Commit Graph

6451 Commits

Author SHA1 Message Date
Damien Miller
ab3575c055 - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134 2013-08-01 14:34:16 +10:00
Damien Miller
c192a4c4f6 - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
blocking connecting socket will clear any stored errno that might
   otherwise have been retrievable via getsockopt(). A hack to limit writes
   to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
   it in an #ifdef. Diagnosis and patch from Ivo Raisr.
2013-08-01 14:29:20 +10:00
Tim Rice
81f7cf1ec5 more correct comment for last commit 2013-07-25 18:41:40 -07:00
Tim Rice
0553ad76ff - (tim) [regress/forwarding.sh] Fix for building outside read only source tree. 2013-07-25 16:03:16 -07:00
Tim Rice
ed899eb597 - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
Solaris and UnixWare. Feedback and OK djm@
2013-07-25 15:40:00 -07:00
Damien Miller
d1e26cf391 - djm@cvs.openbsd.org 2013/06/21 02:26:26
[regress/sftp-cmds.sh regress/test-exec.sh]
     unbreak sftp-cmds for renamed test data (s/ls/data/)
2013-07-25 12:11:18 +10:00
Damien Miller
78d47b7c5b - dtucker@cvs.openbsd.org 2013/06/10 21:56:43
[regress/forwarding.sh]
     Add test for forward config parsing
2013-07-25 12:08:46 +10:00
Damien Miller
fea440639e - dtucker@cvs.openbsd.org 2013/05/30 20:12:32
[regress/test-exec.sh]
     use ssh and sshd as testdata since it needs to be >256k for the rekey test
2013-07-25 12:08:07 +10:00
Damien Miller
53435b2d87 - djm@cvs.openbsd.org 2013/07/25 00:57:37
[version.h]
     openssh-6.3 for release
2013-07-25 11:57:15 +10:00
Damien Miller
0d032419ee - djm@cvs.openbsd.org 2013/07/25 00:56:52
[sftp-client.c sftp-client.h sftp.1 sftp.c]
     sftp support for resuming partial downloads; patch mostly by Loganaden
     Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
2013-07-25 11:56:52 +10:00
Damien Miller
98e27dcf58 - djm@cvs.openbsd.org 2013/07/25 00:29:10
[ssh.c]
     daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
     it is fully detached from its controlling terminal. based on debugging
2013-07-25 11:55:52 +10:00
Damien Miller
94c9cd34d1 - djm@cvs.openbsd.org 2013/07/22 12:20:02
[umac.h]
     oops, forgot to commit corresponding header change;
     spotted by jsg and jasper
2013-07-25 11:55:39 +10:00
Damien Miller
c331dbd222 - djm@cvs.openbsd.org 2013/07/22 05:00:17
[umac.c]
     make MAC key, data to be hashed and nonce for final hash const;
     checked with -Wcast-qual
2013-07-25 11:55:20 +10:00
Damien Miller
c8669a8cd2 - djm@cvs.openbsd.org 2013/07/20 22:20:42
[krl.c]
     fix verification error in (as-yet usused) KRL signature checking path
2013-07-25 11:52:48 +10:00
Damien Miller
63ddc899d2 - djm@cvs.openbsd.org 2013/07/20 01:55:13
[auth-krb5.c gss-serv-krb5.c gss-serv.c]
     fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
2013-07-20 13:35:45 +10:00
Damien Miller
1f0e86f23f - djm@cvs.openbsd.org 2013/07/20 01:50:20
[ssh-agent.c]
     call cleanup_handler on SIGINT when in debug mode to ensure sockets
     are cleaned up on manual exit; bz#2120
2013-07-20 13:22:49 +10:00
Damien Miller
3009d3cbb8 - djm@cvs.openbsd.org 2013/07/20 01:44:37
[ssh-keygen.c ssh.c]
     More useful error message on missing current user in /etc/passwd
2013-07-20 13:22:31 +10:00
Damien Miller
32ecfa0f79 - djm@cvs.openbsd.org 2013/07/20 01:43:46
[umac.c]
     use a union to ensure correct alignment; ok deraadt
2013-07-20 13:22:13 +10:00
Damien Miller
85b45e0918 - markus@cvs.openbsd.org 2013/07/19 07:37:48
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
     [servconf.h session.c sshd.c sshd_config.5]
     add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
     or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
     ok djm@
2013-07-20 13:21:52 +10:00
Damien Miller
d93340cbb6 - djm@cvs.openbsd.org 2013/07/18 01:12:26
[ssh.1]
     be more exact wrt perms for ~/.ssh/config; bz#2078
2013-07-18 16:14:34 +10:00
Damien Miller
bf836e535d - schwarze@cvs.openbsd.org 2013/07/16 00:07:52
[scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
     use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
2013-07-18 16:14:13 +10:00
Damien Miller
649fe025a4 - djm@cvs.openbsd.org 2013/07/12 05:48:55
[ssh.c]
     set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
2013-07-18 16:13:55 +10:00
Damien Miller
5bb8833e80 - djm@cvs.openbsd.org 2013/07/12 05:42:03
[ssh-keygen.c]
     do_print_resource_record() can never be called with a NULL filename, so
     don't attempt (and bungle) asking for one if it has not been specified
     bz#2127 ok dtucker@
2013-07-18 16:13:37 +10:00
Damien Miller
7313fc9222 - djm@cvs.openbsd.org 2013/07/12 00:43:50
[misc.c]
     in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
     errno == 0. Avoids confusing error message in some broken resolver
     cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
2013-07-18 16:13:19 +10:00
Damien Miller
746d1a6c52 - djm@cvs.openbsd.org 2013/07/12 00:20:00
[sftp.c ssh-keygen.c ssh-pkcs11.c]
     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:13:02 +10:00
Damien Miller
ce98654674 - djm@cvs.openbsd.org 2013/07/12 00:19:59
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
     [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 16:12:44 +10:00
Damien Miller
0d02c3e10e - markus@cvs.openbsd.org 2013/07/02 12:31:43
[dh.c]
     remove extra whitespace
2013-07-18 16:12:06 +10:00
Damien Miller
fecfd118d6 - jmc@cvs.openbsd.org 2013/06/27 14:05:37
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     do not use Sx for sections outwith the man page - ingo informs me that
     stuff like html will render with broken links;

     issue reported by Eric S. Raymond, via djm
2013-07-18 16:11:50 +10:00
Damien Miller
bc35d92e78 - djm@cvs.openbsd.org 2013/06/22 06:31:57
[scp.c]
     improved time_t overflow check suggested by guenther@
2013-07-18 16:11:25 +10:00
Damien Miller
8158441d01 - djm@cvs.openbsd.org 2013/06/21 05:43:10
[scp.c]
     make this -Wsign-compare clean after time_t conversion
2013-07-18 16:11:07 +10:00
Damien Miller
bbeb1dac55 - djm@cvs.openbsd.org 2013/06/21 05:42:32
[dh.c]
     sprinkle in some error() to explain moduli(5) parse failures
2013-07-18 16:10:49 +10:00
Damien Miller
7f2b438ca0 - djm@cvs.openbsd.org 2013/06/21 00:37:49
[ssh_config.5]
     explicitly mention that IdentitiesOnly can be used with IdentityFile
     to control which keys are offered from an agent.
2013-07-18 16:10:29 +10:00
Damien Miller
20bdcd7236 - djm@cvs.openbsd.org 2013/06/21 00:34:49
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
     for hostbased authentication, print the client host and user on
     the auth success/failure line; bz#2064, ok dtucker@
2013-07-18 16:10:09 +10:00
Damien Miller
3071070b39 - markus@cvs.openbsd.org 2013/06/20 19:15:06
[krl.c]
     don't leak the rdata blob on errors; ok djm@
2013-07-18 16:09:44 +10:00
Damien Miller
044bd2a7dd - guenther@cvs.openbsd.org 2013/06/17 04:48:42
[scp.c]
     Handle time_t values as long long's when formatting them and when
     parsing them from remote servers.
     Improve error checking in parsing of 'T' lines.

     ok dtucker@ deraadt@
2013-07-18 16:09:25 +10:00
Damien Miller
9a66155421 - dtucker@cvs.openbsd.org 2013/06/10 19:19:44
[readconf.c]
     revert 1.203 while we investigate crashes reported by okan@
2013-07-18 16:09:04 +10:00
Darren Tucker
b7482cff46 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
contrib/cygwin/ssh-user-config] Modernizes and improve readability of
   the Cygwin README file (which hasn't been updated for ages), drop
   unsupported OSes from the ssh-host-config help text, and drop an
   unneeded option from ssh-user-config.  Patch from vinschen at redhat com.
2013-07-02 20:06:46 +10:00
Darren Tucker
b8ae92d08b - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
and add some comments so it's clear what goes where.
2013-06-11 12:10:02 +10:00
Darren Tucker
97b62f41ad - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
the required OpenSSL support.  Patch from naddy at freebsd.
2013-06-11 11:47:24 +10:00
Darren Tucker
6d8bd57448 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-11 11:26:10 +10:00
Damien Miller
36187093ea - dtucker@cvs.openbsd.org 2013/06/07 15:37:52
[channels.c channels.h clientloop.c]
     Add an "ABANDONED" channel state and use for mux sessions that are
     disconnected via the ~. escape sequence.  Channels in this state will
     be able to close if the server responds, but do not count as active channels.
     This means that if you ~. all of the mux clients when using ControlPersist
     on a broken network, the backgrounded mux master will exit when the
     Control Persist time expires rather than hanging around indefinitely.
     bz#1917, also reported and tested by tedu@.  ok djm@ markus@.
2013-06-10 13:07:11 +10:00
Darren Tucker
ae133d4b31 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
platforms that don't have multibyte character support (specifically,
    mblen).
2013-06-06 08:30:20 +10:00
Darren Tucker
408eaf3ab7 - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
[readconf.c]
     plug another memleak.  bz#1967, from Zhenbo Xu, detected by Melton, ok djm
2013-06-06 08:22:46 +10:00
Darren Tucker
e52a260f16 - dtucker@cvs.openbsd.org 2013/06/05 12:52:38
[sshconnect2.c]
     Fix memory leaks found by Zhenbo Xu and the Melton tool.  bz#1967, ok djm
2013-06-06 08:22:05 +10:00
Darren Tucker
0cca17fa18 - dtucker@cvs.openbsd.org 2013/06/05 02:27:50
[sshd.c]
     When running sshd -D, close stderr unless we have explicitly requesting
     logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
     so, err, ok dtucker.
2013-06-06 08:21:14 +10:00
Darren Tucker
746e9067bd - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
[mux.c]
     fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
     ok djm
2013-06-06 08:20:13 +10:00
Darren Tucker
ea64721275 - dtucker@cvs.openbsd.org 2013/06/04 20:42:36
[sftp.c]
     Make sftp's libedit interface marginally multibyte aware by building up
     the quoted string by character instead of by byte.  Prevents failures
     when linked against a libedit built with wide character support (bz#1990).
     "looks ok" djm
2013-06-06 08:19:09 +10:00
Darren Tucker
194454d7a8 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
[scp.c]
     use MAXPATHLEN for buffer size instead of fixed value.  ok markus
2013-06-06 08:16:04 +10:00
Darren Tucker
4ac66af091 - dtucker@cvs.openbsd.org 2013/06/03 00:03:18
[mac.c]
     force the MAC output to be 64-bit aligned so umac won't see unaligned
     accesses on strict-alignment architectures.  bz#2101, patch from
     tomas.kuthan at oracle.com, ok djm@
2013-06-06 08:12:37 +10:00
Darren Tucker
ea8342c248 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
[clientloop.h clientloop.c mux.c]
     No need for the mux cleanup callback to be visible so restore it to static
     and call it through the detach_user function pointer.  ok djm@
2013-06-06 08:11:40 +10:00