Commit Graph

328 Commits

Author SHA1 Message Date
Damien Miller
6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
2006-03-15 14:42:54 +11:00
Damien Miller
a63128d1a8 - djm@cvs.openbsd.org 2006/03/07 09:07:40
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
     Implement the diffie-hellman-group-exchange-sha256 key exchange method
     using the SHA256 code in libc (and wrapper to make it into an OpenSSL
     EVP), interop tested against CVS PuTTY
     NB. no portability bits committed yet
2006-03-15 12:08:28 +11:00
Damien Miller
b24c2f8e33 - djm@cvs.openbsd.org 2006/03/13 08:16:00
[sshd.c]
     don't log that we are listening on a socket before the listen() call
     actually succeeds, bz #1162 reported by Senthil Kumar; ok dtucker@
2006-03-15 12:04:36 +11:00
Damien Miller
6ff3caddb6 oops, this commit is really:
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
     [clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@

the previous was:

   - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
     [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
     [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
     [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
     [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
     [sshconnect2.c sshd.c sshpty.c]
     move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
Damien Miller
f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller
9cf6d077fb - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
     [sftp.c sshconnect.c sshconnect2.c sshd.c]
     move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 11:29:24 +11:00
Damien Miller
17e91c0fb0 - stevesk@cvs.openbsd.org 2006/02/10 00:27:13
[channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
     [ssh.c sshd.c sshpty.c]
     move #include <sys/ioctl.h> out of includes.h; ok markus@
2006-03-15 11:28:34 +11:00
Damien Miller
03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
Damien Miller
7bff1a9b5e - djm@cvs.openbsd.org 2005/12/24 02:27:41
[session.c sshd.c]
     eliminate some code duplicated in privsep and non-privsep paths, and
     explicitly clear SIGALRM handler; "groovy" deraadt@
2005-12-24 14:59:12 +11:00
Damien Miller
788f212aed - djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
     [ssh.c sshconnect.c sshconnect1.c sshd.c]
     no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
Damien Miller
4d3fd54c91 - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
[canohost.c sshd.c]
     Check for connections with IP options earlier and drop silently.  ok djm@
2005-11-05 15:13:24 +11:00
Darren Tucker
45b0142643 - djm@cvs.openbsd.org 2005/09/21 23:37:11
[sshd.c]
     change label at markus@'s request
2005-10-03 18:20:00 +10:00
Darren Tucker
a2cdbda2de - djm@cvs.openbsd.org 2005/09/19 11:47:09
[sshd.c]
     stop connection abort on rekey with delayed compression enabled when
     post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
2005-10-03 18:16:02 +10:00
Darren Tucker
ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
2005-10-03 18:11:24 +10:00
Darren Tucker
c6f8219e0d - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
process when sshd relies on ssh-random-helper.  Should result in faster
   logins on systems without a real random device or prngd.  ok djm@
2005-09-27 22:46:32 +10:00
Damien Miller
9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
2005-07-26 21:54:56 +10:00
Damien Miller
94cf4c8448 - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
   in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
2005-07-17 17:04:47 +10:00
Damien Miller
eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
Damien Miller
677257fe07 - markus@cvs.openbsd.org 2005/06/16 08:00:00
[canohost.c channels.c sshd.c]
     don't exit if getpeername fails for forwarded ports; bugzilla #1054;
     ok djm
2005-06-17 12:55:03 +10:00
Damien Miller
4f1d6b2c11 - djm@cvs.openbsd.org 2005/04/06 09:43:59
[sshd.c]
     avoid harmless logspam by not performing setsockopt() on non-socket;
     ok markus@
2005-05-26 11:59:32 +10:00
Darren Tucker
f3bb434177 - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
handling of password expiry messages returned by AIX's authentication
   routines, originally reported by robvdwal at sara.nl.
2005-03-31 21:39:25 +10:00
Darren Tucker
2b59a6dad6 - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
events earlier, prevents mm_request_send errors reported by Matt Goebel.
2005-03-06 22:38:51 +11:00
Darren Tucker
96d4710e38 - dtucker@cvs.openbsd.org 2005/02/08 22:24:57
[sshd.c]
     Provide reason in error message if getnameinfo fails; ok markus@
2005-02-09 09:53:48 +11:00
Darren Tucker
2e0cf0dca2 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker
269a1ea1c8 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
   (first stage) Add audit instrumentation to sshd, currently disabled by
   default.  with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker
9dc6c7dbec - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process.  Since we also unset KRB5CCNAME at startup, if it's set after
   authentication it must have been set by the platform's native auth system.
   This was already done for AIX; this enables it for the general case.
2005-02-02 18:30:33 +11:00
Darren Tucker
5c14c73429 - otto@cvs.openbsd.org 2005/01/21 08:32:02
[auth-passwd.c sshd.c]
     Warn in advance for password and account expiry; initialize loginmsg
     buffer earlier and clear it after privsep fork. ok and help dtucker@
     markus@
2005-01-24 21:55:49 +11:00
Darren Tucker
ea7c8127ce - dtucker@cvs.openbsd.org 2005/01/17 22:48:39
[sshd.c]
     Make debugging output continue after reexec; ok djm@
2005-01-20 11:03:08 +11:00
Darren Tucker
0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
2005-01-20 10:57:56 +11:00
Darren Tucker
3269b13817 - djm@cvs.openbsd.org 2004/09/25 03:45:14
[sshd.c]
     these printf args are no longer double; ok deraadt@ markus@
2004-11-05 20:20:59 +11:00
Darren Tucker
178fa66a64 - mickey@cvs.openbsd.org 2004/09/15 18:42:27
[sshd.c]
     use less doubles in daemons; markus@ ok
2004-11-05 20:09:09 +11:00
Damien Miller
2aa6d3cfce - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
banner. Suggested by deraadt@, ok mouring@, dtucker@
2004-09-12 16:53:04 +10:00
Darren Tucker
0f56ed16b8 - djm@cvs.openbsd.org 2004/08/28 01:01:48
[sshd.c]
     don't erroneously close stdin for !reexec case, from Dave Johnson;
     ok markus@
2004-08-29 16:38:41 +10:00
Darren Tucker
eb57862e7c - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
messages generated before the postauth privsep split.
2004-08-12 23:08:14 +10:00
Darren Tucker
d8835934c4 - dtucker@cvs.openbsd.org 2004/08/11 11:50:09
[sshd.c]
     Don't try to close startup_pipe if it's not open; ok djm@
2004-08-12 22:42:29 +10:00
Darren Tucker
6832b83744 - markus@cvs.openbsd.org 2004/07/28 08:56:22
[sshd.c]
     call setsid() _before_ re-exec
2004-08-12 22:36:51 +10:00
Darren Tucker
8ae66a5032 - (dtucker) [sshd.c] Remove duplicate variable imported during sync. 2004-08-12 22:16:55 +10:00
Darren Tucker
0999174755 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
     Move "Last logged in at.." message generation to the monitor, right
     before recording the new login.  Fixes missing lastlog message when
     /var/log/lastlog is not world-readable and incorrect datestamp when
     multiple sessions are used (bz #463);  much assistance & ok markus@
2004-07-17 17:05:14 +10:00
Darren Tucker
fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker
ba6de952a0 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
   openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c.  Reduces
   diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
Damien Miller
386c6a2c70 - avsm@cvs.openbsd.org 2004/06/26 20:07:16
[sshd.c]
     initialise some fd variables to -1, djm@ ok
2004-06-30 22:40:20 +10:00
Damien Miller
035a5b47cc - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/25 18:43:36
     [sshd.c]
     fix broken fd handling in the re-exec fallback path, particularly when
     /dev/crypto is in use; ok deraadt@ markus@
2004-06-26 08:16:31 +10:00
Darren Tucker
17c5d03ad3 - (dtucker) [sshd.c] add line missing from reexec sync. 2004-06-25 14:22:23 +10:00
Darren Tucker
586b0b98bf - djm@cvs.openbsd.org 2004/06/25 01:16:09
[sshd.c]
     only perform tcp wrappers checks when the incoming connection is on a
     socket.  silences useless warnings from regress tests that use
     proxycommand="sshd -i".  prompted by david@ ok markus@
2004-06-25 13:34:31 +10:00
Darren Tucker
645ab757bd - djm@cvs.openbsd.org 2004/06/24 19:30:54
[servconf.c servconf.h sshd.c]
     re-exec sshd on accept(); initial work, final debugging and ok markus@
2004-06-25 13:33:20 +10:00
Damien Miller
232711f6db - djm@cvs.openbsd.org 2004/06/14 01:44:39
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
     [sshd.c]
     set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
2004-06-15 10:35:30 +10:00
Damien Miller
f675fc4948 - djm@cvs.openbsd.org 2004/06/13 12:53:24
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
     [ssh-keyscan.c sshconnect2.c sshd.c]
     implement diffie-hellman-group14-sha1 kex method (trivial extension to
     existing diffie-hellman-group1-sha1); ok markus@
2004-06-15 10:30:09 +10:00
Darren Tucker
12984968fb - (dtucker) [sshd.c] Fix typo in comment. 2004-05-24 13:37:13 +10:00
Darren Tucker
e14e005f41 - djm@cvs.openbsd.org 2004/05/09 01:19:28
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
     sshd.c] removed: mpaux.c mpaux.h
     kill some more tiny files; ok deraadt@
2004-05-13 16:30:44 +10:00
Damien Miller
0c889cd9e9 - markus@cvs.openbsd.org 2004/03/11 10:21:17
[ssh.c sshd.c]
     ssh, sshd: sync version output, ok djm
2004-03-22 09:36:00 +11:00