Commit Graph

306 Commits

Author SHA1 Message Date
Damien Miller
43001b3b3b - (djm) [Makefile.in ssh-pkcs11-helper.8] Add manpage for PKCS#11 helper 2010-02-24 18:18:51 +11:00
Damien Miller
d8f6002272 - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java]
   Remove obsolete smartcard support
2010-02-12 09:34:22 +11:00
Damien Miller
7ea845e48d - markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
     replace our obsolete smartcard code with PKCS#11.
        ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
     ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
     provider (shared library) while ssh-agent(1) delegates PKCS#11 to
     a forked a ssh-pkcs11-helper process.
     PKCS#11 is currently a compile time option.
     feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
2010-02-12 09:21:02 +11:00
Darren Tucker
dce7a92c7a - (dtucker) [Makefile.in] .c files do not belong in the OBJ lines. 2010-01-08 19:27:57 +11:00
Darren Tucker
8cbd403fde - (dtucker) [Makefile.in added roaming_client.c roaming_serv.c] Import new
files for roaming and add to Makefile.
2010-01-08 19:13:25 +11:00
Damien Miller
350666d300 - (djm) [Makefile.in] Mention readconf.o in ssh-keysign's make deps.
spotted by des AT des.no
2009-10-02 11:50:55 +10:00
Damien Miller
7d4a2685f7 - (djm) [Makefile.in] bz#1505: Solaris make(1) doesn't accept make variables
in argv, so pass them in the environment; ok dtucker@
2009-08-28 10:47:38 +10:00
Darren Tucker
c5564e1c4c - andreas@cvs.openbsd.org 2009/05/28 16:50:16
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
     monitor.c Added roaming.h roaming_common.c roaming_dummy.c]
     Keep track of number of bytes read and written. Needed for upcoming
     changes. Most code from Martin Forssen, maf at appgate dot com.
     ok markus@
     Also, applied appropriate changes to Makefile.in
2009-06-21 18:53:53 +10:00
Damien Miller
01ed2272a1 - djm@cvs.openbsd.org 2008/11/04 08:22:13
[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
     [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
     [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
     [Makefile.in]
     Add support for an experimental zero-knowledge password authentication
     method using the J-PAKE protocol described in F. Hao, P. Ryan,
     "Password Authenticated Key Exchange by Juggling", 16th Workshop on
     Security Protocols, Cambridge, April 2008.

     This method allows password-based authentication without exposing
     the password to the server. Instead, the client and server exchange
     cryptographic proofs to demonstrate of knowledge of the password while
     revealing nothing useful to an attacker or compromised endpoint.

     This is experimental, work-in-progress code and is presently
     compiled-time disabled (turn on -DJPAKE in Makefile.inc).

     "just commit it.  It isn't too intrusive." deraadt@
2008-11-05 16:20:46 +11:00
Damien Miller
d9648eee7c - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass 2008-07-09 00:21:12 +10:00
Damien Miller
42743cb6ba - (djm) [Makefile.in] Pass though pass to conch for interop tests 2008-07-05 09:50:23 +10:00
Damien Miller
60dcc62535 - (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD.
(bz#1372)
2008-06-26 15:59:32 +10:00
Darren Tucker
b8e0500351 - (dtucker) [Makefile.in] Move addrmatch.o to libssh.a where it's needed now. 2008-06-11 09:47:59 +10:00
Darren Tucker
34f49c60fd - (dtucker) [Makefile.in] Define TEST_SSH_IPV6 in make's arguments as well
as environment.
2008-06-11 05:15:51 +10:00
Darren Tucker
5d37690a1f - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6
specific tests on platforms that don't do IPv6.
2008-06-11 04:15:05 +10:00
Darren Tucker
7a3935de2f - (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2008/06/10 03:57:27
     [servconf.c match.h sshd_config.5]
     support CIDR address matching in sshd_config "Match address" blocks, with
     full support for negation and fall-back to classic wildcard matching.
     For example:
     Match address 192.0.2.0/24,3ffe:ffff::/32,!10.*
         PasswordAuthentication yes
     addrmatch.c code mostly lifted from flowd's addr.c
     feedback and ok dtucker@
2008-06-10 22:59:10 +10:00
Damien Miller
b1cbfa25f1 - djm@cvs.openbsd.org 2008/05/09 14:18:44
[clientloop.c clientloop.h ssh.c mux.c]
     tidy up session multiplexing code, moving it into its own file and
     making the function names more consistent - making ssh.c and
     clientloop.c a fair bit more readable.
     ok markus@
2008-05-19 16:00:08 +10:00
Damien Miller
c2cefb0fe9 - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) and
puttygen(1) by $PATH
2008-03-13 12:41:31 +11:00
Damien Miller
6642996134 - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note to
self: make changes to Makefile.in next time, not the generated Makefile).
2008-03-13 12:05:40 +11:00
Damien Miller
62ca18d12f - djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
     [sshd_config.5]
     add sshd_config ChrootDirectory option to chroot(2) users to a directory
     and tweak internal sftp server to work with it (no special files in chroot
     required). ok markus@
2008-02-10 22:44:20 +11:00
Damien Miller
d8cb1f184f - djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
     [sshd_config.5]
     add sshd_config ChrootDirectory option to chroot(2) users to a directory
     and tweak internal sftp server to work with it (no special files in
     chroot required). ok markus@
2008-02-10 22:40:12 +11:00
Damien Miller
e45796f7b4 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
     [ssh_config.5 sshd.8 sshd_config.5]
     Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
     must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
     compared to hmac-md5. Represents a different approach to message
     authentication to that of HMAC that may be beneficial if HMAC based on
     one of its underlying hash algorithms is found to be vulnerable to a
     new attack.  http://www.ietf.org/rfc/rfc4418.txt
     in conjunction with and OK djm@
2007-06-11 14:01:42 +10:00
Darren Tucker
20e9f976c1 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
   SSHDLIBS.  "I like" djm@
2007-03-25 18:26:01 +10:00
Tim Rice
bcf8be356f - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep
autoconf 2.60 from complaining.
2006-10-23 14:44:47 -07:00
Damien Miller
223897a01a - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
Support SMF in Solaris Packages if enabled by configure. Patch from
   Chad Mynhier, tested by dtucker@
2006-09-12 21:54:10 +10:00
Damien Miller
1b06dc30ad - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]
[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
   [openbsd-compat/port-solaris.h] Add support for Solaris process
   contracts, enabled with --use-solaris-contracts. Patch from Chad
   Mynhier, tweaked by dtucker@ and myself; ok dtucker@
2006-08-31 03:24:41 +10:00
Darren Tucker
12259d9680 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc in
Makefile.  Patch from santhi.amirta at gmail, ok djm.
2006-08-22 22:24:10 +10:00
Damien Miller
24f2a42e53 - (djm) [Makefile.in]
Remove generated openbsd-compat/regress/Makefile in distclean target
2006-07-24 15:30:18 +10:00
Damien Miller
f53429bebf - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
[bufaux.c bufbn.c Makefile.in]
     Move Buffer bignum functions into their own file, bufbn.c. This means
     that sftp and sftp-server (which use the Buffer functions in bufaux.c
     but not the bignum ones) no longer need to be linked with libcrypto.
     ok markus@
2006-04-23 12:15:08 +10:00
Damien Miller
73b42d2bb0 - (djm) [Makefile.in configure.ac session.c sshpty.c]
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
   [openbsd-compat/port-linux.h] Add support for SELinux, setting
   the execution and TTY contexts. based on patch from Daniel Walsh,
   bz #880; ok dtucker@
2006-04-22 21:26:08 +10:00
Damien Miller
471e9b3ca6 - (djm) [Makefile.in openbsd-compat/Makefile.in] Add added files 2006-03-15 13:09:18 +11:00
Darren Tucker
4881c371ce - (dtucker) [Makefile.in configure.ac, added openbsd-compat/regress/]
Add first attempt at regress tests for compat library.  ok djm@
2006-02-19 22:50:20 +11:00
Damien Miller
2dcddbfaf6 - (djm) [Makefile.in configure.ac includes.h misc.c]
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
         for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
         limited to IPv4 tunnels only, and most versions don't support the
         tap(4) device at all.
2006-01-01 19:47:05 +11:00
Darren Tucker
d188a12765 typo in comment 2005-05-29 17:22:29 +10:00
Damien Miller
5fd38c0ed9 - djm@cvs.openbsd.org 2005/04/09 04:32:54
[misc.c misc.h tildexpand.c Makefile.in]
     replace tilde_expand_filename with a simpler implementation, ahead of
     more whacking; ok deraadt@
2005-05-26 12:02:14 +10:00
Damien Miller
2c04deb888 - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not
been used for a while
2005-05-26 11:35:37 +10:00
Darren Tucker
dc8fc62103 - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
binaries without the config files.  Primarily useful for packaging.
   Patch from phil at usc.edu.  ok djm@
2005-02-26 10:12:38 +11:00
Darren Tucker
d9f88915a2 - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support.  Configure
   --with-audit=bsm to enable.  Patch originally from Sun Microsystems,
   parts by John R. Jackson.  ok djm@
2005-02-20 21:01:48 +11:00
Darren Tucker
269a1ea1c8 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
   (first stage) Add audit instrumentation to sshd, currently disabled by
   default.  with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker
72c025d9f0 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
"make survey" and "make send-survey".  This will provide data on the
   configure parameters, platform and platform features to the development
   team, which will allow (among other things) better targetting of testing.
   It's entirely voluntary and is off be default. ok djm@
2005-01-18 12:05:18 +11:00
Darren Tucker
16bcc1c92e - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure
option and supporting makefile bits and documentation.
2004-11-07 20:14:34 +11:00
Darren Tucker
25a1234ef7 - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability
of shell constructs.  Patch from cjwatson at debian.org.
2004-08-30 21:33:02 +10:00
Darren Tucker
2a502ff310 - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree
builds too, from vinschen at redhat.com.
2004-08-29 19:52:32 +10:00
Darren Tucker
0cbc3c6509 - (dtucker) [Makefile.in] Fix typo. 2004-08-15 21:01:37 +10:00
Darren Tucker
25f60a7ee7 - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
it does the right thing on all platforms.  ok djm@
2004-08-15 17:23:34 +10:00
Ben Lindstrom
ef8f8af86c - (bal) [Makefile.in] Remove opensshd.init on 'make distclean' 2004-06-23 03:21:54 +00:00
Tim Rice
f7ba8f67b7 (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms.
OK dtucker@
2004-06-20 10:37:32 -07:00
Damien Miller
5e6f4db085 - (djm) Fix Makefile.in for connection sharing changes 2004-06-15 10:44:40 +10:00
Tim Rice
6f1f758cca - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@
- (tim) [buildpkg.sh.in] New file. A more flexible version of
   contrib/solaris/buildpkg.sh used for "make package".
2004-05-30 21:38:51 -07:00
Damien Miller
20e1fabace - djm@cvs.openbsd.org 2004/02/17 11:03:08
[sftp.c]
     sftp.c and sftp-int.c, together at last; ok markus@
2004-02-18 14:30:55 +11:00