summaryrefslogtreecommitdiffstats
path: root/ssh-keysign.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* - djm@cvs.openbsd.org 2010/08/31 12:33:38Damien Miller2010-09-101-2/+2
| | | | | | | | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] reintroduce commit from tedu@, which I pulled out for release engineering: OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
* - djm@cvs.openbsd.org 2010/08/16 04:06:06Damien Miller2010-08-311-2/+2
| | | | | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] backout previous temporarily; discussed with deraadt@
* - tedu@cvs.openbsd.org 2010/08/12 23:34:39Damien Miller2010-08-311-2/+2
| | | | | | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] OpenSSL_add_all_algorithms is the name of the function we have a man page for, so use that. ok djm
* - djm@cvs.openbsd.org 2010/08/04 06:08:40Damien Miller2010-08-051-1/+1
| | | | | [ssh-keysign.c] clean for -Wuninitialized (Id sync only; portable had this change)
* - djm@cvs.openbsd.org 2010/08/04 05:42:47Damien Miller2010-08-051-2/+2
| | | | | | | [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] [ssh-keysign.c ssh.c] enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
* - dtucker@cvs.openbsd.org 2010/01/13 01:20:20Darren Tucker2010-01-131-2/+2
| | | | | | [canohost.c ssh-keysign.c sshconnect2.c] Make HostBased authentication work with a ProxyCommand. bz #1569, patch from imorgan at nas nasa gov, ok djm@
* - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller2006-09-011-0/+1
| | | | | | | | | | | | | | | | | [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/07/26 13:57:17Damien Miller2006-08-051-1/+2
| | | | | | | | | [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include <stdlib.h> out of includes.h
* - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]Damien Miller2006-07-241-1/+1
| | | | | | | | | | | | | | | [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] make the portable tree compile again - sprinkle unistd.h and string.h back in. Don't redefine __unused, as it turned out to be used in headers on Linux, and replace its use in auth-pam.c with ARGSUSED
* - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller2006-07-241-1/+2
| | | | | | | | | | | | | | | | | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/17 01:31:10Damien Miller2006-07-241-1/+2
| | | | | | | | | [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c] [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c] [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c] [sshconnect.c sshlogin.c sshpty.c uidswap.c] move #include <unistd.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/09 15:15:11Damien Miller2006-07-101-1/+2
| | | | | | | | [auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c] [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] [sshlogin.c sshpty.c] move #include <fcntl.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/06 16:03:53Damien Miller2006-07-101-1/+2
| | | | | | | | | | | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include <pwd.h> out of includes.h; ok markus@
* - dtucker@cvs.openbsd.org 2006/04/02 08:34:52Damien Miller2006-04-231-3/+3
| | | | | [ssh-keysign.c] sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
* - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller2006-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]Damien Miller2006-03-151-0/+2
| | | | | | | | [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] [openbsd-compat/glob.c openbsd-compat/mktemp.c] [openbsd-compat/readpassphrase.c] Lots of include fixes for OpenSolaris
* - stevesk@cvs.openbsd.org 2006/02/08 12:15:27Damien Miller2006-03-151-1/+3
| | | | | | | [auth.c clientloop.c includes.h misc.c monitor.c readpass.c] [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] [sshd.c sshpty.c] move #include <paths.h> out of includes.h; ok markus@
* - djm@cvs.openbsd.org 2005/09/13 23:40:07Darren Tucker2005-10-031-1/+8
| | | | | | [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c] ensure that stdio fds are attached; ok deraadt@
* - dtucker@cvs.openbsd.org 2004/08/23 14:29:23Darren Tucker2004-08-291-3/+3
| | | | | [ssh-keysign.c] Remove duplicate getuid(), suggested by & ok markus@
* - dtucker@cvs.openbsd.org 2004/08/23 14:26:38Darren Tucker2004-08-291-1/+1
| | | | | | [ssh-keysign.c ssh.c] Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches change in Portable; ok markus@ (CVS ID sync only)
* - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() sinceDarren Tucker2004-08-151-6/+6
| | | | it does the right thing on all platforms. ok djm@
* - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.cDarren Tucker2004-07-171-4/+0
| | | | | | ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces diff vs OpenBSD; ok mouring@, tested by tim@ too.
* - djm@cvs.openbsd.org 2004/04/18 23:10:26Damien Miller2004-04-201-2/+2
| | | | | | | [readconf.c readconf.h ssh-keysign.c ssh.c] perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions
* - markus@cvs.openbsd.org 2004/01/19 21:25:15Damien Miller2004-01-211-1/+2
| | | | | [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c] fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
* - djm@cvs.openbsd.org 2003/11/17 09:45:39Damien Miller2003-11-171-2/+3
| | | | | [msg.c msg.h sshconnect2.c ssh-keysign.c] return error on msg send/receive failure (rather than fatal); ok markus@
* - djm@cvs.openbsd.org 2003/07/03 08:09:06Darren Tucker2003-07-031-2/+1
| | | | | | [readconf.c readconf.h ssh-keysign.c ssh.c] fix AddressFamily option in config file, from brent@graveland.net; ok markus@
* - djm@cvs.openbsd.org 2003/05/16 03:27:12Damien Miller2003-05-181-2/+4
| | | | | | [readconf.c ssh_config ssh_config.5 ssh-keysign.c] add AddressFamily option to ssh_config (like -4, -6 on commandline). Portable bug #534; ok markus@
* - markus@cvs.openbsd.org 2003/04/02 14:36:26Damien Miller2003-04-091-2/+2
| | | | | [ssh-keysign.c] potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
* - (djm) OpenBSD CVS SyncDamien Miller2003-03-151-8/+1
| | | | | | - markus@cvs.openbsd.org 2003/03/13 11:42:19 [authfile.c ssh-keysign.c] move RSA_blinding_on to generic key load method
* - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs sinceBen Lindstrom2002-12-231-1/+1
| | | | we already did s/msg_send/ssh_msg_send/
* - markus@cvs.openbsd.org 2002/11/07 22:08:07Ben Lindstrom2002-11-091-3/+3
| | | | | | | | | [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c] we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
* - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2Damien Miller2002-10-041-3/+3
|
* - markus@cvs.openbsd.org 2002/07/03 14:21:05Ben Lindstrom2002-07-041-1/+15
| | | | | | | | [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config] re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
* - markus@cvs.openbsd.org 2002/07/03 09:55:38Ben Lindstrom2002-07-041-1/+14
| | | | | | | [ssh-keysign.c] use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
* - markus@cvs.openbsd.org 2002/06/26 22:27:32Ben Lindstrom2002-06-271-2/+2
| | | | | [ssh-keysign.c] bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
* - deraadt@cvs.openbsd.org 2002/06/19 00:27:55Ben Lindstrom2002-06-211-8/+8
| | | | | | | | | [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading....
* - markus@cvs.openbsd.org 2002/06/08 05:07:09Ben Lindstrom2002-06-091-3/+7
| | | | | [ssh-keysign.c] only accept 20 byte session ids
* unexpandBen Lindstrom2002-06-091-3/+3
|
* - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.auBen Lindstrom2002-06-071-0/+6
|
* - (bal) ssh-keysign should build and install correctly now. Phase twoBen Lindstrom2002-06-071-0/+4
| | | | would be to clean out any dead wood and disable ssh setuid on install.
* - markus@cvs.openbsd.org 2002/05/23 19:24:30Ben Lindstrom2002-06-061-0/+204
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in] add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys). Note: Makefile.in untested. Will test after merge is finished.