Darren Tucker
400b8786d6
- (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
2003-06-06 10:46:04 +10:00
Damien Miller
5fe46a45c8
- (djm) Implement paranoid priv dropping checks, based on:
...
"SetUID demystified" - Hao Chen, David Wagner and Drew Dean
Proceedings of USENIX Security Symposium 2002
2003-06-05 09:53:31 +10:00
Damien Miller
61d3680aca
- deraadt@cvs.openbsd.org 2003/05/29 16:58:45
...
[sshd.c uidswap.c]
seteuid and setegid; markus ok
2003-06-02 19:09:48 +10:00
Ben Lindstrom
18d2b5d399
- (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de
2002-07-30 19:32:07 +00:00
Ben Lindstrom
1fa330cf35
- stevesk@cvs.openbsd.org 2002/07/15 17:15:31
...
[uidswap.c]
little more debugging; ok markus@
2002-07-23 21:29:49 +00:00
Ben Lindstrom
837461bf9a
- (bal) Build noop setgroups() for cygwin to clean up code (For other
...
platforms without the setgroups() requirement, you MUST define
SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
2002-06-12 16:57:14 +00:00
Ben Lindstrom
10d9936413
- stevesk@cvs.openbsd.org 2002/05/28 21:24:00
...
[uidswap.c]
use correct function name in fatal()
[See the patch above, I saw it before apply the next patch. <sigh>]
2002-06-06 20:44:06 +00:00
Ben Lindstrom
ca8943e6de
- (bal) Corrected debug() in uidswap.c to match upstream.
2002-06-06 20:42:04 +00:00
Ben Lindstrom
abff1dd050
- stevesk@cvs.openbsd.org 2002/05/28 17:28:02
...
[uidswap.c]
format spec change/casts and some KNF; ok markus@
2002-06-06 20:38:49 +00:00
Ben Lindstrom
af40bc6a72
- (bal) mispelling in uidswap.c (portable only)
2002-04-03 03:36:54 +00:00
Ben Lindstrom
1e259bb0bf
- (bal) CVS ID sync of uidswap.c
2002-04-02 20:53:39 +00:00
Damien Miller
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Ben Lindstrom
049e0dd6cf
- markus@cvs.openbsd.org 2001/08/08 21:34:19
...
[uidswap.c]
undo last change; does not work for sshd
2001-08-15 23:17:22 +00:00
Ben Lindstrom
a66039373b
- markus@cvs.openbsd.org 2001/08/08 18:20:15
...
[uidswap.c]
permanently_set_uid is a noop if user is not privilegued;
fixes bug on solaris; from sbi@uchicago.edu
2001-08-15 23:14:49 +00:00
Ben Lindstrom
5428bea574
- (bal) White Space and #ifdef sync with OpenBSD
2001-05-06 02:53:25 +00:00
Ben Lindstrom
0f85348e89
- (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen
...
<vinschen@redhat.com>
2001-04-27 02:10:15 +00:00
Ben Lindstrom
4468b260cf
- (bal) Fixed uidswap.c so it should work on non-posix complient systems.
...
patch based on 2.5.2 version by djm.
2001-04-26 23:03:37 +00:00
Ben Lindstrom
768f975b13
- (bal) Whitespace resync w/ OpenBSD for uidswap.c
2001-04-25 06:27:11 +00:00
Ben Lindstrom
ee2786a2a1
- markus@cvs.openbsd.org 2001/04/20 16:32:22
...
[uidswap.c]
set non-privileged gid before uid; tholo@ and deraadt@
2001-04-22 17:08:00 +00:00
Ben Lindstrom
f52373f732
- markus@cvs.openbsd.org 2001/04/08 11:24:33
...
[uidswap.c]
KNF
2001-04-08 18:38:04 +00:00
Ben Lindstrom
3fcf1a22b5
- markus@cvs.openbsd.org 2001/04/06 21:00:17
...
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
do gid/groups-swap in addition to uid-swap, should help if /home/group
is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
to olar@openwall.com is comments. we had many requests for this.
2001-04-08 18:26:59 +00:00
Damien Miller
fbd884a80d
- (djm) Fix up POSIX saved uid support. Report from Mark Miller
...
<markm@swoon.net>
- (djm) Search for -lcrypt on FreeBSD too
2001-02-27 08:39:07 +11:00
Ben Lindstrom
226cfa0378
Hopefully things did not get mixed around too much. It compiles under
...
Linux and works. So that is at least a good sign. =)
20010122
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
[servconf.c ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
ssh1.h sshconnect1.c sshd.c ttymodes.c]
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- markus@cvs.openbsd.org 2001/01/19 16:48:14
[sshd.8]
fix typo; from stevesk@
- markus@cvs.openbsd.org 2001/01/19 16:50:58
[ssh-dss.c]
clear and free digest, make consistent with other code (use dlen); from
stevesk@
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
[auth-options.c auth-options.h auth-rsa.c auth2.c]
pass the filename to auth_parse_options()
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
[readconf.c]
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
dh_new_group() does not return NULL. ok markus@
- markus@cvs.openbsd.org 2001/01/20 21:33:42
[ssh-add.c]
do not loop forever if askpass does not exist; from
andrew@pimlott.ne.mediaone.net
- djm@cvs.openbsd.org 2001/01/20 23:00:56
[servconf.c]
Check for NULL return from strdelim; ok markus
- djm@cvs.openbsd.org 2001/01/20 23:02:07
[readconf.c]
KNF; ok markus
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
[ssh-keygen.1]
remove -R flag; ok markus@
- markus@cvs.openbsd.org 2001/01/21 19:05:40
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
ttysmodes.c uidswap.c xmalloc.c]
split ssh.h and try to cleanup the #include mess. remove unnecessary
#includes. rename util.[ch] -> misc.[ch]
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
conflict when compiling for non-kerb install
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
on 1/19.
2001-01-22 05:34:40 +00:00
Kevin Steves
0a8397e00c
whitespace sync with openbsd
2000-12-29 18:50:50 +00:00
Ben Lindstrom
2941f119e6
20001230
...
- (bal) OpenBSD CVS Update
- markus@cvs.openbsd.org 2000/12/28 18:58:30
[ssh-keygen.c]
enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
- (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
2000-12-29 16:50:13 +00:00
Ben Lindstrom
46c162204b
One way to massive patch. <sigh> It compiles and works under Linux..
...
And I think I have all the bits right from the OpenBSD tree.
20001222
- Updated RCSID for pty.c
- (bal) OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/12/21 15:10:16
[auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
- markus@cvs.openbsd.org 2000/12/20 19:26:56
[authfile.c]
allow ssh -i userkey for root
- markus@cvs.openbsd.org 2000/12/20 19:37:21
[authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
fix prototypes; from stevesk@pobox.com
- markus@cvs.openbsd.org 2000/12/20 19:32:08
[sshd.c]
init pointer to NULL; report from Jan.Ivan@cern.ch
- markus@cvs.openbsd.org 2000/12/19 23:17:54
[auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
unsigned' with u_char.
2000-12-22 01:43:59 +00:00
Kevin Steves
a074feb65d
- (stevesk) OpenBSD CVS updates:
...
- markus@cvs.openbsd.org 2000/12/19 15:43:45
[authfile.c channels.c sftp-server.c ssh-agent.c]
remove() -> unlink() for consistency
- markus@cvs.openbsd.org 2000/12/19 15:48:09
[ssh-keyscan.c]
replace <ssl/x.h> with <openssl/x.h>
- markus@cvs.openbsd.org 2000/12/17 02:33:40
[uidswap.c]
typo; from wsanchez@apple.com
2000-12-21 22:33:45 +00:00
Ben Lindstrom
49a79c0976
- (stevek) Reworked progname support.
...
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
Shinichi Maruyama <marya@st.jip.co.jp>
I assume the progname patch was finished. I believe stevek is on vacation,
but it passes compiling under Linux and NeXTStep.
2000-11-17 03:47:20 +00:00
Damien Miller
e4340be5b3
- (djm) Merge OpenBSD changes:
...
- markus@cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus@cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c ssh-add.c]
enable ssh-add -d for DSA keys
- markus@cvs.openbsd.org 2000/09/05 13:20:49
[sftp-server.c]
cleanup
- markus@cvs.openbsd.org 2000/09/06 03:46:41
[authfile.h]
prototype
- deraadt@cvs.openbsd.org 2000/09/07 14:27:56
[ALL]
cleanup copyright notices on all files. I have attempted to be
accurate with the details. everything is now under Tatu's licence
(which I copied from his readme), and/or the core-sdi bsd-ish thing
for deattack, or various openbsd developers under a 2-term bsd
licence. We're not changing any rules, just being accurate.
- markus@cvs.openbsd.org 2000/09/07 14:40:30
[channels.c channels.h clientloop.c serverloop.c ssh.c]
cleanup window and packet sizes for ssh2 flow control; ok niels
- markus@cvs.openbsd.org 2000/09/07 14:53:00
[scp.c]
typo
- markus@cvs.openbsd.org 2000/09/07 15:13:37
[auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
[authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
[pty.c readconf.c]
some more Copyright fixes
- markus@cvs.openbsd.org 2000/09/08 03:02:51
[README.openssh2]
bye bye
- deraadt@cvs.openbsd.org 2000/09/11 18:38:33
[LICENCE cipher.c]
a few more comments about it being ARC4 not RC4
- markus@cvs.openbsd.org 2000/09/12 14:53:11
[log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
multiple debug levels
- markus@cvs.openbsd.org 2000/09/14 14:25:15
[clientloop.c]
typo
- deraadt@cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller
caf6dd6d21
- More OpenBSD updates:
...
- deraadt@cvs.openbsd.org 2000/08/24 15:46:59
[scp.c]
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
- deraadt@cvs.openbsd.org 2000/08/25 10:10:06
[session.c]
Wall
- markus@cvs.openbsd.org 2000/08/26 04:33:43
[compat.c]
ssh.com-2.3.0
- markus@cvs.openbsd.org 2000/08/27 12:18:05
[compat.c]
compatibility with future ssh.com versions
- deraadt@cvs.openbsd.org 2000/08/27 21:50:55
[auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
print uid/gid as unsigned
- markus@cvs.openbsd.org 2000/08/28 13:51:00
[ssh.c]
enable -n and -f for ssh2
- markus@cvs.openbsd.org 2000/08/28 14:19:53
[ssh.c]
allow combination of -N and -f
- markus@cvs.openbsd.org 2000/08/28 14:20:56
[util.c]
util.c
- markus@cvs.openbsd.org 2000/08/28 14:22:02
[util.c]
undo
- markus@cvs.openbsd.org 2000/08/28 14:23:38
[util.c]
don't complain if setting NONBLOCK fails with ENODEV
2000-08-29 11:33:50 +11:00
Damien Miller
c83aa83784
- (djm) Avoid failures on Irix when ssh is not setuid. Fix from
...
Michael Stone <mstone@cs.loyola.edu>
2000-08-15 10:08:00 +10:00
Damien Miller
91606b17d2
- (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
...
Irix 6.x array sessions, project id's, and system audit trail id.
2000-06-28 08:22:29 +10:00
Damien Miller
6536c7d3c9
- OpenBSD CVS Updates:
...
- markus@cvs.openbsd.org 2000/06/18 18:50:11
[auth2.c compat.c compat.h sshconnect2.c]
make userauth+pubkey interop with ssh.com-2.2.0
- markus@cvs.openbsd.org 2000/06/18 20:56:17
[dsa.c]
mem leak + be more paranoid in dsa_verify.
- markus@cvs.openbsd.org 2000/06/18 21:29:50
[key.c]
cleanup fingerprinting, less hardcoded sizes
- markus@cvs.openbsd.org 2000/06/19 19:39:45
[atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
[buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
[clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
[deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
[kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
[nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
[rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
[ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
OpenBSD tag
- markus@cvs.openbsd.org 2000/06/21 10:46:10
sshconnect2.c missing free; nuke old comment
2000-06-22 21:32:31 +10:00
Damien Miller
4af51306d9
- OpenBSD CVS updates.
...
[ssh.1 ssh.c]
- ssh -2
[auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
[session.c sshconnect.c]
- check payload for (illegal) extra data
[ALL]
- whitespace cleanup
2000-04-16 11:18:38 +10:00
Damien Miller
ee1c0b3d3b
- NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
...
Christos Zoulas <christos@netbsd.org>
2000-01-21 00:18:15 +11:00
Damien Miller
5428f646ad
- More reformatting merged from OpenBSD CVS
...
- Merged OpenBSD CVS changes:
- [channels.c]
report from mrwizard@psu.edu via djm@ibs.com.au
- [channels.c]
set SO_REUSEADDR and SO_LINGER for forwarded ports.
chip@valinux.com via damien@ibs.com.au
- [nchan.c]
it's not an error() if shutdown_write failes in nchan.
- [readconf.c]
remove dead #ifdef-0-code
- [readconf.c servconf.c]
strcasecmp instead of tolower
- [scp.c]
progress meter overflow fix from damien@ibs.com.au
- [ssh-add.1 ssh-add.c]
SSH_ASKPASS support
- [ssh.1 ssh.c]
postpone fork_after_authentication until command execution,
request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
plus: use daemon() for backgrounding
1999-11-25 11:54:57 +11:00
Damien Miller
95def09838
- Merged very large OpenBSD source code reformat
...
- OpenBSD CVS updates
- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
[ssh.h sshd.8 sshd.c]
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
messages. allows use of s/key in windows (ttssh, securecrt) and
ssh-1.2.27 clients without 'ssh -v', ok: niels@
- [sshd.8]
-V, for fallback to openssh in SSH2 compatibility mode
- [sshd.c]
fix sigchld race; cjc5@po.cwru.edu
1999-11-25 00:26:21 +11:00
Damien Miller
d4a8b7e34d
Initial revision
1999-10-27 13:42:43 +10:00