ChangeLog 125 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
5
6
7
8
9
10
2002-05-05  Niels Mller  <nisse@lysator.liu.se>

	* src/argp/configure.ac: Pass no arguments to AM_INIT_AUTOMAKE.
	Don't substitute LIBOBJS.

	* src/argp/acinclude.m4: Use the three-argument form of
	AC_DEFINE_UNQUOTED. 

	* configure.ac: Pass no options to AM_INIT_AUTOMAKE.

Niels Möller's avatar
Niels Möller committed
11
12
2002-05-05  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
13
14
15
16
17
18
19
20
21
22
23
	* configure.ac: Update for automake-1.6.
	* src/argp/configure.ac: Likewise.

	* src/gateway_channel.c (do_channel_open_forward): Added a FIXME
	comment. We should install a new exception handler here.

	* configure.ac: Renamed file, used to be configure.in.
	* src/argp/configure.ac: Likewise.

	* configure.in: Bumped version number to 1.4.

Niels Möller's avatar
Niels Möller committed
24
25
26
	* doc/lsh.texinfo (Algorithm options): Updated description of the
	default cipher. We now use AES, not triple-DES.

Niels Möller's avatar
Niels Möller committed
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
2002-05-02  Niels Mller  <nisse@cuckoo.hack.org>

	* src/gateway_channel.c (do_gateway_channel_open): Limit
	rec_max_packet to SSH_MAX_PACKET.
	(do_gateway_channel_open_continuation): Likewise.

	* src/channel.c (parse_channel_open): Don't subtract
	SSH_MAX_PACKET_FUZZ here, it's handled in read_data.c.
	* src/server_session.c (make_server_session): Likewise.
	* src/client_session.c (make_client_session_channel): Likewise.
	* src/channel_forward.c (init_channel_forward): Likewise.

	* src/read_data.c (do_read_data_query): Don't read more than
	send_max_packet - SSH_MAX_PACKET_FUZZ, as to not exceed the
	receivers maximum packet size. 

Pontus Freyhult's avatar
Pontus Freyhult committed
43
44
45
46
47
2002-04-04  Pontus Skld  <pont@soua.net>

	* src/lsh.c (do_lsh_lookup): Cosmetic changes of unauthenticated
	key fingerprint text.

Pontus Freyhult's avatar
Pontus Freyhult committed
48
49
2002-04-03  Pontus Skld  <pont@soua.net>

Pontus Freyhult's avatar
Pontus Freyhult committed
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
	* src/format.c (lsh_string_bubblebabble_c): New function to define
	the che bubble babble checksum series, used by
	lsh_string_bubblebabble.

	* src/lsh.c (do_lsh_lookup): Rearranged the unauthenticated key
	fingerprint display somewhat and added bubble babble SHA1 of
	keyblob (which seems to be what OpenSSH is using at least).

	* src/format.c (lsh_string_bubblebabble): New function to
	bubblebabble a string.

	* src/format.h (lsh_string_bubblebabble): New function to
	bubblebabble a string.

	* src/testsuite/string-test.c (test_main): Added checks for
	lsh_string_bubblebabble.

Pontus Freyhult's avatar
Pontus Freyhult committed
67
68
69
70
71
72
73
74
75
76
77
78
	* src/lsh.c (do_lsh_lookup): Output the fingerprint of the remote
	host according to draft-ietf-secsh-fingerprint-00.txt (and keep
	the old way of outputing).

	* src/format.c (lsh_string_colonize): New function to insert
	colons in a lsh_string.

	* src/format.h (lsh_string_colonize): Likewise
	
	* src/testsuite/string-test.c (test_main): Added tests for
	lsh_string_colonize.

Pontus Freyhult's avatar
Pontus Freyhult committed
79
80
81
	* src/client.c (client_options): Bugfix: OPT_SUBSYSTEM shouldn't
	be inside char quotes.

Niels Möller's avatar
Niels Möller committed
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
2002-03-27  Niels Mller  <nisse@cuckoo.hack.org>

	* src/io.c (lsh_oop_stop_callback): Use the OOP_HALT constant.

	* src/client_x11.c (do_client_channel_x11_receive): Allow
	lowercase letters 'l' and 'b' for the endianness indicator.

	* src/client.c: Removed the short alias, -C, for the --subsystem
	option. 

2002-03-26  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lsh-authorize: Don't use &>-redirects, as /bin/sh doesn't
	understand that. Noticed by Timshell Knoll.

2002-03-25  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lsh-execuv.c: Deleted utmp stuff, this is not the right
	place for that.

Pontus Freyhult's avatar
Pontus Freyhult committed
102
103
2002-03-26  Pontus Skld  <pont@soua.net>

Pontus Freyhult's avatar
Pontus Freyhult committed
104
105
106
	* configure.in: If with_scheme is absolute, don't AC_PATH_PROG for
	it but just use it directly.

Pontus Freyhult's avatar
Pontus Freyhult committed
107
108
109
110
111
	* src/client.c (client_options): Added implication of no-pty in
	subsystem help text if PTY-support is enabled.
	(client_argp_parser): Turn of pty-request if there is a subsystem
	request.

Niels Möller's avatar
Niels Möller committed
112
113
114
115
2002-03-22  Niels Mller  <nisse@cuckoo.hack.org>

	* src/sexp-conv.c (main): Add newline at end of --raw-hash output.

Pontus Freyhult's avatar
Pontus Freyhult committed
116
117
2002-03-20  Pontus Skld  <pont@r3>

Pontus Freyhult's avatar
Pontus Freyhult committed
118
119
120
121
122
123
124
	* src/testsuite/lsh-1-test: Run "exec 0" instead of "exec" in case
	the last command in the user's startup files ended with nonzero
	exit status.

	* src/testsuite/lsh-5-test: Likewise.
	* src/testsuite/lsh-6-test: Likewise.
	
Pontus Freyhult's avatar
Pontus Freyhult committed
125
126
127
	* src/testsuite/lshg-1-test: grep -q changed to redirection to
	/dev/null.

Pontus Freyhult's avatar
Pontus Freyhult committed
128
129
	* src/testsuite/ssh1-fallback-test: Likewise.
	
Niels Möller's avatar
Niels Möller committed
130
131
132
133
134
2002-03-20  Niels Mller  <nisse@cuckoo.hack.org>

	* src/testsuite/run-tests (test_program): Added missing single
	quote.

Niels Möller's avatar
Niels Möller committed
135
136
2002-03-20  Niels Mller  <nisse@lysator.liu.se>

Niels Möller's avatar
Niels Möller committed
137
138
139
140
	* src/testsuite/functions.sh (at_connect): Put -- between the
	options and the arguments, as that is the correct place according
	to POSIX. 

Niels Möller's avatar
Niels Möller committed
141
142
143
	* src/testsuite/lsh-7-test: Rewrote !command-expressions as an if
	expression, to work with /bin/sh.

Niels Möller's avatar
Niels Möller committed
144
145
146
147
148
2002-03-20  Niels Mller  <nisse@cuckoo.hack.org>

	* src/io.c (address_info2sockaddr): Zero-terminate the
	default_preferences list.

Niels Möller's avatar
Niels Möller committed
149
150
2002-03-20  Niels Mller  <nisse@lysator.liu.se>

Niels Möller's avatar
Niels Möller committed
151
152
153
	* src/client_session.c (make_client_session_channel): Clear the
	CHANNEL_CLOSE_AT_EOF flag.

Niels Möller's avatar
Niels Möller committed
154
155
156
157
158
159
160
161
162
163
	* src/testsuite/run-tests (test_program): Test the exit status of
	the right process.

	* src/testsuite/fail-test: New, always failing, testcase. For
	testing run-tests.

	* src/testsuite/functions.sh (at_connect): Don't use -- in
	argument list to mini-inetd, appearantly Solaris' getopt
	doesn't handle that. 

Niels Möller's avatar
Niels Möller committed
164
165
166
167
168
169
170
2002-03-19  Niels Mller  <nisse@lysator.liu.se>

	* src/io.c (address_info2sockaddr): Prefer AF_INET addresses over
	AF_INET6 (as it seems common that localhost has an ipv6 address
	that doesn't work). Even better would be to try all addresses, but
	that has to wait for later.

Pontus Freyhult's avatar
Pontus Freyhult committed
171
172
173
174
175
176
177
2002-03-19  Pontus Skld  <pont@docs.uu.se>

	* src/sftp/testsuite/*-test: grep -q is XPG4, which not all
	greps (notably Solaris /bin/grep) are.

	* src/sftp/testsuite/run-tests: Replaced bashims.
	
Pontus Freyhult's avatar
Pontus Freyhult committed
178
179
180
181
182
183
184
185
2002-03-19  Pontus Skld  <pont@it.uu.se>

	* src/testsuite/seed-test: Fixed bashism.

2002-03-19  Pontus Skld  <pont@it.uu.se>

	* src/testsuite/run-tests: Replaced bashims.

Pontus Freyhult's avatar
Pontus Freyhult committed
186
187
188
189
190
191
192
2002-03-19  Pontus Skld  <pont@it.uu.se>

	* src/unix_process.c: Added GETUTXID and UPDWTMPX.
	(do_utmp_cleanup): Write cleared entry to wtmp{,x} with
	updwtmp{,x} if logwtmp is not available.
	(utmp_book_keeping): Likewise.	 

Niels Möller's avatar
Niels Möller committed
193
194
195
196
2002-03-18  Niels Mller  <nisse@lysator.liu.se>

	* src/lsh-pam-checkpw.c: Include stdlib.h.

Niels Möller's avatar
Niels Möller committed
197
198
2002-03-18  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
199
200
201
202
203
204
205
206
207
208
209
210
	* src/testsuite/conv-3-test: New test program.

	* contrib/lshd.debian.init: Check for existance of
	/var/spool/lsh/yarrow-seed-file.
	(restart): New target, which sends SIGHUP to the running lshd and
	then starts a new one.

	* src/testsuite/runtests: Old testscript removed.

	* src/testsuite/Makefile.am (check-some, check-more): Use
	run-tests, not runtests.

Niels Möller's avatar
Niels Möller committed
211
212
213
	* src/io.c (io_run): Check for OOP_ERROR. This means we need at
	least liboop-0.8. 

Niels Möller's avatar
Niels Möller committed
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
	* src/server_userauth.c (do_handle_userauth): Free username on
	failure. 

	* src/server_publickey.c (do_authenticate): Free username and
	keyblob on failure. 

	* src/lshd.c (lshd_options): New field resources, that keeps track
	of resources to be killed at sighup or program exit.
	(make_lshd_options): Create the resource list, and register it
	with the gc.
	(pid_file_resource): New class.
	(sighup_close_callback): New class.
	(do_sighup_close_callback): New SIGHUP handler.
	(make_sighup_close_callback): New function.
	(close_on_sighup): New command.
	(make_lshd_listen): Close listen socket on SIGHUP.
	(do_terminate_callback): Always catch SIGTERM.
	(install_signal_handlers): Renamed the function
	install_terminate_handler. Now installs handlers for both SIGHUP
	and SIGTERM.
	(main): Arrange for the pidfile to be deleted at exit or SIGHUP.

	* src/io.c (nfiles): New global variable.
	(lsh_oop_stop_callback): New function.
	(lsh_oop_stop): New function.
	(lsh_oop_cancel_stop): New function.
	(io_nfiles): New function.
	(close_fd): Decrement nfiles, and call lsh_oop_stop when no files
	are left. 
	(make_lsh_fd): Increment nfiles.

	* src/format.c (ssh_format): Use the format string as the
	debugging "clue" for the string.

	* configure.in (CFLAGS): Don't use -ggdb3, as it seems to be
	broken on sparc.

	* src/unix_process.c: Unified utmp/utmpx code.

Pontus Freyhult's avatar
Pontus Freyhult committed
253
254
2002-03-18  Pontus Skld  <pont@it.uu.se>

Pontus Freyhult's avatar
Pontus Freyhult committed
255
256
257
	* src/unix_process.c: Make certain WTMP_FILE and WTMPX_FILE are
	defined.

Pontus Freyhult's avatar
Pontus Freyhult committed
258
259
260
261
	* configure.in: Can't check for structs with AC_CHECK_MEMBER,
	check for a sub member instead.

	* src/unix_process.c (do_utmp_cleanup): Rewrote to use utmpx if
Niels Möller's avatar
Niels Möller committed
262
	both utmpx and utmp is available. Also, don't search for an
Pontus Freyhult's avatar
Pontus Freyhult committed
263
264
265
266
267
268
269
	existing entry but construct a new one and putut{,x}line it.
	Don't clear fields explicitly (the memset).
	
	(utmp_book_keeping): Prefer utmpx, and don't search for existing
	entries.
	Bugfix: gettimeofday takes two arguments, pass 0 as second (timezone).

Pontus Freyhult's avatar
Pontus Freyhult committed
270
271
2002-03-18  Pontus Skld <pont@it.uu.se>

Pontus Freyhult's avatar
Pontus Freyhult committed
272
	* configure.in: Check for utmpx symmetrically to utmp. Check for
Pontus Freyhult's avatar
Pontus Freyhult committed
273
274
	more members of struct utmp. Check for members of struct utmpx.

Niels Möller's avatar
Niels Möller committed
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
2002-03-18  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lsh-keygen.c (main): Updated to use the rewritten
	rsa_generate_key. 

2002-03-17  Niels Mller  <nisse@cuckoo.hack.org>

	* src/rsa_keygen.c (rsa_generate_key): Rewrote to use nettle's RSA
	key generation. Deleted the argument E.

	* src/lsh-writekey.c (main_argp_parser): Initialize a randomness
	generator only if needed (i.e. if the key is going to be
	encrypted), and let the --server determine which seed-file is
	used. 

	* src/lsh-writekey.c (main): New option --server, that writes the
	output files where the server expects its host key.

	* src/lsh-writekey.c (main): Check that files doesn't exist before
	reading the key, but don't create the files until they are
	actually written to.
	(file_exists): New fucntion.
	(check_file): New function.
	(open_file): New function.
	(open_private_file): Deleted function.
	(open_public_file): Deleted function.

	* src/lsh-keygen.c (do_lsh_keygen_handler): Deleted obsolete
	function.

	* src/lsh-keygen.c (main): New option --server, that uses the
	server's seed-file.

	* src/unix_user.c (safe_close): New function.
	(do_spawn): Avoid close(-1).

311
312
313
314
315
316
317
2002-03-17  Pontus  <pont@it.uu.se>

	* src/unix_process.c (do_utmp_cleanup): Set ut_type to
	USER_PROCESS before calling getutid (neccessary on my Linux
	system, and shouldn't break anything). Make a working copy to
	modify. Do some logging.

Niels Möller's avatar
Niels Möller committed
318
319
2002-03-16  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
	* src/unix_user.c (exec_shell): Bugfix, fixed test for login-mode.

	* src/unix_process.c (do_utmp_cleanup): Compute suitable values
	for ut_line and ut_id.
	(strip_tty_name): Deleted function.
	(do_utmp_cleanup): Modify utmp by setutmp, getutid, pututline.
	(utmp_book_keeping): Likewise.

	* configure.in (SCHEME_NAME): Simple check for gmp.h, don't look
	for gmp2/gmp.h.
	Check for ut_time, ut_tv, ut_pid and ut_exit memebers in struct
	utmp. 
	Check for __gmpz_getlimbn, introduced in gmp-3.1. Dropped support
	for gmp2 (as Nettle doesn't support it anyway).

	* src/unix_user.c (do_chdir_home): Deleted function.
	(change_uid): Deleted function.

	* src/unix_process.c (unix_process_setup): Removed login argument
	again. 
	(utmp_book_keeping): Always create utmp entries as USER_PROCESS,
	not LOGIN_PROCESS.

Niels Möller's avatar
Niels Möller committed
343
344
345
346
347
348
349
350
351
352
353
354
355
356
	* src/unix_user.c (do_fork_process): Deleted function.
	(do_exec_shell): Deleted function.

	* src/userauth.h (USER_CHDIR_HOME): Deleted method.
	(USER_FORK): Deleted method.
	(USER_EXEC): Deleted method.

	* src/unix_user.c (make_process_resource): Deleted old code.

	* src/server_session.c (spawn_process): Deleted old code.
	(shell_request_handler): Likewise.
	(exec_request_handler): Likewise.
	(do_spawn_subsystem): Likewise.

Niels Möller's avatar
Niels Möller committed
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
	* src/server_session.c (format_exit_signal): Removed "Process
	killed by" from the message.
	(spawn_process): Rewrote function, using USER_SPAWN and struct
	spawn_info. Updated the shell_request, exec_request and
	subsystem_request handlers.
	(init_spawn_info): New function.
	(do_spawn_subsystem): Fixed argument list, should be -c <program>. 

	* src/unix_user.c (exec_shell): Added the real login shell to the
	lsh-execuv argument list.
	(do_spawn): Bug fix, don't reference info->pty->tty_name if
	info->pty is NULL.
	(make_unix_user): Initialize the spawn pointer.

	* src/unix_process.c: Added some trace calls.

Niels Möller's avatar
Niels Möller committed
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
2002-03-15  Niels Mller  <nisse@cuckoo.hack.org>

	* src/userauth.h (struct spawn_info): Struct with information for
	the new USER_SPAWN method.
	(USER_SPAWN): New method.

	* src/unix_user.c (chdir_home): New function.
	(exec_shell): New function.
	(do_spawn): New function.
	#if:ed out code that has been moved to unix_process.c.
	(do_lookup_user): Use /bin/sh as login shell if there's no login
	shell in the passwd-database.

	* src/unix_process.c (unix_process_setup): Adding login argument,
	which should be non-zero for a login session.

	* src/reaper.h (reap): Deleted this super class. Updated users.

	* src/Makefile.am.in (liblsh_a_SOURCES): Added unix_process.c.
	(lsh_execuv_LDADD): lsh-execuv need not be linked with liblsh.

	* configure.in: Check for more utmp related functions.

2002-03-14  Niels Mller  <nisse@cuckoo.hack.org>

	* src/unix_process.c: New file, to replace the process stuff in
	unix_user.c

401
402
403
404
2002-03-14  Pontus  <pont@it.uu.se>

	* configure.in: Added check for libpam if PAM is enabled. 

Niels Möller's avatar
Niels Möller committed
405
406
2002-03-14  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
407
	* src/resource.h (REMEMBER_RESOURCE): Deleted method, use an
Niels Möller's avatar
Niels Möller committed
408
	ordinary fucntion remember_resource instead. Updated all callers.
Niels Möller's avatar
Niels Möller committed
409
410
411
412
413

	* src/resource.c (concrete_resource_list): Deleted class, put all
	information directly in the resource_lsit class.
	(remember_resource): New public function.

Niels Möller's avatar
Niels Möller committed
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
	* configure.in: Removed check for 8-bit clean m4.

	* src/channel.c (do_channels_after_keyexchange): New function.
	(init_connection_service): Call connection_after_keyexchange, to
	start reading again after a key exchange.

	* src/gateway_channel.c (do_send_adjust): Call FLOW_CONTROL_REPORT
	only if i > 0.

	* src/handshake.c (handshake_command): Call
	connection_after_keyexchange.

	* src/connection.h (ssh_connection): Renamed established attribute
	to keyexchange_done.

	* src/connection.c (make_ssh_connection): Deleted the continuation
	argument. 
	(connection_after_keyexchange): New function.

	* src/read_data.c (do_read_data_query): Check the connection's
	send_kex_only flag.

	* src/keyexchange.c (keyexchange_finish): Moved invocation of
	connection->established... 
	* src/connection.c (connection_send_kex_end): ...to here.

	* src/resource.c (do_remember_resource): Assert that resource is
	non-NULL.

	* src/keyexchange.c (send_kexinit): Create a new kexinit struct.
	Disable key-expire timer during the key exchange.
	(make_kexinit_handler): Deleted init argument, it's now stored
	with the connection.
	(SESSION_KEY_LIFETIME_CLIENT, SESSION_KEY_LIFETIME_SERVER): New
	constants. 
	(do_handle_newkeys): Install key expire timeout.
	(set_reexchange_timeout): New function.

	* src/io.c (lsh_oop_register_callout, lsh_oop_cancel_callout):
	Added trace call.

	* src/handshake.c (handshake_command): Store the make_kexinit
	object in the connection's kexinit attribute.

	* src/connection.h (ssh_connection): New attribute kexinit, needed
	for initiating keyexchange. 

	* src/algorithms.c (all_crypto_algorithms): Prefer aes256.
	(default_crypto_algorithms): Likewise.

	* src/Makefile.am.in (EXTRA_PROGRAMS): Added lsh-pam-checkpw.

Niels Möller's avatar
Niels Möller committed
466
467
2002-03-13  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
468
469
470
471
472
473
	* src/keyexchange.c (send_kexinit): Renamed from
	initiate_keyexchange. Updated callers. Disable the key re-exchange
	timer.
	(do_handle_kexinit): Call send_kexinit, instead of duplicating
	it. 

Niels Möller's avatar
Niels Möller committed
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
	* src/testsuite/Makefile.am (TS_PROGS): Added parse-config-test.

	* src/string_buffer.c (string_buffer_putc): New constant
	BUFFER_INCREMENT. Code still not used.

	* src/ssh.h (SSH_FIRST_KEYEXCHANGE_SPECIFIC): New constant.

	* src/parse_config.c (parse_setting): Return a status code, to get
	the handling of ignored keywords right. Updated callers.
	(parse_hosts): Return a status code. Updated callers.

	* src/lshg.c (do_lshg_send_ignore): Use C_WRITE_NOW.

	* src/keyexchange.c (initiate_keyexchange): Call
	connection_send_kex_start. Use C_WRITE_NOW.
	(do_handle_kexinit): Likewise.
	(do_handle_newkeys): For uniformity, reset the NEWKEYS handler to
	&connection_fail_handler, even though NULL should work fine.
	(keyexchange_finish): Use C_WRITE_NOW. Call
	connection_send_kex_end. #if:ed out the code sending DEBUG
	messages at this point.

	* src/handshake.c (compat_info): SSH-3.0 still needs the
	PEER_SEND_NO_DEBUG flag. Also updated code to use the the
	peer_flag enum.

	* src/client_keyexchange.c (do_init_client_dh): Use C_WRITE_NOW.
	(do_handle_srp_reply): Likewise.
	(do_init_client_srp): Likewise.
	* src/server_keyexchange.c (do_handle_dh_init): Likewise.
	(do_srp_server_proof_handler): Likewise.
	(do_server_srp_read_verifier): Likewise.

	* src/config_parse.y: Deleted file, use a recursive-descent parser
	instead. 
	
	* src/Makefile.am.in (liblsh_a_SOURCES): Added parse_config.c.
	Removed disconnect.c

	* src/disconnect.c, src/disconnect.h: Deleted files, code moved to
	connection.c.

	* src/debug.c (send_debug_message): Use C_WRITE_NOW.
	(send_debug, send_verbose): #if:ed out fucntions.

	* src/connection.h (enum connection_flag, enum peer_flag, enum
	kex_state): New enum types.
	(C_WRITE_NOW): New macro.

	* src/connection.c (connection_handle_packet): Don't allow random
	messages during key exchange.
	(connection_disconnect_handler, format_disconnect): Moved code
	from disconnect.c.
	(connection_send): New function, queueing messages during key
	exchange. 
	(connection_send_kex_start): New function.
	(connection_send_kex_end): New function.

2002-03-11  Niels Mller  <nisse@cuckoo.hack.org>

	* src/testsuite/testutils.h: Include werror.h.

	* src/testsuite/parse-config-test.c: New file.

	* src/parse_config.c: Work in progress. Added linenumber handling
	and comments.

Niels Möller's avatar
Niels Möller committed
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
2002-03-05  Niels Mller  <nisse@cuckoo.hack.org>

	Cleaned up the bug compatibility tests.
	* src/handshake.c (compat_peer_flags): New function.
	(do_line): Call compat_peer_flags.

	* src/abstract_crypto.c (hash_string): Declare the input string as
	const. 
	(mac_string): Likewise.

	* src/testsuite/testutils.c (test_hash): New function.
	(test_mac): New function.
	(test_sign): New function.
	(do_bad_random): New function, stupid randomness source for the
	test programs to use.
	(test_spki_match, test_spki_grant, test_spki_deny): New functions.

	* src/testsuite/run-tests: Improved testscript, copied from
	nettle/testsuite. 

	* src/testsuite/testutils.c: Utility functions used by test
	programs. 

	Don't use m4 to generate test programs. Added C files to CVS,
	deleted m4 files. 
	* src/testsuite/Makefile.am: Deleted m4 files and rules.

2002-03-04  Niels Mller  <nisse@cuckoo.hack.org>

	* src/parse_config.c, src/parse_config.h: New files. A lexer and a
	recursive-descent parser for config files.

Niels Möller's avatar
Niels Möller committed
573
574
2002-02-27  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
575
576
	* src/config_parse.y: New file, for parsing config files.

Niels Möller's avatar
Niels Möller committed
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
	* src/unix_interact.c (do_make_raw): Modify the terminal's VMIN
	and VTIME values.

	* src/io.c (io_callout): Added an argument, the number of seconds
	until the callout should be invoked.

	* src/handshake.c (handshake_command): Make the connection timeout
	if handshake is not completed within 10 minutes.

	* src/gc.c (gc_register): Updated call of io_callout.

	* src/connection.c (connection_set_timeout): New function.
	(connection_clear_timeout): New function.

	* src/channel.c (init_connection_service): Cancel the connection's
	timeout timer. 

2002-02-22  Niels Mller  <nisse@cuckoo.hack.org>

	* src/client.c (init_client_options): Initialize port to NULL, in
	order to get the fallback from "ssh" -> 22 to work. FIXED in 1.2
	branch.
	(client_argp_parser): Fixed port error message not to try printing
	NULL. FIXED in 1.2 branch.

Niels Möller's avatar
Niels Möller committed
602
603
604
605
606
607
608
609
610
611
612
2002-02-21  Niels Mller  <nisse@cuckoo.hack.org>

	* src/server_session.c (make_pty): Simple bugfix, pty->master was
	lost too early.
	(spawn_process): Use an extra pipe for syncronization. The parent
	process won't proceed until the child is finished with it's pty
	processing. This works around a Solaris problem where reading the
	master side of the pty before the slave has been opened results in
	EINVAL. 
	(do_alloc_pty): Bugfix, record the new pty properly.

Niels Möller's avatar
Niels Möller committed
613
614
2002-02-19  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
	* src/server_session.c (spawn_process): Let the child process open
	the slave side of the pty.
	(do_alloc_pty): Don't open or touch the slave side of the pty,
	just open the master side and store the mode of the client,a nd
	the window dimensions, in the pty_info struct for use later.

	* src/server_pty.c (do_kill_pty_info): Don't touch slave tty (as
	it's not opened yet).
	(pty_open_master): Renamed the pty_allocate function. Now opens
	only the master pty. Opening the slave as well has too many side
	effects, in particular, pushing the pty-related STREAMS modules
	on Solaris have the side effect of making the pty the controlling
	process of the lshd server (if it's running in daemonic mode).
	(pty_open_slave): Renamed function tty_setctty. Now responsible
	also for opening the slave side of the pty, pushing STREAMS
	modules, and setting the tty state.

	* src/server_pty.h: Include tty.h.
	(pty_info)): Deleted slave attribute. Added attributes dims and
	mode. 

Niels Möller's avatar
Niels Möller committed
636
637
	* configure.in (CPPFLAGS): Don't zap old value.

Niels Möller's avatar
Niels Möller committed
638
639
640
	* src/crypto.c (make_aes_cbc_instance): Use aes_set_encrypt_key
	and aes_set_decrypt_key. aes_set_key is obsolete.

Niels Möller's avatar
Niels Möller committed
641
642
2002-02-07  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
643
644
	* src/sftp/.bootstrap: Added -a flag to automake invocation.

Niels Möller's avatar
Niels Möller committed
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
	* src/sftp/sftp_c.c: Constness fixes.

	* src/sftp/sftp_bind.c (lsftp_open_connection): Bugfix, don't use
	i and i++ in the same expression.
	(lsftp_wait_not_eof): #if:ed out, not used anywhere.
	(lsftp_remove_sftp_cb): Likewise.
	Constness fixes, changed calling conventions not to pass and
	return structs.
	
	* src/sftp/lsftp.c (lsftp_num_commands): Declared function static. 
	(lsftp_interactive_mainloop): Likewise.
	(lsftp_noninteractive_mainloop): Likewise.

	* src/sftp/dc.c (lsftp_dc_free_index): Made function static.
	(lsftp_dc_make_index): Likewise.
	(lsftp_dc_r_sloppy_glob): Likewise.
	(lsftp_dc_path_no_glob): Likewise.
	(lsftp_dc_path_first_glob): Likewise.
	General constification.

	* src/sftp/commands.c: Constification. Fixed warnings for mising
	prototypes and unused arguments. 

	* src/sftp/commands.h (command_func): New typedef.

	* src/sftp/rl.c, src/sftp/rl.h: Fixed prototypes for funtions
	taking no arguments.

	* src/sftp/misc_fun.c (mgetenv): Fixed "valren" typo.
	(lsftp_skip_common): Use const char * for arguments and return
	value. 
	(filename_part): Likewise.

	* src/sftp/str_utils.c (lsftp_unqoute): #if:ed out, this function
	isn't used anywhere.
	Constified, now	uses const char * for most strings.

	* src/sftp/sftp_c.h (struct sftp_mem): Use UINT32, instead of
	signed int.
	(sftp_callback_func): New typedef.
	(struct sftp_callback): Changed prototype for nextfun. Changed
	UINT64 to off_t.
	Changed all prototypes to not pass and return structs without
	using pointers.

	* src/sftp/sftp_c.c: General change of calling conventions. Pass
	struct * and const struct *, instead of passing and returning
	structures "by-value".

	* src/sftp/buffer.c (sftp_packet_size): New function.
	(sftp_read_packet): Call clearerr after checking for error and
	eof.

2002-02-06  Niels Mller  <nisse@cuckoo.hack.org>

	Checked in Pontus Skld's lsftp client.
	* src/sftp/Makefile.am (lsftp_SOURCES): New make variable.
	* src/sftp/commands.c: New file.
	* src/sftp/commands.h: New file.
	* src/sftp/dc.c: New file.
	* src/sftp/dc.h: New file.
	* src/sftp/lsftp.c: New file.
	* src/sftp/lsftp.h: New file.
	* src/sftp/misc_fun.c: New file.
	* src/sftp/misc_fun.h: New file.
	* src/sftp/rl.c: New file.
	* src/sftp/rl.h: New file.
	* src/sftp/sftp_bind.c: New file.
	* src/sftp/sftp_bind.h: New file.
	* src/sftp/sftp_c.c: New file.
	* src/sftp/sftp_c.h: New file.
	* src/sftp/str_utils.c: New file.
	* src/sftp/str_utils.h: New file.
	
2002-02-01  Niels Mller  <nisse@cuckoo.hack.org>

	* src/sftp/sftp-test-client.c: Deleted old code.
	(sftp_client_get_status): New function, for parsing -02 draft
	status messages. Use it everywhere.	

	Applied Pontus Skld's patch to comply with the -02 draft.
	* src/sftp/sftp-server.c (sftp_send_status): Added human-readable
	message and language tag. 
	(sftp_process_mkdir): Get file attributes from the message, and
	honor permission bits, if available.
	(sftp_process_readlink): New function.
	(sftp_process_symlink): New function.
	(main): Added sftp_process_readlink and sftp_process_symlink to
	the dispatch table.

	* src/sftp/sftp.h (SSH_FXP_READLINK, SSH_FXP_SYMLINK): New message
	types. 

2002-01-31  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lsh-pam-checkpw.c: Cosmetic changes.

	* src/Makefile.am.in (sbin_PROGRAMS): Added @PAM_PROGRAM@.

	* configure.in: PAM configuration. Command line option
	--disable-pam, check for security/pam_appl.h, substitution of
	PAM_PROGRAM. 

Niels Möller's avatar
Niels Möller committed
748
749
750
751
2002-01-31  Niels Mller  <nisse@lysator.liu.se>

	* src/lsh-writekey.c (open_public_file): Fixed error message.

Niels Möller's avatar
Niels Möller committed
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
2002-01-24  Niels Mller  <nisse@cuckoo.hack.org>

	* src/sexp.c (sexp_format): Add a newline at the end of
	expressions in transport syntax.

	* src/sexp-conv.c (process_replace): New function.
	(parse_replace): New function.
	(main_options): New option --replace.
	(main_argp_parser): Handle OPT_REPLACE.
	(main): Call io_init and io_final. Needed to get the callback
	registered by the gc to work.
	(main): Call process_replace.
	(main): Don't add trailing newlines; let sexp_format do that.

	* src/io.c: Added assert checking that source is non-NULL, in
	functions that need it. 

	* src/gc.c (gc): Print a verbose message at the start of gc. 

Niels Möller's avatar
Niels Möller committed
771
772
2002-01-22  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
773
774
775
	* src/unix_interact.c (do_make_raw): Added FIXME: about tty TIME
	and VMIN settings.

Niels Möller's avatar
Niels Möller committed
776
777
778
	* src/scm/gaba.scm (make-class): Added FIXME:-comment about
	offsetof. 

Niels Möller's avatar
Niels Möller committed
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
2002-01-21  Niels Mller  <nisse@cuckoo.hack.org>

	* src/xalloc.h (NEW_VAR_OBJECT, CLONE_VAR_OBJECT,
	CLONED_VAR_OBJECT): New macros. 

	* src/xalloc.c (lsh_var_alloc): New function.
	(lsh_object_alloc): Use lsh_var_alloc.
	(lsh_var_clone): New function.
	(lsh_object_clone): Use lsh_var_clone.

	* src/list.c (lsh_list_alloc): Moved function here, from xalloc.c.
	Now uses lsh_var_alloc.

2002-01-20  Niels Mller  <nisse@cuckoo.hack.org>

	* src/crypto.c (hash_update, hash_digest, hash_copy, make_hash):
	New functions using struct nettle_hash.
	(make_hmac_algorithm): Reorganized hmac implementation again. Now
	uses struct nettle_hash.
	Updated all users.

	* src/algorithms.c (all_symmetric_algorithms): Changed back to use
	make_hmac_algorithm. 

	* src/abstract_crypto.h (hash_instance): Rewrote, use nettle,
	replaced methods with ordinary functions.
	(mac_instance): New class, before it was just analias for
	hash_instance.

	* src/Makefile.am.in (liblsh_a_SOURCES): Removed md5.c and sha.c. 

2002-01-17  Niels Mller  <nisse@cuckoo.hack.org>

	* src/md5.c, src/sha.c: Deleted files. The wrapper code was moved
	to crypto.c, and now uses struct nettle_hash.

2002-01-16  Niels Mller  <nisse@cuckoo.hack.org>

	* src/pkcs5-test.c (main): Use crypto_hmac_sha1_algorithm.

	* src/lock_file.c (do_lsh_file_lock): Improved error message.

	* src/algorithms.c (all_symmetric_algorithms): Don't use
	make_hmac_algorithm. 

	* src/crypto.c: Rewrote the hmac code to use Nettle.

	* src/hmac.c, src/Makefile.am.in: Deleted file hmac.c.

Niels Möller's avatar
Niels Möller committed
828
829
2002-01-14  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
830
831
832
833
	* src/rsa.c (make_rsa_signer): Take advantage of rsa_public_key
	and rsa_private_key being independent structs now. General cleanup
	and deletion of old code.

Niels Möller's avatar
Niels Möller committed
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
	* src/spki.c (spki_hash_sexp): Bugfix, don't hash the data once.
	Bug reported by Werner Koch.

	* src/sexp_parser.c (sexp_parse): Added advanced-hex syntax, as an
	alias for the ordinary (but not implemented) advanced syntax.

	* src/sexp.c: Added new format "advanced-hex" that uses hex
	instead of base64.
	(encode_hex): New function.

	* src/rsa_keygen.c (rsa_generate_key): Renamed key type to
	"rsa-pkcs1". 

	* src/rsa.c: Use nettle's rsa implementation. Deleted support for
	rsa-md5. Needs some more cleanup.

	* src/publickey_crypto.h: Moved rsa-related declarations here.

	* src/rsa.h: rsa.h is now obsolete.

	* src/lsh.c (read_user_keys): Added ATOM_RSA_PKCS1.
	* src/server.c (read_host_key): Likewise.

	* src/format.c (format_hex_string): Export this function.

	* src/atoms.in: Added "rsa-pkcs1".

	* src/algorithms.c (all_signature_algorithms): Deleted support for
	rsa-md5. 

2002-01-13  Niels Mller  <nisse@cuckoo.hack.org>

	* configure.in (lsh_cv_c_attribute): Consider __FUNCTION__ broken
	in gcc-3.

Niels Möller's avatar
Niels Möller committed
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
2002-01-09  Niels Mller  <nisse@cuckoo.hack.org>

	* src/dsa.c (dsa_hash): Don't call sha1_final.
	* src/dsa_keygen.c (hash): Likewise.

	* src/lsh.h (struct lsh_string_header): Empty structs are not
	allowed by ANSI-C, so don't declare this one unless debugging is
	enabled. 

	* src/lsh_proxy.c: Don't use randomness_with_poll.

	* src/lshd.c (main): Pass the correct type to make_simple_kexinit.

	* src/md5.c (do_md5_digest): Don't call md5_final and md5_init. 

	* src/sha.c (do_sha_digest): Don't call sha1_final and sha1_init. 

	* src/rsync/generate.c, src/rsync/receive.c, src/rsync/send.c:
	Removed calls of md5_final.

Niels Möller's avatar
Niels Möller committed
889
890
891
892
2001-12-16  Niels Mller  <nisse@cuckoo.hack.org>

	* Released lsh-1.3.6.

Niels Möller's avatar
Niels Möller committed
893
894
895
896
897
898
899
900
901
902
903
2001-12-16  Niels Mller  <nisse@lysator.liu.se>

	* src/lock_file.c: Include sys/types.h and sys/stat.h, needed on
	Solaris. 

2001-12-14  Niels Mller  <nisse@lysator.liu.se>

	* src/dsa_keygen.c (dsa_generate_key): Fixed declaration and code
	mixup. 
	* src/rsa_keygen.c (rsa_generate_key): Likewise.

Niels Möller's avatar
Niels Möller committed
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
2001-12-14  Niels Mller  <nisse@cuckoo.hack.org>

	* src/testsuite/Makefile.am (CLEANFILES, DISTCLEANFILES): Added
	fiels generated by the test, in order to make make distcheck
	happy. 

	* src/used_headers: Update for automake-1.5, dependency files are
	now named foo.Po.

	* src/Makefile.am.in: Changed rules for prime_table.h and
	digit_table.h. Now they depend only on the source file, not on the
	executable. 

	* doc/lsh.texinfo (lsh-make-seed): New section.
	(Files and environment variables): Wrote a file list.

2001-12-12  Niels Mller  <nisse@cuckoo.hack.org>

	* doc/lsh.texinfo (Files and environment variables): Documented
	environment variables.

	* misc/make-dist: Deleted the strip_rsa function.

	* src/testsuite/functions.sh (LSH_YARROW_SEED_FILE): Export
	variable. Also create the seed file if needed.

	* src/testsuite/seed-test: Use the -q --sloppy flags when invoking
	lsh-make-seed. 

	* src/sexp.c (sexp_format): Add newline at the end of the
	"advanced" syntax representation. Changed all internal uses of
	sexp_format to use the method SEXP_FORMAT instead.

	* src/sexp-conv.c (main): Deleted code for newline-terminating
	output. 

	* src/rsa.c (make_rsa_signer): Call mpz_init for all bignum
	instance variables.

	* src/lsh-make-seed.c: New option --server.
	(main): If invoked with the quiet option (-q), never ask the user
	to type randomly.

	* src/lock_file.h (LSH_FILE_LOCK): New argument RETRIES.

	* src/lock_file.c (do_lsh_file_lock): If locking fails,
	optionally retry a few times.

	* src/client_x11.c (make_forward_x11): Assert that the randomness
	generator is of "good" quality.
	* src/rsa_keygen.c (rsa_generate_key): Likewise.
	* src/keyexchange.c (make_simple_kexinit): Likewise.
	* src/dsa_keygen.c (dsa_generate_key): Likewise.
	* src/dsa.c (generic_dsa_sign): Likewise.
	* src/dh_exchange.c (make_dh): Likewise.

	* src/Makefile.am.in (sbin_PROGRAMS): Install lsh-krb-checkpw in
	$prefix/sbin, not $prefix/bin.

	* src/randomness.c: Deleted old generators.

	* src/randomness.h: Deleted all classes but randomness. New method
	RANDOM_ADD. 

	* src/unix_random.c: Rewrote to use yarrow. Updated users.

	* src/werror.c (werror_progress): Fixed test of verbose and quite
	flags. 

2001-12-08  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lsh-pam-checkpw.c: New helper program for verifying
	passwords against PAM. Written by Pontus Skld.

2001-12-07  Niels Mller  <nisse@cuckoo.hack.org>

	* src/unix_user.c: Added comments on how to fix use of setuid.

	* src/lsh-make-seed.c: Added option --sloppy.

	* src/lsh-execuv.c: New file. Helper program for securely exec:ing
	user programs. 

Niels Möller's avatar
Niels Möller committed
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2001-12-05  Niels Mller  <nisse@cuckoo.hack.org>

	* src/werror.c (werror_progress): New function.

	* src/ssh-conv: Shortened if-statement.

	* src/lsh-make-seed.c (main_argp_parser): Use the right default
	file name.
	(get_dev_mem): #if:ed out this code, it's dangerous on some
	systems.
	(get_system): Implemented this, including reading some /proc
	files. Implemented
	(get_interact): Implemented.
	(main): Move locking later, until we want to write the file.