Commit Graph

29 Commits

Author SHA1 Message Date
djm@openbsd.org
639d6bc57b upstream commit
refactor ssh_dispatch_run_fatal() to use sshpkt_fatal()
 to better report error conditions. Teach sshpkt_fatal() about ECONNRESET.

Improves error messages on TCP connection resets. bz#2257

ok dtucker@
2015-05-10 11:55:48 +10:00
dtucker@openbsd.org
8ec67d505b upstream commit
Prevent sshd spamming syslog with
 "ssh_dispatch_run_fatal: disconnected". ok markus@
2015-02-17 09:32:30 +11:00
djm@openbsd.org
4509b5d4a4 upstream commit
avoid more fatal/exit in the packet.c paths that
 ssh-keyscan uses; feedback and "looks good" markus@
2015-01-30 12:18:59 +11:00
djm@openbsd.org
9125525c37 upstream commit
avoid fatal() calls in packet code makes ssh-keyscan more
 reliable against server failures ok dtucker@ markus@
2015-01-29 09:08:07 +11:00
markus@openbsd.org
3fdc88a0de upstream commit
move dispatch to struct ssh; ok djm@
2015-01-20 09:14:16 +11:00
Damien Miller
2b20a92b7b - stevesk@cvs.openbsd.org 2008/10/31 15:05:34
[dispatch.c]
     remove unused #define DISPATCH_MIN; ok markus@
2008-11-03 19:26:00 +11:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
d8337c5e60 - stevesk@cvs.openbsd.org 2006/07/23 01:11:05
[auth.h dispatch.c kex.h sftp-client.c]
     #include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
     move
2006-07-24 14:14:19 +10:00
Damien Miller
97c91f688f - djm@cvs.openbsd.org 2006/04/20 09:27:09
[auth.h clientloop.c dispatch.c dispatch.h kex.h]
     replace the last non-sig_atomic_t flag used in a signal handler with a
     sig_atomic_t, unfortunately with some knock-on effects in other (non-
     signal) contexts in which it is used; ok markus@
2006-04-23 12:08:37 +10:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller
d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller
7d05339c70 - markus@cvs.openbsd.org 2002/01/11 13:39:36
[auth2.c dispatch.c dispatch.h kex.c]
     a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED'
     dispatch_range(): set handler for a ranges message types
     use dispatch_protocol_ignore() for authentication requests after
     	successful authentication (the drafts requirement).
     serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting.
2002-01-22 23:24:13 +11:00
Damien Miller
630d6f4479 - markus@cvs.openbsd.org 2001/12/28 15:06:00
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
Damien Miller
dff5099f13 - markus@cvs.openbsd.org 2001/12/28 14:50:54
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
Damien Miller
278f907a2d - djm@cvs.openbsd.org 2001/12/20 22:50:24
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
     [sshconnect2.c]
     Conformance fix: we should send failing packet sequence number when
     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
     yakk@yakk.dot.net; ok markus@
2001-12-21 15:00:19 +11:00
Ben Lindstrom
16c1bd6d09 - markus@cvs.openbsd.org 2001/06/10 11:29:20
[dispatch.c]
     we support rekeying
     protocol errors are fatal.
2001-06-12 00:12:56 +00:00
Damien Miller
225736c73a - OpenBSD CVS Sync:
- reinhard@cvs.openbsd.org        2001/02/17 08:24:40
     [sftp.1]
     typo
   - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
     [ssh.c]
     cleanup -V output; noted by millert
   - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
     [sshd.8]
     it's the OpenSSH one
   - markus@cvs.openbsd.org  2001/02/18 11:33:54
     [dispatch.c]
     typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
   - markus@cvs.openbsd.org  2001/02/19 02:53:32
     [compat.c compat.h serverloop.c]
     ssh-1.2.{18-22} has broken handling of ignore messages; report from
     itojun@
   - markus@cvs.openbsd.org  2001/02/19 03:35:23
     [version.h]
     OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
   - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
     [scp.c]
     np is changed by recursion; vinschen@redhat.com
2001-02-19 21:51:08 +11:00
Kevin Steves
2b725a056a RCSID 2001-02-05 18:16:28 +00:00
Kevin Steves
ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Ben Lindstrom
ef1cf5d8ea - markus@cvs.openbsd.org 2001/01/28 10:15:34
[dispatch.c]
     re-keying is not supported; ok deraadt@
2001-01-29 07:55:07 +00:00
Ben Lindstrom
226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Damien Miller
62cee00753 - (djm) OpenBSD CVS sync:
- markus@cvs.openbsd.org  2000/09/17 09:38:59
     [sshconnect2.c sshd.c]
     fix DEBUG_KEXDH
   - markus@cvs.openbsd.org  2000/09/17 09:52:51
     [sshconnect.c]
     yes no; ok niels@
   - markus@cvs.openbsd.org  2000/09/21 04:55:11
     [sshd.8]
     typo
   - markus@cvs.openbsd.org  2000/09/21 05:03:54
     [serverloop.c]
     typo
   - markus@cvs.openbsd.org  2000/09/21 05:11:42
     scp.c
     utime() to utimes(); mouring@pconline.com
   - markus@cvs.openbsd.org  2000/09/21 05:25:08
     sshconnect2.c
     change login logic in ssh2, allows plugin of other auth methods
   - markus@cvs.openbsd.org  2000/09/21 05:25:35
     [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
     [serverloop.c]
     add context to dispatch_run
   - markus@cvs.openbsd.org  2000/09/21 05:07:52
     authfd.c authfd.h ssh-agent.c
     bug compat for old ssh.com software
2000-09-23 17:15:56 +11:00
Damien Miller
e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller
6536c7d3c9 - OpenBSD CVS Updates:
- markus@cvs.openbsd.org  2000/06/18 18:50:11
     [auth2.c compat.c compat.h sshconnect2.c]
     make userauth+pubkey interop with ssh.com-2.2.0
   - markus@cvs.openbsd.org  2000/06/18 20:56:17
     [dsa.c]
     mem leak + be more paranoid in dsa_verify.
   - markus@cvs.openbsd.org  2000/06/18 21:29:50
     [key.c]
     cleanup fingerprinting, less hardcoded sizes
   - markus@cvs.openbsd.org  2000/06/19 19:39:45
     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
     OpenBSD tag
   - markus@cvs.openbsd.org  2000/06/21 10:46:10
     sshconnect2.c missing free; nuke old comment
2000-06-22 21:32:31 +10:00
Damien Miller
4af51306d9 - OpenBSD CVS updates.
[ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   - whitespace cleanup
2000-04-16 11:18:38 +10:00
Damien Miller
5d1705ecf9 forgot -kb 2000-04-15 13:06:54 +10:00
Damien Miller
b38eff8e4f - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
- [auth.c session.c sshd.c auth.h]
     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
   - [bufaux.c bufaux.h]
     support ssh2 bignums
   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
     [readconf.c ssh.c ssh.h serverloop.c]
     replace big switch() with function tables (prepare for ssh2)
   - [ssh2.h]
     ssh2 message type codes
   - [sshd.8]
     reorder Xr to avoid cutting
   - [serverloop.c]
     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
   - [channels.c]
     missing close
     allow bigger packets
   - [cipher.c cipher.h]
     support ssh2 ciphers
   - [compress.c]
     cleanup, less code
   - [dispatch.c dispatch.h]
     function tables for different message types
   - [log-server.c]
     do not log() if debuggin to stderr
     rename a cpp symbol, to avoid param.h collision
   - [mpaux.c]
     KNF
   - [nchan.c]
     sync w/ channels.c
2000-04-01 11:09:21 +10:00