Tess Gauthier 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							11e2996573 
							
						 
					 
					
						
						
							
							address codeQL warnings ( #598 )  
						
						... 
						
						
						
						* codeql fixes
* fix type mismatches
* fix pointers in w32_time methods
* fixes for codeQL warnings
* modify checks for codeql warnings
* add comments for codeql suppressions
* additional codeql fixes and suppressions
* add codeql fixes
* add comments for codeql
* add comments for codeql
* switch from debug to error log messages
* fix another merge conflict
fix line endings in gss-sspi.c
* add null check in channels.c
* address PR feedback
* address additional review feedback
* add CodeQL comments to common code
* fix unittest-win32compat
* fix unit test
* address review feedback
* remove suppression 
						
						
					 
					
						2022-11-30 11:57:01 -05:00 
						 
				 
			
				
					
						
							
							
								Balu Gajjala 
							
						 
					 
					
						
						
						
						
							
						
						
							e2287c5cfa 
							
						 
					 
					
						
						
							
							openssh-8.5  
						
						... 
						
						
						
						-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmA+KckACgkQKj9BTnNg
 YLoCExAAqxi83JFNUj+D0HdfM/eKas8dGtCXFzxtOA0yomKeeDUVoz1D96CdNLF8
 07mL78KAMErN2SfXEyzpS/2yoGa8wPflne/ADWJVIGKZK9cj8/fwvMrCUWp9PJOa
 CVQm2W8u3yBoEAxoi81S7WJjR5BY4Sv0LtQJW43VfD4bwYjBz8N72ecnr7LknFNL
 qJXYUu/OWtMLNsSrh2VigXJQgTA9cmJUrItRFamSsfWZGwilL0MpXLrkwcJa5DhO
 25PG3aeJSTX5txI/hl25EY5cyeJPQGX+6Nz9kJag50a7C9ZOCJHIbnle7dFcLsDP
 lCy3VoQnPxEOHe8kmNGLf1tGvv8AIqpJu1a31SlSnbqHEgHFC0XCPXZF0QWDGAaO
 kDt8j6XSCHYDyml5+nkZJBCP6xcx7eXyLJ2CxnNZBabbRGLb/Rj+jeCk9s+jWo/i
 UDgmlibbfjreYVgwuZhQV9QI9GB0Mlv+UjeeK55b2S7WnhuLsMLVrxDVQ1Zl4oR1
 ckOvXBMGrjMaLQTW9Q1xSV6C3PR1oAbVa09YUP0KSAthOu8L/tGY13kT4DwWm1W/
 JBOKzCk/JIfRuOpCrKSftwuj19JKOPYojW8kk10i/48RUq4TiCsCnTtBZI7VvFcB
 B28s/ZGRq/nETqHSRX63/WLr57lU54pq/+7THQA5iUyFhORPYk4=
 =npgJ
 -----END PGP SIGNATURE-----
pull V8.5 changes 
						
						
					 
					
						2021-04-02 10:14:32 -07:00 
						 
				 
			
				
					
						
							
							
								djm@openbsd.org 
							
						 
					 
					
						
						
						
						
							
						
						
							d081f017c2 
							
						 
					 
					
						
						
							
							upstream: spelling errors in comments; no code change from  
						
						... 
						
						
						
						OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924 
						
						
					 
					
						2020-03-14 19:39:09 +11:00 
						 
				 
			
				
					
						
							
							
								Bryan Berns 
							
						 
					 
					
						
						
						
						
							
						
						
							2f551d4535 
							
						 
					 
					
						
						
							
							Kerberos SSPI Support Via GSSAPI  
						
						... 
						
						
						
						Added an implementation of GSSAPI interface to support Kerberos SSPI within OpenSSH. This is only a partial definition of the full GSSAPI specification since OpenSSH only requires a subset of the overall GSSAPI functionality. 
						
						
					 
					
						2019-01-08 20:29:58 -08:00 
						 
				 
			
				
					
						
							
							
								markus@openbsd.org 
							
						 
					 
					
						
						
						
						
							
						
						
							b8d9214d96 
							
						 
					 
					
						
						
							
							upstream: sshd: switch GSSAPI to sshbuf API; ok djm@  
						
						... 
						
						
						
						OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30 
						
						
					 
					
						2018-07-10 15:28:30 +10:00 
						 
				 
			
				
					
						
							
							
								djm@openbsd.org 
							
						 
					 
					
						
						
						
						
							
						
						
							8f57495927 
							
						 
					 
					
						
						
							
							upstream commit  
						
						... 
						
						
						
						refactor authentication logging
optionally record successful auth methods and public credentials
used in a file accessible to user sessions
feedback and ok markus@
Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb 
						
						
					 
					
						2017-06-24 16:56:11 +10:00 
						 
				 
			
				
					
						
							
							
								djm@openbsd.org 
							
						 
					 
					
						
						
						
						
							
						
						
							d7c31da4d4 
							
						 
					 
					
						
						
							
							upstream commit  
						
						... 
						
						
						
						add knob to relax GSSAPI host credential check for
 multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker
 (kerberos/GSSAPI is not compiled by default on OpenBSD)
Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d 
						
						
					 
					
						2015-05-22 20:02:17 +10:00 
						 
				 
			
				
					
						
							
							
								deraadt@openbsd.org 
							
						 
					 
					
						
						
						
						
							
						
						
							087266ec33 
							
						 
					 
					
						
						
							
							upstream commit  
						
						... 
						
						
						
						Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus 
						
						
					 
					
						2015-01-26 23:58:53 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							e5c0d52ceb 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2014/07/03 03:34:09  
						
						... 
						
						
						
						[gss-serv.c session.c ssh-keygen.c]
     standardise on NI_MAXHOST for gethostname() string lengths; about
     1/2 the cases were using it already. Fixes bz#2239 en passant 
						
						
					 
					
						2014-07-03 21:24:19 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							e6a74aeeac 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2014/02/26 20:28:44  
						
						... 
						
						
						
						[auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
     bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
     sandboxing, as running this code in the sandbox can cause violations;
     ok markus@ 
						
						
					 
					
						2014-02-27 10:17:49 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							a5103f413b 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2014/02/02 03:44:32  
						
						... 
						
						
						
						[auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
     [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
     [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
     [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c]
     convert memset of potentially-private data to explicit_bzero() 
						
						
					 
					
						2014-02-04 11:20:14 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							63ddc899d2 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2013/07/20 01:55:13  
						
						... 
						
						
						
						[auth-krb5.c gss-serv-krb5.c gss-serv.c]
     fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@ 
						
						
					 
					
						2013-07-20 13:35:45 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							adb467fb69 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2011/08/01 19:18:15  
						
						... 
						
						
						
						[gss-serv.c]
     prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
     report Adam Zabrock; ok djm@, deraadt@ 
						
						
					 
					
						2011-08-06 06:16:46 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							b84886ba3e 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2008/05/08 12:02:23  
						
						... 
						
						
						
						[auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
     [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
     [ssh.c sshd.c]
     Implement a channel success/failure status confirmation callback
     mechanism. Each channel maintains a queue of callbacks, which will
     be drained in order (RFC4253 guarantees confirm messages are not
     reordered within an channel).
     Also includes a abandonment callback to clean up if a channel is
     closed without sending confirmation messages. This probably
     shouldn't happen in compliant implementations, but it could be
     abused to leak memory.
     ok markus@ (as part of a larger diff) 
						
						
					 
					
						2008-05-19 15:05:07 +10:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							8f6d0ed60e 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2007/06/12 08:20:00  
						
						... 
						
						
						
						[ssh-gss.h gss-serv.c gss-genr.c]
     relocate server-only GSSAPI code from libssh to server; bz #1225 
     patch from simon AT sxw.org.uk; ok markus@ dtucker@ 
						
						
					 
					
						2007-06-12 23:40:39 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							ded319cca2 
							
						 
					 
					
						
						
							
							- (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]  
						
						... 
						
						
						
						[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org 
						
						
					 
					
						2006-09-01 15:38:36 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							d783435315 
							
						 
					 
					
						
						
							
							- deraadt@cvs.openbsd.org 2006/08/03 03:34:42  
						
						... 
						
						
						
						[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy") 
						
						
					 
					
						2006-08-05 12:39:39 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							b8fe89c4d9 
							
						 
					 
					
						
						
							
							- (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]  
						
						... 
						
						
						
						[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED 
						
						
					 
					
						2006-07-24 14:51:00 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							e3476ed03b 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2006/07/22 20:48:23  
						
						... 
						
						
						
						[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h 
						
						
					 
					
						2006-07-24 14:13:33 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							5d3ac7f7ee 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2006/07/02 18:36:47  
						
						... 
						
						
						
						[gss-serv-krb5.c gss-serv.c]
     no "servconf.h" needed here
     (gss-serv-krb5.c change not applied, portable needs the server options) 
						
						
					 
					
						2006-07-10 20:17:55 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							3f9418893e 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2006/03/30 09:58:16  
						
						... 
						
						
						
						[authfd.c bufaux.c deattack.c gss-serv.c mac.c misc.c misc.h]
     [monitor_wrap.c msg.c packet.c sftp-client.c sftp-server.c ssh-agent.c]
     replace {GET,PUT}_XXBIT macros with functionally similar functions,
     silencing a heap of lint warnings. also allows them to use
     __bounded__ checking which can't be applied to macros; requested
     by and feedback from deraadt@ 
						
						
					 
					
						2006-03-31 23:13:02 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							51096383e9 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2006/03/25 22:22:43  
						
						... 
						
						
						
						[atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h]
     [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h]
     [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h]
     [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c]
     [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h]
     [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h]
     [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h]
     [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h]
     [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h]
     [ttymodes.h uidswap.h uuencode.h xmalloc.h]
     standardise spacing in $OpenBSD$ tags; requested by deraadt@ 
						
						
					 
					
						2006-03-26 14:30:00 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							91a2d9746a 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2006/03/20 04:08:18  
						
						... 
						
						
						
						[gss-serv.c]
     last lot of GSSAPI related leaks detected by Coverity via
     elad AT netbsd.org; reviewed by simon AT sxw.org.uk; deraadt@ ok 
						
						
					 
					
						2006-03-26 00:05:44 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							0b70b54abc 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2006/02/08 13:15:44  
						
						... 
						
						
						
						[gss-serv.c monitor.c]
     small KNF 
						
						
					 
					
						2006-03-15 11:20:03 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							6fd6defbce 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2005/10/13 22:24:31  
						
						... 
						
						
						
						[auth2-gss.c gss-genr.c gss-serv.c monitor.c]
     KNF; ok djm@ 
						
						
					 
					
						2005-11-05 15:07:05 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							5f916c8f6c 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2005/10/13 19:08:08  
						
						... 
						
						
						
						[gss-serv-krb5.c gss-serv.c]
     unused declarations; ok deraadt@
     (id sync only for gss-serv-krb5.c) 
						
						
					 
					
						2005-11-05 15:05:28 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							9fac263639 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2005/10/13 14:20:37  
						
						... 
						
						
						
						[gss-serv.c]
     spelling in comments 
						
						
					 
					
						2005-11-05 15:03:48 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							5434eb2a69 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2005/10/13 14:03:01  
						
						... 
						
						
						
						[auth2-gss.c gss-genr.c gss-serv.c]
     remove unneeded #includes; ok markus@ 
						
						
					 
					
						2005-11-05 15:03:24 +11:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							8813bbbca9 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2005/09/19 11:48:10  
						
						... 
						
						
						
						[gss-serv.c]
     typo 
						
						
					 
					
						2005-10-03 18:17:02 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							da9984fc3a 
							
						 
					 
					
						
						
							
							- (djm) OpenBSD CVS Sync  
						
						... 
						
						
						
						- djm@cvs.openbsd.org  2005/08/30 22:08:05
     [gss-serv.c sshconnect2.c]
     destroy credentials if krb5_kuserok() call fails. Stops credentials being
     delegated to users who are not authorised for GSSAPIAuthentication when
     GSSAPIDeletegateCredentials=yes and another authentication mechanism
     succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
     simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@ 
						
						
					 
					
						2005-08-31 19:46:26 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							0dc1bef12d 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2005/07/17 07:17:55  
						
						... 
						
						
						
						[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces 
						
						
					 
					
						2005-07-17 17:22:45 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							eccb9de72a 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2005/06/17 02:44:33  
						
						... 
						
						
						
						[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean 
						
						
					 
					
						2005-06-17 12:59:34 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							0425d40194 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2003/11/17 11:06:07  
						
						... 
						
						
						
						[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h sshconnect2.c ssh-gss.h]
     replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
     test + ok jakob. 
						
						
					 
					
						2003-11-17 22:18:21 +11:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							3e33cecf71 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2003/09/23 20:17:11  
						
						... 
						
						
						
						[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@ 
						
						
					 
					
						2003-10-02 16:12:36 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							134350c20c 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2003/08/31 13:31:57  
						
						... 
						
						
						
						[gss-serv.c]
     whitspace KNF 
						
						
					 
					
						2003-09-02 22:56:42 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							a0c4ad21b6 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2003/08/31 13:30:18  
						
						... 
						
						
						
						[gss-serv.c]
     correct string termination in parse_ename(); sxw@inf.ed.ac.uk  
						
						
					 
					
						2003-09-02 22:56:18 +10:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							0efd155c3c 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2003/08/22 10:56:09  
						
						... 
						
						
						
						[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself. 
						
						
					 
					
						2003-08-26 11:49:55 +10:00