1. 18 Jul, 2014 1 commit
    • Damien Miller's avatar
      - millert@cvs.openbsd.org 2014/07/15 15:54:14 · 7acefbbc
      Damien Miller authored
           [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
           [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
           [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
           [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
           [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
           [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
           [sshd_config.5 sshlogin.c]
           Add support for Unix domain socket forwarding.  A remote TCP port
           may be forwarded to a local Unix domain socket and vice versa or
           both ends may be a Unix domain socket.  This is a reimplementation
           of the streamlocal patches by William Ahern from:
               http://www.25thandclement.com/~william/projects/streamlocal.html
           OK djm@ markus@
      7acefbbc
  2. 21 May, 2014 1 commit
  3. 20 Apr, 2014 1 commit
  4. 15 Oct, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/10/14 23:28:23 · e9fc72ed
      Damien Miller authored
           [canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
           refactor client config code a little:
           add multistate option partsing to readconf.c, similar to servconf.c's
           existing code.
           move checking of options that accept "none" as an argument to readconf.c
           add a lowercase() function and use it instead of explicit tolower() in
           loops
           part of a larger diff that was ok markus@
      e9fc72ed
  5. 08 Aug, 2013 2 commits
  6. 18 Jul, 2013 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2013/07/12 00:43:50 · 7313fc92
      Damien Miller authored
           [misc.c]
           in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
           errno == 0. Avoids confusing error message in some broken resolver
           cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
      7313fc92
  7. 01 Jun, 2013 3 commits
    • Darren Tucker's avatar
      - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall · a7108916
      Darren Tucker authored
         back to time(NULL) if we can't find it anywhere.
      a7108916
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2013/06/01 13:15:52 · b759c9c2
      Darren Tucker authored
           [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
           channels.c sandbox-systrace.c]
           Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
           keepalives and rekeying will work properly over clock steps.  Suggested by
           markus@, "looks good" djm@.
      b759c9c2
    • Darren Tucker's avatar
      - djm@cvs.openbsd.org 2013/05/17 00:13:13 · a627d42e
      Darren Tucker authored
           [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
           ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
           gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
           auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
           servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
           auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
           sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
           kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
           kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
           monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
           ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
           sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
           ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
           dns.c packet.c readpass.c authfd.c moduli.c]
           bye, bye xfree(); ok markus@
      a627d42e
  8. 16 May, 2013 2 commits
  9. 23 Apr, 2013 1 commit
  10. 22 Sep, 2011 1 commit
  11. 05 May, 2011 1 commit
  12. 13 Jan, 2011 1 commit
  13. 01 Dec, 2010 1 commit
  14. 20 Nov, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/11/13 23:27:51 · 0dac6fb6
      Damien Miller authored
           [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
           [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
           allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
           hardcoding lowdelay/throughput.
      
           bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
      0dac6fb6
  15. 07 Oct, 2010 1 commit
    • Damien Miller's avatar
      - matthew@cvs.openbsd.org 2010/09/24 13:33:00 · aa18063b
      Damien Miller authored
           [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
           [openbsd-compat/timingsafe_bcmp.c]
           Add timingsafe_bcmp(3) to libc, mention that it's already in the
           kernel in kern(9), and remove it from OpenSSH.
           ok deraadt@, djm@
           NB. re-added under openbsd-compat/ for portable OpenSSH
      aa18063b
  16. 24 Sep, 2010 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/09/22 22:58:51 · 65e42f87
      Damien Miller authored
           [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
           [sftp-client.h sftp.1 sftp.c]
           add an option per-read/write callback to atomicio
      
           factor out bandwidth limiting code from scp(1) into a generic bandwidth
           limiter that can be attached using the atomicio callback mechanism
      
           add a bandwidth limit option to sftp(1) using the above
           "very nice" markus@
      65e42f87
  17. 03 Aug, 2010 1 commit
  18. 16 Jul, 2010 3 commits
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/07/13 23:13:16 · ea1651c9
      Damien Miller authored
           [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
           [ssh-rsa.c]
           s/timing_safe_cmp/timingsafe_bcmp/g
      ea1651c9
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/07/13 11:52:06 · 8a0268f1
      Damien Miller authored
           [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
           [packet.c ssh-rsa.c]
           implement a timing_safe_cmp() function to compare memory without leaking
           timing information by short-circuiting like memcmp() and use it for
           some of the more sensitive comparisons (though nothing high-value was
           readily attackable anyway); "looks ok" markus@
      8a0268f1
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2010/07/02 04:32:44 · 9308fc77
      Damien Miller authored
           [misc.c]
           unbreak strdelim() skipping past quoted strings, e.g.
           AllowUsers "blah blah" blah
           was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
           ok dtucker;
      9308fc77
  19. 25 Jun, 2010 1 commit
    • Damien Miller's avatar
      - OpenBSD CVS Sync · 2e77446a
      Damien Miller authored
         - djm@cvs.openbsd.org 2010/05/21 05:00:36
           [misc.c]
           colon() returns char*, so s/return (0)/return NULL/
      2e77446a
  20. 09 Jan, 2010 2 commits
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 · 7bd98e7f
      Darren Tucker authored
           [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
           ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
           readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
           Remove RoutingDomain from ssh since it's now not needed.  It can be
           replaced with "route exec" or "nc -V" as a proxycommand.  "route exec"
           also ensures that trafic such as DNS lookups stays withing the specified
           routingdomain.  For example (from reyk):
           # route -T 2 exec /usr/sbin/sshd
           or inherited from the parent process
           $ route -T 2 exec sh
           $ ssh 10.1.2.3
           ok deraadt@ markus@ stevesk@ reyk@
      7bd98e7f
    • Darren Tucker's avatar
      - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] · 8c65f646
      Darren Tucker authored
         Remove hacks add for RoutingDomain in preparation for its removal.
      8c65f646
  21. 08 Jan, 2010 7 commits
  22. 18 Nov, 2009 1 commit
  23. 21 Feb, 2009 1 commit
    • Damien Miller's avatar
      - (djm) OpenBSD CVS Sync · 9eab9564
      Damien Miller authored
         - tobias@cvs.openbsd.org 2009/02/21 19:32:04
           [misc.c sftp-server-main.c ssh-keygen.c]
           Added missing newlines in error messages.
           ok dtucker
      9eab9564
  24. 28 Jan, 2009 1 commit
    • Damien Miller's avatar
      - djm@cvs.openbsd.org 2009/01/22 10:02:34 · 3dc71ad8
      Damien Miller authored
           [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
           [serverloop.c ssh-keyscan.c ssh.c sshd.c]
           make a2port() return -1 when it encounters an invalid port number
           rather than 0, which it will now treat as valid (needed for future work)
           adjust current consumers of a2port() to check its return value is <= 0,
           which in turn required some things to be converted from u_short => int
           make use of int vs. u_short consistent in some other places too
           feedback & ok markus@
      3dc71ad8
  25. 13 Jun, 2008 1 commit
  26. 12 Jun, 2008 1 commit
    • Darren Tucker's avatar
      - dtucker@cvs.openbsd.org 2008/06/12 20:38:28 · 3fc464ef
      Darren Tucker authored
           [sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
           Make keepalive timeouts apply while waiting for a packet, particularly
           during key renegotiation (bz #1363).  With djm and Matt Day, ok djm@
      3fc464ef
  27. 01 Jan, 2008 1 commit