Commit Graph

4620 Commits

Author SHA1 Message Date
Damien Miller f757d22e8b - stevesk@cvs.openbsd.org 2006/07/18 22:27:55
[dh.c]
     remove unneeded includes; ok djm@
2006-07-24 14:05:24 +10:00
Damien Miller 8c23403b51 - dtucker@cvs.openbsd.org 2006/07/18 08:22:23
[sshd_config.5]
     Clarify description of Match, with minor correction from jmc@
2006-07-24 14:05:08 +10:00
Damien Miller 393821ad72 - jmc@cvs.openbsd.org 2006/07/18 08:03:09
[ssh-agent.1 sshd_config.5]
     mark up angle brackets;
2006-07-24 14:04:53 +10:00
Damien Miller 22d47abbe3 - jmc@cvs.openbsd.org 2006/07/18 07:56:28
[scp.1]
     replace DIAGNOSTICS with .Ex;
2006-07-24 14:04:36 +10:00
Damien Miller 65bc2c4028 - jmc@cvs.openbsd.org 2006/07/18 07:50:40
[sshd_config.5]
     tweak; ok dtucker
2006-07-24 14:04:16 +10:00
Damien Miller 9b439df18a - dtucker@cvs.openbsd.org 2006/07/17 12:06:00
[channels.c channels.h servconf.c sshd_config.5]
     Add PermitOpen directive to sshd_config which is equivalent to the
     "permitopen" key option.  Allows server admin to allow TCP port
     forwarding only two specific host/port pairs.  Useful when combined
     with Match.
     If permitopen is used in both sshd_config and a key option, both
     must allow a given connection before it will be permitted.
     Note that users can still use external forwarders such as netcat,
     so to be those must be controlled too for the limits to be effective.
     Feedback & ok djm@, man page corrections & ok jmc@.
2006-07-24 14:04:00 +10:00
Damien Miller 98299261eb - dtucker@cvs.openbsd.org 2006/07/17 12:02:24
[auth-options.c]
     Use '\0' rather than 0 to terminates strings; ok djm@
2006-07-24 14:01:43 +10:00
Damien Miller e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
Damien Miller def915b0ff - stevesk@cvs.openbsd.org 2006/07/14 01:15:28
[monitor_wrap.h]
     don't need incompletely-typed 'struct passwd' now with
     #include <pwd.h>; ok markus@
2006-07-24 13:55:56 +10:00
Damien Miller 2d00e63cb8 - stevesk@cvs.openbsd.org 2006/07/12 22:42:32
[includes.h ssh.c ssh-rand-helper.c]
     move #include <stddef.h> out of includes.h
2006-07-24 13:53:19 +10:00
Damien Miller 939878b95f tidy 2006-07-24 13:52:06 +10:00
Damien Miller be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Damien Miller d04f357ac2 - jmc@cvs.openbsd.org 2006/07/12 13:39:55
[sshd_config.5]
      - new sentence, new line
      - s/The the/The/
      - kill a bad comma
2006-07-24 13:46:50 +10:00
Darren Tucker 341dae59c8 - (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h 2006-07-13 08:45:14 +10:00
Darren Tucker 2eaea99054 - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
openbsd-compat/rresvport.c] More errno.h.
2006-07-12 23:41:33 +10:00
Darren Tucker 5998ed03aa - (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h. 2006-07-12 23:10:33 +10:00
Darren Tucker deecec98c7 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too. 2006-07-12 22:44:34 +10:00
Darren Tucker 767e4134f1 - (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h. 2006-07-12 22:43:28 +10:00
Darren Tucker 2c1a02a8d0 - (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
   openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
2006-07-12 22:40:50 +10:00
Darren Tucker c931c433f6 - (dtucker) [openbsd-compat/xmmap.c] Include <errno.h>. 2006-07-12 22:35:51 +10:00
Darren Tucker 4515047e47 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
     Add support for conditional directives to sshd_config via a "Match"
     keyword, which works similarly to the "Host" directive in ssh_config.
     Lines after a Match line override the default set in the main section
     if the condition on the Match line is true, eg
     AllowTcpForwarding yes
     Match User anoncvs
             AllowTcpForwarding no
     will allow port forwarding by all users except "anoncvs".
     Currently only a very small subset of directives are supported.
     ok djm@
2006-07-12 22:34:17 +10:00
Darren Tucker ba72405026 - stevesk@cvs.openbsd.org 2006/07/11 20:27:56
[authfile.c ssh.c]
     need <errno.h> here also (it's also included in <openssl/err.h>)
2006-07-12 22:24:22 +10:00
Darren Tucker 57f4224677 - stevesk@cvs.openbsd.org 2006/07/11 20:16:43
[ssh.c]
     cast asterisk field precision argument to int to remove warning;
     ok markus@
2006-07-12 22:23:35 +10:00
Darren Tucker 3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
Darren Tucker e7d4b19f75 - markus@cvs.openbsd.org 2006/07/11 18:50:48
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
     channels.h readconf.c]
     add ExitOnForwardFailure: terminate the connection if ssh(1)
     cannot set up all requested dynamic, local, and remote port
     forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
Darren Tucker 284706a755 - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
[ssh.c]
     Only copy the part of environment variable that we actually use.  Prevents
     ssh bailing when SendEnv is used and an environment variable with a really
     long value exists.  ok djm@
2006-07-12 22:16:23 +10:00
Darren Tucker 5d19626a04 - stevesk@cvs.openbsd.org 2006/07/10 16:37:36
[readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
     auth.c packet.c log.c]
     move #include <stdarg.h> out of includes.h; ok markus@
2006-07-12 22:15:16 +10:00
Darren Tucker 1131847684 - jmc@cvs.openbsd.org 2006/07/10 16:04:21
[sshd.8]
     s/and and/and/
2006-07-12 22:07:59 +10:00
Darren Tucker a5362458d0 - stevesk@cvs.openbsd.org 2006/07/10 16:01:57
[sftp-glob.c sftp-common.h sftp.c]
     buffer.h only needed in sftp-common.h and remove some unneeded
     user includes; ok djm@
2006-07-12 22:07:08 +10:00
Darren Tucker 686852f665 - (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before
<netinet/ip.h>.
2006-07-12 19:05:56 +10:00
Darren Tucker 128a0894a5 - (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
for SHUT_RD.
2006-07-12 19:02:56 +10:00
Darren Tucker 250f1a6901 rewrap 2006-07-12 19:01:29 +10:00
Darren Tucker 248469bc8d - (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK
if they're really needed.  Fixes build errors on HP-UX, old Linuxes and probably
   more.
2006-07-12 14:14:31 +10:00
Darren Tucker e0e4aad1fd - (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably
others).
2006-07-11 19:01:51 +10:00
Darren Tucker 44c828fe29 - (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
openbsd-compat/daemon.c] Add includes needed by open(2).  Conditionally
   include paths.h.  Fixes build error on Solaris.
2006-07-11 18:00:06 +10:00
Darren Tucker 4e880e632b - (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h>
for struct sockaddr on platforms that use the fake-rfc stuff.
2006-07-11 00:20:51 +10:00
Darren Tucker da34553561 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51
[misc.c misc.h sshd.8 sshconnect.c]
     Add port identifier to known_hosts for non-default ports, based originally
     on a patch from Devin Nate in bz#910.
     For any connection using the default port or using a HostKeyAlias the
     format is unchanged, otherwise the host name or address is enclosed
     within square brackets in the same format as sshd's ListenAddress.
     Tested by many, ok markus@.
2006-07-10 23:04:19 +10:00
Damien Miller 0f07707267 - djm@cvs.openbsd.org 2006/07/10 12:08:08
[channels.c]
     fix misparsing of SOCKS 5 packets that could result in a crash;
     reported by mk@ ok markus@
2006-07-10 22:21:02 +10:00
Damien Miller 3d1a9f4d5d - djm@cvs.openbsd.org 2006/07/10 12:03:20
[scp.c]
     duplicate argv at the start of main() because it gets modified later;
     pointed out by deraadt@ ok markus@
2006-07-10 22:19:53 +10:00
Damien Miller a1738e4c65 - (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
[openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
2006-07-10 21:33:04 +10:00
Damien Miller 6444fe996b - djm@cvs.openbsd.org 2006/07/10 11:25:53
[sftp-server.c]
     don't log variables that aren't yet set
2006-07-10 21:31:27 +10:00
Damien Miller c718c743c1 - djm@cvs.openbsd.org 2006/07/10 11:24:54
[sftp-server.c]
     remove optind - it isn't used here
2006-07-10 21:31:00 +10:00
Damien Miller 211838d8e2 - stevesk@cvs.openbsd.org 2006/07/09 15:27:59
[ssh-add.c]
     use O_RDONLY vs. 0 in open(); no binary change
2006-07-10 21:14:00 +10:00
Damien Miller 57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
Damien Miller 194a1cb018 - stevesk@cvs.openbsd.org 2006/07/08 23:30:06
[log.c]
     move user includes after /usr/include files
2006-07-10 21:09:22 +10:00
Damien Miller e33b60343b - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
[monitor.c session.c]
     missed these from last commit:
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:34 +10:00
Damien Miller e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
Damien Miller 58059aef05 - stevesk@cvs.openbsd.org 2006/07/06 17:36:37
[monitor_wrap.h]
     typo in comment
2006-07-10 20:53:45 +10:00
Damien Miller 69996104fe - stevesk@cvs.openbsd.org 2006/07/06 16:22:39
[ssh-keygen.c]
     move #include "dns.h" up
2006-07-10 20:53:31 +10:00
Damien Miller 9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Damien Miller fef95ad816 - djm@cvs.openbsd.org 2006/07/06 10:47:57
[sftp-server.8 sftp-server.c]
     add commandline options to enable logging of transactions; ok markus@
2006-07-10 20:46:55 +10:00
Damien Miller 917f9b6b6e - djm@cvs.openbsd.org 2006/07/06 10:47:05
[servconf.c servconf.h session.c sshd_config.5]
     support arguments to Subsystem commands; ok markus@
2006-07-10 20:36:47 +10:00
Damien Miller 8ec8c3e98a - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
[canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
     [serverloop.c sshconnect.c uuencode.c]
     move #include <netinet/in.h> out of includes.h; ok deraadt@
     (also ssh-rand-helper.c logintest.c loginrec.c)
2006-07-10 20:35:38 +10:00
Damien Miller efc04e70b8 - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
[channels.c includes.h]
     move #include <arpa/inet.h> out of includes.h; old ok djm@
     (portable needed session.c too)
2006-07-10 20:26:27 +10:00
Damien Miller b757677d02 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
[includes.h ssh.c sshconnect.c sshd.c]
     move #include "version.h" out of includes.h; ok markus@
2006-07-10 20:23:39 +10:00
Damien Miller 57e8ad3f5e - stevesk@cvs.openbsd.org 2006/07/02 23:01:55
[clientloop.c ssh.1]
     use -KR[bind_address:]port here; ok djm@
2006-07-10 20:20:52 +10:00
Damien Miller 427a1d57bb - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
[groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
     move #include <grp.h> out of includes.h
     (portable needed uidswap.c too)
2006-07-10 20:20:33 +10:00
Damien Miller 5d3ac7f7ee - stevesk@cvs.openbsd.org 2006/07/02 18:36:47
[gss-serv-krb5.c gss-serv.c]
     no "servconf.h" needed here
     (gss-serv-krb5.c change not applied, portable needs the server options)
2006-07-10 20:17:55 +10:00
Damien Miller 991dba43e1 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
     more details and clarity for tun(4) device forwarding; ok and help
     jmc@
2006-07-10 20:16:27 +10:00
Damien Miller 43020951ad - djm@cvs.openbsd.org 2006/06/26 10:36:15
[clientloop.c]
     mention optional bind_address in runtime port forwarding setup
     command-line help. patch from santhi.amirta AT gmail.com
2006-07-10 20:16:12 +10:00
Damien Miller 1e88ea6556 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2006/06/14 10:50:42
     [sshconnect.c]
     limit the number of pre-banner characters we will accept; ok markus@
2006-07-10 20:15:56 +10:00
Darren Tucker e34c96aea1 - (dtucker) [INSTALL] New autoconf version: 2.60. 2006-07-10 12:55:24 +10:00
Darren Tucker f32f55259c - (dtucker) [INSTALL] A bit more info on autoconf. 2006-07-06 19:12:08 +10:00
Darren Tucker bdc121279f - (dtucker) [configure.ac] Try AIX blibpath test in different order when
compiling with gcc.  gcc 4.1.x will accept (but ignore) -b flags so
   configure would not select the correct libpath linker flags.
2006-07-06 11:56:25 +10:00
Damien Miller 365e18db51 whitespace 2006-07-05 22:48:07 +10:00
Damien Miller ee9ee9175c whitespace 2006-07-05 22:47:21 +10:00
Darren Tucker daf6ff4312 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
target already exists.
2006-07-05 21:35:48 +10:00
Darren Tucker db4c54bed1 - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which
version.
2006-06-30 16:20:58 +10:00
Darren Tucker 7243f9db60 - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
prevents warnings on platforms where _res is in the system headers.
2006-06-30 11:47:49 +10:00
Darren Tucker 66c32d5caa - (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
declaration too.  Patch from russ at sludge.net.
2006-06-30 10:51:32 +10:00
Darren Tucker 8b272ab09b - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems
with autoconf 2.60.  Patch from vapier at gentoo.org.
2006-06-27 11:20:28 +10:00
Darren Tucker 144e8d60cd - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
only, otherwise sshd can hang exiting non-interactive sessions.
2006-06-25 08:25:25 +10:00
Darren Tucker 03890e44cd - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
#1102 workaround.
2006-06-24 16:58:45 +10:00
Darren Tucker 0249f93c4d - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.
Works around limitation in Solaris' passwd program for changing passwords
   where the username is longer than 8 characters.  ok djm@
2006-06-24 12:10:07 +10:00
Darren Tucker 9afe115f0a - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
   on the pty slave as zero-length reads on the pty master, which sshd
   interprets as the descriptor closing.  Since most things don't do zero
   length writes this rarely matters, but occasionally it happens, and when
   it does the SSH pty session appears to hang, so we add a special case for
   this condition.  ok djm@
2006-06-23 21:24:12 +10:00
Darren Tucker 3eb4834489 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
tunnel support for Mac OS X/Darwin via a third-party tun driver.  Patch
   from reyk@, tested by anil@
2006-06-23 21:05:12 +10:00
Damien Miller 643460803f - (djm) [getput.h] This file has been replaced by functions in misc.c 2006-06-13 13:15:54 +10:00
Damien Miller a6680a4e35 - djm@cvs.openbsd.org 2006/06/13 01:18:36
[ssh-agent.c]
     always use a format string, even when printing a constant
   - djm@cvs.openbsd.org 2006/06/13 02:17:07
     [ssh-agent.c]
     revert; i am on drugs. spotted by alexander AT beard.se
2006-06-13 13:10:18 +10:00
Damien Miller 2e5fe88ebe - markus@cvs.openbsd.org 2006/06/08 14:45:49
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
     do not set the gid, noted by solar; ok djm
2006-06-13 13:10:00 +10:00
Damien Miller 6b4069ad56 - markus@cvs.openbsd.org 2006/06/06 10:20:20
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
     replace remaining setuid() calls with permanently_set_uid() and
     check seteuid() return values; report Marcus Meissner; ok dtucker djm
2006-06-13 13:05:15 +10:00
Damien Miller eb13e556e5 - markus@cvs.openbsd.org 2006/06/01 09:21:48
[sshd.c]
     call get_remote_ipaddr() early; fixes logging after client disconnects;
     report mpf@; ok dtucker@
2006-06-13 13:03:53 +10:00
Damien Miller 7b1e757b28 - mk@cvs.openbsd.org 2006/05/30 11:46:38
[ssh-add.c]
     Sync usage() with man page and reality.
     ok deraadt dtucker
2006-06-13 13:03:34 +10:00
Damien Miller fbc94c857a - jmc@cvs.openbsd.org 2006/05/29 16:13:23
[ssh.1]
     add GSSAPI to the list of authentication methods supported;
2006-06-13 13:03:16 +10:00
Damien Miller 3c6ed7bbd5 - jmc@cvs.openbsd.org 2006/05/29 16:10:03
[ssh_config.5]
     oops - previous was too long; split the list of auths up
2006-06-13 13:01:41 +10:00
Damien Miller 81a38928eb - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
[ssh_config]
     Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
     ssh_config.  ok markus@
2006-06-13 13:01:09 +10:00
Damien Miller 658f945538 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
[ssh_config.5]
     Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2006-06-13 13:00:55 +10:00
Damien Miller ad6b14d274 - miod@cvs.openbsd.org 2006/05/18 21:27:25
[kexdhc.c kexgexc.c]
     paramter -> parameter
2006-06-13 13:00:41 +10:00
Damien Miller 40b5985fe0 - markus@cvs.openbsd.org 2006/05/17 12:43:34
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
     fix leak; coverity via Kylene Jo Hall
2006-06-13 13:00:25 +10:00
Damien Miller 24fd8ddd61 - markus@cvs.openbsd.org 2006/05/16 09:00:00
[clientloop.c]
     missing free; from Kylene Hall
2006-06-13 13:00:09 +10:00
Damien Miller e250a94e69 - djm@cvs.openbsd.org 2006/05/08 10:49:48
[sshconnect2.c]
     uint32_t -> u_int32_t (which we use everywhere else)
     (Id sync only - portable already had this)
2006-06-13 12:59:53 +10:00
Darren Tucker f14b2aa672 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
and slave, we can remove the special-case handling in the audit hook in
   auth_log.
2006-05-21 18:26:40 +10:00
Darren Tucker f58b29d515 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
pointer leak.  From kjhall at us.ibm.com, found by coverity.
2006-05-17 22:24:56 +10:00
Darren Tucker 73373877db typo 2006-05-15 17:24:25 +10:00
Darren Tucker 2c77b7f1c1 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
do not allow kbdint again after the PAM account check fails.  ok djm@
2006-05-15 17:22:33 +10:00
Darren Tucker cefd8bb36d - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
default.  Patch originally from tim@, ok djm
2006-05-15 17:17:29 +10:00
Darren Tucker 13c539a4dc - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
_res, prevents problems on some platforms that have _res as a global but
   don't have getrrsetbyname(), eg IRIX 5.3.  Found and tested by
   georg.schwarz at freenet.de, ok djm@.
2006-05-15 17:15:56 +10:00
Darren Tucker 43ff44e7db - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
[auth-krb5.c]
     Add $OpenBSD$ in comment here too
2006-05-06 18:40:53 +10:00
Darren Tucker f779f672eb - djm@cvs.openbsd.org 2006/04/01 05:37:46
[OVERVIEW]
     $OpenBSD$ in here too
2006-05-06 17:48:48 +10:00
Darren Tucker 31cde6828d - djm@cvs.openbsd.org 2006/05/04 14:55:23
[dh.c]
     tighter DH exponent checks here too; feedback and ok markus@
2006-05-06 17:43:33 +10:00
Darren Tucker 232b76f9f8 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
     Prevent ssh from trying to open private keys with bad permissions more than
     once or prompting for their passphrases (which it subsequently ignores
     anyway), similar to a previous change in ssh-add.  bz #1186, ok djm@
2006-05-06 17:41:51 +10:00
Darren Tucker d8093e49bf - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
   in Portable-only code; since calloc zeros, remove now-redundant memsets.
   Also add a couple of sanity checks.  With & ok djm@
2006-05-04 16:24:34 +10:00
Darren Tucker 596d33801f - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
and double including it on IRIX 5.3 causes problems.  From Georg Schwarz,
   "no objections" tim@
2006-05-03 19:01:09 +10:00
Damien Miller 7b50b2030b missing file 2006-04-23 12:31:27 +10:00
Damien Miller 2bdd1c117c - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
sig_atomic_t
2006-04-23 12:28:53 +10:00
Damien Miller 08d4b0ca5d - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
[crc32.c]
     remove extra spaces
2006-04-23 12:12:24 +10:00
Damien Miller 2282c6e305 - djm@cvs.openbsd.org 2006/04/22 04:06:51
[uidswap.c]
     use setres[ug]id() to permanently revoke privileges; ok deraadt@
     (ID Sync only - portable already uses setres[ug]id() whenever possible)
2006-04-23 12:11:57 +10:00
Damien Miller 525a0b090f - djm@cvs.openbsd.org 2006/04/20 21:53:44
[includes.h session.c sftp.c]
     Switch from using pipes to socketpairs for communication between
     sftp/scp and ssh, and between sshd and its subprocesses. This saves
     a file descriptor per session and apparently makes userland ppp over
     ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
     decision on a per-platform basis)
2006-04-23 12:10:49 +10:00
Damien Miller 56e5e6ad11 - markus@cvs.openbsd.org 2006/04/20 09:47:59
[sshconnect.c]
     simplify; ok djm@
2006-04-23 12:08:59 +10:00
Damien Miller 97c91f688f - djm@cvs.openbsd.org 2006/04/20 09:27:09
[auth.h clientloop.c dispatch.c dispatch.h kex.h]
     replace the last non-sig_atomic_t flag used in a signal handler with a
     sig_atomic_t, unfortunately with some knock-on effects in other (non-
     signal) contexts in which it is used; ok markus@
2006-04-23 12:08:37 +10:00
Damien Miller 58629fad82 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
[bufaux.c bufbn.c]
     Move Buffer bignum functions into their own file, bufbn.c. This means
     that sftp and sftp-server (which use the Buffer functions in bufaux.c
     but not the bignum ones) no longer need to be linked with libcrypto.
     ok markus@
2006-04-23 12:08:19 +10:00
Damien Miller b5ea7e7c03 - djm@cvs.openbsd.org 2006/04/16 07:59:00
[atomicio.c]
     reorder sanity test so that it cannot dereference past the end of the
     iov array; well spotted canacar@!
2006-04-23 12:06:49 +10:00
Damien Miller 58ca98bfe1 - djm@cvs.openbsd.org 2006/04/16 00:54:10
[sftp-client.c]
     avoid making a tiny 4-byte write to send the packet length of sftp
     commands, which would result in a separate tiny packet on the wire by
     using atomiciov(writev, ...) to write the length and the command in one
     pass; ok deraadt@
2006-04-23 12:06:35 +10:00
Damien Miller 6aa139c41f - djm@cvs.openbsd.org 2006/04/16 00:52:55
[atomicio.c atomicio.h]
     introduce atomiciov() function that wraps readv/writev to retry
     interrupted transfers like atomicio() does for read/write;
     feedback deraadt@ dtucker@ stevesk@ ok deraadt@
2006-04-23 12:06:20 +10:00
Damien Miller 499a0d5ada - djm@cvs.openbsd.org 2006/04/16 00:48:52
[buffer.c buffer.h channels.c]
     Fix condition where we could exit with a fatal error when an input
     buffer became too large and the remote end had advertised a big window.
     The problem was a mismatch in the backoff math between the channels code
     and the buffer code, so make a buffer_check_alloc() function that the
     channels code can use to propsectivly check whether an incremental
     allocation will succeed.  bz #1131, debugged with the assistance of
     cove AT wildpackets.com; ok dtucker@ deraadt@
2006-04-23 12:06:03 +10:00
Damien Miller 63e437f053 - djm@cvs.openbsd.org 2006/04/03 07:10:38
[gss-genr.c]
     GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
     by dleonard AT vintela.com. use xasprintf() to simplify code while in
     there; "looks right" deraadt@
2006-04-23 12:05:46 +10:00
Damien Miller 603e68f1a2 - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
[ssh-keysign.c]
     sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
2006-04-23 12:05:32 +10:00
Damien Miller 7a656f7922 - djm@cvs.openbsd.org 2006/04/01 05:50:29
[scp.c]
     xasprintification; ok deraadt@
2006-04-23 12:04:46 +10:00
Damien Miller 07aa132a5e - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2006/04/01 05:42:20
     [scp.c]
     minimal lint cleanup (unused crud, and some size_t); ok djm
2006-04-23 12:04:27 +10:00
Damien Miller 73b42d2bb0 - (djm) [Makefile.in configure.ac session.c sshpty.c]
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
   [openbsd-compat/port-linux.h] Add support for SELinux, setting
   the execution and TTY contexts. based on patch from Daniel Walsh,
   bz #880; ok dtucker@
2006-04-22 21:26:08 +10:00
Damien Miller 2eaf37d899 - (djm) Reorder IP options check so that it isn't broken by
mapped addresses; bz #1179 reported by markw wtech-llc.com;
   ok dtucker@
2006-04-18 15:13:16 +10:00
Damien Miller dfc6183f13 - djm@cvs.openbsd.org 2006/03/31 09:13:56
[ssh_config.5]
     remote user escape is %r not %h; spotted by jmc@
2006-03-31 23:14:57 +11:00
Damien Miller c6437cf00a - jmc@cvs.openbsd.org 2006/03/31 09:09:30
[ssh_config.5]
     kill trailing whitespace;
2006-03-31 23:14:41 +11:00
Damien Miller 7a8f5b330d - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
[auth.c monitor.c]
     Prevent duplicate log messages when privsep=yes; ok djm@
2006-03-31 23:14:23 +11:00
Damien Miller e23209f434 - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
[ssh-keygen.c]
     Correctly handle truncated files while converting keys; ok djm@
2006-03-31 23:13:35 +11:00
Damien Miller 6b1d53c2b0 - djm@cvs.openbsd.org 2006/03/30 10:41:25
[ssh.c ssh_config.5]
     add percent escape chars to the IdentityFile option, bz #1159 based
     on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2006-03-31 23:13:21 +11:00
Damien Miller 3f9418893e - djm@cvs.openbsd.org 2006/03/30 09:58:16
[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
     [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
     replace {GET,PUT}_XXBIT macros with functionally similar functions,
     silencing a heap of lint warnings. also allows them to use
     __bounded__ checking which can't be applied to macros; requested
     by and feedback from deraadt@
2006-03-31 23:13:02 +11:00
Damien Miller d79b424e8a - djm@cvs.openbsd.org 2006/03/30 09:41:25
[channels.c]
     ARGSUSED for dispatch table-driven functions
2006-03-31 23:11:44 +11:00
Damien Miller 89c3fe4a9e - deraadt@cvs.openbsd.org 2006/03/28 01:53:43
[ssh-agent.c]
     use strtonum() to parse the pid from the file, and range check it
     better; ok djm
2006-03-31 23:11:28 +11:00
Damien Miller 57c4e875f8 - deraadt@cvs.openbsd.org 2006/03/28 01:52:28
[channels.c]
     do not accept unreasonable X ports numbers; ok djm
2006-03-31 23:11:07 +11:00
Damien Miller ddd63ab1d0 - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
[README.tun ssh.c]
     spacing
2006-03-31 23:10:51 +11:00
Damien Miller 2b5a0de903 - djm@cvs.openbsd.org 2006/03/27 23:15:46
[sftp.c]
     always use a format string for addargs; spotted by mouring@
2006-03-31 23:10:31 +11:00
Damien Miller 5a73c1a34d - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
[dh.c]
     use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
2006-03-31 23:09:41 +11:00
Damien Miller da380becc6 - OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2006/03/27 01:21:18
     [xmalloc.c]
     we can do the size & nmemb check before the integer overflow check;
     evol
2006-03-31 23:09:17 +11:00
Damien Miller b3cdc220c4 - deraadt@cvs.openbsd.org 2006/03/26 01:31:48
[uuencode.c]
     typo
2006-03-26 14:30:33 +11:00
Damien Miller 51096383e9 - djm@cvs.openbsd.org 2006/03/25 22:22:43
[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
     [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
     [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
     [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
     [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
     [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
     [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
     [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
     [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
     [ttymodes.h uidswap.h uuencode.h xmalloc.h]
     standardise spacing in $OpenBSD$ tags; requested by deraadt@
2006-03-26 14:30:00 +11:00
Damien Miller e3b21a5f59 - deraadt@cvs.openbsd.org 2006/03/25 18:58:10
[channels.c]
     delete cast not required
2006-03-26 14:29:06 +11:00
Damien Miller a0fdce9a47 - deraadt@cvs.openbsd.org 2006/03/25 18:56:55
[bufaux.c channels.c packet.c]
     remove (char *) casts to a function that accepts void * for the arg
2006-03-26 14:28:50 +11:00
Damien Miller 08d61505d7 - deraadt@cvs.openbsd.org 2006/03/25 18:43:30
[channels.c]
     use strtonum() instead of atoi() [limit X screens to 400, sorry]
2006-03-26 14:28:32 +11:00
Damien Miller 1c13bd8d79 - deraadt@cvs.openbsd.org 2006/03/25 18:41:45
[ssh-agent.c]
     mark two more signal handlers ARGSUSED
2006-03-26 14:28:14 +11:00
Damien Miller 5f340065fc - deraadt@cvs.openbsd.org 2006/03/25 18:40:14
[ssh-keygen.c]
     cast strtonum() result to right type
2006-03-26 14:27:57 +11:00
Damien Miller a1690d08b4 - deraadt@cvs.openbsd.org 2006/03/25 18:36:15
[sshlogin.c sshlogin.h]
     nicer size_t and time_t types
2006-03-26 14:27:35 +11:00
Damien Miller 90fdfaf69c - deraadt@cvs.openbsd.org 2006/03/25 18:30:55
[clientloop.c serverloop.c]
     spacing
2006-03-26 14:25:37 +11:00
Damien Miller 8ba29fe72d - deraadt@cvs.openbsd.org 2006/03/25 18:29:35
[auth-rsa.c authfd.c packet.c]
     needed casts (always will be needed)
2006-03-26 14:25:19 +11:00
Damien Miller 48c4ed2b78 oops, rewrap 2006-03-26 14:25:05 +11:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller 55b04f1d77 - djm@cvs.openbsd.org 2006/03/25 01:30:23
[sftp.c]
     "abormally" is a perfectly cromulent word, but "abnormally" is better
2006-03-26 14:23:17 +11:00
Damien Miller 36812092ec - djm@cvs.openbsd.org 2006/03/25 01:13:23
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
     [uidswap.c]
     change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
     to xrealloc(p, new_nmemb, new_itemsize).

     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@
2006-03-26 14:22:47 +11:00
Damien Miller 07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
Damien Miller a5a2859275 - deraadt@cvs.openbsd.org 2006/03/20 21:11:53
[ttymodes.c]
     spacing
2006-03-26 14:10:34 +11:00
Damien Miller 4f7becb44f - deraadt@cvs.openbsd.org 2006/03/20 18:48:34
[channels.c fatal.c kex.c packet.c serverloop.c]
     spacing
2006-03-26 14:10:14 +11:00
Damien Miller 1d2b6706ba - deraadt@cvs.openbsd.org 2006/03/20 18:42:27
[canohost.c match.c ssh.c sshconnect.c]
     be strict with tolower() casting
2006-03-26 14:09:54 +11:00
Damien Miller 1ff7c642ee - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
[dns.c]
     cast xstrdup to propert u_char *
2006-03-26 14:09:09 +11:00
Damien Miller 4ae97f1885 - deraadt@cvs.openbsd.org 2006/03/20 18:35:12
[channels.c]
     x11_fake_data is only ever used as u_char *
2006-03-26 14:08:10 +11:00
Damien Miller 9f3bd53acd - deraadt@cvs.openbsd.org 2006/03/20 18:27:50
[monitor.c]
     spacing
2006-03-26 14:07:52 +11:00
Damien Miller 9096740f6c - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
     [ssh-rsa.c ssh.c sshlogin.c]
     annoying spacing fixes getting in the way of real diffs
2006-03-26 14:07:26 +11:00
Damien Miller 91d4b12fcb - deraadt@cvs.openbsd.org 2006/03/20 18:17:20
[auth1.c auth2.c sshd.c]
     sprinkle some ARGSUSED for table driven functions (which sometimes
     must ignore their args)
2006-03-26 14:05:20 +11:00
Damien Miller 1b81a49f86 rewrap 2006-03-26 14:05:02 +11:00
Damien Miller 71a7367130 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
[channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
     [ssh.c sshpty.c sshpty.h]
     sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 14:04:36 +11:00
Damien Miller 6d39bcf898 - deraadt@cvs.openbsd.org 2006/03/20 17:17:23
[ssh-rsa.c]
     in a switch (), break after return or goto is stupid
2006-03-26 14:03:21 +11:00
Damien Miller bbaad7772a - deraadt@cvs.openbsd.org 2006/03/20 17:13:16
[key.c]
     djm did a typo
2006-03-26 14:03:03 +11:00
Damien Miller 69b7203e6f - deraadt@cvs.openbsd.org 2006/03/20 17:10:19
[auth.c key.c misc.c packet.c ssh-add.c]
     in a switch (), break after return or goto is stupid
2006-03-26 14:02:35 +11:00
Damien Miller 429fcc23db - djm@cvs.openbsd.org 2006/03/20 11:38:46
[key.c]
     (really) last of the Coverity diffs: avoid possible NULL deref in
     key_free. via elad AT netbsd.org; markus@ ok
2006-03-26 14:02:16 +11:00
Damien Miller 96937bd914 - djm@cvs.openbsd.org 2006/03/20 04:09:44
[monitor.c]
     memory leaks detected by Coverity via elad AT netbsd.org;
     deraadt@ ok
     that should be all of them now
2006-03-26 14:01:54 +11:00
Damien Miller 3305f5591f - deraadt@cvs.openbsd.org 2006/03/19 18:59:09
[authfile.c]
     whoever thought that break after return was a good idea needs to
     get their head examimed
2006-03-26 14:00:31 +11:00
Damien Miller 4662d3492f - deraadt@cvs.openbsd.org 2006/03/19 18:59:30
[ssh.c]
     spacing
2006-03-26 13:59:59 +11:00
Damien Miller 3bbaba6075 - deraadt@cvs.openbsd.org 2006/03/19 18:59:49
[ssh-keyscan.c]
     please lint
2006-03-26 13:59:38 +11:00
Damien Miller f0b15dfc52 - deraadt@cvs.openbsd.org 2006/03/19 18:56:41
[clientloop.c progressmeter.c serverloop.c sshd.c]
     ARGSUSED for signal handlers
2006-03-26 13:59:20 +11:00
Damien Miller c91e556d8a - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
[kex.c kex.h monitor.c myproposal.h session.c]
     spacing
2006-03-26 13:58:55 +11:00
Damien Miller d62f2ca376 - deraadt@cvs.openbsd.org 2006/03/19 18:52:11
[auth1.c authfd.c channels.c]
     spacing
2006-03-26 13:57:41 +11:00
Damien Miller 78f16cb07b - dtucker@cvs.openbsd.org 2006/03/19 11:51:52
[servconf.c]
     Correct strdelim null test; ok djm@
2006-03-26 13:54:37 +11:00
Damien Miller 5790b5910b - djm@cvs.openbsd.org 2006/03/19 07:41:30
[sshconnect2.c]
     memory leaks detected by Coverity via elad AT netbsd.org;
     deraadt@ ok
2006-03-26 13:54:03 +11:00
Damien Miller 928b23684a - djm@cvs.openbsd.org 2006/03/19 02:24:05
[dh.c readconf.c servconf.c]
     potential NULL pointer dereferences detected by Coverity
     via elad AT netbsd.org; ok deraadt@
2006-03-26 13:53:32 +11:00
Damien Miller 6db780e259 - djm@cvs.openbsd.org 2006/03/19 02:23:26
[hostfile.c]
     FILE* leak detected by Coverity via elad AT netbsd.org;
     ok deraadt@
2006-03-26 13:52:20 +11:00
Damien Miller e0b90a6766 - djm@cvs.openbsd.org 2006/03/19 02:22:56
[sftp.c]
     more memory leaks detected by Coverity via elad AT netbsd.org;
     deraadt@ ok
2006-03-26 13:51:44 +11:00
Damien Miller 6f98a1fea7 - djm@cvs.openbsd.org 2006/03/19 02:22:32
[serverloop.c]
     memory leaks detected by Coverity via elad AT netbsd.org;
     ok deraadt@ dtucker@
2006-03-26 13:51:08 +11:00
Damien Miller 304a940889 - djm@cvs.openbsd.org 2006/03/17 22:31:11
[authfd.c]
     unreachanble statement, found by lint
2006-03-26 13:50:37 +11:00
Damien Miller 5b83232b48 - djm@cvs.openbsd.org 2006/03/17 22:31:50
[authfd.c]
     another unreachable found by lint
2006-03-26 13:50:14 +11:00
Damien Miller 745570cd79 - biorn@cvs.openbsd.org 2006/03/16 10:31:45
[scp.c]
     Try to display errormessage even if remout == -1
     ok djm@, markus@
2006-03-26 13:49:43 +11:00
Damien Miller cb314828eb - OpenBSD CVS Sync
- jakob@cvs.openbsd.org 2006/03/15 08:46:44
     [ssh-keygen.c]
     if no key file are given when printing the DNS host record, use the
     host key file(s) as default. ok djm@
2006-03-26 13:48:01 +11:00
Damien Miller 2dbbf8e9fc [deattack.c deattack.h]
remove IV support from the CRC attack detector, OpenSSH has never used
     it - it only applied to IDEA-CFB, which we don't support.
     prompted by NetBSD Coverity report via elad AT netbsd.org;
     feedback markus@ "nuke it" deraadt@
2006-03-26 00:11:46 +11:00
Damien Miller a1b3d636ab - jakob@cvs.openbsd.org 2006/03/22 21:16:24
[ssh.1]
     simplify SSHFP example; ok jmc@
2006-03-26 00:07:02 +11:00
Damien Miller 5996294a95 - deraadt@cvs.openbsd.org 2006/03/20 18:41:43
[dns.c]
     cast xstrdup to propert u_char *
2006-03-26 00:06:48 +11:00
Damien Miller 1345e617da - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
[session.h]
     annoying spacing fixes getting in the way of real diffs
2006-03-26 00:06:32 +11:00
Damien Miller ed3986a004 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
[monitor_wrap.h sshpty.h]
     sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 00:06:14 +11:00
Damien Miller 91a2d9746a - djm@cvs.openbsd.org 2006/03/20 04:08:18
[gss-serv.c]
     last lot of GSSAPI related leaks detected by Coverity via
     elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:05:44 +11:00
Damien Miller a66cf68dd7 - djm@cvs.openbsd.org 2006/03/20 04:07:49
[gss-genr.c]
     more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
     reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:05:23 +11:00
Damien Miller f23c09670a - djm@cvs.openbsd.org 2006/03/20 04:07:22
[auth2-gss.c]
     GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
     reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:04:53 +11:00
Damien Miller 51b4f82123 - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
[kex.h myproposal.h]
     spacing
2006-03-26 00:04:32 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller 3e96d74274 - djm@cvs.openbsd.org 2006/03/16 04:24:42
[ssh.1]
     Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
     that OpenSSH supports
2006-03-25 23:39:29 +11:00
Darren Tucker 9834cab32e - (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173: make fmtint() take
a LLONG rather than a long.  Fixes scp'ing of large files on platforms
   with missing/broken snprintfs.  Patch from e.borovac at bom.gov.au.
2006-03-19 00:07:07 +11:00
Damien Miller 66f9eb65ff - (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
elad AT NetBSD.org
2006-03-18 23:04:49 +11:00
Damien Miller b309203ce0 - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
OpenSSL; ok tim
2006-03-16 18:22:18 +11:00
Tim Rice 425a6886f9 - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] Disable
sha256 when openssl < 0.9.7. Patch from djm@. Corrections/testing by me.
2006-03-15 20:17:05 -08:00
Darren Tucker c495301bf8 - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
/usr/include/crypto.  Hint from djm@.
2006-03-16 08:14:34 +11:00
Darren Tucker d82cbcb9da - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. 2006-03-16 07:21:35 +11:00
Darren Tucker 8bb9e2c900 - (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD. 2006-03-15 22:28:17 +11:00
Darren Tucker dc6118e127 - (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs
sys/ioctl.h for struct winsize.
2006-03-15 22:25:54 +11:00
Damien Miller b0024914c9 - (djm) [includes.h] Put back paths.h, it is needed in defines.h 2006-03-15 21:48:54 +11:00
Darren Tucker 486d95e6f7 - (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE 2006-03-15 21:31:39 +11:00
Tim Rice 4b23f7c660 - (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some
includes removed from includes.h
2006-03-14 22:09:50 -08:00
Tim Rice 7a4cf232c9 - (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:"
warnings.
2006-03-14 21:04:18 -08:00
Damien Miller 6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
2006-03-15 14:42:54 +11:00
Damien Miller 34877d2e17 - (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out
SHA384, which we don't need and doesn't compile without tweaks
2006-03-15 14:36:55 +11:00
Damien Miller 42fb06898e - (djm) [ssh-agent.c] Restore dropped stat.h 2006-03-15 14:03:06 +11:00
Damien Miller 3717cdac60 - (djm) [ssh-rand-helper.c] Needs a bunch of headers 2006-03-15 14:02:36 +11:00
Damien Miller a623807860 - (djm) [openbsd-compat/sha2.h] Avoid include macro clash with
system sha2.h
2006-03-15 14:02:01 +11:00
Damien Miller 627725281e - (djm) [loginrec.c] Need stat.h 2006-03-15 14:01:11 +11:00
Damien Miller b3b4ba3fba - (djm) [regress/.cvsignore] Ignore Makefile here 2006-03-15 13:13:27 +11:00
Damien Miller 41e364bcfa - (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present 2006-03-15 13:12:41 +11:00
Damien Miller 471e9b3ca6 - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files 2006-03-15 13:09:18 +11:00
Damien Miller dcf4ca110e - (djm) [includes.h] Restore accidentally dropped netinet/in.h 2006-03-15 13:07:48 +11:00
Damien Miller af87af165f - (djm) [configure.ac defines.h kex.c md-sha256.c]
[openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
   [openbsd-compat/sha2.c] First stab at portability glue for SHA256
   KEX support, should work with libc SHA256 support or OpenSSL
   EVP_sha256 if present
2006-03-15 13:02:28 +11:00
Damien Miller a63128d1a8 - djm@cvs.openbsd.org 2006/03/07 09:07:40
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
     Implement the diffie-hellman-group-exchange-sha256 key exchange method
     using the SHA256 code in libc (and wrapper to make it into an OpenSSL
     EVP), interop tested against CVS PuTTY
     NB. no portability bits committed yet
2006-03-15 12:08:28 +11:00
Damien Miller cc3e8ba3c2 - markus@cvs.openbsd.org 2006/03/14 16:32:48
[ssh_config.5 sshd_config.5]
     *AliveCountMax applies to protcol v2 only; ok dtucker, djm
2006-03-15 12:06:55 +11:00
Damien Miller de85a28825 - djm@cvs.openbsd.org 2006/03/14 00:15:39
[canohost.c]
     log the originating address and not just the name when a reverse
     mapping check fails, requested by linux AT linuon.com
2006-03-15 12:06:41 +11:00
Damien Miller 8275fade44 - dtucker@cvs.openbsd.org 2006/03/13 10:26:52
[authfile.c authfile.h ssh-add.c]
     Make ssh-add check file permissions before attempting to load private
     key files multiple times; it will fail anyway and this prevents confusing
     multiple prompts and warnings.  mindrot #1138, ok djm@
2006-03-15 12:06:23 +11:00
Damien Miller 306d118f72 - dtucker@cvs.openbsd.org 2006/03/13 10:14:29
[misc.c ssh_config.5 sshd_config.5]
     Allow config directives to contain whitespace by surrounding them by double
     quotes.  mindrot #482, man page help from jmc@, ok djm@
2006-03-15 12:05:59 +11:00
Damien Miller 8056a9d46a - dtucker@cvs.openbsd.org 2006/03/13 08:43:16
[ssh-keygen.c]
     Make ssh-keygen handle CR and CRLF line termination when converting IETF
     format keys, in adition to vanilla LF.  mindrot #1157, tested by Chris
     Pepper, ok djm@
2006-03-15 12:05:40 +11:00
Damien Miller 314dd4b2f3 - dtucker@cvs.openbsd.org 2006/03/13 08:33:00
[packet.c]
     Set TCP_NODELAY for all connections not just "interactive" ones.  Fixes
     poor performance and protocol stalls under some network conditions (mindrot
     bugs #556 and #981). Patch originally from markus@, ok djm@
2006-03-15 12:05:22 +11:00
Damien Miller b24c2f8e33 - djm@cvs.openbsd.org 2006/03/13 08:16:00
[sshd.c]
     don't log that we are listening on a socket before the listen() call
     actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
2006-03-15 12:04:36 +11:00
Damien Miller 2ecb6bd95d - djm@cvs.openbsd.org 2006/03/12 04:23:07
[ssh.c]
     knf nit
2006-03-15 12:03:53 +11:00
Damien Miller ec04f360eb - djm@cvs.openbsd.org 2006/03/04 04:12:58
[serverloop.c]
     move a debug() outside of a signal handler; ok markus@ a little while back
2006-03-15 12:01:34 +11:00
Damien Miller 1cf76d97f9 - djm@cvs.openbsd.org 2006/02/28 01:10:21
[session.c]
     fix logout recording when privilege separation is disabled, analysis and
     patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
     NB. ID sync only - patch already in portable
2006-03-15 12:01:14 +11:00
Damien Miller 4aea974a1d - jmc@cvs.openbsd.org 2006/02/26 18:03:10
[ssh_config.5]
     comma;
2006-03-15 11:59:39 +11:00
Damien Miller e3beba231a - jmc@cvs.openbsd.org 2006/02/26 18:01:13
[sshd_config.5]
     subsection is pointless here;
2006-03-15 11:59:25 +11:00
Damien Miller b5282c2f06 - jmc@cvs.openbsd.org 2006/02/26 17:17:18
[ssh_config.5]
     move PATTERNS to the end of the main body; requested by dtucker
2006-03-15 11:59:08 +11:00
Damien Miller ac73e51390 - jmc@cvs.openbsd.org 2006/02/25 12:28:34
[sshd_config.5]
     document the order in which allow/deny directives are processed;
     help/ok dtucker
2006-03-15 11:58:49 +11:00
Damien Miller d450f49d4a missed in commit message:
help/ok dtucker
2006-03-15 11:58:25 +11:00
Damien Miller 9cfbaecb64 - jmc@cvs.openbsd.org 2006/02/25 12:26:17
[ssh_config.5]
     document the possible values for KbdInteractiveDevices;
2006-03-15 11:57:55 +11:00
Damien Miller f4f22b54c0 - jmc@cvs.openbsd.org 2006/02/24 23:51:17
[sshd_config.5]
     oops - bits i missed;
2006-03-15 11:57:25 +11:00
Damien Miller 5b0d63f894 - jmc@cvs.openbsd.org 2006/02/24 23:43:57
[sshd_config.5]
     some grammar/wording fixes;
2006-03-15 11:56:56 +11:00
Damien Miller 45ee2b91e6 - jmc@cvs.openbsd.org 2006/02/24 23:20:07
[ssh_config.5]
     some grammar/wording fixes;
2006-03-15 11:56:18 +11:00
Damien Miller 208f1ed6f1 - jmc@cvs.openbsd.org 2006/02/24 20:31:31
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     more consistency fixes;
2006-03-15 11:56:03 +11:00
Damien Miller 1faa713323 - jmc@cvs.openbsd.org 2006/02/24 20:22:16
[ssh-keysign.8 ssh_config.5 sshd_config.5]
     some consistency fixes;
2006-03-15 11:55:31 +11:00
Damien Miller c7d5b5e466 - jmc@cvs.openbsd.org 2006/02/24 10:39:52
[sshd.8]
     signpost to PATTERNS section;
2006-03-15 11:55:08 +11:00
Damien Miller f54a4b9da5 - jmc@cvs.openbsd.org 2006/02/24 10:37:07
[ssh_config.5]
     tidy up the refs to PATTERNS;
2006-03-15 11:54:36 +11:00
Damien Miller 0c2079d81f - jmc@cvs.openbsd.org 2006/02/24 10:33:54
[sshd_config.5]
     signpost to PATTERNS;
2006-03-15 11:54:21 +11:00
Damien Miller 6def55171f - jmc@cvs.openbsd.org 2006/02/24 10:25:14
[ssh_config.5]
     add section on patterns;
     from dtucker + myself
2006-03-15 11:54:05 +11:00
Damien Miller c7b06369a8 - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
     [sshconnect.c]
     move #include <ctype.h> out of includes.h; ok djm@
2006-03-15 11:53:45 +11:00
Damien Miller 6ff3caddb6 oops, this commit is really:
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
     [clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@

the previous was:

   - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
     [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
     [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
     [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
     [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
     [sshconnect2.c sshd.c sshpty.c]
     move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
Damien Miller f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller 574c41fdb3 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
     move #include <sys/un.h> out of includes.h; ok djm@
2006-03-15 11:40:10 +11:00
Damien Miller 5c853b531f - jmc@cvs.openbsd.org 2006/02/19 20:12:25
[ssh_config.5]
     add some vertical space;
2006-03-15 11:37:02 +11:00
Damien Miller edd0375d82 - jmc@cvs.openbsd.org 2006/02/19 20:05:00
[sshd.8]
     grammar;
2006-03-15 11:36:45 +11:00
Damien Miller 445121fe8d - jmc@cvs.openbsd.org 2006/02/19 20:02:17
[sshd.8]
     sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
2006-03-15 11:36:18 +11:00
Damien Miller fd725cf585 - jmc@cvs.openbsd.org 2006/02/19 19:52:10
[sshd.8]
     move the sshrc stuff out of FILES, and into its own section:
     FILES is not a good place to document how stuff works;
2006-03-15 11:35:54 +11:00
Damien Miller adc35b9583 - jmc@cvs.openbsd.org 2006/02/16 09:05:34
[sshd.8]
     sync some of the FILES entries w/ ssh.1;
2006-03-15 11:35:27 +11:00
Damien Miller bc1936ad87 - jmc@cvs.openbsd.org 2006/02/15 16:55:33
[sshd.8]
     remove ietf draft references; RFC list now maintained in ssh.1;
2006-03-15 11:35:05 +11:00
Damien Miller 39a93a3305 - jmc@cvs.openbsd.org 2006/02/15 16:53:20
[ssh.1]
     remove the IETF draft references and replace them with some updated RFCs;
2006-03-15 11:34:45 +11:00