Commit Graph

6052 Commits

Author SHA1 Message Date
Darren Tucker
cb5a1b6f70 - (dtucker] [misc.c] Shrink the area covered by USE_ROUTINGDOMAIN more
to eliminate an unused variable warning.
2010-01-08 20:09:01 +11:00
Darren Tucker
e83c3ea4b8 - (dtucker) [misc.c] Move the routingdomain ifdef to allow the socket to
be created.
2010-01-08 20:03:56 +11:00
Darren Tucker
843f0fa16d - (dtucker) [sftp.c] Expand ifdef for libedit to cover complete_is_remote
too.
2010-01-08 19:56:33 +11:00
Darren Tucker
1f5e3dc274 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make
RoutingDomain an unsupported option on platforms that don't have it.
2010-01-08 19:53:52 +11:00
Darren Tucker
e67f7db968 - (dtucker) [sftp.c] ifdef out the sftp completion bits for platforms that
don't have libedit.
2010-01-08 19:50:02 +11:00
Darren Tucker
dce7a92c7a - (dtucker) [Makefile.in] .c files do not belong in the OBJ lines. 2010-01-08 19:27:57 +11:00
Darren Tucker
8cbd403fde - (dtucker) [Makefile.in added roaming_client.c roaming_serv.c] Import new
files for roaming and add to Makefile.
2010-01-08 19:13:25 +11:00
Darren Tucker
aaf51d2d5b - djm@cvs.openbsd.org 2010/01/04 02:25:15
[sftp-server.c]
     bz#1566 don't unnecessarily dup() in and out fds for sftp-server;
     ok markus@
2010-01-08 19:04:49 +11:00
Darren Tucker
909d858d6b - djm@cvs.openbsd.org 2010/01/04 02:03:57
[sftp.c]
     Implement tab-completion of commands, local and remote filenames for sftp.
     Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009
     Google Summer of Code) and polished to a fine sheen by myself again.
     It should deal more-or-less correctly with the ikky corner-cases presented
     by quoted filenames, but the UI could still be slightly improved.
     In particular, it is quite slow for remote completion on large directories.
     bz#200; ok markus@
2010-01-08 19:02:40 +11:00
Darren Tucker
0c348f5b9e - dtucker@cvs.openbsd.org 2010/01/04 01:45:30
[sshconnect2.c]
     Don't escape backslashes in the SSH2 banner.  bz#1533, patch from
     Michal Gorny via Gentoo.
2010-01-08 18:58:05 +11:00
Darren Tucker
98e5d9a0d3 - jmc@cvs.openbsd.org 2009/12/29 18:03:32
[sshd_config.5 ssh_config.5]
     sort previous;
2010-01-08 18:57:39 +11:00
Darren Tucker
535b5e1721 - stevesk@cvs.openbsd.org 2009/12/29 16:38:41
[sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1]
     Rename RDomain config option to RoutingDomain to be more clear and
     consistent with other options.
     NOTE: if you currently use RDomain in the ssh client or server config,
     or ssh/sshd -o, you must update to use RoutingDomain.
     ok markus@ djm@
2010-01-08 18:56:48 +11:00
Darren Tucker
75456e8ab2 - stevesk@cvs.openbsd.org 2009/12/25 19:40:21
[readconf.c servconf.c misc.h ssh-keyscan.c misc.c]
     validate routing domain is in range 0-RT_TABLEID_MAX.
     'Looks right' deraadt@
2010-01-08 18:55:58 +11:00
Darren Tucker
f2705c8b7d - djm@cvs.openbsd.org 2009/12/20 23:20:40
[PROTOCOL]
     fix an incorrect magic number and typo in PROTOCOL; bz#1688
     report and fix from ueno AT unixuser.org
2010-01-08 18:54:17 +11:00
Darren Tucker
b8c884a0ba - guenther@cvs.openbsd.org 2009/12/20 07:28:36
[ssh.c sftp.c scp.c]
     When passing user-controlled options with arguments to other programs,
     pass the option and option argument as separate argv entries and
     not smashed into one (e.g., as -l foo and not -lfoo).  Also, always
     pass a "--" argument to stop option parsing, so that a positional
     argument that starts with a '-' isn't treated as an option.  This
     fixes some error cases as well as the handling of hostnames and
     filenames that start with a '-'.
     Based on a diff by halex@
     ok halex@ djm@ deraadt@
2010-01-08 18:53:43 +11:00
Darren Tucker
57e0d01260 - markus@cvs.openbsd.org 2009/12/11 18:16:33
[key.c]
     switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537
     for the RSA public exponent; discussed with provos; ok djm@
2010-01-08 18:52:27 +11:00
Darren Tucker
b5082e90a1 - dtucker@cvs.openbsd.org 2009/12/06 23:53:54
[sftp.c]
     fix potential divide-by-zero in sftp's "df" output when talking to a server
     that reports zero files on the filesystem (Unix filesystems always have at
     least the root inode).  From Steve McClellan at radisys, ok djm@
2010-01-08 18:51:47 +11:00
Darren Tucker
75694dbe77 - djm@cvs.openbsd.org 2009/12/06 23:53:45
[roaming_common.c]
     use socklen_t for getsockopt optlen parameter; reported by
     Steve.McClellan AT radisys.com, ok dtucker@
2010-01-08 18:51:14 +11:00
Darren Tucker
5246df47a4 - dtucker@cvs.openbsd.org 2009/12/06 23:41:15
[sshconnect2.c]
     zap unused variable and strlen; from Steve McClellan, ok djm
2010-01-08 18:50:46 +11:00
Darren Tucker
c4dc4f5bac - halex@cvs.openbsd.org 2009/11/22 13:18:00
[sftp.c]
     make passing of zero-length arguments to ssh safe by
     passing "-<switch>" "<value>" rather than "-<switch><value>"
     ok dtucker@, guenther@, djm@
2010-01-08 18:50:04 +11:00
Darren Tucker
70d87693f4 - djm@cvs.openbsd.org 2009/11/20 03:24:07
[misc.c]
     correct off-by-one in percent_expand(): we would fatal() when trying
     to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually
     work.  Note that nothing in OpenSSH actually uses close to this limit at
     present.  bz#1607 from Jan.Pechanec AT Sun.COM
2010-01-08 18:49:16 +11:00
Darren Tucker
ab79169e29 - dtucker@cvs.openbsd.org 2009/11/20 00:59:36
[sshconnect2.c]
     Use the HostKeyAlias when prompting for passwords.  bz#1039, ok djm@
2010-01-08 18:48:02 +11:00
Darren Tucker
210631922f - djm@cvs.openbsd.org 2009/11/20 00:54:01
[sftp.c]
     bz#1588 change "Connecting to host..." message to "Connected to host."
     and delay it until after the sftp protocol connection has been established.
     Avoids confusing sequence of messages when the underlying ssh connection
     experiences problems. ok dtucker@
2010-01-08 17:10:36 +11:00
Darren Tucker
c3dc404113 - dtucker@cvs.openbsd.org 2009/11/20 00:15:41
[session.c]
     Warn but do not fail if stat()ing the subsystem binary fails.  This helps
     with chrootdirectory+forcecommand=sftp-server and restricted shells.
     bz #1599, ok djm.
2010-01-08 17:09:50 +11:00
Darren Tucker
d6b06a9f39 - djm@cvs.openbsd.org 2009/11/19 23:39:50
[session.c]
     bz#1606: error when an attempt is made to connect to a server
     with ForceCommand=internal-sftp with a shell session (i.e. not a
     subsystem session). Avoids stuck client when attempting to ssh to such a
     service. ok dtucker@
2010-01-08 17:09:11 +11:00
Darren Tucker
2944082b3f - djm@cvs.openbsd.org 2009/11/17 05:31:44
[clientloop.c]
     fix incorrect exit status when multiplexing and channel ID 0 is recycled
     bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
2010-01-08 17:08:35 +11:00
Darren Tucker
876045b0fb - markus@cvs.openbsd.org 2009/11/11 21:37:03
[channels.c channels.h]
     fix race condition in x11/agent channel allocation: don't read after
     the end of the select read/write fdset and make sure a reused FD
     is not touched before the pre-handlers are called.
     with and ok djm@
2010-01-08 17:08:00 +11:00
Darren Tucker
6e7fe1c01b - dtucker@cvs.openbsd.org 2009/11/10 04:30:45
[sshconnect2.c channels.c sshconnect.c]
     Set close-on-exec on various descriptors so they don't get leaked to
     child processes.  bz #1643, patch from jchadima at redhat, ok deraadt.
2010-01-08 17:07:22 +11:00
Darren Tucker
f788a91624 - djm@cvs.openbsd.org 2009/11/10 02:58:56
[sshd_config.5]
     clarify that StrictModes does not apply to ChrootDirectory. Permissions
     and ownership are always checked when chrooting. bz#1532
2010-01-08 17:06:47 +11:00
Darren Tucker
78be8c54d6 - djm@cvs.openbsd.org 2009/11/10 02:56:22
[ssh_config.5]
     explain the constraints on LocalCommand some more so people don't
     try to abuse it.
2010-01-08 17:05:59 +11:00
Darren Tucker
cc117f0deb - jmc@cvs.openbsd.org 2009/10/28 21:45:08
[sshd_config.5 sftp.1]
     tweak previous;
2010-01-08 17:05:26 +11:00
Darren Tucker
34e314da1b - reyk@cvs.openbsd.org 2009/10/28 16:38:18
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
     channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
     sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
     Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
     ok markus@
2010-01-08 17:03:46 +11:00
Darren Tucker
f1de4e5228 - andreas@cvs.openbsd.org 2009/10/24 11:23:42
[ssh.c]
     Request roaming to be enabled if UseRoaming is true and the server
     supports it.
     ok markus@
2010-01-08 16:54:59 +11:00
Darren Tucker
e730118bf4 - andreas@cvs.openbsd.org 2009/10/24 11:22:37
[roaming_common.c]
     Do the actual suspend/resume in the client. This won't be useful until
     the server side supports roaming.
     Most code from Martin Forssen, maf at appgate dot com. Some changes by
     me and markus@
     ok markus@
2010-01-08 16:53:31 +11:00
Darren Tucker
f9e6eb8f22 - andreas@cvs.openbsd.org 2009/10/24 11:19:17
[ssh2.h]
     Define the KEX messages used when resuming a suspended connection.
     ok markus@
2010-01-08 16:52:32 +11:00
Darren Tucker
e32cf43106 - andreas@cvs.openbsd.org 2009/10/24 11:15:29
[clientloop.c]
     client_loop() must detect if the session has been suspended and resumed,
     and take appropriate action in that case.
     From Martin Forssen, maf at appgate dot com
     ok markus@
2010-01-08 16:51:40 +11:00
Darren Tucker
36331b5d6c - andreas@cvs.openbsd.org 2009/10/24 11:13:54
[sshconnect2.c kex.h kex.c]
     Let the client detect if the server supports roaming by looking
     for the resume@appgate.com kex algorithm.
     ok markus@
2010-01-08 16:50:41 +11:00
Darren Tucker
b7b17be4c0 - andreas@cvs.openbsd.org 2009/10/24 11:11:58
[roaming.h]
     Declarations needed for upcoming changes.
     ok markus@
2010-01-08 16:49:52 +11:00
Tim Rice
880ab0d84e - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
Gzip all man pages. Patch from Corinna Vinschen.
2009-12-26 15:40:47 -08:00
Darren Tucker
1bf3503c9d - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
Bug #1583: Use system's kerberos principal name on AIX if it's available.
   Based on a patch from and tested by Miguel Sanders.
2009-12-21 10:49:21 +11:00
Darren Tucker
c8802aac28 - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux,
based on a patch from Vaclav Ovsik and Colin Watson.  ok djm.
2009-12-08 13:39:48 +11:00
Darren Tucker
d35e0ef616 - (dtucker) Bug #1677: add conditionals around the source for ssh-askpass. 2009-12-07 11:32:36 +11:00
Darren Tucker
1533311f4c - (dtucker) Bug #1160: use pkg-config for opensc config if it's available.
Tested by Martin Paljak.
2009-12-07 11:15:43 +11:00
Tim Rice
53e9974007 - (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it.
Bug 1628. OK dtucker@
2009-11-20 19:32:15 -08:00
Damien Miller
409661f0d9 - (djm) [ssh-rand-helper.c] Print error and usage() when passed command-
line arguments as none are supported. Exit when passed unrecognised
   commandline flags. bz#1568 from gson AT araneus.fi
2009-11-20 15:16:35 +11:00
Damien Miller
2191e04549 - (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal.
bz#1645, patch from jchadima AT redhat.com
2009-11-18 17:51:59 +11:00
Damien Miller
04ee0f8f12 - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
   setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
   report and fix from jan.kratochvil AT redhat.com
2009-11-18 17:48:30 +11:00
Darren Tucker
df6578bb4d - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
keys when built with OpenSSL versions that don't do AES.
2009-11-07 16:03:14 +11:00
Darren Tucker
e89ed1cfca - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with
older versions of OpenSSL.
2009-11-05 20:43:16 +11:00
Darren Tucker
4d6656b103 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux
is enabled set the security context to "sftpd_t" before running the
   internal sftp server   Based on a patch from jchadima at redhat.
2009-10-24 15:04:12 +11:00