Commit Graph

6161 Commits

Author SHA1 Message Date
Darren Tucker
3dfb877046 - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
[regress/keys-command.sh]
     Fix some problems with the keys-command test:
      - use string comparison rather than numeric comparison
      - check for existing KEY_COMMAND file and don't clobber if it exists
      - clean up KEY_COMMAND file if we do create it.
      - check that KEY_COMMAND is executable (which it won't be if eg /var/run
        is mounted noexec).
     ok djm.
2012-12-07 13:03:10 +11:00
Tim Rice
96ce9a1e45 20121205
- (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
2012-12-04 07:50:03 -08:00
Damien Miller
8b48982a56 - (djm) [configure.ac] Revert previous. configure.ac already does this
for us.
2012-12-03 12:35:55 +11:00
Damien Miller
03af12e930 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
debugging. ok dtucker@
2012-12-03 11:55:53 +11:00
Damien Miller
55aca027ed - djm@cvs.openbsd.org 2012/12/03 00:14:06
[auth2-chall.c ssh-keygen.c]
     Fix compilation with -Wall -Werror (trivial type fixes)
2012-12-03 11:25:30 +11:00
Damien Miller
999bd2d259 - djm@cvs.openbsd.org 2012/12/02 20:47:48
[Makefile regress/forward-control.sh]
     regress for AllowTcpForwarding local/remote; ok markus@
2012-12-03 10:13:39 +11:00
Damien Miller
771c43cee6 - djm@cvs.openbsd.org 2012/11/22 22:49:30
[regress/Makefile regress/keys-command.sh]
     regress for AuthorizedKeysCommand; hints from markus@
2012-12-03 10:12:13 +11:00
Damien Miller
6618e92509 - djm@cvs.openbsd.org 2012/10/19 05:10:42
[regress/cert-userkey.sh]
     include a serial number when generating certs
2012-12-03 10:09:04 +11:00
Damien Miller
fa51d8b6b2 - dtucker@cvs.openbsd.org 2012/10/05 02:20:48
[regress/cipher-speed.sh regress/try-ciphers.sh]
     Add umac-128@openssh.com to the list of MACs to be tested
2012-12-03 10:08:25 +11:00
Damien Miller
d27a026ab7 - dtucker@cvs.openbsd.org 2012/10/05 02:05:30
[regress/multiplex.sh]
     Use 'kill -0' to test for the presence of a pid since it's more portable
2012-12-03 10:06:37 +11:00
Damien Miller
15b05cfa17 - djm@cvs.openbsd.org 2012/12/02 20:34:10
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
     [monitor.c monitor.h]
     Fixes logging of partial authentication when privsep is enabled
     Previously, we recorded "Failed xxx" since we reset authenticated before
     calling auth_log() in auth2.c. This adds an explcit "Partial" state.

     Add a "submethod" to auth_log() to report which submethod is used
     for keyboard-interactive.

     Fix multiple authentication when one of the methods is
     keyboard-interactive.

     ok markus@
2012-12-03 09:53:20 +11:00
Damien Miller
aa5b3f8314 - djm@cvs.openbsd.org 2012/12/02 20:46:11
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
     [sshd_config.5]
     make AllowTcpForwarding accept "local" and "remote" in addition to its
     current "yes"/"no" to allow the server to specify whether just local or
     remote TCP forwarding is enabled. ok markus@
2012-12-03 09:50:54 +11:00
Damien Miller
33a813613a - djm@cvs.openbsd.org 2012/12/02 20:42:15
[ssh-add.1 ssh-add.c]
     make deleting explicit keys "ssh-add -d" symmetric with adding keys -
     try to delete the corresponding certificate too and respect the -k option
     to allow deleting of the key only; feedback and ok markus@
2012-12-03 09:50:24 +11:00
Damien Miller
cb6b68b209 - djm@cvs.openbsd.org 2012/12/02 20:26:11
[ssh_config.5 sshconnect2.c]
     Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
     This allows control of which keys are offered from tokens using
     IdentityFile. ok markus@
2012-12-03 09:49:52 +11:00
Damien Miller
cf6ef137b5 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
TAILQ_FOREACH_SAFE needed for upcoming changes.
2012-12-03 09:37:56 +11:00
Damien Miller
6f3b362fa8 - djm@cvs.openbsd.org 2012/11/14 02:32:15
[ssh-keygen.c]
     allow the full range of unsigned serial numbers; 'fine' deraadt@
2012-11-14 19:04:33 +11:00
Damien Miller
1e85469fcb - djm@cvs.openbsd.org 2012/11/14 02:24:27
[auth2-pubkey.c]
     fix username passed to helper program
     prepare stdio fds before closefrom()

     spotted by landry@
2012-11-14 19:04:02 +11:00
Damien Miller
0120c41d6b - jmc@cvs.openbsd.org 2012/09/26 17:34:38
[moduli.5]
     last stage of rfc changes, using consistent Rs/Re blocks, and moving the
     references into a STANDARDS section;
2012-11-07 08:36:00 +11:00
Damien Miller
d5c3d4c0ca - eric@cvs.openbsd.org 2011/11/28 08:46:27
[moduli.5]
     fix formula
     ok djm@
2012-11-07 08:35:38 +11:00
Darren Tucker
737f7aff36 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
don't have it.  Spotted by tim@.
2012-11-05 17:07:43 +11:00
Darren Tucker
f96ff18a92 - (dtucker) [uidswap.c openbsd-compat/Makefile.in
openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
   and gids from uidswap.c to the compat library, which allows it to work with
   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@
2012-11-05 17:04:37 +11:00
Damien Miller
a6e3f01d1e - djm@cvs.openbsd.org 2012/11/04 11:09:15
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
     [sshd_config.5]
     Support multiple required authentication via an AuthenticationMethods
     option. This option lists one or more comma-separated lists of
     authentication method names. Successful completion of all the methods in
     any list is required for authentication to complete;
     feedback and ok markus@
2012-11-04 23:21:40 +11:00
Damien Miller
d0d1099b3b - djm@cvs.openbsd.org 2012/11/04 10:38:43
[auth2-pubkey.c sshd.c sshd_config.5]
     Remove default of AuthorizedCommandUser. Administrators are now expected
     to explicitly specify a user. feedback and ok markus@
2012-11-04 22:23:14 +11:00
Damien Miller
f33580eed0 - OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2012/10/31 08:04:50
     [sshd_config.5]
     tweak previous;
2012-11-04 22:22:52 +11:00
Damien Miller
09d3e12512 - djm@cvs.openbsd.org 2012/10/30 21:29:55
[auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
     [sshd.c sshd_config sshd_config.5]
     new sshd_config option AuthorizedKeysCommand to support fetching
     authorized_keys from a command in addition to (or instead of) from
     the filesystem. The command is run as the target server user unless
     another specified via a new AuthorizedKeysCommandUser option.

     patch originally by jchadima AT redhat.com, reworked by me; feedback
     and ok markus@
2012-10-31 08:58:58 +11:00
Damien Miller
07daed505f - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2012/10/05 12:34:39
     [sftp.c]
     fix signed vs unsigned warning; feedback & ok: djm@
2012-10-31 08:57:55 +11:00
Tim Rice
c0e5cbe222 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
the generated file as intended.
2012-10-18 21:38:58 -07:00
Darren Tucker
cc8e9ffdd1 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom" 2012-10-05 15:41:06 +10:00
Darren Tucker
50ce447ef9 - [umac.c] Enforce allowed umac output sizes. From djm@. 2012-10-05 12:11:33 +10:00
Darren Tucker
ee4ad778d7 - dtucker@cvs.openbsd.org 2012/09/10 01:51:19
[regress/multiplex.sh]
     use -Ocheck and waiting for completions by PID to make multiplexing test
     less racy and (hopefully) more reliable on slow hardware.
2012-10-05 12:04:10 +10:00
Darren Tucker
9b2c0360cf - dtucker@cvs.openbsd.org 2012/09/10 00:49:21
[regress/multiplex.sh]
     Log -O cmd output to the log file and make logging consistent with the
     other tests.  Test clean shutdown of an existing channel when testing
     "stop".
2012-10-05 11:45:39 +10:00
Darren Tucker
6fc5aa8b2e - dtucker@cvs.openbsd.org 2012/09/09 11:51:25
[multiplex.sh]
     Add test for ssh -Ostop
2012-10-05 11:43:57 +10:00
Darren Tucker
189e5bad5c - dtucker@cvs.openbsd.org 2012/09/06 04:11:07
[regress/try-ciphers.sh]
     Restore missing space.  (Id sync only).
2012-10-05 11:41:52 +10:00
Darren Tucker
992faad1f1 - [Makefile umac.c] Add special-case target to build umac128.o. 2012-10-05 11:38:24 +10:00
Darren Tucker
427e409e99 - markus@cvs.openbsd.org 2012/10/04 13:21:50
[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
     add umac128 variant; ok djm@ at n2k12
     (note: further Makefile work is required)
2012-10-05 11:02:39 +10:00
Darren Tucker
0dc283b13a - djm@cvs.openbsd.org 2012/10/02 07:07:45
[ssh-keygen.c]
     fix -z option, broken in revision 1.215
2012-10-05 10:52:51 +10:00
Darren Tucker
3a7c04105a - naddy@cvs.openbsd.org 2012/10/01 13:59:51
[monitor_wrap.c]
     pasto; ok djm@
2012-10-05 10:51:59 +10:00
Darren Tucker
628a3fdce2 - jmc@cvs.openbsd.org 2012/09/26 16:12:13
[ssh.1]
     last stage of rfc changes, using consistent Rs/Re blocks, and moving the
     references into a STANDARDS section;
2012-10-05 10:50:15 +10:00
Darren Tucker
17146d369c - dtucker@cvs.openbsd.org 2012/09/21 10:55:04
[sftp.c]
     Fix handling of filenames containing escaped globbing characters and
     escape "#" and "*".  Patch from Jean-Marc Robert via tech@, ok djm.
2012-10-05 10:46:16 +10:00
Darren Tucker
191fcc6e4e - dtucker@cvs.openbsd.org 2012/09/21 10:53:07
[sftp.c]
     Fix improper handling of absolute paths when PWD is part of the completed
     path.  Patch from Jean-Marc Robert via tech@, ok djm.
2012-10-05 10:45:01 +10:00
Darren Tucker
063018d9f6 - dtucker@cvs.openbsd.org 2012/09/18 10:36:12
[sftp.c]
     Add bounds check on sftp tab-completion.  Part of a patch from from
     Jean-Marc Robert via tech@, ok djm
2012-10-05 10:43:58 +10:00
Darren Tucker
302889a1b0 - markus@cvs.openbsd.org 2012/09/17 13:04:11
[packet.c]
     clear old keys on rekeing; ok djm
2012-10-05 10:42:53 +10:00
Darren Tucker
0af2405ebf - (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2012/09/17 09:54:44
     [sftp.c]
     an XXX for later
2012-10-05 10:41:25 +10:00
Darren Tucker
26b9e3b0c5 - markus@cvs.openbsd.org 2012/09/14 16:51:34
[sshconnect.c]
     remove unused variable
2012-09-17 13:25:44 +10:00
Darren Tucker
bb6cc07cf4 - dtucker@cvs.openbsd.org 2012/09/13 23:37:36
[servconf.c]
     Fix comment line length
2012-09-17 13:25:06 +10:00
Darren Tucker
86dc9b4110 Fix author's name for RFC6594 SSHFP change 2012-09-07 18:08:23 +10:00
Darren Tucker
48bf4b0ca3 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21
[clientloop.c]
     when muxmaster is run with -N, make it shut down gracefully when a client
     sends it "-O stop" rather than hanging around (bz#1985).  ok djm@
2012-09-07 16:38:53 +10:00
Darren Tucker
ca0d0fd806 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21
[clientloop.c]
     Merge escape help text for ~v and ~V; ok djm@
2012-09-07 11:22:24 +10:00
Darren Tucker
f111d40604 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19
[clientloop.c]
     Print '^Z' instead of a raw ^Z when the sequence is not supported.  ok djm@
2012-09-07 11:21:42 +10:00
Darren Tucker
83d0af6907 - jmc@cvs.openbsd.org 2012/09/06 13:57:42
[ssh.1]
     missing letter in previous;
2012-09-07 11:21:03 +10:00