Commit Graph

144 Commits

Author SHA1 Message Date
Damien Miller
3ab496b3dd - markus@cvs.openbsd.org 2003/05/14 02:15:47
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
     implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
     server interops with commercial client; ok jakob@ djm@
2003-05-14 13:47:37 +10:00
Damien Miller
d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller
4f9f42a9bb - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
proper challenge-response module
2003-05-10 19:28:02 +10:00
Damien Miller
eab4bae038 - (djm) Add back radix.o (used by AFS support), after it went missing from
Makefile many moons ago
 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
 - (djm) Fix blibpath specification for AIX/gcc
 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-29 23:22:40 +10:00
Damien Miller
996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller
a5539d2698 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/04/02 09:48:07
     [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
     [readconf.h serverloop.c sshconnect2.c]
     reapply rekeying chage, tested by henning@, ok djm@
2003-04-09 20:50:06 +10:00
Damien Miller
2dc074ef4b - markus@cvs.openbsd.org 2003/04/01 10:10:23
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
     [readconf.h serverloop.c sshconnect2.c]
     rekeying bugfixes and automatic rekeying:
     * both client and server rekey _automatically_
           (a) after 2^31 packets, because after 2^32 packets
               the sequence number for packets wraps
           (b) after 2^(blocksize_in_bits/4) blocks
       (see: draft-ietf-secsh-newmodes-00.txt)
       (a) and (b) are _enabled_ by default, and only disabled for known
       openssh versions, that don't support rekeying properly.
     * client option 'RekeyLimit'
     * do not reply to requests during rekeying
   - markus@cvs.openbsd.org 2003/04/01 10:22:21
     [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
     [readconf.h serverloop.c sshconnect2.c]
     backout rekeying changes (for 3.6.1)
2003-04-01 21:43:39 +10:00
Damien Miller
b062c293e0 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/23 19:02:00
     [monitor.c]
     unbreak rekeying for privsep; ok millert@
2003-03-24 09:12:09 +11:00
Damien Miller
0011138d47 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/05 22:33:43
     [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
     [sftp-server.c ssh-add.c sshconnect2.c]
     fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-03-10 11:21:17 +11:00
Damien Miller
06ebedf365 - markus@cvs.openbsd.org 2003/02/16 17:30:33
[monitor.c monitor_wrap.c]
     fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@
2003-02-24 12:03:38 +11:00
Damien Miller
b7df3af154 - markus@cvs.openbsd.org 2003/02/04 09:33:22
[monitor.c monitor_wrap.c]
     skey/bsdauth: use 0 to indicate failure instead of -1, because
     the buffer API only supports unsigned ints.
2003-02-24 11:55:46 +11:00
Ben Lindstrom
41ee2b0d77 - markus@cvs.openbsd.org 2002/11/05 19:45:20
[monitor.c]
     handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
2002-11-09 15:47:47 +00:00
Damien Miller
d94e549ea8 - markus@cvs.openbsd.org 2002/09/26 11:38:43
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h]
     krb4 + privsep; ok dugsong@, deraadt@
2002-09-27 13:25:58 +10:00
Damien Miller
ef73f50a12 - markus@cvs.openbsd.org 2002/09/24 08:46:04
[monitor.c]
     only call kerberos code for authctxt->valid
2002-09-25 12:20:17 +10:00
Damien Miller
7db40c9e2e - markus@cvs.openbsd.org 2002/09/23 22:11:05
[monitor.c]
     only call auth_krb5 if kerberos is enabled; ok deraadt@
2002-09-25 12:19:39 +10:00
Damien Miller
a10f56151b - markus@cvs.openbsd.org 2002/09/09 14:54:15
[channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
     signed vs unsigned from -pedantic; ok henning@
2002-09-12 09:49:15 +10:00
Damien Miller
25162f2518 - itojun@cvs.openbsd.org 2002/09/09 06:48:06
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
     [monitor_wrap.c monitor_wrap.h]
     kerberos support for privsep.  confirmed to work by lha@stacken.kth.se
     patch from markus
2002-09-12 09:47:29 +10:00
Damien Miller
ebc2306629 - stevesk@cvs.openbsd.org 2002/08/29 15:57:25
[monitor.c session.c sshlogin.c sshlogin.h]
     pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
     NOTE: there are also p-specific parts to this patch. ok markus@
2002-09-04 16:45:09 +10:00
Ben Lindstrom
0a4f7542da - millert@cvs.openbsd.org 2002/08/02 14:43:15
[monitor.c monitor_mm.c]
     Change mm_zalloc() sanity checks to be more in line with what
     we do in calloc() and add a check to monitor_mm.c.
     OK provos@ and markus@
2002-08-20 18:36:25 +00:00
Ben Lindstrom
7cea16bad5 - stevesk@cvs.openbsd.org 2002/07/22 17:32:56
[monitor.c]
     u_int here; ok provos@
2002-07-23 21:13:40 +00:00
Ben Lindstrom
eec16fcb27 - deraadt@cvs.openbsd.org 2002/06/27 10:35:47
[auth2-none.c monitor.c sftp-client.c]
     use xfree()
2002-07-04 00:06:15 +00:00
Ben Lindstrom
35a2cb9b41 - deraadt@cvs.openbsd.org 2002/06/27 09:08:00
[monitor.c]
     improve mm_zalloc check; markus ok
2002-07-04 00:05:06 +00:00
Ben Lindstrom
d5502180cd - deraadt@cvs.openbsd.org 2002/06/26 14:49:36
[monitor.c]
     correct %u
2002-06-27 00:12:57 +00:00
Damien Miller
530a754d38 - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
[monitor.c]
     be careful in mm_zalloc
2002-06-26 23:27:11 +10:00
Kevin Steves
cfae58c059 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM 2002-06-25 22:43:19 +00:00
Ben Lindstrom
e1c0912cb6 - stevesk@cvs.openbsd.org 2002/06/22 23:09:51
[monitor.c]
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@
2002-06-23 00:38:24 +00:00
Damien Miller
2d6b83353b - djm@cvs.openbsd.org 2002/06/21 05:50:51
[monitor.c]
     Don't initialise compression buffers when compression=no in sshd_config;
     ok Niels@
2002-06-21 15:59:49 +10:00
Ben Lindstrom
402c6cc681 - markus@cvs.openbsd.org 2002/06/19 18:01:00
[cipher.c monitor.c monitor_wrap.c packet.c packet.h]
     make the monitor sync the transfer ssh1 session key;
     transfer keycontext only for RC4 (this is still depends on EVP
     implementation details and is broken).
2002-06-21 00:43:42 +00:00
Ben Lindstrom
7d9c38f37a - markus@cvs.openbsd.org 2002/06/04 23:05:49
[cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
     __FUNCTION__ -> __func__

NOTE: This includes all portable references also.
2002-06-06 21:40:51 +00:00
Ben Lindstrom
f67e07711f - markus@cvs.openbsd.org 2002/06/04 19:53:40
[monitor.c]
     save the session id (hash) for ssh2 (it will be passed with the
     initial sign request) and verify that this value is used during
     authentication; ok provos@
2002-06-06 20:58:19 +00:00
Ben Lindstrom
dcf6bfbfbd - markus@cvs.openbsd.org 2002/06/04 19:42:35
[monitor.c]
     only allow enabled authentication methods; ok provos@
2002-06-06 20:57:17 +00:00
Ben Lindstrom
7339b2a278 - mouring@cvs.openbsd.org 2002/05/15 15:47:49
[kex.c monitor.c monitor_wrap.c sshd.c]
     'monitor' variable clashes with at least one lame platform (NeXT).  i
     Renamed to 'pmonitor'.  provos@
 - (bal) Fixed up PAM case.  I think.
2002-05-15 16:25:01 +00:00
Damien Miller
5ad9fd9820 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. 2002-05-13 11:07:41 +10:00
Damien Miller
a33501bb5f - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
<pekkas@netcore.fi>
2002-05-08 12:24:42 +10:00
Damien Miller
7941855f09 - (djm) Make privsep work with PAM (still experimental) 2002-04-23 20:28:48 +10:00
Kevin Steves
fe6ca54ac2 - (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR 2002-04-10 22:04:54 +00:00
Ben Lindstrom
47fd8112b5 - markus@cvs.openbsd.org 2002/03/30 18:51:15
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
     check waitpid for EINTR; based on patch from peter@ifm.liu.se
2002-04-02 20:48:19 +00:00
Kevin Steves
bd1901b7dc - (stevesk) [monitor.c] PAM should work again; will *not* work with
UsePrivilegeSeparation=yes.
2002-04-01 18:04:35 +00:00
Ben Lindstrom
b57a4bf93f - mouring@cvs.openbsd.org 2002/03/27 11:45:42
[monitor.c]
     monitor_allowed_key() returns int instead of pointer.  ok markus@
2002-03-27 18:00:59 +00:00
Ben Lindstrom
2e9d866608 - stevesk@cvs.openbsd.org 2002/03/24 23:20:00
[monitor.c]
     remove "\n" from fatal()
2002-03-26 02:49:34 +00:00
Kevin Steves
7e147607f5 - (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD 2002-03-22 18:07:17 +00:00
Ben Lindstrom
7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
2002-03-22 02:30:41 +00:00
Damien Miller
f831f76125 revert more of my stupidity 2002-03-13 13:21:54 +11:00
Damien Miller
646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00