summaryrefslogtreecommitdiffstats
path: root/servconf.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2020-01-23upstream: Handle zlib compression being disabled now that it'sdtucker@openbsd.org2-4/+16
optional. OpenBSD-Regress-ID: 0af4fbc5168e62f89d0350de524bff1cb00e707a
2020-01-23upstream: Fix typo in comment.dtucker@openbsd.org1-2/+2
OpenBSD-Commit-ID: d1d7a6553208bf439378fd1cf686a828aceb353a
2020-01-23upstream: When checking for unsafe directories, ignore non-directoriesdtucker@openbsd.org1-4/+6
(ie symlinks, where permissions are not relevant). OpenBSD-Regress-ID: fb6cfc8b022becb62b2dcb99ed3f072b3326e501
2020-01-23zlib is now optional.Darren Tucker1-5/+4
2020-01-23Plumb WITH_ZLIB into configure.Darren Tucker1-10/+18
This allows zlib support to be disabled by ./configure --without-zlib.
2020-01-23upstream: Make zlib optional. This adds a "ZLIB" build time optiondtucker@openbsd.org8-16/+91
that allows building without zlib compression and associated options. With feedback from markus@, ok djm@ OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910
2020-01-23upstream: remove trailing period characters from pub/priv keydjm@openbsd.org1-3/+3
pathnames - they make them needlessly more difficult to cut and paste without error; ok markus@ & dtucker@ OpenBSD-Commit-ID: abdcfd1a5723fcac0711feee7665edc66ae2335a
2020-01-23Fix a couple of mysig_t leftovers.Darren Tucker3-3/+6
2020-01-23Remove mysignal wrapper.Darren Tucker2-38/+0
We switched the main code to use sigaction(), so the wrapper is no longer used.
2020-01-23upstream: new sentence, new line;jmc@openbsd.org1-3/+3
OpenBSD-Commit-ID: b6c3f2f36ec77e99198619b38a9f146655281925
2020-01-23upstream: Replace all calls to signal(2) with a wrapper arounddtucker@openbsd.org25-131/+153
sigaction(2). This wrapper blocks all other signals during the handler preventing races between handlers, and sets SA_RESTART which should reduce the potential for short read/write operations. OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519
2020-01-23upstream: missing header change from previous; spotted by dtucker@djm@openbsd.org1-0/+10
OpenBSD-Commit-ID: 321ce74c0a5bbd0f02fa3f20cb5cf2a952c6b96f
2020-01-23upstream: Check for and warn about StrictModes permission problems. ok tb@dtucker@openbsd.org1-1/+24
OpenBSD-Regress-ID: 4841704ccdee50ee7efc6035bc686695c6ac2991
2020-01-23upstream: Also test PuTTY chacha20.dtucker@openbsd.org1-2/+2
OpenBSD-Regress-ID: 7af6a0e8763b05f1f8eee6bca5f31fcb16151040
2020-01-23upstream: Also test PuTTY ecdh kex methods.dtucker@openbsd.org1-2/+2
OpenBSD-Regress-ID: ec4017dce612131842398a03e93007a869c2c133
2020-01-23upstream: Remove unsupported algorithms from list of defaults at rundtucker@openbsd.org6-162/+92
time and remove ifdef and distinct settings for OPENSSL=no case. This will make things much simpler for -portable where the exact set of algos depends on the configuration of both OpenSSH and the libcrypto it's linked against (if any). ok djm@ OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2
2020-01-23upstream: add a new signature operations "find-principal" to lookdjm@openbsd.org3-11/+209
up the principal associated with a signature from an allowed-signers file. Work by Sebastian Kinne; ok dtucker@ OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d
2020-01-23upstream: Ignore whitespace when checking explict fingerprint.dtucker@openbsd.org1-5/+6
When confirming a host key using the fingerprint itself, ignore leading and trailing whitespace. ok deraadt@ djm@ OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011
2020-01-22upstream: Increase keyscan timeout from default. On slow hosts 3dtucker@openbsd.org1-2/+2
concurrent keyscans can hit the default 5 second timeout, so increase to 15 seconds. OpenBSD-Regress-ID: 16383dec166af369b7fb9948572856f5d544c93f
2020-01-22upstream: remove diffie-hellman-group14-sha1 from default kex totedu@openbsd.org1-3/+2
see what happens. general mostly ok OpenBSD-Commit-ID: 216b7b8462d2ef5f4531f26cb2cb839b2153dad9
2020-01-22upstream: For ssh-keygen -lF only add a space after key fingerprintclaudio@openbsd.org1-3/+5
when there is a comment. This makes copy-paste of fingerprints into ssh easier. OK djm@ OpenBSD-Commit-ID: fa01d95624f65c1eb4dc7c575d20d77c78010dfd
2020-01-22upstream: some __func__ and strerror(errno) here; no functionaldjm@openbsd.org1-7/+7
change OpenBSD-Commit-ID: 6c3ddd5f848b99ea560b31d3fba99ceed66cef37
2020-01-22upstream: factor out parsing of allowed-signers linesdjm@openbsd.org1-27/+87
OpenBSD-Commit-ID: 85ee6aeff608371826019ea85e55bfa87f79d06e
2020-01-22unbreak fuzzer support for recent ssh-sk.h changesDamien Miller2-21/+23
2020-01-21upstream: expose the number of currently-authenticating connectionsdjm@openbsd.org1-2/+8
along with the MaxStartups limit in the proctitle; suggestion from Philipp Marek, w/ feedback from Craig Miskell ok dtucker@ OpenBSD-Commit-ID: a4a6db2dc1641a5df8eddf7d6652176e359dffb3
2020-01-21upstream: document the default value of the ControlPersist option;naddy@openbsd.org1-3/+4
ok dtucker@ djm@ OpenBSD-Commit-ID: 0788e7f2b5a9d4e36d3d2ab378f73329320fef66
2020-01-21remove accidental change in f8c11461Damien Miller1-6/+1
2020-01-21upstream: don't #ifdef out the KRL code when compiling withoutdjm@openbsd.org1-9/+1
libcrypto support; it works just fine and disabling it breaks a few tests. ok dtucker@ OpenBSD-Commit-ID: 65f6272c4241eb4b04de78b012fe98b2b555ad44
2020-01-21upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it gettingdjm@openbsd.org3-6/+12
cleared; with dtucker@ OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e
2020-01-21upstream: check access(ssh-sk-helper, X_OK) to provide friendlydjm@openbsd.org1-1/+9
error message for misconfigured helper paths OpenBSD-Commit-ID: 061bcc262155d12e726305c91394ac0aaf1f8341
2020-01-21upstream: Document sntrup4591761x25519-sha512@tinyssh.org. Patchdtucker@openbsd.org1-2/+4
from jtesta@positronsecurity.com via github PR#151. OpenBSD-Commit-ID: f3d48168623045c258245c340a5a2af7dbb74edc
2020-01-21upstream: fix ssh-keygen not displaying authenticator touchdjm@openbsd.org1-1/+4
prompt; reported by jmc@ OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859
2020-01-21upstream: a little more verbosity in sign_and_send_pubkey() debugdjm@openbsd.org1-3/+5
messages OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508
2020-01-21upstream: one more replacement "(security) key" -> "(FIDO)naddy@openbsd.org1-2/+2
authenticator" OpenBSD-Commit-ID: 031bca03c1d1f878ab929facd561911f1bc68dfd
2020-01-21upstream: undo merge error and replace the term "security key"naddy@openbsd.org1-3/+3
again OpenBSD-Commit-ID: 341749062c089cc360a7877e9ee3a887aecde395
2020-01-21upstream: Document loading of resident keys from a FIDOnaddy@openbsd.org2-28/+20
authenticator. * Rename -O to -K to keep "-O option" available. * Document -K. * Trim usage() message down to synopsis, like all other commands. ok markus@ OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
2020-01-21upstream: sync ssh-keygen.1 and ssh-keygen's usage() with eachnaddy@openbsd.org2-12/+11
other and reality ok markus@ OpenBSD-Commit-ID: cdf64454f2c3604c25977c944e5b6262a3bcce92
2020-01-21upstream: revise the fix for reversed arguments onnaddy@openbsd.org1-4/+4
expand_proxy_command() Always put 'host' before 'host_arg' for consistency. ok markus@ djm@ OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3
2020-01-21upstream: pass the log-on-stderr flag and log level through todjm@openbsd.org3-26/+37
ssh-sk-helper, making debugging a bit easier. ok markus@ OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a
2020-01-21Wrap copy_environment_blacklist() in #ifdefDamien Miller1-0/+2
It's only needed for USE_PAM or HAVE_CYGWIN cases and will cause compiler warnings otherwise.
2020-01-21dependDamien Miller1-44/+44
2020-01-21Fix missing prototype warning for copy_environmentRuben Kerkhof1-1/+3
This function is only used in this file, and only on Cygwin, so make it static and hide it behind HAVE_CYGWIN. Prevents missing prototype warning.
2020-01-21configure.ac: fix ldns testRuben Kerkhof1-2/+0
When running ./configure --with-ldns, if ldns-config cannot be found, we add -Iyes/include to CPPFLAGS and -Lyes/lib to LDFLAGS. Fix that.
2020-01-21Make sshpam_password_change_required static.Ruben Kerkhof1-1/+1
sshpam_password_change_required is only used in auth-pam.c, so make it static to prevent a mising prototype warning.
2020-01-21sandbox-darwin.c: fix missing prototypes.Ruben Kerkhof1-1/+1
Include the right header just like the other sandbox files. Fixes missing prototype warnings for ssh_sandbox_* functions.
2020-01-20Fix a few warnings when on Mac OS X.Ruben Kerkhof1-0/+1
Include stdlib.h for calloc, malloc, free and setenv.
2020-01-20Fix building without openssl.Ruben Kerkhof1-0/+2
This fixes the following when there are no openssl headers on the system: ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found
2020-01-16Add config.log to .gitignoreRuben Kerkhof1-0/+1
2020-01-16Fix typo in README.md, s/crytpo/crypto/Ruben Kerkhof1-1/+1
2020-01-15Wrap stdint.h in ifdef HAVE_STDINT_H.Darren Tucker1-0/+2