Commit Graph

4480 Commits

Author SHA1 Message Date
Darren Tucker
129d0bb6a6 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
openbsd-compat/openssl-compat.h] Check for and work around broken AES
   ciphers >128bit on (some) Solaris 10 systems.  ok djm@
2005-12-19 17:40:40 +11:00
Darren Tucker
d40c66cf3f - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
snprintf replacement can have a conflicting declaration in HP-UX's system
   headers (const vs. no const) so we now check for and work around it.  Patch
   from the dynamic duo of David Leonard and Ted Percival.
2005-12-17 22:32:03 +11:00
Darren Tucker
98cfc4ce9d - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
scp.c also uses, so undef them here.
2005-12-17 22:04:08 +11:00
Darren Tucker
3154358d66 - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
[regress/scp-ssh-wrapper.sh]
     Fix assumption about how many args scp will pass; ok djm@
2005-12-14 15:39:20 +11:00
Damien Miller
62a31c9fd0 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
again by providing a sys_tun_open() function for your platform and
   setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
   OpenBSD's tunnel protocol, which prepends the address family to the
   packet
2005-12-13 20:44:13 +11:00
Damien Miller
d47c62a714 - markus@cvs.openbsd.org 2005/12/12 13:46:18
[channels.c channels.h session.c]
     make sure protocol messages for internal channels are ignored.
     allow adjust messages for non-open channels; with and ok djm@
2005-12-13 19:33:57 +11:00
Damien Miller
7746c391b1 - jmc@cvs.openbsd.org 2005/12/08 21:37:50
[ssh_config.5]
     new sentence, new line;
2005-12-13 19:33:37 +11:00
Damien Miller
7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller
957d4e430e - jmc@cvs.openbsd.org 2005/12/08 15:06:29
[ssh_config.5]
     keep options in order;
2005-12-13 19:30:45 +11:00
Damien Miller
4b2319fb85 - jmc@cvs.openbsd.org 2005/12/08 14:59:44
[ssh.1 ssh_config.5]
     make `!command' a little clearer;
     ok reyk
2005-12-13 19:30:27 +11:00
Damien Miller
f0c8c15322 - jmc@cvs.openbsd.org 2005/12/07 10:52:13
[ssh.1]
     - avoid line split in SYNOPSIS
     - add args to -w
     - kill trailing whitespace
2005-12-13 19:29:58 +11:00
Damien Miller
aeb31d6120 - djm@cvs.openbsd.org 2005/12/07 03:52:22
[clientloop.c]
     reyk forgot to compile with -Werror (missing header)
2005-12-13 19:29:36 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller
6dbdb6afee - jmc@cvs.openbsd.org 2005/11/30 11:45:20
[ssh.1]
     avoid ambiguities in describing TZ;
     ok djm@
2005-12-13 19:25:43 +11:00
Damien Miller
c94ebbc723 - (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/11/30 11:18:27
     [ssh.1]
     timezone -> time zone
2005-12-13 19:25:21 +11:00
Darren Tucker
1bbbf24f4c Bump release note URL 2005-12-01 22:21:04 +11:00
Damien Miller
7677be5d6c - (djm) [envpass.sh] Remove regress script that was accidentally committed
in top level directory and not noticed for over a year :)
2005-12-01 12:51:59 +11:00
Tim Rice
46259d86a2 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
for UnixWare.
2005-11-28 18:40:34 -08:00
Darren Tucker
3af2ac56a2 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
[ssh-keygen.c]
     Populate default key sizes before checking them; from & ok tim@
2005-11-29 13:10:24 +11:00
Tim Rice
660c3405f9 - (tim) [ssh-keygen.c] Move DSA length test after setting default when
bits == 0.
2005-11-28 17:45:32 -08:00
Darren Tucker
ac0c8a533d - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
_GNU_SOURCE instead.  Patch from t8m at centrum.cz.
2005-11-28 22:28:59 +11:00
Darren Tucker
3a4634f674 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
[ssh-agent.1]
     Update agent socket path templates to reflect reality, correct xref for
     time formats.  bz#1121, patch from openssh at roumenpetrov.info, ok djm@
2005-11-28 17:05:40 +11:00
Darren Tucker
9f647335d2 [ssh-keygen.1 ssh-keygen.c]
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
     increase minumum RSA key size to 768 bits and update man page to reflect
     these.  Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
     ok djm@, grudging ok deraadt@.
2005-11-28 16:41:46 +11:00
Darren Tucker
b1a8777f3a - (dtucker) [regress/yes-head.sh] Work around breakage caused by some
versions of GNU head.  Based on patch from zappaman at buraphalinux.org
2005-11-28 16:41:03 +11:00
Darren Tucker
91d25a0c45 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
when they're available) need the real UID set otherwise pam_chauthtok will
   set ADMCHG after changing the password, forcing the user to change it
   again immediately.
2005-11-26 22:24:09 +11:00
Darren Tucker
e0be30426a - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
snprintf formats, fixes warnings on some 64 bit platforms.  Patch from
   shaw at vranix.com, ok djm@
2005-11-25 14:44:55 +11:00
Darren Tucker
58e298d11b - (dtucker) [configure.ac] Apply tim's fix for older systems where the
resolver state in resolv.h is "state" not "__res_state".  With slight
   modification by me to also work on old AIXes.  ok djm@
2005-11-25 13:14:58 +11:00
Darren Tucker
faec5ca73f - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
many and use them only once.  Speeds up testing on older/slower hardware.
2005-11-24 23:18:54 +11:00
Darren Tucker
79d09fad52 - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
order in Reliant Unix block.  Patch from johane at lysator.liu.se.
2005-11-24 22:34:54 +11:00
Damien Miller
57f3915b55 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
   asprintf() implementation, after syncing our {v,}snprintf() implementation
   with some extra fixes from Samba's version. With help and debugging from
   dtucker and tim; ok dtucker@
2005-11-24 19:58:19 +11:00
Darren Tucker
efc17470e0 - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
from shaw at vranix.com.
2005-11-22 19:55:13 +11:00
Darren Tucker
593bae7e10 - dtucker@cvs.openbsd.org 2005/11/22 03:36:03
[hostfile.c]
     Correct format/arguments to debug call; spotted by shaw at vranix.com
     ok djm@
2005-11-22 19:43:26 +11:00
Darren Tucker
f4732f6475 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
[auth-krb5.c]
     Perform Kerberos calls even for invalid users to prevent leaking
     information about account validity.  bz #975, patch originally from
     Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
     ok markus@
2005-11-22 19:42:42 +11:00
Darren Tucker
e8400da9d5 - millert@cvs.openbsd.org 2005/11/15 11:59:54
[includes.h]
     Include sys/queue.h explicitly instead of assuming some other header
     will pull it in.  At the moment it gets pulled in by sys/select.h
     (which ssh has no business including) via event.h.  OK markus@
     (ID sync only in -portable)
2005-11-22 19:41:33 +11:00
Darren Tucker
33f86bc284 - deraadt@cvs.openbsd.org 2005/11/12 18:38:15
[scp.c]
     avoid close(-1), as in rcp; ok cloder
2005-11-22 19:38:06 +11:00
Darren Tucker
b736d8d829 - deraadt@cvs.openbsd.org 2005/11/12 18:37:59
[ssh-add.c]
     space
2005-11-22 19:37:08 +11:00
Darren Tucker
4123636471 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
is going on.
2005-11-20 14:09:59 +11:00
Darren Tucker
cb6ecdea6c - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
test: if sshd takes too long to reconfigure the subsequent connection will
   fail.  Zap pidfile before HUPing sshd which will rewrite it when it's ready.
2005-11-12 21:30:07 +11:00
Darren Tucker
5bfe1687dd - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@ 2005-11-12 18:42:36 +11:00
Darren Tucker
3f9545ee67 - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test. 2005-11-12 15:20:52 +11:00
Darren Tucker
5a0bdf770c - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag. 2005-11-12 14:28:05 +11:00
Darren Tucker
7cb2a78ae2 - (dtucker) [openbsd-compat/realpath.c] Sync $OpenBSD tag. 2005-11-12 14:14:52 +11:00
Darren Tucker
16fd99c727 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
ifdef lost during sync.  Spotted by tim@.
2005-11-12 14:06:29 +11:00
Darren Tucker
f032435de7 - (dtucker) [configure.ac] Try to get the gcc version number in a way that
doesn't change between versions, and use a safer default.
2005-11-10 21:30:36 +11:00
Darren Tucker
9d30d13922 - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
Id and copyright sync only, there were no substantial changes we need.
2005-11-10 19:43:48 +11:00
Darren Tucker
581203438f typo 2005-11-10 19:31:37 +11:00
Darren Tucker
ce1cb1f160 - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
-Wall fixes from djm.
2005-11-10 19:31:08 +11:00
Darren Tucker
30d6974124 - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
Id and copyright sync only, there were no substantial changes we need.
2005-11-10 19:29:12 +11:00
Darren Tucker
fe80d7a068 - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17. 2005-11-10 17:54:46 +11:00
Darren Tucker
6f15c07ce3 - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker. 2005-11-10 17:52:08 +11:00