RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-03 08:12:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,528 Commits 69 Branches 157 Tags 27 MiB
f85b118d21
Commit Graph

188 Commits

Author SHA1 Message Date
Damien Miller
3dc71ad865 - djm@cvs.openbsd.org 2009/01/22 10:02:34 
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
     [serverloop.c ssh-keyscan.c ssh.c sshd.c]
     make a2port() return -1 when it encounters an invalid port number
     rather than 0, which it will now treat as valid (needed for future work)
     adjust current consumers of a2port() to check its return value is <= 0,
     which in turn required some things to be converted from u_short => int
     make use of int vs. u_short consistent in some other places too
     feedback & ok markus@
 2009-01-28 16:31:22 +11:00
Darren Tucker
7517b5bd31 - dtucker@cvs.openbsd.org 2008/06/13 01:38:23 
[misc.c]
     upcast uid to long with matching %ld, prevents warnings in portable
 2008-06-13 14:48:59 +10:00
Darren Tucker
3fc464efdc - dtucker@cvs.openbsd.org 2008/06/12 20:38:28 
[sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
     Make keepalive timeouts apply while waiting for a packet, particularly
     during key renegotiation (bz #1363).  With djm and Matt Day, ok djm@
 2008-06-13 06:42:45 +10:00
Darren Tucker
912428c91a - dtucker@cvs.openbsd.org 2008/01/01 08:47:04 
[misc.c]
     spaces -> tabs from my previous commit
 2008-01-01 20:33:35 +11:00
Darren Tucker
4abde771b7 - dtucker@cvs.openbsd.org 2007/12/27 14:22:08 
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
     sshd.c]
     Add a small helper function to consistently handle the EAI_SYSTEM error
     code of getaddrinfo.  Prompted by vgiffin at apple com via bz #1417.
     ok markus@ stevesk@
 2007-12-29 02:43:51 +11:00
Damien Miller
3ca8b77179 - ray@cvs.openbsd.org 2006/11/23 01:35:11 
[misc.c sftp.c]
     Don't access buf[strlen(buf) - 1] for zero-length strings.
     ``ok by me'' djm@.
 2007-01-05 16:24:47 +11:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
 2006-08-05 12:39:39 +10:00
Damien Miller
a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
 2006-08-05 11:37:59 +10:00
Damien Miller
e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
 2006-08-05 11:34:19 +10:00
Damien Miller
8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
 2006-08-05 11:02:17 +10:00
Damien Miller
e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Damien Miller
e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
 2006-07-24 14:01:23 +10:00
Darren Tucker
3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
 2006-07-12 22:22:46 +10:00
Darren Tucker
5d19626a04 - stevesk@cvs.openbsd.org 2006/07/10 16:37:36 
[readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
     auth.c packet.c log.c]
     move #include <stdarg.h> out of includes.h; ok markus@
 2006-07-12 22:15:16 +10:00
Darren Tucker
da34553561 - dtucker@cvs.openbsd.org 2006/07/10 12:46:51 
[misc.c misc.h sshd.8 sshconnect.c]
     Add port identifier to known_hosts for non-default ports, based originally
     on a patch from Devin Nate in bz#910.
     For any connection using the default port or using a HostKeyAlias the
     format is unchanged, otherwise the host name or address is enclosed
     within square brackets in the same format as sshd's ListenAddress.
     Tested by many, ok markus@.
 2006-07-10 23:04:19 +10:00
Damien Miller
57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
 2006-07-10 21:13:46 +10:00
Damien Miller
9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
 2006-07-10 20:53:08 +10:00
Damien Miller
8ec8c3e98a - stevesk@cvs.openbsd.org 2006/07/05 02:42:09 
[canohost.c hostfile.c includes.h misc.c packet.c readconf.c]
     [serverloop.c sshconnect.c uuencode.c]
     move #include <netinet/in.h> out of includes.h; ok deraadt@
     (also ssh-rand-helper.c logintest.c loginrec.c)
 2006-07-10 20:35:38 +10:00
Damien Miller
3f9418893e - djm@cvs.openbsd.org 2006/03/30 09:58:16 
[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
     [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
     replace {GET,PUT}_XXBIT macros with functionally similar functions,
     silencing a heap of lint warnings. also allows them to use
     __bounded__ checking which can't be applied to macros; requested
     by and feedback from deraadt@
 2006-03-31 23:13:02 +11:00
Damien Miller
57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller
36812092ec - djm@cvs.openbsd.org 2006/03/25 01:13:23 
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
     [uidswap.c]
     change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
     to xrealloc(p, new_nmemb, new_itemsize).

     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@
 2006-03-26 14:22:47 +11:00
Damien Miller
07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41 
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
 2006-03-26 14:19:21 +11:00
Damien Miller
69b7203e6f - deraadt@cvs.openbsd.org 2006/03/20 17:10:19 
[auth.c key.c misc.c packet.c ssh-add.c]
     in a switch (), break after return or goto is stupid
 2006-03-26 14:02:35 +11:00
Damien Miller
b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Damien Miller
306d118f72 - dtucker@cvs.openbsd.org 2006/03/13 10:14:29 
[misc.c ssh_config.5 sshd_config.5]
     Allow config directives to contain whitespace by surrounding them by double
     quotes.  mindrot #482, man page help from jmc@, ok djm@
 2006-03-15 12:05:59 +11:00
Damien Miller
17e91c0fb0 - stevesk@cvs.openbsd.org 2006/02/10 00:27:13 
[channels.c clientloop.c includes.h misc.c progressmeter.c sftp.c]
     [ssh.c sshd.c sshpty.c]
     move #include <sys/ioctl.h> out of includes.h; ok markus@
 2006-03-15 11:28:34 +11:00
Damien Miller
3a4051e88b - stevesk@cvs.openbsd.org 2006/02/08 12:32:49 
[includes.h misc.c]
     move #include <netinet/tcp.h> out of includes.h; ok markus@
 2006-03-15 11:19:42 +11:00
Damien Miller
a9263d065d fix spacing of include 2006-03-15 11:18:26 +11:00
Damien Miller
03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
 2006-03-15 11:16:59 +11:00
Damien Miller
3eec6b73a2 - djm@cvs.openbsd.org 2006/01/31 10:19:02 
[misc.c misc.h scp.c sftp.c]
     fix local arbitrary command execution vulnerability on local/local and
     remote/remote copies (CVE-2006-0225, bz #1094), patch by
     t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
 2006-01-31 21:49:27 +11:00
Damien Miller
72c5b7d85d - djm@cvs.openbsd.org 2006/01/05 23:43:53 
[misc.c]
     check that stdio file descriptors are actually closed before clobbering
     them in sanitise_stdfd(). problems occurred when a lower numbered fd was
     closed, but higher ones weren't. spotted by, and patch tested by
     Frédéric Olivié
 2006-01-06 14:50:44 +11:00
Damien Miller
a1d9a18e14 - reyk@cvs.openbsd.org 2006/01/02 07:53:44 
[misc.c]
     clarify tun(4) opening - set the mode and bring the interface up. also
     (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
     suggested and ok by djm@
 2006-01-02 23:41:21 +11:00
Damien Miller
a210d52235 - stevesk@cvs.openbsd.org 2006/01/01 10:08:48 
[misc.c]
     no trailing "\n" for debug()
 2006-01-02 23:40:30 +11:00
Damien Miller
3beb852e09 - stevesk@cvs.openbsd.org 2006/01/01 08:59:27 
[includes.h misc.c]
     move <net/if.h>; ok djm@
 2006-01-02 23:40:10 +11:00
Damien Miller
2dcddbfaf6 - (djm) [Makefile.in configure.ac includes.h misc.c] 
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
         for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
         limited to IPv4 tunnels only, and most versions don't support the
         tap(4) device at all.
 2006-01-01 19:47:05 +11:00
Damien Miller
62a31c9fd0 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable 
again by providing a sys_tun_open() function for your platform and
   setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
   OpenBSD's tunnel protocol, which prepends the address family to the
   packet
 2005-12-13 20:44:13 +11:00
Damien Miller
7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11 
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
 2005-12-13 19:33:19 +11:00
Damien Miller
d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28 
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
 2005-12-13 19:29:02 +11:00
Darren Tucker
ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07 
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
 2005-10-03 18:11:24 +10:00
Darren Tucker
bee73d5ce0 - dtucker@cvs.openbsd.org 2005/07/08 09:26:18 
[misc.c]
     Make comment match code; ok djm@
 2005-07-14 17:05:02 +10:00
Damien Miller
1339002e8b - djm@cvs.openbsd.org 2005/07/04 00:58:43 
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
     implement support for X11 and agent forwarding over multiplex slave
     connections. Because of protocol limitations, the slave connections inherit
     the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
     their own.
     ok dtucker@ "put it in" deraadt@
 2005-07-06 09:44:19 +10:00
Damien Miller
eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33 
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
 2005-06-17 12:59:34 +10:00
Damien Miller
6476cad9bb - djm@cvs.openbsd.org 2005/06/06 11:20:36 
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
     introduce a generic %foo expansion function. replace existing % expansion
     and add expansion to ControlPath; ok markus@
 2005-06-16 13:18:34 +10:00
Damien Miller
5fd38c0ed9 - djm@cvs.openbsd.org 2005/04/09 04:32:54 
[misc.c misc.h tildexpand.c Makefile.in]
     replace tilde_expand_filename with a simpler implementation, ahead of
     more whacking; ok deraadt@
 2005-05-26 12:02:14 +10:00
Darren Tucker
47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05 
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
 2005-03-14 23:08:12 +11:00
Damien Miller
f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52 
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
 2005-03-01 21:24:33 +11:00
Darren Tucker
f0f90989fa - dtucker@cvs.openbsd.org 2004/12/11 01:48:56 
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
     Fix debug call in error path of authorized_keys processing and fix related
     warnings; ok djm@
 2004-12-11 13:39:50 +11:00
Darren Tucker
22cc741096 - dtucker@cvs.openbsd.org 2004/12/06 11:41:03 
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
     Discard over-length authorized_keys entries rather than complaining when
     they don't decode.  bz #884, with & ok djm@
 2004-12-06 22:47:41 +11:00
Darren Tucker
c7a6fc41bf - avsm@cvs.openbsd.org 2004/08/11 21:43:05 
[channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
     some signed/unsigned int comparison cleanups; markus@ ok
 2004-08-13 21:18:00 +10:00
Damien Miller
232711f6db - djm@cvs.openbsd.org 2004/06/14 01:44:39 
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
     [sshd.c]
     set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
 2004-06-15 10:35:30 +10:00
Darren Tucker
6db8f936ae - markus@cvs.openbsd.org 2003/10/28 09:08:06 
[misc.c]
     error->debug for getsockopt+TCP_NODELAY; several requests
 2003-11-03 20:07:14 +11:00
Darren Tucker
fb16b2411e - markus@cvs.openbsd.org 2003/09/18 08:49:45 
[deattack.c misc.c session.c ssh-agent.c]
     more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
     ok millert@
 2003-09-22 21:04:23 +10:00
Ben Lindstrom
5ade9abc37 - (bal) redo how we handle 'mysignal()'. Move it to 
openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
   be our 'mysignal' by default.  OK djm@
 2003-08-25 01:16:21 +00:00
Damien Miller
ef095ce00a - markus@cvs.openbsd.org 2003/04/12 10:15:36 
[misc.c]
     debug->debug2
 2003-05-14 13:41:39 +10:00
Ben Lindstrom
1d568f9fce - markus@cvs.openbsd.org 2002/12/13 10:03:15 
[channels.c misc.c sshconnect2.c]
     cleanup debug messages, more useful information for the client user.
 2002-12-23 02:44:36 +00:00
Ben Lindstrom
05764b9286 - stevesk@cvs.openbsd.org 2002/03/04 17:27:39 
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@
 2002-03-05 01:53:02 +00:00
Ben Lindstrom
84fcb312ff - markus@cvs.openbsd.org 2002/03/04 13:10:46 
[misc.c]
     error-> debug, because O_NONBLOCK for /dev/null causes too many different
     errnos; ok stevesk@, deraadt@
     unused include
 2002-03-05 01:48:09 +00:00
Ben Lindstrom
e86de51afb - stevesk@cvs.openbsd.org 2002/02/26 20:03:51 
[misc.c]
     use socklen_t
 2002-03-05 01:28:14 +00:00
Ben Lindstrom
1ebd7a5342 - stevesk@cvs.openbsd.org 2002/02/24 19:59:42 
[channels.c misc.c]
     disable Nagle in connect_to() and channel_post_port_listener() (port
     forwarding endpoints).  the intention is to preserve the on-the-wire
     appearance to applications at either end; the applications can then
     enable TCP_NODELAY according to their requirements. ok markus@
 2002-02-26 18:12:51 +00:00
Damien Miller
398e1cfa23 - (djm) OpenBSD CVS Sync 
- stevesk@cvs.openbsd.org 2002/01/24 21:09:25
     [channels.c misc.c misc.h packet.c]
     add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
     no nagle changes just yet; ok djm@ markus@
 2002-02-05 11:52:13 +11:00
Damien Miller
9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Ben Lindstrom
1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12 
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
 2001-12-06 18:00:18 +00:00
Ben Lindstrom
4cc240dabb - markus@cvs.openbsd.org 2001/06/26 17:27:25 
[authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
      canohost.h channels.h cipher.h clientloop.h compat.h compress.h
      crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
      hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
      packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
      session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
      sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
      tildexpand.h uidswap.h uuencode.h xmalloc.h]
     remove comments from .h, since they are cut&paste from the .c files
     and out of sync
 2001-07-04 04:46:56 +00:00
Kevin Steves
824569537f - (stevesk) handle systems without pw_expire and pw_change. 2001-06-22 21:14:18 +00:00
Ben Lindstrom
3af4d4634f - markus@cvs.openbsd.org 2001/06/16 08:58:34 
[misc.c]
     copy pw_expire and pw_change, too.
 2001-06-21 03:11:27 +00:00
Ben Lindstrom
352b1c2130 - markus@cvs.openbsd.org 2001/06/16 08:49:38 
[misc.c]
     typo; dunlap@apl.washington.edu
 2001-06-21 03:04:37 +00:00
Kevin Steves
974fb9cf2f - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL 
around grantpt().
 2001-06-15 00:04:23 +00:00
Ben Lindstrom
1bda4c835e - stevesk@cvs.openbsd.org 2001/05/19 19:43:57 
[misc.c misc.h servconf.c sshd.8 sshd.c]
     sshd command-line arguments and configuration file options that
     specify time may be expressed using a sequence of the form:
     time[qualifier], where time is a positive integer value and qualifier
     is one of the following:
         <none>,s,m,h,d,w
     Examples:
         600     600 seconds (10 minutes)
         10m     10 minutes
         1h30m   1 hour 30 minutes (90 minutes)
     ok markus@
 2001-06-05 19:59:08 +00:00
Ben Lindstrom
c93e84c2ce - markus@cvs.openbsd.org 2001/05/11 14:59:56 
[clientloop.c misc.c misc.h]
     add unset_nonblock for stdout/err flushing in client_loop().
 2001-05-12 00:08:37 +00:00
Ben Lindstrom
387c472660 - mouring@cvs.openbsd.org 2001/05/08 19:45:25 
[misc.c misc.h scp.c sftp.c]
     Use addargs() in sftp plus some clean up of addargs().  OK Markus
 2001-05-08 20:27:25 +00:00
Ben Lindstrom
4529b70b4c - mouring@cvs.openbsd.org 2001/05/03 23:09:53 
[misc.c misc.h scp.c sftp.c]
     Move colon() and cleanhost() to misc.c where I should I have put it in
     the first place
 2001-05-03 23:39:53 +00:00
Ben Lindstrom
19066a112b - stevesk@cvs.openbsd.org 2001/04/12 20:09:38 
[misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
     robust port validation; ok markus@ jakob@
 2001-04-12 23:39:26 +00:00
Ben Lindstrom
0f68db4e9e - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy() 2001-03-05 07:57:09 +00:00
Ben Lindstrom
4030442d77 - deraadt@cvs.openbsd.org 2001/02/28 17:52:54 
[misc.c]
     for completeness, copy pw_gecos too
 2001-03-05 06:22:01 +00:00
Ben Lindstrom
069090128c - deraadt@cvs.openbsd.org 2001/02/28 05:34:28 
[misc.c]
     pull in protos
 2001-03-05 06:09:31 +00:00
Ben Lindstrom
086cf214cf - markus@cvs.openbsd.org 2001/02/22 21:59:44 
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
     use pwcopy in ssh.c, too
 2001-03-05 05:56:40 +00:00
Damien Miller
722ccb1492 - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for 
SIGALRM.
 2001-02-18 15:18:43 +11:00
Kevin Steves
eff26f275e - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling. 2001-02-18 03:42:02 +00:00
Damien Miller
0318e2e0fb - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for 
SunOS)
 2001-02-18 13:04:23 +11:00
Kevin Steves
e74ebd03c2 KNF 2001-02-17 17:10:16 +00:00
Ben Lindstrom
970c009b8e - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by 
stevesk
 2001-02-17 16:51:07 +00:00
Kevin Steves
799bed85ab - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD; 
needed on Unixware 2.x.
 2001-02-16 14:58:12 +00:00
Kevin Steves
fad3c513f0 - (stevesk) misc.c: ssh.h not needed. 2001-02-11 14:34:10 +00:00
Ben Lindstrom
e5b3fb351e - (bal) A bit more whitespace cleanup 2001-02-10 23:56:35 +00:00
Ben Lindstrom
f7d79c794b Useless CVS ID Update. 2001-02-10 23:40:31 +00:00
Kevin Steves
2b725a056a RCSID 2001-02-05 18:16:28 +00:00
Kevin Steves
b6e773acc9 - (stevesk) add mysignal() wrapper and use it for the protocol 2 
SIGCHLD handler.
 2001-02-04 13:20:36 +00:00
Ben Lindstrom
226cfa0378 Hopefully things did not get mixed around too much. It compiles under 
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
 2001-01-22 05:34:40 +00:00