ChangeLog 122 KB
Newer Older
Pontus Freyhult's avatar
Pontus Freyhult committed
1
2
2002-03-20  Pontus Skld  <pont@r3>

Pontus Freyhult's avatar
Pontus Freyhult committed
3
4
5
6
7
8
9
	* src/testsuite/lsh-1-test: Run "exec 0" instead of "exec" in case
	the last command in the user's startup files ended with nonzero
	exit status.

	* src/testsuite/lsh-5-test: Likewise.
	* src/testsuite/lsh-6-test: Likewise.
	
Pontus Freyhult's avatar
Pontus Freyhult committed
10
11
12
	* src/testsuite/lshg-1-test: grep -q changed to redirection to
	/dev/null.

Pontus Freyhult's avatar
Pontus Freyhult committed
13
14
	* src/testsuite/ssh1-fallback-test: Likewise.
	
Niels Möller's avatar
Niels Möller committed
15
16
17
18
19
2002-03-20  Niels Mller  <nisse@cuckoo.hack.org>

	* src/testsuite/run-tests (test_program): Added missing single
	quote.

Niels Möller's avatar
Niels Möller committed
20
21
22
23
24
2002-03-20  Niels Mller  <nisse@lysator.liu.se>

	* src/testsuite/lsh-7-test: Rewrote !command-expressions as an if
	expression, to work with /bin/sh.

Niels Möller's avatar
Niels Möller committed
25
26
27
28
29
2002-03-20  Niels Mller  <nisse@cuckoo.hack.org>

	* src/io.c (address_info2sockaddr): Zero-terminate the
	default_preferences list.

Niels Möller's avatar
Niels Möller committed
30
31
2002-03-20  Niels Mller  <nisse@lysator.liu.se>

Niels Möller's avatar
Niels Möller committed
32
33
34
	* src/client_session.c (make_client_session_channel): Clear the
	CHANNEL_CLOSE_AT_EOF flag.

Niels Möller's avatar
Niels Möller committed
35
36
37
38
39
40
41
42
43
44
	* src/testsuite/run-tests (test_program): Test the exit status of
	the right process.

	* src/testsuite/fail-test: New, always failing, testcase. For
	testing run-tests.

	* src/testsuite/functions.sh (at_connect): Don't use -- in
	argument list to mini-inetd, appearantly Solaris' getopt
	doesn't handle that. 

Niels Möller's avatar
Niels Möller committed
45
46
47
48
49
50
51
2002-03-19  Niels Mller  <nisse@lysator.liu.se>

	* src/io.c (address_info2sockaddr): Prefer AF_INET addresses over
	AF_INET6 (as it seems common that localhost has an ipv6 address
	that doesn't work). Even better would be to try all addresses, but
	that has to wait for later.

Pontus Freyhult's avatar
Pontus Freyhult committed
52
53
54
55
56
57
58
2002-03-19  Pontus Skld  <pont@docs.uu.se>

	* src/sftp/testsuite/*-test: grep -q is XPG4, which not all
	greps (notably Solaris /bin/grep) are.

	* src/sftp/testsuite/run-tests: Replaced bashims.
	
Pontus Freyhult's avatar
Pontus Freyhult committed
59
60
61
62
63
64
65
66
2002-03-19  Pontus Skld  <pont@it.uu.se>

	* src/testsuite/seed-test: Fixed bashism.

2002-03-19  Pontus Skld  <pont@it.uu.se>

	* src/testsuite/run-tests: Replaced bashims.

Pontus Freyhult's avatar
Pontus Freyhult committed
67
68
69
70
71
72
73
2002-03-19  Pontus Skld  <pont@it.uu.se>

	* src/unix_process.c: Added GETUTXID and UPDWTMPX.
	(do_utmp_cleanup): Write cleared entry to wtmp{,x} with
	updwtmp{,x} if logwtmp is not available.
	(utmp_book_keeping): Likewise.	 

Niels Möller's avatar
Niels Möller committed
74
75
76
77
2002-03-18  Niels Mller  <nisse@lysator.liu.se>

	* src/lsh-pam-checkpw.c: Include stdlib.h.

Niels Möller's avatar
Niels Möller committed
78
79
2002-03-18  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
80
81
82
83
84
85
86
87
88
89
90
91
	* src/testsuite/conv-3-test: New test program.

	* contrib/lshd.debian.init: Check for existance of
	/var/spool/lsh/yarrow-seed-file.
	(restart): New target, which sends SIGHUP to the running lshd and
	then starts a new one.

	* src/testsuite/runtests: Old testscript removed.

	* src/testsuite/Makefile.am (check-some, check-more): Use
	run-tests, not runtests.

Niels Möller's avatar
Niels Möller committed
92
93
94
	* src/io.c (io_run): Check for OOP_ERROR. This means we need at
	least liboop-0.8. 

Niels Möller's avatar
Niels Möller committed
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
	* src/server_userauth.c (do_handle_userauth): Free username on
	failure. 

	* src/server_publickey.c (do_authenticate): Free username and
	keyblob on failure. 

	* src/lshd.c (lshd_options): New field resources, that keeps track
	of resources to be killed at sighup or program exit.
	(make_lshd_options): Create the resource list, and register it
	with the gc.
	(pid_file_resource): New class.
	(sighup_close_callback): New class.
	(do_sighup_close_callback): New SIGHUP handler.
	(make_sighup_close_callback): New function.
	(close_on_sighup): New command.
	(make_lshd_listen): Close listen socket on SIGHUP.
	(do_terminate_callback): Always catch SIGTERM.
	(install_signal_handlers): Renamed the function
	install_terminate_handler. Now installs handlers for both SIGHUP
	and SIGTERM.
	(main): Arrange for the pidfile to be deleted at exit or SIGHUP.

	* src/io.c (nfiles): New global variable.
	(lsh_oop_stop_callback): New function.
	(lsh_oop_stop): New function.
	(lsh_oop_cancel_stop): New function.
	(io_nfiles): New function.
	(close_fd): Decrement nfiles, and call lsh_oop_stop when no files
	are left. 
	(make_lsh_fd): Increment nfiles.

	* src/format.c (ssh_format): Use the format string as the
	debugging "clue" for the string.

	* configure.in (CFLAGS): Don't use -ggdb3, as it seems to be
	broken on sparc.

	* src/unix_process.c: Unified utmp/utmpx code.

Pontus Freyhult's avatar
Pontus Freyhult committed
134
135
2002-03-18  Pontus Skld  <pont@it.uu.se>

Pontus Freyhult's avatar
Pontus Freyhult committed
136
137
138
	* src/unix_process.c: Make certain WTMP_FILE and WTMPX_FILE are
	defined.

Pontus Freyhult's avatar
Pontus Freyhult committed
139
140
141
142
	* configure.in: Can't check for structs with AC_CHECK_MEMBER,
	check for a sub member instead.

	* src/unix_process.c (do_utmp_cleanup): Rewrote to use utmpx if
Niels Möller's avatar
Niels Möller committed
143
	both utmpx and utmp is available. Also, don't search for an
Pontus Freyhult's avatar
Pontus Freyhult committed
144
145
146
147
148
149
150
	existing entry but construct a new one and putut{,x}line it.
	Don't clear fields explicitly (the memset).
	
	(utmp_book_keeping): Prefer utmpx, and don't search for existing
	entries.
	Bugfix: gettimeofday takes two arguments, pass 0 as second (timezone).

Pontus Freyhult's avatar
Pontus Freyhult committed
151
152
2002-03-18  Pontus Skld <pont@it.uu.se>

Pontus Freyhult's avatar
Pontus Freyhult committed
153
	* configure.in: Check for utmpx symmetrically to utmp. Check for
Pontus Freyhult's avatar
Pontus Freyhult committed
154
155
	more members of struct utmp. Check for members of struct utmpx.

Niels Möller's avatar
Niels Möller committed
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
2002-03-18  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lsh-keygen.c (main): Updated to use the rewritten
	rsa_generate_key. 

2002-03-17  Niels Mller  <nisse@cuckoo.hack.org>

	* src/rsa_keygen.c (rsa_generate_key): Rewrote to use nettle's RSA
	key generation. Deleted the argument E.

	* src/lsh-writekey.c (main_argp_parser): Initialize a randomness
	generator only if needed (i.e. if the key is going to be
	encrypted), and let the --server determine which seed-file is
	used. 

	* src/lsh-writekey.c (main): New option --server, that writes the
	output files where the server expects its host key.

	* src/lsh-writekey.c (main): Check that files doesn't exist before
	reading the key, but don't create the files until they are
	actually written to.
	(file_exists): New fucntion.
	(check_file): New function.
	(open_file): New function.
	(open_private_file): Deleted function.
	(open_public_file): Deleted function.

	* src/lsh-keygen.c (do_lsh_keygen_handler): Deleted obsolete
	function.

	* src/lsh-keygen.c (main): New option --server, that uses the
	server's seed-file.

	* src/unix_user.c (safe_close): New function.
	(do_spawn): Avoid close(-1).

192
193
194
195
196
197
198
2002-03-17  Pontus  <pont@it.uu.se>

	* src/unix_process.c (do_utmp_cleanup): Set ut_type to
	USER_PROCESS before calling getutid (neccessary on my Linux
	system, and shouldn't break anything). Make a working copy to
	modify. Do some logging.

Niels Möller's avatar
Niels Möller committed
199
200
2002-03-16  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
	* src/unix_user.c (exec_shell): Bugfix, fixed test for login-mode.

	* src/unix_process.c (do_utmp_cleanup): Compute suitable values
	for ut_line and ut_id.
	(strip_tty_name): Deleted function.
	(do_utmp_cleanup): Modify utmp by setutmp, getutid, pututline.
	(utmp_book_keeping): Likewise.

	* configure.in (SCHEME_NAME): Simple check for gmp.h, don't look
	for gmp2/gmp.h.
	Check for ut_time, ut_tv, ut_pid and ut_exit memebers in struct
	utmp. 
	Check for __gmpz_getlimbn, introduced in gmp-3.1. Dropped support
	for gmp2 (as Nettle doesn't support it anyway).

	* src/unix_user.c (do_chdir_home): Deleted function.
	(change_uid): Deleted function.

	* src/unix_process.c (unix_process_setup): Removed login argument
	again. 
	(utmp_book_keeping): Always create utmp entries as USER_PROCESS,
	not LOGIN_PROCESS.

Niels Möller's avatar
Niels Möller committed
224
225
226
227
228
229
230
231
232
233
234
235
236
237
	* src/unix_user.c (do_fork_process): Deleted function.
	(do_exec_shell): Deleted function.

	* src/userauth.h (USER_CHDIR_HOME): Deleted method.
	(USER_FORK): Deleted method.
	(USER_EXEC): Deleted method.

	* src/unix_user.c (make_process_resource): Deleted old code.

	* src/server_session.c (spawn_process): Deleted old code.
	(shell_request_handler): Likewise.
	(exec_request_handler): Likewise.
	(do_spawn_subsystem): Likewise.

Niels Möller's avatar
Niels Möller committed
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
	* src/server_session.c (format_exit_signal): Removed "Process
	killed by" from the message.
	(spawn_process): Rewrote function, using USER_SPAWN and struct
	spawn_info. Updated the shell_request, exec_request and
	subsystem_request handlers.
	(init_spawn_info): New function.
	(do_spawn_subsystem): Fixed argument list, should be -c <program>. 

	* src/unix_user.c (exec_shell): Added the real login shell to the
	lsh-execuv argument list.
	(do_spawn): Bug fix, don't reference info->pty->tty_name if
	info->pty is NULL.
	(make_unix_user): Initialize the spawn pointer.

	* src/unix_process.c: Added some trace calls.

Niels Möller's avatar
Niels Möller committed
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
2002-03-15  Niels Mller  <nisse@cuckoo.hack.org>

	* src/userauth.h (struct spawn_info): Struct with information for
	the new USER_SPAWN method.
	(USER_SPAWN): New method.

	* src/unix_user.c (chdir_home): New function.
	(exec_shell): New function.
	(do_spawn): New function.
	#if:ed out code that has been moved to unix_process.c.
	(do_lookup_user): Use /bin/sh as login shell if there's no login
	shell in the passwd-database.

	* src/unix_process.c (unix_process_setup): Adding login argument,
	which should be non-zero for a login session.

	* src/reaper.h (reap): Deleted this super class. Updated users.

	* src/Makefile.am.in (liblsh_a_SOURCES): Added unix_process.c.
	(lsh_execuv_LDADD): lsh-execuv need not be linked with liblsh.

	* configure.in: Check for more utmp related functions.

2002-03-14  Niels Mller  <nisse@cuckoo.hack.org>

	* src/unix_process.c: New file, to replace the process stuff in
	unix_user.c

282
283
284
285
2002-03-14  Pontus  <pont@it.uu.se>

	* configure.in: Added check for libpam if PAM is enabled. 

Niels Möller's avatar
Niels Möller committed
286
287
2002-03-14  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
288
	* src/resource.h (REMEMBER_RESOURCE): Deleted method, use an
Niels Möller's avatar
Niels Möller committed
289
	ordinary fucntion remember_resource instead. Updated all callers.
Niels Möller's avatar
Niels Möller committed
290
291
292
293
294

	* src/resource.c (concrete_resource_list): Deleted class, put all
	information directly in the resource_lsit class.
	(remember_resource): New public function.

Niels Möller's avatar
Niels Möller committed
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
	* configure.in: Removed check for 8-bit clean m4.

	* src/channel.c (do_channels_after_keyexchange): New function.
	(init_connection_service): Call connection_after_keyexchange, to
	start reading again after a key exchange.

	* src/gateway_channel.c (do_send_adjust): Call FLOW_CONTROL_REPORT
	only if i > 0.

	* src/handshake.c (handshake_command): Call
	connection_after_keyexchange.

	* src/connection.h (ssh_connection): Renamed established attribute
	to keyexchange_done.

	* src/connection.c (make_ssh_connection): Deleted the continuation
	argument. 
	(connection_after_keyexchange): New function.

	* src/read_data.c (do_read_data_query): Check the connection's
	send_kex_only flag.

	* src/keyexchange.c (keyexchange_finish): Moved invocation of
	connection->established... 
	* src/connection.c (connection_send_kex_end): ...to here.

	* src/resource.c (do_remember_resource): Assert that resource is
	non-NULL.

	* src/keyexchange.c (send_kexinit): Create a new kexinit struct.
	Disable key-expire timer during the key exchange.
	(make_kexinit_handler): Deleted init argument, it's now stored
	with the connection.
	(SESSION_KEY_LIFETIME_CLIENT, SESSION_KEY_LIFETIME_SERVER): New
	constants. 
	(do_handle_newkeys): Install key expire timeout.
	(set_reexchange_timeout): New function.

	* src/io.c (lsh_oop_register_callout, lsh_oop_cancel_callout):
	Added trace call.

	* src/handshake.c (handshake_command): Store the make_kexinit
	object in the connection's kexinit attribute.

	* src/connection.h (ssh_connection): New attribute kexinit, needed
	for initiating keyexchange. 

	* src/algorithms.c (all_crypto_algorithms): Prefer aes256.
	(default_crypto_algorithms): Likewise.

	* src/Makefile.am.in (EXTRA_PROGRAMS): Added lsh-pam-checkpw.

Niels Möller's avatar
Niels Möller committed
347
348
2002-03-13  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
349
350
351
352
353
354
	* src/keyexchange.c (send_kexinit): Renamed from
	initiate_keyexchange. Updated callers. Disable the key re-exchange
	timer.
	(do_handle_kexinit): Call send_kexinit, instead of duplicating
	it. 

Niels Möller's avatar
Niels Möller committed
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
	* src/testsuite/Makefile.am (TS_PROGS): Added parse-config-test.

	* src/string_buffer.c (string_buffer_putc): New constant
	BUFFER_INCREMENT. Code still not used.

	* src/ssh.h (SSH_FIRST_KEYEXCHANGE_SPECIFIC): New constant.

	* src/parse_config.c (parse_setting): Return a status code, to get
	the handling of ignored keywords right. Updated callers.
	(parse_hosts): Return a status code. Updated callers.

	* src/lshg.c (do_lshg_send_ignore): Use C_WRITE_NOW.

	* src/keyexchange.c (initiate_keyexchange): Call
	connection_send_kex_start. Use C_WRITE_NOW.
	(do_handle_kexinit): Likewise.
	(do_handle_newkeys): For uniformity, reset the NEWKEYS handler to
	&connection_fail_handler, even though NULL should work fine.
	(keyexchange_finish): Use C_WRITE_NOW. Call
	connection_send_kex_end. #if:ed out the code sending DEBUG
	messages at this point.

	* src/handshake.c (compat_info): SSH-3.0 still needs the
	PEER_SEND_NO_DEBUG flag. Also updated code to use the the
	peer_flag enum.

	* src/client_keyexchange.c (do_init_client_dh): Use C_WRITE_NOW.
	(do_handle_srp_reply): Likewise.
	(do_init_client_srp): Likewise.
	* src/server_keyexchange.c (do_handle_dh_init): Likewise.
	(do_srp_server_proof_handler): Likewise.
	(do_server_srp_read_verifier): Likewise.

	* src/config_parse.y: Deleted file, use a recursive-descent parser
	instead. 
	
	* src/Makefile.am.in (liblsh_a_SOURCES): Added parse_config.c.
	Removed disconnect.c

	* src/disconnect.c, src/disconnect.h: Deleted files, code moved to
	connection.c.

	* src/debug.c (send_debug_message): Use C_WRITE_NOW.
	(send_debug, send_verbose): #if:ed out fucntions.

	* src/connection.h (enum connection_flag, enum peer_flag, enum
	kex_state): New enum types.
	(C_WRITE_NOW): New macro.

	* src/connection.c (connection_handle_packet): Don't allow random
	messages during key exchange.
	(connection_disconnect_handler, format_disconnect): Moved code
	from disconnect.c.
	(connection_send): New function, queueing messages during key
	exchange. 
	(connection_send_kex_start): New function.
	(connection_send_kex_end): New function.

2002-03-11  Niels Mller  <nisse@cuckoo.hack.org>

	* src/testsuite/testutils.h: Include werror.h.

	* src/testsuite/parse-config-test.c: New file.

	* src/parse_config.c: Work in progress. Added linenumber handling
	and comments.

Niels Möller's avatar
Niels Möller committed
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
2002-03-05  Niels Mller  <nisse@cuckoo.hack.org>

	Cleaned up the bug compatibility tests.
	* src/handshake.c (compat_peer_flags): New function.
	(do_line): Call compat_peer_flags.

	* src/abstract_crypto.c (hash_string): Declare the input string as
	const. 
	(mac_string): Likewise.

	* src/testsuite/testutils.c (test_hash): New function.
	(test_mac): New function.
	(test_sign): New function.
	(do_bad_random): New function, stupid randomness source for the
	test programs to use.
	(test_spki_match, test_spki_grant, test_spki_deny): New functions.

	* src/testsuite/run-tests: Improved testscript, copied from
	nettle/testsuite. 

	* src/testsuite/testutils.c: Utility functions used by test
	programs. 

	Don't use m4 to generate test programs. Added C files to CVS,
	deleted m4 files. 
	* src/testsuite/Makefile.am: Deleted m4 files and rules.

2002-03-04  Niels Mller  <nisse@cuckoo.hack.org>

	* src/parse_config.c, src/parse_config.h: New files. A lexer and a
	recursive-descent parser for config files.

Niels Möller's avatar
Niels Möller committed
454
455
2002-02-27  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
456
457
	* src/config_parse.y: New file, for parsing config files.

Niels Möller's avatar
Niels Möller committed
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
	* src/unix_interact.c (do_make_raw): Modify the terminal's VMIN
	and VTIME values.

	* src/io.c (io_callout): Added an argument, the number of seconds
	until the callout should be invoked.

	* src/handshake.c (handshake_command): Make the connection timeout
	if handshake is not completed within 10 minutes.

	* src/gc.c (gc_register): Updated call of io_callout.

	* src/connection.c (connection_set_timeout): New function.
	(connection_clear_timeout): New function.

	* src/channel.c (init_connection_service): Cancel the connection's
	timeout timer. 

2002-02-22  Niels Mller  <nisse@cuckoo.hack.org>

	* src/client.c (init_client_options): Initialize port to NULL, in
	order to get the fallback from "ssh" -> 22 to work. FIXED in 1.2
	branch.
	(client_argp_parser): Fixed port error message not to try printing
	NULL. FIXED in 1.2 branch.

Niels Möller's avatar
Niels Möller committed
483
484
485
486
487
488
489
490
491
492
493
2002-02-21  Niels Mller  <nisse@cuckoo.hack.org>

	* src/server_session.c (make_pty): Simple bugfix, pty->master was
	lost too early.
	(spawn_process): Use an extra pipe for syncronization. The parent
	process won't proceed until the child is finished with it's pty
	processing. This works around a Solaris problem where reading the
	master side of the pty before the slave has been opened results in
	EINVAL. 
	(do_alloc_pty): Bugfix, record the new pty properly.

Niels Möller's avatar
Niels Möller committed
494
495
2002-02-19  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
	* src/server_session.c (spawn_process): Let the child process open
	the slave side of the pty.
	(do_alloc_pty): Don't open or touch the slave side of the pty,
	just open the master side and store the mode of the client,a nd
	the window dimensions, in the pty_info struct for use later.

	* src/server_pty.c (do_kill_pty_info): Don't touch slave tty (as
	it's not opened yet).
	(pty_open_master): Renamed the pty_allocate function. Now opens
	only the master pty. Opening the slave as well has too many side
	effects, in particular, pushing the pty-related STREAMS modules
	on Solaris have the side effect of making the pty the controlling
	process of the lshd server (if it's running in daemonic mode).
	(pty_open_slave): Renamed function tty_setctty. Now responsible
	also for opening the slave side of the pty, pushing STREAMS
	modules, and setting the tty state.

	* src/server_pty.h: Include tty.h.
	(pty_info)): Deleted slave attribute. Added attributes dims and
	mode. 

Niels Möller's avatar
Niels Möller committed
517
518
	* configure.in (CPPFLAGS): Don't zap old value.

Niels Möller's avatar
Niels Möller committed
519
520
521
	* src/crypto.c (make_aes_cbc_instance): Use aes_set_encrypt_key
	and aes_set_decrypt_key. aes_set_key is obsolete.

Niels Möller's avatar
Niels Möller committed
522
523
2002-02-07  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
524
525
	* src/sftp/.bootstrap: Added -a flag to automake invocation.

Niels Möller's avatar
Niels Möller committed
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
	* src/sftp/sftp_c.c: Constness fixes.

	* src/sftp/sftp_bind.c (lsftp_open_connection): Bugfix, don't use
	i and i++ in the same expression.
	(lsftp_wait_not_eof): #if:ed out, not used anywhere.
	(lsftp_remove_sftp_cb): Likewise.
	Constness fixes, changed calling conventions not to pass and
	return structs.
	
	* src/sftp/lsftp.c (lsftp_num_commands): Declared function static. 
	(lsftp_interactive_mainloop): Likewise.
	(lsftp_noninteractive_mainloop): Likewise.

	* src/sftp/dc.c (lsftp_dc_free_index): Made function static.
	(lsftp_dc_make_index): Likewise.
	(lsftp_dc_r_sloppy_glob): Likewise.
	(lsftp_dc_path_no_glob): Likewise.
	(lsftp_dc_path_first_glob): Likewise.
	General constification.

	* src/sftp/commands.c: Constification. Fixed warnings for mising
	prototypes and unused arguments. 

	* src/sftp/commands.h (command_func): New typedef.

	* src/sftp/rl.c, src/sftp/rl.h: Fixed prototypes for funtions
	taking no arguments.

	* src/sftp/misc_fun.c (mgetenv): Fixed "valren" typo.
	(lsftp_skip_common): Use const char * for arguments and return
	value. 
	(filename_part): Likewise.

	* src/sftp/str_utils.c (lsftp_unqoute): #if:ed out, this function
	isn't used anywhere.
	Constified, now	uses const char * for most strings.

	* src/sftp/sftp_c.h (struct sftp_mem): Use UINT32, instead of
	signed int.
	(sftp_callback_func): New typedef.
	(struct sftp_callback): Changed prototype for nextfun. Changed
	UINT64 to off_t.
	Changed all prototypes to not pass and return structs without
	using pointers.

	* src/sftp/sftp_c.c: General change of calling conventions. Pass
	struct * and const struct *, instead of passing and returning
	structures "by-value".

	* src/sftp/buffer.c (sftp_packet_size): New function.
	(sftp_read_packet): Call clearerr after checking for error and
	eof.

2002-02-06  Niels Mller  <nisse@cuckoo.hack.org>

	Checked in Pontus Skld's lsftp client.
	* src/sftp/Makefile.am (lsftp_SOURCES): New make variable.
	* src/sftp/commands.c: New file.
	* src/sftp/commands.h: New file.
	* src/sftp/dc.c: New file.
	* src/sftp/dc.h: New file.
	* src/sftp/lsftp.c: New file.
	* src/sftp/lsftp.h: New file.
	* src/sftp/misc_fun.c: New file.
	* src/sftp/misc_fun.h: New file.
	* src/sftp/rl.c: New file.
	* src/sftp/rl.h: New file.
	* src/sftp/sftp_bind.c: New file.
	* src/sftp/sftp_bind.h: New file.
	* src/sftp/sftp_c.c: New file.
	* src/sftp/sftp_c.h: New file.
	* src/sftp/str_utils.c: New file.
	* src/sftp/str_utils.h: New file.
	
2002-02-01  Niels Mller  <nisse@cuckoo.hack.org>

	* src/sftp/sftp-test-client.c: Deleted old code.
	(sftp_client_get_status): New function, for parsing -02 draft
	status messages. Use it everywhere.	

	Applied Pontus Skld's patch to comply with the -02 draft.
	* src/sftp/sftp-server.c (sftp_send_status): Added human-readable
	message and language tag. 
	(sftp_process_mkdir): Get file attributes from the message, and
	honor permission bits, if available.
	(sftp_process_readlink): New function.
	(sftp_process_symlink): New function.
	(main): Added sftp_process_readlink and sftp_process_symlink to
	the dispatch table.

	* src/sftp/sftp.h (SSH_FXP_READLINK, SSH_FXP_SYMLINK): New message
	types. 

2002-01-31  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lsh-pam-checkpw.c: Cosmetic changes.

	* src/Makefile.am.in (sbin_PROGRAMS): Added @PAM_PROGRAM@.

	* configure.in: PAM configuration. Command line option
	--disable-pam, check for security/pam_appl.h, substitution of
	PAM_PROGRAM. 

Niels Möller's avatar
Niels Möller committed
629
630
631
632
2002-01-31  Niels Mller  <nisse@lysator.liu.se>

	* src/lsh-writekey.c (open_public_file): Fixed error message.

Niels Möller's avatar
Niels Möller committed
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
2002-01-24  Niels Mller  <nisse@cuckoo.hack.org>

	* src/sexp.c (sexp_format): Add a newline at the end of
	expressions in transport syntax.

	* src/sexp-conv.c (process_replace): New function.
	(parse_replace): New function.
	(main_options): New option --replace.
	(main_argp_parser): Handle OPT_REPLACE.
	(main): Call io_init and io_final. Needed to get the callback
	registered by the gc to work.
	(main): Call process_replace.
	(main): Don't add trailing newlines; let sexp_format do that.

	* src/io.c: Added assert checking that source is non-NULL, in
	functions that need it. 

	* src/gc.c (gc): Print a verbose message at the start of gc. 

Niels Möller's avatar
Niels Möller committed
652
653
2002-01-22  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
654
655
656
	* src/unix_interact.c (do_make_raw): Added FIXME: about tty TIME
	and VMIN settings.

Niels Möller's avatar
Niels Möller committed
657
658
659
	* src/scm/gaba.scm (make-class): Added FIXME:-comment about
	offsetof. 

Niels Möller's avatar
Niels Möller committed
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
2002-01-21  Niels Mller  <nisse@cuckoo.hack.org>

	* src/xalloc.h (NEW_VAR_OBJECT, CLONE_VAR_OBJECT,
	CLONED_VAR_OBJECT): New macros. 

	* src/xalloc.c (lsh_var_alloc): New function.
	(lsh_object_alloc): Use lsh_var_alloc.
	(lsh_var_clone): New function.
	(lsh_object_clone): Use lsh_var_clone.

	* src/list.c (lsh_list_alloc): Moved function here, from xalloc.c.
	Now uses lsh_var_alloc.

2002-01-20  Niels Mller  <nisse@cuckoo.hack.org>

	* src/crypto.c (hash_update, hash_digest, hash_copy, make_hash):
	New functions using struct nettle_hash.
	(make_hmac_algorithm): Reorganized hmac implementation again. Now
	uses struct nettle_hash.
	Updated all users.

	* src/algorithms.c (all_symmetric_algorithms): Changed back to use
	make_hmac_algorithm. 

	* src/abstract_crypto.h (hash_instance): Rewrote, use nettle,
	replaced methods with ordinary functions.
	(mac_instance): New class, before it was just analias for
	hash_instance.

	* src/Makefile.am.in (liblsh_a_SOURCES): Removed md5.c and sha.c. 

2002-01-17  Niels Mller  <nisse@cuckoo.hack.org>

	* src/md5.c, src/sha.c: Deleted files. The wrapper code was moved
	to crypto.c, and now uses struct nettle_hash.

2002-01-16  Niels Mller  <nisse@cuckoo.hack.org>

	* src/pkcs5-test.c (main): Use crypto_hmac_sha1_algorithm.

	* src/lock_file.c (do_lsh_file_lock): Improved error message.

	* src/algorithms.c (all_symmetric_algorithms): Don't use
	make_hmac_algorithm. 

	* src/crypto.c: Rewrote the hmac code to use Nettle.

	* src/hmac.c, src/Makefile.am.in: Deleted file hmac.c.

Niels Möller's avatar
Niels Möller committed
709
710
2002-01-14  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
711
712
713
714
	* src/rsa.c (make_rsa_signer): Take advantage of rsa_public_key
	and rsa_private_key being independent structs now. General cleanup
	and deletion of old code.

Niels Möller's avatar
Niels Möller committed
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
	* src/spki.c (spki_hash_sexp): Bugfix, don't hash the data once.
	Bug reported by Werner Koch.

	* src/sexp_parser.c (sexp_parse): Added advanced-hex syntax, as an
	alias for the ordinary (but not implemented) advanced syntax.

	* src/sexp.c: Added new format "advanced-hex" that uses hex
	instead of base64.
	(encode_hex): New function.

	* src/rsa_keygen.c (rsa_generate_key): Renamed key type to
	"rsa-pkcs1". 

	* src/rsa.c: Use nettle's rsa implementation. Deleted support for
	rsa-md5. Needs some more cleanup.

	* src/publickey_crypto.h: Moved rsa-related declarations here.

	* src/rsa.h: rsa.h is now obsolete.

	* src/lsh.c (read_user_keys): Added ATOM_RSA_PKCS1.
	* src/server.c (read_host_key): Likewise.

	* src/format.c (format_hex_string): Export this function.

	* src/atoms.in: Added "rsa-pkcs1".

	* src/algorithms.c (all_signature_algorithms): Deleted support for
	rsa-md5. 

2002-01-13  Niels Mller  <nisse@cuckoo.hack.org>

	* configure.in (lsh_cv_c_attribute): Consider __FUNCTION__ broken
	in gcc-3.

Niels Möller's avatar
Niels Möller committed
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
2002-01-09  Niels Mller  <nisse@cuckoo.hack.org>

	* src/dsa.c (dsa_hash): Don't call sha1_final.
	* src/dsa_keygen.c (hash): Likewise.

	* src/lsh.h (struct lsh_string_header): Empty structs are not
	allowed by ANSI-C, so don't declare this one unless debugging is
	enabled. 

	* src/lsh_proxy.c: Don't use randomness_with_poll.

	* src/lshd.c (main): Pass the correct type to make_simple_kexinit.

	* src/md5.c (do_md5_digest): Don't call md5_final and md5_init. 

	* src/sha.c (do_sha_digest): Don't call sha1_final and sha1_init. 

	* src/rsync/generate.c, src/rsync/receive.c, src/rsync/send.c:
	Removed calls of md5_final.

Niels Möller's avatar
Niels Möller committed
770
771
772
773
2001-12-16  Niels Mller  <nisse@cuckoo.hack.org>

	* Released lsh-1.3.6.

Niels Möller's avatar
Niels Möller committed
774
775
776
777
778
779
780
781
782
783
784
2001-12-16  Niels Mller  <nisse@lysator.liu.se>

	* src/lock_file.c: Include sys/types.h and sys/stat.h, needed on
	Solaris. 

2001-12-14  Niels Mller  <nisse@lysator.liu.se>

	* src/dsa_keygen.c (dsa_generate_key): Fixed declaration and code
	mixup. 
	* src/rsa_keygen.c (rsa_generate_key): Likewise.

Niels Möller's avatar
Niels Möller committed
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
2001-12-14  Niels Mller  <nisse@cuckoo.hack.org>

	* src/testsuite/Makefile.am (CLEANFILES, DISTCLEANFILES): Added
	fiels generated by the test, in order to make make distcheck
	happy. 

	* src/used_headers: Update for automake-1.5, dependency files are
	now named foo.Po.

	* src/Makefile.am.in: Changed rules for prime_table.h and
	digit_table.h. Now they depend only on the source file, not on the
	executable. 

	* doc/lsh.texinfo (lsh-make-seed): New section.
	(Files and environment variables): Wrote a file list.

2001-12-12  Niels Mller  <nisse@cuckoo.hack.org>

	* doc/lsh.texinfo (Files and environment variables): Documented
	environment variables.

	* misc/make-dist: Deleted the strip_rsa function.

	* src/testsuite/functions.sh (LSH_YARROW_SEED_FILE): Export
	variable. Also create the seed file if needed.

	* src/testsuite/seed-test: Use the -q --sloppy flags when invoking
	lsh-make-seed. 

	* src/sexp.c (sexp_format): Add newline at the end of the
	"advanced" syntax representation. Changed all internal uses of
	sexp_format to use the method SEXP_FORMAT instead.

	* src/sexp-conv.c (main): Deleted code for newline-terminating
	output. 

	* src/rsa.c (make_rsa_signer): Call mpz_init for all bignum
	instance variables.

	* src/lsh-make-seed.c: New option --server.
	(main): If invoked with the quiet option (-q), never ask the user
	to type randomly.

	* src/lock_file.h (LSH_FILE_LOCK): New argument RETRIES.

	* src/lock_file.c (do_lsh_file_lock): If locking fails,
	optionally retry a few times.

	* src/client_x11.c (make_forward_x11): Assert that the randomness
	generator is of "good" quality.
	* src/rsa_keygen.c (rsa_generate_key): Likewise.
	* src/keyexchange.c (make_simple_kexinit): Likewise.
	* src/dsa_keygen.c (dsa_generate_key): Likewise.
	* src/dsa.c (generic_dsa_sign): Likewise.
	* src/dh_exchange.c (make_dh): Likewise.

	* src/Makefile.am.in (sbin_PROGRAMS): Install lsh-krb-checkpw in
	$prefix/sbin, not $prefix/bin.

	* src/randomness.c: Deleted old generators.

	* src/randomness.h: Deleted all classes but randomness. New method
	RANDOM_ADD. 

	* src/unix_random.c: Rewrote to use yarrow. Updated users.

	* src/werror.c (werror_progress): Fixed test of verbose and quite
	flags. 

2001-12-08  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lsh-pam-checkpw.c: New helper program for verifying
	passwords against PAM. Written by Pontus Skld.

2001-12-07  Niels Mller  <nisse@cuckoo.hack.org>

	* src/unix_user.c: Added comments on how to fix use of setuid.

	* src/lsh-make-seed.c: Added option --sloppy.

	* src/lsh-execuv.c: New file. Helper program for securely exec:ing
	user programs. 

Niels Möller's avatar
Niels Möller committed
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
2001-12-05  Niels Mller  <nisse@cuckoo.hack.org>

	* src/werror.c (werror_progress): New function.

	* src/ssh-conv: Shortened if-statement.

	* src/lsh-make-seed.c (main_argp_parser): Use the right default
	file name.
	(get_dev_mem): #if:ed out this code, it's dangerous on some
	systems.
	(get_system): Implemented this, including reading some /proc
	files. Implemented
	(get_interact): Implemented.
	(main): Move locking later, until we want to write the file.
	Implemented the actual writing of the seed-file data.

	* src/lsh-authorize: Fixed bash-isms, don't use "if !", use "$HOME"
	rather than "~".

	* src/lock_file.c (do_lsh_file_lock): Initialize info attribute in
	new object.
	(do_lsh_file_lock_p): New function, corresponding to a new method
	for checking if a lock exists, without creating one.

	* src/client_x11.c (make_client_x11_display): Fixed werror format
	string. 

	* src/channel_forward.c: Use CAST_SUBTYPE in channel_forward's
	methods. Needed because it is subclassed as client_x11_channel.

	* src/Makefile.am.in (liblsh_a_SOURCES): Added lock_file.c.

2001-12-02  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lock_file.c, src/lock_file.c: New files. Locking mechanism
	for the seed file.

Niels Möller's avatar
Niels Möller committed
905
906
907
908
909
910
911
912
913
914
2001-11-23  Niels Mller  <nisse@ehand.com>

	* src/sftp/sftp-server.c (sftp_process_readdir): Clear errno
	before calling readdir.

2001-11-22  Niels Mller  <nisse@ehand.com>

	* src/sftp/sftp-server.c (sftp_attrib_from_stat): Bugfix, use |,
	not ||. Noticed by Pontus Skld.

Niels Möller's avatar
Niels Möller committed
915
916
917
918
919
920
921
922
2001-11-20  Niels Mller  <nisse@ehand.com>

	* src/zlib.c (make_zlib_instance): Check return valus from
	inflateInit and deflateInit.

	* src/lsh-make-seed.c (update_zlib): New function.
	(get_dev_mem): Implemented reading of /dev/mem.

Niels Möller's avatar
Niels Möller committed
923
924
925
926
927
2001-11-14  Niels Mller  <nisse@cuckoo.hack.org>

	* src/lsh-make-seed.c (get_dev_random): Implement reading of
	/dev/random.

Niels Möller's avatar
Niels Möller committed
928
929
930
931
932
933
934
935
936
2001-11-14  Niels Mller  <nisse@ehand.com>

	* src/Makefile.am.in (bin_PROGRAMS): Added lsh-make-seed.

	* src/lsh-make-seed.c: New program, for creating the initial seed
	file. 

	* src/testsuite/seed-test: New file, testing lsh-make-seed.

Niels Möller's avatar
Niels Möller committed
937
938
939
940
2001-11-06  Niels Mller  <nisse@cuckoo.hack.org>

	* configure.in: Bumped version to 1.3.6.

Niels Möller's avatar
Niels Möller committed
941
942
943
944
945
2001-11-02  Niels Mller  <nisse@ehand.com>

	* src/server_session.c (do_eof): Use close_fd_write instead of
	close_fd_nicely. 

Niels Möller's avatar
Niels Möller committed
946
947
948
949
950
2001-10-30  Niels Mller  <nisse@lysator.liu.se>

	* src/client_session.c (make_client_session_channel): Added
	fixme-comment. 

Niels Möller's avatar
Niels Möller committed
951
952
953
954
955
956
957
958
959
960
961
2001-10-30  Niels Mller  <nisse@ehand.com>

	* src/channel_forward.c (do_channel_forward_eof): Don't call
	shutdown(), use close_fd_write instead.

	* src/io.c (do_write_callback): Use close_fd_write if buffer is
	closed and becomes empty.
	(close_fd_write): New function.

	* src/rsa.c: Comment fixes.

Niels Möller's avatar
Niels Möller committed
962
963
964
965
966
967
2001-10-29  Niels Mller  <nisse@ehand.com>

	* src/testsuite/Makefile.am (TS_MORE_SH): Added lshg-1-test.

	* src/server_session.c (do_eof): Signal EOF on the process' stdin. 

Niels Möller's avatar
Niels Möller committed
968
969
970
971
972
973
974
975
976
977
978
979
2001-10-26  Niels Mller  <nisse@ehand.com>

	* src/sftp/sftp-server.c (sftp_process_read): Use the same type
	for done as for length, UINT32.

	* src/xauth.c (xauth_lookup): Bugfix for ipv6 addresses.

2001-10-25  Niels Mller  <nisse@ehand.com>

	* src/sftp/buffer.c (READ_UINT64): Use off_t instead of UINT64,
	which isn't defined.

Niels Möller's avatar
Niels Möller committed
980
981
982
983
984
985
986
987
988
989
2001-10-24  Niels Mller  <nisse@ehand.com>

	* src/read_packet.c (do_read_packet): If we get EOF on a packet
	boundary, raise EXC_FINISH_READ, not EXC_PROTOCOL.

	* src/connection.c (do_exc_connection_handler): Added a comment
	for the EXC_FINISH_READ case.

	* configure.in (BASH): Unset BASH if it has the value "/bin/sh".

Niels Möller's avatar
Niels Möller committed
990
991
992
993
994
995
996
997
998
999
1000
2001-10-23  Niels Mller  <nisse@cuckoo.hack.org>

	* src/testsuite/lshg-1-test: New test program.

	* src/client.c (make_subsystem_request): New function, contributed
	by Pontus Skld.
	(client_options): New option --subsystem.
	(client_subsystem_session): New function.
	(client_command_session): Don't ask for a pty by default.
	(client_maybe_pty): New argument default_pty.
	(client_argp_parser): Handle subsystem option.