Commit Graph

171 Commits

Author SHA1 Message Date
Damien Miller
6c6da33d31 - djm@cvs.openbsd.org 2012/06/20 04:42:58
[clientloop.c serverloop.c]
     initialise accept() backoff timer to avoid EINVAL from select(2) in
     rekeying
2012-06-20 22:31:26 +10:00
Damien Miller
a6508753db - djm@cvs.openbsd.org 2012/04/11 13:16:19
[channels.c channels.h clientloop.c serverloop.c]
     don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
     while; ok deraadt@ markus@
2012-04-22 11:21:10 +10:00
Damien Miller
814ace0875 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/15 08:09:01
     [authfd.c monitor.c serverloop.c]
     use FD_CLOEXEC consistently; patch from zion AT x96.org
2011-05-20 19:02:47 +10:00
Damien Miller
e5d5a17fe1 - (djm) [serverloop.c] Fix test for server-assigned remote forwarding port
(-R 0:...); bz#1578, spotted and fix by gavin AT emf.net; ok dtucker@
2009-09-09 11:07:28 +10:00
Darren Tucker
c5564e1c4c - andreas@cvs.openbsd.org 2009/05/28 16:50:16
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
     monitor.c Added roaming.h roaming_common.c roaming_dummy.c]
     Keep track of number of bytes read and written. Needed for upcoming
     changes. Most code from Martin Forssen, maf at appgate dot com.
     ok markus@
     Also, applied appropriate changes to Makefile.in
2009-06-21 18:53:53 +10:00
Darren Tucker
f7288d77e4 - andreas@cvs.openbsd.org 2009/05/27 06:31:25
[canohost.h canohost.c]
     Add clear_cached_addr(), needed for upcoming changes allowing the peer
     address to change.
     ok markus@
2009-06-21 18:12:20 +10:00
Damien Miller
330d58587f - djm@cvs.openbsd.org 2009/02/12 03:16:01
[serverloop.c]
     tighten check for -R0:... forwarding: only allow dynamic allocation
     if want_reply is set in the packet
2009-02-14 16:33:09 +11:00
Damien Miller
4bf648f776 - djm@cvs.openbsd.org 2009/02/12 03:00:56
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
     [readconf.h serverloop.c ssh.c]
     support remote port forwarding with a zero listen port (-R0:...) to
     dyamically allocate a listen port at runtime (this is actually
     specified in rfc4254); bz#1003 ok markus@
2009-02-14 16:28:21 +11:00
Damien Miller
3dc71ad865 - djm@cvs.openbsd.org 2009/01/22 10:02:34
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
     [serverloop.c ssh-keyscan.c ssh.c sshd.c]
     make a2port() return -1 when it encounters an invalid port number
     rather than 0, which it will now treat as valid (needed for future work)
     adjust current consumers of a2port() to check its return value is <= 0,
     which in turn required some things to be converted from u_short => int
     make use of int vs. u_short consistent in some other places too
     feedback & ok markus@
2009-01-28 16:31:22 +11:00
Damien Miller
5a33ec68bc - markus@cvs.openbsd.org 2008/12/02 19:08:59
[serverloop.c]
     backout 1.149, since it's not necessary and openssh clients send
     broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
2008-12-08 09:55:02 +11:00
Damien Miller
d8968adb5f - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
   [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
   some platforms (HP nonstop) it is a distinct errno;
   bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-07-04 23:10:49 +10:00
Darren Tucker
8810dd41b9 - djm@cvs.openbsd.org 2008/06/30 12:15:39
[serverloop.c]
     only pass channel requests on session channels through to the session
     channel handler, avoiding spurious log messages; ok! markus@
2008-07-02 22:32:14 +10:00
Darren Tucker
1cf65ae61d - (dtucker) [clientloop.c serverloop.c] channel_register_filter now
takes 2 more args.  with djm@
2008-06-13 05:09:18 +10:00
Darren Tucker
8901fa9c88 - djm@cvs.openbsd.org 2008/06/10 22:15:23
[PROTOCOL ssh.c serverloop.c]
     Add a no-more-sessions@openssh.com global request extension that the
     client sends when it knows that it will never request another session
     (i.e. when session multiplexing is disabled). This allows a server to
     disallow further session requests and terminate the session.
     Why would a non-multiplexing client ever issue additional session
     requests? It could have been attacked with something like SSH'jack:
     http://www.storm.net.nz/projects/7
     feedback & ok markus
2008-06-11 09:34:01 +10:00
Damien Miller
bab9bd4c20 - markus@cvs.openbsd.org 2008/05/09 16:21:13
[channels.h clientloop.c nchan.c serverloop.c]
     unbreak
        ssh -2 localhost od /bin/ls | true
     ignoring SIGPIPE by adding a new channel message (EOW) that signals
     the peer that we're not interested in any data it might send.
     fixes bz #85; discussion, debugging and ok djm@
2008-05-19 16:06:47 +10:00
Damien Miller
bd74025c7b - djm@cvs.openbsd.org 2008/05/09 04:55:56
[channels.c channels.h clientloop.c serverloop.c]
     Try additional addresses when connecting to a port forward destination
     whose DNS name resolves to more than one address. The previous behaviour
     was to try the first address and give up.

     Reported by stig AT venaas.com in bz#343

     great feedback and ok markus@
2008-05-19 15:37:09 +10:00
Damien Miller
b84886ba3e - djm@cvs.openbsd.org 2008/05/08 12:02:23
[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
     [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
     [ssh.c sshd.c]
     Implement a channel success/failure status confirmation callback
     mechanism. Each channel maintains a queue of callbacks, which will
     be drained in order (RFC4253 guarantees confirm messages are not
     reordered within an channel).
     Also includes a abandonment callback to clean up if a channel is
     closed without sending confirmation messages. This probably
     shouldn't happen in compliant implementations, but it could be
     abused to leak memory.
     ok markus@ (as part of a larger diff)
2008-05-19 15:05:07 +10:00
Damien Miller
58226f6068 - dtucker@cvs.openbsd.org 2008/02/22 20:44:02
[clientloop.c packet.c packet.h serverloop.c]
     Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
     keepalive timer (bz #1307).  ok markus@
2008-03-07 18:33:30 +11:00
Damien Miller
5ed3d575f9 - dtucker@cvs.openbsd.org 2008/01/23 01:56:54
[clientloop.c packet.c serverloop.c]
     Revert the change for bz #1307 as it causes connection aborts if an IGNORE
     packet arrives while we're waiting in packet_read_expect (and possibly
     elsewhere).
2008-02-10 22:27:47 +11:00
Darren Tucker
d6725f04e2 - dtucker@cvs.openbsd.org 2007/12/28 15:32:24
[clientloop.c serverloop.c packet.c]
     Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
     ServerAlive and ClientAlive timers.  Prevents dropping a connection
     when these are enabled but the peer does not support our keepalives.
     bz #1307, ok djm@.
2007-12-29 02:45:07 +11:00
Damien Miller
e42bd24b22 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
when closing a tty session when a background process still holds tty
   fds open. Great detective work and patch by Marc Aurele La France,
   slightly tweaked by me; ok dtucker@
2007-01-29 10:16:28 +11:00
Damien Miller
985a4485f5 - markus@cvs.openbsd.org 2006/10/11 12:38:03
[clientloop.c serverloop.c]
     exit instead of doing a blocking tcp send if we detect a client/server
     timeout, since the tcp sendqueue might be already full (of alive
     requests); ok dtucker, report mpf
2006-10-24 03:02:41 +10:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
Damien Miller
9aec91948d - stevesk@cvs.openbsd.org 2006/07/25 02:59:21
[channels.c clientloop.c packet.c scp.c serverloop.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-keyscan.c sshconnect.c sshd.c]
     move #include <sys/time.h> out of includes.h
2006-08-05 10:57:45 +10:00
Damien Miller
e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller
1cdde6f536 - stevesk@cvs.openbsd.org 2006/07/20 15:26:15
[auth1.c serverloop.c session.c sshconnect2.c]
     missed some needed #include <unistd.h> when KERBEROS5=no; issue from
     massimo@cedoc.mo.it
2006-07-24 14:07:35 +10:00
Darren Tucker
3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
Damien Miller
57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
Damien Miller
9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Damien Miller
8ec8c3e98a - stevesk@cvs.openbsd.org 2006/07/05 02:42:09
[canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
     [serverloop.c sshconnect.c uuencode.c]
     move #include <netinet/in.h> out of includes.h; ok deraadt@
     (also ssh-rand-helper.c logintest.c loginrec.c)
2006-07-10 20:35:38 +10:00
Darren Tucker
144e8d60cd - (dtucker) [channels.c serverloop.c] Apply the bug #1102 workaround to ptys
only, otherwise sshd can hang exiting non-interactive sessions.
2006-06-25 08:25:25 +10:00
Darren Tucker
03890e44cd - (dtucker) [serverloop.c] Get ifdef/ifndef the right way around for the bug
#1102 workaround.
2006-06-24 16:58:45 +10:00
Darren Tucker
9afe115f0a - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIX
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes
   on the pty slave as zero-length reads on the pty master, which sshd
   interprets as the descriptor closing.  Since most things don't do zero
   length writes this rarely matters, but occasionally it happens, and when
   it does the SSH pty session appears to hang, so we add a special case for
   this condition.  ok djm@
2006-06-23 21:24:12 +10:00
Damien Miller
90fdfaf69c - deraadt@cvs.openbsd.org 2006/03/25 18:30:55
[clientloop.c serverloop.c]
     spacing
2006-03-26 14:25:37 +11:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
4f7becb44f - deraadt@cvs.openbsd.org 2006/03/20 18:48:34
[channels.c fatal.c kex.c packet.c serverloop.c]
     spacing
2006-03-26 14:10:14 +11:00
Damien Miller
71a7367130 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
[channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
     [ssh.c sshpty.c sshpty.h]
     sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 14:04:36 +11:00
Damien Miller
f0b15dfc52 - deraadt@cvs.openbsd.org 2006/03/19 18:56:41
[clientloop.c progressmeter.c serverloop.c sshd.c]
     ARGSUSED for signal handlers
2006-03-26 13:59:20 +11:00
Damien Miller
6f98a1fea7 - djm@cvs.openbsd.org 2006/03/19 02:22:32
[serverloop.c]
     memory leaks detected by Coverity via elad AT netbsd.org;
     ok deraadt@ dtucker@
2006-03-26 13:51:08 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
ec04f360eb - djm@cvs.openbsd.org 2006/03/04 04:12:58
[serverloop.c]
     move a debug() outside of a signal handler; ok markus@ a little while back
2006-03-15 12:01:34 +11:00
Damien Miller
6ff3caddb6 oops, this commit is really:
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
     [clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@

the previous was:

   - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
     [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
     [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
     [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
     [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
     [sshconnect2.c sshd.c sshpty.c]
     move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
Damien Miller
9cf6d077fb - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
     [sftp.c sshconnect.c sshconnect2.c sshd.c]
     move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 11:29:24 +11:00
Damien Miller
99bd21e3fe - stevesk@cvs.openbsd.org 2006/02/07 01:42:00
[channels.c clientloop.c clientloop.h includes.h packet.h]
     [serverloop.c sshpty.c sshpty.h sshtty.c ttymodes.c]
     move #include <termios.h> out of includes.h; ok markus@
2006-03-15 11:11:28 +11:00
Damien Miller
598bbc2d8f - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
[serverloop.c ssh.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
   compatability support for Linux, diff from reyk@
2005-12-31 16:33:36 +11:00
Darren Tucker
0d0e8f0173 - (dtucker) OpenBSD CVS Sync
- reyk@cvs.openbsd.org 2005/12/13 15:03:02
     [serverloop.c]
     if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
2005-12-20 16:08:42 +11:00
Damien Miller
7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller
24ecf61261 - dtucker@cvs.openbsd.org 2005/11/03 13:38:29
[canohost.c]
     Cache reverse lookups with and without DNS separately; ok markus@
2005-11-05 15:16:52 +11:00