summaryrefslogtreecommitdiff
path: root/misc.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-03-31 10:46:28 +0100
committerColin Watson <cjwatson@debian.org>2010-03-31 10:46:28 +0100
commitefd3d4522636ae029488c2e9730b60c88e257d2e (patch)
tree31e02ac3f16090ce8c53448677356b2b7f423683 /misc.c
parentbbec4db36d464ea1d464a707625125f9fd5c7b5e (diff)
parentd1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff)
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. - Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is enabled by default in the Debian packaging, since it now doesn't involve additional library dependencies (closes: #231472, LP: #16918). - Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (closes: #482806). - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...". - Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian package, this overlaps with the key blacklisting facility added in openssh 1:4.7p1-9, but with different file formats and slightly different scopes; for the moment, I've roughly merged the two.) - Various multiplexing improvements, including support for requesting port-forwardings via the multiplex protocol (closes: #360151). - Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has (closes: #496843). - Many sftp client improvements, including tab-completion, more options, and recursive transfer support for get/put (LP: #33378). The old mget/mput commands never worked properly and have been removed (closes: #270399, #428082). - Do not prompt for a passphrase if we fail to open a keyfile, and log the reason why the open failed to debug (closes: #431538). - Prevent sftp from crashing when given a "-" without a command. Also, allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'misc.c')
-rw-r--r--misc.c29
1 files changed, 20 insertions, 9 deletions
diff --git a/misc.c b/misc.c
index 143dbf0e2..e1f723123 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.c,v 1.71 2009/02/21 19:32:04 tobias Exp $ */ 1/* $OpenBSD: misc.c,v 1.75 2010/01/09 23:04:13 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved. 4 * Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -560,11 +560,11 @@ char *
560percent_expand(const char *string, ...) 560percent_expand(const char *string, ...)
561{ 561{
562#define EXPAND_MAX_KEYS 16 562#define EXPAND_MAX_KEYS 16
563 u_int num_keys, i, j;
563 struct { 564 struct {
564 const char *key; 565 const char *key;
565 const char *repl; 566 const char *repl;
566 } keys[EXPAND_MAX_KEYS]; 567 } keys[EXPAND_MAX_KEYS];
567 u_int num_keys, i, j;
568 char buf[4096]; 568 char buf[4096];
569 va_list ap; 569 va_list ap;
570 570
@@ -576,13 +576,12 @@ percent_expand(const char *string, ...)
576 break; 576 break;
577 keys[num_keys].repl = va_arg(ap, char *); 577 keys[num_keys].repl = va_arg(ap, char *);
578 if (keys[num_keys].repl == NULL) 578 if (keys[num_keys].repl == NULL)
579 fatal("percent_expand: NULL replacement"); 579 fatal("%s: NULL replacement", __func__);
580 } 580 }
581 if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL)
582 fatal("%s: too many keys", __func__);
581 va_end(ap); 583 va_end(ap);
582 584
583 if (num_keys >= EXPAND_MAX_KEYS)
584 fatal("percent_expand: too many keys");
585
586 /* Expand string */ 585 /* Expand string */
587 *buf = '\0'; 586 *buf = '\0';
588 for (i = 0; *string != '\0'; string++) { 587 for (i = 0; *string != '\0'; string++) {
@@ -590,23 +589,24 @@ percent_expand(const char *string, ...)
590 append: 589 append:
591 buf[i++] = *string; 590 buf[i++] = *string;
592 if (i >= sizeof(buf)) 591 if (i >= sizeof(buf))
593 fatal("percent_expand: string too long"); 592 fatal("%s: string too long", __func__);
594 buf[i] = '\0'; 593 buf[i] = '\0';
595 continue; 594 continue;
596 } 595 }
597 string++; 596 string++;
597 /* %% case */
598 if (*string == '%') 598 if (*string == '%')
599 goto append; 599 goto append;
600 for (j = 0; j < num_keys; j++) { 600 for (j = 0; j < num_keys; j++) {
601 if (strchr(keys[j].key, *string) != NULL) { 601 if (strchr(keys[j].key, *string) != NULL) {
602 i = strlcat(buf, keys[j].repl, sizeof(buf)); 602 i = strlcat(buf, keys[j].repl, sizeof(buf));
603 if (i >= sizeof(buf)) 603 if (i >= sizeof(buf))
604 fatal("percent_expand: string too long"); 604 fatal("%s: string too long", __func__);
605 break; 605 break;
606 } 606 }
607 } 607 }
608 if (j >= num_keys) 608 if (j >= num_keys)
609 fatal("percent_expand: unknown key %%%c", *string); 609 fatal("%s: unknown key %%%c", __func__, *string);
610 } 610 }
611 return (xstrdup(buf)); 611 return (xstrdup(buf));
612#undef EXPAND_MAX_KEYS 612#undef EXPAND_MAX_KEYS
@@ -849,3 +849,14 @@ ms_to_timeval(struct timeval *tv, int ms)
849 tv->tv_usec = (ms % 1000) * 1000; 849 tv->tv_usec = (ms % 1000) * 1000;
850} 850}
851 851
852void
853sock_set_v6only(int s)
854{
855#ifdef IPV6_V6ONLY
856 int on = 1;
857
858 debug3("%s: set socket %d IPV6_V6ONLY", __func__, s);
859 if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1)
860 error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
861#endif
862}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 09:53:14 +0000