Return immediately from get_sock_port if sock <0 so we don't call
getsockname on a negative FD. From Coverity CID 291840, ok djm@

guard against getsockname(-1, ...) from Coverity CID 291832

use the new variant log macros instead of prepending __func__ and
appending ssh_err(r) manually; ok markus@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

show more ...

refactor canohost.c: move functions that cache results closer to the
places that use them (authn and session code). After this, no state is
cached in canohost.c

feedback and ok markus@

Make sure we only call getnameinfo() for AF_INET or AF_INET6 sockets.
getpeername() of a Unix domain socket may return without error on
some systems without actually setting ss_family so getnameinfo(

Make sure we only call getnameinfo() for AF_INET or AF_INET6 sockets.
getpeername() of a Unix domain socket may return without error on
some systems without actually setting ss_family so getnameinfo()
was getting called with ss_family set to AF_UNSPEC. OK djm@

show more ...

Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
o

Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@

show more ...

Cast socklen_t when comparing to size_t and use socklen_t to iterate over
the ip options, both to prevent signed/unsigned comparison warnings.
Patch from vinschen at redhat via portable openssh, begr

Cast socklen_t when comparing to size_t and use socklen_t to iterate over
the ip options, both to prevent signed/unsigned comparison warnings.
Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.

show more ...

unsigned casts for ctype macros where neccessary
ok guenther millert markus

refactor client config code a little:

add multistate option partsing to readconf.c, similar to servconf.c's
existing code.

move checking of options that accept "none" as an argument to readconf.c

refactor client config code a little:

add multistate option partsing to readconf.c, similar to servconf.c's
existing code.

move checking of options that accept "none" as an argument to readconf.c

add a lowercase() function and use it instead of explicit tolower() in
loops

part of a larger diff that was ok markus@

show more ...

bye, bye xfree(); ok markus@

Make HostBased authentication work with a ProxyCommand. bz #1569, patch
from imorgan at nas nasa gov, ok djm@

Add clear_cached_addr(), needed for upcoming changes allowing the peer
address to change.
ok markus@

support remote port forwarding with a zero listen port (-R0:...) to
dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@

Do not pass "0" strings as ports to getaddrinfo because the lookups
can slow things down and we never use the service info anyway. bz
#859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok

Do not pass "0" strings as ports to getaddrinfo because the lookups
can slow things down and we never use the service info anyway. bz
#859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok
deraadt@ djm@

djm belives that the reason for the "0" strings is to ensure that
it's not possible to call getaddrinfo with both host and port being
NULL. In the case of canohost.c host is a local array. In the
case of sshconnect.c, it's checked for null immediately before use.

In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
be non-null but it's not obvious, so I added a warning message in
case it is ever passed a null.

show more ...

Add a small helper function to consistently handle the EAI_SYSTEM error
code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
ok markus@ stevesk@

almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step

move #include <stdio.h> out of includes.h

move #include <stdlib.h> out of includes.h

move #include <string.h> out of includes.h

move #include <netdb.h> out of includes.h; ok djm@

move #include <errno.h> out of includes.h; ok markus@

move #include <sys/socket.h> out of includes.h

move #include <netinet/in.h> out of includes.h; ok deraadt@

Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files