Damien Miller
1e88ea6556
- OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2006/06/14 10:50:42
[sshconnect.c]
limit the number of pre-banner characters we will accept; ok markus@
2006-07-10 20:15:56 +10:00
Damien Miller
2e5fe88ebe
- markus@cvs.openbsd.org 2006/06/08 14:45:49
...
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
do not set the gid, noted by solar; ok djm
2006-06-13 13:10:00 +10:00
Damien Miller
6b4069ad56
- markus@cvs.openbsd.org 2006/06/06 10:20:20
...
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
2006-06-13 13:05:15 +10:00
Damien Miller
40b5985fe0
- markus@cvs.openbsd.org 2006/05/17 12:43:34
...
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
fix leak; coverity via Kylene Jo Hall
2006-06-13 13:00:25 +10:00
Damien Miller
56e5e6ad11
- markus@cvs.openbsd.org 2006/04/20 09:47:59
...
[sshconnect.c]
simplify; ok djm@
2006-04-23 12:08:59 +10:00
Damien Miller
57c30117c1
- djm@cvs.openbsd.org 2006/03/25 13:17:03
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
07d86bec5e
- djm@cvs.openbsd.org 2006/03/25 00:05:41
...
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
[clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
[monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
[xmalloc.c xmalloc.h]
introduce xcalloc() and xasprintf() failure-checked allocations
functions and use them throughout openssh
xcalloc is particularly important because malloc(nmemb * size) is a
dangerous idiom (subject to integer overflow) and it is time for it
to die
feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
Damien Miller
1d2b6706ba
- deraadt@cvs.openbsd.org 2006/03/20 18:42:27
...
[canohost.c match.c ssh.c sshconnect.c]
be strict with tolower() casting
2006-03-26 14:09:54 +11:00
Damien Miller
b0fb6872ed
- deraadt@cvs.openbsd.org 2006/03/19 18:51:18
...
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
6645e7a70d
- (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
...
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
[sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/glob.c openbsd-compat/mktemp.c]
[openbsd-compat/readpassphrase.c] Lots of include fixes for
OpenSolaris
2006-03-15 14:42:54 +11:00
Damien Miller
c7b06369a8
- stevesk@cvs.openbsd.org 2006/02/22 00:04:45
...
[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
[sshconnect.c]
move #include <ctype.h> out of includes.h; ok djm@
2006-03-15 11:53:45 +11:00
Damien Miller
f17883e6a0
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
...
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller
9cf6d077fb
- stevesk@cvs.openbsd.org 2006/02/10 01:44:27
...
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
[sftp.c sshconnect.c sshconnect2.c sshd.c]
move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 11:29:24 +11:00
Damien Miller
52ab084755
- stevesk@cvs.openbsd.org 2006/02/08 14:16:59
...
[sshconnect.c]
<openssl/bn.h> not needed
2006-03-15 11:20:46 +11:00
Damien Miller
03e2003a23
- stevesk@cvs.openbsd.org 2006/02/08 12:15:27
...
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
[session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
[sshd.c sshpty.c]
move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
Damien Miller
d27b947178
- reyk@cvs.openbsd.org 2005/12/06 22:38:28
...
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
[misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
[serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
[sshconnect.h sshd.8 sshd_config sshd_config.5]
Add support for tun(4) forwarding over OpenSSH, based on an idea and
initial channel code bits by markus@. This is a simple and easy way to
use OpenSSH for ad hoc virtual private network connections, e.g.
administrative tunnels or secure wireless access. It's based on a new
ssh channel and works similar to the existing TCP forwarding support,
except that it depends on the tun(4) network interface on both ends of
the connection for layer 2 or layer 3 tunneling. This diff also adds
support for LocalCommand in the ssh(1) client.
ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller
788f212aed
- djm@cvs.openbsd.org 2005/10/30 08:52:18
...
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
[ssh.c sshconnect.c sshconnect1.c sshd.c]
no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
Damien Miller
c1af1d5f40
- stevesk@cvs.openbsd.org 2005/10/15 15:28:12
...
[sshconnect.c]
make external definition static; ok deraadt@
2005-11-05 15:08:57 +11:00
Damien Miller
0dc1bef12d
- djm@cvs.openbsd.org 2005/07/17 07:17:55
...
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
[cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
[serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
[sshconnect.c sshconnect2.c]
knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
Damien Miller
46d38de48b
- djm@cvs.openbsd.org 2005/07/16 01:35:24
...
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
[sshconnect.c]
spacing
2005-07-17 17:02:09 +10:00
Damien Miller
9651fe690a
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2005/06/17 22:53:47
[ssh.c sshconnect.c]
Fix ControlPath's %p expanding to "0" for a default port,
spotted dwmw2 AT infradead.org; ok markus@
2005-06-26 08:55:25 +10:00
Damien Miller
eccb9de72a
- djm@cvs.openbsd.org 2005/06/17 02:44:33
...
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
Damien Miller
6476cad9bb
- djm@cvs.openbsd.org 2005/06/06 11:20:36
...
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
introduce a generic %foo expansion function. replace existing % expansion
and add expansion to ControlPath; ok markus@
2005-06-16 13:18:34 +10:00
Damien Miller
b253cc4213
- avsm@cvs.openbsd.org 2005/05/24 17:32:44
...
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
[ssh-keyscan.c sshconnect.c]
Switch atomicio to use a simpler interface; it now returns a size_t
(containing number of bytes read/written), and indicates error by
returning 0. EOF is signalled by errno==EPIPE.
Typical use now becomes:
if (atomicio(read, ..., len) != len)
err(1,"read");
ok deraadt@, cloder@, djm@
2005-05-26 12:23:44 +10:00
Darren Tucker
47eede77ed
- deraadt@cvs.openbsd.org 2005/03/10 22:01:05
...
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
readconf.c bufaux.c sftp.c]
spacing
2005-03-14 23:08:12 +11:00
Damien Miller
1227d4c93c
- djm@cvs.openbsd.org 2005/03/02 01:00:06
...
[sshconnect.c]
fix addition of new hashed hostnames when CheckHostIP=yes;
found and ok dtucker@
2005-03-02 12:06:51 +11:00
Damien Miller
e1776155d1
- djm@cvs.openbsd.org 2005/03/01 10:40:27
...
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
[sshconnect.c sshd.8]
add support for hashing host names and addresses added to known_hosts
files, to improve privacy of which hosts user have been visiting; ok
markus@ deraadt@
2005-03-01 21:47:37 +11:00
Darren Tucker
b2161e37f5
- markus@cvs.openbsd.org 2005/01/05 08:51:32
...
[sshconnect.c]
remove dead code, log connect() failures with level error, ok djm@
2005-01-20 11:00:46 +11:00
Darren Tucker
3f9fdc7121
- avsm@cvs.openbsd.org 2004/06/21 17:36:31
...
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
sshpty.c]
make ssh -Wshadow clean, no functional changes
markus@ ok
There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
2004-06-22 12:56:01 +10:00
Darren Tucker
e608ca2965
- djm@cvs.openbsd.org 2004/05/08 00:21:31
...
[clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
kill a tiny header; ok deraadt@
2004-05-13 16:15:47 +10:00
Damien Miller
f6723f08e0
- djm@cvs.openbsd.org 2004/01/25 03:49:09
...
[sshconnect.c]
reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785 )
from jclonguet AT free.fr; ok millert@
2004-01-27 21:21:27 +11:00
Damien Miller
12c150e7e0
- markus@cvs.openbsd.org 2003/12/09 21:53:37
...
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
Damien Miller
a8e06cef35
- djm@cvs.openbsd.org 2003/11/21 11:57:03
...
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller
150b55745b
- jakob@cvs.openbsd.org 2003/11/12 16:39:58
...
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
update SSHFP validation. ok markus@
2003-11-17 21:19:29 +11:00
Damien Miller
f58b58ced1
- jakob@cvs.openbsd.org 2003/11/10 16:23:41
...
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
[key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
[ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
constify. ok markus@ & djm@
2003-11-17 21:18:23 +11:00
Damien Miller
8f746ec970
- jakob@cvs.openbsd.org 2003/11/03 09:37:32
...
[sshconnect.c]
do not free static type pointer in warn_changed_key()
2003-11-17 21:11:15 +11:00
Damien Miller
5a38897dbb
- jakob@cvs.openbsd.org 2003/11/03 09:09:41
...
[sshconnect.c]
move changed key warning into warn_changed_key(). ok markus@
2003-11-17 21:10:47 +11:00
Darren Tucker
dda19d63ff
- jakob@cvs.openbsd.org 2003/10/14 19:42:10
...
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
include SSHFP lookup code (not enabled by default). ok markus@
2003-10-15 16:00:47 +10:00
Darren Tucker
bd5361b237
- markus@cvs.openbsd.org 2003/09/18 07:52:54
...
[sshconnect.c]
missing {}; bug #656 ; jclonguet at free.fr
2003-09-22 20:59:16 +10:00
Darren Tucker
edeb1f7449
- markus@cvs.openbsd.org 2003/06/29 12:44:38
...
[sshconnect.c]
memset 0, not \0; andrushock@korovino.net
2003-07-03 13:48:04 +10:00
Darren Tucker
9f63f22aa0
- deraadt@cvs.openbsd.org 2003/06/28 16:23:06
...
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
sshd.c]
deal with typing of write vs read in atomicio
2003-07-03 13:46:56 +10:00
Damien Miller
7392ae6270
- jakob@cvs.openbsd.org 2003/06/11 10:16:16
...
[sshconnect.c]
clean up check_host_key() and improve SSHFP feedback. ok markus@
2003-06-11 22:05:25 +10:00
Damien Miller
941ac459ce
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/06/04 08:25:18
[sshconnect.c]
disable challenge/response and keyboard-interactive auth methods
upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
bz #580 ; ok markus@
2003-06-04 20:31:53 +10:00
Damien Miller
ab2db41b61
- djm@cvs.openbsd.org 2003/05/26 12:54:40
...
[sshconnect.c]
fix format strings; ok markus@
2003-06-02 19:09:13 +10:00
Damien Miller
08293fa435
- djm@cvs.openbsd.org 2003/05/23 08:29:30
...
[sshconnect.c]
fix leak; ok markus@
2003-05-23 18:44:41 +10:00
Damien Miller
b78d5eb6c5
- djm@cvs.openbsd.org 2003/05/15 14:55:25
...
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
add a ConnectTimeout option to ssh, based on patch from
Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
2003-05-16 11:39:04 +10:00
Damien Miller
37876e913a
- jakob@cvs.openbsd.org 2003/05/14 18:16:20
...
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
[dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
add experimental support for verifying hos keys using DNS as described
in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
ok markus@ and henning@
2003-05-15 10:19:46 +10:00
Damien Miller
2372ace572
- markus@cvs.openbsd.org 2003/04/14 14:17:50
...
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
2003-05-14 13:42:23 +10:00
Damien Miller
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00