Damien Miller
f757d22e8b
- stevesk@cvs.openbsd.org 2006/07/18 22:27:55
...
[dh.c]
remove unneeded includes; ok djm@
2006-07-24 14:05:24 +10:00
Damien Miller
8c23403b51
- dtucker@cvs.openbsd.org 2006/07/18 08:22:23
...
[sshd_config.5]
Clarify description of Match, with minor correction from jmc@
2006-07-24 14:05:08 +10:00
Damien Miller
393821ad72
- jmc@cvs.openbsd.org 2006/07/18 08:03:09
...
[ssh-agent.1 sshd_config.5]
mark up angle brackets;
2006-07-24 14:04:53 +10:00
Damien Miller
22d47abbe3
- jmc@cvs.openbsd.org 2006/07/18 07:56:28
...
[scp.1]
replace DIAGNOSTICS with .Ex;
2006-07-24 14:04:36 +10:00
Damien Miller
65bc2c4028
- jmc@cvs.openbsd.org 2006/07/18 07:50:40
...
[sshd_config.5]
tweak; ok dtucker
2006-07-24 14:04:16 +10:00
Damien Miller
9b439df18a
- dtucker@cvs.openbsd.org 2006/07/17 12:06:00
...
[channels.c channels.h servconf.c sshd_config.5]
Add PermitOpen directive to sshd_config which is equivalent to the
"permitopen" key option. Allows server admin to allow TCP port
forwarding only two specific host/port pairs. Useful when combined
with Match.
If permitopen is used in both sshd_config and a key option, both
must allow a given connection before it will be permitted.
Note that users can still use external forwarders such as netcat,
so to be those must be controlled too for the limits to be effective.
Feedback & ok djm@, man page corrections & ok jmc@.
2006-07-24 14:04:00 +10:00
Damien Miller
98299261eb
- dtucker@cvs.openbsd.org 2006/07/17 12:02:24
...
[auth-options.c]
Use '\0' rather than 0 to terminates strings; ok djm@
2006-07-24 14:01:43 +10:00
Damien Miller
e6b3b610ec
- stevesk@cvs.openbsd.org 2006/07/17 01:31:10
...
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
[includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
[readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
[sshconnect.c sshlogin.c sshpty.c uidswap.c]
move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
Damien Miller
def915b0ff
- stevesk@cvs.openbsd.org 2006/07/14 01:15:28
...
[monitor_wrap.h]
don't need incompletely-typed 'struct passwd' now with
#include <pwd.h>; ok markus@
2006-07-24 13:55:56 +10:00
Damien Miller
2d00e63cb8
- stevesk@cvs.openbsd.org 2006/07/12 22:42:32
...
[includes.h ssh.c ssh-rand-helper.c]
move #include <stddef.h> out of includes.h
2006-07-24 13:53:19 +10:00
Damien Miller
939878b95f
tidy
2006-07-24 13:52:06 +10:00
Damien Miller
be43ebf975
- stevesk@cvs.openbsd.org 2006/07/12 22:28:52
...
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Damien Miller
d04f357ac2
- jmc@cvs.openbsd.org 2006/07/12 13:39:55
...
[sshd_config.5]
- new sentence, new line
- s/The the/The/
- kill a bad comma
2006-07-24 13:46:50 +10:00
Darren Tucker
341dae59c8
- (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h
2006-07-13 08:45:14 +10:00
Darren Tucker
2eaea99054
- (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
...
openbsd-compat/rresvport.c] More errno.h.
2006-07-12 23:41:33 +10:00
Darren Tucker
5998ed03aa
- (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h.
2006-07-12 23:10:33 +10:00
Darren Tucker
deecec98c7
- (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too.
2006-07-12 22:44:34 +10:00
Darren Tucker
767e4134f1
- (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h.
2006-07-12 22:43:28 +10:00
Darren Tucker
2c1a02a8d0
- (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
...
openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
2006-07-12 22:40:50 +10:00
Darren Tucker
c931c433f6
- (dtucker) [openbsd-compat/xmmap.c] Include <errno.h>.
2006-07-12 22:35:51 +10:00
Darren Tucker
4515047e47
- dtucker@cvs.openbsd.org 2006/07/12 11:34:58
...
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
Add support for conditional directives to sshd_config via a "Match"
keyword, which works similarly to the "Host" directive in ssh_config.
Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg
AllowTcpForwarding yes
Match User anoncvs
AllowTcpForwarding no
will allow port forwarding by all users except "anoncvs".
Currently only a very small subset of directives are supported.
ok djm@
2006-07-12 22:34:17 +10:00
Darren Tucker
ba72405026
- stevesk@cvs.openbsd.org 2006/07/11 20:27:56
...
[authfile.c ssh.c]
need <errno.h> here also (it's also included in <openssl/err.h>)
2006-07-12 22:24:22 +10:00
Darren Tucker
57f4224677
- stevesk@cvs.openbsd.org 2006/07/11 20:16:43
...
[ssh.c]
cast asterisk field precision argument to int to remove warning;
ok markus@
2006-07-12 22:23:35 +10:00
Darren Tucker
3997249346
- stevesk@cvs.openbsd.org 2006/07/11 20:07:25
...
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
Darren Tucker
e7d4b19f75
- markus@cvs.openbsd.org 2006/07/11 18:50:48
...
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
channels.h readconf.c]
add ExitOnForwardFailure: terminate the connection if ssh(1)
cannot set up all requested dynamic, local, and remote port
forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
Darren Tucker
284706a755
- dtucker@cvs.openbsd.org 2006/07/11 10:12:07
...
[ssh.c]
Only copy the part of environment variable that we actually use. Prevents
ssh bailing when SendEnv is used and an environment variable with a really
long value exists. ok djm@
2006-07-12 22:16:23 +10:00
Darren Tucker
5d19626a04
- stevesk@cvs.openbsd.org 2006/07/10 16:37:36
...
[readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
auth.c packet.c log.c]
move #include <stdarg.h> out of includes.h; ok markus@
2006-07-12 22:15:16 +10:00
Darren Tucker
1131847684
- jmc@cvs.openbsd.org 2006/07/10 16:04:21
...
[sshd.8]
s/and and/and/
2006-07-12 22:07:59 +10:00
Darren Tucker
a5362458d0
- stevesk@cvs.openbsd.org 2006/07/10 16:01:57
...
[sftp-glob.c sftp-common.h sftp.c]
buffer.h only needed in sftp-common.h and remove some unneeded
user includes; ok djm@
2006-07-12 22:07:08 +10:00
Darren Tucker
686852f665
- (dtucker) [openbsd-compat/port-tun.c] OpenBSD needs <netinet/in.h> before
...
<netinet/ip.h>.
2006-07-12 19:05:56 +10:00
Darren Tucker
128a0894a5
- (dtucker) [configure.ac] OpenBSD needs <sys/types.h> before <sys/socket.h>
...
for SHUT_RD.
2006-07-12 19:02:56 +10:00
Darren Tucker
250f1a6901
rewrap
2006-07-12 19:01:29 +10:00
Darren Tucker
248469bc8d
- (dtucker) [configure.ac defines.h] Only define SHUT_RD (and friends) and O_NONBLOCK
...
if they're really needed. Fixes build errors on HP-UX, old Linuxes and probably
more.
2006-07-12 14:14:31 +10:00
Darren Tucker
e0e4aad1fd
- (dtucker) [entropy.c] More fcntl.h, this time on AIX (and probably
...
others).
2006-07-11 19:01:51 +10:00
Darren Tucker
44c828fe29
- (dtucker) [configure.ac ssh-keygen.c openbsd-compat/bsd-openpty.c
...
openbsd-compat/daemon.c] Add includes needed by open(2). Conditionally
include paths.h. Fixes build error on Solaris.
2006-07-11 18:00:06 +10:00
Darren Tucker
4e880e632b
- (dtucker) [openbsd-compat/openbsd-compat.h] Need to include <sys/socket.h>
...
for struct sockaddr on platforms that use the fake-rfc stuff.
2006-07-11 00:20:51 +10:00
Darren Tucker
da34553561
- dtucker@cvs.openbsd.org 2006/07/10 12:46:51
...
[misc.c misc.h sshd.8 sshconnect.c]
Add port identifier to known_hosts for non-default ports, based originally
on a patch from Devin Nate in bz#910.
For any connection using the default port or using a HostKeyAlias the
format is unchanged, otherwise the host name or address is enclosed
within square brackets in the same format as sshd's ListenAddress.
Tested by many, ok markus@.
2006-07-10 23:04:19 +10:00
Damien Miller
0f07707267
- djm@cvs.openbsd.org 2006/07/10 12:08:08
...
[channels.c]
fix misparsing of SOCKS 5 packets that could result in a crash;
reported by mk@ ok markus@
2006-07-10 22:21:02 +10:00
Damien Miller
3d1a9f4d5d
- djm@cvs.openbsd.org 2006/07/10 12:03:20
...
[scp.c]
duplicate argv at the start of main() because it gets modified later;
pointed out by deraadt@ ok markus@
2006-07-10 22:19:53 +10:00
Damien Miller
a1738e4c65
- (djm) [loginrec.c ssh-rand-helper.c sshd.c openbsd-compat/glob.c]
...
[openbsd-compat/mktemp.c openbsd-compat/openbsd-compat.h]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/xcrypt.c] Fix includes.h fallout, mainly fcntl.h
2006-07-10 21:33:04 +10:00
Damien Miller
6444fe996b
- djm@cvs.openbsd.org 2006/07/10 11:25:53
...
[sftp-server.c]
don't log variables that aren't yet set
2006-07-10 21:31:27 +10:00
Damien Miller
c718c743c1
- djm@cvs.openbsd.org 2006/07/10 11:24:54
...
[sftp-server.c]
remove optind - it isn't used here
2006-07-10 21:31:00 +10:00
Damien Miller
211838d8e2
- stevesk@cvs.openbsd.org 2006/07/09 15:27:59
...
[ssh-add.c]
use O_RDONLY vs. 0 in open(); no binary change
2006-07-10 21:14:00 +10:00
Damien Miller
57cf638577
- stevesk@cvs.openbsd.org 2006/07/09 15:15:11
...
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
[readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
[sshlogin.c sshpty.c]
move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
Damien Miller
194a1cb018
- stevesk@cvs.openbsd.org 2006/07/08 23:30:06
...
[log.c]
move user includes after /usr/include files
2006-07-10 21:09:22 +10:00
Damien Miller
e33b60343b
- stevesk@cvs.openbsd.org 2006/07/08 21:48:53
...
[monitor.c session.c]
missed these from last commit:
move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:34 +10:00
Damien Miller
e3b60b524e
- stevesk@cvs.openbsd.org 2006/07/08 21:47:12
...
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
[monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
Damien Miller
58059aef05
- stevesk@cvs.openbsd.org 2006/07/06 17:36:37
...
[monitor_wrap.h]
typo in comment
2006-07-10 20:53:45 +10:00
Damien Miller
69996104fe
- stevesk@cvs.openbsd.org 2006/07/06 16:22:39
...
[ssh-keygen.c]
move #include "dns.h" up
2006-07-10 20:53:31 +10:00
Damien Miller
9f2abc47eb
- stevesk@cvs.openbsd.org 2006/07/06 16:03:53
...
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
[auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
[auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
[monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
[session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
[ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
[uidswap.h]
move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Damien Miller
fef95ad816
- djm@cvs.openbsd.org 2006/07/06 10:47:57
...
[sftp-server.8 sftp-server.c]
add commandline options to enable logging of transactions; ok markus@
2006-07-10 20:46:55 +10:00
Damien Miller
917f9b6b6e
- djm@cvs.openbsd.org 2006/07/06 10:47:05
...
[servconf.c servconf.h session.c sshd_config.5]
support arguments to Subsystem commands; ok markus@
2006-07-10 20:36:47 +10:00
Damien Miller
8ec8c3e98a
- stevesk@cvs.openbsd.org 2006/07/05 02:42:09
...
[canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
[serverloop.c sshconnect.c uuencode.c]
move #include <netinet/in.h> out of includes.h; ok deraadt@
(also ssh-rand-helper.c logintest.c loginrec.c)
2006-07-10 20:35:38 +10:00
Damien Miller
efc04e70b8
- stevesk@cvs.openbsd.org 2006/07/03 17:59:32
...
[channels.c includes.h]
move #include <arpa/inet.h> out of includes.h; old ok djm@
(portable needed session.c too)
2006-07-10 20:26:27 +10:00
Damien Miller
b757677d02
- stevesk@cvs.openbsd.org 2006/07/03 08:54:20
...
[includes.h ssh.c sshconnect.c sshd.c]
move #include "version.h" out of includes.h; ok markus@
2006-07-10 20:23:39 +10:00
Damien Miller
57e8ad3f5e
- stevesk@cvs.openbsd.org 2006/07/02 23:01:55
...
[clientloop.c ssh.1]
use -KR[bind_address:]port here; ok djm@
2006-07-10 20:20:52 +10:00
Damien Miller
427a1d57bb
- stevesk@cvs.openbsd.org 2006/07/02 22:45:59
...
[groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
move #include <grp.h> out of includes.h
(portable needed uidswap.c too)
2006-07-10 20:20:33 +10:00
Damien Miller
5d3ac7f7ee
- stevesk@cvs.openbsd.org 2006/07/02 18:36:47
...
[gss-serv-krb5.c gss-serv.c]
no "servconf.h" needed here
(gss-serv-krb5.c change not applied, portable needs the server options)
2006-07-10 20:17:55 +10:00
Damien Miller
991dba43e1
- stevesk@cvs.openbsd.org 2006/07/02 17:12:58
...
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
more details and clarity for tun(4) device forwarding; ok and help
jmc@
2006-07-10 20:16:27 +10:00
Damien Miller
43020951ad
- djm@cvs.openbsd.org 2006/06/26 10:36:15
...
[clientloop.c]
mention optional bind_address in runtime port forwarding setup
command-line help. patch from santhi.amirta AT gmail.com
2006-07-10 20:16:12 +10:00
Damien Miller
1e88ea6556
- OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2006/06/14 10:50:42
[sshconnect.c]
limit the number of pre-banner characters we will accept; ok markus@
2006-07-10 20:15:56 +10:00
Darren Tucker
e34c96aea1
- (dtucker) [INSTALL] New autoconf version: 2.60.
2006-07-10 12:55:24 +10:00
Darren Tucker
f32f55259c
- (dtucker) [INSTALL] A bit more info on autoconf.
2006-07-06 19:12:08 +10:00
Darren Tucker
bdc121279f
- (dtucker) [configure.ac] Try AIX blibpath test in different order when
...
compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so
configure would not select the correct libpath linker flags.
2006-07-06 11:56:25 +10:00
Damien Miller
365e18db51
whitespace
2006-07-05 22:48:07 +10:00
Damien Miller
ee9ee9175c
whitespace
2006-07-05 22:47:21 +10:00
Darren Tucker
daf6ff4312
- (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the
...
target already exists.
2006-07-05 21:35:48 +10:00
Darren Tucker
db4c54bed1
- (dtucker) [INSTALL] Bug #1202 : Note when autoconf is required and which
...
version.
2006-06-30 16:20:58 +10:00
Darren Tucker
7243f9db60
- (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it,
...
prevents warnings on platforms where _res is in the system headers.
2006-06-30 11:47:49 +10:00
Darren Tucker
66c32d5caa
- (dtucker) [openbsd-compat/openbsd-compat.h] SNPRINTF_CONST for snprintf
...
declaration too. Patch from russ at sludge.net.
2006-06-30 10:51:32 +10:00
Darren Tucker
8b272ab09b
- (dtucker) [configure.ac] Bug #1203 : Add missing '[', which causes problems
...
with autoconf 2.60. Patch from vapier at gentoo.org.
2006-06-27 11:20:28 +10:00
Darren Tucker
144e8d60cd
- (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
...
only, otherwise sshd can hang exiting non-interactive sessions.
2006-06-25 08:25:25 +10:00
Darren Tucker
03890e44cd
- (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
...
#1102 workaround.
2006-06-24 16:58:45 +10:00
Darren Tucker
0249f93c4d
- (dtucker) [configure.ac] Bug #1193 : Define PASSWD_NEEDS_USERNAME on Solaris.
...
Works around limitation in Solaris' passwd program for changing passwords
where the username is longer than 8 characters. ok djm@
2006-06-24 12:10:07 +10:00
Darren Tucker
9afe115f0a
- (dtucker) [channels.c configure.ac serverloop.c] Bug #1102 : Around AIX
...
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
on the pty slave as zero-length reads on the pty master, which sshd
interprets as the descriptor closing. Since most things don't do zero
length writes this rarely matters, but occasionally it happens, and when
it does the SSH pty session appears to hang, so we add a special case for
this condition. ok djm@
2006-06-23 21:24:12 +10:00
Darren Tucker
3eb4834489
- (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add
...
tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch
from reyk@, tested by anil@
2006-06-23 21:05:12 +10:00
Damien Miller
643460803f
- (djm) [getput.h] This file has been replaced by functions in misc.c
2006-06-13 13:15:54 +10:00
Damien Miller
a6680a4e35
- djm@cvs.openbsd.org 2006/06/13 01:18:36
...
[ssh-agent.c]
always use a format string, even when printing a constant
- djm@cvs.openbsd.org 2006/06/13 02:17:07
[ssh-agent.c]
revert; i am on drugs. spotted by alexander AT beard.se
2006-06-13 13:10:18 +10:00
Damien Miller
2e5fe88ebe
- markus@cvs.openbsd.org 2006/06/08 14:45:49
...
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
do not set the gid, noted by solar; ok djm
2006-06-13 13:10:00 +10:00
Damien Miller
6b4069ad56
- markus@cvs.openbsd.org 2006/06/06 10:20:20
...
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
2006-06-13 13:05:15 +10:00
Damien Miller
eb13e556e5
- markus@cvs.openbsd.org 2006/06/01 09:21:48
...
[sshd.c]
call get_remote_ipaddr() early; fixes logging after client disconnects;
report mpf@; ok dtucker@
2006-06-13 13:03:53 +10:00
Damien Miller
7b1e757b28
- mk@cvs.openbsd.org 2006/05/30 11:46:38
...
[ssh-add.c]
Sync usage() with man page and reality.
ok deraadt dtucker
2006-06-13 13:03:34 +10:00
Damien Miller
fbc94c857a
- jmc@cvs.openbsd.org 2006/05/29 16:13:23
...
[ssh.1]
add GSSAPI to the list of authentication methods supported;
2006-06-13 13:03:16 +10:00
Damien Miller
3c6ed7bbd5
- jmc@cvs.openbsd.org 2006/05/29 16:10:03
...
[ssh_config.5]
oops - previous was too long; split the list of auths up
2006-06-13 13:01:41 +10:00
Damien Miller
81a38928eb
- dtucker@cvs.openbsd.org 2006/05/29 12:56:33
...
[ssh_config]
Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
ssh_config. ok markus@
2006-06-13 13:01:09 +10:00
Damien Miller
658f945538
- dtucker@cvs.openbsd.org 2006/05/29 12:54:08
...
[ssh_config.5]
Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2006-06-13 13:00:55 +10:00
Damien Miller
ad6b14d274
- miod@cvs.openbsd.org 2006/05/18 21:27:25
...
[kexdhc.c kexgexc.c]
paramter -> parameter
2006-06-13 13:00:41 +10:00
Damien Miller
40b5985fe0
- markus@cvs.openbsd.org 2006/05/17 12:43:34
...
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
fix leak; coverity via Kylene Jo Hall
2006-06-13 13:00:25 +10:00
Damien Miller
24fd8ddd61
- markus@cvs.openbsd.org 2006/05/16 09:00:00
...
[clientloop.c]
missing free; from Kylene Hall
2006-06-13 13:00:09 +10:00
Damien Miller
e250a94e69
- djm@cvs.openbsd.org 2006/05/08 10:49:48
...
[sshconnect2.c]
uint32_t -> u_int32_t (which we use everywhere else)
(Id sync only - portable already had this)
2006-06-13 12:59:53 +10:00
Darren Tucker
f14b2aa672
- (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
...
and slave, we can remove the special-case handling in the audit hook in
auth_log.
2006-05-21 18:26:40 +10:00
Darren Tucker
f58b29d515
- (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
...
pointer leak. From kjhall at us.ibm.com, found by coverity.
2006-05-17 22:24:56 +10:00
Darren Tucker
73373877db
typo
2006-05-15 17:24:25 +10:00
Darren Tucker
2c77b7f1c1
- (dtucker) [auth-pam.c] Bug #1188 : pass result of do_pam_account back and
...
do not allow kbdint again after the PAM account check fails. ok djm@
2006-05-15 17:22:33 +10:00
Darren Tucker
cefd8bb36d
- (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
...
default. Patch originally from tim@, ok djm
2006-05-15 17:17:29 +10:00
Darren Tucker
13c539a4dc
- (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
...
_res, prevents problems on some platforms that have _res as a global but
don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by
georg.schwarz at freenet.de, ok djm@.
2006-05-15 17:15:56 +10:00
Darren Tucker
43ff44e7db
- dtucker@cvs.openbsd.org 2006/05/06 08:35:40
...
[auth-krb5.c]
Add $OpenBSD$ in comment here too
2006-05-06 18:40:53 +10:00
Darren Tucker
f779f672eb
- djm@cvs.openbsd.org 2006/04/01 05:37:46
...
[OVERVIEW]
$OpenBSD$ in here too
2006-05-06 17:48:48 +10:00
Darren Tucker
31cde6828d
- djm@cvs.openbsd.org 2006/05/04 14:55:23
...
[dh.c]
tighter DH exponent checks here too; feedback and ok markus@
2006-05-06 17:43:33 +10:00
Darren Tucker
232b76f9f8
- dtucker@cvs.openbsd.org 2006/04/25 08:02:27
...
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
Prevent ssh from trying to open private keys with bad permissions more than
once or prompting for their passphrases (which it subsequently ignores
anyway), similar to a previous change in ssh-add. bz #1186 , ok djm@
2006-05-06 17:41:51 +10:00
Darren Tucker
d8093e49bf
- (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
...
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
in Portable-only code; since calloc zeros, remove now-redundant memsets.
Also add a couple of sanity checks. With & ok djm@
2006-05-04 16:24:34 +10:00
Darren Tucker
596d33801f
- (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
...
and double including it on IRIX 5.3 causes problems. From Georg Schwarz,
"no objections" tim@
2006-05-03 19:01:09 +10:00
Damien Miller
7b50b2030b
missing file
2006-04-23 12:31:27 +10:00
Damien Miller
2bdd1c117c
- (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
...
sig_atomic_t
2006-04-23 12:28:53 +10:00
Damien Miller
08d4b0ca5d
- stevesk@cvs.openbsd.org 2006/04/22 18:29:33
...
[crc32.c]
remove extra spaces
2006-04-23 12:12:24 +10:00
Damien Miller
2282c6e305
- djm@cvs.openbsd.org 2006/04/22 04:06:51
...
[uidswap.c]
use setres[ug]id() to permanently revoke privileges; ok deraadt@
(ID Sync only - portable already uses setres[ug]id() whenever possible)
2006-04-23 12:11:57 +10:00
Damien Miller
525a0b090f
- djm@cvs.openbsd.org 2006/04/20 21:53:44
...
[includes.h session.c sftp.c]
Switch from using pipes to socketpairs for communication between
sftp/scp and ssh, and between sshd and its subprocesses. This saves
a file descriptor per session and apparently makes userland ppp over
ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
decision on a per-platform basis)
2006-04-23 12:10:49 +10:00
Damien Miller
56e5e6ad11
- markus@cvs.openbsd.org 2006/04/20 09:47:59
...
[sshconnect.c]
simplify; ok djm@
2006-04-23 12:08:59 +10:00
Damien Miller
97c91f688f
- djm@cvs.openbsd.org 2006/04/20 09:27:09
...
[auth.h clientloop.c dispatch.c dispatch.h kex.h]
replace the last non-sig_atomic_t flag used in a signal handler with a
sig_atomic_t, unfortunately with some knock-on effects in other (non-
signal) contexts in which it is used; ok markus@
2006-04-23 12:08:37 +10:00
Damien Miller
58629fad82
- dtucker@cvs.openbsd.org 2006/04/18 10:44:28
...
[bufaux.c bufbn.c]
Move Buffer bignum functions into their own file, bufbn.c. This means
that sftp and sftp-server (which use the Buffer functions in bufaux.c
but not the bignum ones) no longer need to be linked with libcrypto.
ok markus@
2006-04-23 12:08:19 +10:00
Damien Miller
b5ea7e7c03
- djm@cvs.openbsd.org 2006/04/16 07:59:00
...
[atomicio.c]
reorder sanity test so that it cannot dereference past the end of the
iov array; well spotted canacar@!
2006-04-23 12:06:49 +10:00
Damien Miller
58ca98bfe1
- djm@cvs.openbsd.org 2006/04/16 00:54:10
...
[sftp-client.c]
avoid making a tiny 4-byte write to send the packet length of sftp
commands, which would result in a separate tiny packet on the wire by
using atomiciov(writev, ...) to write the length and the command in one
pass; ok deraadt@
2006-04-23 12:06:35 +10:00
Damien Miller
6aa139c41f
- djm@cvs.openbsd.org 2006/04/16 00:52:55
...
[atomicio.c atomicio.h]
introduce atomiciov() function that wraps readv/writev to retry
interrupted transfers like atomicio() does for read/write;
feedback deraadt@ dtucker@ stevesk@ ok deraadt@
2006-04-23 12:06:20 +10:00
Damien Miller
499a0d5ada
- djm@cvs.openbsd.org 2006/04/16 00:48:52
...
[buffer.c buffer.h channels.c]
Fix condition where we could exit with a fatal error when an input
buffer became too large and the remote end had advertised a big window.
The problem was a mismatch in the backoff math between the channels code
and the buffer code, so make a buffer_check_alloc() function that the
channels code can use to propsectivly check whether an incremental
allocation will succeed. bz #1131 , debugged with the assistance of
cove AT wildpackets.com; ok dtucker@ deraadt@
2006-04-23 12:06:03 +10:00
Damien Miller
63e437f053
- djm@cvs.openbsd.org 2006/04/03 07:10:38
...
[gss-genr.c]
GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
by dleonard AT vintela.com. use xasprintf() to simplify code while in
there; "looks right" deraadt@
2006-04-23 12:05:46 +10:00
Damien Miller
603e68f1a2
- dtucker@cvs.openbsd.org 2006/04/02 08:34:52
...
[ssh-keysign.c]
sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
2006-04-23 12:05:32 +10:00
Damien Miller
7a656f7922
- djm@cvs.openbsd.org 2006/04/01 05:50:29
...
[scp.c]
xasprintification; ok deraadt@
2006-04-23 12:04:46 +10:00
Damien Miller
07aa132a5e
- (djm) OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2006/04/01 05:42:20
[scp.c]
minimal lint cleanup (unused crud, and some size_t); ok djm
2006-04-23 12:04:27 +10:00
Damien Miller
73b42d2bb0
- (djm) [Makefile.in configure.ac session.c sshpty.c]
...
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
[openbsd-compat/port-linux.h] Add support for SELinux, setting
the execution and TTY contexts. based on patch from Daniel Walsh,
bz #880 ; ok dtucker@
2006-04-22 21:26:08 +10:00
Damien Miller
2eaf37d899
- (djm) Reorder IP options check so that it isn't broken by
...
mapped addresses; bz #1179 reported by markw wtech-llc.com;
ok dtucker@
2006-04-18 15:13:16 +10:00
Damien Miller
dfc6183f13
- djm@cvs.openbsd.org 2006/03/31 09:13:56
...
[ssh_config.5]
remote user escape is %r not %h; spotted by jmc@
2006-03-31 23:14:57 +11:00
Damien Miller
c6437cf00a
- jmc@cvs.openbsd.org 2006/03/31 09:09:30
...
[ssh_config.5]
kill trailing whitespace;
2006-03-31 23:14:41 +11:00
Damien Miller
7a8f5b330d
- dtucker@cvs.openbsd.org 2006/03/30 11:40:21
...
[auth.c monitor.c]
Prevent duplicate log messages when privsep=yes; ok djm@
2006-03-31 23:14:23 +11:00
Damien Miller
e23209f434
- dtucker@cvs.openbsd.org 2006/03/30 11:05:17
...
[ssh-keygen.c]
Correctly handle truncated files while converting keys; ok djm@
2006-03-31 23:13:35 +11:00
Damien Miller
6b1d53c2b0
- djm@cvs.openbsd.org 2006/03/30 10:41:25
...
[ssh.c ssh_config.5]
add percent escape chars to the IdentityFile option, bz #1159 based
on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2006-03-31 23:13:21 +11:00
Damien Miller
3f9418893e
- djm@cvs.openbsd.org 2006/03/30 09:58:16
...
[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
[monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
replace {GET,PUT}_XXBIT macros with functionally similar functions,
silencing a heap of lint warnings. also allows them to use
__bounded__ checking which can't be applied to macros; requested
by and feedback from deraadt@
2006-03-31 23:13:02 +11:00
Damien Miller
d79b424e8a
- djm@cvs.openbsd.org 2006/03/30 09:41:25
...
[channels.c]
ARGSUSED for dispatch table-driven functions
2006-03-31 23:11:44 +11:00
Damien Miller
89c3fe4a9e
- deraadt@cvs.openbsd.org 2006/03/28 01:53:43
...
[ssh-agent.c]
use strtonum() to parse the pid from the file, and range check it
better; ok djm
2006-03-31 23:11:28 +11:00
Damien Miller
57c4e875f8
- deraadt@cvs.openbsd.org 2006/03/28 01:52:28
...
[channels.c]
do not accept unreasonable X ports numbers; ok djm
2006-03-31 23:11:07 +11:00
Damien Miller
ddd63ab1d0
- deraadt@cvs.openbsd.org 2006/03/28 00:12:31
...
[README.tun ssh.c]
spacing
2006-03-31 23:10:51 +11:00
Damien Miller
2b5a0de903
- djm@cvs.openbsd.org 2006/03/27 23:15:46
...
[sftp.c]
always use a format string for addargs; spotted by mouring@
2006-03-31 23:10:31 +11:00
Damien Miller
5a73c1a34d
- deraadt@cvs.openbsd.org 2006/03/27 13:03:54
...
[dh.c]
use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
2006-03-31 23:09:41 +11:00
Damien Miller
da380becc6
- OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2006/03/27 01:21:18
[xmalloc.c]
we can do the size & nmemb check before the integer overflow check;
evol
2006-03-31 23:09:17 +11:00
Damien Miller
b3cdc220c4
- deraadt@cvs.openbsd.org 2006/03/26 01:31:48
...
[uuencode.c]
typo
2006-03-26 14:30:33 +11:00
Damien Miller
51096383e9
- djm@cvs.openbsd.org 2006/03/25 22:22:43
...
[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
[bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
[compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
[dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
[gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
[misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
[myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
[scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
[ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
[ttymodes.h uidswap.h uuencode.h xmalloc.h]
standardise spacing in $OpenBSD$ tags; requested by deraadt@
2006-03-26 14:30:00 +11:00
Damien Miller
e3b21a5f59
- deraadt@cvs.openbsd.org 2006/03/25 18:58:10
...
[channels.c]
delete cast not required
2006-03-26 14:29:06 +11:00
Damien Miller
a0fdce9a47
- deraadt@cvs.openbsd.org 2006/03/25 18:56:55
...
[bufaux.c channels.c packet.c]
remove (char *) casts to a function that accepts void * for the arg
2006-03-26 14:28:50 +11:00
Damien Miller
08d61505d7
- deraadt@cvs.openbsd.org 2006/03/25 18:43:30
...
[channels.c]
use strtonum() instead of atoi() [limit X screens to 400, sorry]
2006-03-26 14:28:32 +11:00
Damien Miller
1c13bd8d79
- deraadt@cvs.openbsd.org 2006/03/25 18:41:45
...
[ssh-agent.c]
mark two more signal handlers ARGSUSED
2006-03-26 14:28:14 +11:00
Damien Miller
5f340065fc
- deraadt@cvs.openbsd.org 2006/03/25 18:40:14
...
[ssh-keygen.c]
cast strtonum() result to right type
2006-03-26 14:27:57 +11:00
Damien Miller
a1690d08b4
- deraadt@cvs.openbsd.org 2006/03/25 18:36:15
...
[sshlogin.c sshlogin.h]
nicer size_t and time_t types
2006-03-26 14:27:35 +11:00
Damien Miller
90fdfaf69c
- deraadt@cvs.openbsd.org 2006/03/25 18:30:55
...
[clientloop.c serverloop.c]
spacing
2006-03-26 14:25:37 +11:00
Damien Miller
8ba29fe72d
- deraadt@cvs.openbsd.org 2006/03/25 18:29:35
...
[auth-rsa.c authfd.c packet.c]
needed casts (always will be needed)
2006-03-26 14:25:19 +11:00
Damien Miller
48c4ed2b78
oops, rewrap
2006-03-26 14:25:05 +11:00
Damien Miller
57c30117c1
- djm@cvs.openbsd.org 2006/03/25 13:17:03
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
55b04f1d77
- djm@cvs.openbsd.org 2006/03/25 01:30:23
...
[sftp.c]
"abormally" is a perfectly cromulent word, but "abnormally" is better
2006-03-26 14:23:17 +11:00
Damien Miller
36812092ec
- djm@cvs.openbsd.org 2006/03/25 01:13:23
...
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
[uidswap.c]
change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is
almost always allocating "n * size" bytes, so this is a far safer
API; ok deraadt@
2006-03-26 14:22:47 +11:00
Damien Miller
07d86bec5e
- djm@cvs.openbsd.org 2006/03/25 00:05:41
...
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
[clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
[monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
[xmalloc.c xmalloc.h]
introduce xcalloc() and xasprintf() failure-checked allocations
functions and use them throughout openssh
xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it
to die
feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
Damien Miller
a5a2859275
- deraadt@cvs.openbsd.org 2006/03/20 21:11:53
...
[ttymodes.c]
spacing
2006-03-26 14:10:34 +11:00
Damien Miller
4f7becb44f
- deraadt@cvs.openbsd.org 2006/03/20 18:48:34
...
[channels.c fatal.c kex.c packet.c serverloop.c]
spacing
2006-03-26 14:10:14 +11:00
Damien Miller
1d2b6706ba
- deraadt@cvs.openbsd.org 2006/03/20 18:42:27
...
[canohost.c match.c ssh.c sshconnect.c]
be strict with tolower() casting
2006-03-26 14:09:54 +11:00
Damien Miller
1ff7c642ee
- deraadt@cvs.openbsd.org 2006/03/20 18:41:43
...
[dns.c]
cast xstrdup to propert u_char *
2006-03-26 14:09:09 +11:00
Damien Miller
4ae97f1885
- deraadt@cvs.openbsd.org 2006/03/20 18:35:12
...
[channels.c]
x11_fake_data is only ever used as u_char *
2006-03-26 14:08:10 +11:00
Damien Miller
9f3bd53acd
- deraadt@cvs.openbsd.org 2006/03/20 18:27:50
...
[monitor.c]
spacing
2006-03-26 14:07:52 +11:00
Damien Miller
9096740f6c
- deraadt@cvs.openbsd.org 2006/03/20 18:26:55
...
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
[ssh-rsa.c ssh.c sshlogin.c]
annoying spacing fixes getting in the way of real diffs
2006-03-26 14:07:26 +11:00
Damien Miller
91d4b12fcb
- deraadt@cvs.openbsd.org 2006/03/20 18:17:20
...
[auth1.c auth2.c sshd.c]
sprinkle some ARGSUSED for table driven functions (which sometimes
must ignore their args)
2006-03-26 14:05:20 +11:00
Damien Miller
1b81a49f86
rewrap
2006-03-26 14:05:02 +11:00
Damien Miller
71a7367130
- deraadt@cvs.openbsd.org 2006/03/20 18:14:02
...
[channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
[ssh.c sshpty.c sshpty.h]
sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 14:04:36 +11:00
Damien Miller
6d39bcf898
- deraadt@cvs.openbsd.org 2006/03/20 17:17:23
...
[ssh-rsa.c]
in a switch (), break after return or goto is stupid
2006-03-26 14:03:21 +11:00
Damien Miller
bbaad7772a
- deraadt@cvs.openbsd.org 2006/03/20 17:13:16
...
[key.c]
djm did a typo
2006-03-26 14:03:03 +11:00
Damien Miller
69b7203e6f
- deraadt@cvs.openbsd.org 2006/03/20 17:10:19
...
[auth.c key.c misc.c packet.c ssh-add.c]
in a switch (), break after return or goto is stupid
2006-03-26 14:02:35 +11:00
Damien Miller
429fcc23db
- djm@cvs.openbsd.org 2006/03/20 11:38:46
...
[key.c]
(really) last of the Coverity diffs: avoid possible NULL deref in
key_free. via elad AT netbsd.org; markus@ ok
2006-03-26 14:02:16 +11:00
Damien Miller
96937bd914
- djm@cvs.openbsd.org 2006/03/20 04:09:44
...
[monitor.c]
memory leaks detected by Coverity via elad AT netbsd.org;
deraadt@ ok
that should be all of them now
2006-03-26 14:01:54 +11:00
Damien Miller
3305f5591f
- deraadt@cvs.openbsd.org 2006/03/19 18:59:09
...
[authfile.c]
whoever thought that break after return was a good idea needs to
get their head examimed
2006-03-26 14:00:31 +11:00
Damien Miller
4662d3492f
- deraadt@cvs.openbsd.org 2006/03/19 18:59:30
...
[ssh.c]
spacing
2006-03-26 13:59:59 +11:00
Damien Miller
3bbaba6075
- deraadt@cvs.openbsd.org 2006/03/19 18:59:49
...
[ssh-keyscan.c]
please lint
2006-03-26 13:59:38 +11:00
Damien Miller
f0b15dfc52
- deraadt@cvs.openbsd.org 2006/03/19 18:56:41
...
[clientloop.c progressmeter.c serverloop.c sshd.c]
ARGSUSED for signal handlers
2006-03-26 13:59:20 +11:00
Damien Miller
c91e556d8a
- deraadt@cvs.openbsd.org 2006/03/19 18:53:12
...
[kex.c kex.h monitor.c myproposal.h session.c]
spacing
2006-03-26 13:58:55 +11:00
Damien Miller
d62f2ca376
- deraadt@cvs.openbsd.org 2006/03/19 18:52:11
...
[auth1.c authfd.c channels.c]
spacing
2006-03-26 13:57:41 +11:00
Damien Miller
78f16cb07b
- dtucker@cvs.openbsd.org 2006/03/19 11:51:52
...
[servconf.c]
Correct strdelim null test; ok djm@
2006-03-26 13:54:37 +11:00
Damien Miller
5790b5910b
- djm@cvs.openbsd.org 2006/03/19 07:41:30
...
[sshconnect2.c]
memory leaks detected by Coverity via elad AT netbsd.org;
deraadt@ ok
2006-03-26 13:54:03 +11:00
Damien Miller
928b23684a
- djm@cvs.openbsd.org 2006/03/19 02:24:05
...
[dh.c readconf.c servconf.c]
potential NULL pointer dereferences detected by Coverity
via elad AT netbsd.org; ok deraadt@
2006-03-26 13:53:32 +11:00
Damien Miller
6db780e259
- djm@cvs.openbsd.org 2006/03/19 02:23:26
...
[hostfile.c]
FILE* leak detected by Coverity via elad AT netbsd.org;
ok deraadt@
2006-03-26 13:52:20 +11:00
Damien Miller
e0b90a6766
- djm@cvs.openbsd.org 2006/03/19 02:22:56
...
[sftp.c]
more memory leaks detected by Coverity via elad AT netbsd.org;
deraadt@ ok
2006-03-26 13:51:44 +11:00
Damien Miller
6f98a1fea7
- djm@cvs.openbsd.org 2006/03/19 02:22:32
...
[serverloop.c]
memory leaks detected by Coverity via elad AT netbsd.org;
ok deraadt@ dtucker@
2006-03-26 13:51:08 +11:00
Damien Miller
304a940889
- djm@cvs.openbsd.org 2006/03/17 22:31:11
...
[authfd.c]
unreachanble statement, found by lint
2006-03-26 13:50:37 +11:00
Damien Miller
5b83232b48
- djm@cvs.openbsd.org 2006/03/17 22:31:50
...
[authfd.c]
another unreachable found by lint
2006-03-26 13:50:14 +11:00
Damien Miller
745570cd79
- biorn@cvs.openbsd.org 2006/03/16 10:31:45
...
[scp.c]
Try to display errormessage even if remout == -1
ok djm@, markus@
2006-03-26 13:49:43 +11:00
Damien Miller
cb314828eb
- OpenBSD CVS Sync
...
- jakob@cvs.openbsd.org 2006/03/15 08:46:44
[ssh-keygen.c]
if no key file are given when printing the DNS host record, use the
host key file(s) as default. ok djm@
2006-03-26 13:48:01 +11:00
Damien Miller
2dbbf8e9fc
[deattack.c deattack.h]
...
remove IV support from the CRC attack detector, OpenSSH has never used
it - it only applied to IDEA-CFB, which we don't support.
prompted by NetBSD Coverity report via elad AT netbsd.org;
feedback markus@ "nuke it" deraadt@
2006-03-26 00:11:46 +11:00
Damien Miller
a1b3d636ab
- jakob@cvs.openbsd.org 2006/03/22 21:16:24
...
[ssh.1]
simplify SSHFP example; ok jmc@
2006-03-26 00:07:02 +11:00
Damien Miller
5996294a95
- deraadt@cvs.openbsd.org 2006/03/20 18:41:43
...
[dns.c]
cast xstrdup to propert u_char *
2006-03-26 00:06:48 +11:00
Damien Miller
1345e617da
- deraadt@cvs.openbsd.org 2006/03/20 18:26:55
...
[session.h]
annoying spacing fixes getting in the way of real diffs
2006-03-26 00:06:32 +11:00
Damien Miller
ed3986a004
- deraadt@cvs.openbsd.org 2006/03/20 18:14:02
...
[monitor_wrap.h sshpty.h]
sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 00:06:14 +11:00
Damien Miller
91a2d9746a
- djm@cvs.openbsd.org 2006/03/20 04:08:18
...
[gss-serv.c]
last lot of GSSAPI related leaks detected by Coverity via
elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:05:44 +11:00
Damien Miller
a66cf68dd7
- djm@cvs.openbsd.org 2006/03/20 04:07:49
...
[gss-genr.c]
more GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:05:23 +11:00
Damien Miller
f23c09670a
- djm@cvs.openbsd.org 2006/03/20 04:07:22
...
[auth2-gss.c]
GSSAPI related leaks detected by Coverity via elad AT netbsd.org;
reviewed by simon AT sxw.org.uk; deraadt@ ok
2006-03-26 00:04:53 +11:00
Damien Miller
51b4f82123
- deraadt@cvs.openbsd.org 2006/03/19 18:53:12
...
[kex.h myproposal.h]
spacing
2006-03-26 00:04:32 +11:00
Damien Miller
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
3e96d74274
- djm@cvs.openbsd.org 2006/03/16 04:24:42
...
[ssh.1]
Add RFC4419 (Diffie-Hellman group exchange KEX) to the list of SSH RFCs
that OpenSSH supports
2006-03-25 23:39:29 +11:00
Darren Tucker
9834cab32e
- (dtucker) [openbsd-compat/bsd-snprintf.c] Bug #1173 : make fmtint() take
...
a LLONG rather than a long. Fixes scp'ing of large files on platforms
with missing/broken snprintfs. Patch from e.borovac at bom.gov.au.
2006-03-19 00:07:07 +11:00
Damien Miller
66f9eb65ff
- (djm) [auth-pam.c] Fix memleak in error path, from Coverity via
...
elad AT NetBSD.org
2006-03-18 23:04:49 +11:00
Damien Miller
b309203ce0
- (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
...
OpenSSL; ok tim
2006-03-16 18:22:18 +11:00
Tim Rice
425a6886f9
- (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] Disable
...
sha256 when openssl < 0.9.7. Patch from djm@. Corrections/testing by me.
2006-03-15 20:17:05 -08:00
Darren Tucker
c495301bf8
- (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
...
/usr/include/crypto. Hint from djm@.
2006-03-16 08:14:34 +11:00
Darren Tucker
d82cbcb9da
- (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
2006-03-16 07:21:35 +11:00
Darren Tucker
8bb9e2c900
- (dtucker) [configure.ac] login_cap.h requires sys/types.h on NetBSD.
2006-03-15 22:28:17 +11:00
Darren Tucker
dc6118e127
- (dtucker) [openbsd-compat/openbsd-compat.h] AIX (at least) needs
...
sys/ioctl.h for struct winsize.
2006-03-15 22:25:54 +11:00
Damien Miller
b0024914c9
- (djm) [includes.h] Put back paths.h, it is needed in defines.h
2006-03-15 21:48:54 +11:00
Darren Tucker
486d95e6f7
- (dtucker) [configure.ac] Fix glob test conversion to AC_TRY_COMPILE
2006-03-15 21:31:39 +11:00
Tim Rice
4b23f7c660
- (tim) [openssh/sshpty.c openssh/openbsd-compat/port-tun.c] put in some
...
includes removed from includes.h
2006-03-14 22:09:50 -08:00
Tim Rice
7a4cf232c9
- (tim) [includes.h] put sys/stat.h back in to quiet some "macro redefined:"
...
warnings.
2006-03-14 21:04:18 -08:00
Damien Miller
6645e7a70d
- (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
...
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
[sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/glob.c openbsd-compat/mktemp.c]
[openbsd-compat/readpassphrase.c] Lots of include fixes for
OpenSolaris
2006-03-15 14:42:54 +11:00
Damien Miller
34877d2e17
- (djm) [openbsd-compat/sha2.h openbsd-compat/sha2.c] Comment out
...
SHA384, which we don't need and doesn't compile without tweaks
2006-03-15 14:36:55 +11:00
Damien Miller
42fb06898e
- (djm) [ssh-agent.c] Restore dropped stat.h
2006-03-15 14:03:06 +11:00
Damien Miller
3717cdac60
- (djm) [ssh-rand-helper.c] Needs a bunch of headers
2006-03-15 14:02:36 +11:00
Damien Miller
a623807860
- (djm) [openbsd-compat/sha2.h] Avoid include macro clash with
...
system sha2.h
2006-03-15 14:02:01 +11:00
Damien Miller
627725281e
- (djm) [loginrec.c] Need stat.h
2006-03-15 14:01:11 +11:00
Damien Miller
b3b4ba3fba
- (djm) [regress/.cvsignore] Ignore Makefile here
2006-03-15 13:13:27 +11:00
Damien Miller
41e364bcfa
- (djm) [md-sha256.c configure.ac] md-sha256.c needs sha2.h if present
2006-03-15 13:12:41 +11:00
Damien Miller
471e9b3ca6
- (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files
2006-03-15 13:09:18 +11:00
Damien Miller
dcf4ca110e
- (djm) [includes.h] Restore accidentally dropped netinet/in.h
2006-03-15 13:07:48 +11:00
Damien Miller
af87af165f
- (djm) [configure.ac defines.h kex.c md-sha256.c]
...
[openbsd-compat/sha2.h openbsd-compat/openbsd-compat.h]
[openbsd-compat/sha2.c] First stab at portability glue for SHA256
KEX support, should work with libc SHA256 support or OpenSSL
EVP_sha256 if present
2006-03-15 13:02:28 +11:00
Damien Miller
a63128d1a8
- djm@cvs.openbsd.org 2006/03/07 09:07:40
...
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
Implement the diffie-hellman-group-exchange-sha256 key exchange method
using the SHA256 code in libc (and wrapper to make it into an OpenSSL
EVP), interop tested against CVS PuTTY
NB. no portability bits committed yet
2006-03-15 12:08:28 +11:00
Damien Miller
cc3e8ba3c2
- markus@cvs.openbsd.org 2006/03/14 16:32:48
...
[ssh_config.5 sshd_config.5]
*AliveCountMax applies to protcol v2 only; ok dtucker, djm
2006-03-15 12:06:55 +11:00
Damien Miller
de85a28825
- djm@cvs.openbsd.org 2006/03/14 00:15:39
...
[canohost.c]
log the originating address and not just the name when a reverse
mapping check fails, requested by linux AT linuon.com
2006-03-15 12:06:41 +11:00
Damien Miller
8275fade44
- dtucker@cvs.openbsd.org 2006/03/13 10:26:52
...
[authfile.c authfile.h ssh-add.c]
Make ssh-add check file permissions before attempting to load private
key files multiple times; it will fail anyway and this prevents confusing
multiple prompts and warnings. mindrot #1138 , ok djm@
2006-03-15 12:06:23 +11:00
Damien Miller
306d118f72
- dtucker@cvs.openbsd.org 2006/03/13 10:14:29
...
[misc.c ssh_config.5 sshd_config.5]
Allow config directives to contain whitespace by surrounding them by double
quotes. mindrot #482 , man page help from jmc@, ok djm@
2006-03-15 12:05:59 +11:00
Damien Miller
8056a9d46a
- dtucker@cvs.openbsd.org 2006/03/13 08:43:16
...
[ssh-keygen.c]
Make ssh-keygen handle CR and CRLF line termination when converting IETF
format keys, in adition to vanilla LF. mindrot #1157 , tested by Chris
Pepper, ok djm@
2006-03-15 12:05:40 +11:00
Damien Miller
314dd4b2f3
- dtucker@cvs.openbsd.org 2006/03/13 08:33:00
...
[packet.c]
Set TCP_NODELAY for all connections not just "interactive" ones. Fixes
poor performance and protocol stalls under some network conditions (mindrot
bugs #556 and #981 ). Patch originally from markus@, ok djm@
2006-03-15 12:05:22 +11:00
Damien Miller
b24c2f8e33
- djm@cvs.openbsd.org 2006/03/13 08:16:00
...
[sshd.c]
don't log that we are listening on a socket before the listen() call
actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
2006-03-15 12:04:36 +11:00
Damien Miller
2ecb6bd95d
- djm@cvs.openbsd.org 2006/03/12 04:23:07
...
[ssh.c]
knf nit
2006-03-15 12:03:53 +11:00
Damien Miller
ec04f360eb
- djm@cvs.openbsd.org 2006/03/04 04:12:58
...
[serverloop.c]
move a debug() outside of a signal handler; ok markus@ a little while back
2006-03-15 12:01:34 +11:00
Damien Miller
1cf76d97f9
- djm@cvs.openbsd.org 2006/02/28 01:10:21
...
[session.c]
fix logout recording when privilege separation is disabled, analysis and
patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
NB. ID sync only - patch already in portable
2006-03-15 12:01:14 +11:00
Damien Miller
4aea974a1d
- jmc@cvs.openbsd.org 2006/02/26 18:03:10
...
[ssh_config.5]
comma;
2006-03-15 11:59:39 +11:00
Damien Miller
e3beba231a
- jmc@cvs.openbsd.org 2006/02/26 18:01:13
...
[sshd_config.5]
subsection is pointless here;
2006-03-15 11:59:25 +11:00
Damien Miller
b5282c2f06
- jmc@cvs.openbsd.org 2006/02/26 17:17:18
...
[ssh_config.5]
move PATTERNS to the end of the main body; requested by dtucker
2006-03-15 11:59:08 +11:00
Damien Miller
ac73e51390
- jmc@cvs.openbsd.org 2006/02/25 12:28:34
...
[sshd_config.5]
document the order in which allow/deny directives are processed;
help/ok dtucker
2006-03-15 11:58:49 +11:00
Damien Miller
d450f49d4a
missed in commit message:
...
help/ok dtucker
2006-03-15 11:58:25 +11:00
Damien Miller
9cfbaecb64
- jmc@cvs.openbsd.org 2006/02/25 12:26:17
...
[ssh_config.5]
document the possible values for KbdInteractiveDevices;
2006-03-15 11:57:55 +11:00
Damien Miller
f4f22b54c0
- jmc@cvs.openbsd.org 2006/02/24 23:51:17
...
[sshd_config.5]
oops - bits i missed;
2006-03-15 11:57:25 +11:00
Damien Miller
5b0d63f894
- jmc@cvs.openbsd.org 2006/02/24 23:43:57
...
[sshd_config.5]
some grammar/wording fixes;
2006-03-15 11:56:56 +11:00
Damien Miller
45ee2b91e6
- jmc@cvs.openbsd.org 2006/02/24 23:20:07
...
[ssh_config.5]
some grammar/wording fixes;
2006-03-15 11:56:18 +11:00
Damien Miller
208f1ed6f1
- jmc@cvs.openbsd.org 2006/02/24 20:31:31
...
[ssh.1 ssh_config.5 sshd.8 sshd_config.5]
more consistency fixes;
2006-03-15 11:56:03 +11:00
Damien Miller
1faa713323
- jmc@cvs.openbsd.org 2006/02/24 20:22:16
...
[ssh-keysign.8 ssh_config.5 sshd_config.5]
some consistency fixes;
2006-03-15 11:55:31 +11:00
Damien Miller
c7d5b5e466
- jmc@cvs.openbsd.org 2006/02/24 10:39:52
...
[sshd.8]
signpost to PATTERNS section;
2006-03-15 11:55:08 +11:00
Damien Miller
f54a4b9da5
- jmc@cvs.openbsd.org 2006/02/24 10:37:07
...
[ssh_config.5]
tidy up the refs to PATTERNS;
2006-03-15 11:54:36 +11:00
Damien Miller
0c2079d81f
- jmc@cvs.openbsd.org 2006/02/24 10:33:54
...
[sshd_config.5]
signpost to PATTERNS;
2006-03-15 11:54:21 +11:00
Damien Miller
6def55171f
- jmc@cvs.openbsd.org 2006/02/24 10:25:14
...
[ssh_config.5]
add section on patterns;
from dtucker + myself
2006-03-15 11:54:05 +11:00
Damien Miller
c7b06369a8
- stevesk@cvs.openbsd.org 2006/02/22 00:04:45
...
[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
[sshconnect.c]
move #include <ctype.h> out of includes.h; ok djm@
2006-03-15 11:53:45 +11:00
Damien Miller
6ff3caddb6
oops, this commit is really:
...
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
the previous was:
- stevesk@cvs.openbsd.org 2006/02/20 17:19:54
[auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
[authfile.c clientloop.c includes.h readconf.c scp.c session.c]
[sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
[sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
[sshconnect2.c sshd.c sshpty.c]
move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
Damien Miller
f17883e6a0
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
...
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller
574c41fdb3
- stevesk@cvs.openbsd.org 2006/02/20 16:36:15
...
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
move #include <sys/un.h> out of includes.h; ok djm@
2006-03-15 11:40:10 +11:00
Damien Miller
5c853b531f
- jmc@cvs.openbsd.org 2006/02/19 20:12:25
...
[ssh_config.5]
add some vertical space;
2006-03-15 11:37:02 +11:00
Damien Miller
edd0375d82
- jmc@cvs.openbsd.org 2006/02/19 20:05:00
...
[sshd.8]
grammar;
2006-03-15 11:36:45 +11:00
Damien Miller
445121fe8d
- jmc@cvs.openbsd.org 2006/02/19 20:02:17
...
[sshd.8]
sync the (s)hosts.equiv FILES entries w/ those from ssh.1;
2006-03-15 11:36:18 +11:00
Damien Miller
fd725cf585
- jmc@cvs.openbsd.org 2006/02/19 19:52:10
...
[sshd.8]
move the sshrc stuff out of FILES, and into its own section:
FILES is not a good place to document how stuff works;
2006-03-15 11:35:54 +11:00
Damien Miller
adc35b9583
- jmc@cvs.openbsd.org 2006/02/16 09:05:34
...
[sshd.8]
sync some of the FILES entries w/ ssh.1;
2006-03-15 11:35:27 +11:00
Damien Miller
bc1936ad87
- jmc@cvs.openbsd.org 2006/02/15 16:55:33
...
[sshd.8]
remove ietf draft references; RFC list now maintained in ssh.1;
2006-03-15 11:35:05 +11:00
Damien Miller
39a93a3305
- jmc@cvs.openbsd.org 2006/02/15 16:53:20
...
[ssh.1]
remove the IETF draft references and replace them with some updated RFCs;
2006-03-15 11:34:45 +11:00