openssh

mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-19 16:10:45 +00:00

Author	SHA1	Message	Date
Darren Tucker	09aa4c000e	- dtucker@cvs.openbsd.org 2010/01/12 08:33:17 [session.c] Add explicit stat so we reliably detect nologin with bad perms. ok djm markus	2010-01-12 19:51:48 +11:00
Darren Tucker	1b0c2455da	- dtucker@cvs.openbsd.org 2010/01/12 01:31:05 [session.c] Do not allow logins if /etc/nologin exists but is not readable by the user logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@	2010-01-12 19:45:26 +11:00
Darren Tucker	c3dc404113	- dtucker@cvs.openbsd.org 2009/11/20 00:15:41 [session.c] Warn but do not fail if stat()ing the subsystem binary fails. This helps with chrootdirectory+forcecommand=sftp-server and restricted shells. bz #1599, ok djm.	2010-01-08 17:09:50 +11:00
Darren Tucker	d6b06a9f39	- djm@cvs.openbsd.org 2009/11/19 23:39:50 [session.c] bz#1606: error when an attempt is made to connect to a server with ForceCommand=internal-sftp with a shell session (i.e. not a subsystem session). Avoids stuck client when attempting to ssh to such a service. ok dtucker@	2010-01-08 17:09:11 +11:00
Darren Tucker	4d6656b103	- (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637 : if selinux is enabled set the security context to "sftpd_t" before running the internal sftp server Based on a patch from jchadima at redhat.	2009-10-24 15:04:12 +11:00
Darren Tucker	695ed397a5	- djm@cvs.openbsd.org 2009/10/06 04:46:40 [session.c] bz#1596: fflush(NULL) before exec() to ensure that everying (motd in particular) has made it out before the streams go away.	2009-10-07 09:02:18 +11:00
Darren Tucker	82edf23fff	- (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567 : move the setpcred call on AIX to immediately before the permanently_set_uid(). Ensures that we still have privileges when we call chroot and pam_open_sesson. Based on a patch from David Leonard.	2009-08-20 16:20:50 +10:00
Darren Tucker	43e7a358ff	- (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and header-order changes to reduce diff vs OpenBSD.	2009-06-21 19:50:08 +10:00
Darren Tucker	ac46a915e8	- stevesk@cvs.openbsd.org 2009/04/17 19:23:06 [session.c] use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server; ok djm@ markus@	2009-06-21 17:55:23 +10:00
Darren Tucker	9d86e5d570	- (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old version of Cygwin. Patch from vinschen at redhat com.	2009-03-08 11:40:27 +11:00
Damien Miller	a1c1b6c86d	- djm@cvs.openbsd.org 2009/01/22 09:46:01 [channels.c channels.h session.c] make Channel->path an allocated string, saving a few bytes here and there and fixing bz#1380 in the process; ok markus@	2009-01-28 16:29:49 +11:00
Darren Tucker	63917bd0da	- tobias@cvs.openbsd.org 2008/11/09 12:34:47 [session.c ssh.1] typo fixed (overriden -> overridden) ok espie, jmc	2008-11-11 16:33:48 +11:00
Damien Miller	d58f56000c	- millert@cvs.openbsd.org 2008/10/02 14:39:35 [session.c] Convert an unchecked strdup to xstrdup. OK deraadt@	2008-11-03 19:20:49 +11:00
Damien Miller	ad793d59a9	- djm@cvs.openbsd.org 2008/08/21 04:09:57 [session.c] allow ForceCommand internal-sftp with arguments. based on patch from michael.barabanov AT gmail.com; ok markus@	2008-11-03 19:17:57 +11:00
Darren Tucker	ed3cdc0a7c	- dtucker@cvs.openbsd.org 2008/06/16 13:22:53 [session.c channels.c] Rename the isatty argument to is_tty so we don't shadow isatty(3). ok markus@	2008-06-16 23:29:18 +10:00
Damien Miller	d310d51bad	- djm@cvs.openbsd.org 2008/06/15 20:06:26 [channels.c channels.h session.c] don't call isatty() on a pty master, instead pass a flag down to channel_set_fds() indicating that te fds refer to a tty. Fixes a hang on exit on Solaris (bz#1463) in portable but is actually a generic bug; ok dtucker deraadt markus	2008-06-16 07:59:23 +10:00
Damien Miller	6051c94a0a	- djm@cvs.openbsd.org 2008/06/14 18:33:43 [session.c] suppress the warning message from chdir(homedir) failures when chrooted (bz#1461); ok dtucker	2008-06-16 07:53:16 +10:00
Damien Miller	2ff1ca56eb	- markus@cvs.openbsd.org 2008/05/09 16:16:06 [session.c] re-add the USE_PIPES code and enable it. without pipes shutdown-read from the sshd does not trigger a SIGPIPE when the forked program does a write. ok djm@ (Id sync only, USE_PIPES never left portable OpenSSH)	2008-05-19 16:04:56 +10:00
Damien Miller	7207f64a23	- djm@cvs.openbsd.org 2008/05/08 12:21:16 [monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c] [sshd_config sshd_config.5] Make the maximum number of sessions run-time controllable via a sshd_config MaxSessions knob. This is useful for disabling login/shell/subsystem access while leaving port-forwarding working (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or simply increasing the number of allows multiplexed sessions. Because some bozos are sure to configure MaxSessions in excess of the number of available file descriptors in sshd (which, at peak, might be as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds on error paths, and make it fail gracefully on out-of-fd conditions - sending channel errors instead of than exiting with fatal(). bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com ok markus@	2008-05-19 15:34:50 +10:00
Damien Miller	b84886ba3e	- djm@cvs.openbsd.org 2008/05/08 12:02:23 [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] [ssh.c sshd.c] Implement a channel success/failure status confirmation callback mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)	2008-05-19 15:05:07 +10:00
Damien Miller	4f755cdc05	- pyr@cvs.openbsd.org 2008/05/07 05:49:37 [servconf.c servconf.h session.c sshd_config.5] Enable the AllowAgentForwarding option in sshd_config (global and match context), to specify if agents should be permitted on the server. As the man page states: ``Note that disabling Agent forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders.'' ok djm@, ok and a mild frown markus@	2008-05-19 14:57:41 +10:00
Damien Miller	ff0dd88999	- djm@cvs.openbsd.org 2008/04/18 22:01:33 [session.c] remove unneccessary parentheses	2008-05-19 14:55:02 +10:00
Damien Miller	95e80955f2	- djm@cvs.openbsd.org 2008/03/26 21:28:14 [auth-options.c auth-options.h session.c sshd.8] add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc	2008-03-27 11:03:05 +11:00
Damien Miller	55360e1ceb	- djm@cvs.openbsd.org 2008/03/25 23:01:41 [session.c] last patch had backwards test; spotted by termim AT gmail.com	2008-03-27 11:02:27 +11:00
Damien Miller	a1b48ccf2d	- djm@cvs.openbsd.org 2008/03/25 11:58:02 [session.c sshd_config.5] ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; from dtucker@ ok deraadt@ djm@	2008-03-27 11:02:02 +11:00
Darren Tucker	b8eb586412	- (dtucker) Cache selinux status earlier so we know if it's enabled after a chroot. Allows ChrootDirectory to work with selinux support compiled in but not enabled. Using it with selinux enabled will require some selinux support inside the chroot. "looks sane" djm@	2008-03-27 07:27:20 +11:00
Damien Miller	a193900674	- (djm) [session.c] Relocate incorrectly-placed closefrom() that was causing crashes when used with ChrootDirectory	2008-03-15 17:27:58 +11:00
Darren Tucker	52358d6df3	- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926 : Move pam_open_session and pam_close_session into the privsep monitor, which will ensure that pam_session_close is called as root. Patch from Tomas Mraz.	2008-03-11 22:58:25 +11:00
Damien Miller	7cb2b56b1c	- djm@cvs.openbsd.org 2008/02/22 05:58:56 [session.c] closefrom() call was too early, delay it until just before we execute the user's rc files (if any).	2008-03-07 18:33:12 +11:00
Damien Miller	767087b8ec	- markus@cvs.openbsd.org 2008/02/20 15:25:26 [session.c] correct boolean encoding for coredump; der Mouse via dugsong	2008-03-07 18:32:42 +11:00
Damien Miller	76e95daad1	- djm@cvs.openbsd.org 2008/02/13 22:38:17 [servconf.h session.c sshd.c] rekey arc4random and OpenSSL RNG in postauth child closefrom fds > 2 before shell/command execution ok markus@	2008-03-07 18:31:24 +11:00
Damien Miller	54e3773ccb	- djm@cvs.openbsd.org 2008/02/10 10:54:29 [servconf.c session.c] delay ~ expansion for ChrootDirectory so it expands to the logged-in user's home, rather than the user who starts sshd (probably root)	2008-02-10 22:48:55 +11:00
Damien Miller	d8cb1f184f	- djm@cvs.openbsd.org 2008/02/08 23:24:07 [servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config] [sshd_config.5] add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@	2008-02-10 22:40:12 +11:00
Damien Miller	dfc24258a7	- markus@cvs.openbsd.org 2008/02/04 21:53:00 [session.c sftp-server.c sftp.h] link sftp-server into sshd; feedback and ok djm@	2008-02-10 22:29:40 +11:00
Damien Miller	14b017d6f2	- gilles@cvs.openbsd.org 2007/09/11 15:47:17 [session.c ssh-keygen.c sshlogin.c] use strcspn to properly overwrite '\n' in fgets returned buffer ok pyr@, ray@, millert@, moritz@, chl@	2007-09-17 16:09:15 +10:00
Damien Miller	6ef50134c2	- djm@cvs.openbsd.org 2007/08/23 02:55:51 [auth-passwd.c auth.c session.c] missed include bits from last commit NB. RCS ID sync only for portable	2007-09-17 11:54:24 +10:00
Damien Miller	6572db28fd	- djm@cvs.openbsd.org 2007/08/23 02:49:43 [auth-passwd.c auth.c session.c] unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@ NB. RCS ID sync only for portable	2007-09-17 11:52:59 +10:00
Darren Tucker	9142e1c66d	- (dtucker) [session.c] Call PAM cleanup functions for unauthenticated connections too. Based on a patch from Sandro Wefel, with & ok djm@	2007-08-16 23:28:04 +10:00
Darren Tucker	2d9636471b	- (dtucker) [session.c] Bug #1339 : ensure that pam_setcred() is always called with PAM_ESTABLISH_CRED at least once, which resolves a problem with pam_dhkeys. Patch from David Leonard, ok djm@	2007-08-13 23:11:56 +10:00
Tim Rice	99203ec48b	20070326 - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@	2007-03-26 09:35:28 -07:00
Darren Tucker	82a3d2bc6f	- stevesk@cvs.openbsd.org 2007/01/21 01:41:54 [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c] spaces	2007-02-19 22:10:25 +11:00
Damien Miller	990b1a80b5	- djm@cvs.openbsd.org 2006/10/09 23:36:11 [session.c] xmalloc -> xcalloc that was missed previously, from portable (NB. Id sync only for portable, obviously)	2006-10-24 03:01:56 +10:00
Damien Miller	ded319cca2	- (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c] [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org	2006-09-01 15:38:36 +10:00
Damien Miller	d5fe0baa73	- djm@cvs.openbsd.org 2006/08/29 10:40:19 [channels.c session.c] normalise some inconsistent (but harmless) NULL pointer checks spotted by the Stanford SATURN tool, via Isil Dillig; ok markus@ deraadt@	2006-08-30 11:07:39 +10:00
Damien Miller	3f8123c804	- markus@cvs.openbsd.org 2006/08/18 09:15:20 [auth.h session.c sshd.c] delay authentication related cleanups until we're authenticated and all alarms have been cancelled; ok deraadt	2006-08-19 00:32:46 +10:00
Damien Miller	9ab00b44c1	- stevesk@cvs.openbsd.org 2006/08/04 20:46:05 [monitor.c session.c ssh-agent.c] spaces	2006-08-05 12:40:11 +10:00
Damien Miller	d783435315	- deraadt@cvs.openbsd.org 2006/08/03 03:34:42 [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything except removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")	2006-08-05 12:39:39 +10:00
Damien Miller	a7a73ee35d	- stevesk@cvs.openbsd.org 2006/08/01 23:22:48 [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h	2006-08-05 11:37:59 +10:00
Damien Miller	e7a1e5cf63	- stevesk@cvs.openbsd.org 2006/07/26 13:57:17 [authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c] [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c] [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c] [sshconnect1.c sshd.c xmalloc.c] move #include <stdlib.h> out of includes.h	2006-08-05 11:34:19 +10:00
Damien Miller	8dbffe7904	- stevesk@cvs.openbsd.org 2006/07/26 02:35:17 [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] [uidswap.c xmalloc.c] move #include <sys/param.h> out of includes.h	2006-08-05 11:02:17 +10:00
Damien Miller	ad5ecbf072	- (djm) [session.c] fix compile error with -Werror -Wall: 'path' is only used in do_setup_env() if HAVE_LOGIN_CAP is not defined	2006-07-24 15:03:06 +10:00
Damien Miller	e3476ed03b	- stevesk@cvs.openbsd.org 2006/07/22 20:48:23 [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h	2006-07-24 14:13:33 +10:00
Damien Miller	1cdde6f536	- stevesk@cvs.openbsd.org 2006/07/20 15:26:15 [auth1.c serverloop.c session.c sshconnect2.c] missed some needed #include <unistd.h> when KERBEROS5=no; issue from massimo@cedoc.mo.it	2006-07-24 14:07:35 +10:00
Damien Miller	e275443f66	- dtucker@cvs.openbsd.org 2006/07/19 13:07:10 [servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5] Add ForceCommand keyword to sshd_config, equivalent to the "command=" key option, man page entry and example in sshd_config. Feedback & ok djm@, man page corrections & ok jmc@	2006-07-24 14:06:47 +10:00
Darren Tucker	3997249346	- stevesk@cvs.openbsd.org 2006/07/11 20:07:25 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] move #include <errno.h> out of includes.h; ok markus@	2006-07-12 22:22:46 +10:00
Darren Tucker	e7d4b19f75	- markus@cvs.openbsd.org 2006/07/11 18:50:48 [clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c channels.h readconf.c] add ExitOnForwardFailure: terminate the connection if ssh(1) cannot set up all requested dynamic, local, and remote port forwardings. ok djm, dtucker, stevesk, jmc	2006-07-12 22:17:10 +10:00
Damien Miller	e33b60343b	- stevesk@cvs.openbsd.org 2006/07/08 21:48:53 [monitor.c session.c] missed these from last commit: move #include <sys/socket.h> out of includes.h	2006-07-10 21:08:34 +10:00
Damien Miller	e3b60b524e	- stevesk@cvs.openbsd.org 2006/07/08 21:47:12 [authfd.c canohost.c clientloop.c dns.c dns.h includes.h] [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] move #include <sys/socket.h> out of includes.h	2006-07-10 21:08:03 +10:00
Damien Miller	9f2abc47eb	- stevesk@cvs.openbsd.org 2006/07/06 16:03:53 [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include <pwd.h> out of includes.h; ok markus@	2006-07-10 20:53:08 +10:00
Damien Miller	917f9b6b6e	- djm@cvs.openbsd.org 2006/07/06 10:47:05 [servconf.c servconf.h session.c sshd_config.5] support arguments to Subsystem commands; ok markus@	2006-07-10 20:36:47 +10:00
Damien Miller	efc04e70b8	- stevesk@cvs.openbsd.org 2006/07/03 17:59:32 [channels.c includes.h] move #include <arpa/inet.h> out of includes.h; old ok djm@ (portable needed session.c too)	2006-07-10 20:26:27 +10:00
Damien Miller	427a1d57bb	- stevesk@cvs.openbsd.org 2006/07/02 22:45:59 [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] move #include <grp.h> out of includes.h (portable needed uidswap.c too)	2006-07-10 20:20:33 +10:00
Darren Tucker	d8093e49bf	- (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) in Portable-only code; since calloc zeros, remove now-redundant memsets. Also add a couple of sanity checks. With & ok djm@	2006-05-04 16:24:34 +10:00
Damien Miller	525a0b090f	- djm@cvs.openbsd.org 2006/04/20 21:53:44 [includes.h session.c sftp.c] Switch from using pipes to socketpairs for communication between sftp/scp and ssh, and between sshd and its subprocesses. This saves a file descriptor per session and apparently makes userland ppp over ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this decision on a per-platform basis)	2006-04-23 12:10:49 +10:00
Damien Miller	73b42d2bb0	- (djm) [Makefile.in configure.ac session.c sshpty.c] [contrib/redhat/sshd.init openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] [openbsd-compat/port-linux.h] Add support for SELinux, setting the execution and TTY contexts. based on patch from Daniel Walsh, bz #880; ok dtucker@	2006-04-22 21:26:08 +10:00
Damien Miller	57c30117c1	- djm@cvs.openbsd.org 2006/03/25 13:17:03 [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files	2006-03-26 14:24:48 +11:00
Damien Miller	36812092ec	- djm@cvs.openbsd.org 2006/03/25 01:13:23 [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@	2006-03-26 14:22:47 +11:00
Damien Miller	9096740f6c	- deraadt@cvs.openbsd.org 2006/03/20 18:26:55 [channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c] [ssh-rsa.c ssh.c sshlogin.c] annoying spacing fixes getting in the way of real diffs	2006-03-26 14:07:26 +11:00
Damien Miller	c91e556d8a	- deraadt@cvs.openbsd.org 2006/03/19 18:53:12 [kex.c kex.h monitor.c myproposal.h session.c] spacing	2006-03-26 13:58:55 +11:00
Damien Miller	b0fb6872ed	- deraadt@cvs.openbsd.org 2006/03/19 18:51:18 [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die	2006-03-26 00:03:21 +11:00
Damien Miller	6645e7a70d	- (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] [sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c] [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c] [openbsd-compat/glob.c openbsd-compat/mktemp.c] [openbsd-compat/readpassphrase.c] Lots of include fixes for OpenSolaris	2006-03-15 14:42:54 +11:00
Damien Miller	1cf76d97f9	- djm@cvs.openbsd.org 2006/02/28 01:10:21 [session.c] fix logout recording when privilege separation is disabled, analysis and patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@ NB. ID sync only - patch already in portable	2006-03-15 12:01:14 +11:00
Damien Miller	6ff3caddb6	oops, this commit is really: - stevesk@cvs.openbsd.org 2006/02/20 17:02:44 [clientloop.c includes.h monitor.c progressmeter.c scp.c] [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] move #include <signal.h> out of includes.h; ok markus@ the previous was: - stevesk@cvs.openbsd.org 2006/02/20 17:19:54 [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c] [authfile.c clientloop.c includes.h readconf.c scp.c session.c] [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c] [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c] [sshconnect2.c sshd.c sshpty.c] move #include <sys/stat.h> out of includes.h; ok markus@	2006-03-15 11:52:09 +11:00
Damien Miller	f17883e6a0	- stevesk@cvs.openbsd.org 2006/02/20 17:02:44 [clientloop.c includes.h monitor.c progressmeter.c scp.c] [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c] move #include <signal.h> out of includes.h; ok markus@	2006-03-15 11:45:54 +11:00
Damien Miller	574c41fdb3	- stevesk@cvs.openbsd.org 2006/02/20 16:36:15 [authfd.c channels.c includes.h session.c ssh-agent.c ssh.c] move #include <sys/un.h> out of includes.h; ok djm@	2006-03-15 11:40:10 +11:00
Damien Miller	9cf6d077fb	- stevesk@cvs.openbsd.org 2006/02/10 01:44:27 [includes.h monitor.c readpass.c scp.c serverloop.c session.c^?] [sftp.c sshconnect.c sshconnect2.c sshd.c] move #include <sys/wait.h> out of includes.h; ok markus@	2006-03-15 11:29:24 +11:00
Damien Miller	03e2003a23	- stevesk@cvs.openbsd.org 2006/02/08 12:15:27 [auth.c clientloop.c includes.h misc.c monitor.c readpass.c] [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c] [sshd.c sshpty.c] move #include <paths.h> out of includes.h; ok markus@	2006-03-15 11:16:59 +11:00
Tim Rice	83d2f5fedf	- (tim) [session.c] Logout records were not updated on systems with post auth privsep disabled due to bug 1086 changes. Analysis and patch by vinschen at redhat.com. OK tim@, dtucker@.	2006-02-07 15:17:44 -08:00
Damien Miller	7bff1a9b5e	- djm@cvs.openbsd.org 2005/12/24 02:27:41 [session.c sshd.c] eliminate some code duplicated in privsep and non-privsep paths, and explicitly clear SIGALRM handler; "groovy" deraadt@	2005-12-24 14:59:12 +11:00
Darren Tucker	635518705a	- stevesk@cvs.openbsd.org 2005/12/17 21:13:05 [ssh_config.5 session.c] spelling: fowarding, fowarded	2005-12-20 16:14:15 +11:00
Damien Miller	d47c62a714	- markus@cvs.openbsd.org 2005/12/12 13:46:18 [channels.c channels.h session.c] make sure protocol messages for internal channels are ignored. allow adjust messages for non-open channels; with and ok djm@	2005-12-13 19:33:57 +11:00
Damien Miller	788f212aed	- djm@cvs.openbsd.org 2005/10/30 08:52:18 [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c] [ssh.c sshconnect.c sshconnect1.c sshd.c] no need to escape single quotes in comments, no binary change	2005-11-05 15:14:59 +11:00
Damien Miller	39eda6eb6a	- djm@cvs.openbsd.org 2005/10/10 10:23:08 [channels.c channels.h clientloop.c serverloop.c session.c] fix regression I introduced in 4.2: X11 forwardings initiated after a session has exited (e.g. "(sleep 5; xterm) &") would not start. bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@	2005-11-05 14:52:50 +11:00
Darren Tucker	42308a4374	- (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is enabled, instead allow PAM to handle it. Note that on platforms using PAM, the pam_nologin module should be added to sshd's session stack in order to maintain exising behaviour. Based on patch and discussion from t8m at centrum.cz, ok djm@	2005-10-30 15:31:55 +11:00
Tim Rice	66fd217e8e	- (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@	2005-08-31 09:59:49 -07:00
Tim Rice	2291c00ab2	- (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing by tim@. Feedback and OK dtucker@	2005-08-26 13:15:19 -07:00
Damien Miller	9786e6e2a0	- markus@cvs.openbsd.org 2005/07/25 11:59:40 [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] [sshconnect2.c sshd.c sshd_config sshd_config.5] add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@	2005-07-26 21:54:56 +10:00
Damien Miller	0dc1bef12d	- djm@cvs.openbsd.org 2005/07/17 07:17:55 [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c] [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c] [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c] [sshconnect.c sshconnect2.c] knf says that a 2nd level indent is four (not three or five) spaces	2005-07-17 17:22:45 +10:00
Damien Miller	2b9b045d93	- (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line - djm@cvs.openbsd.org 2005/07/17 06:49:04 [channels.c channels.h session.c session.h] Fix a number of X11 forwarding channel leaks: 1. Refuse multiple X11 forwarding requests on the same session 2. Clean up all listeners after a single_connection X11 forward, not just the one that made the single connection 3. Destroy X11 listeners when the session owning them goes away testing and ok dtucker@	2005-07-17 17:19:24 +10:00
Damien Miller	46d38de48b	- djm@cvs.openbsd.org 2005/07/16 01:35:24 [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c] [sshconnect.c] spacing	2005-07-17 17:02:09 +10:00
Damien Miller	eccb9de72a	- djm@cvs.openbsd.org 2005/06/17 02:44:33 [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean	2005-06-17 12:59:34 +10:00
Damien Miller	7dff869dd9	tiny KNF nit	2005-05-26 11:34:51 +10:00
Darren Tucker	48554152b9	- (dtucker) [session.c] Bug #1024 : Don't check pam_session_is_open if UseLogin is set as PAM is not used to establish credentials in that case. Found by Michael Selvesteen, ok djm@	2005-04-21 19:50:55 +10:00
Darren Tucker	2b59a6dad6	- (dtucker) [session.c sshd.c] Bug #125 comment #49 : Send disconnect audit events earlier, prevents mm_request_send errors reported by Matt Goebel.	2005-03-06 22:38:51 +11:00
Darren Tucker	c97b01af62	- (dtucker) [session.c] Bug #918 : store credentials from gssapi-with-mic authentication early enough to be available to PAM session modules when privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam Hartman and similar to Debian's ssh-krb5 package.	2005-02-16 16:47:37 +11:00
Darren Tucker	33370e0287	- (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require the username to be passed to the passwd command when changing expired passwords. ok djm@	2005-02-09 22:17:28 +11:00
Darren Tucker	2e0cf0dca2	- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit defines and enums with SSH_ to prevent namespace collisions on some platforms (eg AIX).	2005-02-08 21:52:47 +11:00
Darren Tucker	269a1ea1c8	- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125: (first stage) Add audit instrumentation to sshd, currently disabled by default. with suggestions from and djm@	2005-02-03 00:20:53 +11:00
Darren Tucker	9dc6c7dbec	- (dtucker) [session.c sshd.c] Bug #445 : Propogate KRB5CCNAME if set to child the process. Since we also unset KRB5CCNAME at startup, if it's set after authentication it must have been set by the platform's native auth system. This was already done for AIX; this enables it for the general case.	2005-02-02 18:30:33 +11:00
Darren Tucker	172a5e8cb8	- markus@cvs.openbsd.org 2004/12/23 17:35:48 [session.c] check for NULL; from mpech	2005-01-20 10:55:46 +11:00
Darren Tucker	a2a3ed0010	- (dtucker) [session.c] Bug #927 : make .hushlogin silent again. ok djm@	2004-09-11 23:09:53 +10:00
Darren Tucker	69687f4b65	- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890 : Send output from failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@	2004-09-11 22:17:26 +10:00
Darren Tucker	14c372d49d	- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915 : only copy required environment variables on Cygwin. Patch from vinschen at redhat.com, ok djm@	2004-08-30 20:42:08 +10:00
Darren Tucker	5cb30ad2ec	- markus@cvs.openbsd.org 2004/07/28 09:40:29 [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c sshconnect1.c] more s/illegal/invalid/	2004-08-12 22:40:24 +10:00
Darren Tucker	0999174755	- dtucker@cvs.openbsd.org 2004/07/17 05:31:41 [monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c] Move "Last logged in at.." message generation to the monitor, right before recording the new login. Fixes missing lastlog message when /var/log/lastlog is not world-readable and incorrect datestamp when multiple sessions are used (bz #463); much assistance & ok markus@	2004-07-17 17:05:14 +10:00
Darren Tucker	fc9597034b	- deraadt@cvs.openbsd.org 2004/07/11 17:48:47 [channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h sshd.c ttymodes.h] spaces	2004-07-17 16:12:08 +10:00
Darren Tucker	0a44d1ecf3	- (dtucker) [session.c] Call display_loginmsg again after do_pam_session. Ensures messages from PAM modules are displayed when privsep=no. Note: I did not want to just move display_loginmsg since that would change existing behaviour (order of expiry warnings, "Last Login", motd) to less like the native tools.	2004-07-01 09:48:29 +10:00
Damien Miller	a6b1d169e6	- djm@cvs.openbsd.org 2004/06/30 08:36:59 [session.c] unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@	2004-06-30 22:41:07 +10:00
Darren Tucker	723e945b55	- djm@cvs.openbsd.org 2004/06/21 17:53:03 [session.c] fix fd leak for multiple subsystem connections; with markus@	2004-06-22 12:57:08 +10:00
Darren Tucker	1f8311c836	- deraadt@cvs.openbsd.org 2004/05/11 19:01:43 [auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c] improve some code lint did not like; djm millert ok	2004-05-13 16:39:33 +10:00
Darren Tucker	e14e005f41	- djm@cvs.openbsd.org 2004/05/09 01:19:28 [OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c sshd.c] removed: mpaux.c mpaux.h kill some more tiny files; ok deraadt@	2004-05-13 16:30:44 +10:00
Darren Tucker	46bc075474	- djm@cvs.openbsd.org 2004/04/27 09:46:37 [readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c ssh_config.5 sshd_config.5] bz #815: implement ability to pass specified environment variables from the client to the server; ok markus@	2004-05-02 22:11:30 +10:00
Damien Miller	9c870f966a	- (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache file using FILE: method, fixes problems on Mac OSX. Patch from simon@sxw.org.uk; ok dtucker@	2004-04-16 22:47:55 +10:00
Darren Tucker	ac7c998a2d	- (dtucker) [session.c] Flush stdout after displaying loginmsg. From f_mohr at yahoo.de.	2004-04-07 08:04:09 +10:00
Darren Tucker	b385059346	- (dtucker) [session.c] Bug #817 : Clear loginmsg after fork to prevent duplicate login messages for mutli-session logins. ok djm@	2004-03-27 16:44:21 +11:00
Darren Tucker	1825f26d21	- (dtucker) [session.c] Bug #789 : Only make setcred call for !privsep in the non-interactive path. ok djm@	2004-02-24 00:01:27 +11:00
Darren Tucker	1921ed9f96	- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14 : Use do_pwchange to change expired PAM passwords for SSHv1 connections without privsep. pam_chauthtok is still used when privsep is disabled. ok djm@	2004-02-10 13:23:28 +11:00
Darren Tucker	23bc8d0bff	- markus@cvs.openbsd.org 2004/01/30 09:48:57 [auth-passwd.c auth.h pathnames.h session.c] support for password change; ok dtucker@ (set password-dead=1w in login.conf to use this). In -Portable, this is currently only platforms using bsdauth.	2004-02-06 16:24:31 +11:00
Darren Tucker	ef3a4a208c	- (dtucker) [session.c] Bug #789 : Do not call do_pam_setcred as a non-root user, since some modules might fail due to lack of privilege. ok djm@	2004-02-06 15:30:50 +11:00
Darren Tucker	3c78c5ed2f	- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] Change AFS symbol to USE_AFS to prevent namespace collisions, do not include kafs.h unless necessary. From deengert at anl.gov. For consistency, all of the libkafs bits are now inside "#if defined(KRB5) && defined(USE_AFS)".	2004-01-23 22:03:10 +11:00
Damien Miller	d352636553	- (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from ralf.hack AT pipex.net; ok dtucker@	2004-01-23 14:16:26 +11:00
Darren Tucker	7fe8b72771	- (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not just HEIMDAL. Currently this will make no difference, as only Heimdal (which defines KRB5 anyway) has libkafs, however a libkafs that works with MIT may become available. In that case it will be used too.	2004-01-22 12:48:26 +11:00
Damien Miller	8f341f8b8b	- markus@cvs.openbsd.org 2004/01/13 19:23:15 [compress.c session.c] -Wall; ok henning	2004-01-21 11:00:46 +11:00
Darren Tucker	409cb328c1	- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@	2004-01-05 22:36:51 +11:00
Darren Tucker	22ef508754	- jakob@cvs.openbsd.org 2003/12/23 16:12:10 [servconf.c servconf.h session.c sshd_config] implement KerberosGetAFSToken server option. ok markus@, beck@	2003-12-31 11:37:34 +11:00
Darren Tucker	3175eb9a5a	- markus@cvs.openbsd.org 2003/12/02 17:01:15 [channels.c session.c ssh-agent.c ssh.h sshd.c] use SSH_LISTEN_BACKLOG (=128) in listen(2).	2003-12-09 19:15:11 +11:00
Damien Miller	ce34674a9f	sync whitespace - no code change	2003-11-22 14:41:58 +11:00
Damien Miller	787b2ec18c	more whitespace (tabs this time)	2003-11-21 23:56:47 +11:00
Damien Miller	a8e06cef35	- djm@cvs.openbsd.org 2003/11/21 11:57:03 [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)	2003-11-21 23:48:55 +11:00
Damien Miller	c756e9b56e	- (djm) Export environment variables from authentication subprocess to parent. Part of Bug #717	2003-11-17 21:41:42 +11:00
Damien Miller	3e3b5145e5	- djm@cvs.openbsd.org 2003/11/04 08:54:09 [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] [session.c] standardise arguments to auth methods - they should all take authctxt. check authctxt->valid rather then pw != NULL; ok markus@	2003-11-17 21:13:40 +11:00
Darren Tucker	072a7b178c	- markus@cvs.openbsd.org 2003/10/14 19:54:39 [session.c ssh-agent.c] 10X for mkdtemp; djm@	2003-10-15 16:10:25 +10:00
Darren Tucker	8846a07639	- (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static cleanup functions. With & ok djm@	2003-10-07 11:30:15 +10:00
Darren Tucker	f391ba6730	- (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations. Based on patches by Matthias Koeppe and Thomas Baden. ok djm@	2003-10-02 20:07:09 +10:00
Darren Tucker	3e33cecf71	- markus@cvs.openbsd.org 2003/09/23 20:17:11 [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h ssh-agent.c sshd.c] replace fatal_cleanup() and linked list of fatal callbacks with static cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@	2003-10-02 16:12:36 +10:00
Darren Tucker	fb16b2411e	- markus@cvs.openbsd.org 2003/09/18 08:49:45 [deattack.c misc.c session.c ssh-agent.c] more buffer allocation fixes; from Solar Designer; CAN-2003-0682; ok millert@	2003-09-22 21:04:23 +10:00
Darren Tucker	c11b1e8420	- (dtucker) [session.c] Bug #643 : Fix size_t -> u_int and fix null deref when /etc/default/login doesn't exist or isn't readable. Fixes from jparsons-lists at saffron.net and georg.oppenberg at deu mci com.	2003-09-19 20:56:51 +10:00
Darren Tucker	e1a790d0d1	- (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252 : Retrieve PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it (eg Solaris, Reliant Unix). Patch from Robert.Dahlem at siemens.com. ok djm@	2003-09-16 11:52:19 +10:00
Damien Miller	341c6e687c	- (djm) Bug #423 : reorder setting of PAM_TTY and calling of PAM session management (now done in do_setusercontext). Largely from michael_steffens AT hp.com	2003-09-02 23:18:52 +10:00
Damien Miller	324948b320	- markus@cvs.openbsd.org 2003/08/31 13:29:05 [session.c] call ssh_gssapi_storecreds conditionally from do_exec(); with sxw@inf.ed.ac.uk	2003-09-02 22:55:45 +10:00
Damien Miller	1a0c0b9621	- markus@cvs.openbsd.org 2003/08/28 12:54:34 [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...	2003-09-02 22:51:17 +10:00
Darren Tucker	49aaf4ad52	- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.	2003-08-26 11:58:16 +10:00
Darren Tucker	0efd155c3c	- markus@cvs.openbsd.org 2003/08/22 10:56:09 [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c session.h ssh-gss.h ssh_config.5 sshconnect2.c sshd_config sshd_config.5] support GSS API user authentication; patches from Simon Wilkinson, stripped down and tested by Jakob and myself.	2003-08-26 11:49:55 +10:00
Damien Miller	1f499fd368	- (djm) Bug #564 : Perform PAM account checks for all authentications when UsePAM=yes; ok dtucker	2003-08-25 13:08:49 +10:00
Darren Tucker	3bdbd848ea	- markus@cvs.openbsd.org 2003/08/13 08:33:02 [session.c] use more portable tcsendbreak(3) and ignore break_length; ok deraadt, millert	2003-08-13 20:31:05 +10:00
Darren Tucker	d85efee437	- (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge.	2003-08-13 20:28:14 +10:00
Darren Tucker	80649c5fa6	- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin specific defines and includes to bsd-cygwin_util.h. Fixes build error too.	2003-08-07 16:28:16 +10:00
Darren Tucker	b9d3f41ceb	- (dtucker) [session.c] Have session_break_req not attempt to send a break if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).	2003-08-07 13:24:24 +10:00
Darren Tucker	6aaa58c470	- (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/07/22 13:35:22 [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); test+ok henning@ - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. I hope I got this right....	2003-08-02 22:24:49 +10:00
Darren Tucker	b9aa0a0baa	- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h] Convert aixloginmsg into platform-independant Buffer loginmsg.	2003-07-08 22:59:59 +10:00

1 2 3 4 5 ...

490 Commits