 07:50:24 +10:00
3fc464efdc
- dtucker@cvs.openbsd.org 2008/06/12 20:38:28
...
[sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
Make keepalive timeouts apply while waiting for a packet, particularly
during key renegotiation (bz #1363 ). With djm and Matt Day, ok djm@
2008-06-13 06:42:45 +10:00
e7f3f75651
- jmc@cvs.openbsd.org 2008/06/10 08:17:40
...
[sshd.8 sshd.c]
- update usage()
- fix SYNOPSIS, and sort options
- some minor additional fixes
2008-06-10 23:06:01 +10:00
e7140f20cb
- dtucker@cvs.openbsd.org 2008/06/10 04:50:25
...
[sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
Add extended test mode (-T) and connection parameters for test mode (-C).
-T causes sshd to write its effective configuration to stdout and exit.
-C causes any relevant Match rules to be applied before output. The
combination allows tesing of the parser and config files. ok deraadt djm
2008-06-10 23:01:51 +10:00
b84886ba3e
- djm@cvs.openbsd.org 2008/05/08 12:02:23
...
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
[monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
[ssh.c sshd.c]
Implement a channel success/failure status confirmation callback
mechanism. Each channel maintains a queue of callbacks, which will
be drained in order (RFC4253 guarantees confirm messages are not
reordered within an channel).
Also includes a abandonment callback to clean up if a channel is
closed without sending confirmation messages. This probably
shouldn't happen in compliant implementations, but it could be
abused to leak memory.
ok markus@ (as part of a larger diff)
2008-05-19 15:05:07 +10:00
354c48c641
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2008/04/13 00:22:17
[dh.c sshd.c]
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
2008-05-19 14:50:00 +10:00
52358d6df3
- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926 : Move
...
pam_open_session and pam_close_session into the privsep monitor, which
will ensure that pam_session_close is called as root. Patch from Tomas
Mraz.
2008-03-11 22:58:25 +11:00
2ee0c43f98
- mbalmer@cvs.openbsd.org 2008/02/14 13:10:31
...
[sshd.c]
When started in configuration test mode (-t) do not check that sshd is
being started with an absolute path.
ok djm
2008-03-07 18:31:47 +11:00
76e95daad1
- djm@cvs.openbsd.org 2008/02/13 22:38:17
...
[servconf.h session.c sshd.c]
rekey arc4random and OpenSSL RNG in postauth child
closefrom fds > 2 before shell/command execution
ok markus@
2008-03-07 18:31:24 +11:00
1f1e17bd61
- (dtucker) [sshd.c] Bug #1042 : make log messages for tcpwrappers use the
...
same SyslogFacility as the rest of sshd. Patch from William Knox,
ok djm@.
2008-02-28 23:20:48 +11:00
bfaaf960a0
- (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
...
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
header to after OpenSSL headers, since some versions of OpenSSL have
SSLeay_add_all_algorithms as a macro already.
2008-02-28 19:13:52 +11:00
49d2a2826a
- (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from
...
tsr2600 AT gmail.com
2008-01-20 08:56:00 +11:00
5891116cb3
- dtucker@cvs.openbsd.org 2007/12/31 15:27:04
...
[sshd.c]
When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed
to when it's enabled in the server's config. Speeds up Protocol 2
connections to inetd-mode servers that also allow Protocol 1. bz #440 ,
based on a patch from bruno at wolff.to, ok markus@
2008-01-01 20:33:09 +11:00
4abde771b7
- dtucker@cvs.openbsd.org 2007/12/27 14:22:08
...
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
sshd.c]
Add a small helper function to consistently handle the EAI_SYSTEM error
code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417 .
ok markus@ stevesk@
2007-12-29 02:43:51 +11:00
4a40ae28c3
- djm@cvs.openbsd.org 2007/05/22 10:18:52
...
[sshd.c]
zap double include; from p_nowaczyk AT o2.pl
(not required in -portable, Id sync only)
2007-06-05 18:22:32 +10:00
97b1bb568c
- dtucker@cvs.openbsd.org 2007/03/09 05:20:06
...
[servconf.c sshd.c]
Move C/R -> kbdint special case to after the defaults have been
loaded, which makes ChallengeResponse default to yes again. This
was broken by the Match changes and not fixed properly subsequently.
Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
2007-03-21 20:38:53 +11:00
ed623966e3
- dtucker@cvs.openbsd.org 2007/02/21 11:00:05
...
[sshd.c]
Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
newly exec'ed sshd will get the SIGALRM and not have a handler for it,
and the default action will terminate the listening sshd. Analysis and
patch from andrew at gaul.org.
2007-02-25 20:37:21 +11:00
0bc85579a9
- markus@cvs.openbsd.org 2006/11/06 21:25:28
...
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
add missing checks for openssl return codes; with & ok djm@
2006-11-07 23:14:41 +11:00
df0e438a2e
- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
...
if we absolutely need it. Pointed out by Corinna, ok djm@
2006-11-07 11:28:40 +11:00
78802f0af3
- (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings
...
on older versions of OS X. ok djm@
2006-10-18 22:51:31 +10:00
1f062ca339
- (djm) [sshd.c] Fix warning/API abuse; ok dtucker@
2006-09-17 14:04:46 +10:00
6433df036e
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
...
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes
2006-09-07 10:36:43 +10:00
ded319cca2
- (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
...
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
[auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
[cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
[dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
[md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
[scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
[ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c rc4.diff]
[openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
[openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
[openbsd-compat/port-uw.c]
Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
1b06dc30ad
- (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
...
[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
[openbsd-compat/port-solaris.h] Add support for Solaris process
contracts, enabled with --use-solaris-contracts. Patch from Chad
Mynhier, tweaked by dtucker@ and myself; ok dtucker@
2006-08-31 03:24:41 +10:00
3f8123c804
- markus@cvs.openbsd.org 2006/08/18 09:15:20
...
[auth.h session.c sshd.c]
delay authentication related cleanups until we're authenticated and
all alarms have been cancelled; ok deraadt
2006-08-19 00:32:46 +10:00
99a648e592
- deraadt@cvs.openbsd.org 2006/08/18 09:13:26
...
[log.c log.h sshd.c]
make signal handler termination path shorter; risky code pointed out by
mark dowd; ok djm markus
2006-08-19 00:32:20 +10:00
a1f6840a4f
- djm@cvs.openbsd.org 2006/08/16 11:47:15
...
[sshd.c]
factor inetd connection, TCP listen and main TCP accept loop out of
main() into separate functions to improve readability; ok markus@
2006-08-19 00:31:39 +10:00
1a3d6e7bdd
- dtucker@cvs.openbsd.org 2006/08/05 07:52:52
...
[auth2-none.c sshd.c monitor_wrap.c]
Add headers required to build with KERBEROS5=no. ok djm@
2006-08-05 18:46:47 +10:00
75bb664458
- (djm) [auth-pam.c auth-shadow.c auth2-none.c cleanup.c sshd.c]
...
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Sprinkle more
includes for Linux in
2006-08-05 14:07:20 +10:00
d783435315
- deraadt@cvs.openbsd.org 2006/08/03 03:34:42
...
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
a7a73ee35d
- stevesk@cvs.openbsd.org 2006/08/01 23:22:48
...
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
[auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
[channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
[kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
[monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
[servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
[uuencode.h xmalloc.c]
move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
e7a1e5cf63
- stevesk@cvs.openbsd.org 2006/07/26 13:57:17
...
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
[hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
[scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
[sshconnect1.c sshd.c xmalloc.c]
move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
9aec91948d
- stevesk@cvs.openbsd.org 2006/07/25 02:59:21
...
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
move #include <sys/time.h> out of includes.h
2006-08-05 10:57:45 +10:00
b8fe89c4d9
- (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
...
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
[gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
[servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
[ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
[openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
[openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
[openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
make the portable tree compile again - sprinkle unistd.h and string.h
back in. Don't redefine __unused, as it turned out to be used in
headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
e3476ed03b
- stevesk@cvs.openbsd.org 2006/07/22 20:48:23
...
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
be43ebf975
- stevesk@cvs.openbsd.org 2006/07/12 22:28:52
...
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
4515047e47
- dtucker@cvs.openbsd.org 2006/07/12 11:34:58
...
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
Add support for conditional directives to sshd_config via a "Match"
keyword, which works similarly to the "Host" directive in ssh_config.
Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg
AllowTcpForwarding yes
Match User anoncvs
AllowTcpForwarding no
will allow port forwarding by all users except "anoncvs".
Currently only a very small subset of directives are supported.
ok djm@
2006-07-12 22:34:17 +10:00
3997249346
- stevesk@cvs.openbsd.org 2006/07/11 20:07:25
...
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
a1738e4c65
- (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
...
[openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
2006-07-10 21:33:04 +10:00
57cf638577
- stevesk@cvs.openbsd.org 2006/07/09 15:15:11
...
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
[readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
[sshlogin.c sshpty.c]
move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
e3b60b524e
- stevesk@cvs.openbsd.org 2006/07/08 21:47:12
...
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
[monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
9f2abc47eb
- stevesk@cvs.openbsd.org 2006/07/06 16:03:53
...
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
[auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
[auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
[monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
[session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
[ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
[uidswap.h]
move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
b757677d02
- stevesk@cvs.openbsd.org 2006/07/03 08:54:20
...
[includes.h ssh.c sshconnect.c sshd.c]
move #include "version.h" out of includes.h; ok markus@
2006-07-10 20:23:39 +10:00
eb13e556e5
- markus@cvs.openbsd.org 2006/06/01 09:21:48
...
[sshd.c]
call get_remote_ipaddr() early; fixes logging after client disconnects;
report mpf@; ok dtucker@
2006-06-13 13:03:53 +10:00
d8093e49bf
- (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
...
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
in Portable-only code; since calloc zeros, remove now-redundant memsets.
Also add a couple of sanity checks. With & ok djm@
2006-05-04 16:24:34 +10:00
57c30117c1
- djm@cvs.openbsd.org 2006/03/25 13:17:03
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
07d86bec5e
- djm@cvs.openbsd.org 2006/03/25 00:05:41
...
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
[clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
[monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
[xmalloc.c xmalloc.h]
introduce xcalloc() and xasprintf() failure-checked allocations
functions and use them throughout openssh
xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it
to die
feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
91d4b12fcb
- deraadt@cvs.openbsd.org 2006/03/20 18:17:20
...
[auth1.c auth2.c sshd.c]
sprinkle some ARGSUSED for table driven functions (which sometimes
must ignore their args)
2006-03-26 14:05:20 +11:00
f0b15dfc52
- deraadt@cvs.openbsd.org 2006/03/19 18:56:41
...
[clientloop.c progressmeter.c serverloop.c sshd.c]
ARGSUSED for signal handlers
2006-03-26 13:59:20 +11:00
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
6645e7a70d
- (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
...
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
[sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/glob.c openbsd-compat/mktemp.c]
[openbsd-compat/readpassphrase.c] Lots of include fixes for
OpenSolaris
2006-03-15 14:42:54 +11:00
a63128d1a8
- djm@cvs.openbsd.org 2006/03/07 09:07:40
...
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
Implement the diffie-hellman-group-exchange-sha256 key exchange method
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY
NB. no portability bits committed yet
2006-03-15 12:08:28 +11:00
b24c2f8e33
- djm@cvs.openbsd.org 2006/03/13 08:16:00
...
[sshd.c]
don't log that we are listening on a socket before the listen() call
actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
2006-03-15 12:04:36 +11:00
6ff3caddb6
oops, this commit is really:
...
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
the previous was:
- stevesk@cvs.openbsd.org 2006/02/20 17:19:54
[auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
[authfile.c clientloop.c includes.h readconf.c scp.c session.c]
[sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
[sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
[sshconnect2.c sshd.c sshpty.c]
move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
f17883e6a0
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
...
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
9cf6d077fb
- stevesk@cvs.openbsd.org 2006/02/10 01:44:27
...
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
[sftp.c sshconnect.c sshconnect2.c sshd.c]
move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 11:29:24 +11:00
17e91c0fb0
- stevesk@cvs.openbsd.org 2006/02/10 00:27:13
...
[channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
[ssh.c sshd.c sshpty.c]
move #include <sys/ioctl.h> out of includes.h; ok markus@
2006-03-15 11:28:34 +11:00
03e2003a23
- stevesk@cvs.openbsd.org 2006/02/08 12:15:27
...
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
[session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
[sshd.c sshpty.c]
move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
7bff1a9b5e
- djm@cvs.openbsd.org 2005/12/24 02:27:41
...
[session.c sshd.c]
eliminate some code duplicated in privsep and non-privsep paths, and
explicitly clear SIGALRM handler; "groovy" deraadt@
2005-12-24 14:59:12 +11:00
788f212aed
- djm@cvs.openbsd.org 2005/10/30 08:52:18
...
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
[ssh.c sshconnect.c sshconnect1.c sshd.c]
no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
4d3fd54c91
- dtucker@cvs.openbsd.org 2005/10/30 08:29:29
...
[canohost.c sshd.c]
Check for connections with IP options earlier and drop silently. ok djm@
2005-11-05 15:13:24 +11:00
45b0142643
- djm@cvs.openbsd.org 2005/09/21 23:37:11
...
[sshd.c]
change label at markus@'s request
2005-10-03 18:20:00 +10:00
a2cdbda2de
- djm@cvs.openbsd.org 2005/09/19 11:47:09
...
[sshd.c]
stop connection abort on rekey with delayed compression enabled when
post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
2005-10-03 18:16:02 +10:00
ce321d8a30
- djm@cvs.openbsd.org 2005/09/13 23:40:07
...
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00
c6f8219e0d
- (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
...
process when sshd relies on ssh-random-helper. Should result in faster
logins on systems without a real random device or prngd. ok djm@
2005-09-27 22:46:32 +10:00
9786e6e2a0
- markus@cvs.openbsd.org 2005/07/25 11:59:40
...
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
[sshconnect2.c sshd.c sshd_config sshd_config.5]
add a new compression method that delays compression until the user
has been authenticated successfully and set compression to 'delayed'
for sshd.
this breaks older openssh clients (< 3.5) if they insist on
compression, so you have to re-enable compression in sshd_config.
ok djm@
2005-07-26 21:54:56 +10:00
94cf4c8448
- (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
...
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
2005-07-17 17:04:47 +10:00
eccb9de72a
- djm@cvs.openbsd.org 2005/06/17 02:44:33
...
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
677257fe07
- markus@cvs.openbsd.org 2005/06/16 08:00:00
...
[canohost.c channels.c sshd.c]
don't exit if getpeername fails for forwarded ports; bugzilla #1054 ;
ok djm
2005-06-17 12:55:03 +10:00
4f1d6b2c11
- djm@cvs.openbsd.org 2005/04/06 09:43:59
...
[sshd.c]
avoid harmless logspam by not performing setsockopt() on non-socket;
ok markus@
2005-05-26 11:59:32 +10:00
f3bb434177
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006 : fix bug in
...
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
2005-03-31 21:39:25 +10:00
2b59a6dad6
- (dtucker) [session.c sshd.c] Bug #125 comment #49 : Send disconnect audit
...
events earlier, prevents mm_request_send errors reported by Matt Goebel.
2005-03-06 22:38:51 +11:00
96d4710e38
- dtucker@cvs.openbsd.org 2005/02/08 22:24:57
...
[sshd.c]
Provide reason in error message if getnameinfo fails; ok markus@
2005-02-09 09:53:48 +11:00
2e0cf0dca2
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
...
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
2005-02-08 21:52:47 +11:00
269a1ea1c8
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
...
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125 :
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
2005-02-03 00:20:53 +11:00
9dc6c7dbec
- (dtucker) [session.c sshd.c] Bug #445 : Propogate KRB5CCNAME if set to child
...
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
2005-02-02 18:30:33 +11:00
5c14c73429
- otto@cvs.openbsd.org 2005/01/21 08:32:02
...
[auth-passwd.c sshd.c]
Warn in advance for password and account expiry; initialize loginmsg
buffer earlier and clear it after privsep fork. ok and help dtucker@
markus@
2005-01-24 21:55:49 +11:00
ea7c8127ce
- dtucker@cvs.openbsd.org 2005/01/17 22:48:39
...
[sshd.c]
Make debugging output continue after reexec; ok djm@
2005-01-20 11:03:08 +11:00
0f38323222
- djm@cvs.openbsd.org 2004/12/23 23:11:00
...
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
bz #898 : support AddressFamily in sshd_config. from
peak@argo.troja.mff.cuni.cz ; ok deraadt@
2005-01-20 10:57:56 +11:00
3269b13817
- djm@cvs.openbsd.org 2004/09/25 03:45:14
...
[sshd.c]
these printf args are no longer double; ok deraadt@ markus@
2004-11-05 20:20:59 +11:00
178fa66a64
- mickey@cvs.openbsd.org 2004/09/15 18:42:27
...
[sshd.c]
use less doubles in daemons; markus@ ok
2004-11-05 20:09:09 +11:00
2aa6d3cfce
- (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
...
banner. Suggested by deraadt@, ok mouring@, dtucker@
2004-09-12 16:53:04 +10:00
0f56ed16b8
- djm@cvs.openbsd.org 2004/08/28 01:01:48
...
[sshd.c]
don't erroneously close stdin for !reexec case, from Dave Johnson;
ok markus@
2004-08-29 16:38:41 +10:00
eb57862e7c
- (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
...
messages generated before the postauth privsep split.
2004-08-12 23:08:14 +10:00
d8835934c4
- dtucker@cvs.openbsd.org 2004/08/11 11:50:09
...
[sshd.c]
Don't try to close startup_pipe if it's not open; ok djm@
2004-08-12 22:42:29 +10:00
6832b83744
- markus@cvs.openbsd.org 2004/07/28 08:56:22
...
[sshd.c]
call setsid() _before_ re-exec
2004-08-12 22:36:51 +10:00
8ae66a5032
- (dtucker) [sshd.c] Remove duplicate variable imported during sync.
2004-08-12 22:16:55 +10:00
0999174755
- dtucker@cvs.openbsd.org 2004/07/17 05:31:41
...
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463 ); much assistance & ok markus@
2004-07-17 17:05:14 +10:00
fc9597034b
- deraadt@cvs.openbsd.org 2004/07/11 17:48:47
...
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
sshd.c ttymodes.h]
spaces
2004-07-17 16:12:08 +10:00
ba6de952a0
- (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
...
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces
diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
386c6a2c70
- avsm@cvs.openbsd.org 2004/06/26 20:07:16
...
[sshd.c]
initialise some fd variables to -1, djm@ ok
2004-06-30 22:40:20 +10:00
035a5b47cc
- OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2004/06/25 18:43:36
[sshd.c]
fix broken fd handling in the re-exec fallback path, particularly when
/dev/crypto is in use; ok deraadt@ markus@
2004-06-26 08:16:31 +10:00
17c5d03ad3
- (dtucker) [sshd.c] add line missing from reexec sync.
2004-06-25 14:22:23 +10:00
586b0b98bf
- djm@cvs.openbsd.org 2004/06/25 01:16:09
...
[sshd.c]
only perform tcp wrappers checks when the incoming connection is on a
socket. silences useless warnings from regress tests that use
proxycommand="sshd -i". prompted by david@ ok markus@
2004-06-25 13:34:31 +10:00
645ab757bd
- djm@cvs.openbsd.org 2004/06/24 19:30:54
...
[servconf.c servconf.h sshd.c]
re-exec sshd on accept(); initial work, final debugging and ok markus@
2004-06-25 13:33:20 +10:00
232711f6db
- djm@cvs.openbsd.org 2004/06/14 01:44:39
...
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
[sshd.c]
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
2004-06-15 10:35:30 +10:00
f675fc4948
- djm@cvs.openbsd.org 2004/06/13 12:53:24
...
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
[ssh-keyscan.c sshconnect2.c sshd.c]
implement diffie-hellman-group14-sha1 kex method (trivial extension to
existing diffie-hellman-group1-sha1); ok markus@
2004-06-15 10:30:09 +10:00
12984968fb
- (dtucker) [sshd.c] Fix typo in comment.
2004-05-24 13:37:13 +10:00
e14e005f41
- djm@cvs.openbsd.org 2004/05/09 01:19:28
...
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
sshd.c] removed: mpaux.c mpaux.h
kill some more tiny files; ok deraadt@
2004-05-13 16:30:44 +10:00
0c889cd9e9
- markus@cvs.openbsd.org 2004/03/11 10:21:17
...
[ssh.c sshd.c]
ssh, sshd: sync version output, ok djm
2004-03-22 09:36:00 +11:00
b408786db9
- markus@cvs.openbsd.org 2004/03/11 08:36:26
...
[sshd.c]
trim usage; ok deraadt
2004-03-22 09:35:21 +11:00
bfba354261
- (djm) [sshd.c] Drop supplemental groups if started as root
2004-03-22 09:29:57 +11:00
57aae982be
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2004/03/03 06:47:52
[sshd.c]
change proctiltle after accept(2); ok henning, deraadt, djm
2004-03-08 23:11:25 +11:00
86c093d289
- (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h
...
openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
inherited by the child. ok djm@
2004-03-08 22:59:03 +11:00
112aaac0ce
- (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some
...
platforms (eg SCO, HP-UX) with logging in the wrong TZ.
2004-03-08 22:13:12 +11:00
d592048c36
- djm@cvs.openbsd.org 2004/02/25 00:22:45
...
[sshd.c]
typo in comment
2004-02-29 20:11:30 +11:00
efa3706f05
- markus@cvs.openbsd.org 2004/02/23 12:02:33
...
[sshd.c]
backout revision 1.279; set listen socket to non-block; ok henning.
2004-02-24 09:20:29 +11:00
a8be9e23d2
- dtucker@cvs.openbsd.org 2004/02/05 05:37:17
...
[monitor.c sshd.c]
Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
2004-02-06 16:40:27 +11:00
ecc9d46dc5
- (dtucker) [sshd.c] Bug #757 : Clear child's environment to prevent
...
accidentally inheriting from root's environment. ok djm@
2004-02-06 16:04:08 +11:00
12c150e7e0
- markus@cvs.openbsd.org 2003/12/09 21:53:37
...
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
b9997192a7
- markus@cvs.openbsd.org 2003/12/09 17:29:04
...
[sshd.c]
fix -o and HUP; ok henning@
2003-12-17 16:29:22 +11:00
3175eb9a5a
- markus@cvs.openbsd.org 2003/12/02 17:01:15
...
[channels.c session.c ssh-agent.c ssh.h sshd.c]
use SSH_LISTEN_BACKLOG (=128) in listen(2).
2003-12-09 19:15:11 +11:00
a8e06cef35
- djm@cvs.openbsd.org 2003/11/21 11:57:03
...
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
f58b58ced1
- jakob@cvs.openbsd.org 2003/11/10 16:23:41
...
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
[key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
[ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
constify. ok markus@ & djm@
2003-11-17 21:18:23 +11:00
4a2505445f
- markus@cvs.openbsd.org 2003/10/02 10:41:59
...
[sshd.c]
print openssl version, too, several requests; ok henning/djm.
2003-10-03 17:57:24 +10:00
8fca6b57b4
- markus@cvs.openbsd.org 2003/09/26 08:19:29
...
[sshd.c]
no need to set the listen sockets to non-block; ok deraadt@
2003-10-02 16:18:22 +10:00
3e33cecf71
- markus@cvs.openbsd.org 2003/09/23 20:17:11
...
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
aaa56cb804
- markus@cvs.openbsd.org 2003/09/19 11:33:09
...
[packet.c sshd.c]
do not call packet_close on fatal; ok deraadt
2003-09-22 21:13:59 +10:00
1a0c0b9621
- markus@cvs.openbsd.org 2003/08/28 12:54:34
...
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
[sshconnect1.c sshd.c sshd_config sshd_config.5]
remove kerberos support from ssh1, since it has been replaced with GSSAPI;
but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
5ade9abc37
- (bal) redo how we handle 'mysignal()'. Move it to
...
openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
be our 'mysignal' by default. OK djm@
2003-08-25 01:16:21 +00:00
59d3d5b8b4
- (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
...
-lbroken; ok dtucker
2003-08-22 09:34:41 +10:00
ec960f2c93
- markus@cvs.openbsd.org 2003/08/13 08:46:31
...
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
6aaa58c470
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/07/22 13:35:22
[auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
test+ok henning@
- (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
- (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.
I hope I got this right....
2003-08-02 22:24:49 +10:00
e98dfa323e
- markus@cvs.openbsd.org 2003/07/16 10:34:53
...
[ssh.c sshd.c]
don't exit on multiple -v or -d; ok deraadt@
2003-07-19 19:54:31 +10:00
fe0078ae49
- markus@cvs.openbsd.org 2003/07/14 12:36:37
...
[sshd.c]
remove undocumented -V option. would be only useful if openssh is used
as ssh v1 server for ssh.com's ssh v2.
2003-07-19 19:52:28 +10:00
b9aa0a0baa
- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
...
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
9f63f22aa0
- deraadt@cvs.openbsd.org 2003/06/28 16:23:06
...
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
sshd.c]
deal with typing of write vs read in atomicio
2003-07-03 13:46:56 +10:00
e53270481c
- djm@cvs.openbsd.org 2003/06/28 07:48:10
...
[sshd.c]
report pidfile creation errors, based on patch from Roumen Petrov; ok markus@
2003-07-03 13:40:44 +10:00
502d384b74
- markus@cvs.openbsd.org 2003/06/24 08:23:46
...
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
int -> u_int; ok djm@, deraadt@, mouring@
2003-06-28 12:38:01 +10:00
0cbb9dea05
- (djm) Always use mysignal() for SIGALRM
2003-06-04 22:56:15 +10:00
31b3a0a98f
- djm@cvs.openbsd.org 2003/06/04 10:23:48
...
[sshd.c]
remove duplicated group-dropping code; ok markus@
2003-06-04 20:32:12 +10:00
61d3680aca
- deraadt@cvs.openbsd.org 2003/05/29 16:58:45
...
[sshd.c uidswap.c]
seteuid and setegid; markus ok
2003-06-02 19:09:48 +10:00
5d5f054173
RCS ID sync
2003-06-02 19:08:25 +10:00
f2e3e9deba
- (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
...
clobber
2003-06-02 12:15:54 +10:00
9155a681fd
- djm@cvs.openbsd.org 2003/05/24 09:30:40
...
[authfile.c monitor.c sftp-common.c sshpty.c]
cast some types for printing; ok markus@
(missed a hunk)
2003-05-26 21:34:36 +10:00
7e1bbc55af
- (djm) Remove IPv4 by default hack now that we can specify AF in config
2003-05-18 20:52:40 +10:00
04cb536054
- (djm) Bug #529 : sshd doesn't work correctly after SIGHUP (copy argv
...
correctly)
2003-05-15 21:29:10 +10:00
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
2372ace572
- markus@cvs.openbsd.org 2003/04/14 14:17:50
...
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
2003-05-14 13:42:23 +10:00
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
c437cda328
- (dtucker) Bug #536 : Test for and work around openpty/controlling tty
...
problem on Linux (fixes "could not set controlling tty" errors).
Also renames STREAMS_PUSH_ACQUIRES_CTTY to the more generic SSHD_ACQUIRES_CTTY
and moves the Solaris-specific comments to configure.ac.
2003-05-10 17:05:46 +10:00
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
933cc8fb9c
- (djm) Bug #245 : TTY problems on Solaris. Fix by stevesk@ and
...
dtucker@zip.com.au
2003-03-10 11:38:10 +11:00
8e7fb33523
- markus@cvs.openbsd.org 2003/02/16 17:09:57
...
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@
2003-02-24 12:03:03 +11:00
180fc5b236
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/01/27 17:06:31
[sshd.c]
more specific error message when /var/empty has wrong permissions;
bug #46 , map@appgate.com ; ok henning@, provos@, stevesk@
2003-02-24 11:50:18 +11:00
a8ed44b79e
- (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
...
systems may be added later.
2003-01-10 09:53:12 +11:00
c2faa4a504
- markus@cvs.openbsd.org 2002/11/07 16:28:47
...
[sshd.c]
log to stderr if -ie is given, bug #414 , prj@po.cwru.edu
2002-11-09 15:50:03 +00:00
e9264973ad
- (djm) OpenBSD CVS Sync
...
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
[compat.c compat.h sshd.c]
add a generic match for a prober, such as sie big brother;
idea from stevesk@; markus@ ok
2002-09-30 11:59:21 +10:00
d27a76de65
- markus@cvs.openbsd.org 2002/09/25 15:19:02
...
[sshd.c]
typo; pilot@monkey.org
2002-09-27 13:22:31 +10:00
81ed518b9b
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
...
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
e1383cee9d
- stevesk@cvs.openbsd.org 2002/09/13 19:23:09
...
[channels.c sshconnect.c sshd.c]
remove use of SO_LINGER, it should not be needed. error check
SO_REUSEADDR. fixup comments. ok markus@
2002-09-19 11:49:37 +10:00
41daec7538
- stevesk@cvs.openbsd.org 2002/07/23 16:03:10
...
[sshd.c]
utmp_len is unsigned; display error consistent with other options.
ok markus@
2002-07-23 21:15:13 +00:00
264ee307a8
- markus@cvs.openbsd.org 2002/07/19 15:43:33
...
[log.c log.h session.c sshd.c]
remove fatal cleanups after fork; based on discussions with and code
from solar.
2002-07-23 21:01:56 +00:00
232ccf7754
- (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
...
with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com .
2002-07-22 23:34:25 +00:00
9dd30817ef
[acconfig.h configure.ac sshd.c] s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
2002-07-07 13:43:36 -07:00
a962c2fb35
- deraadt@cvs.openbsd.org 2002/06/30 21:59:45
...
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
sshconnect2.c sshd.c]
minor KNF
2002-07-04 00:14:17 +00:00
5a9d0eaba6
- deraadt@cvs.openbsd.org 2002/06/30 21:54:16
...
[auth2.c session.c sshd.c]
lint asks that we use names that do not overlap
2002-07-04 00:12:53 +00:00
810af968b8
- deraadt@cvs.openbsd.org 2002/06/28 23:05:06
...
[sshd.c]
gidset[2] -> gidset[1]; markus ok
2002-07-04 00:11:40 +00:00
fbbfa8422f
- deraadt@cvs.openbsd.org 2002/06/28 10:08:25
...
[sshd.c]
range check -u option at invocation
2002-07-04 00:10:34 +00:00
596273516c
- (bal) Cygwin uid0 fix by vinschen@redhat.com
2002-06-27 18:02:21 +00:00
fbcc3f71f2
- markus@cvs.openbsd.org 2002/06/25 18:51:04
...
[sshd.c]
lightweight do_setusercontext after chroot()
2002-06-25 23:24:18 +00:00
8eff319298
[acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
...
for Cygwin, Cray, & SCO
2002-06-25 15:35:15 -07:00
822b634099
- deraadt@cvs.openbsd.org 2002/06/23 10:29:52
...
[ssh-agent.c sshd.c]
some minor KNF and %u
2002-06-23 21:38:49 +00:00
5c3855210e
- deraadt@cvs.openbsd.org 2002/06/23 03:30:58
...
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
sshpty.c]
various KNF and %d for unsigned
2002-06-23 21:23:20 +00:00
57f08005d3
- stevesk@cvs.openbsd.org 2002/06/22 20:05:27
...
[sshd.c]
don't call setsid() if debugging or run from inetd; no "Operation not
permitted" errors now; ok millert@ markus@
2002-06-23 00:37:10 +00:00
2dfacb3d40
- stevesk@cvs.openbsd.org 2002/06/22 16:40:19
...
[sshd.c]
check /var/empty owner mode; ok provos@
2002-06-23 00:33:47 +00:00
23e0f667f8
- markus@cvs.openbsd.org 2002/06/20 23:05:56
...
[servconf.c servconf.h session.c sshd.c]
allow Compression=yes/no in sshd_config
2002-06-21 01:09:47 +00:00
837461bf9a
- (bal) Build noop setgroups() for cygwin to clean up code (For other
...
platforms without the setgroups() requirement, you MUST define
SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
2002-06-12 16:57:14 +00:00
ce0f634270
- mpech@cvs.openbsd.org 2002/06/11 05:46:20
...
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
pid_t cleanup. Markus need this now to keep hacking.
markus@, millert@ ok
2002-06-11 16:42:49 +00:00
a26ea63f8a
- markus@cvs.openbsd.org 2002/05/29 11:21:57
...
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
2002-06-06 20:46:25 +00:00
f666fec2d5
- deraadt@cvs.openbsd.org 2002/05/22 23:18:25
...
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
2002-06-06 19:51:58 +00:00
bc5bb55755
- (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
2002-05-21 17:59:13 +00:00
c5041acef3
- (stevesk) [sshd.c] bug 245; disable setsid() for now
2002-05-21 17:50:21 +00:00
7339b2a278
- mouring@cvs.openbsd.org 2002/05/15 15:47:49
...
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
2002-05-15 16:25:01 +00:00
17401b6b77
- millert@cvs.openbsd.org 2002/05/13 15:53:19
...
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
2002-05-15 16:17:56 +00:00
87aea25f1a
- (djm) Try to drop supplemental groups at daemon startup. Patch from
...
RedHat
2002-05-10 12:20:24 +10:00
0ea1d9d1f2
- (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
...
support. bug #184 . most from dcole@keysoftsys.com .
2002-04-25 18:17:04 +00:00
0150c65830
- djm@cvs.openbsd.org 2002/04/23 22:16:29
...
[sshd.c]
Improve error message; ok markus@ stevesk@
2002-04-24 09:49:09 +10:00
47fd8112b5
- markus@cvs.openbsd.org 2002/03/30 18:51:15
...
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
check waitpid for EINTR; based on patch from peter@ifm.liu.se
2002-04-02 20:48:19 +00:00
f90f58d846
- stevesk@cvs.openbsd.org 2002/03/23 20:57:26
...
[sshd.c]
setproctitle() after preauth child; ok markus@
2002-03-26 01:53:03 +00:00
943481cc77
- markus@cvs.openbsd.org 2002/03/21 21:23:34
...
[sshd.c]
add privsep_preauth() and remove 1 goto; ok provos@
2002-03-22 03:43:46 +00:00
1ee9ec32a3
- markus@cvs.openbsd.org 2002/03/21 10:21:20
...
[ssh-add.c]
ignore errors for nonexisting default keys in ssh-add,
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
2002-03-22 03:14:45 +00:00
c743134191
- stevesk@cvs.openbsd.org 2002/03/20 19:12:25
...
[servconf.c servconf.h ssh.h sshd.c]
for unprivileged user, group do:
pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
2002-03-22 03:11:49 +00:00
6328ab3989
- markus@cvs.openbsd.org 2002/03/19 10:49:35
...
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
2002-03-22 02:54:23 +00:00
08105192fd
- markus@cvs.openbsd.org 2002/03/19 10:35:39
...
[auth-options.c auth.h session.c session.h sshd.c]
clean up prototypes
2002-03-22 02:50:06 +00:00
7a7edf77ed
- stevesk@cvs.openbsd.org 2002/03/19 03:03:43
...
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
2002-03-22 02:42:37 +00:00
7a2073c50b
- provos@cvs.openbsd.org 2002/03/18 17:50:31
...
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
2002-03-22 02:30:41 +00:00
73ab9ba45d
- provos@cvs.openbsd.org 2002/03/18 01:12:14
...
[auth.h auth1.c auth2.c sshd.c]
have the authentication functions return the authentication context
and then do_authenticated; okay millert@
2002-03-22 01:27:35 +00:00
abcb145b38
- markus@cvs.openbsd.org 2002/03/14 16:38:26
...
[sshd.c]
split out ssh1 session key decryption; ok provos@
2002-03-22 01:10:21 +00:00
3a5b023330
Stupid djm commits experimental code to head instead of branch
...
revert
2002-03-13 13:19:42 +11:00
646e7cf3d7
Import of Niels Provos' 20020312 ssh-complete.diff
...
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
733a2351f5
- stevesk@cvs.openbsd.org 2002/02/27 21:23:13
...
[canohost.c channels.c packet.c sshd.c]
remove unneeded casts in [gs]etsockopt(); ok markus@
2002-03-05 01:31:28 +00:00
13c5d3b370
- stevesk@cvs.openbsd.org 2002/02/24 16:09:52
...
[sshd.c]
use u_char* here; ok markus@
2002-02-26 18:00:48 +00:00
6a47f30c55
- markus@cvs.openbsd.org 2002/02/11 16:19:39
...
[sshd.c]
include md5.h not hmac.h
2002-02-13 13:55:06 +11:00
Damien Miller
Darren Tucker
Ben Lindstrom
Tim Rice
Kevin Steves