Damien Miller
da82839597
- dtucker@cvs.openbsd.org 2006/08/01 11:34:36
...
[sshconnect.c]
Allow fallback to known_hosts entries without port qualifiers for
non-standard ports too, so that all existing known_hosts entries will be
recognised. Requested by, feedback and ok markus@
2006-08-05 11:35:45 +10:00
Damien Miller
1a5b4041fb
- stevesk@cvs.openbsd.org 2006/07/30 20:15:19
...
[atomicio.h]
order includes to KNF
2006-08-05 11:35:23 +10:00
Damien Miller
858bb7dc7c
- jmc@cvs.openbsd.org 2006/07/27 08:00:50
...
[ssh_config.5]
avoid confusing wording in HashKnownHosts:
originally spotted by alan amesbury;
ok deraadt
2006-08-05 11:34:51 +10:00
Damien Miller
e7a1e5cf63
- stevesk@cvs.openbsd.org 2006/07/26 13:57:17
...
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
[hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
[scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
[sshconnect1.c sshd.c xmalloc.c]
move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller
8dbffe7904
- stevesk@cvs.openbsd.org 2006/07/26 02:35:17
...
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
[groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
[packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
[sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
[uidswap.c xmalloc.c]
move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
Damien Miller
9aec91948d
- stevesk@cvs.openbsd.org 2006/07/25 02:59:21
...
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
move #include <sys/time.h> out of includes.h
2006-08-05 10:57:45 +10:00
Damien Miller
7c6e4b059c
- stevesk@cvs.openbsd.org 2006/07/25 02:01:34
...
[scard.c]
need #include <string.h>
2006-08-05 09:33:15 +10:00
Damien Miller
437edb9e66
- stevesk@cvs.openbsd.org 2006/07/24 13:58:22
...
[sshconnect.c]
disable tunnel forwarding when no strict host key checking
and key changed; ok djm@ markus@ dtucker@
2006-08-05 09:11:13 +10:00
Darren Tucker
f1f4bdd1aa
- (dtucker) [configure.ac] The "crippled AES" test does not work on recent
...
versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
rather than just compiling it. Spotted by dlg@.
2006-08-04 19:44:23 +10:00
Darren Tucker
88fdc83d4c
- (dtucker) [openbsd-compat/daemon.c] Add unistd.h for fork() prototype.
2006-08-02 23:33:54 +10:00
Darren Tucker
94346f8596
- (dtucker) [openbsd-compat/xmmap.c] Need fcntl.h for O_RDRW.
2006-07-25 19:52:07 +10:00
Darren Tucker
28e9ad1bed
- (dtucker) [regress/forcecommand.sh] Portablize.
2006-07-24 23:50:23 +10:00
Darren Tucker
22c58b0242
- (dtucker) [cleanup.c] Since config.h defines _LARGE_FILES on AIX, including
...
system headers before defines.h will cause conflicting definitions.
2006-07-24 23:19:40 +10:00
Damien Miller
7b1877c803
- (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh]
...
[regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh]
Sync regress tests to -current; include dtucker@'s new cfgmatch and
forcecommand tests. Add cipher-speed.sh test (not linked in yet)
2006-07-24 15:31:41 +10:00
Damien Miller
24f2a42e53
- (djm) [Makefile.in]
...
Remove generated openbsd-compat/regress/Makefile in distclean target
2006-07-24 15:30:18 +10:00
Damien Miller
62da44f064
- (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
...
[openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
[openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
[openbsd-compat/rresvport.c]
These look to need string.h and/or unistd.h (based on a grep for function
names)
2006-07-24 15:08:35 +10:00
Damien Miller
ad5ecbf072
- (djm) [session.c]
...
fix compile error with -Werror -Wall: 'path' is only used in
do_setup_env() if HAVE_LOGIN_CAP is not defined
2006-07-24 15:03:06 +10:00
Damien Miller
874bc48832
- (djm) [uuencode.c]
...
Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on
some platforms
2006-07-24 14:58:07 +10:00
Damien Miller
8b373baf13
- (djm) [openbsd-compat/glob.c]
...
Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles
on OpenBSD (or other platforms with a decent glob implementation) with
-Werror
2006-07-24 14:55:47 +10:00
Damien Miller
b8fe89c4d9
- (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]
...
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
[gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
[servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
[ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
[openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
[openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
[openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
make the portable tree compile again - sprinkle unistd.h and string.h
back in. Don't redefine __unused, as it turned out to be used in
headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-07-24 14:51:00 +10:00
Damien Miller
d8337c5e60
- stevesk@cvs.openbsd.org 2006/07/23 01:11:05
...
[auth.h dispatch.c kex.h sftp-client.c]
#include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
move
2006-07-24 14:14:19 +10:00
Damien Miller
e3476ed03b
- stevesk@cvs.openbsd.org 2006/07/22 20:48:23
...
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller
5598b4f125
- stevesk@cvs.openbsd.org 2006/07/22 19:08:54
...
[includes.h moduli.c progressmeter.c scp.c sftp-common.c]
[sftp-server.c ssh-agent.c sshlogin.c]
move #include <time.h> out of includes.h
2006-07-24 14:09:40 +10:00
Damien Miller
ee0d0db7da
- stevesk@cvs.openbsd.org 2006/07/21 21:26:55
...
[progressmeter.c]
ARGSUSED for signal handler
2006-07-24 14:08:50 +10:00
Damien Miller
8473dd85fe
- stevesk@cvs.openbsd.org 2006/07/21 21:13:30
...
[channels.c]
more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
2006-07-24 14:08:32 +10:00
Damien Miller
a765cf4b66
- dtucker@cvs.openbsd.org 2006/07/21 12:43:36
...
[channels.c channels.h servconf.c servconf.h sshd_config.5]
Make PermitOpen take a list of permitted ports and act more like most
other keywords (ie the first match is the effective setting). This
also makes it easier to override a previously set PermitOpen. ok djm@
2006-07-24 14:08:13 +10:00
Damien Miller
1cdde6f536
- stevesk@cvs.openbsd.org 2006/07/20 15:26:15
...
[auth1.c serverloop.c session.c sshconnect2.c]
missed some needed #include <unistd.h> when KERBEROS5=no; issue from
massimo@cedoc.mo.it
2006-07-24 14:07:35 +10:00
Damien Miller
e275443f66
- dtucker@cvs.openbsd.org 2006/07/19 13:07:10
...
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
Add ForceCommand keyword to sshd_config, equivalent to the "command="
key option, man page entry and example in sshd_config.
Feedback & ok djm@, man page corrections & ok jmc@
2006-07-24 14:06:47 +10:00
Damien Miller
d1de9950e5
- dtucker@cvs.openbsd.org 2006/07/19 08:56:41
...
[servconf.c sshd_config.5]
Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
Match. ok djm@
2006-07-24 14:05:48 +10:00
Damien Miller
f757d22e8b
- stevesk@cvs.openbsd.org 2006/07/18 22:27:55
...
[dh.c]
remove unneeded includes; ok djm@
2006-07-24 14:05:24 +10:00
Damien Miller
8c23403b51
- dtucker@cvs.openbsd.org 2006/07/18 08:22:23
...
[sshd_config.5]
Clarify description of Match, with minor correction from jmc@
2006-07-24 14:05:08 +10:00
Damien Miller
393821ad72
- jmc@cvs.openbsd.org 2006/07/18 08:03:09
...
[ssh-agent.1 sshd_config.5]
mark up angle brackets;
2006-07-24 14:04:53 +10:00
Damien Miller
22d47abbe3
- jmc@cvs.openbsd.org 2006/07/18 07:56:28
...
[scp.1]
replace DIAGNOSTICS with .Ex;
2006-07-24 14:04:36 +10:00
Damien Miller
65bc2c4028
- jmc@cvs.openbsd.org 2006/07/18 07:50:40
...
[sshd_config.5]
tweak; ok dtucker
2006-07-24 14:04:16 +10:00
Damien Miller
9b439df18a
- dtucker@cvs.openbsd.org 2006/07/17 12:06:00
...
[channels.c channels.h servconf.c sshd_config.5]
Add PermitOpen directive to sshd_config which is equivalent to the
"permitopen" key option. Allows server admin to allow TCP port
forwarding only two specific host/port pairs. Useful when combined
with Match.
If permitopen is used in both sshd_config and a key option, both
must allow a given connection before it will be permitted.
Note that users can still use external forwarders such as netcat,
so to be those must be controlled too for the limits to be effective.
Feedback & ok djm@, man page corrections & ok jmc@.
2006-07-24 14:04:00 +10:00
Damien Miller
98299261eb
- dtucker@cvs.openbsd.org 2006/07/17 12:02:24
...
[auth-options.c]
Use '\0' rather than 0 to terminates strings; ok djm@
2006-07-24 14:01:43 +10:00
Damien Miller
e6b3b610ec
- stevesk@cvs.openbsd.org 2006/07/17 01:31:10
...
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
[includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
[readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
[sshconnect.c sshlogin.c sshpty.c uidswap.c]
move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
Damien Miller
def915b0ff
- stevesk@cvs.openbsd.org 2006/07/14 01:15:28
...
[monitor_wrap.h]
don't need incompletely-typed 'struct passwd' now with
#include <pwd.h>; ok markus@
2006-07-24 13:55:56 +10:00
Damien Miller
2d00e63cb8
- stevesk@cvs.openbsd.org 2006/07/12 22:42:32
...
[includes.h ssh.c ssh-rand-helper.c]
move #include <stddef.h> out of includes.h
2006-07-24 13:53:19 +10:00
Damien Miller
939878b95f
tidy
2006-07-24 13:52:06 +10:00
Damien Miller
be43ebf975
- stevesk@cvs.openbsd.org 2006/07/12 22:28:52
...
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Damien Miller
d04f357ac2
- jmc@cvs.openbsd.org 2006/07/12 13:39:55
...
[sshd_config.5]
- new sentence, new line
- s/The the/The/
- kill a bad comma
2006-07-24 13:46:50 +10:00
Darren Tucker
341dae59c8
- (dtucker) [auth-krb5.c auth-pam.c] Still more errno.h
2006-07-13 08:45:14 +10:00
Darren Tucker
2eaea99054
- (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
...
openbsd-compat/rresvport.c] More errno.h.
2006-07-12 23:41:33 +10:00
Darren Tucker
5998ed03aa
- (dtucker) [openbsd-compat/openbsd-compat.h] v*printf needs stdarg.h.
2006-07-12 23:10:33 +10:00
Darren Tucker
deecec98c7
- (dtucker) [ssh-keyscan.c ssh-rand-helper.c] More errno.h here too.
2006-07-12 22:44:34 +10:00
Darren Tucker
767e4134f1
- (dtucker) [openbsd-compat/setproctitle.c] Include stdarg.h.
2006-07-12 22:43:28 +10:00
Darren Tucker
2c1a02a8d0
- (dtucker) [loginrec.c openbsd-compat/xmmap.c openbsd-compat/bindresvport.c
...
openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
2006-07-12 22:40:50 +10:00
Darren Tucker
c931c433f6
- (dtucker) [openbsd-compat/xmmap.c] Include <errno.h>.
2006-07-12 22:35:51 +10:00
Darren Tucker
4515047e47
- dtucker@cvs.openbsd.org 2006/07/12 11:34:58
...
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
Add support for conditional directives to sshd_config via a "Match"
keyword, which works similarly to the "Host" directive in ssh_config.
Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg
AllowTcpForwarding yes
Match User anoncvs
AllowTcpForwarding no
will allow port forwarding by all users except "anoncvs".
Currently only a very small subset of directives are supported.
ok djm@
2006-07-12 22:34:17 +10:00