dtucker [Fri, 15 Jan 2010 00:46:03 +0000 (00:46 +0000)]
- guenther@cvs.openbsd.org 2010/01/15 00:05:22
[sftp.c]
Reset SIGTERM to SIG_DFL before executing ssh, so that even if sftp
inherited SIGTERM as ignored it will still be able to kill the ssh it
starts.
ok dtucker@
dtucker [Fri, 15 Jan 2010 00:44:46 +0000 (00:44 +0000)]
- djm@cvs.openbsd.org 2010/01/13 23:47:26
[auth.c]
when using ChrootDirectory, make sure we test for the existence of the
user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu;
ok dtucker
dtucker [Fri, 15 Jan 2010 00:42:51 +0000 (00:42 +0000)]
- jmc@cvs.openbsd.org 2010/01/13 12:48:34
[sftp.1 sftp.c]
sftp.1: put ls -h in the right place
sftp.c: as above, plus add -p to get/put, and shorten their arg names
to keep the help usage nicely aligned
ok djm
dtucker [Wed, 13 Jan 2010 11:45:03 +0000 (11:45 +0000)]
- djm@cvs.openbsd.org 2010/01/13 04:10:50
[sftp.c]
don't append a space after inserting a completion of a directory (i.e.
a path ending in '/') for a slightly better user experience; ok dtucker@
dtucker [Wed, 13 Jan 2010 11:44:29 +0000 (11:44 +0000)]
- djm@cvs.openbsd.org 2010/01/13 03:48:13
[servconf.c servconf.h sshd.c]
avoid run-time failures when specifying hostkeys via a relative
path by prepending the cwd in these cases; bz#1290; ok dtucker@
dtucker [Wed, 13 Jan 2010 11:44:06 +0000 (11:44 +0000)]
- djm@cvs.openbsd.org 2010/01/13 01:40:16
[sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h]
support '-h' (human-readable units) for sftp's ls command, just like
ls(1); ok dtucker@
dtucker [Wed, 13 Jan 2010 11:43:33 +0000 (11:43 +0000)]
- dtucker@cvs.openbsd.org 2010/01/13 01:20:20
[canohost.c ssh-keysign.c sshconnect2.c]
Make HostBased authentication work with a ProxyCommand. bz #1569, patch
from imorgan at nas nasa gov, ok djm@
dtucker [Wed, 13 Jan 2010 11:43:05 +0000 (11:43 +0000)]
- dtucker@cvs.openbsd.org 2010/01/13 01:10:56
[key.c]
Ignore and log any Protocol 1 keys where the claimed size is not equal to
the actual size. Noted by Derek Martin, ok djm@
dtucker [Wed, 13 Jan 2010 10:32:44 +0000 (10:32 +0000)]
- (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.22.
Fixes bz #1590, where sometimes you could not interrupt a connection while
ssh was prompting for a passphrase or password.
dtucker [Tue, 12 Jan 2010 08:45:59 +0000 (08:45 +0000)]
- djm@cvs.openbsd.org 2010/01/12 01:36:08
[buffer.h bufaux.c]
add a buffer_get_string_ptr_ret() that does the same as
buffer_get_string_ptr() but does not fatal() on error; ok dtucker@
dtucker [Tue, 12 Jan 2010 08:45:26 +0000 (08:45 +0000)]
- dtucker@cvs.openbsd.org 2010/01/12 01:31:05
[session.c]
Do not allow logins if /etc/nologin exists but is not readable by the user
logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
dtucker [Tue, 12 Jan 2010 08:43:46 +0000 (08:43 +0000)]
- djm@cvs.openbsd.org 2010/01/12 00:59:29
[roaming_common.c]
delete with extreme prejudice a debug() that fired with every keypress;
ok dtucker deraadt
dtucker [Tue, 12 Jan 2010 08:43:12 +0000 (08:43 +0000)]
- djm@cvs.openbsd.org 2010/01/12 00:58:25
[monitor_fdpass.c]
avoid spinning when fd passing on nonblocking sockets by calling poll()
in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@
dtucker [Tue, 12 Jan 2010 08:41:57 +0000 (08:41 +0000)]
- djm@cvs.openbsd.org 2010/01/11 10:51:07
[ssh-keygen.c]
when converting keys, truncate key comments at 72 chars as per RFC4716;
bz#1630 reported by tj AT castaglia.org; ok markus@
dtucker [Tue, 12 Jan 2010 08:41:22 +0000 (08:41 +0000)]
- dtucker@cvs.openbsd.org 2010/01/11 04:46:45
[authfile.c sshconnect2.c]
Do not prompt for a passphrase if we fail to open a keyfile, and log the
reason the open failed to debug.
bz #1693, found by tj AT castaglia org, ok djm@
dtucker [Tue, 12 Jan 2010 08:40:27 +0000 (08:40 +0000)]
- dtucker@cvs.openbsd.org 2010/01/11 01:39:46
[ssh_config channels.c ssh.1 channels.h ssh.c]
Add a 'netcat mode' (ssh -W). This connects stdio on the client to a
single port forward on the server. This allows, for example, using ssh as
a ProxyCommand to route connections via intermediate servers.
bz #1618, man page help from jmc@, ok markus@
dtucker [Sat, 9 Jan 2010 23:31:12 +0000 (23:31 +0000)]
- dtucker@cvs.openbsd.org 2010/01/09 23:04:13
[channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
Remove RoutingDomain from ssh since it's now not needed. It can be
replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
also ensures that trafic such as DNS lookups stays withing the specified
routingdomain. For example (from reyk):
# route -T 2 exec /usr/sbin/sshd
or inherited from the parent process
$ route -T 2 exec sh
$ ssh 10.1.2.3
ok deraadt@ markus@ stevesk@ reyk@
dtucker [Sat, 9 Jan 2010 11:28:43 +0000 (11:28 +0000)]
- dtucker@cvs.openbsd.org 2010/01/09 11:17:56
[sshd.c]
Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs
itself. Prevents two HUPs in quick succession from resulting in sshd
dying. bz#1692, patch from Colin Watson via Ubuntu.
dtucker [Sat, 9 Jan 2010 11:28:03 +0000 (11:28 +0000)]
- dtucker@cvs.openbsd.org 2010/01/09 11:13:02
[sftp.c]
Prevent sftp from derefing a null pointer when given a "-" without a
command. Also, allow whitespace to follow a "-". bz#1691, path from
Colin Watson via Debian. ok djm@ deraadt@
dtucker [Sat, 9 Jan 2010 11:26:23 +0000 (11:26 +0000)]
- djm@cvs.openbsd.org 2010/01/09 05:04:24
[mux.c sshpty.h clientloop.c sshtty.c]
quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we
usually don't actually have a tty to read/set; bz#1686 ok dtucker@
dtucker [Sat, 9 Jan 2010 11:24:33 +0000 (11:24 +0000)]
- djm@cvs.openbsd.org 2010/01/09 00:20:26
[sftp-server.c sftp-server.8]
add a 'read-only' mode to sftp-server(8) that disables open in write mode
and all other fs-modifying protocol methods. bz#430 ok dtucker@
dtucker [Fri, 8 Jan 2010 08:02:40 +0000 (08:02 +0000)]
- djm@cvs.openbsd.org 2010/01/04 02:03:57
[sftp.c]
Implement tab-completion of commands, local and remote filenames for sftp.
Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009
Google Summer of Code) and polished to a fine sheen by myself again.
It should deal more-or-less correctly with the ikky corner-cases presented
by quoted filenames, but the UI could still be slightly improved.
In particular, it is quite slow for remote completion on large directories.
bz#200; ok markus@
dtucker [Fri, 8 Jan 2010 07:58:05 +0000 (07:58 +0000)]
- dtucker@cvs.openbsd.org 2010/01/04 01:45:30
[sshconnect2.c]
Don't escape backslashes in the SSH2 banner. bz#1533, patch from
Michal Gorny via Gentoo.
dtucker [Fri, 8 Jan 2010 07:56:48 +0000 (07:56 +0000)]
- stevesk@cvs.openbsd.org 2009/12/29 16:38:41
[sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1]
Rename RDomain config option to RoutingDomain to be more clear and
consistent with other options.
NOTE: if you currently use RDomain in the ssh client or server config,
or ssh/sshd -o, you must update to use RoutingDomain.
ok markus@ djm@
dtucker [Fri, 8 Jan 2010 07:54:17 +0000 (07:54 +0000)]
- djm@cvs.openbsd.org 2009/12/20 23:20:40
[PROTOCOL]
fix an incorrect magic number and typo in PROTOCOL; bz#1688
report and fix from ueno AT unixuser.org
dtucker [Fri, 8 Jan 2010 07:53:43 +0000 (07:53 +0000)]
- guenther@cvs.openbsd.org 2009/12/20 07:28:36
[ssh.c sftp.c scp.c]
When passing user-controlled options with arguments to other programs,
pass the option and option argument as separate argv entries and
not smashed into one (e.g., as -l foo and not -lfoo). Also, always
pass a "--" argument to stop option parsing, so that a positional
argument that starts with a '-' isn't treated as an option. This
fixes some error cases as well as the handling of hostnames and
filenames that start with a '-'.
Based on a diff by halex@
ok halex@ djm@ deraadt@
dtucker [Fri, 8 Jan 2010 07:52:27 +0000 (07:52 +0000)]
- markus@cvs.openbsd.org 2009/12/11 18:16:33
[key.c]
switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537
for the RSA public exponent; discussed with provos; ok djm@
dtucker [Fri, 8 Jan 2010 07:51:47 +0000 (07:51 +0000)]
- dtucker@cvs.openbsd.org 2009/12/06 23:53:54
[sftp.c]
fix potential divide-by-zero in sftp's "df" output when talking to a server
that reports zero files on the filesystem (Unix filesystems always have at
least the root inode). From Steve McClellan at radisys, ok djm@
dtucker [Fri, 8 Jan 2010 07:51:14 +0000 (07:51 +0000)]
- djm@cvs.openbsd.org 2009/12/06 23:53:45
[roaming_common.c]
use socklen_t for getsockopt optlen parameter; reported by
Steve.McClellan AT radisys.com, ok dtucker@
dtucker [Fri, 8 Jan 2010 07:50:04 +0000 (07:50 +0000)]
- halex@cvs.openbsd.org 2009/11/22 13:18:00
[sftp.c]
make passing of zero-length arguments to ssh safe by
passing "-<switch>" "<value>" rather than "-<switch><value>"
ok dtucker@, guenther@, djm@
dtucker [Fri, 8 Jan 2010 07:49:16 +0000 (07:49 +0000)]
- djm@cvs.openbsd.org 2009/11/20 03:24:07
[misc.c]
correct off-by-one in percent_expand(): we would fatal() when trying
to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually
work. Note that nothing in OpenSSH actually uses close to this limit at
present. bz#1607 from Jan.Pechanec AT Sun.COM
dtucker [Fri, 8 Jan 2010 06:10:36 +0000 (06:10 +0000)]
- djm@cvs.openbsd.org 2009/11/20 00:54:01
[sftp.c]
bz#1588 change "Connecting to host..." message to "Connected to host."
and delay it until after the sftp protocol connection has been established.
Avoids confusing sequence of messages when the underlying ssh connection
experiences problems. ok dtucker@
dtucker [Fri, 8 Jan 2010 06:09:50 +0000 (06:09 +0000)]
- dtucker@cvs.openbsd.org 2009/11/20 00:15:41
[session.c]
Warn but do not fail if stat()ing the subsystem binary fails. This helps
with chrootdirectory+forcecommand=sftp-server and restricted shells.
bz #1599, ok djm.
dtucker [Fri, 8 Jan 2010 06:09:11 +0000 (06:09 +0000)]
- djm@cvs.openbsd.org 2009/11/19 23:39:50
[session.c]
bz#1606: error when an attempt is made to connect to a server
with ForceCommand=internal-sftp with a shell session (i.e. not a
subsystem session). Avoids stuck client when attempting to ssh to such a
service. ok dtucker@
dtucker [Fri, 8 Jan 2010 06:08:35 +0000 (06:08 +0000)]
- djm@cvs.openbsd.org 2009/11/17 05:31:44
[clientloop.c]
fix incorrect exit status when multiplexing and channel ID 0 is recycled
bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
dtucker [Fri, 8 Jan 2010 06:08:00 +0000 (06:08 +0000)]
- markus@cvs.openbsd.org 2009/11/11 21:37:03
[channels.c channels.h]
fix race condition in x11/agent channel allocation: don't read after
the end of the select read/write fdset and make sure a reused FD
is not touched before the pre-handlers are called.
with and ok djm@
dtucker [Fri, 8 Jan 2010 06:07:22 +0000 (06:07 +0000)]
- dtucker@cvs.openbsd.org 2009/11/10 04:30:45
[sshconnect2.c channels.c sshconnect.c]
Set close-on-exec on various descriptors so they don't get leaked to
child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
dtucker [Fri, 8 Jan 2010 06:06:47 +0000 (06:06 +0000)]
- djm@cvs.openbsd.org 2009/11/10 02:58:56
[sshd_config.5]
clarify that StrictModes does not apply to ChrootDirectory. Permissions
and ownership are always checked when chrooting. bz#1532
dtucker [Fri, 8 Jan 2010 05:53:31 +0000 (05:53 +0000)]
- andreas@cvs.openbsd.org 2009/10/24 11:22:37
[roaming_common.c]
Do the actual suspend/resume in the client. This won't be useful until
the server side supports roaming.
Most code from Martin Forssen, maf at appgate dot com. Some changes by
me and markus@
ok markus@
dtucker [Fri, 8 Jan 2010 05:51:40 +0000 (05:51 +0000)]
- andreas@cvs.openbsd.org 2009/10/24 11:15:29
[clientloop.c]
client_loop() must detect if the session has been suspended and resumed,
and take appropriate action in that case.
From Martin Forssen, maf at appgate dot com
ok markus@
dtucker [Fri, 8 Jan 2010 05:50:41 +0000 (05:50 +0000)]
- andreas@cvs.openbsd.org 2009/10/24 11:13:54
[sshconnect2.c kex.h kex.c]
Let the client detect if the server supports roaming by looking
for the resume@appgate.com kex algorithm.
ok markus@
dtucker [Sun, 20 Dec 2009 23:49:21 +0000 (23:49 +0000)]
- (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
Bug #1583: Use system's kerberos principal name on AIX if it's available.
Based on a patch from and tested by Miguel Sanders.
djm [Fri, 20 Nov 2009 04:16:35 +0000 (04:16 +0000)]
- (djm) [ssh-rand-helper.c] Print error and usage() when passed command-
line arguments as none are supported. Exit when passed unrecognised
commandline flags. bz#1568 from gson AT araneus.fi
djm [Wed, 18 Nov 2009 06:48:30 +0000 (06:48 +0000)]
- (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
report and fix from jan.kratochvil AT redhat.com
dtucker [Sat, 24 Oct 2009 04:04:12 +0000 (04:04 +0000)]
- (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux
is enabled set the security context to "sftpd_t" before running the
internal sftp server Based on a patch from jchadima at redhat.
andersk / openssh.git / log
