#
1.58 |
|
17-May-2024 |
djm |
Start the process of splitting sshd into separate binaries. This step splits sshd into a listener and a session binary. More splits are planned.
After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs.
This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary.
feedback/ok markus@ deraadt@
NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out.
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.57 |
|
09-Dec-2022 |
dtucker |
Add some server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.56 |
|
23-Feb-2022 |
djm |
free(3) wants stdlib.h
|
#
1.55 |
|
23-Feb-2022 |
djm |
use asprintf to construct .rhosts paths
|
#
1.54 |
|
01-Feb-2022 |
djm |
mark const string array contents const too, i.e. static const char *array => static const char * const array from Mike Frysinger
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.53 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.52 |
|
17-Apr-2020 |
djm |
make IgnoreRhosts a tri-state option: "yes" ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.51 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.50 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.57 |
|
09-Dec-2022 |
dtucker |
Add some server debugging for hostbased auth.
auth_debug_add queues messages about the auth process which is sent to the client after successful authentication. This also sends those to the server debug log to aid in debugging. From bz#3507, ok djm@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.56 |
|
23-Feb-2022 |
djm |
free(3) wants stdlib.h
|
#
1.55 |
|
23-Feb-2022 |
djm |
use asprintf to construct .rhosts paths
|
#
1.54 |
|
01-Feb-2022 |
djm |
mark const string array contents const too, i.e. static const char *array => static const char * const array from Mike Frysinger
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.53 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.52 |
|
17-Apr-2020 |
djm |
make IgnoreRhosts a tri-state option: "yes" ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.51 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.50 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.56 |
|
23-Feb-2022 |
djm |
free(3) wants stdlib.h
|
#
1.55 |
|
23-Feb-2022 |
djm |
use asprintf to construct .rhosts paths
|
#
1.54 |
|
01-Feb-2022 |
djm |
mark const string array contents const too, i.e. static const char *array => static const char * const array from Mike Frysinger
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.53 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.52 |
|
17-Apr-2020 |
djm |
make IgnoreRhosts a tri-state option: "yes" ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.51 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.50 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.55 |
|
23-Feb-2022 |
djm |
use asprintf to construct .rhosts paths
|
#
1.54 |
|
01-Feb-2022 |
djm |
mark const string array contents const too, i.e. static const char *array => static const char * const array from Mike Frysinger
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.53 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.52 |
|
17-Apr-2020 |
djm |
make IgnoreRhosts a tri-state option: "yes" ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.51 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.50 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.54 |
|
01-Feb-2022 |
djm |
mark const string array contents const too, i.e. static const char *array => static const char * const array from Mike Frysinger
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.53 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.52 |
|
17-Apr-2020 |
djm |
make IgnoreRhosts a tri-state option: "yes" ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.51 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.50 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.53 |
|
18-Oct-2020 |
djm |
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.52 |
|
17-Apr-2020 |
djm |
make IgnoreRhosts a tri-state option: "yes" ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.51 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.50 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.52 |
|
17-Apr-2020 |
djm |
make IgnoreRhosts a tri-state option: "yes" ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. ok dtucker@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.51 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.50 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.51 |
|
02-Oct-2019 |
djm |
remove some duplicate #includes
|
#
1.50 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.50 |
|
28-Jun-2019 |
deraadt |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
#
1.49 |
|
09-Jul-2018 |
markus |
sshd: switch authentication to sshbuf API; ok djm@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.48 |
|
13-Aug-2016 |
markus |
remove ssh1 server code; ok djm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.47 |
|
07-Mar-2016 |
djm |
refactor canohost.c: move functions that cache results closer to the places that use them (authn and session code). After this, no state is cached in canohost.c
feedback and ok markus@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE
|
#
1.46 |
|
23-Dec-2014 |
djm |
KNF and add a little more debug()
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.45 |
|
15-Jul-2014 |
millert |
Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.44 |
|
07-Mar-2010 |
dtucker |
Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.43 |
|
13-Jun-2008 |
dtucker |
Include unistd.h for close(), prevents warnings in -portable
|
#
1.42 |
|
13-Jun-2008 |
djm |
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not regular files; report from Solar Designer via Colin Watson in bz#1471 ok dtucker@ deraadt@
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.41 |
|
03-Aug-2006 |
deraadt |
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
|
#
1.40 |
|
01-Aug-2006 |
stevesk |
move #include <stdio.h> out of includes.h
|
#
1.39 |
|
22-Jul-2006 |
stevesk |
move #include <string.h> out of includes.h
|
#
1.38 |
|
06-Jul-2006 |
stevesk |
move #include <pwd.h> out of includes.h; ok markus@
|
#
1.37 |
|
25-Mar-2006 |
djm |
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
|
#
1.36 |
|
19-Mar-2006 |
deraadt |
RCSID() can die
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.35 |
|
20-Feb-2006 |
stevesk |
branches: 1.35.2; move #include <sys/stat.h> out of includes.h; ok markus@
|
#
1.34 |
|
07-Feb-2006 |
stevesk |
move #include <netgroup.h> out of includes.h; ok markus@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.33 |
|
17-Jul-2005 |
djm |
branches: 1.33.2; knf says that a 2nd level indent is four (not three or five) spaces
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
#
1.32 |
|
04-Nov-2003 |
djm |
branches: 1.32.4; 1.32.6; standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
markus |
branches: 1.31.2; deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@
|
#
1.30 |
|
17-May-2003 |
itojun |
just in case, put numbers to sscanf %s arg.
|
#
1.29 |
|
08-Apr-2003 |
itojun |
rename log() into logit() to avoid name conflict. markus ok, from netbsd
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
#
1.28 |
|
13-May-2002 |
markus |
branches: 1.28.2; 1.28.4; handle debug messages during rhosts-rsa and hostbased authentication; ok provos@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.27 |
|
04-Mar-2002 |
markus |
branches: 1.27.2; unused include
|
#
1.26 |
|
29-Jan-2002 |
markus |
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
|
#
1.25 |
|
19-Dec-2001 |
deraadt |
basic KNF done while i was looking for something else
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
23-Jun-2001 |
itojun |
branches: 1.24.2; more strict prototypes. raise warning level in Makefile.inc. markus ok'ed TODO; cleanup headers
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.23 |
|
12-Apr-2001 |
markus |
branches: 1.23.2; implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2) similar to RhostRSAAuthentication unless you enable (the experimental) HostbasedUsesNameFromPacketOnly option. please test. :)
|
#
1.22 |
|
06-Apr-2001 |
markus |
do gid/groups-swap in addition to uid-swap, should help if /home/group is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks to olar@openwall.com is comments. we had many requests for this.
|
#
1.21 |
|
08-Feb-2001 |
itojun |
sync with netbsd tree changes. - more strict prototypes, include necessary headers - use paths.h/pathnames.h decls - size_t typecase to int -> u_long
|
#
1.20 |
|
03-Feb-2001 |
markus |
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
|
#
1.19 |
|
21-Jan-2001 |
markus |
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]
|
#
1.18 |
|
19-Jan-2001 |
markus |
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
|
#
1.17 |
|
19-Dec-2000 |
markus |
replace 'unsigned bla' with 'u_bla' everywhere. also, replace 'char unsigned' with u_char.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.16 |
|
03-Oct-2000 |
markus |
branches: 1.16.2; move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg
|
#
1.15 |
|
07-Sep-2000 |
deraadt |
cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate.
|
#
1.14 |
|
20-Jun-2000 |
markus |
OpenBSD tag
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.13 |
|
14-Apr-2000 |
markus |
branches: 1.13.2; whitespace cleanup
|
#
1.12 |
|
27-Dec-1999 |
markus |
check format string for packet_disconnect and packet_send_debug, too
|
#
1.11 |
|
24-Nov-1999 |
markus |
KNF, final part 3
|
#
1.10 |
|
24-Nov-1999 |
deraadt |
much more KNF
|
#
1.9 |
|
23-Nov-1999 |
markus |
KNF part 1
|
#
1.8 |
|
18-Nov-1999 |
markus |
more %d vs. %s in fmt-strings
|
#
1.7 |
|
14-Nov-1999 |
markus |
split do_authentication() in subroutines move checking of remote port to central place
|
#
1.6 |
|
11-Nov-1999 |
markus |
make all access to options via 'extern Options options' and 'extern ServerOptions options' respectively; options are no longer passed as arguments: * make options handling more consistent * remove #include "readconf.h" from ssh.h * readconf.h is only included if necessary
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.5 |
|
03-Oct-1999 |
deraadt |
use strcasecmp()
|
#
1.4 |
|
30-Sep-1999 |
deraadt |
wringing out all the water
|
#
1.3 |
|
29-Sep-1999 |
deraadt |
numerous sprintf, strncpy, strcpy cleanups
|
#
1.2 |
|
28-Sep-1999 |
provos |
convert all uses of gmp to SSL bignum convert all used of rsa to SSL rsa functions remove all use of randomstate to OpenBSD arc4random() and arc4_stir() all this done at a long long night in Canada.
|
#
1.1 |
|
26-Sep-1999 |
deraadt |
i bet a lot of people didn't know what ssh 1.2.16 had a nice license. well, except for the patent issues. someone in sweden (forget their name at the moment) cleaned out most of the patented code, and now this code removes rsa code. when this is done, it will link against libssl, but the work isn't completely done yet. then we need to bring this up to modern days, featurewise.
|