![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.194 / (download) - annotate - [select for diffs], Fri May 17 00:30:23 2024 UTC (2 hours, 48 minutes ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.193: +14 -1 lines
Diff to previous 1.193 (colored)
Start the process of splitting sshd into separate binaries. This step splits sshd into a listener and a session binary. More splits are planned. After this changes, the listener binary will validate the configuration, load the hostkeys, listen on port 22 and manage MaxStartups only. All session handling will be performed by a new sshd-session binary that the listener fork+execs. This reduces the listener process to the minimum necessary and sets us up for future work on the sshd-session binary. feedback/ok markus@ deraadt@ NB. if you're updating via source, please restart sshd after installing, otherwise you run the risk of locking yourself out.
Revision 1.193 / (download) - annotate - [select for diffs], Tue Apr 2 10:02:08 2024 UTC (6 weeks, 2 days ago) by deraadt
Branch: MAIN
Changes since 1.192: +5 -5 lines
Diff to previous 1.192 (colored)
for parse_ipqos(), use strtonum() instead of mostly idiomatic strtoul(), but wow it's so gross. ok djm
Revision 1.192 / (download) - annotate - [select for diffs], Tue Apr 2 09:56:58 2024 UTC (6 weeks, 2 days ago) by deraadt
Branch: MAIN
Changes since 1.191: +2 -5 lines
Diff to previous 1.191 (colored)
can shortcut by returning strtonum() value directly; ok djm
Revision 1.191 / (download) - annotate - [select for diffs], Tue Apr 2 09:52:14 2024 UTC (6 weeks, 2 days ago) by deraadt
Branch: MAIN
Changes since 1.190: +36 -22 lines
Diff to previous 1.190 (colored)
rewrite convtime() to use a isdigit-scanner and strtonum() instead of strange strtoul can might be fooled by garage characters. passes regress/usr.bin/ssh/unittests/misc ok djm
Revision 1.190 / (download) - annotate - [select for diffs], Mon Mar 4 02:16:11 2024 UTC (2 months, 1 week ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.189: +14 -1 lines
Diff to previous 1.189 (colored)
Separate parsing of string array options from applying them to the active configuration. This fixes the config parser from erroneously rejecting cases like: AuthenticationMethods password Match User ivy AuthenticationMethods any bz3657 ok markus@
Revision 1.189 / (download) - annotate - [select for diffs], Thu Oct 12 03:36:32 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.188: +2 -2 lines
Diff to previous 1.188 (colored)
64 %-expansion keys ought to be enough for anybody; ok dtucker (we just hit the previous limit in some cases)
Revision 1.188 / (download) - annotate - [select for diffs], Wed Oct 11 22:42:26 2023 UTC (7 months ago) by djm
Branch: MAIN
Changes since 1.187: +38 -1 lines
Diff to previous 1.187 (colored)
add ChannelTimeout support to the client, mirroring the same option in the server. ok markus@
Revision 1.187 / (download) - annotate - [select for diffs], Mon Aug 28 03:31:16 2023 UTC (8 months, 2 weeks ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.186: +20 -9 lines
Diff to previous 1.186 (colored)
Add keystroke timing obfuscation to the client. This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/ feedback/ok markus@
Revision 1.186 / (download) - annotate - [select for diffs], Fri Aug 18 01:37:41 2023 UTC (8 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.185: +30 -12 lines
Diff to previous 1.185 (colored)
fix regression in OpenSSH 9.4 (mux.c r1.99) that caused multiplexed sessions to ignore SIGINT under some circumstances. Reported by / feedback naddy@, ok dtucker@
Revision 1.185 / (download) - annotate - [select for diffs], Fri Aug 4 06:32:40 2023 UTC (9 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.184: +5 -4 lines
Diff to previous 1.184 (colored)
Apply ConnectTimeout to multiplexing local socket connections. If the multiplex socket exists but the connection times out, ssh will fall back to a direct connection the same way it would if the socket did not exist at all. ok djm@
Revision 1.184 / (download) - annotate - [select for diffs], Wed Jul 19 14:02:27 2023 UTC (9 months, 4 weeks ago) by djm
Branch: MAIN
Changes since 1.183: +30 -1 lines
Diff to previous 1.183 (colored)
Ensure FIDO/PKCS11 libraries contain expected symbols This checks via nlist(3) that candidate provider libraries contain one of the symbols that we will require prior to dlopen(), which can cause a number of side effects, including execution of constructors. Feedback deraadt; ok markus
Revision 1.183 / (download) - annotate - [select for diffs], Fri Jul 14 07:44:21 2023 UTC (10 months ago) by dtucker
Branch: MAIN
Changes since 1.182: +2 -1 lines
Diff to previous 1.182 (colored)
Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build.
Revision 1.182 / (download) - annotate - [select for diffs], Fri Jul 14 05:31:44 2023 UTC (10 months ago) by djm
Branch: MAIN
Changes since 1.181: +5 -2 lines
Diff to previous 1.181 (colored)
add defence-in-depth checks for some unreachable integer overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@
Revision 1.181 / (download) - annotate - [select for diffs], Fri Mar 3 02:37:58 2023 UTC (14 months, 2 weeks ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.180: +1 -4 lines
Diff to previous 1.180 (colored)
Use time_t for x11_refuse_time timeout. We need SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available. Fixes a Coverity warning for 64bit time_t safety, ok djm@
Revision 1.180 / (download) - annotate - [select for diffs], Fri Jan 6 02:37:04 2023 UTC (16 months, 1 week ago) by djm
Branch: MAIN
Changes since 1.179: +90 -1 lines
Diff to previous 1.179 (colored)
add ptimeout API for keeping track of poll/ppoll timeouts; ok dtucker markus
Revision 1.179 / (download) - annotate - [select for diffs], Thu Dec 15 18:20:39 2022 UTC (17 months ago) by deraadt
Branch: MAIN
Changes since 1.178: +2 -2 lines
Diff to previous 1.178 (colored)
The idiomatic way of coping with signed char vs unsigned char (which did not come from stdio read functions) in the presence of ctype macros, is to always cast to (unsigned char). casting to (int) for a "macro" which is documented to take int, is weird. And sadly wrong, because of the sing extension risk.. same diff from florian
Revision 1.178 / (download) - annotate - [select for diffs], Wed Nov 9 09:01:52 2022 UTC (18 months, 1 week ago) by dtucker
Branch: MAIN
Changes since 1.177: +3 -3 lines
Diff to previous 1.177 (colored)
Remove errant colon and simplify format string in error messages. Patch from vapier at chromium.org.
Revision 1.177 / (download) - annotate - [select for diffs], Thu Aug 11 01:56:51 2022 UTC (21 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.176: +21 -5 lines
Diff to previous 1.176 (colored)
allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 ok dtucker
Revision 1.176 / (download) - annotate - [select for diffs], Fri Jun 3 04:30:47 2022 UTC (23 months, 2 weeks ago) by djm
Branch: MAIN
Changes since 1.175: +18 -1 lines
Diff to previous 1.175 (colored)
Make SetEnv directives first-match-wins in both sshd_config and sshd_config; previously if the same name was reused then the last would win (which is the opposite to how the config is supposed to work). While there, make the ssh_config parsing more like sshd_config. bz3438, ok dtucker
Revision 1.175 / (download) - annotate - [select for diffs], Sun Mar 20 08:51:21 2022 UTC (2 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.174: +18 -9 lines
Diff to previous 1.174 (colored)
make addargs() and replacearg() a little more robust and improve error reporting make freeargs(NULL) a noop like the other free functions ok dtucker as part of bz3403
Revision 1.174 / (download) - annotate - [select for diffs], Fri Feb 11 00:43:56 2022 UTC (2 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.173: +2 -2 lines
Diff to previous 1.173 (colored)
Always initialize delim before passing to hpdelim2 which might not set it. Found by the Valgrind tests on github, ok deraadt@
Revision 1.173 / (download) - annotate - [select for diffs], Tue Feb 8 08:59:12 2022 UTC (2 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.172: +8 -2 lines
Diff to previous 1.172 (colored)
Switch hpdelim interface to accept only ":" as delimiter. Historicallly, hpdelim accepted ":" or "/" as a port delimiter between hosts (or addresses) and ports. These days most of the uses for "/" are no longer accepted, so there are several places where it checks the delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2 in the other cases. ok djm@
Revision 1.172 / (download) - annotate - [select for diffs], Sat Jan 8 07:32:45 2022 UTC (2 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.171: +46 -30 lines
Diff to previous 1.171 (colored)
refactor tilde_expand_filename() and make it handle ~user paths with no trailing slash; feedback/ok markus and jsg
Revision 1.171 / (download) - annotate - [select for diffs], Sat Nov 13 21:14:13 2021 UTC (2 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.170: +4 -4 lines
Diff to previous 1.170 (colored)
replace select() with ppoll(), including converting timeval's to timespec's to make things easier. back and forth and ok; djm
Revision 1.164.2.1 / (download) - annotate - [select for diffs], Sun Sep 26 14:03:57 2021 UTC (2 years, 7 months ago) by deraadt
Branch: OPENBSD_6_9
Changes since 1.164: +7 -1 lines
Diff to previous 1.164 (colored) next main 1.165 (colored)
need initgroups() before setresgid(); reported by anton@, ok deraadt@ this is 6.9 errata 016: sshd(8) failed to clear supplemental groups when executing an AuthorizedUsersCommand or AuthorizedPrincipalsCommand helper program.
Revision 1.170 / (download) - annotate - [select for diffs], Sun Sep 26 14:01:03 2021 UTC (2 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.169: +7 -1 lines
Diff to previous 1.169 (colored)
need initgroups() before setresgid(); reported by anton@, ok deraadt@
Revision 1.169 / (download) - annotate - [select for diffs], Mon Aug 9 23:47:44 2021 UTC (2 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.168: +35 -14 lines
Diff to previous 1.168 (colored)
SFTP protocol extension to allow the server to expand ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept these paths, like scp in rcp mode does. prompted by and much discussion deraadt@ ok markus@
Revision 1.168 / (download) - annotate - [select for diffs], Mon Jul 12 06:22:57 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.167: +2 -4 lines
Diff to previous 1.167 (colored)
Make limit for time_t test unconditional in the format_absolute_time fix for bz#3329 that allows printing of timestamps past INT_MAX. This was incorrectly included with the previous commit. Based on discussion with djm@.
Revision 1.167 / (download) - annotate - [select for diffs], Fri Jul 2 07:20:44 2021 UTC (2 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.166: +7 -2 lines
Diff to previous 1.166 (colored)
Remove obsolete comments about SSHv1 auth methods. ok djm@
Revision 1.166 / (download) - annotate - [select for diffs], Tue Jun 8 06:54:40 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.165: +50 -5 lines
Diff to previous 1.165 (colored)
Allow argv_split() to optionally terminate tokenisation when it encounters an unquoted comment. Add some additional utility function for working with argument vectors, since we'll be switching to using them to parse ssh/sshd_config shortly. ok markus@ as part of a larger diff; tested in snaps
Revision 1.165 / (download) - annotate - [select for diffs], Fri Jun 4 05:02:40 2021 UTC (2 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.164: +16 -1 lines
Diff to previous 1.164 (colored)
allow ssh_config SetEnv to override $TERM, which is otherwise handled specially by the protocol. Useful in ~/.ssh/config to set TERM to something generic (e.g. "xterm" instead of "xterm-256color") for destinations that lack terminfo entries. feedback and ok dtucker@
Revision 1.164 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:40 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Changes since 1.163: +2 -2 lines
Diff to previous 1.163 (colored)
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
Revision 1.163 / (download) - annotate - [select for diffs], Sat Apr 3 05:21:46 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.162: +4 -7 lines
Diff to previous 1.162 (colored)
Fix two problems in string->argv conversion: 1) multiple backslashes were not being dequoted correctly and 2) quoted space in the middle of a string was being incorrectly split. A unit test for these cases has already been committed prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@
Revision 1.162 / (download) - annotate - [select for diffs], Sun Feb 28 01:50:47 2021 UTC (3 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.161: +2 -2 lines
Diff to previous 1.161 (colored)
Do not try to reset signal handler for signal 0 in subprocess. Prevents spurious debug message. ok djm@
Revision 1.161 / (download) - annotate - [select for diffs], Mon Feb 15 20:36:35 2021 UTC (3 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.160: +27 -1 lines
Diff to previous 1.160 (colored)
factor out opt_array_append; ok djm@
Revision 1.160 / (download) - annotate - [select for diffs], Fri Jan 15 02:58:11 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.159: +3 -3 lines
Diff to previous 1.159 (colored)
Change types in convtime() unit test to int to match change its new type. Add tests for boundary conditions and fix convtime to work up to INT_MAX. ok djm@
Revision 1.159 / (download) - annotate - [select for diffs], Fri Jan 15 02:32:41 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.158: +2 -2 lines
Diff to previous 1.158 (colored)
In waitfd(), when poll returns early we are subtracting the elapsed time from the timeout each loop, so we only want to measure the elapsed time the poll() in that loop, not since the start of the function. Spotted by chris.xj.zhu at gmail.com, ok djm@
Revision 1.158 / (download) - annotate - [select for diffs], Mon Jan 11 02:12:57 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.157: +5 -5 lines
Diff to previous 1.157 (colored)
Change convtime() from returning long to returning int. On platforms where sizeof(int) != sizeof(long), convtime could accept values >MAX_INT which subsequently truncate when stored in an int during config parsing. bz#3250, ok djm@
Revision 1.157 / (download) - annotate - [select for diffs], Tue Dec 22 00:12:22 2020 UTC (3 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.156: +170 -1 lines
Diff to previous 1.156 (colored)
move subprocess() from auth.c to misc.c make privilege dropping optional but allow it via callbacks (to avoid need to link uidswap.c everywhere) add some other flags (keep environment, disable strict path safety check) that make this more useful for client-side use. feedback & ok markus@
Revision 1.156 / (download) - annotate - [select for diffs], Fri Nov 27 00:49:58 2020 UTC (3 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.155: +44 -1 lines
Diff to previous 1.155 (colored)
Set the specified TOS/DSCP for interactive use prior to TCP connect. The connection phase of the SSH session is time-sensitive (due to server side login grace periods) and is frequently interactive (e.g. entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after authentication completes. ok dtucker@
Revision 1.155 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:01 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.154: +43 -54 lines
Diff to previous 1.154 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.154 / (download) - annotate - [select for diffs], Sat Oct 3 09:22:26 2020 UTC (3 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.153: +22 -1 lines
Diff to previous 1.153 (colored)
There are lots of place where we want to redirect stdin, stdout and/or stderr to /dev/null. Factor all these out to a single stdfd_devnull() function that allows selection of which of these to redirect. ok markus@
Revision 1.153 / (download) - annotate - [select for diffs], Fri Jun 26 05:16:38 2020 UTC (3 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.152: +13 -8 lines
Diff to previous 1.152 (colored)
handle EINTR in waitfd() and timeout_connect() helpers; bz#3071; ok dtucker@
Revision 1.152 / (download) - annotate - [select for diffs], Fri May 29 11:17:56 2020 UTC (3 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.151: +12 -3 lines
Diff to previous 1.151 (colored)
Make dollar_expand variadic and pass a real va_list to vdollar_percent_expand. Fixes build error on arm64 spotted by otto@.
Revision 1.151 / (download) - annotate - [select for diffs], Fri May 29 09:02:44 2020 UTC (3 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.150: +2 -4 lines
Diff to previous 1.150 (colored)
Pass a NULL instead of zeroed out va_list from dollar_expand. The original intent was in case there's some platform where va_list is not a pointer equivalent, but on i386 this chokes on the memset. This unbreaks that build, but will require further consideration.
Revision 1.150 / (download) - annotate - [select for diffs], Fri May 29 04:25:40 2020 UTC (3 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.149: +134 -31 lines
Diff to previous 1.149 (colored)
Allow some keywords to expand shell-style ${ENV} environment
variables on the client side. The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket
paths. This would for example allow forwarding of Unix domain
socket paths that change at runtime. bz#3140, ok djm@
Revision 1.149 / (download) - annotate - [select for diffs], Fri May 29 01:20:46 2020 UTC (3 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.148: +3 -2 lines
Diff to previous 1.148 (colored)
Fix multiplier in convtime when handling seconds after other units. bz#3171, spotted by ronf at timeheart.net, ok djm@.
Revision 1.148 / (download) - annotate - [select for diffs], Tue May 26 01:06:52 2020 UTC (3 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.147: +51 -20 lines
Diff to previous 1.147 (colored)
add fmt_timeframe() (from bgpd) to format a time interval in a human- friendly format. Switch copyright for this file from BSD to MIT to make it easier to add Henning's copyright for this function. ok markus@
Revision 1.147 / (download) - annotate - [select for diffs], Sat Apr 25 06:59:36 2020 UTC (4 years ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.146: +2 -2 lines
Diff to previous 1.146 (colored)
We've standardized on memset over bzero, replace a couple that had slipped in. ok deraadt markus djm.
Revision 1.146 / (download) - annotate - [select for diffs], Tue Jan 28 01:49:36 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.145: +2 -1 lines
Diff to previous 1.145 (colored)
make IPTOS_DSCP_LE available via IPQoS directive; bz2986, based on patch by veegish AT cyberstorm.mu
Revision 1.145 / (download) - annotate - [select for diffs], Fri Jan 24 23:54:40 2020 UTC (4 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.144: +28 -1 lines
Diff to previous 1.144 (colored)
add xextendf() to extend a string with a format (reallocating as necessary). ok aja@ as part of a larger diff
Revision 1.144 / (download) - annotate - [select for diffs], Thu Jan 23 07:10:22 2020 UTC (4 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.143: +18 -1 lines
Diff to previous 1.143 (colored)
Replace all calls to signal(2) with a wrapper around sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations.
Revision 1.143 / (download) - annotate - [select for diffs], Fri Nov 22 06:50:30 2019 UTC (4 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.142: +16 -6 lines
Diff to previous 1.142 (colored)
Wait for FD to be readable or writeable during a nonblocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (eg multiplexers like sslh) but is also slightly quicker for other connections since, unlike ssh1, ssh2 doesn't specify that the client should parse the server banner before sending its own. Patch from mnissler@chromium.org, ok djm@
Revision 1.142 / (download) - annotate - [select for diffs], Tue Sep 3 08:32:11 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.141: +73 -1 lines
Diff to previous 1.141 (colored)
move authorized_keys option parsing helpsers to misc.c and make them public; ok markus@
Revision 1.141 / (download) - annotate - [select for diffs], Tue Sep 3 08:29:58 2019 UTC (4 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.140: +11 -1 lines
Diff to previous 1.140 (colored)
move skip_space() to misc.c and make it public; ok markus@
Revision 1.140 / (download) - annotate - [select for diffs], Fri Aug 16 06:13:15 2019 UTC (4 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.139: +24 -15 lines
Diff to previous 1.139 (colored)
switch percent_expand() to use sshbuf instead of a limited fixed buffer; ok markus@
Revision 1.139 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.138: +9 -9 lines
Diff to previous 1.138 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.138 / (download) - annotate - [select for diffs], Thu Jun 27 18:03:37 2019 UTC (4 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.137: +2 -2 lines
Diff to previous 1.137 (colored)
Some asprintf() calls were checked < 0, rather than the precise == -1. ok millert nicm tb, etc
Revision 1.137 / (download) - annotate - [select for diffs], Wed Jan 23 21:50:56 2019 UTC (5 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.136: +2 -2 lines
Diff to previous 1.136 (colored)
Remove support for obsolete host/port syntax. host/port was added in 2001 as an alternative to host:port syntax for the benefit of IPv6 users. These days there are establised standards for this like [::1]:22 and the slash syntax is easily mistaken for CIDR notation, which OpenSSH now supports for some things. Remove the slash notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen at redhat.com, ok markus@
Revision 1.136 / (download) - annotate - [select for diffs], Thu Dec 27 03:25:25 2018 UTC (5 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.135: +76 -1 lines
Diff to previous 1.135 (colored)
move client/server SSH-* banners to buffers under ssh->kex and factor out the banner exchange. This eliminates some common code from the client and server. Also be more strict about handling \r characters - these should only be accepted immediately before \n (pointed out by Jann Horn). Inspired by a patch from Markus Schmidt. (lots of) feedback and ok markus@
Revision 1.135 / (download) - annotate - [select for diffs], Fri Dec 7 04:36:09 2018 UTC (5 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.134: +4 -5 lines
Diff to previous 1.134 (colored)
Fix calculation of initial bandwidth limits. Account for written bytes before the initial timer check so that the first buffer written is accounted. Set the threshold after which the timer is checked such that the limit starts being computed as soon as possible, ie after the second buffer is written. This prevents an initial burst of traffic and provides a more accurate bandwidth limit. bz#2927, ok djm.
Revision 1.134 / (download) - annotate - [select for diffs], Fri Nov 16 03:26:01 2018 UTC (5 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.133: +8 -1 lines
Diff to previous 1.133 (colored)
use path_absolute() for pathname checks; from Manoj Ampalam
Revision 1.133 / (download) - annotate - [select for diffs], Fri Oct 5 14:26:09 2018 UTC (5 years, 7 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.132: +8 -4 lines
Diff to previous 1.132 (colored)
Support using service names for port numbers. * Try to resolve a port specification with getservbyname(3) if a numeric conversion fails. * Make the "Port" option in ssh_config handle its argument as a port rather than a plain integer. ok dtucker@ deraadt@
Revision 1.132 / (download) - annotate - [select for diffs], Wed Oct 3 06:38:35 2018 UTC (5 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.131: +20 -1 lines
Diff to previous 1.131 (colored)
Allow ssh_config IdentityAgent directive to accept environment variable names as well as explicit paths. ok dtucker@
Revision 1.131 / (download) - annotate - [select for diffs], Fri Jul 27 05:13:02 2018 UTC (5 years, 9 months ago) by dtucker
Branch: MAIN
Changes since 1.130: +1 -10 lines
Diff to previous 1.130 (colored)
Remove uid checks from low port binds. Now that ssh cannot be setuid and sshd always has privsep on, we can remove the uid checks for low port binds and just let the system do the check. We leave a sanity check for the !privsep case so long as the code is stil there. with & ok djm@
Revision 1.130 / (download) - annotate - [select for diffs], Wed Jul 18 11:34:04 2018 UTC (5 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.129: +1 -2 lines
Diff to previous 1.129 (colored)
Remove support for running ssh(1) setuid and fatal if attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@
Revision 1.129 / (download) - annotate - [select for diffs], Sat Jun 9 03:01:12 2018 UTC (5 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.128: +26 -6 lines
Diff to previous 1.128 (colored)
add a SetEnv directive to ssh_config that allows setting environment variables for the remote session (subject to the server accepting them) refactor SendEnv to remove the arbitrary limit of variable names. ok markus@
Revision 1.128 / (download) - annotate - [select for diffs], Wed Jun 6 18:29:18 2018 UTC (5 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.127: +1 -26 lines
Diff to previous 1.127 (colored)
switch config file parsing to getline(3) as this avoids static limits noted by gerhard@; ok dtucker@, djm@
Revision 1.127 / (download) - annotate - [select for diffs], Mon Mar 12 00:52:01 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.126: +54 -1 lines
Diff to previous 1.126 (colored)
add valid-before="[time]" authorized_keys option. A simple way of giving a key an expiry date. ok markus@
Revision 1.126 / (download) - annotate - [select for diffs], Wed Mar 7 23:53:08 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.125: +8 -19 lines
Diff to previous 1.125 (colored)
revert recent strdelim() change, it causes problems with some configs. revision 1.124 date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; Allow escaped quotes \" and \' in ssh_config and sshd_config quotes option strings. bz#1596 ok markus@
Revision 1.125 / (download) - annotate - [select for diffs], Sat Mar 3 03:15:51 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.124: +2 -1 lines
Diff to previous 1.124 (colored)
switch over to the new authorized_keys options API and remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@
Revision 1.124 / (download) - annotate - [select for diffs], Fri Mar 2 03:02:11 2018 UTC (6 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.123: +19 -8 lines
Diff to previous 1.123 (colored)
Allow escaped quotes \" and \' in ssh_config and sshd_config quotes option strings. bz#1596 ok markus@
Revision 1.123 / (download) - annotate - [select for diffs], Mon Jan 8 15:21:49 2018 UTC (6 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.122: +1 -153 lines
Diff to previous 1.122 (colored)
move subprocess() so scp/sftp do not need uidswap.o; ok djm@
Revision 1.122 / (download) - annotate - [select for diffs], Fri Dec 8 02:14:33 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.121: +4 -4 lines
Diff to previous 1.121 (colored)
fix ordering in previous to ensure errno isn't clobbered before logging.
Revision 1.121 / (download) - annotate - [select for diffs], Fri Dec 8 02:13:02 2017 UTC (6 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.120: +10 -9 lines
Diff to previous 1.120 (colored)
for some reason unix_listener() logged most errors twice with each message containing only some of the useful information; merge these
Revision 1.120 / (download) - annotate - [select for diffs], Tue Dec 5 23:59:47 2017 UTC (6 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.119: +15 -1 lines
Diff to previous 1.119 (colored)
Replace atoi and strtol conversions for integer arguments to config keywords with a checking wrapper around strtonum. This will prevent and flag invalid and negative arguments to these keywords. ok djm@
Revision 1.119 / (download) - annotate - [select for diffs], Sat Nov 25 06:46:22 2017 UTC (6 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.118: +26 -13 lines
Diff to previous 1.118 (colored)
Add monotime_ts and monotime_tv that return monotonic timespec and timeval respectively. Replace calls to gettimeofday() in packet timing with monotime_tv so that the callers will work over a clock step. Should prevent integer overflow during clock steps reported by wangle6 at huawei.com. "I like" markus@
Revision 1.118 / (download) - annotate - [select for diffs], Wed Oct 25 00:17:08 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.117: +18 -2 lines
Diff to previous 1.117 (colored)
add sshd_config RDomain keyword to place sshd and the subsequent user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@
Revision 1.117 / (download) - annotate - [select for diffs], Wed Oct 25 00:15:35 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.116: +39 -1 lines
Diff to previous 1.116 (colored)
Add optional rdomain qualifier to sshd_config's ListenAddress option to allow listening on a different rdomain(4), e.g. ListenAddress 0.0.0.0 rdomain 4
Revision 1.116 / (download) - annotate - [select for diffs], Tue Oct 24 19:41:45 2017 UTC (6 years, 6 months ago) by millert
Branch: MAIN
Changes since 1.115: +4 -4 lines
Diff to previous 1.115 (colored)
Kill dead store and some spaces vs. tabs indent in parse_user_host_path(). Noticed by markus@
Revision 1.115 / (download) - annotate - [select for diffs], Mon Oct 23 05:08:00 2017 UTC (6 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.114: +8 -2 lines
Diff to previous 1.114 (colored)
Expose devices allocated for tun/tap forwarding. At the client, the device may be obtained from a new %T expansion for LocalCommand. At the server, the allocated devices will be listed in a SSH_TUNNEL variable exposed to the environment of any user sessions started after the tunnel forwarding was established. ok markus
Revision 1.114 / (download) - annotate - [select for diffs], Sat Oct 21 23:06:24 2017 UTC (6 years, 6 months ago) by millert
Branch: MAIN
Changes since 1.113: +292 -5 lines
Diff to previous 1.113 (colored)
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@
Revision 1.113 / (download) - annotate - [select for diffs], Fri Aug 18 05:48:04 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.112: +4 -3 lines
Diff to previous 1.112 (colored)
add a "quiet" flag to exited_cleanly() that supresses errors about exit status (failure due to signal is still reported)
Revision 1.112 / (download) - annotate - [select for diffs], Fri Aug 18 05:36:45 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.111: +455 -1 lines
Diff to previous 1.111 (colored)
Move several subprocess-related functions from various locations to misc.c. Extend subprocess() to offer a little more control over stdio disposition. feedback & ok dtucker@
Revision 1.111 / (download) - annotate - [select for diffs], Sun Jul 23 23:37:02 2017 UTC (6 years, 9 months ago) by djm
Branch: MAIN
Changes since 1.110: +2 -1 lines
Diff to previous 1.110 (colored)
Allow IPQoS=none in ssh/sshd to not set an explicit ToS/DSCP value and just use the operating system default; ok dtucker@
Revision 1.110 / (download) - annotate - [select for diffs], Wed May 31 09:15:42 2017 UTC (6 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.109: +2 -2 lines
Diff to previous 1.109 (colored)
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus
Revision 1.109 / (download) - annotate - [select for diffs], Tue Mar 14 00:55:37 2017 UTC (7 years, 2 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.108: +3 -3 lines
Diff to previous 1.108 (colored)
Fix convtime() overflow test on boundary condition, spotted by & ok djm.
Revision 1.108 / (download) - annotate - [select for diffs], Tue Mar 14 00:25:03 2017 UTC (7 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.107: +11 -6 lines
Diff to previous 1.107 (colored)
Check for integer overflow when parsing times in convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
Revision 1.107 / (download) - annotate - [select for diffs], Wed Nov 30 00:28:31 2016 UTC (7 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.106: +19 -1 lines
Diff to previous 1.106 (colored)
On startup, check to see if sshd is already daemonized and if so, skip the call to daemon() and do not rewrite the PidFile. This means that when sshd re-execs itself on SIGHUP the process ID will no longer change. Should address bz#2641. ok djm@ markus@.
Revision 1.106 / (download) - annotate - [select for diffs], Sun Oct 23 22:04:05 2016 UTC (7 years, 6 months ago) by dtucker
Branch: MAIN
Changes since 1.105: +9 -1 lines
Diff to previous 1.105 (colored)
Factor out "can bind to low ports" check into its own function. This will make it easier for Portable to support platforms with permissions models other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" deraadt@.
Revision 1.105 / (download) - annotate - [select for diffs], Fri Jul 15 00:24:30 2016 UTC (7 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.104: +62 -1 lines
Diff to previous 1.104 (colored)
Add a ProxyJump ssh_config(5) option and corresponding -J ssh(1) command-line flag to allow simplified indirection through a SSH bastion or "jump host". These options construct a proxy command that connects to the specified jump host(s) (more than one may be specified) and uses port-forwarding to establish a connection to the next destination. This codifies the safest way of indirecting connections through SSH servers and makes it easy to use. ok markus@
Revision 1.104 / (download) - annotate - [select for diffs], Wed Apr 6 06:42:17 2016 UTC (8 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.103: +39 -1 lines
Diff to previous 1.103 (colored)
don't record duplicate LocalForward and RemoteForward entries; fixes failure with ExitOnForwardFailure+hostname canonicalisation where the same forwards are added on the second pass through the configuration file. bz#2562; ok dtucker@
Revision 1.103 / (download) - annotate - [select for diffs], Sat Apr 2 14:37:42 2016 UTC (8 years, 1 month ago) by krw
Branch: MAIN
Changes since 1.102: +13 -13 lines
Diff to previous 1.102 (colored)
Another use for fcntl() and thus of the superfluous 3rd parameter is when sanitising standard fd's before calling daemon(). Use a tweaked version of the ssh(1) function in all three places found using fcntl() this way. ok jca@ beck@
Revision 1.102 / (download) - annotate - [select for diffs], Wed Mar 2 22:42:40 2016 UTC (8 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.101: +12 -1 lines
Diff to previous 1.101 (colored)
Improve precision of progressmeter for sftp and scp by storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@
Revision 1.101 / (download) - annotate - [select for diffs], Wed Jan 20 09:22:39 2016 UTC (8 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.100: +2 -1 lines
Diff to previous 1.100 (colored)
Include sys/time.h for gettimeofday. From sortie at maxsi.org.
Revision 1.100 / (download) - annotate - [select for diffs], Fri Dec 4 21:51:06 2015 UTC (8 years, 5 months ago) by tobias
Branch: MAIN
Changes since 1.99: +3 -1 lines
Diff to previous 1.99 (colored)
Properly handle invalid %-format by calling fatal. ok deraadt, djm
Revision 1.99 / (download) - annotate - [select for diffs], Sat Oct 24 08:34:09 2015 UTC (8 years, 6 months ago) by sthen
Branch: MAIN
Changes since 1.98: +11 -21 lines
Diff to previous 1.98 (colored)
Handle the split of tun(4) "link0" into tap(4) in ssh tun-forwarding. Adapted from portable (using separate devices for this is the normal case in most OS). ok djm@
Revision 1.98 / (download) - annotate - [select for diffs], Wed Oct 7 00:54:06 2015 UTC (8 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.97: +33 -22 lines
Diff to previous 1.97 (colored)
don't try to change tun device flags if they are already what we need; makes it possible to use tun/tap networking as non- root user if device permissions and interface flags are pre-established; based on patch by Ossi Herrala
Revision 1.97 / (download) - annotate - [select for diffs], Fri Apr 24 01:36:00 2015 UTC (9 years ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
rename xrealloc() to xreallocarray() since it follows that form. ok djm
Revision 1.96 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:12 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.95: +3 -3 lines
Diff to previous 1.95 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.95 / (download) - annotate - [select for diffs], Fri Oct 24 02:01:20 2014 UTC (9 years, 6 months ago) by lteo
Branch: MAIN
Changes since 1.94: +1 -2 lines
Diff to previous 1.94 (colored)
Remove unnecessary include: netinet/in_systm.h is not needed by these programs. ok deraadt@ millert@
Revision 1.94 / (download) - annotate - [select for diffs], Tue Jul 15 15:54:14 2014 UTC (9 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.93: +48 -1 lines
Diff to previous 1.93 (colored)
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
Revision 1.93 / (download) - annotate - [select for diffs], Sun Apr 20 02:30:25 2014 UTC (10 years ago) by djm
Branch: MAIN
Changes since 1.92: +25 -1 lines
Diff to previous 1.92 (colored)
use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on strict-alignment architectures; reported by and ok stsp@
Revision 1.92 / (download) - annotate - [select for diffs], Mon Oct 14 23:28:23 2013 UTC (10 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.91: +9 -1 lines
Diff to previous 1.91 (colored)
refactor client config code a little: add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
Revision 1.91 / (download) - annotate - [select for diffs], Fri Jul 12 00:43:50 2013 UTC (10 years, 10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.90: +2 -2 lines
Diff to previous 1.90 (colored)
in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when errno == 0. Avoids confusing error message in some broken resolver cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
Revision 1.90 / (download) - annotate - [select for diffs], Sat Jun 1 13:15:52 2013 UTC (10 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.89: +12 -1 lines
Diff to previous 1.89 (colored)
Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
Revision 1.89 / (download) - annotate - [select for diffs], Fri May 17 00:13:13 2013 UTC (11 years ago) by djm
Branch: MAIN
Changes since 1.88: +6 -6 lines
Diff to previous 1.88 (colored)
bye, bye xfree(); ok markus@
Revision 1.88 / (download) - annotate - [select for diffs], Wed Apr 24 16:01:46 2013 UTC (11 years ago) by tedu
Branch: MAIN
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (colored)
remove extra parens noticed by nicm
Revision 1.87 / (download) - annotate - [select for diffs], Tue Apr 23 17:49:45 2013 UTC (11 years ago) by tedu
Branch: MAIN
Changes since 1.86: +10 -11 lines
Diff to previous 1.86 (colored)
use xasprintf instead of a series of strlcats and strdup. ok djm
Revision 1.86 / (download) - annotate - [select for diffs], Mon Sep 5 05:59:08 2011 UTC (12 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
fix typo in IPQoS parsing: there is no "AF14" class, but there is an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
Revision 1.85 / (download) - annotate - [select for diffs], Tue Mar 29 18:54:17 2011 UTC (13 years, 1 month ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.84: +14 -1 lines
Diff to previous 1.84 (colored)
print ipqos friendly string for sshd -T; ok markus # sshd -Tf sshd_config|grep ipqos ipqos lowdelay throughput
Revision 1.84 / (download) - annotate - [select for diffs], Sun Nov 21 01:01:13 2010 UTC (13 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.83: +18 -1 lines
Diff to previous 1.83 (colored)
honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
Revision 1.83 / (download) - annotate - [select for diffs], Sat Nov 13 23:27:50 2010 UTC (13 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.82: +55 -1 lines
Diff to previous 1.82 (colored)
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Revision 1.82 / (download) - annotate - [select for diffs], Fri Sep 24 13:33:00 2010 UTC (13 years, 7 months ago) by matthew
Branch: MAIN
Changes since 1.81: +1 -12 lines
Diff to previous 1.81 (colored)
Add timingsafe_bcmp(3) to libc, mention that it's already in the kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@
Revision 1.81 / (download) - annotate - [select for diffs], Wed Sep 22 22:58:51 2010 UTC (13 years, 7 months ago) by djm
Branch: MAIN
Changes since 1.80: +65 -1 lines
Diff to previous 1.80 (colored)
add an option per-read/write callback to atomicio factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism add a bandwidth limit option to sftp(1) using the above "very nice" markus@
Revision 1.80 / (download) - annotate - [select for diffs], Wed Jul 21 02:10:58 2010 UTC (13 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.79: +6 -8 lines
Diff to previous 1.79 (colored)
sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
Revision 1.79 / (download) - annotate - [select for diffs], Tue Jul 13 23:13:16 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored)
s/timing_safe_cmp/timingsafe_bcmp/g
Revision 1.78 / (download) - annotate - [select for diffs], Tue Jul 13 11:52:06 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.77: +13 -1 lines
Diff to previous 1.77 (colored)
implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
Revision 1.77 / (download) - annotate - [select for diffs], Fri Jul 2 04:32:44 2010 UTC (13 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.76: +2 -1 lines
Diff to previous 1.76 (colored)
unbreak strdelim() skipping past quoted strings, e.g. AllowUsers "blah blah" blah was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com ok dtucker;
Revision 1.76 / (download) - annotate - [select for diffs], Fri May 21 05:00:36 2010 UTC (13 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.75: +4 -4 lines
Diff to previous 1.75 (colored)
colon() returns char*, so s/return (0)/return NULL/
Revision 1.75 / (download) - annotate - [select for diffs], Sat Jan 9 23:04:13 2010 UTC (14 years, 4 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.74: +1 -50 lines
Diff to previous 1.74 (colored)
Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
Revision 1.74 / (download) - annotate - [select for diffs], Fri Dec 25 19:40:21 2009 UTC (14 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.73: +13 -1 lines
Diff to previous 1.73 (colored)
validate routing domain is in range 0-RT_TABLEID_MAX. 'Looks right' deraadt@
Revision 1.73 / (download) - annotate - [select for diffs], Fri Nov 20 03:24:07 2009 UTC (14 years, 5 months ago) by djm
Branch: MAIN
Changes since 1.72: +9 -9 lines
Diff to previous 1.72 (colored)
correct off-by-one in percent_expand(): we would fatal() when trying to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually work. Note that nothing in OpenSSH actually uses close to this limit at present. bz#1607 from Jan.Pechanec AT Sun.COM
Revision 1.72 / (download) - annotate - [select for diffs], Wed Oct 28 16:38:18 2009 UTC (14 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.71: +38 -1 lines
Diff to previous 1.71 (colored)
Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
Revision 1.71 / (download) - annotate - [select for diffs], Sat Feb 21 19:32:04 2009 UTC (15 years, 2 months ago) by tobias
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.70: +4 -3 lines
Diff to previous 1.70 (colored)
Added missing newlines in error messages. ok dtucker
Revision 1.70 / (download) - annotate - [select for diffs], Thu Jan 22 10:02:34 2009 UTC (15 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.69: +9 -13 lines
Diff to previous 1.69 (colored)
make a2port() return -1 when it encounters an invalid port number rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
Revision 1.69 / (download) - annotate - [select for diffs], Fri Jun 13 01:38:23 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
upcast uid to long with matching %ld, prevents warnings in portable
Revision 1.68 / (download) - annotate - [select for diffs], Thu Jun 12 20:38:28 2008 UTC (15 years, 11 months ago) by dtucker
Branch: MAIN
Changes since 1.67: +21 -1 lines
Diff to previous 1.67 (colored)
Make keepalive timeouts apply while waiting for a packet, particularly during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
Revision 1.67 / (download) - annotate - [select for diffs], Tue Jan 1 08:47:04 2008 UTC (16 years, 4 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.66: +4 -4 lines
Diff to previous 1.66 (colored)
spaces -> tabs from my previous commit
Revision 1.66 / (download) - annotate - [select for diffs], Thu Dec 27 14:22:08 2007 UTC (16 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.65: +10 -1 lines
Diff to previous 1.65 (colored)
Add a small helper function to consistently handle the EAI_SYSTEM error code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
Revision 1.65 / (download) - annotate - [select for diffs], Thu Nov 23 01:35:11 2006 UTC (17 years, 5 months ago) by ray
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.64: +3 -1 lines
Diff to previous 1.64 (colored)
Don't access buf[strlen(buf) - 1] for zero-length strings. ``ok by me'' djm@.
Revision 1.34.2.2 / (download) - annotate - [select for diffs], Fri Oct 6 03:19:32 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.34.2.1: +141 -13 lines
Diff to previous 1.34.2.1 (colored) to branchpoint 1.34 (colored) next main 1.35 (colored)
upgrade to OpenSSH 4.4
Revision 1.45.2.1 / (download) - annotate - [select for diffs], Sat Sep 30 04:06:50 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.45: +137 -14 lines
Diff to previous 1.45 (colored) next main 1.46 (colored)
upgrade to OpenSSH 4.4
Revision 1.64 / (download) - annotate - [select for diffs], Thu Aug 3 03:34:42 2006 UTC (17 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.63: +3 -5 lines
Diff to previous 1.63 (colored)
almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step
Revision 1.63 / (download) - annotate - [select for diffs], Tue Aug 1 23:22:47 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.62: +2 -1 lines
Diff to previous 1.62 (colored)
move #include <stdio.h> out of includes.h
Revision 1.62 / (download) - annotate - [select for diffs], Wed Jul 26 13:57:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.61: +2 -1 lines
Diff to previous 1.61 (colored)
move #include <stdlib.h> out of includes.h
Revision 1.61 / (download) - annotate - [select for diffs], Wed Jul 26 02:35:17 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.60: +2 -1 lines
Diff to previous 1.60 (colored)
move #include <sys/param.h> out of includes.h
Revision 1.60 / (download) - annotate - [select for diffs], Sat Jul 22 20:48:23 2006 UTC (17 years, 9 months ago) by stevesk
Branch: MAIN
Changes since 1.59: +2 -1 lines
Diff to previous 1.59 (colored)
move #include <string.h> out of includes.h
Revision 1.59 / (download) - annotate - [select for diffs], Mon Jul 17 01:31:09 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.58: +2 -1 lines
Diff to previous 1.58 (colored)
move #include <unistd.h> out of includes.h
Revision 1.58 / (download) - annotate - [select for diffs], Tue Jul 11 20:07:25 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.57: +2 -1 lines
Diff to previous 1.57 (colored)
move #include <errno.h> out of includes.h; ok markus@
Revision 1.57 / (download) - annotate - [select for diffs], Mon Jul 10 16:37:36 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.56: +2 -1 lines
Diff to previous 1.56 (colored)
move #include <stdarg.h> out of includes.h; ok markus@
Revision 1.56 / (download) - annotate - [select for diffs], Mon Jul 10 12:46:51 2006 UTC (17 years, 10 months ago) by dtucker
Branch: MAIN
Changes since 1.55: +19 -1 lines
Diff to previous 1.55 (colored)
Add port identifier to known_hosts for non-default ports, based originally on a patch from Devin Nate in bz#910. For any connection using the default port or using a HostKeyAlias the format is unchanged, otherwise the host name or address is enclosed within square brackets in the same format as sshd's ListenAddress. Tested by many, ok markus@.
Revision 1.55 / (download) - annotate - [select for diffs], Sun Jul 9 15:15:10 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.54: +2 -1 lines
Diff to previous 1.54 (colored)
move #include <fcntl.h> out of includes.h
Revision 1.54 / (download) - annotate - [select for diffs], Thu Jul 6 16:03:53 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.53: +3 -1 lines
Diff to previous 1.53 (colored)
move #include <pwd.h> out of includes.h; ok markus@
Revision 1.53 / (download) - annotate - [select for diffs], Wed Jul 5 02:42:09 2006 UTC (17 years, 10 months ago) by stevesk
Branch: MAIN
Changes since 1.52: +3 -1 lines
Diff to previous 1.52 (colored)
move #include <netinet/in.h> out of includes.h; ok deraadt@
Revision 1.52 / (download) - annotate - [select for diffs], Thu Mar 30 09:58:15 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.51: +88 -5 lines
Diff to previous 1.51 (colored)
replace {GET,PUT}_XXBIT macros with functionally similar functions,
silencing a heap of lint warnings. also allows them to use
__bounded__ checking which can't be applied to macros; requested
by and feedback from deraadt@
Revision 1.51 / (download) - annotate - [select for diffs], Sat Mar 25 13:17:02 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.50: +1 -0 lines
Diff to previous 1.50 (colored)
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
Revision 1.50 / (download) - annotate - [select for diffs], Sat Mar 25 01:13:23 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.49: +1 -1 lines
Diff to previous 1.49 (colored)
change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
Revision 1.49 / (download) - annotate - [select for diffs], Sat Mar 25 00:05:41 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.48: +2 -4 lines
Diff to previous 1.48 (colored)
introduce xcalloc() and xasprintf() failure-checked allocations functions and use them throughout openssh xcalloc is particularly important because malloc(nmemb * size) is a dangerous idiom (subject to integer overflow) and it is time for it to die feedback and ok deraadt@
Revision 1.48 / (download) - annotate - [select for diffs], Mon Mar 20 17:10:19 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.47: +1 -0 lines
Diff to previous 1.47 (colored)
in a switch (), break after return or goto is stupid
Revision 1.47 / (download) - annotate - [select for diffs], Sun Mar 19 18:51:18 2006 UTC (18 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.46: +0 -1 lines
Diff to previous 1.46 (colored)
RCSID() can die
Revision 1.46 / (download) - annotate - [select for diffs], Mon Mar 13 10:14:29 2006 UTC (18 years, 2 months ago) by dtucker
Branch: MAIN
Changes since 1.45: +15 -2 lines
Diff to previous 1.45 (colored)
Allow config directives to contain whitespace by surrounding them by double quotes. mindrot #482, man page help from jmc@, ok djm@
Revision 1.45 / (download) - annotate - [select for diffs], Fri Feb 10 00:27:13 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.44: +3 -1 lines
Diff to previous 1.44 (colored)
move #include <sys/ioctl.h> out of includes.h; ok markus@
Revision 1.44 / (download) - annotate - [select for diffs], Wed Feb 8 12:32:49 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.43: +2 -1 lines
Diff to previous 1.43 (colored)
move #include <netinet/tcp.h> out of includes.h; ok markus@
Revision 1.43 / (download) - annotate - [select for diffs], Wed Feb 8 12:15:27 2006 UTC (18 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.42: +3 -1 lines
Diff to previous 1.42 (colored)
move #include <paths.h> out of includes.h; ok markus@
Revision 1.34.2.1 / (download) - annotate - [select for diffs], Fri Feb 3 03:01:56 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_8
Changes since 1.34: +160 -4 lines
Diff to previous 1.34 (colored)
upgrade to OpenSSH 4.3
Revision 1.29.2.2 / (download) - annotate - [select for diffs], Fri Feb 3 02:53:44 2006 UTC (18 years, 3 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.29.2.1: +160 -4 lines
Diff to previous 1.29.2.1 (colored) to branchpoint 1.29 (colored) next main 1.30 (colored)
upgrade to OpenSSH 4.3
Revision 1.42 / (download) - annotate - [select for diffs], Tue Jan 31 10:19:02 2006 UTC (18 years, 3 months ago) by djm
Branch: MAIN
Changes since 1.41: +41 -4 lines
Diff to previous 1.41 (colored)
fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
Revision 1.41 / (download) - annotate - [select for diffs], Thu Jan 5 23:43:53 2006 UTC (18 years, 4 months ago) by djm
Branch: MAIN
Changes since 1.40: +8 -6 lines
Diff to previous 1.40 (colored)
check that stdio file descriptors are actually closed before clobbering them in sanitise_stdfd(). problems occurred when a lower numbered fd was closed, but higher ones weren't. spotted by, and patch tested by Frédéric Olivié
Revision 1.40 / (download) - annotate - [select for diffs], Mon Jan 2 07:53:44 2006 UTC (18 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.39: +11 -5 lines
Diff to previous 1.39 (colored)
clarify tun(4) opening - set the mode and bring the interface up. also (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. suggested and ok by djm@
Revision 1.39 / (download) - annotate - [select for diffs], Sun Jan 1 10:08:48 2006 UTC (18 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
no trailing "\n" for debug()
Revision 1.38 / (download) - annotate - [select for diffs], Sun Jan 1 08:59:27 2006 UTC (18 years, 4 months ago) by stevesk
Branch: MAIN
Changes since 1.37: +3 -1 lines
Diff to previous 1.37 (colored)
move <net/if.h>; ok djm@
Revision 1.37 / (download) - annotate - [select for diffs], Thu Dec 8 18:34:11 2005 UTC (18 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.36: +54 -21 lines
Diff to previous 1.36 (colored)
two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
Revision 1.36 / (download) - annotate - [select for diffs], Tue Dec 6 22:38:27 2005 UTC (18 years, 5 months ago) by reyk
Branch: MAIN
Changes since 1.35: +57 -1 lines
Diff to previous 1.35 (colored)
Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
Revision 1.35 / (download) - annotate - [select for diffs], Tue Sep 13 23:40:07 2005 UTC (18 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.34: +21 -1 lines
Diff to previous 1.34 (colored)
ensure that stdio fds are attached; ok deraadt@
Revision 1.29.2.1 / (download) - annotate - [select for diffs], Sun Sep 4 18:40:02 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_7
Changes since 1.29: +127 -1 lines
Diff to previous 1.29 (colored)
upgrade to OpenSSH 4.2
Revision 1.25.2.3 / (download) - annotate - [select for diffs], Fri Sep 2 03:45:00 2005 UTC (18 years, 8 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.25.2.2: +127 -1 lines
Diff to previous 1.25.2.2 (colored) to branchpoint 1.25 (colored) next main 1.26 (colored)
upgrade to OpenSSH 4.2
Revision 1.34 / (download) - annotate - [select for diffs], Fri Jul 8 09:26:18 2005 UTC (18 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE
Branch point for: OPENBSD_3_8
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
Make comment match code; ok djm@
Revision 1.33 / (download) - annotate - [select for diffs], Mon Jul 4 00:58:43 2005 UTC (18 years, 10 months ago) by djm
Branch: MAIN
Changes since 1.32: +18 -1 lines
Diff to previous 1.32 (colored)
implement support for X11 and agent forwarding over multiplex slave connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own. ok dtucker@ "put it in" deraadt@
Revision 1.32 / (download) - annotate - [select for diffs], Fri Jun 17 02:44:32 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.31: +7 -6 lines
Diff to previous 1.31 (colored)
make this -Wsign-compare clean; ok avsm@ markus@
Revision 1.31 / (download) - annotate - [select for diffs], Mon Jun 6 11:20:36 2005 UTC (18 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.30: +64 -1 lines
Diff to previous 1.30 (colored)
introduce a generic %foo expansion function. replace existing % expansion and add expansion to ControlPath; ok markus@
Revision 1.25.2.2 / (download) - annotate - [select for diffs], Sun Jun 5 02:22:39 2005 UTC (18 years, 11 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.25.2.1: +4 -4 lines
Diff to previous 1.25.2.1 (colored) to branchpoint 1.25 (colored)
upgrade to OpenSSH 4.1
Revision 1.30 / (download) - annotate - [select for diffs], Sat Apr 9 04:32:54 2005 UTC (19 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.29: +46 -1 lines
Diff to previous 1.29 (colored)
replace tilde_expand_filename with a simpler implementation, ahead of more whacking; ok deraadt@
Revision 1.29 / (download) - annotate - [select for diffs], Thu Mar 10 22:01:05 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE
Branch point for: OPENBSD_3_7
Changes since 1.28: +4 -4 lines
Diff to previous 1.28 (colored)
spacing
Revision 1.23.2.2 / (download) - annotate - [select for diffs], Thu Mar 10 17:15:04 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.23.2.1: +66 -1 lines
Diff to previous 1.23.2.1 (colored) to branchpoint 1.23 (colored) next main 1.24 (colored)
upgrade to OpenSSH 4.0
Revision 1.25.2.1 / (download) - annotate - [select for diffs], Thu Mar 10 16:28:27 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.25: +66 -1 lines
Diff to previous 1.25 (colored)
upgrade to OpenSSH 4.0
Revision 1.28 / (download) - annotate - [select for diffs], Tue Mar 1 10:09:52 2005 UTC (19 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.27: +43 -1 lines
Diff to previous 1.27 (colored)
bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. ok markus@
Revision 1.27 / (download) - annotate - [select for diffs], Sat Dec 11 01:48:56 2004 UTC (19 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.26: +4 -4 lines
Diff to previous 1.26 (colored)
Fix debug call in error path of authorized_keys processing and fix related warnings; ok djm@
Revision 1.26 / (download) - annotate - [select for diffs], Mon Dec 6 11:41:03 2004 UTC (19 years, 5 months ago) by dtucker
Branch: MAIN
Changes since 1.25: +24 -1 lines
Diff to previous 1.25 (colored)
Discard over-length authorized_keys entries rather than complaining when they don't decode. bz #884, with & ok djm@
Revision 1.21.2.2 / (download) - annotate - [select for diffs], Thu Aug 19 22:37:31 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.21.2.1: +21 -15 lines
Diff to previous 1.21.2.1 (colored) to branchpoint 1.21 (colored) next main 1.22 (colored)
upgrade to OpenSSH 3.9
Revision 1.23.2.1 / (download) - annotate - [select for diffs], Thu Aug 19 04:13:26 2004 UTC (19 years, 9 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.23: +21 -15 lines
Diff to previous 1.23 (colored)
upgrade to OpenSSH 3.9
Revision 1.25 / (download) - annotate - [select for diffs], Wed Aug 11 21:43:05 2004 UTC (19 years, 9 months ago) by avsm
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
some signed/unsigned int comparison cleanups; markus@ ok
Revision 1.24 / (download) - annotate - [select for diffs], Mon Jun 14 01:44:39 2004 UTC (19 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.23: +20 -14 lines
Diff to previous 1.23 (colored)
set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
Revision 1.20.2.2 / (download) - annotate - [select for diffs], Thu Mar 4 18:18:15 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.20.2.1: +9 -6 lines
Diff to previous 1.20.2.1 (colored) to branchpoint 1.20 (colored) next main 1.21 (colored)
upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8upgrade to OpenSSH 3.8
Revision 1.21.2.1 / (download) - annotate - [select for diffs], Sat Feb 28 03:51:33 2004 UTC (20 years, 2 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.21: +9 -6 lines
Diff to previous 1.21 (colored)
upgrade to OpenSSH 3.8
Revision 1.23 / (download) - annotate - [select for diffs], Tue Oct 28 09:08:06 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
error->debug for getsockopt+TCP_NODELAY; several requests
Revision 1.22 / (download) - annotate - [select for diffs], Thu Sep 18 08:49:45 2003 UTC (20 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.21: +8 -5 lines
Diff to previous 1.21 (colored)
more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok millert@
Revision 1.19.4.2 / (download) - annotate - [select for diffs], Tue Sep 16 21:20:26 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_2
Changes since 1.19.4.1: +2 -2 lines
Diff to previous 1.19.4.1 (colored) to branchpoint 1.19 (colored) next main 1.20 (colored)
upgrade to OpenSSH 3.7
Revision 1.20.2.1 / (download) - annotate - [select for diffs], Tue Sep 16 20:50:43 2003 UTC (20 years, 8 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
upgrade to OpenSSH 3.7
Revision 1.21 / (download) - annotate - [select for diffs], Sat Apr 12 10:15:36 2003 UTC (21 years, 1 month ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
debug->debug2
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Thu Apr 3 22:35:17 2003 UTC (21 years, 1 month ago) by miod
Branch: OPENBSD_3_1
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored) next main 1.20 (colored)
Merge OpenSSH 3.6.1
Revision 1.19.4.1 / (download) - annotate - [select for diffs], Tue Apr 1 00:12:13 2003 UTC (21 years, 1 month ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
Update to OpenSSH 3.6
Revision 1.20 / (download) - annotate - [select for diffs], Fri Dec 13 10:03:15 2002 UTC (21 years, 5 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
cleanup debug messages, more useful information for the client user.
Revision 1.5.2.2 / (download) - annotate - [select for diffs], Sat Mar 9 00:20:44 2002 UTC (22 years, 2 months ago) by miod
Branch: OPENBSD_2_9
Changes since 1.5.2.1: +29 -11 lines
Diff to previous 1.5.2.1 (colored) to branchpoint 1.5 (colored) next main 1.6 (colored)
Merge OpenSSH 3.1, keeping /etc as configuration files directory. (i.e. OpenSSH 3.1 + openbsd29_3.1.patch)
Revision 1.1.2.6 / (download) - annotate - [select for diffs], Fri Mar 8 17:04:42 2002 UTC (22 years, 2 months ago) by brad
Branch: OPENBSD_2_8
Changes since 1.1.2.5: +29 -11 lines
Diff to previous 1.1.2.5 (colored) next main 1.2 (colored)
Merge OpenSSH 3.1.
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Thu Mar 7 17:37:46 2002 UTC (22 years, 2 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.12: +29 -11 lines
Diff to previous 1.12 (colored) next main 1.13 (colored)
Update to OpenSSH-3.1 on 3.0-stable branch
Revision 1.19 / (download) - annotate - [select for diffs], Mon Mar 4 17:27:39 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE,
OPENBSD_3_1_BASE
Branch point for: OPENBSD_3_2,
OPENBSD_3_1
Changes since 1.18: +1 -3 lines
Diff to previous 1.18 (colored)
$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@
Revision 1.18 / (download) - annotate - [select for diffs], Mon Mar 4 13:10:46 2002 UTC (22 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.17: +6 -8 lines
Diff to previous 1.17 (colored)
error-> debug, because O_NONBLOCK for /dev/null causes too many different errnos; ok stevesk@, deraadt@
Revision 1.17 / (download) - annotate - [select for diffs], Tue Feb 26 20:03:51 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.16: +4 -3 lines
Diff to previous 1.16 (colored)
use socklen_t
Revision 1.16 / (download) - annotate - [select for diffs], Sun Feb 24 19:59:42 2002 UTC (22 years, 2 months ago) by stevesk
Branch: MAIN
Changes since 1.15: +14 -4 lines
Diff to previous 1.15 (colored)
disable Nagle in connect_to() and channel_post_port_listener() (port forwarding endpoints). the intention is to preserve the on-the-wire appearance to applications at either end; the applications can then enable TCP_NODELAY according to their requirements. ok markus@
Revision 1.15 / (download) - annotate - [select for diffs], Thu Jan 24 21:09:25 2002 UTC (22 years, 3 months ago) by stevesk
Branch: MAIN
Changes since 1.14: +13 -2 lines
Diff to previous 1.14 (colored)
add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning). no nagle changes just yet; ok djm@ markus@
Revision 1.14 / (download) - annotate - [select for diffs], Wed Dec 19 07:18:56 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +3 -3 lines
Diff to previous 1.13 (colored)
basic KNF done while i was looking for something else
Revision 1.13 / (download) - annotate - [select for diffs], Wed Dec 5 10:06:12 2001 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
minor KNF
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Thu Sep 27 19:03:54 2001 UTC (22 years, 7 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.5: +175 -4 lines
Diff to previous 1.5 (colored)
Pull in OpenSSH-2.9.9
Revision 1.1.2.5 / (download) - annotate - [select for diffs], Thu Sep 27 00:15:42 2001 UTC (22 years, 7 months ago) by miod
Branch: OPENBSD_2_8
Changes since 1.1.2.4: +175 -4 lines
Diff to previous 1.1.2.4 (colored)
Pull in OpenSSH 2.9.9 to the 2.8 branch.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jun 26 17:27:24 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.11: +36 -4 lines
Diff to previous 1.11 (colored)
remove comments from .h, since they are cut&paste from the .c files and out of sync
Revision 1.11 / (download) - annotate - [select for diffs], Sat Jun 16 08:58:34 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.10: +4 -2 lines
Diff to previous 1.10 (colored)
copy pw_expire and pw_change, too.
Revision 1.10 / (download) - annotate - [select for diffs], Sat Jun 16 08:49:38 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)
typo; dunlap@apl.washington.edu
Revision 1.9 / (download) - annotate - [select for diffs], Sat May 19 19:43:57 2001 UTC (23 years ago) by stevesk
Branch: MAIN
Changes since 1.8: +62 -2 lines
Diff to previous 1.8 (colored)
sshd command-line arguments and configuration file options that
specify time may be expressed using a sequence of the form:
time[qualifier], where time is a positive integer value and qualifier
is one of the following:
<none>,s,m,h,d,w
Examples:
600 600 seconds (10 minutes)
10m 10 minutes
1h30m 1 hour 30 minutes (90 minutes)
ok markus@
Revision 1.8 / (download) - annotate - [select for diffs], Fri May 11 14:59:56 2001 UTC (23 years ago) by markus
Branch: MAIN
Changes since 1.7: +26 -3 lines
Diff to previous 1.7 (colored)
add unset_nonblock for stdout/err flushing in client_loop().
Revision 1.7 / (download) - annotate - [select for diffs], Tue May 8 19:45:24 2001 UTC (23 years ago) by mouring
Branch: MAIN
Changes since 1.6: +23 -2 lines
Diff to previous 1.6 (colored)
Use addargs() in sftp plus some clean up of addargs(). OK Markus
Revision 1.1.2.4 / (download) - annotate - [select for diffs], Mon May 7 21:09:31 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_8
Changes since 1.1.2.3: +17 -2 lines
Diff to previous 1.1.2.3 (colored)
Pull in OpenSSH-2.9 to 2.8 branch.
Revision 1.6 / (download) - annotate - [select for diffs], Thu May 3 23:09:52 2001 UTC (23 years ago) by mouring
Branch: MAIN
Changes since 1.5: +35 -2 lines
Diff to previous 1.5 (colored)
Move colon() and cleanhost() to misc.c where I should I have put it in the first place
Revision 1.5 / (download) - annotate - [select for diffs], Thu Apr 12 20:09:37 2001 UTC (23 years, 1 month ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.4: +17 -2 lines
Diff to previous 1.4 (colored)
robust port validation; ok markus@ jakob@
Revision 1.1.2.3 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:26 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.1.2.2: +20 -2 lines
Diff to previous 1.1.2.2 (colored)
Pull in OpenSSH-2.5.2 for 2.8 branch.
Revision 1.4.2.2 / (download) - annotate - [select for diffs], Wed Mar 21 18:52:52 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.4.2.1: +20 -2 lines
Diff to previous 1.4.2.1 (colored) next main 1.5 (colored)
Pull in OpenSSH-2.5.2 for 2.7 branch.
Revision 1.4.2.1 / (download) - annotate - [select for diffs], Mon Mar 12 15:44:12 2001 UTC (23 years, 2 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.4: +2 -20 lines
Diff to previous 1.4 (colored)
OpenSSH-2.5.1 for 2.7 patch branch
Revision 1.4 / (download) - annotate - [select for diffs], Wed Feb 28 17:52:54 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Branch point for: OPENBSD_2_7
Changes since 1.3: +4 -2 lines
Diff to previous 1.3 (colored)
for completeness, copy pw_gecos too
Revision 1.3 / (download) - annotate - [select for diffs], Wed Feb 28 05:34:28 2001 UTC (23 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +3 -2 lines
Diff to previous 1.2 (colored)
pull in protos
Revision 1.2 / (download) - annotate - [select for diffs], Thu Feb 22 21:59:44 2001 UTC (23 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.1: +17 -2 lines
Diff to previous 1.1 (colored)
use pwcopy in ssh.c, too
Revision 1.1.2.2 / (download) - annotate - [select for diffs], Mon Feb 19 17:19:06 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.1.2.1: +0 -0 lines
Diff to previous 1.1.2.1 (colored)
Pull in OpenSSH-2.5.1
Revision 1.1.2.1 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:07 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)
Pull in OpenSSH 2.5.0
Revision 1.1 / (download) - annotate - [select for diffs], Sun Jan 21 19:05:52 2001 UTC (23 years, 3 months ago) by markus
Branch: MAIN
Branch point for: OPENBSD_2_8
split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch]