mirrors/openssh
0
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-01 09:46:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
7,313 Commits 69 Branches 157 Tags 29 MiB
c589378556
Commit Graph

220 Commits

Author SHA1 Message Date
Darren Tucker
46aa3e0ce1 - (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c 
openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
   openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
   for hton* and ntoh* macros.  Required on (at least) HP-UX since we define
   _XOPEN_SOURCE_EXTENDED.  Found by santhi.amirta at gmail com.
 2006-09-02 15:32:40 +10:00
Damien Miller
ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] 
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
 2006-09-01 15:38:36 +10:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
 2006-08-05 12:39:39 +10:00
Damien Miller
a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
 2006-08-05 11:37:59 +10:00
Damien Miller
da82839597 - dtucker@cvs.openbsd.org 2006/08/01 11:34:36 
[sshconnect.c]
     Allow fallback to known_hosts entries without port qualifiers for
     non-standard ports too, so that all existing known_hosts entries will be
     recognised.  Requested by, feedback and ok markus@
 2006-08-05 11:35:45 +10:00
Damien Miller
e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
 2006-08-05 11:34:19 +10:00
Damien Miller
9aec91948d - stevesk@cvs.openbsd.org 2006/07/25 02:59:21 
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
     move #include <sys/time.h> out of includes.h
 2006-08-05 10:57:45 +10:00
Damien Miller
437edb9e66 - stevesk@cvs.openbsd.org 2006/07/24 13:58:22 
[sshconnect.c]
     disable tunnel forwarding when no strict host key checking
     and key changed; ok djm@ markus@ dtucker@
 2006-08-05 09:11:13 +10:00
Damien Miller
b8fe89c4d9 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] 
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED
 2006-07-24 14:51:00 +10:00
Damien Miller
e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Damien Miller
e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
 2006-07-24 14:01:23 +10:00
Damien Miller
be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
 2006-07-24 13:51:51 +10:00
Darren Tucker
3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
 2006-07-12 22:22:46 +10:00
Darren Tucker
da34553561 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 
[misc.c misc.h sshd.8 sshconnect.c]
     Add port identifier to known_hosts for non-default ports, based originally
     on a patch from Devin Nate in bz#910.
     For any connection using the default port or using a HostKeyAlias the
     format is unchanged, otherwise the host name or address is enclosed
     within square brackets in the same format as sshd's ListenAddress.
     Tested by many, ok markus@.
 2006-07-10 23:04:19 +10:00
Damien Miller
9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
 2006-07-10 20:53:08 +10:00
Damien Miller
8ec8c3e98a - stevesk@cvs.openbsd.org 2006/07/05 02:42:09 
[canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
     [serverloop.c sshconnect.c uuencode.c]
     move #include <netinet/in.h> out of includes.h; ok deraadt@
     (also ssh-rand-helper.c logintest.c loginrec.c)
 2006-07-10 20:35:38 +10:00
Damien Miller
b757677d02 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20 
[includes.h ssh.c sshconnect.c sshd.c]
     move #include "version.h" out of includes.h; ok markus@
 2006-07-10 20:23:39 +10:00
Damien Miller
1e88ea6556 - OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2006/06/14 10:50:42
     [sshconnect.c]
     limit the number of pre-banner characters we will accept; ok markus@
 2006-07-10 20:15:56 +10:00
Damien Miller
2e5fe88ebe - markus@cvs.openbsd.org 2006/06/08 14:45:49 
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
     do not set the gid, noted by solar; ok djm
 2006-06-13 13:10:00 +10:00
Damien Miller
6b4069ad56 - markus@cvs.openbsd.org 2006/06/06 10:20:20 
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
     replace remaining setuid() calls with permanently_set_uid() and
     check seteuid() return values; report Marcus Meissner; ok dtucker djm
 2006-06-13 13:05:15 +10:00
Damien Miller
40b5985fe0 - markus@cvs.openbsd.org 2006/05/17 12:43:34 
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
     fix leak; coverity via Kylene Jo Hall
 2006-06-13 13:00:25 +10:00
Damien Miller
56e5e6ad11 - markus@cvs.openbsd.org 2006/04/20 09:47:59 
[sshconnect.c]
     simplify; ok djm@
 2006-04-23 12:08:59 +10:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller
07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41 
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
 2006-03-26 14:19:21 +11:00
Damien Miller
1d2b6706ba - deraadt@cvs.openbsd.org 2006/03/20 18:42:27 
[canohost.c match.c ssh.c sshconnect.c]
     be strict with tolower() casting
 2006-03-26 14:09:54 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Damien Miller
6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] 
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
 2006-03-15 14:42:54 +11:00
Damien Miller
c7b06369a8 - stevesk@cvs.openbsd.org 2006/02/22 00:04:45 
[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
     [sshconnect.c]
     move #include <ctype.h> out of includes.h; ok djm@
 2006-03-15 11:53:45 +11:00
Damien Miller
f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
 2006-03-15 11:45:54 +11:00
Damien Miller
9cf6d077fb - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
     [sftp.c sshconnect.c sshconnect2.c sshd.c]
     move #include <sys/wait.h> out of includes.h; ok markus@
 2006-03-15 11:29:24 +11:00
Damien Miller
52ab084755 - stevesk@cvs.openbsd.org 2006/02/08 14:16:59 
[sshconnect.c]
     <openssl/bn.h> not needed
 2006-03-15 11:20:46 +11:00
Damien Miller
03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
 2006-03-15 11:16:59 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28 
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
 2005-12-13 19:29:02 +11:00
Damien Miller
788f212aed - djm@cvs.openbsd.org 2005/10/30 08:52:18 
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
     [ssh.c sshconnect.c sshconnect1.c sshd.c]
     no need to escape single quotes in comments, no binary change
 2005-11-05 15:14:59 +11:00
Damien Miller
c1af1d5f40 - stevesk@cvs.openbsd.org 2005/10/15 15:28:12 
[sshconnect.c]
     make external definition static; ok deraadt@
 2005-11-05 15:08:57 +11:00
Damien Miller
0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55 
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
 2005-07-17 17:22:45 +10:00
Damien Miller
46d38de48b - djm@cvs.openbsd.org 2005/07/16 01:35:24 
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
     [sshconnect.c]
     spacing
 2005-07-17 17:02:09 +10:00
Damien Miller
9651fe690a - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2005/06/17 22:53:47
     [ssh.c sshconnect.c]
     Fix ControlPath's %p expanding to "0" for a default port,
     spotted dwmw2 AT infradead.org; ok markus@
 2005-06-26 08:55:25 +10:00
Damien Miller
eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33 
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
 2005-06-17 12:59:34 +10:00
Damien Miller
6476cad9bb - djm@cvs.openbsd.org 2005/06/06 11:20:36 
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
     introduce a generic %foo expansion function. replace existing % expansion
     and add expansion to ControlPath; ok markus@
 2005-06-16 13:18:34 +10:00
Damien Miller
b253cc4213 - avsm@cvs.openbsd.org 2005/05/24 17:32:44 
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
     [ssh-keyscan.c sshconnect.c]
     Switch atomicio to use a simpler interface; it now returns a size_t
     (containing number of bytes read/written), and indicates error by
     returning 0.  EOF is signalled by errno==EPIPE.
     Typical use now becomes:

     if (atomicio(read, ..., len) != len)
             err(1,"read");

     ok deraadt@, cloder@, djm@
 2005-05-26 12:23:44 +10:00
Darren Tucker
47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05 
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
 2005-03-14 23:08:12 +11:00
Damien Miller
1227d4c93c - djm@cvs.openbsd.org 2005/03/02 01:00:06 
[sshconnect.c]
     fix addition of new hashed hostnames when CheckHostIP=yes;
     found and ok dtucker@
 2005-03-02 12:06:51 +11:00
Damien Miller
e1776155d1 - djm@cvs.openbsd.org 2005/03/01 10:40:27 
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
     [sshconnect.c sshd.8]
     add support for hashing host names and addresses added to known_hosts
     files, to improve privacy of which hosts user have been visiting; ok
     markus@ deraadt@
 2005-03-01 21:47:37 +11:00
Darren Tucker
b2161e37f5 - markus@cvs.openbsd.org 2005/01/05 08:51:32 
[sshconnect.c]
     remove dead code, log connect() failures with level error, ok djm@
 2005-01-20 11:00:46 +11:00
Darren Tucker
3f9fdc7121 - avsm@cvs.openbsd.org 2004/06/21 17:36:31 
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
     cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
     monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
     ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
     sshpty.c]
     make ssh -Wshadow clean, no functional changes
     markus@ ok

There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
 2004-06-22 12:56:01 +10:00
Darren Tucker
e608ca2965 - djm@cvs.openbsd.org 2004/05/08 00:21:31 
[clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
     sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
     kill a tiny header; ok deraadt@
 2004-05-13 16:15:47 +10:00
Damien Miller
f6723f08e0 - djm@cvs.openbsd.org 2004/01/25 03:49:09 
[sshconnect.c]
     reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785)
     from jclonguet AT free.fr; ok millert@
 2004-01-27 21:21:27 +11:00
Damien Miller
12c150e7e0 - markus@cvs.openbsd.org 2003/12/09 21:53:37 
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@
 2003-12-17 16:31:10 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Damien Miller
150b55745b - jakob@cvs.openbsd.org 2003/11/12 16:39:58 
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
     update SSHFP validation. ok markus@
 2003-11-17 21:19:29 +11:00
Damien Miller
f58b58ced1 - jakob@cvs.openbsd.org 2003/11/10 16:23:41 
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
     constify. ok markus@ & djm@
 2003-11-17 21:18:23 +11:00
Damien Miller
8f746ec970 - jakob@cvs.openbsd.org 2003/11/03 09:37:32 
[sshconnect.c]
     do not free static type pointer in warn_changed_key()
 2003-11-17 21:11:15 +11:00
Damien Miller
5a38897dbb - jakob@cvs.openbsd.org 2003/11/03 09:09:41 
[sshconnect.c]
     move changed key warning into warn_changed_key(). ok markus@
 2003-11-17 21:10:47 +11:00
Darren Tucker
dda19d63ff - jakob@cvs.openbsd.org 2003/10/14 19:42:10 
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
     include SSHFP lookup code (not enabled by default). ok markus@
 2003-10-15 16:00:47 +10:00
Darren Tucker
bd5361b237 - markus@cvs.openbsd.org 2003/09/18 07:52:54 
[sshconnect.c]
     missing {}; bug #656; jclonguet at free.fr
 2003-09-22 20:59:16 +10:00
Darren Tucker
edeb1f7449 - markus@cvs.openbsd.org 2003/06/29 12:44:38 
[sshconnect.c]
     memset 0, not \0; andrushock@korovino.net
 2003-07-03 13:48:04 +10:00
Darren Tucker
9f63f22aa0 - deraadt@cvs.openbsd.org 2003/06/28 16:23:06 
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
     progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
     sshd.c]
     deal with typing of write vs read in atomicio
 2003-07-03 13:46:56 +10:00
Damien Miller
7392ae6270 - jakob@cvs.openbsd.org 2003/06/11 10:16:16 
[sshconnect.c]
     clean up check_host_key() and improve SSHFP feedback. ok markus@
 2003-06-11 22:05:25 +10:00
Damien Miller
941ac459ce - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2003/06/04 08:25:18
     [sshconnect.c]
     disable challenge/response and keyboard-interactive auth methods
     upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
     bz #580; ok markus@
 2003-06-04 20:31:53 +10:00
Damien Miller
ab2db41b61 - djm@cvs.openbsd.org 2003/05/26 12:54:40 
[sshconnect.c]
     fix format strings; ok markus@
 2003-06-02 19:09:13 +10:00
Damien Miller
08293fa435 - djm@cvs.openbsd.org 2003/05/23 08:29:30 
[sshconnect.c]
     fix leak; ok markus@
 2003-05-23 18:44:41 +10:00
Damien Miller
b78d5eb6c5 - djm@cvs.openbsd.org 2003/05/15 14:55:25 
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
     add a ConnectTimeout option to ssh, based on patch from
     Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
 2003-05-16 11:39:04 +10:00
Damien Miller
37876e913a - jakob@cvs.openbsd.org 2003/05/14 18:16:20 
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
     [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
     add experimental support for verifying hos keys using DNS as described
     in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
     ok markus@ and henning@
 2003-05-15 10:19:46 +10:00
Damien Miller
2372ace572 - markus@cvs.openbsd.org 2003/04/14 14:17:50 
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
     avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
 2003-05-14 13:42:23 +10:00
Damien Miller
d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Ben Lindstrom
93576d9538 - deraadt@cvs.openbsd.org 2002/11/21 23:03:51 
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
      sshconnect.c]
     KNF
 2002-12-23 02:06:19 +00:00
Ben Lindstrom
064496feaa - markus@cvs.openbsd.org 2002/11/21 22:45:31 
[cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
     debug->debug2, unify debug messages
 2002-12-23 02:04:22 +00:00
Damien Miller
8c4e18a6ec - djm@cvs.openbsd.org 2002/09/19 01:58:18 
[ssh.c sshconnect.c]
     bugzilla.mindrot.org #223 - ProxyCommands don't exit.
     Patch from dtucker@zip.com.au; ok markus@
 2002-09-19 12:05:02 +10:00
Damien Miller
e1383cee9d - stevesk@cvs.openbsd.org 2002/09/13 19:23:09 
[channels.c sshconnect.c sshd.c]
     remove use of SO_LINGER, it should not be needed. error check
     SO_REUSEADDR. fixup comments. ok markus@
 2002-09-19 11:49:37 +10:00
Ben Lindstrom
4b99be899c - markus@cvs.openbsd.org 2002/07/29 18:57:30 
[sshconnect.c]
     print file:line
 2002-08-01 01:26:29 +00:00
Ben Lindstrom
3ed6640532 - markus@cvs.openbsd.org 2002/07/24 16:11:18 
[hostfile.c hostfile.h sshconnect.c]
     print out all known keys for a host if we get a unknown host key,
     see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4

     the ssharp mitm tool attacks users in a similar way, so i'd like to
     pointed out again:
        A MITM attack is always possible if the ssh client prints:
        The authenticity of host 'bla' can't be established.
     (protocol version 2 with pubkey authentication allows you to detect
     MITM attacks)
 2002-08-01 01:21:56 +00:00
Ben Lindstrom
728aa7e18c - itojun@cvs.openbsd.org 2002/07/12 13:29:09 
[sshconnect.c]
     print connect failure during debugging mode.
 2002-07-15 17:48:11 +00:00
Ben Lindstrom
a6cd75c49e - itojun@cvs.openbsd.org 2002/07/10 10:28:15 
[sshconnect.c]
     bark if all connection attempt fails.
 2002-07-11 04:00:19 +00:00
Ben Lindstrom
ba8df7d76d - itojun@cvs.openbsd.org 2002/07/09 12:04:02 
[sshconnect.c]
     ed static function (less warnings)
 2002-07-11 03:58:11 +00:00
Ben Lindstrom
efee05958c - itojun@cvs.openbsd.org 2002/07/09 11:56:50 
[sshconnect.c]
     silently try next address on connect(2).  markus ok
 2002-07-11 03:54:43 +00:00
Ben Lindstrom
04f9af7dfc - markus@cvs.openbsd.org 2002/06/27 08:49:44 
[dh.c ssh-keyscan.c sshconnect.c]
     more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
 2002-07-04 00:03:56 +00:00
Ben Lindstrom
5c3855210e - deraadt@cvs.openbsd.org 2002/06/23 03:30:58 
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
      sshpty.c]
     various KNF and %d for unsigned
 2002-06-23 21:23:20 +00:00
Ben Lindstrom
cb72e4f6d2 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55 
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
 2002-06-21 00:41:51 +00:00
Ben Lindstrom
f9c4884c8e - markus@cvs.openbsd.org 2002/06/11 04:14:26 
[ssh.c sshconnect.c sshconnect.h]
     no longer use uidswap.[ch] from the ssh client
     run less code with euid==0 if ssh is installed setuid root
     just switch the euid, don't switch the complete set of groups
     (this is only needed by sshd). ok provos@
 2002-06-11 16:37:51 +00:00
Ben Lindstrom
18a32a7efa - itojun@cvs.openbsd.org 2002/06/09 22:17:21 
[sshconnect.c]
     pass salen to sockaddr_ntop so that we are happy on linux/solaris
 2002-06-11 15:46:34 +00:00
Ben Lindstrom
2749e1c8f5 - markus@cvs.openbsd.org 2002/06/09 04:33:27 
[sshconnect.c]
     abort() - > fatal()
 2002-06-09 20:16:22 +00:00
Ben Lindstrom
159ac2e8cd - itojun@cvs.openbsd.org 2002/06/08 21:15:27 
[sshconnect.c]
     always use getnameinfo.  (diag message only)
 2002-06-09 20:14:54 +00:00
Ben Lindstrom
1bad256822 - markus@cvs.openbsd.org 2002/05/23 19:24:30 
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
     add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
     authentication in protocol v2 (needs to access the hostkeys).

Note: Makefile.in untested.  Will test after merge is finished.
 2002-06-06 19:57:33 +00:00
Kevin Steves
399ec97bc2 whitespace sync 2002-03-05 18:59:45 +00:00
Damien Miller
49d795c647 - markus@cvs.openbsd.org 2002/01/21 15:13:51 
[sshconnect.c]
     use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
     for hostkey confirm.
 2002-01-22 23:34:12 +11:00
Damien Miller
9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Ben Lindstrom
e181a4d294 - stevesk@cvs.openbsd.org 2001/12/06 18:02:32 
[channels.c sshconnect.c]
     shutdown(sock, SHUT_RDWR) not needed here; ok markus@
 2001-12-07 17:24:49 +00:00
Ben Lindstrom
1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12 
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
 2001-12-06 18:00:18 +00:00
Damien Miller
139d4cd908 - markus@cvs.openbsd.org 2001/10/09 10:12:08 
[session.c]
     chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
 2001-10-10 15:07:44 +10:00
Damien Miller
7ea6f204b6 - markus@cvs.openbsd.org 2001/10/08 16:15:47 
[sshconnect.c]
     use correct family for -b option
 2001-10-10 15:04:41 +10:00
Damien Miller
59d9fb9e55 - markus@cvs.openbsd.org 2001/10/06 11:18:19 
[sshconnect1.c sshconnect2.c sshconnect.c]
     unify hostkey check error messages, simplify prompt.
 2001-10-10 15:03:11 +10:00
Damien Miller
e398004f6c - markus@cvs.openbsd.org 2001/10/06 00:14:50 
[sshconnect.c]
     remove unused argument
 2001-10-10 15:02:03 +10:00
Ben Lindstrom
3cecc9a41f - markus@cvs.openbsd.org 2001/10/01 21:51:16 
[readconf.c readconf.h ssh.1 sshconnect.c]
     add NoHostAuthenticationForLocalhost; note that the hostkey is
     now check for localhost, too.
 2001-10-03 17:39:38 +00:00
Tim Rice
e991e3cf22 - (tim) [configure.in sshconnect.c openbsd-compat/Makefile.in 
openbsd-compat/openbsd-compat.h ] Add inet_ntop.c inet_ntop.h back
	 in. Needed for sshconnect.c
	 [sshconnect.c] fix INET6_ADDRSTRLEN for non IPv6 machines
	 [configure.in] make tests with missing libraries fail
	 patch by Wendy Palm <wendyp@cray.com>
	 Added openbsd-compat/bsd-cray.h. Selective patches from
	 William L. Jones <jones@mail.utexas.edu>
 2001-08-07 15:29:07 -07:00
Ben Lindstrom
f9cedb9ca0 - markus@cvs.openbsd.org 2001/07/25 14:35:18 
[readconf.c ssh.1 ssh.c sshconnect.c]
     cleanup connect(); connection_attempts 4 -> 1; from
eivind@freebsd.org
 2001-08-06 21:07:11 +00:00
Ben Lindstrom
bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20 
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
 2001-06-25 05:01:22 +00:00
Ben Lindstrom
d6481ea49a - markus@cvs.openbsd.org 2001/06/23 02:34:33 
[kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
      sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
     get rid of known_hosts2, use it for hostkey lookup, but do not
     modify.
 2001-06-25 04:37:41 +00:00
Ben Lindstrom
664408d2a7 - markus@cvs.openbsd.org 2001/06/07 20:23:05 
[authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
      sshconnect.c sshconnect1.c]
     use xxx_put_cstring()
 2001-06-09 01:42:01 +00:00