Commit Graph

3326 Commits

Author SHA1 Message Date
Tim Rice 43fa557ce2 [configure.ac] Fix comment to match code changes in ver 1.117 2004-02-11 14:46:40 -08:00
Darren Tucker cee6d4cf5a - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check
if HAS_SHADOW_EXPIRY is set.
2004-02-11 18:48:52 +11:00
Darren Tucker 13a707b60d - (dtucker) [configure.ac] Bug #345: Do not disable utmp on HP-UX 10.x.
ok djm@
2004-02-10 17:15:05 +11:00
Darren Tucker c28b88a314 - (dtucker) [configure.ac loginrec.c] Bug #464: Use updwtmpx on platforms
that support it.  from & ok mouring@
2004-02-10 16:49:35 +11:00
Darren Tucker cfea2063e5 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
include from port-aix.h to port-aix.c and remove unnecessary function
   definition.  Fixes build errors on AIX.

#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c.  Sigh.
2004-02-10 15:27:34 +11:00
Darren Tucker 1921ed9f96 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
change expired PAM passwords for SSHv1 connections without privsep.
   pam_chauthtok is still used when privsep is disabled.  ok djm@
2004-02-10 13:23:28 +11:00
Darren Tucker ffae532076 - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #563: Prepend ssh_ to compat
functions to avoid conflicts with Heimdal's libroken.  ok djm@
2004-02-10 13:05:40 +11:00
Darren Tucker 9df3defdbb - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
defines.h] Bug #14: Use do_pwchange to support password expiry and force
   change for platforms using /etc/shadow.  ok djm@
2004-02-10 13:01:14 +11:00
Darren Tucker e3dba82dd4 - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
    native password expiry.
2004-02-10 12:50:19 +11:00
Darren Tucker 693f8a8aae - (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5.
ok djm@, markus@
2004-02-07 12:29:39 +11:00
Darren Tucker fc57f71fb1 - dtucker@cvs.openbsd.org 2004/02/06 23:41:13
[cipher-ctr.c]
     Use EVP_CIPHER_CTX_key_length for key length.  ok markus@
     (This will fix builds with OpenSSL 0.9.5)
2004-02-07 10:41:48 +11:00
Darren Tucker 074593538a - (dtucker) [configure.ac includes.h] Include <sys/stream.h> if present,
required on Solaris 2.5.1 for queue_t, which is used by <sys/ptms.h>.
2004-02-06 21:29:41 +11:00
Darren Tucker 7f73a4955d - markus@cvs.openbsd.org 2004/02/05 15:33:33
[progressmeter.c]
     fix ETA for > 4GB; bugzilla #791; ok henning@ deraadt@
2004-02-06 16:41:37 +11:00
Darren Tucker a8be9e23d2 - dtucker@cvs.openbsd.org 2004/02/05 05:37:17
[monitor.c sshd.c]
     Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
2004-02-06 16:40:27 +11:00
Darren Tucker 23bc8d0bff - markus@cvs.openbsd.org 2004/01/30 09:48:57
[auth-passwd.c auth.h pathnames.h session.c]
     support for password change; ok dtucker@
     (set password-dead=1w in login.conf to use this).
     In -Portable, this is currently only platforms using bsdauth.
2004-02-06 16:24:31 +11:00
Darren Tucker 819d4526ca Add bug no. 2004-02-06 16:18:47 +11:00
Darren Tucker e45674ae80 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls.  Fixes problems with setpcred
   failing on accounts that use AFS or NIS password registries.
2004-02-06 16:17:51 +11:00
Darren Tucker ecc9d46dc5 - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent
accidentally inheriting from root's environment.  ok djm@
2004-02-06 16:04:08 +11:00
Darren Tucker f58fb7e727 - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO
for HP-UX 11.11.  If there are known-good configs where this is not
   required, please report them.  ok djm@
2004-02-06 15:59:06 +11:00
Darren Tucker ef3a4a208c - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root
user, since some modules might fail due to lack of privilege.  ok djm@
2004-02-06 15:30:50 +11:00
Darren Tucker 6977fe742b - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with
OpenSSL >= 0.9.7.  ok djm@
2004-02-06 15:26:10 +11:00
Darren Tucker 9976246dfd - (dtucker) [acss.c acss.h] Fix $Id tags. 2004-02-06 15:22:43 +11:00
Darren Tucker 2df334380b - (dtucker) [configure.ac openbsd-compat/bsd-cray.c openbsd-compat/bsd-cray.h]
Bug #775: Cray fixes from wendy at cray.com
2004-01-30 14:34:21 +11:00
Darren Tucker dcc736b7de - (dtucker) [configure.ac] Add --without-zlib-version-check. Feedback from
tim@, ok several
2004-01-30 14:20:59 +11:00
Darren Tucker 46662bfc21 - djm@cvs.openbsd.org 2004/01/13 09:49:06
[sftp-batch.sh]
     don't delete thyself when running without obj/ ; ok markus@
2004-01-30 13:02:55 +11:00
Darren Tucker 633f3e0dd0 - jmc@cvs.openbsd.org 2003/11/07 10:16:44
[ssh-com.sh]
     adress -> address, and a few more; all from Jonathon Gray;
2004-01-30 13:00:29 +11:00
Darren Tucker 22991ba2e2 - dtucker@cvs.openbsd.org 2003/10/11 11:49:49
[Makefile banner.sh]
     Test missing banner file, suppression of banner with ssh -q, check return
     code from ssh.  ok markus@
2004-01-30 12:58:51 +11:00
Darren Tucker 77970695de - (dtucker) [moduli] Import new moduli file from OpenBSD. 2004-01-28 15:44:04 +11:00
Darren Tucker 4f9f6794c5 - (dtucker) [regress/README.regress] Add tcpwrappers issue, noted by tim@ 2004-01-28 12:26:14 +11:00
Damien Miller ec69203e45 - djm@cvs.openbsd.org 2004/01/27 10:08:10
[sftp.c]
     reorder parsing so user:skey@host:file works (bugzilla #777)
     patch from admorten AT umich.edu; ok markus@
2004-01-27 21:22:00 +11:00
Damien Miller f6723f08e0 - djm@cvs.openbsd.org 2004/01/25 03:49:09
[sshconnect.c]
     reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785)
     from jclonguet AT free.fr; ok millert@
2004-01-27 21:21:27 +11:00
Damien Miller b2d1c2b3b8 - hshoexer@cvs.openbsd.org 2004/01/23 19:26:33
[cipher.c]
     rename acss@opebsd.org to acss@openssh.org
     ok deraadt@
2004-01-27 21:20:59 +11:00
Damien Miller b21be84471 - mouring@cvs.openbsd.org 2004/01/23 17:57:48
[sftp-int.c]
     Fix issue pointed out with ls not handling large directories
     with embeded paths correctly.  OK damien@
2004-01-27 21:20:11 +11:00
Damien Miller 4f0fe684da - (djm) OpenBSD CVS Sync
- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
     [cipher.c]
     enable acss for ssh
     ok deraadt@ markus@
 - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
   if libcrypto lacks it
2004-01-27 21:19:21 +11:00
Tim Rice 01326ebada [defines.h openbsd-compat/getrrsetbyname.h] Move defines for HFIXEDSZ
and T_SIG to getrrsetbyname.h
2004-01-26 21:40:35 -08:00
Tim Rice 2597bfd1fb [configure.ac includes.h] add <sys/ptms.h> for grantpt() and friends. 2004-01-26 19:03:39 -08:00
Tim Rice ba1c2b82c4 [defines.h] Add defines for HFIXEDSZ and T_SIG 2004-01-26 16:02:17 -08:00
Tim Rice eafd8e9c55 20040126
[regress/test-exec.sh] RhostsAuthentication is deprecated.
2004-01-26 14:10:10 -08:00
Tim Rice 3084a6198c Typo in regress/README.regress 2004-01-26 09:37:09 -08:00
Damien Miller 6814411b3e - (djm) Typo in openbsd-compat/bsd-openpty.c; from wendyp AT cray.com 2004-01-24 13:50:39 +11:00
Tim Rice fcb6220da0 [configure.ac] Remove hard coded -L/usr/local/lib and
-I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \
CPPFLAGS="-I/usr/local/include" ./configure if needed.
2004-01-23 18:35:16 -08:00
Darren Tucker 3c78c5ed2f - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
   include kafs.h unless necessary.  From deengert at anl.gov.

For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
2004-01-23 22:03:10 +11:00
Darren Tucker 6369958301 - (dtucker) [contrib/cygwin/README] Document new ssh-host-config options.
Patch from vinschen at redhat.com.
2004-01-23 21:35:44 +11:00
Darren Tucker 2dcd2393f4 - (dtucker) [configure.ac] Bug #788: Test for zlib.h presence and for
zlib >= 1.1.4.  Partly from jbasney at ncsa.uiuc.edu.  ok djm@
2004-01-23 17:13:33 +11:00
Damien Miller 84938141d4 - (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect
Kerberos location (and thus work with Fedora Core 1);
   from jason AT devrandom.org
2004-01-23 16:30:03 +11:00
Damien Miller d352636553 - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from
ralf.hack AT pipex.net; ok dtucker@
2004-01-23 14:16:26 +11:00
Tim Rice c900128e55 [contrib/solaris/buildpkg.sh] Allow for the possibility of
/usr/local being a symbolic link. Fixes problem reported by Henry Grebler.
2004-01-22 16:10:03 -08:00
Darren Tucker 7fe8b72771 - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
just HEIMDAL.

Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available.  In that case it will be used too.
2004-01-22 12:48:26 +11:00
Darren Tucker 1d3ca58705 - (dtucker) [configure.ac] Use krb5-config where available for Kerberos/
GSSAPI detection, libs and includes.  ok djm@
2004-01-22 12:05:34 +11:00
Damien Miller f4da3bb6ca - deraadt@cvs.openbsd.org 2004/01/11 21:55:06
[sshpty.c]
     for pty opening, only use the openpty() path.  the other stuff only needs
     to be in openssh-p; markus ok
 - (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
   openpty() replacement
2004-01-21 17:07:16 +11:00
Damien Miller e4f5a82d6e - djm@cvs.openbsd.org 2004/01/21 03:07:59
[sftp.c]
     initialise infile in main, rather than statically - from portable
2004-01-21 14:11:05 +11:00
Damien Miller fb1310eded - markus@cvs.openbsd.org 2004/01/19 21:25:15
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
     fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
2004-01-21 11:02:50 +11:00
Damien Miller a04ad496f6 - markus@cvs.openbsd.org 2004/01/19 09:24:21
[channels.c]
     fake consumption for half closed channels since the peer is waiting for
     window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
     reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
2004-01-21 11:02:09 +11:00
Damien Miller f84fed6f71 - markus@cvs.openbsd.org 2004/01/13 19:45:15
[compress.c]
     cast for portability; millert@
2004-01-21 11:01:23 +11:00
Damien Miller 8f341f8b8b - markus@cvs.openbsd.org 2004/01/13 19:23:15
[compress.c session.c]
     -Wall; ok henning
2004-01-21 11:00:46 +11:00
Damien Miller 86a396857d - jmc@cvs.openbsd.org 2004/01/13 12:17:33
[sftp.1]
     remove unnecessary Ic's;
     kill whitespace at EOL;

     ok djm@
2004-01-21 11:00:04 +11:00
Damien Miller 44f75c14f6 - djm@cvs.openbsd.org 2004/01/13 09:25:05
[sftp-int.c sftp.1 sftp.c]
     Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and
     enable use of "-b -" to accept batchfile from stdin; ok markus@
2004-01-21 10:58:47 +11:00
Darren Tucker a8df9248ce - (dtucker) [auth-pam.c] Add minor debugging. 2004-01-15 00:15:07 +11:00
Darren Tucker 7ae0962798 - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add
test for case where cleanup has already run.
2004-01-14 23:07:56 +11:00
Darren Tucker 749bc95bd8 - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits
unexpectedly.  with & ok djm@
2004-01-14 22:14:04 +11:00
Darren Tucker 1b27c8fbcb - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No
functional changes.

This is in preparation for a change to catch the authentication thread
exitting unexpectedly, to split functional and cosmetic changes.
2004-01-13 22:35:58 +11:00
Darren Tucker fd0894adae - (dtucker) [configure.ac] Remove extra (typo) comma. 2004-01-09 00:19:25 +11:00
Darren Tucker 0234e8607f - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and
only define if not already.  From des at freebsd.org.
2004-01-08 23:32:04 +11:00
Darren Tucker 409cb328c1 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
2004-01-05 22:36:51 +11:00
Darren Tucker e918318f2b - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails. Patch from
cjwatson at debian.org.
2004-01-05 08:16:34 +11:00
Damien Miller 0f47c53742 - (djm) OSX/Darwin put the PAM headers in a different place, detect this.
Report from jakob@
2004-01-02 18:01:30 +11:00
Damien Miller c8ec16651e - (djm) Remove useless DNS support configure summary message. from jakob@ 2004-01-02 17:53:04 +11:00
Damien Miller 7a2ea78cc4 - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from
jakob@
2004-01-02 17:52:10 +11:00
Darren Tucker 2a6b029f99 - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist. 2003-12-31 14:59:17 +11:00
Darren Tucker ea2870619d - dtucker@cvs.openbsd.org 2003/12/31 00:24:50
[auth2-passwd.c]
     Ignore password change request during password auth (which we currently
     don't support) and discard proposed new password.  corrections/ok markus@
2003-12-31 11:43:24 +11:00
Darren Tucker 0b3b97512f - millert@cvs.openbsd.org 2003/12/29 16:39:50
[sshd_config]
     KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
2003-12-31 11:38:32 +11:00
Darren Tucker 22ef508754 - jakob@cvs.openbsd.org 2003/12/23 16:12:10
[servconf.c servconf.h session.c sshd_config]
     implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-31 11:37:34 +11:00
Darren Tucker a32e19c637 - markus@cvs.openbsd.org 2003/12/22 20:29:55
[cipher-3des1.c]
     EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr
2003-12-31 11:36:00 +11:00
Darren Tucker 06930c70ad - djm@cvs.openbsd.org 2003/12/22 09:16:58
[moduli.c ssh-keygen.1 ssh-keygen.c]
     tidy up moduli generation debugging, add -v (verbose/debug) option to
     ssh-keygen; ok markus@
2003-12-31 11:34:51 +11:00
Darren Tucker 3715be3cd3 - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
typedef size_t ourselves.
2003-12-19 10:58:43 +11:00
Darren Tucker 07705c788e - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
authentication.  Partially fixes bug #423.  Feedback & ok djm@

Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
  we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
  authentication thread and once from the main shell child, so we cache the
  result, which must be passed from the authentication thread back to the
  monitor.
2003-12-18 15:34:31 +11:00
Darren Tucker 454da0b3dc - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban. 2003-12-18 12:52:19 +11:00
Ben Lindstrom 563eb99711 - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are
using a real 'signal()' (Noticed by a NeXT Compile)
2003-12-18 00:34:06 +00:00
Darren Tucker e937be36c3 - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for
setres[ug]id() present but not implemented (eg some Linux/glibc
   combinations).
2003-12-17 18:53:26 +11:00
Damien Miller 8975ddf11b - markus@cvs.openbsd.org 2003/12/16 15:51:54
[dh.c]
     use <= instead of < in dh_estimate; ok provos/hshoexer;
     do not return < DH_GRP_MIN
2003-12-17 16:33:53 +11:00
Damien Miller 509b0107f0 - markus@cvs.openbsd.org 2003/12/16 15:49:51
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
     [ssh.c ssh_config.5]
     application layer keep alive (ServerAliveInterval ServerAliveCountMax)
     for ssh(1), similar to the sshd(8) option; ok beck@; with help from
     jmc and dtucker@
2003-12-17 16:33:10 +11:00
Damien Miller baafb981a4 - markus@cvs.openbsd.org 2003/12/14 12:37:21
[ssh_config.5]
     we don't support GSS KEX; from Simon Wilkinson
2003-12-17 16:32:23 +11:00
Damien Miller d696551443 - dtucker@cvs.openbsd.org 2003/12/09 23:45:32
[clientloop.c]
     Clear exit code when ssh -N is terminated with a SIGTERM.  ok markus@
2003-12-17 16:31:53 +11:00
Damien Miller 12c150e7e0 - markus@cvs.openbsd.org 2003/12/09 21:53:37
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
Damien Miller 9836cf8d71 - markus@cvs.openbsd.org 2003/12/09 17:30:05
[ssh.c]
     don't modify argv for ssh -o; similar to sshd.c 1.283
2003-12-17 16:30:06 +11:00
Damien Miller b9997192a7 - markus@cvs.openbsd.org 2003/12/09 17:29:04
[sshd.c]
     fix -o and HUP; ok henning@
2003-12-17 16:29:22 +11:00
Damien Miller b5820f40bf 20031217
- (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2003/12/09 15:28:43
     [serverloop.c]
     make ClientKeepAlive work for ssh -N, too (no login shell requested).
     1) send a bogus channel request if we find a channel
     2) send a bogus global request if we don't have a channel
     ok + test beck@
2003-12-17 16:27:32 +11:00
Darren Tucker 5cd9d443ef - dtucker@cvs.openbsd.org 2003/12/09 13:52:55
[moduli.c]
     Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
     they can't be used for Diffie-Hellman.  Assistance and ok djm@
2003-12-10 00:54:38 +11:00
Darren Tucker a615314d3b - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below. 2003-12-10 00:52:37 +11:00
Darren Tucker 1cbc444935 - djm@cvs.openbsd.org 2003/12/07 06:34:18
[moduli.c]
     remove unused debugging #define templates
2003-12-09 19:19:38 +11:00
Darren Tucker 564f19e237 - markus@cvs.openbsd.org 2003/12/08 11:00:47
[kexgexc.c]
     print requested group size in debug; ok djm
2003-12-09 19:18:07 +11:00
Darren Tucker 3175eb9a5a - markus@cvs.openbsd.org 2003/12/02 17:01:15
[channels.c session.c ssh-agent.c ssh.h sshd.c]
     use SSH_LISTEN_BACKLOG (=128) in listen(2).
2003-12-09 19:15:11 +11:00
Darren Tucker 1fb0425359 - markus@cvs.openbsd.org 2003/12/02 12:15:10
[progressmeter.c]
     improvments from andreas@:
     * saner speed estimate for transfers that takes less than a second by
       rounding the time to 1 second.
     * when the transfer is finished calculate the actual total speed
       rather than the current speed which is given during the transfer
2003-12-09 19:07:13 +11:00
Darren Tucker 37afa9d9a4 - djm@cvs.openbsd.org 2003/11/26 21:44:29
[cipher-aes.c]
     fix #ifdef before #define; ok markus@
     (RCS ID sync only, Portable already had this)
2003-12-09 19:05:42 +11:00
Darren Tucker 4c56843e44 - matthieu@cvs.openbsd.org 2003/11/25 23:10:08
[ssh-add.1]
     ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
2003-12-09 19:01:51 +11:00
Tim Rice 88368a3034 [configure.ac] Bug 770. Fix --without-rpath. 2003-12-08 12:35:59 -08:00
Damien Miller 3db2e4daf7 - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original
source file path (in OpenBSD tree).
2003-11-24 13:33:34 +11:00
Damien Miller e0113ccc08 - dtucker@cvs.openbsd.org 2003/11/24 00:16:35
[ssh.1 ssh.c]
     Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
2003-11-24 13:10:09 +11:00
Damien Miller a4b33dfb6d - djm@cvs.openbsd.org 2003/11/23 23:18:45
[ssh-keygen.c]
     consistency PATH_MAX -> MAXPATHLEN; ok markus@
     (RCS ID sync only)
   - djm@cvs.openbsd.org 2003/11/23 23:21:21
     [scp.c]
     from portable: rename clashing variable limit-> limit_rate; ok markus@
     (RCS ID sync only)
2003-11-24 13:09:27 +11:00
Damien Miller e00074a726 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/11/23 23:17:34
     [ssh-keyscan.c]
     from portable - use sysconf to detect fd limit; ok markus@
     (tidy diff by adding SSH_SSFDMAX macro to defines.h)
2003-11-24 13:07:45 +11:00
Damien Miller 927f52783e - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own
function and call it unconditionally
2003-11-24 12:57:25 +11:00
Damien Miller 5924ceb22d - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code 2003-11-22 15:02:42 +11:00
Damien Miller 841b9f1aad - (djm) [sftp-int.c] Remove duplicated code from bogus sync 2003-11-22 14:48:49 +11:00
Damien Miller 4da295c051 - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch 2003-11-22 14:39:04 +11:00
Darren Tucker 4e06a1d75d - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net.
Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
   is enabled, rely on SIA to check for locked accounts if enabled.  ok djm@
2003-11-22 14:25:15 +11:00
Darren Tucker d76341616d - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move AIX specific password authentication code to port-aix.c, call
   authenticate() until reenter flag is clear.
2003-11-22 14:16:56 +11:00
Darren Tucker 240fdfa909 - (dtucker) [channels.c] Make AIX write limit code clearer. Suggested by djm@ 2003-11-22 14:10:02 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller 8c5e91c03f - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/11/20 11:39:28
     [progressmeter.c]
     fix rounding errors; from andreas@
2003-11-21 23:09:10 +11:00
Damien Miller f96d18362d - djm@cvs.openbsd.org 2003/11/18 10:53:07
[monitor.c]
     unbreak fake authloop for non-existent users (my screwup). Spotted and
     tested by dtucker@; ok markus@
2003-11-18 22:01:48 +11:00
Damien Miller 4bb1dd3166 - (djm) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2003/11/18 00:40:05
     [serverloop.c]
     Correct check for authctxt->valid.  ok djm@
2003-11-18 22:01:25 +11:00
Darren Tucker 8a1624c42d - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ 2003-11-18 12:45:35 +11:00
Darren Tucker 18df00cc77 - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,
and use it for do_pam_session.  Fixes problems like pam_motd not displaying
   anything.  ok djm@
2003-11-18 12:42:07 +11:00
Damien Miller 6aef38f5ac - (djm) Fix early exit for root auth success when UsePAM=yes and
PermitRootLogin=no
2003-11-18 10:45:20 +11:00
Damien Miller 0425d40194 - markus@cvs.openbsd.org 2003/11/17 11:06:07
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h sshconnect2.c ssh-gss.h]
     replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
     test + ok jakob.
2003-11-17 22:18:21 +11:00
Damien Miller c756e9b56e - (djm) Export environment variables from authentication subprocess to
parent. Part of Bug #717
2003-11-17 21:41:42 +11:00
Damien Miller 9bdba70350 - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int
conversation function
2003-11-17 21:27:55 +11:00
Damien Miller 51bf11fcc9 - djm@cvs.openbsd.org 2003/11/17 09:45:39
[msg.c msg.h sshconnect2.c ssh-keysign.c]
     return error on msg send/receive failure (rather than fatal); ok markus@
2003-11-17 21:20:47 +11:00
Damien Miller 91c6aa4468 - markus@cvs.openbsd.org 2003/11/14 13:19:09
[sshconnect2.c]
     cleanup and minor fixes for the client code; from Simon Wilkinson
2003-11-17 21:20:18 +11:00
Damien Miller fe44847cb8 - jmc@cvs.openbsd.org 2003/11/12 20:14:51
[ssh_config.5]
     make verb agree with subject, and kill some whitespace;
2003-11-17 21:19:49 +11:00
Damien Miller 150b55745b - jakob@cvs.openbsd.org 2003/11/12 16:39:58
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
     update SSHFP validation. ok markus@
2003-11-17 21:19:29 +11:00
Damien Miller c1f2792bd0 - dtucker@cvs.openbsd.org 2003/11/12 10:12:15
[scp.c]
     When called with -q, pass -q to ssh; suppresses SSH2 banner.  ok markus@
2003-11-17 21:19:05 +11:00
Damien Miller f58b58ced1 - jakob@cvs.openbsd.org 2003/11/10 16:23:41
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
     constify. ok markus@ & djm@
2003-11-17 21:18:23 +11:00
Damien Miller 939cd38122 - jmc@cvs.openbsd.org 2003/11/08 19:17:29
[sftp-int.c]
     typos from Jonathon Gray;
2003-11-17 21:17:24 +11:00
Damien Miller a9fcd3ada2 - jakob@cvs.openbsd.org 2003/11/08 16:02:40
[auth1.c]
     remove unused variable (pw). ok djm@
     (id sync only - still used in portable)
2003-11-17 21:16:55 +11:00
Damien Miller 3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Damien Miller 8f746ec970 - jakob@cvs.openbsd.org 2003/11/03 09:37:32
[sshconnect.c]
     do not free static type pointer in warn_changed_key()
2003-11-17 21:11:15 +11:00
Damien Miller 5a38897dbb - jakob@cvs.openbsd.org 2003/11/03 09:09:41
[sshconnect.c]
     move changed key warning into warn_changed_key(). ok markus@
2003-11-17 21:10:47 +11:00
Damien Miller 3e8f41e6ac - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/11/03 09:03:37
     [auth-chall.c]
     make this a little more idiot-proof; ok markus@
     (includes portable-specific changes)
2003-11-17 21:09:50 +11:00
Darren Tucker 203c40b513 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
HP-UX, skip test on AIX.
2003-11-15 12:13:16 +11:00
Darren Tucker ae52b7ca59 - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and
PAM_ERROR_MSG messages.
2003-11-13 19:52:31 +11:00
Darren Tucker 798ca84d60 - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All
contrib/cygwin).  Major update from vinschen at redhat.com.
   - Makefile provides a `cygwin-postinstall' target to run right after
     `make install'.
   - Better support for Windows 2003 Server.
   - Try to get permissions as correct as possible.
   - New command line options to allow full automated host configuration.
   - Create configs from skeletons in /etc/defaults/etc.
   - Use /bin/bash, allows reading user input with readline support.
   - Remove really old configs from /usr/local.
2003-11-13 11:28:49 +11:00
Darren Tucker 0947ddff72 - (dtucker) [auth-pam.c] Append newlines to lines output by the
pam_chauthtok_conv().
2003-11-13 11:21:31 +11:00
Damien Miller 418a386f2b - (djm) Clarify UsePAM consequences a little more 2003-11-06 20:27:51 +11:00
Darren Tucker be8a771af1 - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid. 2003-11-03 22:52:52 +11:00
Darren Tucker 655a5e0987 - markus@cvs.openbsd.org 2003/11/02 11:01:03
[auth2-gss.c compat.c compat.h sshconnect2.c]
     remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
2003-11-03 20:09:03 +11:00
Darren Tucker 6db8f936ae - markus@cvs.openbsd.org 2003/10/28 09:08:06
[misc.c]
     error->debug for getsockopt+TCP_NODELAY; several requests
2003-11-03 20:07:14 +11:00
Darren Tucker 56afe145e0 - avsm@cvs.openbsd.org 2003/10/26 16:57:43
[sshconnect2.c]
     rename 'supported' static var in userauth_gssapi() to 'gss_supported'
     to avoid shadowing the global version.  markus@ ok
2003-11-03 20:06:14 +11:00
Darren Tucker 8cc39788cb - markus@cvs.openbsd.org 2003/10/21 09:50:06
[auth2-gss.c]
     make sure the doid is larger than 2
2003-11-03 20:05:03 +11:00
Darren Tucker a47c9bcda6 - markus@cvs.openbsd.org 2003/10/15 09:48:45
[monitor_wrap.c]
     check pmonitor != NULL
2003-11-03 20:03:25 +11:00
Darren Tucker 7c582db74b - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services
are created correctly with CRLF line terminations.  Patch from vinschen at
   redhat.com.
2003-11-03 18:59:29 +11:00
Darren Tucker ea4c670eb8 - (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set,
make agent setgid during test.
2003-10-21 22:27:08 +10:00
Darren Tucker 0d37b5ca7b - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords
directly.  Noted by Darren.Moffat at sun.com.
2003-10-21 12:41:14 +10:00
Darren Tucker 9568ad96ad - (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with
MD5 passwords even if PAM support is enabled.  From steev at detritus.net.
2003-10-17 16:32:11 +10:00
Tim Rice 6b1f8a3cf5 [regress/banner.sh] portability fix. 2003-10-15 09:22:39 -07:00
Darren Tucker c6020651ba - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode. 2003-10-15 17:48:20 +10:00
Darren Tucker 5f88d3440e - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c
openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
   compiled in but disabled in config.
2003-10-15 16:57:57 +10:00
Darren Tucker 072a7b178c - markus@cvs.openbsd.org 2003/10/14 19:54:39
[session.c ssh-agent.c]
     10X for mkdtemp; djm@
2003-10-15 16:10:25 +10:00
Darren Tucker 64b77bcb4b - jakob@cvs.openbsd.org 2003/10/14 19:43:23
[README.dns]
     update

Resynced with OpenBSD too: DNSFP support is now always compiled in
so the configure support (and documentation thereof) can go away.
2003-10-15 16:07:53 +10:00
Darren Tucker dda19d63ff - jakob@cvs.openbsd.org 2003/10/14 19:42:10
[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
     include SSHFP lookup code (not enabled by default). ok markus@
2003-10-15 16:00:47 +10:00