mirror of git://anongit.mindrot.org/openssh.git
upstream: spelling ok dtucker@
OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19
This commit is contained in:
parent
6b977f8080
commit
cb885178f3
|
@ -21,7 +21,7 @@ The message format is:
|
|||
bool is_forwarding
|
||||
|
||||
Where 'hostkey' is the encoded server host public key, 'session
|
||||
identfier' is the exchange hash derived from the initial key
|
||||
identifier' is the exchange hash derived from the initial key
|
||||
exchange, 'signature' is the server's signature of the session
|
||||
identifier using the private hostkey, as sent in the final
|
||||
SSH2_MSG_KEXDH_REPLY/SSH2_MSG_KEXECDH_REPLY message of the initial key
|
||||
|
@ -62,12 +62,12 @@ An a keyspec consists of:
|
|||
When receiving this message, the agent will ensure that the
|
||||
'from_username' field is empty, and that 'to_hostname' and 'to_hostkeys'
|
||||
have been supplied (empty 'from_hostname' and 'from_hostkeys' are valid
|
||||
and signify the inital hop from the host running ssh-agent). The agent
|
||||
and signify the initial hop from the host running ssh-agent). The agent
|
||||
will then record the constraint against the key.
|
||||
|
||||
Subsequent operations on this key including add/remove/request
|
||||
identities and, in particular, signature requests will check the key
|
||||
constraints agains the session-bind@openssh.com bindings recorded for
|
||||
constraints against the session-bind@openssh.com bindings recorded for
|
||||
the agent connection over which they were received.
|
||||
|
||||
3. SSH_AGENT_CONSTRAIN_MAXSIGN key constraint
|
||||
|
@ -81,4 +81,4 @@ the constraint is:
|
|||
|
||||
This option is only valid for XMSS keys.
|
||||
|
||||
$OpenBSD: PROTOCOL.agent,v 1.15 2021/12/19 22:15:21 djm Exp $
|
||||
$OpenBSD: PROTOCOL.agent,v 1.16 2022/01/01 01:55:30 jsg Exp $
|
||||
|
|
|
@ -15,7 +15,7 @@ Most messages from the client to the server contain a "request id"
|
|||
field. This field is returned in replies as "client request id" to
|
||||
facilitate matching of responses to requests.
|
||||
|
||||
Many muliplexing (mux) client requests yield immediate responses from
|
||||
Many multiplexing (mux) client requests yield immediate responses from
|
||||
the mux process; requesting a forwarding, performing an alive check or
|
||||
requesting the master terminate itself fall in to this category.
|
||||
|
||||
|
@ -216,7 +216,7 @@ MUX_S_FAILURE.
|
|||
|
||||
9. Requesting proxy mode
|
||||
|
||||
A client may request that the the control connection be placed in proxy
|
||||
A client may request that the control connection be placed in proxy
|
||||
mode:
|
||||
|
||||
uint32 MUX_C_PROXY
|
||||
|
@ -295,4 +295,4 @@ XXX session inspection via master
|
|||
XXX signals via mux request
|
||||
XXX list active connections via mux
|
||||
|
||||
$OpenBSD: PROTOCOL.mux,v 1.12 2020/03/13 03:17:07 djm Exp $
|
||||
$OpenBSD: PROTOCOL.mux,v 1.13 2022/01/01 01:55:30 jsg Exp $
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfile.c,v 1.141 2020/06/18 23:33:38 djm Exp $ */
|
||||
/* $OpenBSD: authfile.c,v 1.142 2022/01/01 01:55:30 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -368,7 +368,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
|
|||
* Returns success if the specified "key" is listed in the file "filename",
|
||||
* SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error.
|
||||
* If "strict_type" is set then the key type must match exactly,
|
||||
* otherwise a comparison that ignores certficiate data is performed.
|
||||
* otherwise a comparison that ignores certificate data is performed.
|
||||
* If "check_ca" is set and "key" is a certificate, then its CA key is
|
||||
* also checked and sshkey_in_file() will return success if either is found.
|
||||
*/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: channels.c,v 1.408 2021/09/14 11:04:21 mbuhl Exp $ */
|
||||
/* $OpenBSD: channels.c,v 1.409 2022/01/01 01:55:30 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -543,7 +543,7 @@ permission_set_get_array(struct ssh *ssh, int who, int where,
|
|||
}
|
||||
}
|
||||
|
||||
/* Adds an entry to the spcified forwarding list */
|
||||
/* Adds an entry to the specified forwarding list */
|
||||
static int
|
||||
permission_set_add(struct ssh *ssh, int who, int where,
|
||||
const char *host_to_connect, int port_to_connect,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: clientloop.c,v 1.372 2021/12/19 22:08:48 djm Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.373 2022/01/01 01:55:30 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -1231,7 +1231,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
|
|||
fatal_f("pledge(): %s", strerror(errno));
|
||||
|
||||
} else if (options.update_hostkeys) {
|
||||
debug("pledge: fileystem");
|
||||
debug("pledge: filesystem");
|
||||
if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
|
||||
NULL) == -1)
|
||||
fatal_f("pledge(): %s", strerror(errno));
|
||||
|
|
2
packet.c
2
packet.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: packet.c,v 1.303 2021/11/25 23:02:24 djm Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.304 2022/01/01 01:55:30 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sftp-client.c,v 1.157 2021/11/06 10:13:39 dtucker Exp $ */
|
||||
/* $OpenBSD: sftp-client.c,v 1.158 2022/01/01 01:55:30 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
|
@ -341,7 +341,7 @@ get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
|
|||
return handle;
|
||||
}
|
||||
|
||||
/* XXX returing &static is error-prone. Refactor to fill *Attrib argument */
|
||||
/* XXX returning &static is error-prone. Refactor to fill *Attrib argument */
|
||||
static Attrib *
|
||||
get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
|
||||
{
|
||||
|
@ -381,7 +381,7 @@ get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
|
|||
sshbuf_free(msg);
|
||||
return NULL;
|
||||
}
|
||||
debug3("Recevied stat reply T:%u I:%u F:0x%04x M:%05o",
|
||||
debug3("Received stat reply T:%u I:%u F:0x%04x M:%05o",
|
||||
type, id, a.flags, a.perm);
|
||||
sshbuf_free(msg);
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sftp-client.h,v 1.34 2021/08/09 23:47:44 djm Exp $ */
|
||||
/* $OpenBSD: sftp-client.h,v 1.35 2022/01/01 01:55:30 jsg Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||
|
@ -183,7 +183,7 @@ int crossload_dir(struct sftp_conn *from, struct sftp_conn *to,
|
|||
char *path_append(const char *, const char *);
|
||||
|
||||
/* Make absolute path if relative path and CWD is given. Does not modify
|
||||
* original if the the path is already absolute. */
|
||||
* original if the path is already absolute. */
|
||||
char *make_absolute(char *, const char *);
|
||||
|
||||
/* Check if remote path is directory */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sftp-server.c,v 1.134 2021/11/18 03:06:03 djm Exp $ */
|
||||
/* $OpenBSD: sftp-server.c,v 1.135 2022/01/01 01:55:30 jsg Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -667,7 +667,7 @@ send_statvfs(u_int32_t id, struct statvfs *st)
|
|||
|
||||
/*
|
||||
* Prepare SSH2_FXP_VERSION extension advertisement for a single extension.
|
||||
* The extension is checked for permission prior to advertisment.
|
||||
* The extension is checked for permission prior to advertisement.
|
||||
*/
|
||||
static int
|
||||
compose_extension(struct sshbuf *msg, const char *name, const char *ver)
|
||||
|
@ -704,7 +704,7 @@ process_init(void)
|
|||
(r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0)
|
||||
fatal_fr(r, "compose");
|
||||
|
||||
/* extension advertisments */
|
||||
/* extension advertisements */
|
||||
compose_extension(msg, "posix-rename@openssh.com", "1");
|
||||
compose_extension(msg, "statvfs@openssh.com", "2");
|
||||
compose_extension(msg, "fstatvfs@openssh.com", "2");
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-agent.c,v 1.283 2021/12/19 22:13:55 djm Exp $ */
|
||||
/* $OpenBSD: ssh-agent.c,v 1.284 2022/01/01 01:55:30 jsg Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -450,7 +450,7 @@ identity_permitted(Identity *id, SocketEntry *e, char *user,
|
|||
* request (i.e. no 'user' supplied), then only permit the key if
|
||||
* there is a permission that would allow it to be used at another
|
||||
* destination. This hides keys that are allowed to be used to
|
||||
* authenicate *to* a host but not permitted for *use* beyond it.
|
||||
* authenticate *to* a host but not permitted for *use* beyond it.
|
||||
*/
|
||||
hks = &e->session_ids[e->nsession_ids - 1];
|
||||
if (hks->forwarded && user == NULL &&
|
||||
|
|
4
umac.h
4
umac.h
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: umac.h,v 1.4 2019/06/07 14:18:48 dtucker Exp $ */
|
||||
/* $OpenBSD: umac.h,v 1.5 2022/01/01 01:55:30 jsg Exp $ */
|
||||
/* -----------------------------------------------------------------------
|
||||
*
|
||||
* umac.h -- C Implementation UMAC Message Authentication
|
||||
|
@ -59,7 +59,7 @@ struct umac_ctx *umac_new(const u_char key[]);
|
|||
|
||||
#if 0
|
||||
int umac_reset(struct umac_ctx *ctx);
|
||||
/* Reset a umac_ctx to begin authenicating a new message */
|
||||
/* Reset a umac_ctx to begin authenticating a new message */
|
||||
#endif
|
||||
|
||||
int umac_update(struct umac_ctx *ctx, const u_char *input, long len);
|
||||
|
|
Loading…
Reference in New Issue