Commit Graph

27 Commits

Author SHA1 Message Date
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
2006-03-15 14:42:54 +11:00
Damien Miller
03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
Darren Tucker
ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00
Darren Tucker
34620d6f71 - dtucker@cvs.openbsd.org 2004/08/23 14:29:23
[ssh-keysign.c]
     Remove duplicate getuid(), suggested by & ok markus@
2004-08-29 16:32:59 +10:00
Darren Tucker
27a8f6b056 - dtucker@cvs.openbsd.org 2004/08/23 14:26:38
[ssh-keysign.c ssh.c]
     Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
     change in Portable; ok markus@ (CVS ID sync only)
2004-08-29 16:31:28 +10:00
Darren Tucker
25f60a7ee7 - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
it does the right thing on all platforms.  ok djm@
2004-08-15 17:23:34 +10:00
Darren Tucker
ba6de952a0 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
   openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c.  Reduces
   diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
Damien Miller
57a4476a69 - djm@cvs.openbsd.org 2004/04/18 23:10:26
[readconf.c readconf.h ssh-keysign.c ssh.c]
     perform strict ownership and modes checks for ~/.ssh/config files,
     as these can be used to execute arbitrary programs; ok markus@
     NB. ssh will now exit when it detects a config with poor permissions
2004-04-20 20:11:57 +10:00
Damien Miller
fb1310eded - markus@cvs.openbsd.org 2004/01/19 21:25:15
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
     fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
2004-01-21 11:02:50 +11:00
Damien Miller
51bf11fcc9 - djm@cvs.openbsd.org 2003/11/17 09:45:39
[msg.c msg.h sshconnect2.c ssh-keysign.c]
     return error on msg send/receive failure (rather than fatal); ok markus@
2003-11-17 21:20:47 +11:00
Darren Tucker
0a4f04b5b2 - djm@cvs.openbsd.org 2003/07/03 08:09:06
[readconf.c readconf.h ssh-keysign.c ssh.c]
     fix AddressFamily option in config file, from brent@graveland.net;
     ok markus@
2003-07-03 20:37:47 +10:00
Damien Miller
20a8f97b03 - djm@cvs.openbsd.org 2003/05/16 03:27:12
[readconf.c ssh_config ssh_config.5 ssh-keysign.c]
     add AddressFamily option to ssh_config (like -4, -6 on commandline).
     Portable bug #534; ok markus@
2003-05-18 20:50:30 +10:00
Damien Miller
703ced55bb - markus@cvs.openbsd.org 2003/04/02 14:36:26
[ssh-keysign.c]
     potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
2003-04-09 20:50:26 +10:00
Damien Miller
ed33d3b4d2 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/13 11:42:19
     [authfile.c ssh-keysign.c]
     move RSA_blinding_on to generic key load method
2003-03-15 11:36:18 +11:00
Ben Lindstrom
1b96cfb975 - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since
we already did s/msg_send/ssh_msg_send/
2002-12-23 02:58:17 +00:00
Ben Lindstrom
b6df73b06a - markus@cvs.openbsd.org 2002/11/07 22:08:07
[readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
     we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
     because HostbasedAuthentication might be enabled based on the
     target host and ssh-keysign(8) does not know the remote hostname
     and not trust ssh(1) about the hostname, so we add a new option
     EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
2002-11-09 15:52:31 +00:00
Damien Miller
901119beab - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2 2002-10-04 11:10:04 +10:00
Ben Lindstrom
5d35a2f582 - markus@cvs.openbsd.org 2002/07/03 14:21:05
[ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
     re-enable ssh-keysign's sbit, but make ssh-keysign read
     /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
     globally. based on discussions with deraadt, itojun and sommerfeld;
     ok itojun@
2002-07-04 00:19:40 +00:00
Ben Lindstrom
43ce2c86a8 - markus@cvs.openbsd.org 2002/07/03 09:55:38
[ssh-keysign.c]
     use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
     in order to avoid a possible Kocher timing attack pointed out by Charles
     Hannum; ok provos@
2002-07-04 00:17:33 +00:00
Ben Lindstrom
fe275982e3 - markus@cvs.openbsd.org 2002/06/26 22:27:32
[ssh-keysign.c]
     bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
2002-06-27 00:25:07 +00:00
Ben Lindstrom
cb72e4f6d2 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Ben Lindstrom
a20715788d - markus@cvs.openbsd.org 2002/06/08 05:07:09
[ssh-keysign.c]
     only accept 20 byte session ids
2002-06-09 20:01:48 +00:00
Ben Lindstrom
5a6abdae0f unexpand 2002-06-09 19:41:48 +00:00
Ben Lindstrom
3545352dc4 - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au 2002-06-07 14:37:00 +00:00
Ben Lindstrom
db41d2390c - (bal) ssh-keysign should build and install correctly now. Phase two
would be to clean out any dead wood and disable ssh setuid on install.
2002-06-07 03:11:38 +00:00
Ben Lindstrom
1bad256822 - markus@cvs.openbsd.org 2002/05/23 19:24:30
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
     add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
     authentication in protocol v2 (needs to access the hostkeys).

Note: Makefile.in untested.  Will test after merge is finished.
2002-06-06 19:57:33 +00:00