dtucker [Sun, 2 Dec 2007 12:02:15 +0000 (12:02 +0000)]
- dtucker@cvs.openbsd.org 2007/10/29 04:08:08
[monitor_wrap.c monitor.c]
Send config block back to slave for invalid users too so options
set by a Match block (eg Banner) behave the same for non-existent
users. Found by and ok djm@
djm [Mon, 29 Oct 2007 23:52:44 +0000 (23:52 +0000)]
- djm@cvs.openbsd.org 2007/10/29 23:49:41
[openbsd-compat/sys-tree.h]
remove extra backslash at the end of RB_PROTOTYPE, report from
Jan.Pechanec AT Sun.COM; ok deraadt@
djm [Fri, 26 Oct 2007 06:48:13 +0000 (06:48 +0000)]
- millert@cvs.openbsd.org 2004/10/07 16:56:11
GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE
block.
(NB. mostly an RCS ID sync, as portable strips out the conditionals)
djm [Fri, 26 Oct 2007 06:45:32 +0000 (06:45 +0000)]
- otto@cvs.openbsd.org 2005/11/25 08:06:25
[openbsd-compat/sys-queue.h]
Introduce debugging aid for queue macros. Disabled by default; but
developers are encouraged to run with this enabled.
ok krw@ fgsch@ deraadt@
djm [Fri, 26 Oct 2007 06:44:27 +0000 (06:44 +0000)]
- otto@cvs.openbsd.org 2005/10/25 06:37:47
[openbsd-compat/sys-queue.h]
Some uvm problem is being exposed with the more strict macros.
Revert until we've found out what's causing the panics.
djm [Fri, 26 Oct 2007 06:43:22 +0000 (06:43 +0000)]
- otto@cvs.openbsd.org 2005/10/24 20:25:14
[openbsd-compat/sys-queue.h]
Partly backout. NOLIST, used in LISTs is probably interfering.
requested by deraadt@
djm [Fri, 26 Oct 2007 06:42:18 +0000 (06:42 +0000)]
- otto@cvs.openbsd.org 2005/10/17 20:19:42
[openbsd-compat/sys-queue.h]
Performing certain operations on queue.h data structurs produced
funny results. An example is calling LIST_REMOVE on the same
element twice. This will not fail, but result in a data structure
referencing who knows what. Prevent these accidents by NULLing some
fields on remove and replace. This way, either a panic or segfault
will be produced on the faulty operation.
djm [Fri, 26 Oct 2007 06:40:20 +0000 (06:40 +0000)]
- grange@cvs.openbsd.org 2004/05/04 16:59:32
[openbsd-compat/sys-queue.h]
Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
ok millert krw deraadt
djm [Fri, 26 Oct 2007 06:26:46 +0000 (06:26 +0000)]
- jakob@cvs.openbsd.org 2007/10/11 18:36:41
[openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h]
use RRSIG instead of SIG for DNSSEC. ok djm@
djm [Fri, 26 Oct 2007 06:17:24 +0000 (06:17 +0000)]
- otto@cvs.openbsd.org 2006/10/21 09:55:03
[openbsd-compat/base64.c]
remove calls to abort(3) that can't happen anyway; from
<bret dot lambert at gmail.com>; ok millert@ deraadt@
djm [Fri, 26 Oct 2007 05:39:15 +0000 (05:39 +0000)]
- djm@cvs.openbsd.org 2007/10/24 03:44:02
[scp.c]
factor out network read/write into an atomicio()-like function, and
use it to handle short reads, apply bandwidth limits and update
counters. make network IO non-blocking, so a small trickle of
reads/writes has a chance of updating the progress meter; bz #799
ok dtucker@
djm [Fri, 26 Oct 2007 05:37:50 +0000 (05:37 +0000)]
- (djm) [regress/sftp-cmds.sh]
Use more restrictive glob to pick up test files from /bin - some platforms
ship broken symlinks there which could spoil the test.
djm [Fri, 26 Oct 2007 05:35:54 +0000 (05:35 +0000)]
- djm@cvs.openbsd.org 2007/10/26 05:30:01
[regress/sftp-glob.sh regress/test-exec.sh]
remove "echo -E" crap that I added in last commit and use printf(1) for
cases where we strictly require echo not to reprocess escape characters.
djm [Fri, 26 Oct 2007 04:54:12 +0000 (04:54 +0000)]
- djm@cvs.openbsd.org 2007/10/24 03:32:35
[regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh]
comprehensive tests for sftp escaping its interaction with globbing;
ok dtucker@
djm [Fri, 26 Oct 2007 04:28:01 +0000 (04:28 +0000)]
- djm@cvs.openbsd.org 2007/10/24 03:44:02
[scp.c]
factor out network read/write into an atomicio()-like function, and
use it to handle short reads, apply bandwidth limits and update
counters. make network IO non-blocking, so a small trickle of
reads/writes has a chance of updating the progress meter; bz #799
ok dtucker@
djm [Fri, 26 Oct 2007 04:27:45 +0000 (04:27 +0000)]
- djm@cvs.openbsd.org 2007/10/24 03:30:02
[sftp.c]
rework argument splitting and parsing to cope correctly with common
shell escapes and make handling of escaped characters consistent
with sh(1) and between sftp commands (especially between ones that
glob their arguments and ones that don't).
parse command flags using getopt(3) rather than hand-rolled parsers.
ok dtucker@
djm [Fri, 26 Oct 2007 04:27:22 +0000 (04:27 +0000)]
- markus@cvs.openbsd.org 2007/10/22 19:10:24
[readconf.c]
make sure that both the local and remote port are correct when
parsing -L; Jan Pechanec (bz #1378)
djm [Fri, 26 Oct 2007 04:25:55 +0000 (04:25 +0000)]
- ray@cvs.openbsd.org 2007/09/27 00:15:57
[dh.c]
Don't return -1 on error in dh_pub_is_valid(), since it evaluates
to true.
Also fix a typo.
Initial diff from Matthew Dempsky, input from djm.
OK djm, markus.
djm [Fri, 26 Oct 2007 04:25:31 +0000 (04:25 +0000)]
- canacar@cvs.openbsd.org 2007/09/25 23:48:57
[ssh-agent.c]
When adding a key that already exists, update the properties
(time, confirm, comment) instead of discarding them. ok djm@ markus@
djm [Fri, 26 Oct 2007 04:25:12 +0000 (04:25 +0000)]
- djm@cvs.openbsd.org 2007/09/21 08:15:29
[auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
[monitor.c monitor_wrap.c]
unifdef -DBSD_AUTH
unifdef -USKEY
These options have been in use for some years;
ok markus@ "no objection" millert@
(NB. RCD ID sync only for portable)
- djm@cvs.openbsd.org 2007/09/16 00:55:52
[sftp-client.c]
use off_t instead of u_int64_t for file offsets, matching what the
progressmeter code expects; bz #842
- gilles@cvs.openbsd.org 2007/09/11 15:47:17
[session.c ssh-keygen.c sshlogin.c]
use strcspn to properly overwrite '\n' in fgets returned buffer
ok pyr@, ray@, millert@, moritz@, chl@
- sobrado@cvs.openbsd.org 2007/09/09 11:38:01
[ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
sort synopsis and options in ssh-agent(1); usage is lowercase
ok jmc@
- djm@cvs.openbsd.org 2007/09/04 11:15:56
[ssh.c sshconnect.c sshconnect.h]
make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
SSH banner exchange (previously it just covered the TCP connection).
This allows callers of ssh(1) to better detect and deal with stuck servers
that accept a TCP connection but don't progress the protocol, and also
makes ConnectTimeout useful for connections via a ProxyCommand;
feedback and "looks ok" markus@
- djm@cvs.openbsd.org 2007/09/04 03:21:03
[clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
[monitor_wrap.c ssh.c]
make file descriptor passing code return an error rather than call fatal()
when it encounters problems, and use this to make session multiplexing
masters survive slaves failing to pass all stdio FDs; ok markus@
- djm@cvs.openbsd.org 2007/08/23 03:22:16
[auth2-none.c sshd_config sshd_config.5]
Support "Banner=none" to disable displaying of the pre-login banner;
ok dtucker@ deraadt@
- djm@cvs.openbsd.org 2007/08/23 02:49:43
[auth-passwd.c auth.c session.c]
unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
NB. RCS ID sync only for portable
dtucker [Thu, 16 Aug 2007 23:42:32 +0000 (23:42 +0000)]
- (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
accounts and that's what the code looks for, so make man page and code
agree. Pointed out by Roumen Petrov.
dtucker [Wed, 15 Aug 2007 09:13:41 +0000 (09:13 +0000)]
- markus@cvs.openbsd.org 2007/08/15 08:14:46
[clientloop.c]
do NOT fall back to the trused x11 cookie if generation of an untrusted
cookie fails; from security-alert at sun.com; ok dtucker
dtucker [Mon, 13 Aug 2007 13:11:56 +0000 (13:11 +0000)]
- (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
called with PAM_ESTABLISH_CRED at least once, which resolves a problem
with pam_dhkeys. Patch from David Leonard, ok djm@
djm [Wed, 8 Aug 2007 04:32:41 +0000 (04:32 +0000)]
- djm@cvs.openbsd.org 2007/08/07 07:32:53
[clientloop.c clientloop.h ssh.c]
bz#1232: ensure that any specified LocalCommand is executed after the
tunnel device is opened. Also, make failures to open a tunnel device
fatal when ExitOnForwardFailure is active.
Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
djm [Wed, 8 Aug 2007 04:29:58 +0000 (04:29 +0000)]
- sobrado@cvs.openbsd.org 2007/08/06 19:16:06
[scp.1 scp.c]
the ellipsis is not an optional argument; while here, sync the usage
and synopsis of commands
lots of good ideas by jmc@
ok jmc@
dtucker [Mon, 25 Jun 2007 12:15:12 +0000 (12:15 +0000)]
- (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
Add an implementation of poll() built on top of select(2). Code from
OpenNTPD with changes suggested by djm. ok djm@
dtucker [Mon, 25 Jun 2007 09:04:46 +0000 (09:04 +0000)]
- dtucker@cvs.openbsd.org 2007/06/25 08:20:03
[channels.c]
Correct test for window updates every three packets; prevents sending
window updates for every single packet. ok markus@
dtucker [Mon, 25 Jun 2007 09:04:12 +0000 (09:04 +0000)]
- djm@cvs.openbsd.org 2007/06/19 02:04:43
[atomicio.c]
if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
avoid a spin if it is not yet ready for reading/writing; ok dtucker@
dtucker [Mon, 25 Jun 2007 08:59:17 +0000 (08:59 +0000)]
- djm@cvs.openbsd.org 2007/06/14 22:48:05
[ssh.c]
when waiting for the multiplex exit status, read until the master end
writes an entire int of data *and* closes the client_fd; fixes mux
regression spotted by dtucker, ok dtucker@