Age | Commit message (Collapse) | Author |
|
[sshconnect.c]
disable tunnel forwarding when no strict host key checking
and key changed; ok djm@ markus@ dtucker@
|
|
versions of Solaris, so use AC_LINK_IFELSE to actually link the test program
rather than just compiling it. Spotted by dlg@.
|
|
|
|
|
|
|
|
system headers before defines.h will cause conflicting definitions.
|
|
[regress/cipher-speed.sh regress/forcecommand.sh regress/forwarding.sh]
Sync regress tests to -current; include dtucker@'s new cfgmatch and
forcecommand tests. Add cipher-speed.sh test (not linked in yet)
|
|
Remove generated openbsd-compat/regress/Makefile in distclean target
|
|
[openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
[openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
[openbsd-compat/rresvport.c]
These look to need string.h and/or unistd.h (based on a grep for function
names)
|
|
fix compile error with -Werror -Wall: 'path' is only used in
do_setup_env() if HAVE_LOGIN_CAP is not defined
|
|
Add resolv.h, is it contains the prototypes for __b64_ntop/__b64_pton on
some platforms
|
|
Move get_arg_max() into the ifdef HAVE_GLOB block so that it compiles
on OpenBSD (or other platforms with a decent glob implementation) with
-Werror
|
|
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
[gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
[servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
[ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
[openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
[openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
[openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
[openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
[openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
make the portable tree compile again - sprinkle unistd.h and string.h
back in. Don't redefine __unused, as it turned out to be used in
headers on Linux, and replace its use in auth-pam.c with ARGSUSED
|
|
[auth.h dispatch.c kex.h sftp-client.c]
#include <signal.h> for sig_atomic_t; need this prior to <sys/param.h>
move
|
|
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
|
|
[includes.h moduli.c progressmeter.c scp.c sftp-common.c]
[sftp-server.c ssh-agent.c sshlogin.c]
move #include <time.h> out of includes.h
|
|
[progressmeter.c]
ARGSUSED for signal handler
|
|
[channels.c]
more ARGSUSED (lint) for dispatch table-driven functions; ok djm@
|
|
[channels.c channels.h servconf.c servconf.h sshd_config.5]
Make PermitOpen take a list of permitted ports and act more like most
other keywords (ie the first match is the effective setting). This
also makes it easier to override a previously set PermitOpen. ok djm@
|
|
[auth1.c serverloop.c session.c sshconnect2.c]
missed some needed #include <unistd.h> when KERBEROS5=no; issue from
massimo@cedoc.mo.it
|
|
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
Add ForceCommand keyword to sshd_config, equivalent to the "command="
key option, man page entry and example in sshd_config.
Feedback & ok djm@, man page corrections & ok jmc@
|
|
[servconf.c sshd_config.5]
Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
Match. ok djm@
|
|
[dh.c]
remove unneeded includes; ok djm@
|
|
[sshd_config.5]
Clarify description of Match, with minor correction from jmc@
|
|
[ssh-agent.1 sshd_config.5]
mark up angle brackets;
|
|
[scp.1]
replace DIAGNOSTICS with .Ex;
|
|
[sshd_config.5]
tweak; ok dtucker
|
|
[channels.c channels.h servconf.c sshd_config.5]
Add PermitOpen directive to sshd_config which is equivalent to the
"permitopen" key option. Allows server admin to allow TCP port
forwarding only two specific host/port pairs. Useful when combined
with Match.
If permitopen is used in both sshd_config and a key option, both
must allow a given connection before it will be permitted.
Note that users can still use external forwarders such as netcat,
so to be those must be controlled too for the limits to be effective.
Feedback & ok djm@, man page corrections & ok jmc@.
|
|
[auth-options.c]
Use '\0' rather than 0 to terminates strings; ok djm@
|
|
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
[includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
[readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
[sshconnect.c sshlogin.c sshpty.c uidswap.c]
move #include <unistd.h> out of includes.h
|
|
[monitor_wrap.h]
don't need incompletely-typed 'struct passwd' now with
#include <pwd.h>; ok markus@
|
|
[includes.h ssh.c ssh-rand-helper.c]
move #include <stddef.h> out of includes.h
|
|
|
|
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
move #include <netdb.h> out of includes.h; ok djm@
|
|
[sshd_config.5]
- new sentence, new line
- s/The the/The/
- kill a bad comma
|
|
|
|
openbsd-compat/rresvport.c] More errno.h.
|
|
|
|
|
|
|
|
openbsd-compat/glob.c openbsd-compat/mktemp.c openbsd-compat/port-tun.c
openbsd-compat/readpassphrase.c openbsd-compat/strtonum.c] Include <errno.h>.
|
|
|
|
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
Add support for conditional directives to sshd_config via a "Match"
keyword, which works similarly to the "Host" directive in ssh_config.
Lines after a Match line override the default set in the main section
if the condition on the Match line is true, eg
AllowTcpForwarding yes
Match User anoncvs
AllowTcpForwarding no
will allow port forwarding by all users except "anoncvs".
Currently only a very small subset of directives are supported.
ok djm@
|
|
[authfile.c ssh.c]
need <errno.h> here also (it's also included in <openssl/err.h>)
|
|
[ssh.c]
cast asterisk field precision argument to int to remove warning;
ok markus@
|
|
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
move #include <errno.h> out of includes.h; ok markus@
|
|
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
channels.h readconf.c]
add ExitOnForwardFailure: terminate the connection if ssh(1)
cannot set up all requested dynamic, local, and remote port
forwardings. ok djm, dtucker, stevesk, jmc
|
|
[ssh.c]
Only copy the part of environment variable that we actually use. Prevents
ssh bailing when SendEnv is used and an environment variable with a really
long value exists. ok djm@
|
|
[readpass.c log.h scp.c fatal.c xmalloc.c includes.h ssh-keyscan.c misc.c
auth.c packet.c log.c]
move #include <stdarg.h> out of includes.h; ok markus@
|
|
[sshd.8]
s/and and/and/
|