RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-04 08:42:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,963 Commits 69 Branches 157 Tags 27 MiB
cf59d31761
Commit Graph

3535 Commits

Author SHA1 Message Date
Darren Tucker
1e0c9bf9fb - djm@cvs.openbsd.org 2004/04/28 05:17:10 
[ssh_config.5 sshd_config.5]
     manpage fixes in envpass stuff from Brian Poole (raj AT cerias.purdue.edu)
 2004-05-02 22:12:48 +10:00
Darren Tucker
46bc075474 - djm@cvs.openbsd.org 2004/04/27 09:46:37 
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
     ssh_config.5 sshd_config.5]
     bz #815: implement ability to pass specified environment variables from
     the client to the server; ok markus@
 2004-05-02 22:11:30 +10:00
Darren Tucker
47abce45b2 - djm@cvs.openbsd.org 2004/04/22 11:56:57 
[moduli.c]
     Bugzilla #850: Sophie Germain is the correct name of the French
     mathematician, "Sophie Germaine" isn't; from Luc.Maisonobe@c-s.fr
 2004-05-02 22:09:00 +10:00
Darren Tucker
7749c5163b - (dtucker) [README.platform] List prereqs for building on Cygwin. 2004-04-23 18:57:13 +10:00
Darren Tucker
5bb140019c - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Declare h_errno 
as extern int if not already declared.  Fixes compile errors on old SCO
   platforms.  ok tim@
 2004-04-23 18:53:10 +10:00
Damien Miller
752e4e603f - (djm) Update config.guess and config.sub to autoconf-2.59 versions; ok tim@ 2004-04-21 12:29:13 +10:00
Damien Miller
5561e0b73d - (djm) [configure.ac] Check whether libroken is required when building 
with Heimdal
 2004-04-20 20:28:55 +10:00
Damien Miller
50bec89baf rewrap 2004-04-20 20:20:40 +10:00
Damien Miller
914420fe74 - djm@cvs.openbsd.org 2004/04/19 21:51:49 
[ssh.c]
     fix idiot typo that i introduced in my last commit;
     spotted by cschneid AT cschneid.com
 2004-04-20 20:14:07 +10:00
Damien Miller
1a81258f4e - jmc@cvs.openbsd.org 2004/04/19 16:12:14 
[ssh_config.5]
     kill whitespace at eol;
 2004-04-20 20:13:32 +10:00
Damien Miller
c970cb9052 - djm@cvs.openbsd.org 2004/04/19 13:02:40 
[ssh.1 ssh_config.5]
     document strict permission checks on ~/.ssh/config; prompted by,
     with & ok jmc@
 2004-04-20 20:12:53 +10:00
Damien Miller
57a4476a69 - djm@cvs.openbsd.org 2004/04/18 23:10:26 
[readconf.c readconf.h ssh-keysign.c ssh.c]
     perform strict ownership and modes checks for ~/.ssh/config files,
     as these can be used to execute arbitrary programs; ok markus@
     NB. ssh will now exit when it detects a config with poor permissions
 2004-04-20 20:11:57 +10:00
Damien Miller
1824c071ab - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD, needed for above change 2004-04-20 20:10:46 +10:00
Damien Miller
0b51a52a10 - (djm) OpenBSD CVS Sync 
- henning@cvs.openbsd.org 2004/04/08 16:08:21
     [sshconnect2.c]
     swap the last two parameters to TAILQ_FOREACH_REVERSE. matches what FreeBSD     and NetBSD do.
     ok millert@ mcbride@ markus@ ho@, checked to not affect ports by naddy@
 2004-04-20 20:07:19 +10:00
Darren Tucker
bddc2b0179 - markus@cvs.openbsd.org 2004/04/01 12:19:57 
[scp.c]
     limit trust between local and remote rcp/scp process,
     noticed by lcamtuf; ok deraadt@, djm@
 2004-04-19 23:50:16 +10:00
Darren Tucker
d04121f0ab - djm@cvs.openbsd.org 2004/03/31 21:58:47 
[canohost.c]
     don't skip ip options check when UseDNS=no; ok markus@ (ID sync only)
 2004-04-19 22:16:53 +10:00
Darren Tucker
dca6a4dd88 - djm@cvs.openbsd.org 2004/03/30 12:41:56 
[sftp-client.c]
     sync comment with reality
 2004-04-19 22:10:52 +10:00
Darren Tucker
0a74ae7c14 - dtucker@cvs.openbsd.org 2004/03/08 10:17:12 
[regress/login-timeout.sh]
     Missing OBJ, from tim@.  ok markus@ (Already fixed, ID sync only)
 2004-04-19 22:04:21 +10:00
Darren Tucker
9929d1f666 - dtucker@cvs.openbsd.org 2004/02/29 22:04:45 
[regress/login-timeout.sh]
     Use sudo when restarting daemon during test.  ok markus@
 2004-04-19 22:01:37 +10:00
Damien Miller
2eb4236d86 - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow 
change of user context without a password, so relax auth method
   restrictions; from vinschen AT redhat.com; ok dtucker@
 2004-04-18 21:15:43 +10:00
Darren Tucker
2a9bf4b3d3 - (dtucker) [auth-pam.c] Log username and source host for failed PAM 
authentication attempts.  With & ok djm@
 2004-04-18 11:00:26 +10:00
Tim Rice
fe6d5aa54b - (tim) [configure.ac] Set SETEUID_BREAKS_SETUID, BROKEN_SETREUID and 
BROKEN_SETREGID for SCO OpenServer 3
 2004-04-16 20:03:07 -07:00
Damien Miller
9c870f966a - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache 
file using FILE: method, fixes problems on Mac OSX.
   Patch from simon@sxw.org.uk; ok dtucker@
 2004-04-16 22:47:55 +10:00
Darren Tucker
c99a19b445 - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since 
FAT/NTFS does not permit quotes in filenames.  From vinschen at redhat.com
 2004-04-16 17:58:28 +10:00
Damien Miller
0ac4500f37 - (djm) [configure.ac] Fix detection of libwrap on OpenBSD; ok dtucker@ 2004-04-14 20:14:26 +10:00
Darren Tucker
06a8cfe796 - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly 
4-arg, with compatibility for 3-arg versions.  From djm@, ok me.
 2004-04-14 17:24:30 +10:00
Darren Tucker
3b908f65b4 - (dtucker) [acconfig.h configure.ac defines.h] Bug #673: check for 4-arg 
skeychallenge(), eg on NetBSD.  ok mouring@
 2004-04-14 15:26:39 +10:00
Darren Tucker
96cc26b614 - (dtucker) [sshd_config.5] Add PermitRootLogin without-password warning 
from bug #701 (text from jfh at cise.ufl.edu).
 2004-04-14 13:04:35 +10:00
Ben Lindstrom
036768e48c - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested 
limiting scope and dtucker@ agreed.
 2004-04-08 16:12:30 +00:00
Darren Tucker
11f18294ab - (dtucker) [defines.h loginrec.c] Define UT_LINESIZE if not defined and 
simplify loginrec.c.  ok tim@
 2004-04-08 16:16:06 +10:00
Ben Lindstrom
1b9f2a6b44 - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers 
back and #undef TARGET_OS_MAC instead.  (Bug report pending with Apple)
 2004-04-08 05:11:03 +00:00
Darren Tucker
4d2f361f96 - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating 
pty name on Linux 2.6.x systems.  Patch from jpe at eisenmenger.org.
 2004-04-08 10:57:05 +10:00
Ben Lindstrom
a8104b5c92 - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see 
if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X)
   are starting to restrict it as internal since it is not needed by
    developers any more. (Patch based on Apple tree)
- (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since
    krb5 on MacOS/X conflicts.  There may be a better solution, but this will
    work for now.
 2004-04-07 04:16:11 +00:00
Darren Tucker
ac7c998a2d - (dtucker) [session.c] Flush stdout after displaying loginmsg. From 
f_mohr at yahoo.de.
 2004-04-07 08:04:09 +10:00
Darren Tucker
4398cf5927 - (dtucker) [configure.ac] Bug #816, #748 (again): Attempt to detect 
broken getaddrinfo and friends on HP-UX.  ok djm@
 2004-04-06 21:39:02 +10:00
Darren Tucker
8db9a0ffd8 - (dtucker) [acconfig.h configure.ac defines.h] Bug #820: don't use 
updwtmpx() on IRIX since it seems to clobber utmp.  ok djm@
 2004-04-06 21:31:12 +10:00
Damien Miller
ccea020574 - (djm) Bug #825: Fix ip_options_check() for mapped IPv4/IPv6 connection; 
with & ok dtucker@
 2004-03-31 15:17:54 +10:00
Darren Tucker
17addf0463 - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c 
to reduce potential confusion with the one in sshd.c.  ok djm@
 2004-03-30 20:57:57 +10:00
Darren Tucker
809031f6c4 - (dtucker) [configure.ac] Bug #811: Use "!" for LOCKED_PASSWD_PREFIX on 
Linuxes, since that's what many use.  ok djm@
 2004-03-30 14:03:45 +10:00
Darren Tucker
b385059346 - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent 
duplicate login messages for mutli-session logins.  ok djm@
 2004-03-27 16:44:21 +11:00
Damien Miller
154e8b82ef - (djm) Crank RPM spec versions 2004-03-22 09:40:01 +11:00
Damien Miller
aed7cee49a - markus@cvs.openbsd.org 2004/03/20 10:40:59 
[version.h]
     3.8.1
 2004-03-22 09:39:09 +11:00
Damien Miller
0c889cd9e9 - markus@cvs.openbsd.org 2004/03/11 10:21:17 
[ssh.c sshd.c]
     ssh, sshd: sync version output, ok djm
 2004-03-22 09:36:00 +11:00
Damien Miller
b408786db9 - markus@cvs.openbsd.org 2004/03/11 08:36:26 
[sshd.c]
     trim usage; ok deraadt
 2004-03-22 09:35:21 +11:00
Damien Miller
5095510e5f - markus@cvs.openbsd.org 2004/03/10 09:45:06 
[ssh.c]
     trim usage to match ssh(1) and look more like unix. ok djm@
 2004-03-22 09:34:58 +11:00
Damien Miller
3df755e441 - markus@cvs.openbsd.org 2004/03/09 22:11:05 
[ssh.c]
     increase x11 cookie lifetime to 20 minutes; ok djm
 2004-03-22 09:34:26 +11:00
Damien Miller
bfba354261 - (djm) [sshd.c] Drop supplemental groups if started as root 2004-03-22 09:29:57 +11:00
Damien Miller
4fefe24c01 - (djm) [configure.ac] Add standard license to configure.ac; ok ben, dtucker 2004-03-11 14:20:10 +11:00
Darren Tucker
7c991ab1e1 - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #812: #undef getaddrinfo 
before redefining it, silences warnings on Tru64.
 2004-03-10 21:06:32 +11:00
Tim Rice
aa5383243d - (tim) [regress/README.regress] Document ssh-rand-helper issue. ok bal 2004-03-08 12:12:18 -08:00
Damien Miller
8448e66770 - dtucker@cvs.openbsd.org 2004/03/08 10:18:57 
[sshd_config.5]
     Document KerberosGetAFSToken;  ok markus@
 2004-03-08 23:13:15 +11:00
Damien Miller
3b51301a4b - djm@cvs.openbsd.org 2004/03/08 09:38:05 
[ssh-keyscan.c]
     explicitly initialise remote_major and remote_minor.
     from cjwatson AT debian.org; ok markus@
 2004-03-08 23:13:00 +11:00
Damien Miller
bd394c329b - markus@cvs.openbsd.org 2004/03/05 10:53:58 
[readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c]
     add IdentitiesOnly; ok djm@, pb@
 2004-03-08 23:12:36 +11:00
Damien Miller
c0f27d8782 - djm@cvs.openbsd.org 2004/03/03 09:31:20 
[sftp.c]
     Fix initialisation of progress meter; ok markus@
 2004-03-08 23:12:19 +11:00
Damien Miller
9ba3069a8b - djm@cvs.openbsd.org 2004/03/03 09:30:42 
[sftp-client.c]
     Don't print duplicate messages when progressmeter is off
     Spotted by job317 AT mailvault.com; ok markus@
 2004-03-08 23:12:02 +11:00
Damien Miller
57aae982be - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2004/03/03 06:47:52
     [sshd.c]
     change proctiltle after accept(2); ok henning, deraadt, djm
 2004-03-08 23:11:25 +11:00
Darren Tucker
dbf7a74ee5 - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c 
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
   even if keyboard-interactive is not used by the client.  Prevents segfaults
   in some cases where the user's password is expired (note this is not
   considered a security exposure).  ok djm@
 2004-03-08 23:04:06 +11:00
Darren Tucker
112aaac0ce - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some 
platforms (eg SCO, HP-UX) with logging in the wrong TZ.
 2004-03-08 22:13:12 +11:00
Tim Rice
f45eff21dc - (tim) [regress/login-timeout.sh] fix building outside of source tree. 2004-03-07 10:40:01 -08:00
Darren Tucker
91bf45c597 - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h 
openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when
   configured --with-osfsia.  ok djm@
 2004-03-04 22:59:36 +11:00
Darren Tucker
b9b6021667 - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread, 
prevent hanging during PAM keyboard-interactive authentications.  ok djm@
 2004-03-04 20:03:54 +11:00
Darren Tucker
4b385d4bc0 - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with 
-DUSE_POSIX_THREADS.  From antoine.verheijen at ualbert ca.  ok djm@
 2004-03-04 19:54:10 +11:00
Darren Tucker
6e26bf15ee wrong year 2004-03-04 19:47:29 +11:00
Damien Miller
6c4914afcc - (djm) [configure.ac ssh-agent.c] Use prctl to prevent ptrace on ssh-agent 
ok dtucker
 2004-03-03 11:08:59 +11:00
Tim Rice
ad4a188e46 - (tim) [configure.ac] Put back bits mistakenly removed from Rev 1.188 2004-02-29 15:53:37 -08:00
Darren Tucker
b099d855d3 - (dtucker) [regress/try-ciphers.sh] Skip acss if not compiled in (eg if we 
built with openssl < 0.9.7)
 2004-02-29 21:30:05 +11:00
Darren Tucker
9468ba33a1 - dtucker@cvs.openbsd.org 2004/02/28 13:44:45 
[regress/try-ciphers.sh]
     Test acss too; ok markus@
 2004-02-29 20:38:26 +11:00
Darren Tucker
68b184c75d - dtucker@cvs.openbsd.org 2004/02/28 12:16:57 
[regress/dynamic-forward.sh]
     Make dynamic-forward understand nc's new output.  ok markus@
 2004-02-29 20:37:06 +11:00
Darren Tucker
437a5f035b - markus@cvs.openbsd.org 2004/02/24 17:06:52 
[regress/ssh-com-client.sh regress/ssh-com-keygen.sh
     regress/ssh-com-sftp.sh regress/ssh-com.sh]
     test against recent ssh.com releases
 2004-02-29 20:33:51 +11:00
Darren Tucker
03c907a22b - markus@cvs.openbsd.org 2004/02/24 16:56:30 
[regress/test-exec.sh]
     allow arguments in ${TEST_SSH_XXX}
 2004-02-29 20:31:08 +11:00
Darren Tucker
017fd61a92 - dtucker@cvs.openbsd.org 2004/02/17 08:23:20 
[regress/Makefile regress/login-timeout.sh]
     Add regression test for LoginGraceTime; ok markus@
 2004-02-29 20:30:17 +11:00
Darren Tucker
effc84ce5b - dtucker@cvs.openbsd.org 2004/02/27 22:49:27 
[dh.c]
     Reset bit counter at the right time, fixes debug output in the case where
     the DH group is rejected.  ok markus@
 2004-02-29 20:15:08 +11:00
Darren Tucker
c56c7ef592 - dtucker@cvs.openbsd.org 2004/02/27 22:44:56 
[dh.c]
     Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone
     ever uses one.  ok markus@
 2004-02-29 20:13:34 +11:00
Darren Tucker
fc113c97a3 - dtucker@cvs.openbsd.org 2004/02/27 22:42:47 
[dh.c]
     Prevent sshd from sending DH groups with a primitive generator of zero or
     one, even if they are listed in /etc/moduli.  ok markus@
 2004-02-29 20:12:33 +11:00
Darren Tucker
d592048c36 - djm@cvs.openbsd.org 2004/02/25 00:22:45 
[sshd.c]
     typo in comment
 2004-02-29 20:11:30 +11:00
Ben Lindstrom
78ffe26501 - (bal) KNF our sshlogin.c even if the code looks nothing like upstream 
code due to diversity issues.
 2004-02-27 03:01:19 +00:00
Damien Miller
124055dd3b - (djm) Don't specify path to PAM modules in Redhat sshd.pam; from Fedora 2004-02-25 10:57:45 +11:00
Damien Miller
d891395a09 - (djm) Trim ChangeLog 2004-02-25 10:56:31 +11:00
Damien Miller
3342470472 - (djm) Release 3.8p1 2004-02-24 17:13:28 +11:00
Tim Rice
e8c898a54f [configure.ac] SCO3 needs -lcrypt_i for -lprot 2004-02-23 21:47:04 -08:00
Darren Tucker
149543e56d - (dtucker) {README.platform] Add platform-specific notes. 2004-02-24 16:14:41 +11:00
Darren Tucker
5ce131f2b6 - (dtucker) [README] Add pointer to release notes. ok djm@ 2004-02-24 16:13:24 +11:00
Damien Miller
9fc475f0c3 - (djm) Crank RPM spec versions 2004-02-24 16:00:02 +11:00
Tim Rice
18959006c0 [openbsd-compat/getrrsetbyname.c] Make gcc 2.7.2.3 happy. ok djm@ 2004-02-23 20:51:06 -08:00
Darren Tucker
2359aa985d - (dtucker) [uidswap.c] Minor KNF. ok djm@ 2004-02-24 13:17:30 +11:00
Damien Miller
a811d9a9a1 - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime 
using sysconf() if available Based on patches from
   holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
 2004-02-24 13:05:11 +11:00
Darren Tucker
8a4e4f8779 Add missing ok 2004-02-24 10:58:10 +11:00
Darren Tucker
0d27ed1c19 - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found 
with krb5-config, hunt down gssapi.h and friends.  Based partially on patch
   from deengert at anl.gov.

For the MIT Kerberos bug against krb5-config related to this see:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=2240
 2004-02-24 10:37:33 +11:00
Darren Tucker
a6ea420c38 - markus@cvs.openbsd.org 2004/02/23 15:16:46 
[version.h]
     enter 3.8
 2004-02-24 09:24:01 +11:00
Darren Tucker
0acc92a93c - markus@cvs.openbsd.org 2004/02/23 15:12:46 
[bufaux.c]
     encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka
     and drop support for negative BNs; ok otto@
 2004-02-24 09:21:41 +11:00
Darren Tucker
efa3706f05 - markus@cvs.openbsd.org 2004/02/23 12:02:33 
[sshd.c]
     backout revision 1.279; set listen socket to non-block; ok henning.
 2004-02-24 09:20:29 +11:00
Darren Tucker
37bd3663bf - markus@cvs.openbsd.org 2004/02/19 21:15:04 
[sftp-server.c]
     switch to new license.template
 2004-02-24 09:19:15 +11:00
Darren Tucker
1825f26d21 - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the 
non-interactive path.  ok djm@
 2004-02-24 00:01:27 +11:00
Darren Tucker
e828d0c75b Add missed ChangeLog entries for previous commits... 2004-02-22 11:55:07 +11:00
Darren Tucker
15ee748f28 - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test 
to auth-shadow.c, no functional change.  ok djm@
 2004-02-22 09:43:15 +11:00
Damien Miller
2e45cb0fb4 - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@ 2004-02-20 20:37:44 +11:00
Damien Miller
051b0acbbc - (djm) [log.c] Tighten openlog_r tests 2004-02-18 22:59:43 +11:00
Damien Miller
82c78b3b9d - (djm) [log.c] Correct use of HAVE_OPENLOG_R 2004-02-18 15:42:31 +11:00
Damien Miller
05a75b6e5b - jmc@cvs.openbsd.org 2004/02/17 19:35:21 
[sshd_config.5]
     remove cruft left over from RhostsAuthentication removal;
     ok markus@
 2004-02-18 14:31:23 +11:00
Damien Miller
20e1fabace - djm@cvs.openbsd.org 2004/02/17 11:03:08 
[sftp.c]
     sftp.c and sftp-int.c, together at last; ok markus@
 2004-02-18 14:30:55 +11:00
Damien Miller
d7d46bb606 - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2004/02/17 07:17:29
     [sftp-glob.c sftp.c]
     Remove useless headers; ok deraadt@
 2004-02-18 14:11:13 +11:00
Darren Tucker
a22897df06 - (dtucker) [configure.ac] Handle case where krb5-config --libs returns a 
path with a "-" in it.  From Sergio.Gelato at astro.su.se.
 2004-02-18 11:21:12 +11:00
Darren Tucker
5cf8ef735c - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for 
display after login.  Should fix problems like pam_motd not displaying
   anything, noticed by cjwatson at debian.org.  ok djm@
 2004-02-17 23:20:07 +11:00
Darren Tucker
ba53b839d3 - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@ 2004-02-17 20:46:59 +11:00
Damien Miller
34255b9f4c - (djm) Bug #698: Specify FILE: for KRB5CCNAME; patch from 
stadal@suse.cz and simon@sxw.org.uk
 2004-02-17 20:33:52 +11:00
Damien Miller
4e60ed74a6 - djm@cvs.openbsd.org 2004/02/17 05:39:51 
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
     [sftp-int.h sftp.c]
     switch to license.template for code written by me (belated, I know...)
 2004-02-17 17:07:59 +11:00
Damien Miller
98225c2950 - (djm) Simplify the license on code I have written. No code changes. 2004-02-17 16:49:41 +11:00
Tim Rice
3d5352e156 [configure.ac] Make sure -lcrypto is before -lsocket for sco3. ok mouring@ 2004-02-12 09:27:21 -08:00
Tim Rice
9ad7e0e805 [Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh] 
Portablity fixes. Data sftp transfers needs to be world readable. Some
older shells hang on while loops when  doing sh -n some_script. OK dtucker@
 2004-02-12 07:17:10 -08:00
Tim Rice
43fa557ce2 [configure.ac] Fix comment to match code changes in ver 1.117 2004-02-11 14:46:40 -08:00
Darren Tucker
cee6d4cf5a - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check 
if HAS_SHADOW_EXPIRY is set.
 2004-02-11 18:48:52 +11:00
Darren Tucker
13a707b60d - (dtucker) [configure.ac] Bug #345: Do not disable utmp on HP-UX 10.x. 
ok djm@
 2004-02-10 17:15:05 +11:00
Darren Tucker
c28b88a314 - (dtucker) [configure.ac loginrec.c] Bug #464: Use updwtmpx on platforms 
that support it.  from & ok mouring@
 2004-02-10 16:49:35 +11:00
Darren Tucker
cfea2063e5 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move 
include from port-aix.h to port-aix.c and remove unnecessary function
   definition.  Fixes build errors on AIX.

#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c.  Sigh.
 2004-02-10 15:27:34 +11:00
Darren Tucker
1921ed9f96 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to 
change expired PAM passwords for SSHv1 connections without privsep.
   pam_chauthtok is still used when privsep is disabled.  ok djm@
 2004-02-10 13:23:28 +11:00
Darren Tucker
ffae532076 - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #563: Prepend ssh_ to compat 
functions to avoid conflicts with Heimdal's libroken.  ok djm@
 2004-02-10 13:05:40 +11:00
Darren Tucker
9df3defdbb - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h 
defines.h] Bug #14: Use do_pwchange to support password expiry and force
   change for platforms using /etc/shadow.  ok djm@
 2004-02-10 13:01:14 +11:00
Darren Tucker
e3dba82dd4 - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c 
openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
    native password expiry.
 2004-02-10 12:50:19 +11:00
Darren Tucker
693f8a8aae - (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5. 
ok djm@, markus@
 2004-02-07 12:29:39 +11:00
Darren Tucker
fc57f71fb1 - dtucker@cvs.openbsd.org 2004/02/06 23:41:13 
[cipher-ctr.c]
     Use EVP_CIPHER_CTX_key_length for key length.  ok markus@
     (This will fix builds with OpenSSL 0.9.5)
 2004-02-07 10:41:48 +11:00
Darren Tucker
074593538a - (dtucker) [configure.ac includes.h] Include <sys/stream.h> if present, 
required on Solaris 2.5.1 for queue_t, which is used by <sys/ptms.h>.
 2004-02-06 21:29:41 +11:00
Darren Tucker
7f73a4955d - markus@cvs.openbsd.org 2004/02/05 15:33:33 
[progressmeter.c]
     fix ETA for > 4GB; bugzilla #791; ok henning@ deraadt@
 2004-02-06 16:41:37 +11:00
Darren Tucker
a8be9e23d2 - dtucker@cvs.openbsd.org 2004/02/05 05:37:17 
[monitor.c sshd.c]
     Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
 2004-02-06 16:40:27 +11:00
Darren Tucker
23bc8d0bff - markus@cvs.openbsd.org 2004/01/30 09:48:57 
[auth-passwd.c auth.h pathnames.h session.c]
     support for password change; ok dtucker@
     (set password-dead=1w in login.conf to use this).
     In -Portable, this is currently only platforms using bsdauth.
 2004-02-06 16:24:31 +11:00
Darren Tucker
819d4526ca Add bug no. 2004-02-06 16:18:47 +11:00
Darren Tucker
e45674ae80 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore 
previous authdb setting after auth calls.  Fixes problems with setpcred
   failing on accounts that use AFS or NIS password registries.
 2004-02-06 16:17:51 +11:00
Darren Tucker
ecc9d46dc5 - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent 
accidentally inheriting from root's environment.  ok djm@
 2004-02-06 16:04:08 +11:00
Darren Tucker
f58fb7e727 - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO 
for HP-UX 11.11.  If there are known-good configs where this is not
   required, please report them.  ok djm@
 2004-02-06 15:59:06 +11:00
Darren Tucker
ef3a4a208c - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root 
user, since some modules might fail due to lack of privilege.  ok djm@
 2004-02-06 15:30:50 +11:00
Darren Tucker
6977fe742b - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with 
OpenSSL >= 0.9.7.  ok djm@
 2004-02-06 15:26:10 +11:00
Darren Tucker
9976246dfd - (dtucker) [acss.c acss.h] Fix $Id tags. 2004-02-06 15:22:43 +11:00
Darren Tucker
2df334380b - (dtucker) [configure.ac openbsd-compat/bsd-cray.c openbsd-compat/bsd-cray.h] 
Bug #775: Cray fixes from wendy at cray.com
 2004-01-30 14:34:21 +11:00
Darren Tucker
dcc736b7de - (dtucker) [configure.ac] Add --without-zlib-version-check. Feedback from 
tim@, ok several
 2004-01-30 14:20:59 +11:00
Darren Tucker
46662bfc21 - djm@cvs.openbsd.org 2004/01/13 09:49:06 
[sftp-batch.sh]
     don't delete thyself when running without obj/ ; ok markus@
 2004-01-30 13:02:55 +11:00
Darren Tucker
633f3e0dd0 - jmc@cvs.openbsd.org 2003/11/07 10:16:44 
[ssh-com.sh]
     adress -> address, and a few more; all from Jonathon Gray;
 2004-01-30 13:00:29 +11:00
Darren Tucker
22991ba2e2 - dtucker@cvs.openbsd.org 2003/10/11 11:49:49 
[Makefile banner.sh]
     Test missing banner file, suppression of banner with ssh -q, check return
     code from ssh.  ok markus@
 2004-01-30 12:58:51 +11:00
Darren Tucker
77970695de - (dtucker) [moduli] Import new moduli file from OpenBSD. 2004-01-28 15:44:04 +11:00
Darren Tucker
4f9f6794c5 - (dtucker) [regress/README.regress] Add tcpwrappers issue, noted by tim@ 2004-01-28 12:26:14 +11:00
Damien Miller
ec69203e45 - djm@cvs.openbsd.org 2004/01/27 10:08:10 
[sftp.c]
     reorder parsing so user:skey@host:file works (bugzilla #777)
     patch from admorten AT umich.edu; ok markus@
 2004-01-27 21:22:00 +11:00
Damien Miller
f6723f08e0 - djm@cvs.openbsd.org 2004/01/25 03:49:09 
[sshconnect.c]
     reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785)
     from jclonguet AT free.fr; ok millert@
 2004-01-27 21:21:27 +11:00
Damien Miller
b2d1c2b3b8 - hshoexer@cvs.openbsd.org 2004/01/23 19:26:33 
[cipher.c]
     rename acss@opebsd.org to acss@openssh.org
     ok deraadt@
 2004-01-27 21:20:59 +11:00
Damien Miller
b21be84471 - mouring@cvs.openbsd.org 2004/01/23 17:57:48 
[sftp-int.c]
     Fix issue pointed out with ls not handling large directories
     with embeded paths correctly.  OK damien@
 2004-01-27 21:20:11 +11:00
Damien Miller
4f0fe684da - (djm) OpenBSD CVS Sync 
- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
     [cipher.c]
     enable acss for ssh
     ok deraadt@ markus@
 - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
   if libcrypto lacks it
 2004-01-27 21:19:21 +11:00
Tim Rice
01326ebada [defines.h openbsd-compat/getrrsetbyname.h] Move defines for HFIXEDSZ 
and T_SIG to getrrsetbyname.h
 2004-01-26 21:40:35 -08:00
Tim Rice
2597bfd1fb [configure.ac includes.h] add <sys/ptms.h> for grantpt() and friends. 2004-01-26 19:03:39 -08:00
Tim Rice
ba1c2b82c4 [defines.h] Add defines for HFIXEDSZ and T_SIG 2004-01-26 16:02:17 -08:00
Tim Rice
eafd8e9c55 20040126 
[regress/test-exec.sh] RhostsAuthentication is deprecated.
 2004-01-26 14:10:10 -08:00
Tim Rice
3084a6198c Typo in regress/README.regress 2004-01-26 09:37:09 -08:00
Damien Miller
6814411b3e - (djm) Typo in openbsd-compat/bsd-openpty.c; from wendyp AT cray.com 2004-01-24 13:50:39 +11:00
Tim Rice
fcb6220da0 [configure.ac] Remove hard coded -L/usr/local/lib and 
-I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \
CPPFLAGS="-I/usr/local/include" ./configure if needed.
 2004-01-23 18:35:16 -08:00
Darren Tucker
3c78c5ed2f - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] 
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
   include kafs.h unless necessary.  From deengert at anl.gov.

For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
 2004-01-23 22:03:10 +11:00
Darren Tucker
6369958301 - (dtucker) [contrib/cygwin/README] Document new ssh-host-config options. 
Patch from vinschen at redhat.com.
 2004-01-23 21:35:44 +11:00
Darren Tucker
2dcd2393f4 - (dtucker) [configure.ac] Bug #788: Test for zlib.h presence and for 
zlib >= 1.1.4.  Partly from jbasney at ncsa.uiuc.edu.  ok djm@
 2004-01-23 17:13:33 +11:00
Damien Miller
84938141d4 - (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect 
Kerberos location (and thus work with Fedora Core 1);
   from jason AT devrandom.org
 2004-01-23 16:30:03 +11:00
Damien Miller
d352636553 - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from 
ralf.hack AT pipex.net; ok dtucker@
 2004-01-23 14:16:26 +11:00
Tim Rice
c900128e55 [contrib/solaris/buildpkg.sh] Allow for the possibility of 
/usr/local being a symbolic link. Fixes problem reported by Henry Grebler.
 2004-01-22 16:10:03 -08:00
Darren Tucker
7fe8b72771 - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not 
just HEIMDAL.

Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available.  In that case it will be used too.
 2004-01-22 12:48:26 +11:00
Darren Tucker
1d3ca58705 - (dtucker) [configure.ac] Use krb5-config where available for Kerberos/ 
GSSAPI detection, libs and includes.  ok djm@
 2004-01-22 12:05:34 +11:00
Damien Miller
f4da3bb6ca - deraadt@cvs.openbsd.org 2004/01/11 21:55:06 
[sshpty.c]
     for pty opening, only use the openpty() path.  the other stuff only needs
     to be in openssh-p; markus ok
 - (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
   openpty() replacement
 2004-01-21 17:07:16 +11:00
Damien Miller
e4f5a82d6e - djm@cvs.openbsd.org 2004/01/21 03:07:59 
[sftp.c]
     initialise infile in main, rather than statically - from portable
 2004-01-21 14:11:05 +11:00
Damien Miller
fb1310eded - markus@cvs.openbsd.org 2004/01/19 21:25:15 
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
     fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
 2004-01-21 11:02:50 +11:00
Damien Miller
a04ad496f6 - markus@cvs.openbsd.org 2004/01/19 09:24:21 
[channels.c]
     fake consumption for half closed channels since the peer is waiting for
     window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
     reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
 2004-01-21 11:02:09 +11:00
Damien Miller
f84fed6f71 - markus@cvs.openbsd.org 2004/01/13 19:45:15 
[compress.c]
     cast for portability; millert@
 2004-01-21 11:01:23 +11:00
Damien Miller
8f341f8b8b - markus@cvs.openbsd.org 2004/01/13 19:23:15 
[compress.c session.c]
     -Wall; ok henning
 2004-01-21 11:00:46 +11:00
Damien Miller
86a396857d - jmc@cvs.openbsd.org 2004/01/13 12:17:33 
[sftp.1]
     remove unnecessary Ic's;
     kill whitespace at EOL;

     ok djm@
 2004-01-21 11:00:04 +11:00
Damien Miller
44f75c14f6 - djm@cvs.openbsd.org 2004/01/13 09:25:05 
[sftp-int.c sftp.1 sftp.c]
     Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and
     enable use of "-b -" to accept batchfile from stdin; ok markus@
 2004-01-21 10:58:47 +11:00
Darren Tucker
a8df9248ce - (dtucker) [auth-pam.c] Add minor debugging. 2004-01-15 00:15:07 +11:00
Darren Tucker
7ae0962798 - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add 
test for case where cleanup has already run.
 2004-01-14 23:07:56 +11:00
Darren Tucker
749bc95bd8 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits 
unexpectedly.  with & ok djm@
 2004-01-14 22:14:04 +11:00
Darren Tucker
1b27c8fbcb - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No 
functional changes.

This is in preparation for a change to catch the authentication thread
exitting unexpectedly, to split functional and cosmetic changes.
 2004-01-13 22:35:58 +11:00
Darren Tucker
fd0894adae - (dtucker) [configure.ac] Remove extra (typo) comma. 2004-01-09 00:19:25 +11:00
Darren Tucker
0234e8607f - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and 
only define if not already.  From des at freebsd.org.
 2004-01-08 23:32:04 +11:00
Darren Tucker
409cb328c1 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] 
Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
 2004-01-05 22:36:51 +11:00
Darren Tucker
e918318f2b - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails. Patch from 
cjwatson at debian.org.
 2004-01-05 08:16:34 +11:00
Damien Miller
0f47c53742 - (djm) OSX/Darwin put the PAM headers in a different place, detect this. 
Report from jakob@
 2004-01-02 18:01:30 +11:00
Damien Miller
c8ec16651e - (djm) Remove useless DNS support configure summary message. from jakob@ 2004-01-02 17:53:04 +11:00
Damien Miller
7a2ea78cc4 - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from 
jakob@
 2004-01-02 17:52:10 +11:00
Darren Tucker
2a6b029f99 - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist. 2003-12-31 14:59:17 +11:00
Darren Tucker
ea2870619d - dtucker@cvs.openbsd.org 2003/12/31 00:24:50 
[auth2-passwd.c]
     Ignore password change request during password auth (which we currently
     don't support) and discard proposed new password.  corrections/ok markus@
 2003-12-31 11:43:24 +11:00
Darren Tucker
0b3b97512f - millert@cvs.openbsd.org 2003/12/29 16:39:50 
[sshd_config]
     KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
 2003-12-31 11:38:32 +11:00
Darren Tucker
22ef508754 - jakob@cvs.openbsd.org 2003/12/23 16:12:10 
[servconf.c servconf.h session.c sshd_config]
     implement KerberosGetAFSToken server option. ok markus@, beck@
 2003-12-31 11:37:34 +11:00
Darren Tucker
a32e19c637 - markus@cvs.openbsd.org 2003/12/22 20:29:55 
[cipher-3des1.c]
     EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr
 2003-12-31 11:36:00 +11:00
Darren Tucker
06930c70ad - djm@cvs.openbsd.org 2003/12/22 09:16:58 
[moduli.c ssh-keygen.1 ssh-keygen.c]
     tidy up moduli generation debugging, add -v (verbose/debug) option to
     ssh-keygen; ok markus@
 2003-12-31 11:34:51 +11:00
Darren Tucker
3715be3cd3 - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we 
typedef size_t ourselves.
 2003-12-19 10:58:43 +11:00
Darren Tucker
07705c788e - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive 
authentication.  Partially fixes bug #423.  Feedback & ok djm@

Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
  we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
  authentication thread and once from the main shell child, so we cache the
  result, which must be passed from the authentication thread back to the
  monitor.
 2003-12-18 15:34:31 +11:00
Darren Tucker
454da0b3dc - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban. 2003-12-18 12:52:19 +11:00
Ben Lindstrom
563eb99711 - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are 
using a real 'signal()' (Noticed by a NeXT Compile)
 2003-12-18 00:34:06 +00:00
Darren Tucker
e937be36c3 - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for 
setres[ug]id() present but not implemented (eg some Linux/glibc
   combinations).
 2003-12-17 18:53:26 +11:00
Damien Miller
8975ddf11b - markus@cvs.openbsd.org 2003/12/16 15:51:54 
[dh.c]
     use <= instead of < in dh_estimate; ok provos/hshoexer;
     do not return < DH_GRP_MIN
 2003-12-17 16:33:53 +11:00
Damien Miller
509b0107f0 - markus@cvs.openbsd.org 2003/12/16 15:49:51 
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
     [ssh.c ssh_config.5]
     application layer keep alive (ServerAliveInterval ServerAliveCountMax)
     for ssh(1), similar to the sshd(8) option; ok beck@; with help from
     jmc and dtucker@
 2003-12-17 16:33:10 +11:00
Damien Miller
baafb981a4 - markus@cvs.openbsd.org 2003/12/14 12:37:21 
[ssh_config.5]
     we don't support GSS KEX; from Simon Wilkinson
 2003-12-17 16:32:23 +11:00
Damien Miller
d696551443 - dtucker@cvs.openbsd.org 2003/12/09 23:45:32 
[clientloop.c]
     Clear exit code when ssh -N is terminated with a SIGTERM.  ok markus@
 2003-12-17 16:31:53 +11:00
Damien Miller
12c150e7e0 - markus@cvs.openbsd.org 2003/12/09 21:53:37 
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@
 2003-12-17 16:31:10 +11:00
Damien Miller
9836cf8d71 - markus@cvs.openbsd.org 2003/12/09 17:30:05 
[ssh.c]
     don't modify argv for ssh -o; similar to sshd.c 1.283
 2003-12-17 16:30:06 +11:00
Damien Miller
b9997192a7 - markus@cvs.openbsd.org 2003/12/09 17:29:04 
[sshd.c]
     fix -o and HUP; ok henning@
 2003-12-17 16:29:22 +11:00
Damien Miller
b5820f40bf 20031217 
- (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2003/12/09 15:28:43
     [serverloop.c]
     make ClientKeepAlive work for ssh -N, too (no login shell requested).
     1) send a bogus channel request if we find a channel
     2) send a bogus global request if we don't have a channel
     ok + test beck@
 2003-12-17 16:27:32 +11:00
Darren Tucker
5cd9d443ef - dtucker@cvs.openbsd.org 2003/12/09 13:52:55 
[moduli.c]
     Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
     they can't be used for Diffie-Hellman.  Assistance and ok djm@
 2003-12-10 00:54:38 +11:00
Darren Tucker
a615314d3b - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below. 2003-12-10 00:52:37 +11:00
Darren Tucker
1cbc444935 - djm@cvs.openbsd.org 2003/12/07 06:34:18 
[moduli.c]
     remove unused debugging #define templates
 2003-12-09 19:19:38 +11:00
Darren Tucker
564f19e237 - markus@cvs.openbsd.org 2003/12/08 11:00:47 
[kexgexc.c]
     print requested group size in debug; ok djm
 2003-12-09 19:18:07 +11:00
Darren Tucker
3175eb9a5a - markus@cvs.openbsd.org 2003/12/02 17:01:15 
[channels.c session.c ssh-agent.c ssh.h sshd.c]
     use SSH_LISTEN_BACKLOG (=128) in listen(2).
 2003-12-09 19:15:11 +11:00
Darren Tucker
1fb0425359 - markus@cvs.openbsd.org 2003/12/02 12:15:10 
[progressmeter.c]
     improvments from andreas@:
     * saner speed estimate for transfers that takes less than a second by
       rounding the time to 1 second.
     * when the transfer is finished calculate the actual total speed
       rather than the current speed which is given during the transfer
 2003-12-09 19:07:13 +11:00
Darren Tucker
37afa9d9a4 - djm@cvs.openbsd.org 2003/11/26 21:44:29 
[cipher-aes.c]
     fix #ifdef before #define; ok markus@
     (RCS ID sync only, Portable already had this)
 2003-12-09 19:05:42 +11:00
Darren Tucker
4c56843e44 - matthieu@cvs.openbsd.org 2003/11/25 23:10:08 
[ssh-add.1]
     ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
 2003-12-09 19:01:51 +11:00
Tim Rice
88368a3034 [configure.ac] Bug 770. Fix --without-rpath. 2003-12-08 12:35:59 -08:00
Damien Miller
3db2e4daf7 - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original 
source file path (in OpenBSD tree).
 2003-11-24 13:33:34 +11:00
Damien Miller
e0113ccc08 - dtucker@cvs.openbsd.org 2003/11/24 00:16:35 
[ssh.1 ssh.c]
     Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
 2003-11-24 13:10:09 +11:00
Damien Miller
a4b33dfb6d - djm@cvs.openbsd.org 2003/11/23 23:18:45 
[ssh-keygen.c]
     consistency PATH_MAX -> MAXPATHLEN; ok markus@
     (RCS ID sync only)
   - djm@cvs.openbsd.org 2003/11/23 23:21:21
     [scp.c]
     from portable: rename clashing variable limit-> limit_rate; ok markus@
     (RCS ID sync only)
 2003-11-24 13:09:27 +11:00
Damien Miller
e00074a726 - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2003/11/23 23:17:34
     [ssh-keyscan.c]
     from portable - use sysconf to detect fd limit; ok markus@
     (tidy diff by adding SSH_SSFDMAX macro to defines.h)
 2003-11-24 13:07:45 +11:00
Damien Miller
927f52783e - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own 
function and call it unconditionally
 2003-11-24 12:57:25 +11:00
Damien Miller
5924ceb22d - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code 2003-11-22 15:02:42 +11:00
Damien Miller
841b9f1aad - (djm) [sftp-int.c] Remove duplicated code from bogus sync 2003-11-22 14:48:49 +11:00
Damien Miller
4da295c051 - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch 2003-11-22 14:39:04 +11:00
Darren Tucker
4e06a1d75d - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net. 
Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
   is enabled, rely on SIA to check for locked accounts if enabled.  ok djm@
 2003-11-22 14:25:15 +11:00
Darren Tucker
d76341616d - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] 
Move AIX specific password authentication code to port-aix.c, call
   authenticate() until reenter flag is clear.
 2003-11-22 14:16:56 +11:00
Darren Tucker
240fdfa909 - (dtucker) [channels.c] Make AIX write limit code clearer. Suggested by djm@ 2003-11-22 14:10:02 +11:00
Damien Miller
a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Damien Miller
8c5e91c03f - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/11/20 11:39:28
     [progressmeter.c]
     fix rounding errors; from andreas@
 2003-11-21 23:09:10 +11:00
Damien Miller
f96d18362d - djm@cvs.openbsd.org 2003/11/18 10:53:07 
[monitor.c]
     unbreak fake authloop for non-existent users (my screwup). Spotted and
     tested by dtucker@; ok markus@
 2003-11-18 22:01:48 +11:00
Damien Miller
4bb1dd3166 - (djm) OpenBSD CVS Sync 
- dtucker@cvs.openbsd.org 2003/11/18 00:40:05
     [serverloop.c]
     Correct check for authctxt->valid.  ok djm@
 2003-11-18 22:01:25 +11:00
Darren Tucker
8a1624c42d - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ 2003-11-18 12:45:35 +11:00
Darren Tucker
18df00cc77 - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv, 
and use it for do_pam_session.  Fixes problems like pam_motd not displaying
   anything.  ok djm@
 2003-11-18 12:42:07 +11:00
Damien Miller
6aef38f5ac - (djm) Fix early exit for root auth success when UsePAM=yes and 
PermitRootLogin=no
 2003-11-18 10:45:20 +11:00
Damien Miller
0425d40194 - markus@cvs.openbsd.org 2003/11/17 11:06:07 
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h sshconnect2.c ssh-gss.h]
     replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
     test + ok jakob.
 2003-11-17 22:18:21 +11:00
Damien Miller
c756e9b56e - (djm) Export environment variables from authentication subprocess to 
parent. Part of Bug #717
 2003-11-17 21:41:42 +11:00
Damien Miller
9bdba70350 - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int 
conversation function
 2003-11-17 21:27:55 +11:00
Damien Miller
51bf11fcc9 - djm@cvs.openbsd.org 2003/11/17 09:45:39 
[msg.c msg.h sshconnect2.c ssh-keysign.c]
     return error on msg send/receive failure (rather than fatal); ok markus@
 2003-11-17 21:20:47 +11:00
Damien Miller
91c6aa4468 - markus@cvs.openbsd.org 2003/11/14 13:19:09 
[sshconnect2.c]
     cleanup and minor fixes for the client code; from Simon Wilkinson
 2003-11-17 21:20:18 +11:00
Damien Miller
fe44847cb8 - jmc@cvs.openbsd.org 2003/11/12 20:14:51 
[ssh_config.5]
     make verb agree with subject, and kill some whitespace;
 2003-11-17 21:19:49 +11:00
Damien Miller
150b55745b - jakob@cvs.openbsd.org 2003/11/12 16:39:58 
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
     update SSHFP validation. ok markus@
 2003-11-17 21:19:29 +11:00
Damien Miller
c1f2792bd0 - dtucker@cvs.openbsd.org 2003/11/12 10:12:15 
[scp.c]
     When called with -q, pass -q to ssh; suppresses SSH2 banner.  ok markus@
 2003-11-17 21:19:05 +11:00
Damien Miller
f58b58ced1 - jakob@cvs.openbsd.org 2003/11/10 16:23:41 
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
     constify. ok markus@ & djm@
 2003-11-17 21:18:23 +11:00
Damien Miller
939cd38122 - jmc@cvs.openbsd.org 2003/11/08 19:17:29 
[sftp-int.c]
     typos from Jonathon Gray;
 2003-11-17 21:17:24 +11:00
Damien Miller
a9fcd3ada2 - jakob@cvs.openbsd.org 2003/11/08 16:02:40 
[auth1.c]
     remove unused variable (pw). ok djm@
     (id sync only - still used in portable)
 2003-11-17 21:16:55 +11:00
Damien Miller
3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09 
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
 2003-11-17 21:13:40 +11:00
Damien Miller
8f746ec970 - jakob@cvs.openbsd.org 2003/11/03 09:37:32 
[sshconnect.c]
     do not free static type pointer in warn_changed_key()
 2003-11-17 21:11:15 +11:00
Damien Miller
5a38897dbb - jakob@cvs.openbsd.org 2003/11/03 09:09:41 
[sshconnect.c]
     move changed key warning into warn_changed_key(). ok markus@
 2003-11-17 21:10:47 +11:00
Damien Miller
3e8f41e6ac - (djm) OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2003/11/03 09:03:37
     [auth-chall.c]
     make this a little more idiot-proof; ok markus@
     (includes portable-specific changes)
 2003-11-17 21:09:50 +11:00
Darren Tucker
203c40b513 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and 
HP-UX, skip test on AIX.
 2003-11-15 12:13:16 +11:00
Darren Tucker
ae52b7ca59 - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and 
PAM_ERROR_MSG messages.
 2003-11-13 19:52:31 +11:00
Darren Tucker
798ca84d60 - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All 
contrib/cygwin).  Major update from vinschen at redhat.com.
   - Makefile provides a `cygwin-postinstall' target to run right after
     `make install'.
   - Better support for Windows 2003 Server.
   - Try to get permissions as correct as possible.
   - New command line options to allow full automated host configuration.
   - Create configs from skeletons in /etc/defaults/etc.
   - Use /bin/bash, allows reading user input with readline support.
   - Remove really old configs from /usr/local.
 2003-11-13 11:28:49 +11:00
Darren Tucker
0947ddff72 - (dtucker) [auth-pam.c] Append newlines to lines output by the 
pam_chauthtok_conv().
 2003-11-13 11:21:31 +11:00
Damien Miller
418a386f2b - (djm) Clarify UsePAM consequences a little more 2003-11-06 20:27:51 +11:00
Darren Tucker
be8a771af1 - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid. 2003-11-03 22:52:52 +11:00
Darren Tucker
655a5e0987 - markus@cvs.openbsd.org 2003/11/02 11:01:03 
[auth2-gss.c compat.c compat.h sshconnect2.c]
     remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
 2003-11-03 20:09:03 +11:00
Darren Tucker
6db8f936ae - markus@cvs.openbsd.org 2003/10/28 09:08:06 
[misc.c]
     error->debug for getsockopt+TCP_NODELAY; several requests
 2003-11-03 20:07:14 +11:00
Darren Tucker
56afe145e0 - avsm@cvs.openbsd.org 2003/10/26 16:57:43 
[sshconnect2.c]
     rename 'supported' static var in userauth_gssapi() to 'gss_supported'
     to avoid shadowing the global version.  markus@ ok
 2003-11-03 20:06:14 +11:00
Darren Tucker
8cc39788cb - markus@cvs.openbsd.org 2003/10/21 09:50:06 
[auth2-gss.c]
     make sure the doid is larger than 2
 2003-11-03 20:05:03 +11:00
Darren Tucker
a47c9bcda6 - markus@cvs.openbsd.org 2003/10/15 09:48:45 
[monitor_wrap.c]
     check pmonitor != NULL
 2003-11-03 20:03:25 +11:00
Darren Tucker
7c582db74b - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services 
are created correctly with CRLF line terminations.  Patch from vinschen at
   redhat.com.
 2003-11-03 18:59:29 +11:00