Commit Graph

47 Commits

Author SHA1 Message Date
Damien Miller
278f907a2d - djm@cvs.openbsd.org 2001/12/20 22:50:24
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
     [sshconnect2.c]
     Conformance fix: we should send failing packet sequence number when
     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
     yakk@yakk.dot.net; ok markus@
2001-12-21 15:00:19 +11:00
Damien Miller
e737856350 - markus@cvs.openbsd.org 2001/12/20 16:37:29
[channels.c channels.h session.c]
     setup x11 listen socket for just one connect if the client requests so.
     (v2 only, but the openssh client does not support this feature).
2001-12-21 14:58:35 +11:00
Kevin Steves
366298c696 - (stevesk) OpenBSD CVS sync X11 localhost display
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
     [channels.h channels.c session.c]
     sshd X11 fake server will now listen on localhost by default:
     $ echo $DISPLAY
     localhost:12.0
     $ netstat -an|grep 6012
     tcp        0      0  127.0.0.1.6012         *.*                    LISTEN
     tcp6       0      0  ::1.6012               *.*                    LISTEN
     sshd_config gatewayports=yes can be used to revert back to the old
     behavior.  will control this with another option later.  ok markus@
   - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
     [includes.h session.c]
     handle utsname.nodename case for FamilyLocal X authorization; ok markus@
2001-12-19 17:58:01 +00:00
Ben Lindstrom
623e4a0b1a - stevesk@cvs.openbsd.org 2001/11/29 19:06:39
[channels.h]
     remove dead function prototype; ok markus@
2001-12-06 16:49:57 +00:00
Damien Miller
36f8dd3ed6 - markus@cvs.openbsd.org 2001/11/07 22:53:21
[channels.h]
     crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
2001-11-12 11:04:54 +11:00
Damien Miller
3ec2759ad4 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/10/10 22:18:47
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c session.h]
     try to keep channels open until an exit-status message is sent.
     don't kill the login shells if the shells stdin/out/err is closed.
     this should now work:
     ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
2001-10-12 11:35:04 +10:00
Damien Miller
52b77beb65 - markus@cvs.openbsd.org 2001/10/09 21:59:41
[channels.c channels.h serverloop.c session.c session.h]
     simplify session close: no more delayed session_close, no more blocking wait() calls.
2001-10-10 15:14:37 +10:00
Damien Miller
4623a75462 - markus@cvs.openbsd.org 2001/10/07 17:49:40
[channels.c channels.h]
     avoid possible FD_ISSET overflow for channels established
     during channnel_after_select() (used for dynamic channels).
2001-10-10 15:03:58 +10:00
Ben Lindstrom
908afed17f - markus@cvs.openbsd.org 2001/10/01 21:38:53
[channels.c channels.h ssh.c sshd.c]
     remove ugliness; vp@drexel.edu via angelos
2001-10-03 17:34:59 +00:00
Ben Lindstrom
944c4f0bda - markus@cvs.openbsd.org 2001/09/17 20:52:47
[channels.c channels.h clientloop.c]
     try to fix agent-forwarding-backconnection-bug, as seen on HPUX,
     for example; with Lutz.Jaenicke@aet.TU-Cottbus.DE,
2001-09-18 05:51:13 +00:00
Ben Lindstrom
16d29d57e8 - markus@cvs.openbsd.org 2001/07/17 21:04:58
[channels.c channels.h clientloop.c nchan.c serverloop.c]
     keep track of both maxfd and the size of the malloc'ed fdsets.
     update maxfd if maxfd gets closed.
2001-07-18 16:01:46 +00:00
Ben Lindstrom
809744e912 - markus@cvs.openbsd.org 2001/07/02 22:52:57
[channels.c channels.h serverloop.c]
     improve cleanup/exit logic in ssh2:
     stop listening to channels, detach channel users (e.g. sessions).
     wait for children (i.e. dying sessions), send exit messages,
     cleanup all channels.
2001-07-04 05:26:06 +00:00
Ben Lindstrom
173e646f7e - stevesk@cvs.openbsd.org 2001/06/30 18:08:40
[channels.c channels.h clientloop.c]
     adress -> address; ok markus@
2001-07-04 05:15:15 +00:00
Ben Lindstrom
4cc240dabb - markus@cvs.openbsd.org 2001/06/26 17:27:25
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
      canohost.h channels.h cipher.h clientloop.h compat.h compress.h
      crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
      hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
      packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
      session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
      sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
      tildexpand.h uidswap.h uuencode.h xmalloc.h]
     remove comments from .h, since they are cut&paste from the .c files
     and out of sync
2001-07-04 04:46:56 +00:00
Ben Lindstrom
16ae3d0dba - itojun@cvs.openbsd.org 2001/06/26 06:32:58
[atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
      buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
      compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
      hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
      radix.h readconf.h readpass.h rsa.h]
     prototype pedant.  not very creative...
     - () -> (void)
     - no variable names
2001-07-04 04:02:36 +00:00
Ben Lindstrom
4469723325 - markus@cvs.openbsd.org 2001/06/25 08:25:41
[channels.c channels.h cipher.c clientloop.c compat.c compat.h
      hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
      session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
     update copyright for 2001
2001-07-04 03:32:30 +00:00
Ben Lindstrom
601e43638e - markus@cvs.openbsd.org 2001/06/20 13:56:39
[channels.c channels.h clientloop.c packet.c serverloop.c]
     move from channel_stop_listening to channel_free_all,
     call channel_free_all before calling waitpid() in serverloop.
     fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
2001-06-21 03:19:23 +00:00
Ben Lindstrom
83417a86da - markus@cvs.openbsd.org 2001/06/16 08:50:39
[channels.h]
     bad //-style comment; thx to stevev@darkwing.uoregon.edu
2001-06-21 03:07:27 +00:00
Ben Lindstrom
983c098311 - markus@cvs.openbsd.org 2001/06/04 21:59:43
[channels.c channels.h session.c]
     switch uid when cleaning up tmp files and sockets; reported by
     zen-parse@gmx.net on bugtraq
2001-06-09 01:20:06 +00:00
Ben Lindstrom
838394ca26 - markus@cvs.openbsd.org 2001/06/03 14:55:39
[channels.c channels.h session.c]
     use fatal_register_cleanup instead of atexit, sync with x11 authdir
     handling
2001-06-09 01:11:59 +00:00
Ben Lindstrom
e9c999137a - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged
out of ssh Attic)
2001-06-09 00:41:05 +00:00
Ben Lindstrom
c0dee1a148 - markus@cvs.openbsd.org 2001/05/28 23:14:49
[channels.c channels.h nchan.c]
     undo broken channel fix and try a different one. there
     should be still some select errors...
2001-06-05 20:52:50 +00:00
Ben Lindstrom
99c73b377a - markus@cvs.openbsd.org 2001/05/04 23:47:34
[channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
     move to Channel **channels (instead of Channel *channels), fixes realloc
     problems.  channel_new now returns a Channel *, favour Channel * over
     channel id.  remove old channel_allocate interface.
2001-05-05 04:09:47 +00:00
Ben Lindstrom
5744dc421d - beck@cvs.openbsd.org 2001/04/13 22:46:54
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
     Add options ClientAliveInterval and ClientAliveCountMax to sshd.
     This gives the ability to do a "keepalive" via the encrypted channel
     which can't be spoofed (unlike TCP keepalives). Useful for when you want
     to use ssh connections to authenticate people for something, and know
     relatively quickly when they are no longer authenticated. Disabled
     by default (of course). ok markus@
2001-04-13 23:28:01 +00:00
Ben Lindstrom
3bb4f9da73 - markus@cvs.openbsd.org 2001/04/07 08:55:18
[buffer.c channels.c channels.h readconf.c ssh.c]
     allow the ssh client act as a SOCKS4 proxy (dynamic local
     portforwarding).  work by Dan Kaminsky <dankamin@cisco.com> and me.
     thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
     netscape use localhost:1080 as a socks proxy.
2001-04-08 18:30:26 +00:00
Ben Lindstrom
be2cc43c3a - markus@cvs.openbsd.org 2001/04/04 20:25:38
[channels.c channels.h clientloop.c kex.c kex.h serverloop.c
      sshconnect2.c sshd.c]
     more robust rekeying
     don't send channel data after rekeying is started.
2001-04-04 23:46:07 +00:00
Ben Lindstrom
7bb8b49596 - markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
     implement "permitopen" key option, restricts -L style forwarding to
     to specified host:port pairs. based on work by harlan@genua.de
2001-03-17 00:47:54 +00:00
Damien Miller
79438cc030 - (djm) OpenBSD CVS:
- markus@cvs.openbsd.org  2001/02/15 16:19:59
     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
     [sshconnect1.c sshconnect2.c]
     genericize password padding function for SSH1 and SSH2.
     add stylized echo to 2, too.
 - (djm) Add roundup() macro to defines.h
2001-02-16 12:34:57 +11:00
Kevin Steves
12057500cc - markus@cvs.openbsd.org 2001/01/31 13:37:24
[channels.c channels.h serverloop.c ssh.c]
     do not disconnect if local port forwarding fails, e.g. if port is already in
     use
   - markus@cvs.openbsd.org  2001/02/01 14:58:09
     [channels.c]
     use ipaddr in channel messages, ietf-secsh wants this
   - markus@cvs.openbsd.org  2001/01/31 12:26:20
     [channels.c]
     ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE messages;
     bug report from edmundo@rano.org
2001-02-05 14:54:34 +00:00
Damien Miller
5e953217f1 - (djm) OpenBSD CVS Sync:
- markus@cvs.openbsd.org  2001/01/29 09:55:37
     [channels.c channels.h clientloop.c serverloop.c]
     fix select overflow; ok deraadt@ and stevesk@
2001-01-30 09:14:00 +11:00
Ben Lindstrom
7ad9710334 20001206
- (bal) OpenSSH CVS updates:
   - markus@cvs.openbsd.org 2000/12/05 20:34:09
     [channels.c channels.h clientloop.c serverloop.c]
     async connects for -R/-L; ok deraadt@
   - todd@cvs.openssh.org 2000/12/05 16:47:28
     [sshd.c]
     tweak comment to reflect real location of pid file; ok provos@
2000-12-06 01:42:49 +00:00
Damien Miller
0bc1bd814e - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version
2000-11-13 22:57:25 +11:00
Damien Miller
69b69aa50d - (djm) Sync with OpenBSD:
- markus@cvs.openbsd.org  2000/10/16 15:46:32
     [ssh.1]
     fixes from pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/10/17 14:28:11
     [atomicio.c]
     return number of characters processed; ok deraadt@
   - markus@cvs.openbsd.org  2000/10/18 12:04:02
     [atomicio.c]
     undo
   - markus@cvs.openbsd.org  2000/10/18 12:23:02
     [scp.c]
     replace atomicio(read,...) with read(); ok deraadt@
   - markus@cvs.openbsd.org  2000/10/18 12:42:00
     [session.c]
     restore old record login behaviour
   - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
     [auth-skey.c]
     fmt string problem in unused code
   - provos@cvs.openbsd.org  2000/10/19 10:45:16
     [sshconnect2.c]
     don't reference freed memory. okay deraadt@
   - markus@cvs.openbsd.org  2000/10/21 11:04:23
     [canohost.c]
     typo, eramore@era-t.ericsson.se; ok niels@
   - markus@cvs.openbsd.org  2000/10/23 13:31:55
     [cipher.c]
     non-alignment dependent swap_bytes(); from
     simonb@wasabisystems.com/netbsd
   - markus@cvs.openbsd.org  2000/10/26 12:38:28
     [compat.c]
     add older vandyke products
   - markus@cvs.openbsd.org  2000/10/27 01:32:19
     [channels.c channels.h clientloop.c serverloop.c session.c]
     [ssh.c util.c]
     enable non-blocking IO on channels, and tty's (except for the
     client ttys).
   - markus@cvs.openbsd.org  2000/10/27 01:48:22
     channels.c channels.h clientloop.c
     deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com
2000-10-28 14:19:58 +11:00
Damien Miller
62cee00753 - (djm) OpenBSD CVS sync:
- markus@cvs.openbsd.org  2000/09/17 09:38:59
     [sshconnect2.c sshd.c]
     fix DEBUG_KEXDH
   - markus@cvs.openbsd.org  2000/09/17 09:52:51
     [sshconnect.c]
     yes no; ok niels@
   - markus@cvs.openbsd.org  2000/09/21 04:55:11
     [sshd.8]
     typo
   - markus@cvs.openbsd.org  2000/09/21 05:03:54
     [serverloop.c]
     typo
   - markus@cvs.openbsd.org  2000/09/21 05:11:42
     scp.c
     utime() to utimes(); mouring@pconline.com
   - markus@cvs.openbsd.org  2000/09/21 05:25:08
     sshconnect2.c
     change login logic in ssh2, allows plugin of other auth methods
   - markus@cvs.openbsd.org  2000/09/21 05:25:35
     [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
     [serverloop.c]
     add context to dispatch_run
   - markus@cvs.openbsd.org  2000/09/21 05:07:52
     authfd.c authfd.h ssh-agent.c
     bug compat for old ssh.com software
2000-09-23 17:15:56 +11:00
Damien Miller
e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller
ad833b3e65 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
- (djm) OpenBSD CVS updates:
   - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
     [ssh.c]
     accept remsh as a valid name as well; roman@buildpoint.com
   - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
     [deattack.c crc32.c packet.c]
     rename crc32() to ssh_crc32() to avoid zlib name clash.  do not move to
     libz crc32 function yet, because it has ugly "long"'s in it;
     oneill@cs.sfu.ca
   - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
     [scp.1 scp.c]
     -S prog support; tv@debian.org
   - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
     [scp.c]
     knf
   - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
     [log-client.c]
     shorten
   - markus@cvs.openbsd.org  2000/08/19 12:48:11
     [channels.c channels.h clientloop.c ssh.c ssh.h]
     support for ~. in ssh2
   - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
     [crc32.h]
     proper prototype
   - markus@cvs.openbsd.org  2000/08/19 15:34:44
     [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
     [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
     [fingerprint.c fingerprint.h]
     add SSH2/DSA support to the agent and some other DSA related cleanups.
     (note that we cannot talk to ssh.com's ssh2 agents)
   - markus@cvs.openbsd.org  2000/08/19 15:55:52
     [channels.c channels.h clientloop.c]
     more ~ support for ssh2
   - markus@cvs.openbsd.org  2000/08/19 16:21:19
     [clientloop.c]
     oops
   - millert@cvs.openbsd.org 2000/08/20 12:25:53
     [session.c]
     We have to stash the result of get_remote_name_or_ip() before we
     close our socket or getpeername() will get EBADF and the process
     will exit.  Only a problem for "UseLogin yes".
   - millert@cvs.openbsd.org 2000/08/20 12:30:59
     [session.c]
     Only check /etc/nologin if "UseLogin no" since login(1) may have its
     own policy on determining who is allowed to login when /etc/nologin
     is present.  Also use the _PATH_NOLOGIN define.
   - millert@cvs.openbsd.org 2000/08/20 12:42:43
     [auth1.c auth2.c session.c ssh.c]
     Add calls to setusercontext() and login_get*().  We basically call
     setusercontext() in most places where previously we did a setlogin().
     Add default login.conf file and put root in the "daemon" login class.
   - millert@cvs.openbsd.org 2000/08/21 10:23:31
     [session.c]
     Fix incorrect PATH setting; noted by Markus.
2000-08-23 10:46:23 +10:00
Damien Miller
6536c7d3c9 - OpenBSD CVS Updates:
- markus@cvs.openbsd.org  2000/06/18 18:50:11
     [auth2.c compat.c compat.h sshconnect2.c]
     make userauth+pubkey interop with ssh.com-2.2.0
   - markus@cvs.openbsd.org  2000/06/18 20:56:17
     [dsa.c]
     mem leak + be more paranoid in dsa_verify.
   - markus@cvs.openbsd.org  2000/06/18 21:29:50
     [key.c]
     cleanup fingerprinting, less hardcoded sizes
   - markus@cvs.openbsd.org  2000/06/19 19:39:45
     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
     OpenBSD tag
   - markus@cvs.openbsd.org  2000/06/21 10:46:10
     sshconnect2.c missing free; nuke old comment
2000-06-22 21:32:31 +10:00
Damien Miller
d3a185709d - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
 - (djm) OpenBSD CVS updates:
  - todd@cvs.openbsd.org
    [sshconnect2.c]
    teach protocol v2 to count login failures properly and also enable an
    explanation of why the password prompt comes up again like v1; this is NOT
    crypto
  - markus@cvs.openbsd.org
    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
    xauth_location support; pr 1234
    [readconf.c sshconnect2.c]
    typo, unused
    [session.c]
    allow use_login only for login sessions, otherwise remote commands are
    execed with uid==0
    [sshd.8]
    document UseLogin better
    [version.h]
    OpenSSH 2.1.1
    [auth-rsa.c]
    fix match_hostname() logic for auth-rsa: deny access if we have a
    negative match or no match at all
    [channels.c hostfile.c match.c]
    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
    kris@FreeBSD.org
2000-06-07 19:55:44 +10:00
Damien Miller
e247cc402b - Remove references to SSLeay.
- Big OpenBSD CVS update
  - markus@cvs.openbsd.org
    [clientloop.c]
    - typo
    [session.c]
    - update proctitle on pty alloc/dealloc, e.g. w/ windows client
    [session.c]
    - update proctitle for proto 1, too
    [channels.h nchan.c serverloop.c session.c sshd.c]
    - use c-style comments
  - deraadt@cvs.openbsd.org
    [scp.c]
    - more atomicio
  - markus@cvs.openbsd.org
    [channels.c]
    - set O_NONBLOCK
    [ssh.1]
    - update AUTHOR
    [readconf.c ssh-keygen.c ssh.h]
    - default DSA key file ~/.ssh/id_dsa
    [clientloop.c]
    - typo, rm verbose debug
  - deraadt@cvs.openbsd.org
    [ssh-keygen.1]
    - document DSA use of ssh-keygen
    [sshd.8]
    - a start at describing what i understand of the DSA side
    [ssh-keygen.1]
    - document -X and -x
    [ssh-keygen.c]
    - simplify usage
  - markus@cvs.openbsd.org
    [sshd.8]
    - there is no rhosts_dsa
    [ssh-keygen.1]
    - document -y, update -X,-x
    [nchan.c]
    - fix close for non-open ssh1 channels
    [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
    - s/DsaKey/HostDSAKey/, document option
    [sshconnect2.c]
    - respect number_of_password_prompts
    [channels.c channels.h servconf.c servconf.h session.c sshd.8]
    - GatewayPorts for sshd, ok deraadt@
    [ssh-add.1 ssh-agent.1 ssh.1]
    - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
    [ssh.1]
    - more info on proto 2
    [sshd.8]
    - sync AUTHOR w/ ssh.1
    [key.c key.h sshconnect.c]
    - print key type when talking about host keys
    [packet.c]
    - clear padding in ssh2
    [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
    - replace broken uuencode w/ libc b64_ntop
    [auth2.c]
    - log failure before sending the reply
    [key.c radix.c uuencode.c]
    - remote trailing comments before calling __b64_pton
    [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
    [sshconnect2.c sshd.8]
    - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 12:03:14 +10:00
Damien Miller
bd483e7690 - More OpenBSD updates:
[session.c]
   - don't call chan_write_failed() if we are not writing
   [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
   - keysize warnings error() -> log()
2000-04-30 10:00:53 +10:00
Damien Miller
4af51306d9 - OpenBSD CVS updates.
[ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   - whitespace cleanup
2000-04-16 11:18:38 +10:00
Damien Miller
33b13568b5 - OpenBSD CVS update:
- [packet.h packet.c]
     ssh2 packet format
   - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
     [channels.h channels.c]
     channel layer support for ssh2
   - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
     DSA, keyexchange, algorithm agreement for ssh2
2000-04-04 14:38:59 +10:00
Damien Miller
b38eff8e4f - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
- [auth.c session.c sshd.c auth.h]
     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
   - [bufaux.c bufaux.h]
     support ssh2 bignums
   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
     [readconf.c ssh.c ssh.h serverloop.c]
     replace big switch() with function tables (prepare for ssh2)
   - [ssh2.h]
     ssh2 message type codes
   - [sshd.8]
     reorder Xr to avoid cutting
   - [serverloop.c]
     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
   - [channels.c]
     missing close
     allow bigger packets
   - [cipher.c cipher.h]
     support ssh2 ciphers
   - [compress.c]
     cleanup, less code
   - [dispatch.c dispatch.h]
     function tables for different message types
   - [log-server.c]
     do not log() if debuggin to stderr
     rename a cpp symbol, to avoid param.h collision
   - [mpaux.c]
     KNF
   - [nchan.c]
     sync w/ channels.c
2000-04-01 11:09:21 +10:00
Damien Miller
5428f646ad - More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
   - [channels.c]
     report from mrwizard@psu.edu via djm@ibs.com.au
   - [channels.c]
     set SO_REUSEADDR and SO_LINGER for forwarded ports.
     chip@valinux.com via damien@ibs.com.au
   - [nchan.c]
     it's not an error() if shutdown_write failes in nchan.
   - [readconf.c]
     remove dead #ifdef-0-code
   - [readconf.c servconf.c]
     strcasecmp instead of tolower
   - [scp.c]
     progress meter overflow fix from damien@ibs.com.au
   - [ssh-add.1 ssh-add.c]
     SSH_ASKPASS support
   - [ssh.1 ssh.c]
     postpone fork_after_authentication until command execution,
     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
     plus: use daemon() for backgrounding
1999-11-25 11:54:57 +11:00
Damien Miller
95def09838 - Merged very large OpenBSD source code reformat
- OpenBSD CVS updates
   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
     [ssh.h sshd.8 sshd.c]
     syslog changes:
     * Unified Logmessage for all auth-types, for success and for failed
     * Standard connections get only ONE line in the LOG when level==LOG:
       Auth-attempts are logged only, if authentication is:
          a) successfull or
          b) with passwd or
          c) we had more than AUTH_FAIL_LOG failues
     * many log() became verbose()
     * old behaviour with level=VERBOSE
   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
     messages. allows use of s/key in windows (ttssh, securecrt) and
     ssh-1.2.27 clients without 'ssh -v', ok: niels@
   - [sshd.8]
     -V, for fallback to openssh in SSH2 compatibility mode
   - [sshd.c]
     fix sigchld race; cjc5@po.cwru.edu
1999-11-25 00:26:21 +11:00
Damien Miller
1e4772c32c Merged latest OpenBSD changes:
nchan.ms -\
channels.[ch] - remove broken x11 fix and document istate/ostate
ssh-agent.c - call setsid() regardless of argv[]
ssh.c - save a few lines when disabling rhosts-{rsa-}auth
1999-10-30 11:39:56 +10:00
Damien Miller
d4a8b7e34d Initial revision 1999-10-27 13:42:43 +10:00