RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-17 23:54:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,607 Commits 69 Branches 157 Tags 27 MiB
980978639c
Commit Graph

157 Commits

Author SHA1 Message Date
Ben Lindstrom
980978639c - markus@cvs.openbsd.org 2001/06/23 19:12:43 
[sshd.c]
     pidfile/sigterm race; bbraun@synack.net
 2001-06-25 05:10:20 +00:00
Ben Lindstrom
bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20 
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
 2001-06-25 05:01:22 +00:00
Ben Lindstrom
ec46e0b5fd - markus@cvs.openbsd.org 2001/06/04 23:07:21 
[clientloop.c serverloop.c sshd.c]
     set flags in the signal handlers, do real work in the main loop,
     ok provos@
 2001-06-09 01:27:31 +00:00
Ben Lindstrom
80c6d77085 - markus@cvs.openbsd.org 2001/05/28 23:58:35 
[packet.c packet.h sshconnect.c sshd.c]
     remove some lines, simplify.
 2001-06-05 21:09:18 +00:00
Ben Lindstrom
1bda4c835e - stevesk@cvs.openbsd.org 2001/05/19 19:43:57 
[misc.c misc.h servconf.c sshd.8 sshd.c]
     sshd command-line arguments and configuration file options that
     specify time may be expressed using a sequence of the form:
     time[qualifier], where time is a positive integer value and qualifier
     is one of the following:
         <none>,s,m,h,d,w
     Examples:
         600     600 seconds (10 minutes)
         10m     10 minutes
         1h30m   1 hour 30 minutes (90 minutes)
     ok markus@
 2001-06-05 19:59:08 +00:00
Ben Lindstrom
551ea37576 - markus@cvs.openbsd.org 2001/05/18 14:13:29 
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me
 2001-06-05 18:56:16 +00:00
Ben Lindstrom
15f33866a6 - markus@cvs.openbsd.org 2001/04/15 16:58:03 
[authfile.c ssh-keygen.c sshd.c]
     don't use errno for key_{load,save}_private; discussion w/ solar@openwall
 2001-04-16 02:00:02 +00:00
Ben Lindstrom
206941fdd8 - markus@cvs.openbsd.org 2001/04/15 08:43:47 
[dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
     some unused variable and typos; from tomh@po.crl.go.jp
 2001-04-15 14:27:16 +00:00
Ben Lindstrom
19066a112b - stevesk@cvs.openbsd.org 2001/04/12 20:09:38 
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
     robust port validation; ok markus@ jakob@
 2001-04-12 23:39:26 +00:00
Ben Lindstrom
9fce9f02e8 - lebel@cvs.openbsd.org 2001/04/11 16:25:30 
[sshd.8 sshd.c]
     implement the -e option into sshd:
      -e      When this option is specified, sshd will send the output to the
              standard error instead of the system log.
     markus@ OK.
 2001-04-11 23:10:09 +00:00
Ben Lindstrom
a3700050ec - markus@cvs.openbsd.org 2001/04/05 10:42:57 
[auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
      mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
      sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
      sshconnect2.c sshd.c]
     fix whitespace: unexpand + trailing spaces.
 2001-04-05 23:26:32 +00:00
Ben Lindstrom
be2cc43c3a - markus@cvs.openbsd.org 2001/04/04 20:25:38 
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
      sshconnect2.c sshd.c]
     more robust rekeying
     don't send channel data after rekeying is started.
 2001-04-04 23:46:07 +00:00
Ben Lindstrom
8ac9106c3d - markus@cvs.openbsd.org 2001/04/04 14:34:58 
[clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
     enable server side rekeying + some rekey related clientup.
     todo: we should not send any non-KEX messages after we send KEXINIT
 2001-04-04 17:57:54 +00:00
Ben Lindstrom
238abf6a14 - markus@cvs.openbsd.org 2001/04/04 09:48:35 
[kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
     don't sent multiple kexinit-requests.
     send newkeys, block while waiting for newkeys.
     fix comments.
 2001-04-04 17:52:53 +00:00
Ben Lindstrom
2d90e00309 - markus@cvs.openbsd.org 2001/04/03 23:32:12 
[kex.c kex.h packet.c sshconnect2.c sshd.c]
     undo parts of recent my changes: main part of keyexchange does not
     need dispatch-callbacks, since application data is delayed until
     the keyexchange completes (if i understand the drafts correctly).
     add some infrastructure for re-keying.
 2001-04-04 02:00:54 +00:00
Ben Lindstrom
20d7c7b02c - markus@cvs.openbsd.org 2001/04/03 19:53:29 
[dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
     move kex to kex*.c, used dispatch_set() callbacks for kex. should
     make rekeying easier.
 2001-04-04 01:56:17 +00:00
Damien Miller
ff75ac4d68 - OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2001/03/29 23:42:01
     [sshd.c]
     Protocol 1 key regeneration log => verbose, some KNF; ok markus@
 2001-03-30 10:50:32 +10:00
Damien Miller
a0ff466d80 - OpenBSD CVS Sync 
- stevesk@cvs.openbsd.org 2001/03/29 21:06:21
     [sshconnect2.c sshd.c]
     need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
 2001-03-30 10:49:35 +10:00
Damien Miller
2557bfc5d7 - (djm) OpenBSD CVS Sync 
- provos@cvs.openbsd.org 2001/03/28 21:59:41
     [kex.c kex.h sshconnect2.c sshd.c]
     forgot to include min and max params in hash, okay markus@
 2001-03-30 10:47:14 +10:00
Ben Lindstrom
7de696e798 - markus@cvs.openbsd.org 2001/03/28 20:50:45 
[sshd.c]
     call refuse() before close(); from olemx@ans.pl
 2001-03-29 00:45:12 +00:00
Ben Lindstrom
df221391e6 - provos@cvs.openbsd.org 2001/03/27 17:46:50 
[compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
     make dh group exchange more flexible, allow min and max group size,
     okay markus@, deraadt@
 2001-03-29 00:36:16 +00:00
Ben Lindstrom
425fb02f20 - markus@cvs.openbsd.org 2001/03/27 10:34:08 
[ssh-rsa.c sshd.c]
     use EVP_get_digestbynid, reorder some calls and fix missing free.
 2001-03-29 00:31:20 +00:00
Ben Lindstrom
d0fca423fc - markus@cvs.openbsd.org 2001/03/26 08:07:09 
[authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
      sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
     simpler key load/save interface, see authfile.h
 2001-03-26 13:44:06 +00:00
Ben Lindstrom
de71cda078 - markus@cvs.openbsd.org 2001/03/23 14:28:32 
[session.c sshd.c]
     ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
 2001-03-24 00:43:26 +00:00
Ben Lindstrom
c8530c7f5c - djm@cvs.openbsd.org 2001/03/23 11:04:07 
[compat.c compat.h sshconnect2.c sshd.c]
     Compat for OpenSSH with broken Rijndael/AES. ok markus@
 2001-03-24 00:35:19 +00:00
Ben Lindstrom
69d8c077d4 - deraadt@cvs.openbsd.org 2001/03/22 20:22:55 
[sshd.c]
     do not place linefeeds in buffer
 2001-03-22 22:45:33 +00:00
Damien Miller
27dbe6f37e - deraadt@cvs.openbsd.org 2001/03/18 23:30:55 
[compat.c compat.h sshd.c]
     specifically version match on ssh scanners.  do not log scan
     information to the console
 2001-03-19 22:36:20 +11:00
Damien Miller
60bc517356 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to 
do it implicitly.
 2001-03-19 09:38:15 +11:00
Ben Lindstrom
ca42d5fb7f - deraadt@cvs.openbsd.org 2001/03/09 12:30:29 
[sshd.c]
     typo; slade@shore.net
 2001-03-09 18:25:32 +00:00
Ben Lindstrom
4c4f05e096 - markus@cvs.openbsd.org 2001/03/05 17:17:21 
[kex.c kex.h sshconnect2.c sshd.c]
     generate a 2*need size (~300 instead of 1024/2048) random private
     exponent during the DH key agreement. according to Niels (the great
     german advisor) this is safe since /etc/primes contains strong
     primes only.

     References:
             P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
             agreement with short exponents, In Advances in Cryptology
             - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
 2001-03-06 01:09:20 +00:00
Ben Lindstrom
6df8ef4196 - millert@cvs.openbsd.org 2001/03/04 17:42:28 
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
      ssh.c sshconnect.c sshd.c]
     log functions should not be passed strings that end in newline as they
     get passed on to syslog() and when logging to stderr, do_log() appends
     its own newline.
 2001-03-05 07:47:23 +00:00
Ben Lindstrom
9c5324422e - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c 2001-03-05 07:33:14 +00:00
Ben Lindstrom
941ac82e16 - markus@cvs.openbsd.org 2001/02/28 21:21:41 
[sshd.c]
     generate a fake session id, too
 2001-03-05 06:25:23 +00:00
Ben Lindstrom
eb648a749b - markus@cvs.openbsd.org 2001/02/23 18:15:13 
[sshd.c]
     the random session key depends now on the session_key_int
     sent by the 'attacker'
             dig1 = md5(cookie|session_key_int);
             dig2 = md5(dig1|cookie|session_key_int);
             fake_session_key = dig1|dig2;
     this change is caused by a mail from anakin@pobox.com
     patch based on discussions with my german advisor niels@openbsd.org
 2001-03-05 06:00:29 +00:00
Ben Lindstrom
a9a29e1bed - deraadt@cvs.openbsd.org 2001/02/19 23:09:05 
[sshd.c]
     clarify message to make it not mention "ident"
 2001-02-20 01:20:47 +00:00
Ben Lindstrom
d95c09cc83 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and 
pty.[ch] -> sshpty.[ch]
 2001-02-18 19:13:33 +00:00
Damien Miller
0a4e27d583 - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz 
Miskiewicz <misiek@pld.ORG.PL>
 2001-02-18 12:36:39 +11:00
Ben Lindstrom
5393f9360d - markus@cvs.openbsd.org 2001/02/12 23:26:20 
[sshd.c]
    missing memset; from solar@openwall.com
 2001-02-15 03:17:13 +00:00
Ben Lindstrom
06b33aa0e8 - markus@cvs.openbsd.org 2001/02/11 12:59:25 
[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@
 2001-02-15 03:01:59 +00:00
Ben Lindstrom
f79aeffe3b - markus@cvs.openbsd.org 2001/02/07 22:35:46 
[auth1.c auth2.c sshd.c]
     move k_setpag() to a central place; ok dugsong@
 2001-02-10 21:27:11 +00:00
Ben Lindstrom
31ca54aa86 - itojun@cvs.openbsd.org 2001/02/08 19:30:52 
sync with netbsd tree changes.
     - more strict prototypes, include necessary headers
     - use paths.h/pathnames.h decls
     - size_t typecase to int -> u_long
 2001-02-09 02:11:24 +00:00
Kevin Steves
adf74cdeca - deraadt@cvs.openbsd.org 2001/02/04 16:56:23 
[scp.c sshd.c]
     alpha happiness
   - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
     [sshd.c]
     precedence; ok markus@
    - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
     [ssh.c sshd.c]
     make the alpha happy
 2001-02-05 14:22:50 +00:00
Kevin Steves
ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27 
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
 2001-02-05 12:42:17 +00:00
Damien Miller
7650bc6842 - (djm) OpenBSD CVS Sync: 
- markus@cvs.openbsd.org  2001/01/29 12:47:32
     [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
     handle rsa_private_decrypt failures; helps against the Bleichenbacher
     pkcs#1 attack
 2001-01-30 09:27:26 +11:00
Ben Lindstrom
d53902049e - markus@cvs.openbsd.org 2001/01/28 10:37:26 
[sshd.c]
     remove -Q, no longer needed
 2001-01-29 08:07:43 +00:00
Ben Lindstrom
95fb2dde77 - markus@cvs.openbsd.org 2001/01/22 23:06:39 
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
      sshconnect1.c sshconnect2.c sshd.c]
     rename skey -> challenge response.
     auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
 2001-01-23 03:12:10 +00:00
Ben Lindstrom
b1985f7279 - (bal) OpenBSD Resync 
- markus@cvs.openbsd.org 2001/01/22 8:15:00
     [auth-krb4.c sshconnect1.c]
     only AFS needs radix.[ch]
   - markus@cvs.openbsd.org 2001/01/22 8:32:53
     [auth2.c]
     no need to include; from mouring@etoh.eviladmin.org
   - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
     [key.c]
     free() -> xfree(); ok markus@
   - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
     [sshconnect2.c sshd.c]
     fix memory leaks in SSH2 key exchange; ok markus@
 2001-01-23 00:19:15 +00:00
Ben Lindstrom
226cfa0378 Hopefully things did not get mixed around too much. It compiles under 
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
 2001-01-22 05:34:40 +00:00
Ben Lindstrom
cf0809d644 Removed one more 'ISSUE' comment in auth1.c 
20010120
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26
     [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
 2001-01-19 15:44:10 +00:00
Ben Lindstrom
db65e8fded Please grep through the source and look for 'ISSUE' comments and verify 
that I was able to get all the portable bits in the right location.  As for
the SKEY comment there is an email out to Markus as to how it should be
resolved.  Until then I just #ifdef SKEY/#endif out the whole block.

 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
 2001-01-19 04:26:52 +00:00