Commit Graph

5764 Commits

Author SHA1 Message Date
Damien Miller
41bccf75af - (djm) [configure.ac] Check whether libdes is needed when building
with Heimdal krb5 support. On OpenBSD this library no longer exists,
   so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
Damien Miller
4a06f9271f - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker 2011-01-02 21:43:59 +11:00
Damien Miller
928362dc03 - djm@cvs.openbsd.org 2010/12/08 04:02:47
[ssh_config.5 sshd_config.5]
     explain that IPQoS arguments are separated by whitespace; iirc requested
     by jmc@ a while back
2010-12-26 14:26:45 +11:00
Darren Tucker
4288c53d04 - djm@cvs.openbsd.org 2010/12/04 00:21:19
[regress/sftp-cmds.sh]
     adjust for hard-link support
2010-12-05 09:45:50 +11:00
Darren Tucker
7e1a5a4e1b - (dtucker) [regress/Makefile] Id sync. 2010-12-05 09:29:31 +11:00
Darren Tucker
094f1e9934 - djm@cvs.openbsd.org 2010/12/04 13:31:37
[hostfile.c]
     fix fd leak; spotted and ok dtucker
2010-12-05 09:03:31 +11:00
Darren Tucker
af1f909254 - djm@cvs.openbsd.org 2010/12/04 00:18:01
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
     add a protocol extension to support a hard link operation. It is
     available through the "ln" command in the client. The old "ln"
     behaviour of creating a symlink is available using its "-s" option
     or through the preexisting "symlink" command; based on a patch from
     miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
Darren Tucker
adab6f1299 - djm@cvs.openbsd.org 2010/12/03 23:55:27
[auth-rsa.c]
     move check for revoked keys to run earlier (in auth_rsa_key_allowed)
     bz#1829; patch from ldv AT altlinux.org; ok markus@
2010-12-05 09:01:47 +11:00
Darren Tucker
7336b904ff - (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/12/03 23:49:26
     [schnorr.c]
     check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
     (this code is still disabled, but apprently people are treating it as
     a reference implementation)
2010-12-05 09:00:30 +11:00
Darren Tucker
37bb7568ab - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
debugging.  Spotted by djm.
2010-12-05 08:46:05 +11:00
Darren Tucker
ebdef76b5d - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
shims for the new, non-deprecated OpenSSL key generation functions for
   platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
Damien Miller
d89745b9e7 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
instead of (arc4random() % range)
2010-12-03 10:50:26 +11:00
Damien Miller
d925dcd8a5 - djm@cvs.openbsd.org 2010/11/29 23:45:51
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
     [sshconnect.h sshconnect2.c]
     automatically order the hostkeys requested by the client based on
     which hostkeys are already recorded in known_hosts. This avoids
     hostkey warnings when connecting to servers with new ECDSA keys
     that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00
Damien Miller
03c0e533de - markus@cvs.openbsd.org 2010/11/29 18:57:04
[authfile.c]
     correctly load comment for encrypted rsa1 keys;
     report/fix Joachim Schipper; ok djm@
2010-12-01 12:03:39 +11:00
Damien Miller
87dc0a4188 - djm@cvs.openbsd.org 2010/11/26 05:52:49
[scp.c]
     Pass through ssh command-line flags and options when doing remote-remote
     transfers, e.g. to enable agent forwarding which is particularly useful
     in this case; bz#1837 ok dtucker@
2010-12-01 12:03:19 +11:00
Damien Miller
f80c3deaaf - djm@cvs.openbsd.org 2010/11/25 04:10:09
[session.c]
     replace close() loop for fds 3->64 with closefrom();
     ok markus deraadt dtucker
2010-12-01 12:02:59 +11:00
Damien Miller
b7f827ae45 - djm@cvs.openbsd.org 2010/11/24 01:24:14
[channels.c]
     remove a debug() that pollutes stderr on client connecting to a server
     in debug mode (channel_close_fds is called transitively from the session
     code post-fork); bz#1719, ok dtucker
2010-12-01 12:02:35 +11:00
Damien Miller
d0fdd6818c - djm@cvs.openbsd.org 2010/11/23 23:57:24
[clientloop.c]
     avoid NULL deref on receiving a channel request on an unknown or invalid
     channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2010-12-01 12:02:14 +11:00
Damien Miller
6a740e7b92 - djm@cvs.openbsd.org 2010/11/23 02:35:50
[auth.c]
     use strict_modes already passed as function argument over referencing
     global options.strict_modes
2010-12-01 12:01:51 +11:00
Damien Miller
a232792783 - djm@cvs.openbsd.org 2010/11/21 10:57:07
[authfile.c]
     Refactor internals of private key loading and saving to work on memory
     buffers rather than directly on files. This will make a few things
     easier to do in the future; ok markus@
2010-12-01 12:01:21 +11:00
Damien Miller
2cd629349d - djm@cvs.openbsd.org 2010/11/21 01:01:13
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
     honour $TMPDIR for client xauth and ssh-agent temporary directories;
     feedback and ok markus@
2010-12-01 11:50:35 +11:00
Damien Miller
188ea814b1 - OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38
     [auth2-pubkey.c]
     clean up cases of ;;
2010-12-01 11:50:14 +11:00
Damien Miller
73de86ac5a - (djm) [defines.h] Add IP DSCP defines 2010-11-24 10:50:04 +11:00
Darren Tucker
4b6cbf7aab - (dtucker) [packet.c] Remove redundant local declaration of "int tos". 2010-11-24 10:46:37 +11:00
Damien Miller
88e341e1ca - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
group read/write. ok dtucker@
2010-11-24 10:36:15 +11:00
Darren Tucker
d995712383 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
into the platform-specific code  Only affects SCO, tested by and ok tim@.
2010-11-24 10:09:13 +11:00
Darren Tucker
9e0ff7afc8 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
from vapier at gentoo org.
2010-11-22 17:59:00 +11:00
Damien Miller
0a1847347d - jmc@cvs.openbsd.org 2010/11/18 15:01:00
[scp.1 sftp.1 ssh.1 sshd_config.5]
     add IPQoS to the various -o lists, and zap some trailing whitespace;
2010-11-20 15:21:03 +11:00
Damien Miller
8e1ea4e5a3 - jmc@cvs.openbsd.org 2010/11/15 07:40:14
[ssh_config.5]
     libary -> library;
2010-11-20 15:20:10 +11:00
Damien Miller
0dac6fb6b2 - djm@cvs.openbsd.org 2010/11/13 23:27:51
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
     [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
     allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
     hardcoding lowdelay/throughput.

     bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
Damien Miller
4499f4cc20 - djm@cvs.openbsd.org 2010/11/10 01:33:07
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
     use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
     these have been around for years by this time. ok markus
2010-11-20 15:15:49 +11:00
Damien Miller
7a221a1591 - djm@cvs.openbsd.org 2010/11/05 02:46:47
[packet.c]
     whitespace KNF
2010-11-20 15:14:29 +11:00
Damien Miller
dd190ddfd7 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
platforms that don't support ECC. Fixes some spurious warnings reported
   by tim@
2010-11-11 14:17:02 +11:00
Tim Rice
c7a8af03a0 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
Tim Rice
e426f5e932 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
Feedback from dtucker@
2010-11-08 09:15:14 -08:00
Tim Rice
c10aeaa8f2 - (tim) [regress/kextype.sh] Shell portability fix. 2010-11-07 13:03:11 -08:00
Tim Rice
522262f8b3 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
tree.
2010-11-07 13:00:27 -08:00
Darren Tucker
d1ece6e4a2 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
the correct typedefs.
2010-11-07 18:05:54 +11:00
Darren Tucker
9283d8cbc5 - (dtucker) [platform.c] Need servconf.h and extern options. 2010-11-05 18:56:08 +11:00
Darren Tucker
f619d1cad9 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
strictly correct since while ECC requires sha256 the reverse is not true
   however it does prevent spurious test failures.
2010-11-05 18:41:50 +11:00
Darren Tucker
345178d951 - (dtucker) [regress/kextype.sh] Add missing "test". 2010-11-05 18:35:52 +11:00
Darren Tucker
eab5f0df90 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
   from configure through to regress/Makefile and use it in the tests.
2010-11-05 18:23:38 +11:00
Darren Tucker
b69e033e67 - (dtucker) [regress/keytype.sh] Import new test. 2010-11-05 18:19:15 +11:00
Darren Tucker
b12fe272a0 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
check into platform.c
2010-11-05 14:47:01 +11:00
Darren Tucker
cc12418e18 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
non-LOGIN_CAP case into platform.c.
2010-11-05 13:32:52 +11:00
Darren Tucker
0b2ee6452c - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
platform.c.
2010-11-05 13:29:25 +11:00
Darren Tucker
676b912e78 - (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c. 2010-11-05 13:11:04 +11:00
Darren Tucker
7a8afe3186 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
platform.c
2010-11-05 13:07:24 +11:00
Darren Tucker
728d8371a1 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
the LOGIN_CAP case into platform.c.
2010-11-05 13:00:05 +11:00
Darren Tucker
fd4d8aa2cb - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
retain previous behavior.
2010-11-05 12:50:41 +11:00