src - OpenBSD base system

Age	Commit message (Collapse)	Author
2008-06-30	only pass channel requests on session channels through to the session	Damien Miller
	channel handler, avoiding spurious log messages; ok! markus@
2008-06-10	Add a no-more-sessions@openssh.com global request extension that the	Damien Miller
	client sends when it knows that it will never request another session (i.e. when session multiplexing is disabled). This allows a server to disallow further session requests and terminate the session. Why would a non-multiplexing client ever issue additional session requests? It could have been attacked with something like SSH'jack: http://www.storm.net.nz/projects/7 feedback & ok markus
2008-05-09	unbreak	Markus Friedl
	ssh -2 localhost od /bin/ls \| true ignoring SIGPIPE by adding a new channel message (EOW) that signals the peer that we're not interested in any data it might send. fixes bz #85; discussion, debugging and ok djm@
2008-05-09	Try additional addresses when connecting to a port forward destination	Damien Miller
	whose DNS name resolves to more than one address. The previous behaviour was to try the first address and give up. Reported by stig AT venaas.com in bz#343 great feedback and ok markus@
2008-05-08	Implement a channel success/failure status confirmation callback	Damien Miller
	mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
2008-02-22	Allow all SSH2 packet types, including UNIMPLEMENTED to reset the	Darren Tucker
	keepalive timer (bz #1307). ok markus@
2008-01-23	Revert the change for bz #1307 as it causes connection aborts if an IGNORE	Darren Tucker
	packet arrives while we're waiting in packet_read_expect (and possibly elsewhere).
2007-12-28	Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the	Darren Tucker
	ServerAlive and ClientAlive timers. Prevents dropping a connection when these are enabled but the peer does not support our keepalives. bz #1307, ok djm@.
2006-10-11	exit instead of doing a blocking tcp send if we detect a client/server timeout,	Markus Friedl
	since the tcp sendqueue might be already full (of alive requests); ok dtucker, report mpf
2006-08-03	almost entirely get rid of the culture of ".h files that include .h files"	Theo de Raadt
	ok djm, sort of ok stevesk makes the pain stop in one easy step
2006-07-26	move #include <sys/param.h> out of includes.h	Kevin Steves

2006-07-25	move #include <sys/time.h> out of includes.h	Kevin Steves

2006-07-22	move #include <string.h> out of includes.h	Kevin Steves

2006-07-20	missed some needed #include <unistd.h> when KERBEROS5=no; issue from	Kevin Steves
	massimo@cedoc.mo.it
2006-07-11	move #include <errno.h> out of includes.h; ok markus@	Kevin Steves

2006-07-09	move #include <fcntl.h> out of includes.h	Kevin Steves

2006-07-06	move #include <pwd.h> out of includes.h; ok markus@	Kevin Steves

2006-07-05	move #include <netinet/in.h> out of includes.h; ok deraadt@	Kevin Steves

2006-03-25	spacing	Theo de Raadt

2006-03-25	Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that	Damien Miller
	Theo nuked - our scripts to sync -portable need them in the files
2006-03-20	spacing	Theo de Raadt

2006-03-20	sprinkle u_int throughout pty subsystem, ok markus	Theo de Raadt

2006-03-19	ARGSUSED for signal handlers	Theo de Raadt

2006-03-19	RCSID() can die	Theo de Raadt

2006-03-19	memory leaks detected by Coverity via elad AT netbsd.org;	Damien Miller
	ok deraadt@ dtucker@
2006-03-04	move a debug() outside of a signal handler; ok markus@ a little while back	Damien Miller

2006-02-20	move #include <signal.h> out of includes.h; ok markus@	Kevin Steves

2006-02-10	move #include <sys/wait.h> out of includes.h; ok markus@	Kevin Steves

2006-02-07	move #include <termios.h> out of includes.h; ok markus@	Kevin Steves

2005-12-13	if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY	Reyk Floeter

2005-12-08	two changes to the new ssh tunnel support. this breaks compatibility	Reyk Floeter
	with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes\|point-to-point\|ethernet\|no) option is ssh_config(5) and restricted by the PermitTunnel (yes\|point-to-point\|ethernet\|no) option in sshd_config(5). ok djm@, man page bits by jmc@
2005-12-06	Add support for tun(4) forwarding over OpenSSH, based on an idea and	Reyk Floeter
	initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
2005-10-31	make sure we clean up wtmp, etc. file when we receive a SIGTERM,	Damien Miller
	SIGINT or SIGQUIT when running without privilege separation (the normal privsep case is already OK). Patch mainly by dtucker@ and senthilkumar_sen AT hotpop.com; ok dtucker@
2005-10-30	no need to escape single quotes in comments, no binary change	Damien Miller

2005-10-10	fix regression I introduced in 4.2: X11 forwardings initiated after	Damien Miller
	a session has exited (e.g. "(sleep 5; xterm) &") would not start. bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
2005-07-17	knf says that a 2nd level indent is four (not three or five) spaces	Damien Miller

2004-08-11	some signed/unsigned int comparison cleanups; markus@ ok	Anil Madhavapeddy

2004-05-21	bz #756: add support for the cancel-tcpip-forward request for the server and	Damien Miller
	the client (through the ~C commandline). reported by z3p AT twistedmatrix.com; ok markus@
2004-01-19	fix mem leaks; some fixes from Pete Flugstad; tested dtucker@	Markus Friedl

2003-12-09	make ClientKeepAlive work for ssh -N, too (no login shell requested).	Markus Friedl
	1) send a bogus channel request if we find a channel 2) send a bogus global request if we don't have a channel ok + test beck@
2003-11-18	Correct check for authctxt->valid. ok djm@	Darren Tucker

2003-11-04	standardise arguments to auth methods - they should all take authctxt.	Damien Miller
	check authctxt->valid rather then pw != NULL; ok markus@
2003-09-23	replace fatal_cleanup() and linked list of fatal callbacks with static	Markus Friedl
	cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
2003-06-24	int -> u_int; ok djm@, deraadt@, mouring@	Markus Friedl

2003-06-04	remove bitrotten commet; ok markus@	Damien Miller

2003-05-11	make channel_new() strdup the 'remote_name' (not the caller); ok theo	Markus Friedl

2003-04-02	reapply rekeying chage, tested by henning@, ok djm@	Markus Friedl

2003-04-01	backout rekeying changes (for 3.6.1)	Markus Friedl

2003-04-01	rekeying bugfixes and automatic rekeying:	Markus Friedl
	* both client and server rekey _automatically_ (a) after 2^31 packets, because after 2^32 packets the sequence number for packets wraps (b) after 2^(blocksize_in_bits/4) blocks (see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt) (a) and (b) are _enabled_ by default, and only disabled for known openssh versions, that don't support rekeying properly. * client option 'RekeyLimit' * do not reply to requests during rekeying
2002-09-19	log IP address also; ok markus@	Kevin Steves