Age | Commit message (Collapse) | Author |
|
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
[sshd.c]
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
|
|
[clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c
sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h
kill a tiny header; ok deraadt@
|
|
ok dtucker
|
|
[channels.c session.c ssh-agent.c ssh.h sshd.c]
use SSH_LISTEN_BACKLOG (=128) in listen(2).
|
|
[everything]
unexpand and delete whitespace at EOL; ok markus@
(done locally and RCS IDs synced)
|
|
[session.c ssh-agent.c]
10X for mkdtemp; djm@
|
|
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
ssh-agent.c sshd.c]
replace fatal_cleanup() and linked list of fatal callbacks with static
cleanup_exit() function. re-refine cleanup_exit() where appropriate,
allocate sshd's authctxt eary to allow simpler cleanup in sshd.
tested by many, ok deraadt@
|
|
[ssh-agent.c]
provide a ssh-agent specific fatal() function; ok deraadt
|
|
[deattack.c misc.c session.c ssh-agent.c]
more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
ok millert@
|
|
-lbroken; ok dtucker
|
|
[scard.c scard.h ssh-agent.c ssh.c]
add sc_get_key_label; larsch at trustcenter.de; bugzilla#591
|
|
[authfd.c authfd.h ssh-add.c ssh-agent.c]
make agent constraints (lifetime, confirm) work with smartcard keys;
ok markus@
|
|
|
|
|
|
|
|
[ssh-agent.c]
ssh-agent is similar to ssh-keysign (allows other processes to use
private rsa keys). however, it gets key over socket and not from
a file, so we have to do blinding here as well.
|
|
[authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -c, prompt user for confirmation (using ssh-askpass) when
private agent key is used; with djm@; test by dugsong@, djm@;
ok deraadt@
|
|
- marc@cvs.openbsd.org 2003/01/21 18:14:36
[ssh-agent.1 ssh-agent.c]
Add a -t life option to ssh-agent that set the default lifetime.
The default can still be overriden by using -t in ssh-add.
OK markus@
|
|
- markus@cvs.openbsd.org 2002/10/01 20:34:12
[ssh-agent.c]
allow root to access the agent, since there is no protection from root.
|
|
- stevesk@cvs.openbsd.org 2002/09/12 19:11:52
[ssh-agent.c]
%u for uid print; ok markus@
|
|
fake-queue.h to sys-tree.h and sys-queue.h
|
|
[ssh-agent.c]
check the euid of the connecting process with getpeereid(2);
ok provos deraadt stevesk
|
|
[ssh-agent.c]
shutdown(SHUT_RDWR) not needed before close here; ok markus@
|
|
[ssh-agent.c]
use common close function; ok markus@
|
|
[ssh-agent.c]
raise listen backlog; ok markus@
|
|
[ssh-agent.c]
make ssh-agent setgid, disallow ptrace.
(note: change not yet made in Makefile)
|
|
|
|
[authfile.c kex.c ssh-agent.c]
cat to (void) when output from buffer_get_X is ignored
|
|
[ssh-agent.c sshd.c]
some minor KNF and %u
|
|
|
|
|
|
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
|
|
[authfd.c authfd.h ssh-add.c ssh-agent.c]
remove the CONSTRAIN_IDENTITY messages and introduce a new
ADD_ID message with contraints instead. contraints can be
only added together with the private key.
|
|
[authfd.c authfd.h ssh-add.c ssh-agent.c]
fix stupid typo
|
|
[authfd.c authfd.h ssh-add.c ssh-agent.c]
break agent key lifetime protocol and allow other contraints for key
usage.
|
|
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
pid_t cleanup. Markus need this now to keep hacking.
markus@, millert@ ok
|
|
|
|
|
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -t life, Set lifetime (in seconds) when adding identities;
ok provos@
|
|
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -x for lock and -X for unlocking the agent.
todo: encrypt private keys with locked...
|
|
[ssh-agent.c]
copy current request into an extra buffer and just flush this
request on errors, ok provos@
|
|
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
|
|
using internal version only.
|
|
[ssh-agent.c]
check $SHELL for -k and -d, too;
http://bugzilla.mindrot.org/show_bug.cgi?id=199
|
|
[scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
change sc_get_key to sc_get_keys and hide smartcard details in scard.c
|
|
[authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
Add PIN-protection for secret key.
|
|
|
|
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
uuencode.c xmalloc.h]
$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
files. ok markus@
|
|
[ssh-agent.c]
use log interface and remove perror() in child. use
fatal_add_cleanup() vs. atexit(). ok mouring@ markus@
|
|
[ssh-agent.c]
unneeded includes
|