summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-01-10 - dtucker@cvs.openbsd.org 2010/01/10 07:15:56Darren Tucker
[auth.c] Output a debug if we can't open an existing keyfile. bz#1694, ok djm@
2010-01-10 - dtucker@cvs.openbsd.org 2010/01/10 03:51:17Darren Tucker
[servconf.c] Add ChrootDirectory to sshd.c test-mode output
2010-01-10 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13Darren Tucker
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
2010-01-10 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]Darren Tucker
Remove hacks add for RoutingDomain in preparation for its removal.
2010-01-09 - (dtucker) [defines.h] Remove now-undeeded PRIu64 define.Darren Tucker
2010-01-09 - dtucker@cvs.openbsd.org 2010/01/09 11:17:56Darren Tucker
[sshd.c] Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs itself. Prevents two HUPs in quick succession from resulting in sshd dying. bz#1692, patch from Colin Watson via Ubuntu.
2010-01-09 - dtucker@cvs.openbsd.org 2010/01/09 11:13:02Darren Tucker
[sftp.c] Prevent sftp from derefing a null pointer when given a "-" without a command. Also, allow whitespace to follow a "-". bz#1691, path from Colin Watson via Debian. ok djm@ deraadt@
2010-01-09 - dtucker@cvs.openbsd.org 2010/01/09 05:17:00Darren Tucker
[roaming_client.c] Remove a PRIu64 format string that snuck in with roaming. ok djm@
2010-01-09 - djm@cvs.openbsd.org 2010/01/09 05:04:24Darren Tucker
[mux.c sshpty.h clientloop.c sshtty.c] quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we usually don't actually have a tty to read/set; bz#1686 ok dtucker@
2010-01-09 - jmc@cvs.openbsd.org 2010/01/09 03:36:00Darren Tucker
[sftp-server.8] bad place to forget a comma...
2010-01-09 - djm@cvs.openbsd.org 2010/01/09 00:57:10Darren Tucker
[PROTOCOL] tweak language
2010-01-09 - djm@cvs.openbsd.org 2010/01/09 00:20:26Darren Tucker
[sftp-server.c sftp-server.8] add a 'read-only' mode to sftp-server(8) that disables open in write mode and all other fs-modifying protocol methods. bz#430 ok dtucker@
2010-01-09 - (dtucker) [loginrec.c] Use the SUSv3 specified name for the user nameDarren Tucker
when using utmpx. Patch from Ed Schouten.
2010-01-09 - (dtucker) [roaming_client.c] Wrap inttypes.h in an ifdef.Darren Tucker
2010-01-09 - (dtucker) [defines.h] define PRIu64 for platforms that don't have it.Darren Tucker
2010-01-09 - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don'tDarren Tucker
have it.
2010-01-09 - dtucker@cvs.openbsd.org 2010/01/08 21:50:49Darren Tucker
[sftp.c] Fix two warnings: possibly used unitialized and use a nul byte instead of NULL pointer. ok djm@
2010-01-08 - (dtucker) [roaming_serv.c] Include includes.h for u_intXX_t types.Darren Tucker
2010-01-08 - (dtucker] [misc.c] Shrink the area covered by USE_ROUTINGDOMAIN moreDarren Tucker
to eliminate an unused variable warning.
2010-01-08 - (dtucker) [misc.c] Move the routingdomain ifdef to allow the socket toDarren Tucker
be created.
2010-01-08 - (dtucker) [sftp.c] Expand ifdef for libedit to cover complete_is_remoteDarren Tucker
too.
2010-01-08 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] MakeDarren Tucker
RoutingDomain an unsupported option on platforms that don't have it.
2010-01-08 - (dtucker) [sftp.c] ifdef out the sftp completion bits for platforms thatDarren Tucker
don't have libedit.
2010-01-08 - (dtucker) [Makefile.in] .c files do not belong in the OBJ lines.Darren Tucker
2010-01-08 - (dtucker) [Makefile.in added roaming_client.c roaming_serv.c] Import newDarren Tucker
files for roaming and add to Makefile.
2010-01-08 - djm@cvs.openbsd.org 2010/01/04 02:25:15Darren Tucker
[sftp-server.c] bz#1566 don't unnecessarily dup() in and out fds for sftp-server; ok markus@
2010-01-08 - djm@cvs.openbsd.org 2010/01/04 02:03:57Darren Tucker
[sftp.c] Implement tab-completion of commands, local and remote filenames for sftp. Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009 Google Summer of Code) and polished to a fine sheen by myself again. It should deal more-or-less correctly with the ikky corner-cases presented by quoted filenames, but the UI could still be slightly improved. In particular, it is quite slow for remote completion on large directories. bz#200; ok markus@
2010-01-08 - dtucker@cvs.openbsd.org 2010/01/04 01:45:30Darren Tucker
[sshconnect2.c] Don't escape backslashes in the SSH2 banner. bz#1533, patch from Michal Gorny via Gentoo.
2010-01-08 - jmc@cvs.openbsd.org 2009/12/29 18:03:32Darren Tucker
[sshd_config.5 ssh_config.5] sort previous;
2010-01-08 - stevesk@cvs.openbsd.org 2009/12/29 16:38:41Darren Tucker
[sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1] Rename RDomain config option to RoutingDomain to be more clear and consistent with other options. NOTE: if you currently use RDomain in the ssh client or server config, or ssh/sshd -o, you must update to use RoutingDomain. ok markus@ djm@
2010-01-08 - stevesk@cvs.openbsd.org 2009/12/25 19:40:21Darren Tucker
[readconf.c servconf.c misc.h ssh-keyscan.c misc.c] validate routing domain is in range 0-RT_TABLEID_MAX. 'Looks right' deraadt@
2010-01-08 - djm@cvs.openbsd.org 2009/12/20 23:20:40Darren Tucker
[PROTOCOL] fix an incorrect magic number and typo in PROTOCOL; bz#1688 report and fix from ueno AT unixuser.org
2010-01-08 - guenther@cvs.openbsd.org 2009/12/20 07:28:36Darren Tucker
[ssh.c sftp.c scp.c] When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'. Based on a diff by halex@ ok halex@ djm@ deraadt@
2010-01-08 - markus@cvs.openbsd.org 2009/12/11 18:16:33Darren Tucker
[key.c] switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537 for the RSA public exponent; discussed with provos; ok djm@
2010-01-08 - dtucker@cvs.openbsd.org 2009/12/06 23:53:54Darren Tucker
[sftp.c] fix potential divide-by-zero in sftp's "df" output when talking to a server that reports zero files on the filesystem (Unix filesystems always have at least the root inode). From Steve McClellan at radisys, ok djm@
2010-01-08 - djm@cvs.openbsd.org 2009/12/06 23:53:45Darren Tucker
[roaming_common.c] use socklen_t for getsockopt optlen parameter; reported by Steve.McClellan AT radisys.com, ok dtucker@
2010-01-08 - dtucker@cvs.openbsd.org 2009/12/06 23:41:15Darren Tucker
[sshconnect2.c] zap unused variable and strlen; from Steve McClellan, ok djm
2010-01-08 - halex@cvs.openbsd.org 2009/11/22 13:18:00Darren Tucker
[sftp.c] make passing of zero-length arguments to ssh safe by passing "-<switch>" "<value>" rather than "-<switch><value>" ok dtucker@, guenther@, djm@
2010-01-08 - djm@cvs.openbsd.org 2009/11/20 03:24:07Darren Tucker
[misc.c] correct off-by-one in percent_expand(): we would fatal() when trying to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually work. Note that nothing in OpenSSH actually uses close to this limit at present. bz#1607 from Jan.Pechanec AT Sun.COM
2010-01-08 - dtucker@cvs.openbsd.org 2009/11/20 00:59:36Darren Tucker
[sshconnect2.c] Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@
2010-01-08 - djm@cvs.openbsd.org 2009/11/20 00:54:01Darren Tucker
[sftp.c] bz#1588 change "Connecting to host..." message to "Connected to host." and delay it until after the sftp protocol connection has been established. Avoids confusing sequence of messages when the underlying ssh connection experiences problems. ok dtucker@
2010-01-08 - dtucker@cvs.openbsd.org 2009/11/20 00:15:41Darren Tucker
[session.c] Warn but do not fail if stat()ing the subsystem binary fails. This helps with chrootdirectory+forcecommand=sftp-server and restricted shells. bz #1599, ok djm.
2010-01-08 - djm@cvs.openbsd.org 2009/11/19 23:39:50Darren Tucker
[session.c] bz#1606: error when an attempt is made to connect to a server with ForceCommand=internal-sftp with a shell session (i.e. not a subsystem session). Avoids stuck client when attempting to ssh to such a service. ok dtucker@
2010-01-08 - djm@cvs.openbsd.org 2009/11/17 05:31:44Darren Tucker
[clientloop.c] fix incorrect exit status when multiplexing and channel ID 0 is recycled bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
2010-01-08 - markus@cvs.openbsd.org 2009/11/11 21:37:03Darren Tucker
[channels.c channels.h] fix race condition in x11/agent channel allocation: don't read after the end of the select read/write fdset and make sure a reused FD is not touched before the pre-handlers are called. with and ok djm@
2010-01-08 - dtucker@cvs.openbsd.org 2009/11/10 04:30:45Darren Tucker
[sshconnect2.c channels.c sshconnect.c] Set close-on-exec on various descriptors so they don't get leaked to child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
2010-01-08 - djm@cvs.openbsd.org 2009/11/10 02:58:56Darren Tucker
[sshd_config.5] clarify that StrictModes does not apply to ChrootDirectory. Permissions and ownership are always checked when chrooting. bz#1532
2010-01-08 - djm@cvs.openbsd.org 2009/11/10 02:56:22Darren Tucker
[ssh_config.5] explain the constraints on LocalCommand some more so people don't try to abuse it.
2010-01-08 - jmc@cvs.openbsd.org 2009/10/28 21:45:08Darren Tucker
[sshd_config.5 sftp.1] tweak previous;
2010-01-08 - reyk@cvs.openbsd.org 2009/10/28 16:38:18Darren Tucker
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@