ChangeLog 155 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
5
2003-01-08  Niels Mller  <niels@s3.kth.se>

	* src/Makefile.am.in (environ.h): New rule for creating environ.h
	from environ.h.in.

Niels Möller's avatar
Niels Möller committed
6
7
8
9
10
11
2003-01-02  Niels Mller  <nisse@cuckoo.hack.org>

	* src/Makefile.am.in (SUBDIRS): Compile in spki subdir.

	* configure.ac: Configure subdir src/spki.

Niels Möller's avatar
Niels Möller committed
12
13
14
15
2003-01-02  Niels Mller  <niels@s3.kth.se>

	* src/io.c (lsh_popen): New function.

Pontus Freyhult's avatar
Pontus Freyhult committed
16
17
18
19
20
21
22
23
24
2003-01-02  Pontus Skld  <pont@soua.net>

	* configure.ac: Check for alarm.

	* src/lsh-pam-checkpw.c (main): Set an alarm to exit after TIMEOUT
	(currently 600) seconds.

	* src/lsh-krb-checkpw.c (main): Dito.

Niels Möller's avatar
Niels Möller committed
25
26
27
28
29
2002-12-11  Niels Mller  <niels@s3.kth.se>

	* src/lsh-writekey.c (process_private): If no encryption, dup the
	input string.

Niels Möller's avatar
Niels Möller committed
30
31
32
33
34
35
36
37
38
39
40
41
42
2002-12-04  Niels Mller  <nisse@cuckoo.hack.org>

	* src/dsa.c (do_dsa_sign): Use %0s, not %z, when formatting
	s-expressions. 
	(do_dsa_public_spki_key): Likewise.
	* src/spki.c (spki_pkcs5_encrypt): Likewise.
	(make_ssh_hostkey_tag): Likewise.
	(spki_hash_data): Likewise.
	* src/rsa_keygen.c (rsa_generate_key): Likewise.
	* src/rsa.c (do_rsa_public_spki_key): Likewise.
	* src/lsh.c (do_lsh_lookup): Likewise.
	* src/dsa_keygen.c (dsa_generate_key): Likewise.

Niels Möller's avatar
Niels Möller committed
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
2002-11-16  Niels Mller  <nisse@cuckoo.hack.org>

	* src/testsuite/key-1.private, src/testsuite/key-2.private:
	Updated keys. 

	* src/testsuite/conv-1-test, src/testsuite/conv-2-test,
	src/testsuite/dsa-test.c, src/testsuite/export-1-test,
	src/testsuite/rsa-test.c: Updated key s-expressions to match new
	format. Positive numbers must start with an octed with the most
	significant bit zero.

	* src/srp_exchange.c (srp_hash_password): Use
	nettle_mpz_set_str_256_u. 
	(make_srp_entry): Check sign of verifier.

	* src/spki.c (spki_pkcs5_decrypt): Use sexp_iterator_get_uint32.

	* src/sexp.c (lsh_sexp_to_uint32): Deleted function (similar
	function added to nettle, sexp_iterator_get_uint32).

	* src/rsa.c (do_rsa_verify): Use nettle_mpz_set_str_256_u.

	* src/parse.c (parse_bignum): Use nettle_mpz_set_str_256_s.

	* src/format.c (ssh_vformat_length): Use nettle's bignum
	functions. 
	(ssh_vformat_write): Likewise.

	* src/dsa.c (do_dsa_verify): Use nettle_mpz_set_str_256_u.
	(dsa_blob_length): Use nettle_mpz_sizeinbase_256_u.
	(dsa_blob_write): Use nettle_mpz_get_str_256.

	* src/bignum.c (limbs_to_octets): Deleted function.
	(bignum_parse_s): Deleted function.
	(mpz_size_of_complement): Deleted function.
	(bignum_format_s_length): Deleted function.
	(bignum_format_s): Deleted function.
	(bignum_parse_u): Deleted function.
	(bignum_format_u_length): Deleted function.
	(bignum_write): Deleted function.
	(bignum_format_u): Deleted function.
	(bignum_random_size): Made static.
	(bignum_random_size): Use nettle_mpz_set_str_256_u.

	* src/Makefile.am.in (lshg_LDADD): lshg needs to be linked with
	nettle now, that the bignum functions used by ssh_format have
	moved there. It should be possible to get lshg to work without
	either nettle or gmp, currently it won't.

Niels Möller's avatar
Niels Möller committed
92
93
94
95
96
2002-11-13  Niels Mller  <niels@s3.kth.se>

	* src/spki.c (do_spki_authorize): Need braces around
	FOR_OBJECT_QUEUE loop.

Niels Möller's avatar
Niels Möller committed
97
98
2002-11-11  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
99
100
	* src/Makefile.am.in (noinst_PROGRAMS): Don't build prime_table.  

Niels Möller's avatar
Niels Möller committed
101
102
103
	* src/digit_table.c: Deleted file.
	* src/prime_table.c: Deleted file.
	* src/sexp_parser.c: Deleted file.
Niels Möller's avatar
Niels Möller committed
104
	* src/digits.c: Deleted file.
Niels Möller's avatar
Niels Möller committed
105
106
107
108
109
110
111
112
113
114
115
	
	* src/bignum.c (bignum_small_factor): Deleted function.
	(bignum_next_prime): Deleted function.
	(bignum_random_prime): Deleted function.

	* src/lsh-decode-key.c (main): Use nettle's functions for base64
	decoding. 

	* src/Makefile.am.in: Don't build digit_table.h.
	(liblsh_a_SOURCES): Removed digits.c.

Niels Möller's avatar
Niels Möller committed
116
117
2002-11-10  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
118
119
120
121
122
123
	* src/lsh.c (do_lsh_default_handler): Deleted handling of obsolete
	exception types EXC_SEXP_SYNTAX and EXC_SPKI_TYPE.
	* src/lshd.c (do_exc_lshd_handler): Likewise.

	* src/srp_exchange.c (srp_make_verifier): Adapted to new sexp
	code.
Niels Möller's avatar
Niels Möller committed
124
125
	(make_srp_entry): Likewise.
	* src/srp-gen.c: Adapted to new sexp code.
Niels Möller's avatar
Niels Möller committed
126
127
128
129
	* src/server_keyexchange.c (do_server_srp_read_verifier):
	Adapted to new sexp code.
	* src/server_authorization.c (do_key_lookup): Adapted to new sexp
	code.
Niels Möller's avatar
Niels Möller committed
130
	* src/server.c (read_host_key): Adapted to new sexp code.
Niels Möller's avatar
Niels Möller committed
131
	* src/rsa_keygen.c (rsa_generate_key): Adapted to new sexp code.
Niels Möller's avatar
Niels Möller committed
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
	* src/lshd.c: Adapted to new sexp code.
	* src/lsh.c (read_known_hosts): Adapted to new sexp code.
	(read_user_keys): Likewise.
	(do_lsh_lookup): Likewise.
	* src/lsh-keygen.c: Adapted to new sexp code.
	* src/lsh-writekey.c: Likewise.
	* src/lsh-decode-key.c: Adapted to new sexp code.
	* src/testsuite/testutils.c (test_sign): Adapted to new sexp code.
	(test_spki_match): Likewise.

	* src/spki.h (spki_exception): Deleted class.

	* src/spki.c: Adapted to new sexp code.
	(make_spki_exception): Deleted function.
	(spki_make_public_key): Deleted function, the PUBLIC_SPKI_KEY
	method can be used directly.directly.
	(spki_hash_sexp): Deleted function.
	(subject_match_hash): #if:ed out function for now.
	(spki_subject_by_hash): Likewise.
	(do_spki_lookup): #if:ed out lookup by hash.
	(spki_algorithm_lookup): New function.
	(spki_get_type): Deleted, moved similar code to sexp.c.

	* src/exception.h (EXC_SEXP, EXC_SPKI): Deleted SEXP and
	SPKI-related exceptions.

	* src/sexp.c: Rewrote using nettle's sexp functions.
	* src/sexp.h: Matching rewrite of declarations.
	
	* src/rsa.c (encode_rsa_sig_val): Deleted function.
	(decode_rsa_sig_val): Deleted function.
	(spki_init_rsa_verifier): Deleted function.
	(make_rsa_verifier_internal): Deleted function.
	(do_rsa_verify): Adapted to new sexp code.
	(do_rsa_public_spki_key): Likewise.
	(do_rsa_sign): Likewise.
	(make_rsa_verifier): Use rsa_keypair_from_sexp_alist.
	(make_rsa_signer): Likewise.

	* src/publickey_crypto.h: Added dsa declarations (used to be in
	dsa.h). 

	* src/lsh.h: Removed forward declaration of sexp structs.

	* src/lsh-export-key.c (encode_base64): New function (was in
	sexp.c earlier).
	(sexp_to_ssh2_key): Adapted to new sexp code.

	* src/lsh-authorize: Use new sexp-conv program. Check exit status
	of sexp-conv.

	* src/dsa_keygen.c (dsa_generate_key): Adapted to new sexp code.

	* src/dsa.h: Deleted file.

	* src/dsa.c (make_dsa_verifier_internal): Deleted function.
	(encode_dsa_sig_val): Deleted function.
	(decode_dsa_sig_val): Deleted function.
	(do_dsa_verify): Adapted to new sexp code.
	(do_dsa_public_spki_key): Return a string, in canonical or
	transport syntax. 
	(make_dsa_verifier): Use nettle's dsa_keypair_from_sexp_alist.
	(make_dsa_signer): Likewise.

	* src/abstract_crypto.h (PUBLIC_SPKI_KEY): Changed method, now
	returns a string and takes an extra argument to say if it should
	use transport syntax.

	* src/Makefile.am.in (bin_PROGRAMS): Don't build sexp-conv.
	(sbin_PROGRAMS): Don't build lsh_proxy.

	* src/testsuite/lsh-6-test (LSHD_FLAGS): Bugfix, test_success was
	used improperly, making the testcase always succeed.

	* src/testsuite/keygen-1-test: Use $SEXP_CONV.
	* src/testsuite/keygen-2-test: Likewise.

	* src/testsuite/functions.sh (SEXP_CONV): Use nettle's sexp-conv
	program. 

	* src/testsuite/conv-1-test: Use $SEXP_CONV, with explicit line
	width. 
	* src/testsuite/conv-2-test: Use $SEXP_CONV.
	* src/testsuite/conv-3-test: Skip test for now, new sexp-conv
	doesn't support hex output.

	* src/testsuite/Makefile.am (check): Set LD_LIBRARY_PATH when
	running tests.

Niels Möller's avatar
Niels Möller committed
221
222
2002-11-07  Niels Mller  <niels@s3.kth.se>

Niels Möller's avatar
Niels Möller committed
223
224
225
226
	* configure.ac: Don't use quotes with AM_CONFIG_HEADER, it seems
	to confuse automake.
	Bugfix: Don't generate nettle/Makefile here.

Niels Möller's avatar
Niels Möller committed
227
228
	* src/testsuite/functions.sh: Tolerate unset failing.

229
230
2002-11-04  Pontus Skld  <pont@soua.net>

231
232
	* src/testsuite/functions.sh: Unset LSHGFLAGS and LSHFLAGS.

233
234
235
	* src/client.c (envp_parse): Certain versions of argp needs to be
	fed with ARGP_NO_ERRS for this to work.

236
237
238
239
240
	* misc/Makefile.am.in: Removed obsolete reference to (and include
	of) ctags.mk.

	* doc/Makefile.am.in: Removed inclusion of ctags.mk.
	
Niels Möller's avatar
Niels Möller committed
241
242
2002-11-03  Niels Mller  <nisse@cuckoo.hack.org>

Niels Möller's avatar
Niels Möller committed
243
244
	* misc/Makefile.am.in: Don't include ctags.mk.

Niels Möller's avatar
Niels Möller committed
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
	* src/testsuite/testutils.c (test_sign): Use SIGN and VERIFY, not
	the obsolete methods SIGN_SPKI and VERIFY_SPKI.

	* src/testsuite/Makefile.am (AM_CFLAGS): Use AM_CFLAGS to disable
	optimization. Don't set CFLAGS explicitly.

	* misc/ctags.mk: Deleted file. Not needed anymore, since automake
	supports ctags it out of the box.
	* Makefile.am.in: Don't include ctags.mk.
	* src/Makefile.am.in: Likewise.

	* src/rsa_keygen.c (get_random): Deleted function. Replaced by ... 
	* src/randomness.c (lsh_random): New function.

	* src/rsa.c (do_rsa_verify): Recognize algorithm "spki".
	(do_rsa_sign): Likewise.
	(do_rsa_verify_spki): Deleted function.
	(do_rsa_sign_spki): Likewise.

	* src/dsa_keygen.c (dsa_generate_key): Rewrote to use nettle's
	dsa_generate_keypair function.

2002-11-02  Niels Mller  <nisse@cuckoo.hack.org>

	* src/dsa.c (dsa_hash): Deleted function.
	(generic_dsa_verify): Rewrote to use nettle's dsa_verify.
	(do_dsa_verify_spki, do_dsa_sign_spki): Deleted method.
	(generic_dsa_sign): Rewrote to use nettle's dsa_sign.
	(dsa_blob_length): Use struct dsa_signature for the argument.
	(dsa_blob_write): Likewise.
	(encode_dsa_sig_val): Likewise.
	(decode_dsa_sig_val): Likewise.
	(make_dsa_signer): Use dsa_private_key_init.
	(class dsa_verifier): Use nettle's struct dsa_public_key.
	(class dsa_signer): Use nettle's struct dsa_private_key.
	(do_dsa_verify): Recognize algorithm "spki".
	(do_dsa_sign): Likewise.

	* src/bignum.c (bignum_write): Use const.

	* src/atoms.in: New atom "spki", for generic spki operations.

	* src/abstract_crypto.h (SIGN_SPKI, VERIFY_SPKI): Deleted methods
	used only by the testsuite.

290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
2002-11-01  Pontus Skld  <pont@soua.net>

	* src/testsuite/Makefile.am (TS_SH): New test lsh-9-test.

	* src/testsuite/lsh-9-test: Test for LSHFLAGS.
	
	* src/client.h (client_options): New attribute, inhibit_actions.
	Declaration of envp_parse.

	* src/client.c (envp_parse): New function envp_parse.
	(client_argp_parser): Honour inhibit_actions.
	(init_client_options): Initialize inhibit_actions.

	* src/lshg.c (main_argp_parser): Honour inhibit_actions.
	(main): Use envp_parse.

	* src/lsh.c (main_argp_parser): Honour inhibit_actions.
	(main): Use envp_parse.

309
310
2002-10-23  Pontus Skld  <pont@soua.net>

Pontus Freyhult's avatar
Pontus Freyhult committed
311
312
313
	* src/client_x11.c (parse_display): Handle special case
	DISPLAY=unix:x.y for local delivery.

314
315
316
317
318
319
320
	* src/client.c (do_detach_cb): New function replacing
	do_detach_cb_first and do_detach_cb_second.
	(do_detach_cb_first): Deleted.
	(do_detach_cb_second): Deleted.
	(make_detach_callback): Use new function stead of
	do_detach_cb_first.

321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
2002-10-22  Pontus Skld  <pont@soua.net>

	* src/client.c: Include io.h.
	(detach_callback): New class to handle detachment and
	synchronization with fds.
	(detach_resource): New class used for synchonization with channel
	disappearance.
	(do_detach_res_kill): Kill method for detach_resource.
	(make_detach_resource): New function.
	(do_detach_cb_second): New function that does the actual
	detaching.
	(do_detach_cb_first): Callback for synchronization with fds.
	(make_detach_callback): New function.
	(init_client_options): Set options->detach_end to 0 (detachment
	disabled by default).
	(client_options): Help message for detach and no-detach.
	(make_client_session): If options->detach_end, make a callback for
	stdout and set a resource on the channel to synchronize. Also
	reset options->detach_end to 0 (so it only affects one action).
	(client_argp_parser): Handle detach and no-detach.

	* src/client.h: New variable in client_options: detach_end.

344
345
346
347
348
349
350
2002-10-03  Niels Mller  <nisse@cuckoo.hack.org>

	* configure.ac: Use AC_SEARCH_LIBS instead of AC_CHECK_LIB when
	looking for libnsl, so we don't pick it up unless it really is
	needed. 

2002-10-02  Pontus Skld  <Pontus.Skold@dis.uu.se>
351
352
353
354
355
356
357

	* src/lshd.c: Include <sys/resource.h> if it exists.
	(main): setrlimit to raise max number of open files
	if available.

	* configure.ac: Check for <sys/resource.h> and setrlimit.
	
358
2002-10-02  Pontus Skld  <Pontus.Skold@dis.uu.se>
359
360
361
362

	* configure.ac: Don't AC_PATH_PROG for bash, m4 and groff if
	given. Made them precious.

363
2002-10-01  Niels Mller  <niels@s3.kth.se>
Niels Möller's avatar
Niels Möller committed
364
365
366
367

	* src/testsuite/run-tests (test_program): Use basename (fix copied
	from src/nettle/examples/).

368
2002-09-12  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
369

Niels Möller's avatar
Niels Möller committed
370
371
	* Released lsh-1.5.0.

Niels Möller's avatar
Niels Möller committed
372
373
374
375
376
377
378
379
380
381
382
	* misc/make-dist: Deleted obsolete make check-more call.

	* src/keyexchange.c (kex_make_encrypt, kex_make_decrypt): Changed
	interface so that we can both support the "none" cipher, and
	return failure for weak keys.
	(install_keys): Updated to the new kex_make_encrypt and
	kex_make_decrypt interface.

	* configure.ac: Deleted the ipv6 test that tried to create an ipv6
	socket. 

383
2002-09-03  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
384

385
386
387
	* src/server_x11.c (XAUTH_PROGRAM): Use predefined value if
	available and built in default if not.

Pontus Freyhult's avatar
Pontus Freyhult committed
388
389
	* configure.ac: Search for xauth.

390
2002-09-02  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
391
392
393
394

	* src/testsuite/lsh-8-test: New test. Check whatever unencrypted
	sessions work.

395
2002-08-30  Pontus Skld  <pont@soua.net>
396
397
398
399

	* src/testsuite/functions.sh: Defaults need to be quoted if they
	contain spaces.

400
2002-08-29  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
401

Niels Möller's avatar
Niels Möller committed
402
403
	* src/testsuite/x11-1-test: Renamed, was lshd-x11-1-test.

Niels Möller's avatar
Niels Möller committed
404
405
406
407
408
409
410
411
412
413
414
	* src/testsuite/functions.sh (test_fail, test_result): Call exit.
	(test_skip): New function.
	(check_x11_support): New function.

	* src/testsuite/Makefile.am (distclean-local): Delete files and
	directories created by the test cases.
	(EXTRA_DIST): Distribute key-2.private and fake-sshd1.

	* src/lsh.c (main_options, main_argp_parser): Handle X11 options
	only if WITH_X11_FORWARD is defined.

415
2002-08-28  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
416
417
418
419
420
421

	* doc/lsh.texinfo (Top): Use @ififo around the @top directive, to
	get rid of the empty menu item inthe html output.

	* configure.ac: Bumped version to 1.5.

422
2002-08-28  Niels Mller  <niels@s3.kth.se>
Niels Möller's avatar
Niels Möller committed
423

Niels Möller's avatar
Niels Möller committed
424
425
426
427
	* doc/index.html: New file.

	* src/lsh-authorize: Use the construction ": ${var:=default}".

Niels Möller's avatar
Niels Möller committed
428
429
430
431
432
	* src/testsuite/functions.sh: New variables TEST_HOME and
	SEXP_CONV. Changed the initialization of LSH_YARROW_SEED_FILE. Use
	TEST_HOME when running lsh and lshd. Should make the tests
	independent of our own ~/.lsh. Also updated comments in
	test-scripts that said they were dependent on ~/.lsh.
Niels Möller's avatar
Niels Möller committed
433
	Use the construction ": ${var:=default}".
Niels Möller's avatar
Niels Möller committed
434
435
436
437
438
439
440
441
442

	* src/testsuite/setup-env: New script to set up a HOME-directory
	for the tests.

	* src/testsuite/lshd-x11-1-test: New test.

	* src/lsh-authorize: Set SEXP_CONV to "sexp-conv", unless that
	variable is already defined by the caller.

Niels Möller's avatar
Niels Möller committed
443
444
	* src/server_x11.c (SUN_LEN): #define SUN_LEN if needed.

445
2002-08-27  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
446
447
448
449

	* src/server_x11.c (new_x11_channel): We don't have any ip-address
	of the client, so send <"unix-domain", 0> as the peer address.

450
2002-08-27  Niels Mller  <niels@s3.kth.se>
Niels Möller's avatar
Niels Möller committed
451

Niels Möller's avatar
Niels Möller committed
452
453
454
	* src/server_pty.c (pty_open_slave): Removed call to setsid(),
	moved to...
	* src/unix_user.c (do_spawn): Call setsid(). Was previously done by
Niels Möller's avatar
Niels Möller committed
455
	the pty code, and only in the pty case. XXX: Fix in 1.4 branch.
Niels Möller's avatar
Niels Möller committed
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474

	* src/server_session.c (init_spawn_info): Save the SSH_CLIENT
	value in the session struct, so that it can be gc:ed properly.

	* src/charset.c (low_utf8_to_local): Use lsh_string_trunc.
	* src/digits.c (decode_base64): Likewise.
	* src/io.c (do_consuming_read): Likewise.
	* src/read_base64.c (do_read_base64): Likewise.
	* src/read_file.c (do_read_file): Likewise.
	* src/string_buffer.c (string_buffer_final_write): Likewise.
	(string_buffer_final): Likewise.
	* src/channel.c (channel_data_handler): Likewise.
	(channel_extended_data_handler): Likewise.
	* src/tty.c (tty_encode_term_mode): Likewise.

	* src/abstract_crypto.c (crypt_string): Check that input is a
	multiple of the block size.
	(crypt_string_unpad): Use lsh_string_trunc.

Niels Möller's avatar
Niels Möller committed
475
476
477
	* src/format.c (lsh_string_trunc): New function, needed to get
	proper NUL-termination when strings are truncated.

Niels Möller's avatar
Niels Möller committed
478
479
480
	* src/server_x11.c (do_xauth_exit): Fixed format strings for error
	messages. 

481
2002-08-27  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
482
483
484
485

	* src/server_x11.c (server_x11_setup): Bugfix, really call
	server_x11_listen.

486
2002-08-26  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
487

Niels Möller's avatar
Niels Möller committed
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
	* src/server_x11.c (OPEN_FORWARDED_X11): Added forward
	declaration. 
	(server_x11_callback): Renamed (was server_x11_forward), and
	enabled.
	(server_x11_socket): New attribute display_number.
	(open_x11_socket): Pass an exception handler to io_bind_sockaddr.
	Start listening on the socket. Record the display_number.
	(server_x11_setup): Added argument single (and fail if it is
	non-zero). Updated caller in server_session.c. Call
	server_x11_setup. Ues the real display number when formatting the
	DISPLAY string.

	* src/channel_forward.c (catch_channel_open): Moved here...
	* src/tcpforward_commands.c: ...from here.

Niels Möller's avatar
Niels Möller committed
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
	* src/tcpforward_commands.c (tcpip_connect_io_command): Renamed,
	was tcpip_connect_io.
	(do_tcpip_start_io): Deleted, replaced by channel_forward_start_io.

	* src/tcpforward.c: No need to include string.h and errno.h.
	* src/tty.c: Likewise.

	* src/server_userauth.c: No need to include string.h.

	* src/randomness.c: No need to include errno.h.
	* src/read_packet.c: Likewise.

	* src/io_commands.h (make_listen_local, make_connect_local):
	Deleted prototypes.

	* src/werror.c (werror_vformat): Added %e specifier. Updated all
	errno printing functions to use it.
	(werror_format): New function.
	(fatal): Compile time flag to display pid and hang, instead of
	aborting. Useful for debugging.

524
2002-08-25  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549

	* src/server_x11.c (new_x11_channel): New function.
	(open_forwarded_x11): New command.

	* src/lsh.c (main_argp_parser): Updated call of
	make_gateway_setup. 

	* src/io_commands.c (bind_local_command): New command.
	(do_listen_local): Deleted function.
	(make_listen_local): Deleted function.
	(do_connect_local): Deleted old #if:ed out function.
	(make_connect_local): Deleted old #if:ed out function.

	* src/gateway_commands.c (make_gateway_setup): Take a local_info
	as argument. Use the new bind_local command.

	* src/lsh.h: Added forward declarations for structs in command.h.
	Removed the inclusion of command.h from other header files.

	* src/channel_forward.c (start_io_command): New command, to
	replace tcpip_start_io.

	* src/lsh_proxy.c (lsh_proxy_listen): Replaced listen_callback
	with new bind and listen commands.

550
2002-08-24  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576

	* src/io_commands.c (do_listen): Deleted function.
	(listen_with_callback): Deleted command.

	* src/lshd.c (make_lshd_listen): Replaced listen_callback with new
	bind and listen commands.

	* src/io_commands.c (listen_command): New command, to replace
	listen_with_callback. 
	(bind_address_command): New command.

	* src/io.c (make_listen_callback): Use a command, not a
	continuation, to represent the callback. Updated callers.

	* src/io_commands.c (do_listen): Use io_bind_sockaddr.
	(do_listen_local): Use io_bind_local.

	* src/io.c (io_bind_sockaddr): New function.
	(io_listen_fd): Take a struct lsh_fd * as argument, instead of an
	int. 
	(io_listen): Use io_bind_sockaddr.
	(io_listen, io_listen_fd): Deleted function io_listen. Renamed
	io_listen_fd to io_listen. 
	(io_bind_local): New function replacing io_listen_local. Updated
	callers. 

577
2002-08-11  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597

	* src/unix_user.c (do_read_file): Use seteuid, not setuid.

	* src/server_x11.c (server_x11_socket): New class.
	(delete_x11_socket): New function.
	(do_kill_x11_socket): New function.
	(open_x11_socket): New function.
	(server_x11_listen): New function.

	* src/lshd.c: Enable X11 support.
	* src/server_session.c: Likewise.

	* src/io.c (io_listen_fd): New function.
	(io_listen): Use io_listen_fd.
	(lsh_popd): Renamed safe_popd, and made non-static. 
	(lsh_pushd_fd): New function.
	(lsh_pushd): Renamed safe_pushd, and use lsh_pushd_fd. Also added
	arguments result and secret. Updated all callers.


598
2002-07-18  Niels Mller  <niels@s3.kth.se>
Niels Möller's avatar
Niels Möller committed
599
600
601
602
603

	* configure.ac: Use -ggdb3 for gcc, except for gcc-2.96.

	* src/argp/configure.ac: Don't use -ggdb3 with gcc-2.96.

604
2002-07-05  Niels Mller  <nisse@cuckoo.hack.org>
605
606
607
608
609

	* src/lshd.c: Disabled incomplete x11 forwarding for now.
	* src/server_session.c: Likewise.
	* src/server_x11.c: Likewise.
	
610
2002-07-03  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629

	* src/lshg.c: Include <unistd.h> to get execvp declaration, define
	LSH_FILENAME if not defined.
	(lshg_options): New attribute fallback_lsh.
	(make_options): Initialize fallback_lsh.
	(main_options): New option -G to handle fallback.
	(main_argp_parser): Handle new option.
	(main_argp): Added missing space in message.
	(lshg_exception_handler): New class.
	(do_exc_lshg_handler): If the exception was because there was no
	usable gateway and fallback is enabled, launch lsh instead.
	(make_lshg_exception_handler): No longer call
	make_exception_handler but construct the object ourself.
	(main): make_lshg_exception_handler takes more arguments to handle
	the lsh fallback.

	* src/io_commands.c (connect_local_command): Check if the
	connection was successfull and raise an exception otherwise.

630
2002-07-02  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647

	* src/unix_user.c (do_spawn): Allow err[1] and out[1] to be the
	same fd.

	* src/server_x11.c (do_xauth_exit): Log a message if xauth failed. 
	(server_x11_setup): Fixed format of display string.
	(server_x11_setup): Use an absolute filename for the xauth program.
	(server_x11_setup): Added missing new line on the xauth command
	line. 

	* src/server_session.c (init_spawn_info): Set DISPLAY and
	XAUTHORITY, if x11 forwarding was requested. Updated callers, as
	the size of env changed.
	(do_x11_req): Bugfix, the single flag is one byte, not four.

	* src/Makefile.am.in (liblsh_a_SOURCES): Added server_x11.c.

648
2002-06-28  Niels Mller  <niels@s3.kth.se>
Niels Möller's avatar
Niels Möller committed
649
650
651
652
653
654
655
656
657
658
659

	* src/lshd.c (main_options): New options, --tcpip-forward,
	--no-tcpip-forward (earlier there was no option for disabling
	tcpip forward), --x11-forward and --no-x11-forward.
	(main_argp_parser): Handle x11 options.
	(main): Install handler for x11-req, if appropriate.

	* src/server_session.h (x11_req_handler): Declare handler.

	* src/server_session.c (do_x11_req): Fixed error message.

660
2002-06-27  Niels Mller  <niels@s3.kth.se>
Niels Möller's avatar
Niels Möller committed
661

Niels Möller's avatar
Niels Möller committed
662
663
664
665
666
667
668
669
	* src/lsh_proxy.c (main) [WITH_X11_FORWARD]: Fixed type warning.

	* src/lsh.c (main_argp_parser): Use STATIC_REPORT_EXCEPTION_INFO,
	and const.
	* src/lshd.c (main): Likewise.

	* configure.ac: Fixed type, enable_x11_forward should work now.

Niels Möller's avatar
Niels Möller committed
670
671
672
673
674
675
676
677
678
679
680
681
682
	* src/server_x11.c (server_x11_setup): Bugfixes. Send cookie on
	xauth stdin. 

	* src/tcpforward_commands.c (open_tcpip_report): Declare const.: 

	* src/server_session.c (do_x11_req): Use server_x11_setup.

	* src/channel.c (channel_request_handler): Use a const
	report_exception_info. 
	(global_request_handler): Likewise.

	* src/exception.c (make_report_exception_handler): Use a const
	report_exception_info object.
Niels Möller's avatar
Niels Möller committed
683
684
	* src/command.c (make_catch_report_apply): Likewise.

Niels Möller's avatar
Niels Möller committed
685

686
2002-06-27  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
687
688
689
690

	* src/testsuite/string-test.c (test_main): Added extra bubble
	babble check for a typo Richard Kettlewell discovered.

691
2002-06-26  Pontus Skld  <pont@soua.net>
692
693
694
695
696

	* src/format.c (lsh_string_bubblebabble): Fixed stupid typo making
	w occur in bubble babble fingerprint where it should be z. Also
	fixed the size of the cons array.

697
2002-06-26  Niels Mller  <niels@s3.kth.se>
Niels Möller's avatar
Niels Möller committed
698

699
700
701
	* src/unix_user.c (do_lookup_user): Don't treat accounts with a
	single "*" in the paswd-field as disabled.

Niels Möller's avatar
Niels Möller committed
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
	* src/spki.c (spki_pkcs5_decrypt): Bug fixes. Friendlier pass
	phrase prompt.

	* src/unix_user.c (do_verify_password): Interpret short
	passwd-fields as password login disabled.
	(do_lookup_user): Improved rules for dealing with shadow
	passwords, disabled accounts, etc.

	* src/io.c (do_write_callback): Added some code to ignore write
	errors for the final , but #if:ed out the code again.

	* src/client_userauth.c (do_none_login): Print a verbose message.
	(send_password): Likewise.
	(do_userauth_pk_ok): Likewise.
	(do_publickey_login): Likewise.

	* src/client_session.c (do_client_io): Updated invocations of
	make_channel_io_exception_handler. 

	* src/server_session.c (spawn_process): Create a silent exception
	handler for i/o errors on stdout, to avoid cluttering down the
	log. 

	* src/channel.c (make_channel_io_exception_handler): New argument
	silent.

	* configure.ac: Bumped version to 1.4.2.

	* src/lsh.c (read_user_keys): Support aes for encrypted private
	keys. 

733
2002-06-26  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
734

Niels Möller's avatar
Niels Möller committed
735
736
737
	* src/lsh-make-seed.c (get_dev_random): Bugfix: Actually try both
	/dev/random and /dev/urandom.

Niels Möller's avatar
Niels Möller committed
738
739
	* doc/lsh.texinfo (lshd basics): Changed invokation of lsh-keygen. 

740
2002-06-25  Niels Mller  <niels@s3.kth.se>
Niels Möller's avatar
Niels Möller committed
741
742

	* src/server_x11.c, src/server_x11.h: New files.
Niels Möller's avatar
Niels Möller committed
743
744
	(make_xauth_exit_callback): New function.
	(server_x11_setup): New function.
Niels Möller's avatar
Niels Möller committed
745
746
747
748

	* src/server_session.c (server_session): New attribute x11.
	(do_x11_req): New function.

749
2002-06-23  Pontus Skld  <pont@soua.net>
750
751
752
753

	* configure.ac: Cosmetic changes of message shown when libwrap
	detection fails.

754
2002-06-18  Niels Mller  <nisse@cuckoo.hack.org>
755
756
757
758
759
760

	* src/server_session.c (spawn_process): Call io_set_type, if stdin
	is a pty.
	(do_eof): Removed the pty ^D hack,a s it's now taken care of by
	close_fd_write. 
	
761
2002-06-17  Niels Mller  <nisse@cuckoo.hack.org>
762
763
764
765
766
767
768
769

	* src/io.c (io_set_type): New function.
	(close_fd_nicely): Call close_fd_write, for handling the
	write-related work.
	(close_fd_write): If the fd is a pty, write a EOF (^D) character. 

	* src/io.h (lsh_fd): New attribute TYPE.

770
2002-06-05  Niels Mller  <nisse@cuckoo.hack.org>
771
772
773
774

	* configure.ac: Bumped version to 1.4.1. New option
	--enable-initgroups-workaround, copied from the 1.2 branch.

775
2002-06-04  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
776

Niels Möller's avatar
Niels Möller committed
777
778
	* Released lsh-1.4.

Niels Möller's avatar
Niels Möller committed
779
780
781
782
783
	* src/rsa.c (do_rsa_public_spki_key): Reverted the 2001-01-24
	change "rsa-pkcs1-sha1" -> "rsa-pkcs1".
	* src/testsuite/conv-2-test, src/testsuite/conv-3-test: Updated
	testcases.

784
2002-05-30  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816

	* src/server_session.c (init_spawn_info): Require more entries
	available for environment variables. Set SSH_TTY if appropiate as
	well as SSH_CLIENT.
	(shell_request_handler): Reserve more environment variable
	entries.
	(exec_request_handler): Dito.
	(do_spawn_subsystem): Dito.

	* src/io_commands.c (do_connect_continuation): Derive local
	address_info from fd and pass to make_listen_value.

	* src/io.c (make_listen_value): Takes an extra struct
	address_info* to initialize local with.
	(do_listen_callback): Get a local address_info and pass to
	make_listen_value.
	(fd2info): New function.

	* src/io.h: New variable local in listen_value. make_listen_value
	takes an extra struct address_info*.
	(fd2info): declaration of new function.

	* src/gateway_commands.c (gateway_make_connection): Also pass
	lv->local to make_ssh_connection.

	* src/handshake.c (handshake_command): dito.
	
	* src/connection.h: New variable local in ssh_connection.
	make_ssh_connection takes an extra struct address_info*.

	* src/connection.c (make_ssh_connection): dito.
	
817
2002-05-24  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
818
819
820
821
822
823

	* src/io.c (io_final): Set stdin, stdout and stderr to blocking mode.

	* src/io_commands.c (do_tcp_wrapper): Send a copy of self->msg to
	A_WRITE instead of the string itself.

824
2002-05-15  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839

	* configure.ac: Added things neccessarry for tcp wrappers to work.

	* src/lshd.c (OPTIONS2TCP_WRAPPER): New command.
	New options: --tcpwrappers, --no-tcpwrappers, --tcpwrappers-msg.
	
	* src/io_commands.c: Include <tcpd.h> if building with tcp
	wrappers. Also include <syslog.h>.
	(tcp_wrapper): New class.
	(do_tcp_wrapper): New function.
	(do_tcp_wrapper): New function.

	* src/io_commands.h (make_tcp_wrapper): Definition of new
	function.

840
2002-05-14  Pontus Skld  <pont@soua.net>
841
842
843
844
845

	* src/algorithms.c (list_algorithms): Added missing newline after
	the list of algorithms.
	(list_hostkey_algorithms): dito.

846
2002-05-13  Pontus Skld  <pont@soua.net>
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861

	* src/lsh.c (make_options): Don't fail totally if we can't create
	a randomness source.
	(main_argp_parser): Do argp_failure unless we have a valid
	randomness object.

	* src/lshd.c (main): Check for a correctly initialized random
	object in options.
	(make_lshd_options): Don't return failure if random creation
	failed, just initialize signature_algorithms with a null random
	source (this should enable users without a seed to do lsh --help
	and normal users to do lshd --help).
	(main_argp_parser): Do argp_failure unless we have a valid
	randomness object.

862
2002-05-06  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
863
864
865
866
867
868

	* README: Document requirement of autoconf-2.52 and
	automake-1.6.1. 

	* configure.ac: Require autoconf-2.52.

869
2002-05-06  Niels Mller  <niels@s3.kth.se>
Niels Möller's avatar
Niels Möller committed
870
871
872
873
874
875
876

	* src/argp/configure.ac: Use AH_TEMPLATE for
	PROGRAM_INVOCATION_NAME and PROGRAM_INVOCATION_SHORT_NAME. The
	third arg to AC_DEFINE_UNQUOTED seems not to work here. 

	* configure.ac (CFLAGS): Don't enable -Waggregate-return.

877
2002-05-06  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893

	* src/gateway_channel.c (do_gateway_channel_open): Undid previous
	change. Let channel.c:check_rec_max_packet adjust the
	rec_max_packet size if needed, when it gets to the channel.
	(do_gateway_channel_open_continuation): Likewise.

	* src/channel.c (check_rec_max_packet): New function, that adjusts
	our advertised rec_window_size so that we won't exceed the
	connection's packet size limit.
	(format_open_confirmation): Call check_rec_max_packet.
	(format_channel_open_s): Likewise.
	(format_channel_open): Likewise.

	* src/read_data.c (do_read_data_query): Undid previous change. Now
	look at only send_window_size and send_max_packet.

894
2002-05-05  Niels Mller  <nisse@lysator.liu.se>
Niels Möller's avatar
Niels Möller committed
895

Niels Möller's avatar
Niels Möller committed
896
897
	* src/argp/acconfig.h: Deleted file.

Niels Möller's avatar
Niels Möller committed
898
899
900
901
902
903
904
905
	* src/argp/configure.ac: Pass no arguments to AM_INIT_AUTOMAKE.
	Don't substitute LIBOBJS.

	* src/argp/acinclude.m4: Use the three-argument form of
	AC_DEFINE_UNQUOTED. 

	* configure.ac: Pass no options to AM_INIT_AUTOMAKE.

906
2002-05-05  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
907

Niels Möller's avatar
Niels Möller committed
908
909
910
911
912
913
914
915
916
917
918
	* configure.ac: Update for automake-1.6.
	* src/argp/configure.ac: Likewise.

	* src/gateway_channel.c (do_channel_open_forward): Added a FIXME
	comment. We should install a new exception handler here.

	* configure.ac: Renamed file, used to be configure.in.
	* src/argp/configure.ac: Likewise.

	* configure.in: Bumped version number to 1.4.

Niels Möller's avatar
Niels Möller committed
919
920
921
	* doc/lsh.texinfo (Algorithm options): Updated description of the
	default cipher. We now use AES, not triple-DES.

922
2002-05-02  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937

	* src/gateway_channel.c (do_gateway_channel_open): Limit
	rec_max_packet to SSH_MAX_PACKET.
	(do_gateway_channel_open_continuation): Likewise.

	* src/channel.c (parse_channel_open): Don't subtract
	SSH_MAX_PACKET_FUZZ here, it's handled in read_data.c.
	* src/server_session.c (make_server_session): Likewise.
	* src/client_session.c (make_client_session_channel): Likewise.
	* src/channel_forward.c (init_channel_forward): Likewise.

	* src/read_data.c (do_read_data_query): Don't read more than
	send_max_packet - SSH_MAX_PACKET_FUZZ, as to not exceed the
	receivers maximum packet size. 

938
2002-04-04  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
939
940
941
942

	* src/lsh.c (do_lsh_lookup): Cosmetic changes of unauthenticated
	key fingerprint text.

943
2002-04-03  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
944

Pontus Freyhult's avatar
Pontus Freyhult committed
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
	* src/format.c (lsh_string_bubblebabble_c): New function to define
	the che bubble babble checksum series, used by
	lsh_string_bubblebabble.

	* src/lsh.c (do_lsh_lookup): Rearranged the unauthenticated key
	fingerprint display somewhat and added bubble babble SHA1 of
	keyblob (which seems to be what OpenSSH is using at least).

	* src/format.c (lsh_string_bubblebabble): New function to
	bubblebabble a string.

	* src/format.h (lsh_string_bubblebabble): New function to
	bubblebabble a string.

	* src/testsuite/string-test.c (test_main): Added checks for
	lsh_string_bubblebabble.

Pontus Freyhult's avatar
Pontus Freyhult committed
962
963
964
965
966
967
968
969
970
971
972
973
	* src/lsh.c (do_lsh_lookup): Output the fingerprint of the remote
	host according to draft-ietf-secsh-fingerprint-00.txt (and keep
	the old way of outputing).

	* src/format.c (lsh_string_colonize): New function to insert
	colons in a lsh_string.

	* src/format.h (lsh_string_colonize): Likewise
	
	* src/testsuite/string-test.c (test_main): Added tests for
	lsh_string_colonize.

Pontus Freyhult's avatar
Pontus Freyhult committed
974
975
976
	* src/client.c (client_options): Bugfix: OPT_SUBSYSTEM shouldn't
	be inside char quotes.

977
2002-03-27  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
978
979
980
981
982
983
984
985
986

	* src/io.c (lsh_oop_stop_callback): Use the OOP_HALT constant.

	* src/client_x11.c (do_client_channel_x11_receive): Allow
	lowercase letters 'l' and 'b' for the endianness indicator.

	* src/client.c: Removed the short alias, -C, for the --subsystem
	option. 

987
2002-03-26  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
988
989
990
991

	* src/lsh-authorize: Don't use &>-redirects, as /bin/sh doesn't
	understand that. Noticed by Timshell Knoll.

992
2002-03-25  Niels Mller  <nisse@cuckoo.hack.org>
Niels Möller's avatar
Niels Möller committed
993
994
995
996

	* src/lsh-execuv.c: Deleted utmp stuff, this is not the right
	place for that.

997
2002-03-26  Pontus Skld  <pont@soua.net>
Pontus Freyhult's avatar
Pontus Freyhult committed
998

Pontus Freyhult's avatar
Pontus Freyhult committed
999
1000
	* configure.in: If with_scheme is absolute, don't AC_PATH_PROG for
	it but just use it directly.
For faster browsing, not all history is shown. View entire blame