summaryrefslogtreecommitdiff
path: root/misc.h
Commit message (Collapse)AuthorAgeFilesLines
* - dtucker@cvs.openbsd.org 2013/06/01 13:15:52dtucker2013-06-011-1/+2
| | | | | | | | [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
* - stevesk@cvs.openbsd.org 2011/03/29 18:54:17djm2011-05-051-1/+2
| | | | | | | [misc.c misc.h servconf.c] print ipqos friendly string for sshd -T; ok markus # sshd -Tf sshd_config|grep ipqos ipqos lowdelay throughput
* - djm@cvs.openbsd.org 2010/11/21 01:01:13djm2010-12-011-1/+2
| | | | | | [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
* - djm@cvs.openbsd.org 2010/11/13 23:27:51djm2010-11-201-1/+2
| | | | | | | | | [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
* - matthew@cvs.openbsd.org 2010/09/24 13:33:00djm2010-10-071-2/+1
| | | | | | | | | [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] [openbsd-compat/timingsafe_bcmp.c] Add timingsafe_bcmp(3) to libc, mention that it's already in the kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@ NB. re-added under openbsd-compat/ for portable OpenSSH
* - djm@cvs.openbsd.org 2010/09/22 22:58:51djm2010-09-241-1/+10
| | | | | | | | | | | | [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] [sftp-client.h sftp.1 sftp.c] add an option per-read/write callback to atomicio factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism add a bandwidth limit option to sftp(1) using the above "very nice" markus@
* - djm@cvs.openbsd.org 2010/07/13 23:13:16djm2010-07-161-2/+2
| | | | | | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] [ssh-rsa.c] s/timing_safe_cmp/timingsafe_bcmp/g
* - djm@cvs.openbsd.org 2010/07/13 11:52:06djm2010-07-161-1/+2
| | | | | | | | | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] [packet.c ssh-rsa.c] implement a timing_safe_cmp() function to compare memory without leaking timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
* - dtucker@cvs.openbsd.org 2010/01/09 23:04:13dtucker2010-01-091-4/+1
| | | | | | | | | | | | | | | [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c readconf.h scp.1 sftp.1 ssh_config.5 misc.h] Remove RoutingDomain from ssh since it's now not needed. It can be replaced with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
* - stevesk@cvs.openbsd.org 2009/12/25 19:40:21dtucker2010-01-081-1/+2
| | | | | | [readconf.c servconf.c misc.h ssh-keyscan.c misc.c] validate routing domain is in range 0-RT_TABLEID_MAX. 'Looks right' deraadt@
* - reyk@cvs.openbsd.org 2009/10/28 16:38:18dtucker2010-01-081-1/+3
| | | | | | | | [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
* - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() todjm2009-11-181-0/+1
| | | | | | set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only() report and fix from jan.kratochvil AT redhat.com
* - dtucker@cvs.openbsd.org 2008/06/12 20:38:28dtucker2008-06-121-1/+3
| | | | | | [sshd.c sshconnect.c packet.h misc.c misc.h packet.c] Make keepalive timeouts apply while waiting for a packet, particularly during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
* - dtucker@cvs.openbsd.org 2007/12/27 14:22:08dtucker2007-12-281-1/+2
| | | | | | | | [servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c sshd.c] Add a small helper function to consistently handle the EAI_SYSTEM error code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
* - djm@cvs.openbsd.org 2006/08/18 10:27:16djm2006-08-181-13/+13
| | | | | | [misc.h] reorder so prototypes are sorted by the files they refer to; no binary change
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42djm2006-08-051-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/08/01 23:22:48djm2006-08-051-1/+2
| | | | | | | | | | | | | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h
* - dtucker@cvs.openbsd.org 2006/07/10 12:46:51dtucker2006-07-101-1/+2
| | | | | | | | | | [misc.c misc.h sshd.8 sshconnect.c] Add port identifier to known_hosts for non-default ports, based originally on a patch from Devin Nate in bz#910. For any connection using the default port or using a HostKeyAlias the format is unchanged, otherwise the host name or address is enclosed within square brackets in the same format as sshd's ListenAddress. Tested by many, ok markus@.
* - stevesk@cvs.openbsd.org 2006/07/06 16:03:53djm2006-07-101-1/+5
| | | | | | | | | | | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include <pwd.h> out of includes.h; ok markus@
* - djm@cvs.openbsd.org 2006/03/30 09:58:16djm2006-03-311-2/+22
| | | | | | | | | [authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h] [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c] replace {GET,PUT}_XXBIT macros with functionally similar functions, silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@
* - djm@cvs.openbsd.org 2006/03/25 22:22:43djm2006-03-261-1/+1
| | | | | | | | | | | | | | [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@
* - djm@cvs.openbsd.org 2006/01/31 10:19:02djm2006-01-311-2/+6
| | | | | | | [misc.c misc.h scp.c sftp.c] fix local arbitrary command execution vulnerability on local/local and remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
* - reyk@cvs.openbsd.org 2005/12/08 18:34:11djm2005-12-131-2/+14
| | | | | | | | | | | | | | [auth-options.c includes.h misc.c misc.h readconf.c servconf.c] [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac] two changes to the new ssh tunnel support. this breaks compatibility with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
* - reyk@cvs.openbsd.org 2005/12/06 22:38:28djm2005-12-131-1/+3
| | | | | | | | | | | | | | | | | [auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
* - djm@cvs.openbsd.org 2005/09/13 23:40:07dtucker2005-10-031-1/+2
| | | | | | [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] ensure that stdio fds are attached; ok deraadt@
* - dtucker@cvs.openbsd.org 2005/07/14 04:00:43dtucker2005-07-141-2/+2
| | | | | [misc.h] use __sentinel__ attribute; ok deraadt@ djm@ markus@
* - djm@cvs.openbsd.org 2005/07/04 00:58:43djm2005-07-051-1/+2
| | | | | | | | | [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5] implement support for X11 and agent forwarding over multiplex slave connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own. ok dtucker@ "put it in" deraadt@
* - djm@cvs.openbsd.org 2005/06/06 11:20:36djm2005-06-161-1/+2
| | | | | | [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c] introduce a generic %foo expansion function. replace existing % expansion and add expansion to ControlPath; ok markus@
* - djm@cvs.openbsd.org 2005/04/09 04:32:54djm2005-05-261-5/+2
| | | | | | [misc.c misc.h tildexpand.c Makefile.in] replace tilde_expand_filename with a simpler implementation, ahead of more whacking; ok deraadt@
* - djm@cvs.openbsd.org 2005/03/01 10:09:52djm2005-03-011-1/+2
| | | | | | | | | | [auth-options.c channels.c channels.h clientloop.c compat.c compat.h] [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] [sshd_config.5] bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports.
* - dtucker@cvs.openbsd.org 2004/12/11 01:48:56dtucker2004-12-111-2/+2
| | | | | | [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h] Fix debug call in error path of authorized_keys processing and fix related warnings; ok djm@
* - dtucker@cvs.openbsd.org 2004/12/06 11:41:03dtucker2004-12-061-1/+2
| | | | | | [auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8] Discard over-length authorized_keys entries rather than complaining when they don't decode. bz #884, with & ok djm@
* - djm@cvs.openbsd.org 2004/10/29 22:53:56dtucker2004-11-051-1/+2
| | | | | [clientloop.c misc.h readpass.c ssh-agent.c] factor out common permission-asking code to separate function; ok markus@
* - avsm@cvs.openbsd.org 2004/08/11 21:43:05dtucker2004-08-131-3/+3
| | | | | [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c] some signed/unsigned int comparison cleanups; markus@ ok
* - djm@cvs.openbsd.org 2004/06/17 15:10:14djm2004-06-171-1/+2
| | | | | | [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] Add option for confirmation (ControlMaster=ask) via ssh-askpass before opening shared connections; ok markus@
* - djm@cvs.openbsd.org 2004/06/14 01:44:39djm2004-06-151-3/+3
| | | | | | [channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c] [sshd.c] set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
* - djm@cvs.openbsd.org 2004/05/08 00:21:31dtucker2004-05-131-1/+13
| | | | | | [clientloop.c misc.h readpass.c scard.c ssh-add.c ssh-agent.c ssh-keygen.c sshconnect.c sshconnect1.c sshconnect2.c] removed: readpass.h kill a tiny header; ok deraadt@
* - deraadt@cvs.openbsd.org 2004/05/08 00:01:37dtucker2004-05-131-1/+3
| | | | | | [auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c tildexpand.c], removed: sshtty.h tildexpand.h make two tiny header files go away; djm ok
* - (bal) redo how we handle 'mysignal()'. Move it tomouring2003-08-251-4/+0
| | | | | openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to be our 'mysignal' by default. OK djm@
* - markus@cvs.openbsd.org 2002/03/19 10:49:35mouring2002-03-221-4/+4
| | | | | | | [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c ttymodes.c] KNF whitespace
* - (djm) OpenBSD CVS Syncdjm2002-02-051-1/+2
| | | | | | | - stevesk@cvs.openbsd.org 2002/01/24 21:09:25 [channels.c misc.c misc.h packet.c] add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning). no nagle changes just yet; ok djm@ markus@
* - (stevesk) sync misc.hstevesk2001-07-041-10/+11
|
* - markus@cvs.openbsd.org 2001/06/26 17:27:25mouring2001-07-041-48/+10
| | | | | | | | | | | | | [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h tildexpand.h uidswap.h uuencode.h xmalloc.h] remove comments from .h, since they are cut&paste from the .c files and out of sync
* - itojun@cvs.openbsd.org 2001/06/26 06:32:58mouring2001-07-041-11/+11
| | | | | | | | | | | [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h compat.h compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h radix.h readconf.h readpass.h rsa.h] prototype pedant. not very creative... - () -> (void) - no variable names
* - stevesk@cvs.openbsd.org 2001/05/19 19:43:57mouring2001-06-051-1/+25
| | | | | | | | | | | | | | [misc.c misc.h servconf.c sshd.8 sshd.c] sshd command-line arguments and configuration file options that specify time may be expressed using a sequence of the form: time[qualifier], where time is a positive integer value and qualifier is one of the following: <none>,s,m,h,d,w Examples: 600 600 seconds (10 minutes) 10m 10 minutes 1h30m 1 hour 30 minutes (90 minutes) ok markus@
* - markus@cvs.openbsd.org 2001/05/11 14:59:56mouring2001-05-121-2/+3
| | | | | [clientloop.c misc.c misc.h] add unset_nonblock for stdout/err flushing in client_loop().
* - mouring@cvs.openbsd.org 2001/05/08 19:45:25mouring2001-05-081-2/+12
| | | | | [misc.c misc.h scp.c sftp.c] Use addargs() in sftp plus some clean up of addargs(). OK Markus
* - mouring@cvs.openbsd.org 2001/05/03 23:09:53mouring2001-05-031-1/+5
| | | | | | [misc.c misc.h scp.c sftp.c] Move colon() and cleanhost() to misc.c where I should I have put it in the first place
* - stevesk@cvs.openbsd.org 2001/04/12 20:09:38mouring2001-04-121-1/+8
| | | | | [misc.c misc.h readconf.c servconf.c ssh.c sshd.c] robust port validation; ok markus@ jakob@
* - markus@cvs.openbsd.org 2001/02/22 21:59:44mouring2001-03-051-1/+3
| | | | | [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c] use pwcopy in ssh.c, too