Commit Graph

107 Commits

Author SHA1 Message Date
Damien Miller
a1d9a18e14 - reyk@cvs.openbsd.org 2006/01/02 07:53:44
[misc.c]
     clarify tun(4) opening - set the mode and bring the interface up. also
     (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
     suggested and ok by djm@
2006-01-02 23:41:21 +11:00
Damien Miller
a210d52235 - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
[misc.c]
     no trailing "\n" for debug()
2006-01-02 23:40:30 +11:00
Damien Miller
3beb852e09 - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
[includes.h misc.c]
     move <net/if.h>; ok djm@
2006-01-02 23:40:10 +11:00
Damien Miller
2dcddbfaf6 - (djm) [Makefile.in configure.ac includes.h misc.c]
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
         for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
         limited to IPv4 tunnels only, and most versions don't support the
         tap(4) device at all.
2006-01-01 19:47:05 +11:00
Damien Miller
62a31c9fd0 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
again by providing a sys_tun_open() function for your platform and
   setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
   OpenBSD's tunnel protocol, which prepends the address family to the
   packet
2005-12-13 20:44:13 +11:00
Damien Miller
7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
2005-12-13 19:33:19 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-12-13 19:29:02 +11:00
Darren Tucker
ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00
Darren Tucker
bee73d5ce0 - dtucker@cvs.openbsd.org 2005/07/08 09:26:18
[misc.c]
     Make comment match code; ok djm@
2005-07-14 17:05:02 +10:00
Damien Miller
1339002e8b - djm@cvs.openbsd.org 2005/07/04 00:58:43
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
     implement support for X11 and agent forwarding over multiplex slave
     connections. Because of protocol limitations, the slave connections inherit
     the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
     their own.
     ok dtucker@ "put it in" deraadt@
2005-07-06 09:44:19 +10:00
Damien Miller
eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
Damien Miller
6476cad9bb - djm@cvs.openbsd.org 2005/06/06 11:20:36
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
     introduce a generic %foo expansion function. replace existing % expansion
     and add expansion to ControlPath; ok markus@
2005-06-16 13:18:34 +10:00
Damien Miller
5fd38c0ed9 - djm@cvs.openbsd.org 2005/04/09 04:32:54
[misc.c misc.h tildexpand.c Makefile.in]
     replace tilde_expand_filename with a simpler implementation, ahead of
     more whacking; ok deraadt@
2005-05-26 12:02:14 +10:00
Darren Tucker
47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
2005-03-14 23:08:12 +11:00
Damien Miller
f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Darren Tucker
f0f90989fa - dtucker@cvs.openbsd.org 2004/12/11 01:48:56
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
     Fix debug call in error path of authorized_keys processing and fix related
     warnings; ok djm@
2004-12-11 13:39:50 +11:00
Darren Tucker
22cc741096 - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
     Discard over-length authorized_keys entries rather than complaining when
     they don't decode.  bz #884, with & ok djm@
2004-12-06 22:47:41 +11:00
Darren Tucker
c7a6fc41bf - avsm@cvs.openbsd.org 2004/08/11 21:43:05
[channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
     some signed/unsigned int comparison cleanups; markus@ ok
2004-08-13 21:18:00 +10:00
Damien Miller
232711f6db - djm@cvs.openbsd.org 2004/06/14 01:44:39
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
     [sshd.c]
     set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
2004-06-15 10:35:30 +10:00
Darren Tucker
6db8f936ae - markus@cvs.openbsd.org 2003/10/28 09:08:06
[misc.c]
     error->debug for getsockopt+TCP_NODELAY; several requests
2003-11-03 20:07:14 +11:00
Darren Tucker
fb16b2411e - markus@cvs.openbsd.org 2003/09/18 08:49:45
[deattack.c misc.c session.c ssh-agent.c]
     more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
     ok millert@
2003-09-22 21:04:23 +10:00
Ben Lindstrom
5ade9abc37 - (bal) redo how we handle 'mysignal()'. Move it to
openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
   be our 'mysignal' by default.  OK djm@
2003-08-25 01:16:21 +00:00
Damien Miller
ef095ce00a - markus@cvs.openbsd.org 2003/04/12 10:15:36
[misc.c]
     debug->debug2
2003-05-14 13:41:39 +10:00
Ben Lindstrom
1d568f9fce - markus@cvs.openbsd.org 2002/12/13 10:03:15
[channels.c misc.c sshconnect2.c]
     cleanup debug messages, more useful information for the client user.
2002-12-23 02:44:36 +00:00
Ben Lindstrom
05764b9286 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@
2002-03-05 01:53:02 +00:00
Ben Lindstrom
84fcb312ff - markus@cvs.openbsd.org 2002/03/04 13:10:46
[misc.c]
     error-> debug, because O_NONBLOCK for /dev/null causes too many different
     errnos; ok stevesk@, deraadt@
     unused include
2002-03-05 01:48:09 +00:00
Ben Lindstrom
e86de51afb - stevesk@cvs.openbsd.org 2002/02/26 20:03:51
[misc.c]
     use socklen_t
2002-03-05 01:28:14 +00:00
Ben Lindstrom
1ebd7a5342 - stevesk@cvs.openbsd.org 2002/02/24 19:59:42
[channels.c misc.c]
     disable Nagle in connect_to() and channel_post_port_listener() (port
     forwarding endpoints).  the intention is to preserve the on-the-wire
     appearance to applications at either end; the applications can then
     enable TCP_NODELAY according to their requirements. ok markus@
2002-02-26 18:12:51 +00:00
Damien Miller
398e1cfa23 - (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/01/24 21:09:25
     [channels.c misc.c misc.h packet.c]
     add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
     no nagle changes just yet; ok djm@ markus@
2002-02-05 11:52:13 +11:00
Damien Miller
9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom
1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
2001-12-06 18:00:18 +00:00
Ben Lindstrom
4cc240dabb - markus@cvs.openbsd.org 2001/06/26 17:27:25
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
      canohost.h channels.h cipher.h clientloop.h compat.h compress.h
      crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
      hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
      packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
      session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
      sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
      tildexpand.h uidswap.h uuencode.h xmalloc.h]
     remove comments from .h, since they are cut&paste from the .c files
     and out of sync
2001-07-04 04:46:56 +00:00
Kevin Steves
824569537f - (stevesk) handle systems without pw_expire and pw_change. 2001-06-22 21:14:18 +00:00
Ben Lindstrom
3af4d4634f - markus@cvs.openbsd.org 2001/06/16 08:58:34
[misc.c]
     copy pw_expire and pw_change, too.
2001-06-21 03:11:27 +00:00
Ben Lindstrom
352b1c2130 - markus@cvs.openbsd.org 2001/06/16 08:49:38
[misc.c]
     typo; dunlap@apl.washington.edu
2001-06-21 03:04:37 +00:00
Kevin Steves
974fb9cf2f - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
around grantpt().
2001-06-15 00:04:23 +00:00
Ben Lindstrom
1bda4c835e - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
[misc.c misc.h servconf.c sshd.8 sshd.c]
     sshd command-line arguments and configuration file options that
     specify time may be expressed using a sequence of the form:
     time[qualifier], where time is a positive integer value and qualifier
     is one of the following:
         <none>,s,m,h,d,w
     Examples:
         600     600 seconds (10 minutes)
         10m     10 minutes
         1h30m   1 hour 30 minutes (90 minutes)
     ok markus@
2001-06-05 19:59:08 +00:00
Ben Lindstrom
c93e84c2ce - markus@cvs.openbsd.org 2001/05/11 14:59:56
[clientloop.c misc.c misc.h]
     add unset_nonblock for stdout/err flushing in client_loop().
2001-05-12 00:08:37 +00:00
Ben Lindstrom
387c472660 - mouring@cvs.openbsd.org 2001/05/08 19:45:25
[misc.c misc.h scp.c sftp.c]
     Use addargs() in sftp plus some clean up of addargs().  OK Markus
2001-05-08 20:27:25 +00:00
Ben Lindstrom
4529b70b4c - mouring@cvs.openbsd.org 2001/05/03 23:09:53
[misc.c misc.h scp.c sftp.c]
     Move colon() and cleanhost() to misc.c where I should I have put it in
     the first place
2001-05-03 23:39:53 +00:00
Ben Lindstrom
19066a112b - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
     robust port validation; ok markus@ jakob@
2001-04-12 23:39:26 +00:00
Ben Lindstrom
0f68db4e9e - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy() 2001-03-05 07:57:09 +00:00
Ben Lindstrom
4030442d77 - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
[misc.c]
     for completeness, copy pw_gecos too
2001-03-05 06:22:01 +00:00
Ben Lindstrom
069090128c - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
[misc.c]
     pull in protos
2001-03-05 06:09:31 +00:00
Ben Lindstrom
086cf214cf - markus@cvs.openbsd.org 2001/02/22 21:59:44
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
     use pwcopy in ssh.c, too
2001-03-05 05:56:40 +00:00
Damien Miller
722ccb1492 - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
SIGALRM.
2001-02-18 15:18:43 +11:00
Kevin Steves
eff26f275e - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling. 2001-02-18 03:42:02 +00:00
Damien Miller
0318e2e0fb - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
SunOS)
2001-02-18 13:04:23 +11:00
Kevin Steves
e74ebd03c2 KNF 2001-02-17 17:10:16 +00:00
Ben Lindstrom
970c009b8e - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
stevesk
2001-02-17 16:51:07 +00:00
Kevin Steves
799bed85ab - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
needed on Unixware 2.x.
2001-02-16 14:58:12 +00:00
Kevin Steves
fad3c513f0 - (stevesk) misc.c: ssh.h not needed. 2001-02-11 14:34:10 +00:00
Ben Lindstrom
e5b3fb351e - (bal) A bit more whitespace cleanup 2001-02-10 23:56:35 +00:00
Ben Lindstrom
f7d79c794b Useless CVS ID Update. 2001-02-10 23:40:31 +00:00
Kevin Steves
2b725a056a RCSID 2001-02-05 18:16:28 +00:00
Kevin Steves
b6e773acc9 - (stevesk) add mysignal() wrapper and use it for the protocol 2
SIGCHLD handler.
2001-02-04 13:20:36 +00:00
Ben Lindstrom
226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00