Commit Graph

6833 Commits

Author SHA1 Message Date
Darren Tucker
64d22946d6 - jmc@cvs.openbsd.org 2013/05/16 06:30:06
[sshd_config.5]
     oops! avoid Xr to self;
2013-05-16 20:31:29 +10:00
Darren Tucker
63e0df2b93 - jmc@cvs.openbsd.org 2013/05/16 06:28:45
[ssh_config.5]
     put IgnoreUnknown in the right place;
2013-05-16 20:30:31 +10:00
Darren Tucker
0763698f71 - djm@cvs.openbsd.org 2013/05/16 04:27:50
[ssh_config.5 readconf.h readconf.c]
     add the ability to ignore specific unrecognised ssh_config options;
     bz#866; ok markus@
2013-05-16 20:30:03 +10:00
Darren Tucker
5f96f3b4be - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
     page.
2013-05-16 20:29:28 +10:00
Darren Tucker
c53c2af173 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
     ssh_config.5 packet.h]
     Add an optional second argument to RekeyLimit in the client to allow
     rekeying based on elapsed time in addition to amount of traffic.
     with djm@ jmc@, ok djm
2013-05-16 20:28:16 +10:00
Darren Tucker
64c6fceecd - dtucker@cvs.openbsd.org 2013/05/10 10:13:50
[ssh-pkcs11-helper.c]
     remove unused extern optarg.  ok markus@
2013-05-16 20:27:14 +10:00
Darren Tucker
caf0010934 - djm@cvs.openbsd.org 2013/05/10 04:08:01
[key.c]
     memleak in cert_free(), wasn't actually freeing the struct;
     bz#2096 from shm AT digitalsun.pl
2013-05-16 20:26:18 +10:00
Darren Tucker
7e831edbf7 add missing attribution 2013-05-16 20:25:40 +10:00
Darren Tucker
54da6be320 - djm@cvs.openbsd.org 2013/05/10 03:40:07
[sshconnect2.c]
     fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
2013-05-16 20:25:04 +10:00
Darren Tucker
5d8b702d95 - dtucker@cvs.openbsd.org 2013/05/06 07:35:12
[sftp-server.8]
     Reference the version of the sftp draft we actually implement.  ok djm@
2013-05-16 20:24:23 +10:00
Darren Tucker
026d9db3fb - tedu@cvs.openbsd.org 2013/04/24 16:01:46
[misc.c]
     remove extra parens noticed by nicm
2013-05-16 20:23:52 +10:00
Darren Tucker
2ca51bf140 - tedu@cvs.openbsd.org 2013/04/23 17:49:45
[misc.c]
     use xasprintf instead of a series of strlcats and strdup. ok djm
2013-05-16 20:22:46 +10:00
Damien Miller
6aa3eacc5e - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
executed if mktemp failed; bz#2105 ok dtucker@
2013-05-16 11:10:17 +10:00
Darren Tucker
c54e3e0741 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
we don't get a warning on compilers that *don't* support it.  Add
   -Wno-unknown-warning-option.  Move both to the start of the list for
   maximum noise suppression.  Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
2013-05-10 18:53:14 +10:00
Darren Tucker
a75d247a18 - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
underlying libraries support them.
2013-05-10 18:11:55 +10:00
Darren Tucker
0abfb559e3 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
  in to use it when we're using our own getopt.
2013-05-10 18:08:49 +10:00
Darren Tucker
ccfdfceacb - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
   portability code to getopt_long.c and switch over Makefile and the ugly
   hack in modpipe.c.  Fixes bz#1448.
2013-05-10 16:28:55 +10:00
Darren Tucker
3933202007 - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
portability changes yet.
2013-05-10 15:38:11 +10:00
Darren Tucker
35b2fe99be - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
getopt.c.  Preprocessed source is identical other than line numbers.
2013-05-10 15:35:26 +10:00
Darren Tucker
abbc7a7c02 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
supports it.  Mentioned by Colin Watson in bz#2100, ok djm.
2013-05-10 13:54:23 +10:00
Damien Miller
bc02f163f6 - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
[mux.c]
     typo in debug output: evitval->exitval
2013-04-23 19:25:49 +10:00
Damien Miller
f8b894e31d - djm@cvs.openbsd.org 2013/04/19 12:07:08
[kex.c]
     remove duplicated list entry pointed out by naddy@
2013-04-23 19:25:29 +10:00
Damien Miller
34bd20a1e5 - djm@cvs.openbsd.org 2013/04/19 11:10:18
[ssh.c]
     add -Q to usage; reminded by jmc@
2013-04-23 19:25:00 +10:00
Damien Miller
ea11119eee - djm@cvs.openbsd.org 2013/04/19 01:06:50
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
     [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
     add the ability to query supported ciphers, MACs, key type and KEX
     algorithms to ssh. Includes some refactoring of KEX and key type handling
     to be table-driven; ok markus@
2013-04-23 19:24:32 +10:00
Damien Miller
a56086b990 - djm@cvs.openbsd.org 2013/04/19 01:03:01
[session.c]
     reintroduce 1.262 without the connection-killing bug:
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
2013-04-23 15:24:18 +10:00
Damien Miller
0d6771b464 - djm@cvs.openbsd.org 2013/04/19 01:01:00
[ssh-keygen.c]
     fix some memory leaks; bz#2088 ok dtucker@
2013-04-23 15:23:24 +10:00
Damien Miller
467b00c38b - djm@cvs.openbsd.org 2013/04/19 01:00:10
[sshd_config.5]
     document the requirment that the AuthorizedKeysCommand be owned by root;
     ok dtucker@ markus@
2013-04-23 15:23:07 +10:00
Damien Miller
9303e6527b - djm@cvs.openbsd.org 2013/04/18 02:16:07
[sftp.c]
     make "sftp -q" do what it says on the sticker: hush everything but errors;
2013-04-23 15:22:40 +10:00
Damien Miller
f1a02aea35 - dtucker@cvs.openbsd.org 2013/04/17 09:04:09
[session.c]
     revert rev 1.262; it fails because uid is already set here.  ok djm@
2013-04-23 15:22:13 +10:00
Damien Miller
d5edefd27a - djm@cvs.openbsd.org 2013/04/11 02:27:50
[packet.c]
     quiet disconnect notifications on the server from error() back to logit()
     if it is a normal client closure; bz#2057 ok+feedback dtucker@
2013-04-23 15:21:39 +10:00
Damien Miller
6901032b05 - dtucker@cvs.openbsd.org 2013/04/07 09:40:27
[sshd.8]
     clarify -e text. suggested by & ok jmc@
2013-04-23 15:21:24 +10:00
Damien Miller
03d4d7e60b - dtucker@cvs.openbsd.org 2013/04/07 02:10:33
[log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
     Add -E option to ssh and sshd to append debugging logs to a specified file
     instead of stderr or syslog.  ok markus@, man page help jmc@
2013-04-23 15:21:06 +10:00
Damien Miller
37f1c08473 - markus@cvs.openbsd.org 2013/04/06 16:07:00
[channels.c sshd.c]
     handle ECONNABORTED for accept(); ok deraadt some time ago...
2013-04-23 15:20:43 +10:00
Damien Miller
172859cff7 - djm@cvs.openbsd.org 2013/04/05 00:58:51
[mux.c]
     cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
     (in addition to ones already in OPEN); bz#2079, ok dtucker@
2013-04-23 15:19:27 +10:00
Damien Miller
9f12b5dcd5 - djm@cvs.openbsd.org 2013/04/05 00:31:49
[pathnames.h]
     use the existing _PATH_SSH_USER_RC define to construct the other
     pathnames; bz#2077, ok dtucker@ (no binary change)
2013-04-23 15:19:11 +10:00
Damien Miller
d677ad14ff - djm@cvs.openbsd.org 2013/04/05 00:14:00
[auth2-gss.c krl.c sshconnect2.c]
     hush some {unused, printf type} warnings
2013-04-23 15:18:51 +10:00
Damien Miller
508b6c3d3b - djm@cvs.openbsd.org 2013/03/08 06:32:58
[ssh.c]
     allow "ssh -f none ..." ok markus@
2013-04-23 15:18:28 +10:00
Damien Miller
91a55f28f3 - markus@cvs.openbsd.org 2013/03/07 19:27:25
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
     add submethod support to AuthenticationMethods; ok and freedback djm@
2013-04-23 15:18:10 +10:00
Damien Miller
4ce189d910 - djm@cvs.openbsd.org 2013/03/07 00:19:59
[auth2-pubkey.c monitor.c]
     reconstruct the original username that was sent by the client, which may
     have included a style (e.g. "root:skey") when checking public key
     signatures. Fixes public key and hostbased auth when the client specified
     a style; ok markus@
2013-04-23 15:17:52 +10:00
Damien Miller
5cbec4c259 - djm@cvs.openbsd.org 2013/03/06 23:36:53
[readconf.c]
     g/c unused variable (-Wunused)
2013-04-23 15:17:12 +10:00
Damien Miller
998cc56b65 - djm@cvs.openbsd.org 2013/03/06 23:35:23
[session.c]
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@
2013-04-23 15:16:43 +10:00
Damien Miller
62e9c4f9b6 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2013/03/05 20:16:09
     [sshconnect2.c]
     reset pubkey order on partial success; ok djm@
2013-04-23 15:15:49 +10:00
Damien Miller
6332da2ae8 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
platforms, such as Android, that lack struct passwd.pw_gecos. Report
   and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2013-04-23 14:25:52 +10:00
Darren Tucker
ce1c9574fc - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
unused argument warnings (in particular, -fno-builtin-memset) from clang.
2013-04-18 21:36:19 +10:00
Damien Miller
bc68f2451b - (djm) [config.guess config.sub] Update to last versions before they switch
to GPL3. ok dtucker@
2013-04-18 11:26:25 +10:00
Darren Tucker
15fd19c4c9 - djm@cvs.openbsd.org 2013/02/22 22:09:01
[ssh.c]
     Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
     version)
2013-04-05 11:22:26 +11:00
Darren Tucker
5d1d9541a7 - markus@cvs.openbsd.org 2013/02/22 19:13:56
[sshconnect.c]
     support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
2013-04-05 11:20:00 +11:00
Darren Tucker
aefa368243 - dtucker@cvs.openbsd.org 2013/02/22 04:45:09
[ssh.c readconf.c readconf.h]
     Don't complain if IdentityFiles specified in system-wide configs are
     missing.  ok djm, deraadt
2013-04-05 11:18:35 +11:00
Darren Tucker
f3c3814243 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47
[krl.c]
     Remove bogus include.  ok djm
(id sync only)
2013-04-05 11:16:52 +11:00
Darren Tucker
1910478c2d - dtucker@cvs.openbsd.org 2013/02/17 23:16:57
[readconf.c ssh.c readconf.h sshconnect2.c]
     Keep track of which IndentityFile options were manually supplied and which
     were default options, and don't warn if the latter are missing.
     ok markus@
2013-04-05 11:13:08 +11:00