Commit Graph

4087 Commits

Author SHA1 Message Date
Damien Miller
ed462d9a45 write seed to temporary file and atomically rename into place; ok dtucker@ 2005-02-16 13:02:45 +11:00
Damien Miller
66df70c97d knf: function names at start of line 2005-02-16 13:01:28 +11:00
Darren Tucker
e13eace522 IPv6 works on AIX5.1ML7 too. 2005-02-15 22:44:05 +11:00
Darren Tucker
a39f83eeee - (dtucker) [loginrec.c] Add missing #include. 2005-02-15 22:19:28 +11:00
Darren Tucker
691d5235ca - (dtucker) [README.platform auth.c configure.ac loginrec.c
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
   on AIX where possible (see README.platform for details) and work around
   a misfeature of AIX's getnameinfo.  ok djm@
2005-02-15 21:45:57 +11:00
Darren Tucker
f04c361675 - (dtucker) [config.sh.in] Collect oslevel -r too. 2005-02-15 21:26:32 +11:00
Darren Tucker
15af68f767 - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. 2005-02-11 18:32:13 +11:00
Darren Tucker
1b6f2291e4 - (dtucker) [configure.ac] Tidy up configure --help output. 2005-02-11 16:11:49 +11:00
Darren Tucker
2f9573df71 - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the
--disable-etc-default-login configure option.
2005-02-10 22:28:54 +11:00
Darren Tucker
33370e0287 - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
the username to be passed to the passwd command when changing expired
   passwords.  ok djm@
2005-02-09 22:17:28 +11:00
Darren Tucker
c7e38d59e9 - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir
paths.  ok djm@
2005-02-09 22:12:30 +11:00
Darren Tucker
92170a8626 - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
disable_forwarding() from compat library. Prevent linker errrors trying
   to resolve it for binaries other than sshd.  ok djm@
2005-02-09 17:08:23 +11:00
Darren Tucker
96d4710e38 - dtucker@cvs.openbsd.org 2005/02/08 22:24:57
[sshd.c]
     Provide reason in error message if getnameinfo fails; ok markus@
2005-02-09 09:53:48 +11:00
Darren Tucker
5b53026f71 - dtucker@cvs.openbsd.org 2005/01/30 11:18:08
[monitor.c]
     Make code match intent; ok djm@
2005-02-09 09:52:17 +11:00
Darren Tucker
43d8e28763 - jmc@cvs.openbsd.org 2005/01/28 18:14:09
[ssh_config.5]
     wording;
     ok markus@
2005-02-09 09:51:08 +11:00
Darren Tucker
79a7acfebd - jmc@cvs.openbsd.org 2005/01/28 15:05:43
[ssh_config.5]
     grammar;
2005-02-09 09:48:57 +11:00
Darren Tucker
3f166dfcb5 - dtucker@cvs.openbsd.org 2005/01/28 09:45:53
[ssh_config]
     Make it clear that the example entries in ssh_config are only some of the
     commonly-used options and refer the user to ssh_config(5) for more
     details; ok djm@
2005-02-09 09:46:47 +11:00
Darren Tucker
2e0cf0dca2 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker
b4d3012d2e - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. 2005-02-08 21:06:55 +11:00
Darren Tucker
feb6f7f244 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the
regress tests so newer versions of GNU head(1) behave themselves.  Patch
   by djm, so ok me.
2005-02-08 20:17:17 +11:00
Darren Tucker
40d9a63788 - (dtucker) [auth.c] Fix parens in audit log check. 2005-02-04 15:19:44 +11:00
Darren Tucker
598ba7b5e2 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. 2005-02-04 15:05:08 +11:00
Darren Tucker
6dce99142b typo 2005-02-03 15:07:37 +11:00
Darren Tucker
b15931ae5b - (dtucker) [added audit.c audit.h] Bug #125: (first stage) Add audit
instrumentation to sshd, currently disabled by default.  with suggestions
   from and djm@
2005-02-03 00:37:14 +11:00
Darren Tucker
269a1ea1c8 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
   (first stage) Add audit instrumentation to sshd, currently disabled by
   default.  with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker
2fba993080 - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
Bug #974: Teach sshd to write failed login records to btmp for failed auth
   attempts (currently only for password, kbdint and C/R, only on Linux and
   HP-UX), based on code from login.c from util-linux. With ashok_kovai at
   hotmail.com, ok djm@
2005-02-02 23:30:24 +11:00
Darren Tucker
9dc6c7dbec - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process.  Since we also unset KRB5CCNAME at startup, if it's set after
   authentication it must have been set by the platform's native auth system.
   This was already done for AIX; this enables it for the general case.
2005-02-02 18:30:33 +11:00
Darren Tucker
42d9dc75ed - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
Make record_failed_login() call provide hostname rather than having the
   implementations having to do lookups themselves.  Only affects AIX and
   UNICOS (the latter only uses the "user" parameter anyway).  ok djm@
2005-02-02 17:10:11 +11:00
Darren Tucker
ad7646a59a - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
rev 1.11 from OpenBSD and make it use fchdir if available.  ok djm@
2005-02-02 10:43:59 +11:00
Darren Tucker
9dca099aec - (dtucker) [sshd_config.5] Bug #701: remove warning about
keyboard-interactive since this is no longer the case.
2005-02-01 19:16:45 +11:00
Darren Tucker
9b5495d23e - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
platforms syslog will revert to its default values.  This may result in
   messages from external libraries (eg libwrap) being sent to a different
   facility.
2005-02-01 17:35:09 +11:00
Darren Tucker
218f178cb2 - dtucker@cvs.openbsd.org 2005/01/24 11:47:13
[auth-passwd.c]
     #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
2005-01-24 22:50:47 +11:00
Darren Tucker
1b7223c005 - dtucker@cvs.openbsd.org 2005/01/24 10:29:06
[moduli]
     Import new moduli; requested by deraadt@ a week ago
2005-01-24 22:00:40 +11:00
Darren Tucker
ba66df81a3 - dtucker@cvs.openbsd.org 2005/01/24 10:22:06
[scp.c sftp.c]
     Have scp and sftp wait for the spawned ssh to exit before they exit
     themselves.  This prevents ssh from being unable to restore terminal
     modes (not normally a problem on OpenBSD but common with -Portable
     on POSIX platforms).  From peak at argo.troja.mff.cuni.cz (bz#950);
     ok djm@ markus@
2005-01-24 21:57:40 +11:00
Darren Tucker
660db78af2 - djm@cvs.openbsd.org 2005/01/23 10:18:12
[cipher.c]
     config option "Ciphers" should be case-sensitive; ok dtucker@
2005-01-24 21:57:11 +11:00
Darren Tucker
094cd0ba02 - dtucker@cvs.openbsd.org 2005/01/22 08:17:59
[auth.c]
     Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
     DenyGroups.  bz #909, ok djm@
2005-01-24 21:56:48 +11:00
Darren Tucker
5c14c73429 - otto@cvs.openbsd.org 2005/01/21 08:32:02
[auth-passwd.c sshd.c]
     Warn in advance for password and account expiry; initialize loginmsg
     buffer earlier and clear it after privsep fork. ok and help dtucker@
     markus@
2005-01-24 21:55:49 +11:00
Darren Tucker
3c66080aa2 - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
the list of available kbdint devices if UsePAM=no.  ok djm@
2005-01-20 22:20:50 +11:00
Darren Tucker
33bc334a8b - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
bytes to prevent errors from login_init_entry() when the username is
   exactly 64 bytes(!) long.  From brhamon at cisco.com, ok djm@
2005-01-20 22:07:29 +11:00
Darren Tucker
d5bfa8f9d8 Oops, did not intend to commit this yet 2005-01-20 13:29:51 +11:00
Darren Tucker
d231186fd0 - djm@cvs.openbsd.org 2004/12/22 02:13:19
[cipher-ctr.c cipher.c]
     remove fallback AES support for old OpenSSL, as OpenBSD has had it for
     many years now; ok deraadt@
     (Id sync only: Portable will continue to support older OpenSSLs)
2005-01-20 13:27:56 +11:00
Darren Tucker
36a3d60347 - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
existence via keyboard-interactive/pam, in conjunction with previous
   auth2-chall.c change; with Colin Watson and djm.
2005-01-20 12:43:38 +11:00
Darren Tucker
611649ebf0 - dtucker@cvs.openbsd.org 2005/01/19 13:11:47
[auth-bsdauth.c auth2-chall.c]
     Have keyboard-interactive code call the drivers even for responses for
     invalid logins.  This allows the drivers themselves to decide how to
     handle them and prevent leaking information where possible.  Existing
     behaviour for bsdauth is maintained by checking authctxt->valid in the
     bsdauth driver.  Note that any third-party kbdint drivers will now need
     to be able to handle responses for invalid logins.  ok markus@
2005-01-20 11:05:34 +11:00
Darren Tucker
ea7c8127ce - dtucker@cvs.openbsd.org 2005/01/17 22:48:39
[sshd.c]
     Make debugging output continue after reexec; ok djm@
2005-01-20 11:03:08 +11:00
Darren Tucker
f0e792ec1c - dtucker@cvs.openbsd.org 2005/01/17 03:25:46
[moduli.c]
     Correct spelling: SCHNOOR->SCHNORR; ok djm@
2005-01-20 11:02:26 +11:00
Darren Tucker
b3509014ce - jmc@cvs.openbsd.org 2005/01/08 00:41:19
[sshd_config.5]
     `login'(n) -> `log in'(v);
2005-01-20 11:01:46 +11:00
Darren Tucker
b2161e37f5 - markus@cvs.openbsd.org 2005/01/05 08:51:32
[sshconnect.c]
     remove dead code, log connect() failures with level error, ok djm@
2005-01-20 11:00:46 +11:00
Darren Tucker
0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
2005-01-20 10:57:56 +11:00
Darren Tucker
7cfeecf670 - markus@cvs.openbsd.org 2004/12/23 17:38:07
[ssh-keygen.c]
     leak; from mpech
2005-01-20 10:56:31 +11:00
Darren Tucker
172a5e8cb8 - markus@cvs.openbsd.org 2004/12/23 17:35:48
[session.c]
     check for NULL; from mpech
2005-01-20 10:55:46 +11:00