Commit Graph

4800 Commits

Author SHA1 Message Date
Damien Miller
a6680a4e35 - djm@cvs.openbsd.org 2006/06/13 01:18:36
[ssh-agent.c]
     always use a format string, even when printing a constant
   - djm@cvs.openbsd.org 2006/06/13 02:17:07
     [ssh-agent.c]
     revert; i am on drugs. spotted by alexander AT beard.se
2006-06-13 13:10:18 +10:00
Damien Miller
2e5fe88ebe - markus@cvs.openbsd.org 2006/06/08 14:45:49
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
     do not set the gid, noted by solar; ok djm
2006-06-13 13:10:00 +10:00
Damien Miller
6b4069ad56 - markus@cvs.openbsd.org 2006/06/06 10:20:20
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
     replace remaining setuid() calls with permanently_set_uid() and
     check seteuid() return values; report Marcus Meissner; ok dtucker djm
2006-06-13 13:05:15 +10:00
Damien Miller
eb13e556e5 - markus@cvs.openbsd.org 2006/06/01 09:21:48
[sshd.c]
     call get_remote_ipaddr() early; fixes logging after client disconnects;
     report mpf@; ok dtucker@
2006-06-13 13:03:53 +10:00
Damien Miller
7b1e757b28 - mk@cvs.openbsd.org 2006/05/30 11:46:38
[ssh-add.c]
     Sync usage() with man page and reality.
     ok deraadt dtucker
2006-06-13 13:03:34 +10:00
Damien Miller
fbc94c857a - jmc@cvs.openbsd.org 2006/05/29 16:13:23
[ssh.1]
     add GSSAPI to the list of authentication methods supported;
2006-06-13 13:03:16 +10:00
Damien Miller
3c6ed7bbd5 - jmc@cvs.openbsd.org 2006/05/29 16:10:03
[ssh_config.5]
     oops - previous was too long; split the list of auths up
2006-06-13 13:01:41 +10:00
Damien Miller
81a38928eb - dtucker@cvs.openbsd.org 2006/05/29 12:56:33
[ssh_config]
     Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample
     ssh_config.  ok markus@
2006-06-13 13:01:09 +10:00
Damien Miller
658f945538 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08
[ssh_config.5]
     Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2006-06-13 13:00:55 +10:00
Damien Miller
ad6b14d274 - miod@cvs.openbsd.org 2006/05/18 21:27:25
[kexdhc.c kexgexc.c]
     paramter -> parameter
2006-06-13 13:00:41 +10:00
Damien Miller
40b5985fe0 - markus@cvs.openbsd.org 2006/05/17 12:43:34
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c]
     fix leak; coverity via Kylene Jo Hall
2006-06-13 13:00:25 +10:00
Damien Miller
24fd8ddd61 - markus@cvs.openbsd.org 2006/05/16 09:00:00
[clientloop.c]
     missing free; from Kylene Hall
2006-06-13 13:00:09 +10:00
Damien Miller
e250a94e69 - djm@cvs.openbsd.org 2006/05/08 10:49:48
[sshconnect2.c]
     uint32_t -> u_int32_t (which we use everywhere else)
     (Id sync only - portable already had this)
2006-06-13 12:59:53 +10:00
Darren Tucker
f14b2aa672 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
and slave, we can remove the special-case handling in the audit hook in
   auth_log.
2006-05-21 18:26:40 +10:00
Darren Tucker
f58b29d515 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
pointer leak.  From kjhall at us.ibm.com, found by coverity.
2006-05-17 22:24:56 +10:00
Darren Tucker
73373877db typo 2006-05-15 17:24:25 +10:00
Darren Tucker
2c77b7f1c1 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
do not allow kbdint again after the PAM account check fails.  ok djm@
2006-05-15 17:22:33 +10:00
Darren Tucker
cefd8bb36d - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservative
default.  Patch originally from tim@, ok djm
2006-05-15 17:17:29 +10:00
Darren Tucker
13c539a4dc - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
_res, prevents problems on some platforms that have _res as a global but
   don't have getrrsetbyname(), eg IRIX 5.3.  Found and tested by
   georg.schwarz at freenet.de, ok djm@.
2006-05-15 17:15:56 +10:00
Darren Tucker
43ff44e7db - dtucker@cvs.openbsd.org 2006/05/06 08:35:40
[auth-krb5.c]
     Add $OpenBSD$ in comment here too
2006-05-06 18:40:53 +10:00
Darren Tucker
f779f672eb - djm@cvs.openbsd.org 2006/04/01 05:37:46
[OVERVIEW]
     $OpenBSD$ in here too
2006-05-06 17:48:48 +10:00
Darren Tucker
31cde6828d - djm@cvs.openbsd.org 2006/05/04 14:55:23
[dh.c]
     tighter DH exponent checks here too; feedback and ok markus@
2006-05-06 17:43:33 +10:00
Darren Tucker
232b76f9f8 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
     Prevent ssh from trying to open private keys with bad permissions more than
     once or prompting for their passphrases (which it subsequently ignores
     anyway), similar to a previous change in ssh-add.  bz #1186, ok djm@
2006-05-06 17:41:51 +10:00
Darren Tucker
d8093e49bf - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
   in Portable-only code; since calloc zeros, remove now-redundant memsets.
   Also add a couple of sanity checks.  With & ok djm@
2006-05-04 16:24:34 +10:00
Darren Tucker
596d33801f - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
and double including it on IRIX 5.3 causes problems.  From Georg Schwarz,
   "no objections" tim@
2006-05-03 19:01:09 +10:00
Damien Miller
7b50b2030b missing file 2006-04-23 12:31:27 +10:00
Damien Miller
2bdd1c117c - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to get
sig_atomic_t
2006-04-23 12:28:53 +10:00
Damien Miller
f53429bebf - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
[bufaux.c bufbn.c Makefile.in]
     Move Buffer bignum functions into their own file, bufbn.c. This means
     that sftp and sftp-server (which use the Buffer functions in bufaux.c
     but not the bignum ones) no longer need to be linked with libcrypto.
     ok markus@
2006-04-23 12:15:08 +10:00
Damien Miller
08d4b0ca5d - stevesk@cvs.openbsd.org 2006/04/22 18:29:33
[crc32.c]
     remove extra spaces
2006-04-23 12:12:24 +10:00
Damien Miller
2282c6e305 - djm@cvs.openbsd.org 2006/04/22 04:06:51
[uidswap.c]
     use setres[ug]id() to permanently revoke privileges; ok deraadt@
     (ID Sync only - portable already uses setres[ug]id() whenever possible)
2006-04-23 12:11:57 +10:00
Damien Miller
525a0b090f - djm@cvs.openbsd.org 2006/04/20 21:53:44
[includes.h session.c sftp.c]
     Switch from using pipes to socketpairs for communication between
     sftp/scp and ssh, and between sshd and its subprocesses. This saves
     a file descriptor per session and apparently makes userland ppp over
     ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
     decision on a per-platform basis)
2006-04-23 12:10:49 +10:00
Damien Miller
56e5e6ad11 - markus@cvs.openbsd.org 2006/04/20 09:47:59
[sshconnect.c]
     simplify; ok djm@
2006-04-23 12:08:59 +10:00
Damien Miller
97c91f688f - djm@cvs.openbsd.org 2006/04/20 09:27:09
[auth.h clientloop.c dispatch.c dispatch.h kex.h]
     replace the last non-sig_atomic_t flag used in a signal handler with a
     sig_atomic_t, unfortunately with some knock-on effects in other (non-
     signal) contexts in which it is used; ok markus@
2006-04-23 12:08:37 +10:00
Damien Miller
58629fad82 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28
[bufaux.c bufbn.c]
     Move Buffer bignum functions into their own file, bufbn.c. This means
     that sftp and sftp-server (which use the Buffer functions in bufaux.c
     but not the bignum ones) no longer need to be linked with libcrypto.
     ok markus@
2006-04-23 12:08:19 +10:00
Damien Miller
b5ea7e7c03 - djm@cvs.openbsd.org 2006/04/16 07:59:00
[atomicio.c]
     reorder sanity test so that it cannot dereference past the end of the
     iov array; well spotted canacar@!
2006-04-23 12:06:49 +10:00
Damien Miller
58ca98bfe1 - djm@cvs.openbsd.org 2006/04/16 00:54:10
[sftp-client.c]
     avoid making a tiny 4-byte write to send the packet length of sftp
     commands, which would result in a separate tiny packet on the wire by
     using atomiciov(writev, ...) to write the length and the command in one
     pass; ok deraadt@
2006-04-23 12:06:35 +10:00
Damien Miller
6aa139c41f - djm@cvs.openbsd.org 2006/04/16 00:52:55
[atomicio.c atomicio.h]
     introduce atomiciov() function that wraps readv/writev to retry
     interrupted transfers like atomicio() does for read/write;
     feedback deraadt@ dtucker@ stevesk@ ok deraadt@
2006-04-23 12:06:20 +10:00
Damien Miller
499a0d5ada - djm@cvs.openbsd.org 2006/04/16 00:48:52
[buffer.c buffer.h channels.c]
     Fix condition where we could exit with a fatal error when an input
     buffer became too large and the remote end had advertised a big window.
     The problem was a mismatch in the backoff math between the channels code
     and the buffer code, so make a buffer_check_alloc() function that the
     channels code can use to propsectivly check whether an incremental
     allocation will succeed.  bz #1131, debugged with the assistance of
     cove AT wildpackets.com; ok dtucker@ deraadt@
2006-04-23 12:06:03 +10:00
Damien Miller
63e437f053 - djm@cvs.openbsd.org 2006/04/03 07:10:38
[gss-genr.c]
     GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066
     by dleonard AT vintela.com. use xasprintf() to simplify code while in
     there; "looks right" deraadt@
2006-04-23 12:05:46 +10:00
Damien Miller
603e68f1a2 - dtucker@cvs.openbsd.org 2006/04/02 08:34:52
[ssh-keysign.c]
     sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
2006-04-23 12:05:32 +10:00
Damien Miller
3db7846802 - djm@cvs.openbsd.org 2006/04/01 05:51:34
[atomicio.c]
     ANSIfy; requested deraadt@
2006-04-23 12:05:16 +10:00
Damien Miller
7a656f7922 - djm@cvs.openbsd.org 2006/04/01 05:50:29
[scp.c]
     xasprintification; ok deraadt@
2006-04-23 12:04:46 +10:00
Damien Miller
07aa132a5e - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2006/04/01 05:42:20
     [scp.c]
     minimal lint cleanup (unused crud, and some size_t); ok djm
2006-04-23 12:04:27 +10:00
Damien Miller
73b42d2bb0 - (djm) [Makefile.in configure.ac session.c sshpty.c]
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
   [openbsd-compat/port-linux.h] Add support for SELinux, setting
   the execution and TTY contexts. based on patch from Daniel Walsh,
   bz #880; ok dtucker@
2006-04-22 21:26:08 +10:00
Damien Miller
2eaf37d899 - (djm) Reorder IP options check so that it isn't broken by
mapped addresses; bz #1179 reported by markw wtech-llc.com;
   ok dtucker@
2006-04-18 15:13:16 +10:00
Damien Miller
dfc6183f13 - djm@cvs.openbsd.org 2006/03/31 09:13:56
[ssh_config.5]
     remote user escape is %r not %h; spotted by jmc@
2006-03-31 23:14:57 +11:00
Damien Miller
c6437cf00a - jmc@cvs.openbsd.org 2006/03/31 09:09:30
[ssh_config.5]
     kill trailing whitespace;
2006-03-31 23:14:41 +11:00
Damien Miller
7a8f5b330d - dtucker@cvs.openbsd.org 2006/03/30 11:40:21
[auth.c monitor.c]
     Prevent duplicate log messages when privsep=yes; ok djm@
2006-03-31 23:14:23 +11:00
Damien Miller
e23209f434 - dtucker@cvs.openbsd.org 2006/03/30 11:05:17
[ssh-keygen.c]
     Correctly handle truncated files while converting keys; ok djm@
2006-03-31 23:13:35 +11:00
Damien Miller
6b1d53c2b0 - djm@cvs.openbsd.org 2006/03/30 10:41:25
[ssh.c ssh_config.5]
     add percent escape chars to the IdentityFile option, bz #1159 based
     on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@
2006-03-31 23:13:21 +11:00