Commit Graph

96 Commits

Author SHA1 Message Date
jsg@openbsd.org
f3a3ea180a upstream commit
Fix occurrences of "r = func() != 0" which result in the
 wrong error codes being returned due to != having higher precedence than =.

ok deraadt@ markus@

Upstream-ID: 5fc35c9fc0319cc6fca243632662d2f06b5fd840
2015-09-03 10:44:41 +10:00
djm@openbsd.org
c28fc62d78 upstream commit
delete support for legacy v00 certificates; "sure"
 markus@ dtucker@

Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
2015-07-15 15:35:09 +10:00
markus@openbsd.org
fecede00a7 upstream commit
sigp and lenp are not optional in ssh_agent_sign(); ok
 djm@
2015-03-27 12:02:38 +11:00
markus@openbsd.org
5f57e77f91 upstream commit
unbreak ssh_agent_sign (lenp vs *lenp)
2015-03-27 12:02:13 +11:00
markus@openbsd.org
7d4f96f9de upstream commit
consistent check for NULL as noted by Nicholas
 Lemonias; ok djm@
2015-03-27 12:00:52 +11:00
djm@openbsd.org
141efe4954 upstream commit
move authfd.c and its tentacles to the new buffer/key
 API; ok markus@
2015-01-15 21:37:34 +11:00
Damien Miller
1f0311c7c7 - markus@cvs.openbsd.org 2014/04/29 18:01:49
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm
2014-05-15 14:24:09 +10:00
Damien Miller
1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
2014-02-04 11:18:20 +11:00
Damien Miller
f72cdde6e6 - djm@cvs.openbsd.org 2013/12/29 04:29:25
[authfd.c]
     allow deletion of ed25519 keys from the agent
2013-12-29 17:49:55 +11:00
Damien Miller
5be9d9e3cb - markus@cvs.openbsd.org 2013/12/06 13:39:49
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
     [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
     [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
     [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
     [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
     support ed25519 keys (hostkeys and user identities) using the public
     domain ed25519 reference code from SUPERCOP, see
     http://ed25519.cr.yp.to/software.html
     feedback, help & ok djm@
2013-12-07 11:24:01 +11:00
Damien Miller
f0e9060d23 - markus@cvs.openbsd.org 2013/12/06 13:30:08
[authfd.c key.c key.h ssh-agent.c]
     move private key (de)serialization to key.c; ok djm
2013-12-07 10:40:26 +11:00
Damien Miller
6c81fee693 - djm@cvs.openbsd.org 2013/11/08 00:39:15
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
     [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
     [sftp-client.c sftp-glob.c]
     use calloc for all structure allocations; from markus@
2013-11-08 12:19:55 +11:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Damien Miller
6ea5e44871 - tedu@cvs.openbsd.org 2011/07/06 18:09:21
[authfd.c]
     bzero the agent address.  the kernel was for a while very cranky about
     these things.  evne though that's fixed, always good to initialize
     memory.  ok deraadt djm
2011-08-06 06:16:00 +10:00
Damien Miller
814ace0875 - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2011/05/15 08:09:01
     [authfd.c monitor.c serverloop.c]
     use FD_CLOEXEC consistently; patch from zion AT x96.org
2011-05-20 19:02:47 +10:00
Damien Miller
6af914a15c - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
   [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
   platforms that don't have the requisite OpenSSL support. ok dtucker@
2010-09-10 11:39:26 +10:00
Damien Miller
eb8b60e320 - djm@cvs.openbsd.org 2010/08/31 11:54:45
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
     [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
     [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
     [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
     [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
     [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
     Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
     host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
     better performance than plain DH and DSA at the same equivalent symmetric
     key length, as well as much shorter keys.

     Only the mandatory sections of RFC5656 are implemented, specifically the
     three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
     ECDSA. Point compression (optional in RFC5656 is NOT implemented).

     Certificate host and user keys using the new ECDSA key types are supported.

     Note that this code has not been tested for interoperability and may be
     subject to change.

     feedback and ok markus@
2010-08-31 22:41:14 +10:00
Damien Miller
4e270b05dd - djm@cvs.openbsd.org 2010/04/16 01:47:26
[PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
     [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
     following changes:

     move the nonce field to the beginning of the certificate where it can
     better protect against chosen-prefix attacks on the signature hash

     Rename "constraints" field to "critical options"

     Add a new non-critical "extensions" field

     Add a serial number

     The older format is still support for authentication and cert generation
     (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)

     ok markus@
2010-04-16 15:56:21 +10:00
Damien Miller
0a80ca190a - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/02/26 20:29:54
     [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
     [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
     [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
     [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
     [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
     [sshconnect2.c sshd.8 sshd.c sshd_config.5]
     Add support for certificate key types for users and hosts.

     OpenSSH certificate key types are not X.509 certificates, but a much
     simpler format that encodes a public key, identity information and
     some validity constraints and signs it with a CA key. CA keys are
     regular SSH keys. This certificate style avoids the attack surface
     of X.509 certificates and is very easy to deploy.

     Certified host keys allow automatic acceptance of new host keys
     when a CA certificate is marked as sh/known_hosts.
     see VERIFYING HOST KEYS in ssh(1) for details.

     Certified user keys allow authentication of users when the signing
     CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
     FILE FORMAT" in sshd(8) for details.

     Certificates are minted using ssh-keygen(1), documentation is in
     the "CERTIFICATES" section of that manpage.

     Documentation on the format of certificates is in the file
     PROTOCOL.certkeys

     feedback and ok markus@
2010-02-27 07:55:05 +11:00
Darren Tucker
893d73549d - djm@cvs.openbsd.org 2009/08/27 17:44:52
[authfd.c ssh-add.c authfd.h]
     Do not fall back to adding keys without contraints (ssh-add -c / -t ...)
     when the agent refuses the constrained add request. This was a useful
     migration measure back in 2002 when constraints were new, but just
     adds risk now.
     bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
2009-10-07 08:47:02 +11:00
Damien Miller
ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller
e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller
e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
2006-07-24 14:01:23 +10:00
Damien Miller
57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
2006-07-10 21:13:46 +10:00
Damien Miller
e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
Damien Miller
3f9418893e - djm@cvs.openbsd.org 2006/03/30 09:58:16
[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
     [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
     replace {GET,PUT}_XXBIT macros with functionally similar functions,
     silencing a heap of lint warnings. also allows them to use
     __bounded__ checking which can't be applied to macros; requested
     by and feedback from deraadt@
2006-03-31 23:13:02 +11:00
Damien Miller
8ba29fe72d - deraadt@cvs.openbsd.org 2006/03/25 18:29:35
[auth-rsa.c authfd.c packet.c]
     needed casts (always will be needed)
2006-03-26 14:25:19 +11:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
d62f2ca376 - deraadt@cvs.openbsd.org 2006/03/19 18:52:11
[auth1.c authfd.c channels.c]
     spacing
2006-03-26 13:57:41 +11:00
Damien Miller
304a940889 - djm@cvs.openbsd.org 2006/03/17 22:31:11
[authfd.c]
     unreachanble statement, found by lint
2006-03-26 13:50:37 +11:00
Damien Miller
5b83232b48 - djm@cvs.openbsd.org 2006/03/17 22:31:50
[authfd.c]
     another unreachable found by lint
2006-03-26 13:50:14 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
574c41fdb3 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
     move #include <sys/un.h> out of includes.h; ok djm@
2006-03-15 11:40:10 +11:00
Damien Miller
eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
Damien Miller
b253cc4213 - avsm@cvs.openbsd.org 2005/05/24 17:32:44
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
     [ssh-keyscan.c sshconnect.c]
     Switch atomicio to use a simpler interface; it now returns a size_t
     (containing number of bytes read/written), and indicates error by
     returning 0.  EOF is signalled by errno==EPIPE.
     Typical use now becomes:

     if (atomicio(read, ..., len) != len)
             err(1,"read");

     ok deraadt@, cloder@, djm@
2005-05-26 12:23:44 +10:00
Darren Tucker
fe6649da0c - avsm@cvs.openbsd.org 2004/08/11 21:44:32
[authfd.c scp.c ssh-keyscan.c]
     use atomicio instead of homegrown equivalents or read/write.
     markus@ ok
2004-08-13 21:19:37 +10:00
Damien Miller
787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Darren Tucker
c0815c927e - miod@cvs.openbsd.org 2003/09/18 13:02:21
[authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
     A few signedness fixes for harmless situations; markus@ ok
2003-09-22 21:05:50 +10:00
Darren Tucker
9f63f22aa0 - deraadt@cvs.openbsd.org 2003/06/28 16:23:06
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
     progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
     sshd.c]
     deal with typing of write vs read in atomicio
2003-07-03 13:46:56 +10:00
Damien Miller
d94f20d28e - djm@cvs.openbsd.org 2003/06/11 11:18:38
[authfd.c authfd.h ssh-add.c ssh-agent.c]
     make agent constraints (lifetime, confirm) work with smartcard keys;
     ok markus@
2003-06-11 22:06:33 +10:00
Damien Miller
d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller
6c71179f68 - markus@cvs.openbsd.org 2003/01/23 13:50:27
[authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c]
     ssh-add -c, prompt user for confirmation (using ssh-askpass) when
     private agent key is used; with djm@; test by dugsong@, djm@;
     ok deraadt@
2003-01-24 11:36:23 +11:00
Damien Miller
789e95dbe9 - stevesk@cvs.openbsd.org 2002/09/11 18:27:26
[authfd.c authfd.h ssh.c]
     don't connect to agent to test for presence if we've previously
     connected; ok markus@
2002-09-12 09:52:46 +10:00
Ben Lindstrom
6398a0ef12 - markus@cvs.openbsd.org 2002/06/25 16:22:42
[authfd.c]
     unnecessary cast
2002-06-25 23:22:54 +00:00
Ben Lindstrom
cb72e4f6d2 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
      authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
      ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
      ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
      xmalloc.h]
     KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Ben Lindstrom
2b266b7f08 - markus@cvs.openbsd.org 2002/06/15 01:27:48
[authfd.c authfd.h ssh-add.c ssh-agent.c]
     remove the CONSTRAIN_IDENTITY messages and introduce a new
     ADD_ID message with contraints instead. contraints can be
     only added together with the private key.
2002-06-21 00:08:39 +00:00