Age | Commit message (Collapse) | Author |
|
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
|
|
- markus@cvs.openbsd.org 2003/04/02 09:48:07
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
reapply rekeying chage, tested by henning@, ok djm@
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
|
|
This does not include the deattack.c fixes.
|
|
[serverloop.c]
log IP address also; ok markus@
|
|
lacking that concept can share it. Patch by vinschen@redhat.com
|
|
[channels.c channels.h clientloop.c serverloop.c]
move channel counter to u_int
|
|
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
pid_t cleanup. Markus need this now to keep hacking.
markus@, millert@ ok
|
|
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
check waitpid for EINTR; based on patch from peter@ifm.liu.se
|
|
[serverloop.c]
remove unused debug
|
|
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
session.h servconf.h serverloop.c session.c sshd.c]
integrate privilege separated openssh; its turned off by default for now.
work done by me and markus@
applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =) Later project!
|
|
[channels.c clientloop.c serverloop.c ssh.c]
channel_new never returns NULL, mouring@; ok djm@
|
|
[auth1.c serverloop.c session.c session.h]
don't use channel_input_channel_request and callback
use new server_input_channel_req() instead:
server_input_channel_req does generic request parsing on server side
session_input_channel_req handles just session specific things now
ok djm@
|
|
[serverloop.c]
no need for WNOHANG; ok stevesk@
|
|
[channels.c channels.h serverloop.c ssh.c]
wrapper for channel_setup_fwd_listener
|
|
[serverloop.c]
skip client_alive_check until there are channels; ok beck@
|
|
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
remove plen from the dispatch fn. it's no longer used.
|
|
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
|
|
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
|
|
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
|
|
[serverloop.c]
remove ifdef for USE_PIPES since fdin != fdout; ok djm@
|
|
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net; ok markus@
|
|
[serverloop.c]
fix race between SIGCHLD and select with an additional pipe. writing
to the pipe on SIGCHLD wakes up select(). using pselect() is not
portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
initial idea by pmenage@ensim.com; ok deraadt@, djm@
|
|
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
|
|
[clientloop.c serverloop.c sshd.c]
deal with LP64 printf issue with sig_atomic_t. from thorpej
|
|
[clientloop.c serverloop.c sshd.c]
volatile sig_atomic_t
|
|
[clientloop.c serverloop.c]
don't memset too much memory, ok millert@
original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
|
|
- markus@cvs.openbsd.org 2001/10/10 22:18:47
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c session.h]
try to keep channels open until an exit-status message is sent.
don't kill the login shells if the shells stdin/out/err is closed.
this should now work:
ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
|
|
[channels.c channels.h serverloop.c session.c session.h]
simplify session close: no more delayed session_close, no more blocking wait() calls.
|
|
[serverloop.c]
close all channels if the connection to the remote host has been closed,
should fix sshd's hanging with WCHAN==wait
|
|
[serverloop.c]
client_alive_check cleanup
|
|
[channels.c serverloop.c]
comment out bogus conditions for selecting on connection_in
|
|
[channels.c serverloop.c]
don't send fake dummy packets on CR (\r)
bugreport from yyua@cs.sfu.ca via solar@@openwall.com
|
|
handler has converged.
|
|
[channels.c channels.h clientloop.c nchan.c serverloop.c]
keep track of both maxfd and the size of the malloc'ed fdsets.
update maxfd if maxfd gets closed.
|
|
[serverloop.c]
schedule client alive for ssh2 only, greg@cheers.bungi.com
|
|
[channels.c channels.h serverloop.c]
improve cleanup/exit logic in ssh2:
stop listening to channels, detach channel users (e.g. sessions).
wait for children (i.e. dying sessions), send exit messages,
cleanup all channels.
|
|
[serverloop.c session.c session.h]
wait until !session_have_children(); bugreport from
Lutz.Jaenicke@aet.TU-Cottbus.DE
|
|
[serverloop.c serverloop.h session.c session.h]
quick hack to make ssh2 work again.
|
|
[channels.c channels.h cipher.c clientloop.c compat.c compat.h
hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
update copyright for 2001
|
|
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
|
|
[channels.c channels.h clientloop.c packet.c serverloop.c]
move from channel_stop_listening to channel_free_all,
call channel_free_all before calling waitpid() in serverloop.
fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
|
|
[clientloop.c serverloop.c sshd.c]
set flags in the signal handlers, do real work in the main loop,
ok provos@
|
|
pain will be over.]
- markus@cvs.openbsd.org 2001/05/31 10:30:17
[auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
packet.c serverloop.c session.c ssh.c]
undo the .c file split, just merge the header and keep the cvs
history
|
|
- markus@cvs.openbsd.org 2001/05/30 12:55:13
[auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
packet.c serverloop.c session.c ssh.c ssh1.h]
channel layer cleanup: merge header files and split .c files
|
|
[channels.c serverloop.c]
adds correct error reporting to async connect()s
fixes the server-discards-data-before-connected-bug found by
onoe@sm.sony.co.jp
|
|
[channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
move to Channel **channels (instead of Channel *channels), fixes realloc
problems. channel_new now returns a Channel *, favour Channel * over
channel id. remove old channel_allocate interface.
|
|
[channels.c clientloop.c compat.c compat.h serverloop.c]
more ssh.com-2.0.x bug-compat; from per@appgate.com
|
|
[serverloop.c]
fix whitespace
|
|
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
Add options ClientAliveInterval and ClientAliveCountMax to sshd.
This gives the ability to do a "keepalive" via the encrypted channel
which can't be spoofed (unlike TCP keepalives). Useful for when you want
to use ssh connections to authenticate people for something, and know
relatively quickly when they are no longer authenticated. Disabled
by default (of course). ok markus@
|