Commit Graph

272 Commits

Author SHA1 Message Date
Darren Tucker
57f4224677 - stevesk@cvs.openbsd.org 2006/07/11 20:16:43
[ssh.c]
     cast asterisk field precision argument to int to remove warning;
     ok markus@
2006-07-12 22:23:35 +10:00
Darren Tucker
e7d4b19f75 - markus@cvs.openbsd.org 2006/07/11 18:50:48
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
     channels.h readconf.c]
     add ExitOnForwardFailure: terminate the connection if ssh(1)
     cannot set up all requested dynamic, local, and remote port
     forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
Darren Tucker
284706a755 - dtucker@cvs.openbsd.org 2006/07/11 10:12:07
[ssh.c]
     Only copy the part of environment variable that we actually use.  Prevents
     ssh bailing when SendEnv is used and an environment variable with a really
     long value exists.  ok djm@
2006-07-12 22:16:23 +10:00
Damien Miller
57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
Damien Miller
e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
Damien Miller
9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Damien Miller
b757677d02 - stevesk@cvs.openbsd.org 2006/07/03 08:54:20
[includes.h ssh.c sshconnect.c sshd.c]
     move #include "version.h" out of includes.h; ok markus@
2006-07-10 20:23:39 +10:00
Damien Miller
991dba43e1 - stevesk@cvs.openbsd.org 2006/07/02 17:12:58
[ssh.1 ssh.c ssh_config.5 sshd_config.5]
     more details and clarity for tun(4) device forwarding; ok and help
     jmc@
2006-07-10 20:16:27 +10:00
Darren Tucker
232b76f9f8 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
     Prevent ssh from trying to open private keys with bad permissions more than
     once or prompting for their passphrases (which it subsequently ignores
     anyway), similar to a previous change in ssh-add.  bz #1186, ok djm@
2006-05-06 17:41:51 +10:00
Damien Miller
6b1d53c2b0 - djm@cvs.openbsd.org 2006/03/30 10:41:25
[ssh.c ssh_config.5]
     add percent escape chars to the IdentityFile option, bz #1159 based
     on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2006-03-31 23:13:21 +11:00
Damien Miller
ddd63ab1d0 - deraadt@cvs.openbsd.org 2006/03/28 00:12:31
[README.tun ssh.c]
     spacing
2006-03-31 23:10:51 +11:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
2006-03-26 14:19:21 +11:00
Damien Miller
1d2b6706ba - deraadt@cvs.openbsd.org 2006/03/20 18:42:27
[canohost.c match.c ssh.c sshconnect.c]
     be strict with tolower() casting
2006-03-26 14:09:54 +11:00
Damien Miller
9096740f6c - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
     [ssh-rsa.c ssh.c sshlogin.c]
     annoying spacing fixes getting in the way of real diffs
2006-03-26 14:07:26 +11:00
Damien Miller
71a7367130 - deraadt@cvs.openbsd.org 2006/03/20 18:14:02
[channels.c clientloop.c monitor_wrap.c monitor_wrap.h serverloop.c]
     [ssh.c sshpty.c sshpty.h]
     sprinkle u_int throughout pty subsystem, ok markus
2006-03-26 14:04:36 +11:00
Damien Miller
4662d3492f - deraadt@cvs.openbsd.org 2006/03/19 18:59:30
[ssh.c]
     spacing
2006-03-26 13:59:59 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
2006-03-15 14:42:54 +11:00
Damien Miller
2ecb6bd95d - djm@cvs.openbsd.org 2006/03/12 04:23:07
[ssh.c]
     knf nit
2006-03-15 12:03:53 +11:00
Damien Miller
c7b06369a8 - stevesk@cvs.openbsd.org 2006/02/22 00:04:45
[canohost.c clientloop.c includes.h match.c readconf.c scp.c ssh.c]
     [sshconnect.c]
     move #include <ctype.h> out of includes.h; ok djm@
2006-03-15 11:53:45 +11:00
Damien Miller
6ff3caddb6 oops, this commit is really:
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
     [clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@

the previous was:

   - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
     [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
     [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
     [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
     [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
     [sshconnect2.c sshd.c sshpty.c]
     move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
Damien Miller
f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller
574c41fdb3 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
     move #include <sys/un.h> out of includes.h; ok djm@
2006-03-15 11:40:10 +11:00
Damien Miller
3ec54c7e58 - djm@cvs.openbsd.org 2006/02/12 06:45:34
[ssh.c ssh_config.5]
     add a %l expansion code to the ControlPath, which is filled in with the
     local hostname at runtime. Requested by henning@ to avoid some problems
     with /home on NFS; ok dtucker@
2006-03-15 11:30:13 +11:00
Damien Miller
17e91c0fb0 - stevesk@cvs.openbsd.org 2006/02/10 00:27:13
[channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
     [ssh.c sshd.c sshpty.c]
     move #include <sys/ioctl.h> out of includes.h; ok markus@
2006-03-15 11:28:34 +11:00
Damien Miller
cd4223c245 - stevesk@cvs.openbsd.org 2006/02/08 14:31:30
[includes.h ssh-agent.c ssh-keyscan.c ssh.c]
     move #include <sys/resource.h> out of includes.h; ok markus@
2006-03-15 11:22:47 +11:00
Damien Miller
03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
Damien Miller
598bbc2d8f - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
[serverloop.c ssh.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
   compatability support for Linux, diff from reyk@
2005-12-31 16:33:36 +11:00
Darren Tucker
e9a9b71c6b - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
[ssh.c]
     exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
2005-12-20 16:15:51 +11:00
Damien Miller
7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Damien Miller
788f212aed - djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
     [ssh.c sshconnect.c sshconnect1.c sshd.c]
     no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
Damien Miller
aa3bb10940 - djm@cvs.openbsd.org 2005/10/30 04:03:24
[ssh.c]
     fix misleading debug message; ok dtucker@
2005-11-05 15:12:59 +11:00
Damien Miller
15d72a00a3 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
[ssh-keygen.c ssh.c sshconnect2.c]
     no trailing "\n" for log functions; ok djm@
2005-11-05 15:07:33 +11:00
Darren Tucker
895d698515 - jmc@cvs.openbsd.org 2005/09/19 15:42:44
[ssh.c]
     update -D usage here too;
2005-10-03 18:18:05 +10:00
Darren Tucker
ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00
Damien Miller
be1045dc58 - djm@cvs.openbsd.org 2005/07/30 01:26:16
[ssh.c]
     fix -D listen_host initialisation, so it picks up gateway_ports setting
     correctly
2005-08-12 22:10:56 +10:00
Damien Miller
46d38de48b - djm@cvs.openbsd.org 2005/07/16 01:35:24
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
     [sshconnect.c]
     spacing
2005-07-17 17:02:09 +10:00
Damien Miller
1339002e8b - djm@cvs.openbsd.org 2005/07/04 00:58:43
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
     implement support for X11 and agent forwarding over multiplex slave
     connections. Because of protocol limitations, the slave connections inherit
     the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
     their own.
     ok dtucker@ "put it in" deraadt@
2005-07-06 09:44:19 +10:00
Damien Miller
7c71cc738c - djm@cvs.openbsd.org 2005/06/25 22:47:49
[ssh.c]
     do the default port filling code a few lines earlier, so it really
     does fix %p
2005-06-26 08:56:31 +10:00
Damien Miller
8f74c8fc32 - djm@cvs.openbsd.org 2005/06/18 04:30:36
[ssh.c ssh_config.5]
     allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
2005-06-26 08:56:03 +10:00
Damien Miller
9651fe690a - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/06/17 22:53:47
     [ssh.c sshconnect.c]
     Fix ControlPath's %p expanding to "0" for a default port,
     spotted dwmw2 AT infradead.org; ok markus@
2005-06-26 08:55:25 +10:00
Damien Miller
17e7ed0e75 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/06/16 03:38:36
     [channels.c channels.h clientloop.c clientloop.h ssh.c]
     move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
     easier later; ok deraadt@
2005-06-17 12:54:33 +10:00
Damien Miller
d14b1e731c - djm@cvs.openbsd.org 2005/06/08 11:25:09
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
     add ControlMaster=auto/autoask options to support opportunistic
     multiplexing; tested avsm@ and jakob@, ok markus@
2005-06-16 13:19:41 +10:00
Damien Miller
6476cad9bb - djm@cvs.openbsd.org 2005/06/06 11:20:36
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
     introduce a generic %foo expansion function. replace existing % expansion
     and add expansion to ControlPath; ok markus@
2005-06-16 13:18:34 +10:00
Darren Tucker
0814d3136f - djm@cvs.openbsd.org 2005/05/27 08:30:37
[ssh.c]
     fix -O for cases where no ControlPath has been specified or socket at
     ControlPath is not contactable; spotted by and ok avsm@
2005-06-01 23:08:51 +10:00
Damien Miller
538c9b71ec - djm@cvs.openbsd.org 2005/05/10 10:30:43
[ssh.c]
     report real errors on fallback from ControlMaster=no to normal connect
2005-05-26 12:11:28 +10:00
Damien Miller
924c25a64e - djm@cvs.openbsd.org 2005/05/10 10:28:11
[ssh.c]
     print nice error message for EADDRINUSE as well (ID sync only)
2005-05-26 12:09:32 +10:00
Damien Miller
dadfd4dd38 - jakob@cvs.openbsd.org 2005/04/26 13:08:37
[ssh.c ssh_config.5]
     fallback gracefully if client cannot connect to ControlPath. ok djm@
2005-05-26 12:07:13 +10:00