RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-26 20:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,908 Commits 69 Branches 0 Tags 27 MiB
a7a73ee35d
Commit Graph

149 Commits

Author SHA1 Message Date
Damien Miller
a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
 2006-08-05 11:37:59 +10:00
Damien Miller
e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Damien Miller
1cdde6f536 - stevesk@cvs.openbsd.org 2006/07/20 15:26:15 
[auth1.c serverloop.c session.c sshconnect2.c]
     missed some needed #include <unistd.h> when KERBEROS5=no; issue from
     massimo@cedoc.mo.it
 2006-07-24 14:07:35 +10:00
Darren Tucker
3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
 2006-07-12 22:22:46 +10:00
Damien Miller
2e5fe88ebe - markus@cvs.openbsd.org 2006/06/08 14:45:49 
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
     do not set the gid, noted by solar; ok djm
 2006-06-13 13:10:00 +10:00
Damien Miller
6b4069ad56 - markus@cvs.openbsd.org 2006/06/06 10:20:20 
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
     replace remaining setuid() calls with permanently_set_uid() and
     check seteuid() return values; report Marcus Meissner; ok dtucker djm
 2006-06-13 13:05:15 +10:00
Damien Miller
e250a94e69 - djm@cvs.openbsd.org 2006/05/08 10:49:48 
[sshconnect2.c]
     uint32_t -> u_int32_t (which we use everywhere else)
     (Id sync only - portable already had this)
 2006-06-13 12:59:53 +10:00
Darren Tucker
232b76f9f8 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27 
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
     Prevent ssh from trying to open private keys with bad permissions more than
     once or prompting for their passphrases (which it subsequently ignores
     anyway), similar to a previous change in ssh-add.  bz #1186, ok djm@
 2006-05-06 17:41:51 +10:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller
07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41 
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
 2006-03-26 14:19:21 +11:00
Damien Miller
5790b5910b - djm@cvs.openbsd.org 2006/03/19 07:41:30 
[sshconnect2.c]
     memory leaks detected by Coverity via elad AT netbsd.org;
     deraadt@ ok
 2006-03-26 13:54:03 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Damien Miller
6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] 
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
 2006-03-15 14:42:54 +11:00
Damien Miller
a63128d1a8 - djm@cvs.openbsd.org 2006/03/07 09:07:40 
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
     Implement the diffie-hellman-group-exchange-sha256 key exchange method
     using the SHA256 code in libc (and wrapper to make it into an OpenSSL
     EVP), interop tested against CVS PuTTY
     NB. no portability bits committed yet
 2006-03-15 12:08:28 +11:00
Damien Miller
f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
 2006-03-15 11:45:54 +11:00
Damien Miller
9cf6d077fb - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
     [sftp.c sshconnect.c sshconnect2.c sshd.c]
     move #include <sys/wait.h> out of includes.h; ok markus@
 2006-03-15 11:29:24 +11:00
Damien Miller
2eb6340ddd - stevesk@cvs.openbsd.org 2006/02/07 01:18:09 
[includes.h ssh-agent.c ssh-keyscan.c sshconnect2.c]
     move #include <sys/queue.h> out of includes.h; ok markus@
 2006-03-15 11:09:42 +11:00
Damien Miller
15d72a00a3 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59 
[ssh-keygen.c ssh.c sshconnect2.c]
     no trailing "\n" for log functions; ok djm@
 2005-11-05 15:07:33 +11:00
Damien Miller
da9984fc3a - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2005/08/30 22:08:05
     [gss-serv.c sshconnect2.c]
     destroy credentials if krb5_kuserok() call fails. Stops credentials being
     delegated to users who are not authorised for GSSAPIAuthentication when
     GSSAPIDeletegateCredentials=yes and another authentication mechanism
     succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
     simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
 2005-08-31 19:46:26 +10:00
Damien Miller
9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40 
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
 2005-07-26 21:54:56 +10:00
Damien Miller
0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55 
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
 2005-07-17 17:22:45 +10:00
Damien Miller
eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33 
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
 2005-06-17 12:59:34 +10:00
Damien Miller
f675fc4948 - djm@cvs.openbsd.org 2004/06/13 12:53:24 
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
     [ssh-keyscan.c sshconnect2.c sshd.c]
     implement diffie-hellman-group14-sha1 kex method (trivial extension to
     existing diffie-hellman-group1-sha1); ok markus@
 2004-06-15 10:30:09 +10:00
Darren Tucker
e608ca2965 - djm@cvs.openbsd.org 2004/05/08 00:21:31 
[clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
     sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
     kill a tiny header; ok deraadt@
 2004-05-13 16:15:47 +10:00
Damien Miller
0b51a52a10 - (djm) OpenBSD CVS Sync 
- henning@cvs.openbsd.org 2004/04/08 16:08:21
     [sshconnect2.c]
     swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what FreeBSD     and NetBSD do.
     ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
 2004-04-20 20:07:19 +10:00
Damien Miller
bd394c329b - markus@cvs.openbsd.org 2004/03/05 10:53:58 
[readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
     add IdentitiesOnly; ok djm@, pb@
 2004-03-08 23:12:36 +11:00
Damien Miller
fb1310eded - markus@cvs.openbsd.org 2004/01/19 21:25:15 
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
     fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
 2004-01-21 11:02:50 +11:00
Damien Miller
787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Damien Miller
0425d40194 - markus@cvs.openbsd.org 2003/11/17 11:06:07 
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h sshconnect2.c ssh-gss.h]
     replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
     test + ok jakob.
 2003-11-17 22:18:21 +11:00
Damien Miller
51bf11fcc9 - djm@cvs.openbsd.org 2003/11/17 09:45:39 
[msg.c msg.h sshconnect2.c ssh-keysign.c]
     return error on msg send/receive failure (rather than fatal); ok markus@
 2003-11-17 21:20:47 +11:00
Damien Miller
91c6aa4468 - markus@cvs.openbsd.org 2003/11/14 13:19:09 
[sshconnect2.c]
     cleanup and minor fixes for the client code; from Simon Wilkinson
 2003-11-17 21:20:18 +11:00
Darren Tucker
655a5e0987 - markus@cvs.openbsd.org 2003/11/02 11:01:03 
[auth2-gss.c compat.c compat.h sshconnect2.c]
     remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
 2003-11-03 20:09:03 +11:00
Darren Tucker
56afe145e0 - avsm@cvs.openbsd.org 2003/10/26 16:57:43 
[sshconnect2.c]
     rename 'supported' static var in userauth_gssapi() to 'gss_supported'
     to avoid shadowing the global version.  markus@ ok
 2003-11-03 20:06:14 +11:00
Darren Tucker
d05b601895 - markus@cvs.openbsd.org 2003/10/11 08:26:43 
[sshconnect2.c]
     search keys in reverse order; fixes #684
 2003-10-15 15:55:59 +10:00
Darren Tucker
796448276c - deraadt@cvs.openbsd.org 2003/10/07 21:58:28 
[sshconnect2.c]
     set ptr to NULL after free
 2003-10-08 17:37:58 +10:00
Darren Tucker
046dff2a07 - dtucker@cvs.openbsd.org 2003/10/07 01:47:27 
[sshconnect2.c]
     Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & #707.
     ok markus@
 2003-10-08 17:32:02 +10:00
Darren Tucker
08bbb2f69d - djm@cvs.openbsd.org 2003/08/25 10:33:33 
[sshconnect2.c]
     fprintf->logit to silence login banner with "ssh -q"; ok markus@
 2003-08-26 12:14:05 +10:00
Darren Tucker
600ad8de76 - deraadt@cvs.openbsd.org 2003/08/24 17:36:52 
[monitor.c monitor_wrap.c sshconnect2.c]
     64 bit cleanups; markus ok
 2003-08-26 12:10:48 +10:00
Darren Tucker
be1a901f99 - markus@cvs.openbsd.org 2003/08/22 13:20:03 
[sshconnect2.c]
     remove support for "kerberos-2@ssh.com"
 2003-08-26 12:04:31 +10:00
Darren Tucker
49aaf4ad52 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h 
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
 2003-08-26 11:58:16 +10:00
Darren Tucker
0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09 
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
 2003-08-26 11:49:55 +10:00
Darren Tucker
502d384b74 - markus@cvs.openbsd.org 2003/06/24 08:23:46 
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
      monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
     int -> u_int; ok djm@, deraadt@, mouring@
 2003-06-28 12:38:01 +10:00
Damien Miller
f842fcb296 - markus@cvs.openbsd.org 2003/05/15 00:28:28 
[sshconnect2.c]
     cleanup unregister of per-method packet handlers; ok djm@
 2003-05-15 12:01:28 +10:00
Damien Miller
4d99519535 - (djm) Avoid KrbV leak for MIT Kerberos 2003-05-14 19:23:56 +10:00
Damien Miller
9c617693c2 - (djm) Make portable build with MIT krb5 (some issues remain) 2003-05-14 14:31:11 +10:00
Damien Miller
3ab496b3dd - markus@cvs.openbsd.org 2003/05/14 02:15:47 
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
     implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
     server interops with commercial client; ok jakob@ djm@
 2003-05-14 13:47:37 +10:00
Damien Miller
280ecfb6e4 - markus@cvs.openbsd.org 2003/05/12 16:55:37 
[sshconnect2.c]
     for pubkey authentication try the user keys in the following order:
        1. agent keys that are found in the config file
        2. other agent keys
        3. keys that are only listed in the config file
     this helps when an agent has many keys, where the server might
     close the connection before the correct key is used. report & ok pb@
 2003-05-14 13:46:00 +10:00
Damien Miller
d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00