Ben Lindstrom
d5502180cd
- deraadt@cvs.openbsd.org 2002/06/26 14:49:36
...
[monitor.c]
correct %u
2002-06-27 00:12:57 +00:00
Tim Rice
a8959ae2b7
[contrib/caldera/openssh.spec] remove 2 configure options I put in by mistake
2002-06-26 11:05:32 -07:00
Damien Miller
3e36f9f4ff
- (djm) Release 3.4p1
2002-06-26 23:59:10 +10:00
Damien Miller
fb7fd9580c
- markus@cvs.openbsd.org 2002/06/26 13:55:37
...
[auth2-chall.c]
make sure # of response matches # of queries, fixes int overflow;
from ISS
2002-06-26 23:58:39 +10:00
Damien Miller
7868202d56
- (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
2002-06-26 23:57:59 +10:00
Damien Miller
d4b11d62e9
- (djm) Update spec files for release
2002-06-26 23:57:12 +10:00
Damien Miller
990070a8c5
- deraadt@cvs.openbsd.org 2002/06/26 13:49:26
...
[session.c]
disclose less information from environment files; based on input
from djm, and dschultz@uclink.Berkeley.EDU
2002-06-26 23:51:06 +10:00
Damien Miller
530a754d38
- deraadt@cvs.openbsd.org 2002/06/26 13:20:57
...
[monitor.c]
be careful in mm_zalloc
2002-06-26 23:27:11 +10:00
Damien Miller
136d4418e3
- (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
...
<nalin@redhat.com>
2002-06-26 23:05:16 +10:00
Damien Miller
f49035a0bb
- (djm) Require krb5 devel for RPM build w/ KrbV
2002-06-26 19:42:52 +10:00
Damien Miller
a0796cad4a
- markus@cvs.openbsd.org 2002/06/26 08:58:26
...
[session.c]
limit # of env vars to 1000; ok deraadt/djm
2002-06-26 19:15:07 +10:00
Damien Miller
9403aa2f79
- markus@cvs.openbsd.org 2002/06/26 08:55:02
...
[channels.c]
limit # of channels to 10000
2002-06-26 19:14:43 +10:00
Damien Miller
468cd716a5
- markus@cvs.openbsd.org 2002/06/26 08:54:18
...
[buffer.c]
limit append to 1MB and buffers to 10MB
2002-06-26 19:14:25 +10:00
Damien Miller
aa15137c15
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/06/26 08:53:12
[bufaux.c]
limit size of BNs to 8KB; ok provos/deraadt
2002-06-26 19:14:08 +10:00
Damien Miller
f18cd162d3
- (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
2002-06-26 19:12:59 +10:00
Tim Rice
6de3dfd929
[contrib/caldera/openssh.spec] add support for privsep
2002-06-25 19:28:55 -07:00
Kevin Steves
40b011c7fe
- (stevesk) [README.privsep] more for sshd pseudo-account.
2002-06-26 00:43:57 +00:00
Ben Lindstrom
4e3c631b70
- (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
...
but it all damned lies.
2002-06-26 00:29:02 +00:00
Tim Rice
e04ee923d9
UnixWare tip is no longer needed.
2002-06-25 17:25:47 -07:00
Ben Lindstrom
a95fd3f8ad
- (bal) added back in error check for mmap(). I screwed up, Pointed
...
out by stevesk@
2002-06-26 00:22:57 +00:00
Tim Rice
2b3897c3cc
[Makefile.in] fix test on installing ssh-rand-helper.8
2002-06-25 16:45:42 -07:00
Ben Lindstrom
5223727672
- (bal) Updated AIX package build. Patch by dtucker@zip.com.au
2002-06-25 23:38:47 +00:00
Ben Lindstrom
fbcc3f71f2
- markus@cvs.openbsd.org 2002/06/25 18:51:04
...
[sshd.c]
lightweight do_setusercontext after chroot()
2002-06-25 23:24:18 +00:00
Ben Lindstrom
6398a0ef12
- markus@cvs.openbsd.org 2002/06/25 16:22:42
...
[authfd.c]
unnecessary cast
2002-06-25 23:22:54 +00:00
Ben Lindstrom
c2df3ec0c0
- deraadt@cvs.openbsd.org 2002/06/24 17:57:20
...
[sftp-server.c sshpty.c]
explicit (u_int) for uid and gid
2002-06-25 23:21:41 +00:00
Ben Lindstrom
9b4139742f
- itojun@cvs.openbsd.org 2002/06/24 15:49:22
...
[msg.c]
printf type pedant
2002-06-25 23:20:18 +00:00
Ben Lindstrom
c5a7f4fdf9
- markus@cvs.openbsd.org 2002/06/24 14:55:38
...
[authfile.c kex.c ssh-agent.c]
cat to (void) when output from buffer_get_X is ignored
2002-06-25 23:19:13 +00:00
Ben Lindstrom
4fed2be856
- markus@cvs.openbsd.org 2002/06/24 14:33:27
...
[channels.c channels.h clientloop.c serverloop.c]
move channel counter to u_int
2002-06-25 23:17:36 +00:00
Ben Lindstrom
b48057b7dc
- markus@cvs.openbsd.org 2002/06/24 13:12:23
...
[ssh-agent.1]
the socket name contains ssh-agent's ppid; via mpech@ from form@
2002-06-25 23:16:31 +00:00
Ben Lindstrom
daa2179bd0
- markus@cvs.openbsd.org 2002/06/23 21:34:07
...
[channels.c]
tcode is u_int
2002-06-25 23:15:30 +00:00
Kevin Steves
cfae58c059
- (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
2002-06-25 22:43:19 +00:00
Tim Rice
8eff319298
[acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
...
for Cygwin, Cray, & SCO
2002-06-25 15:35:15 -07:00
Ben Lindstrom
b129be657c
20020626
...
- (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by
dtucker@zip.com.au
2002-06-25 17:12:26 +00:00
Tim Rice
78688d7a45
Sync with Caldera
2002-06-25 10:07:25 -07:00
Ben Lindstrom
6b0c96ab59
- (bal) if mmap() is substandard, don't allow compression on server side.
...
Post 'event' we will add more options.
2002-06-25 03:22:03 +00:00
Ben Lindstrom
aa83b984ca
- (bal) Started list of PrivSep issues in TODO
2002-06-25 02:28:22 +00:00
Damien Miller
d3f6ad2cc0
- (djm) Create privsep directory and warn if privsep user is missing
...
during make install
2002-06-25 10:24:47 +10:00
Kevin Steves
d48663602d
- (stevesk) [README.privsep] minor updates
2002-06-24 16:49:22 +00:00
Kevin Steves
34f0d8f404
- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
2002-06-24 16:26:49 +00:00
Ben Lindstrom
3f58474214
- deraadt@cvs.openbsd.org 2002/06/23 21:10:02
...
[packet.c]
packet_get_int() returns unsigned for reason & seqnr
2002-06-23 21:49:25 +00:00
Ben Lindstrom
a9d2c89fc5
- deraadt@cvs.openbsd.org 2002/06/23 21:06:41
...
[channels.c channels.h session.c session.h]
display, screen, row, col, xpixel, ypixel are u_int; markus ok
- (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
xpixel are u_int.
2002-06-23 21:48:28 +00:00
Ben Lindstrom
8ada5d0d0d
- deraadt@cvs.openbsd.org 2002/06/23 21:06:13
...
[sshpty.c]
KNF
2002-06-23 21:42:50 +00:00
Ben Lindstrom
e23f4a3d28
- deraadt@cvs.openbsd.org 2002/06/23 20:39:45
...
[session.c]
compression_level is u_int
2002-06-23 21:40:16 +00:00
Ben Lindstrom
822b634099
- deraadt@cvs.openbsd.org 2002/06/23 10:29:52
...
[ssh-agent.c sshd.c]
some minor KNF and %u
2002-06-23 21:38:49 +00:00
Ben Lindstrom
e135363422
- deraadt@cvs.openbsd.org 2002/06/23 09:46:51
...
[bufaux.c servconf.c]
minor KNF. things the fingers do while you read
2002-06-23 21:29:23 +00:00
Ben Lindstrom
58d3b7224f
- deraadt@cvs.openbsd.org 2002/06/23 09:39:55
...
[ssh-keygen.c]
u_int stuff
2002-06-23 21:28:13 +00:00
Ben Lindstrom
b1f483f472
- deraadt@cvs.openbsd.org 2002/06/23 09:30:14
...
[sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
sftp.c]
bunch of u_int vs int stuff
2002-06-23 21:27:18 +00:00
Ben Lindstrom
5c3855210e
- deraadt@cvs.openbsd.org 2002/06/23 03:30:58
...
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
sshpty.c]
various KNF and %d for unsigned
2002-06-23 21:23:20 +00:00
Ben Lindstrom
836f0e9d9a
- deraadt@cvs.openbsd.org 2002/06/23 03:26:19
...
[cipher.c key.c]
KNF
2002-06-23 21:21:30 +00:00
Ben Lindstrom
2953d0fb4e
- deraadt@cvs.openbsd.org 2002/06/23 03:25:50
...
[tildexpand.c]
KNF
2002-06-23 21:20:34 +00:00
Ben Lindstrom
e1c0912cb6
- stevesk@cvs.openbsd.org 2002/06/22 23:09:51
...
[monitor.c]
save auth method before monitor_reset_key_state(); bugzilla bug #284 ;
ok provos@
2002-06-23 00:38:24 +00:00
Ben Lindstrom
57f08005d3
- stevesk@cvs.openbsd.org 2002/06/22 20:05:27
...
[sshd.c]
don't call setsid() if debugging or run from inetd; no "Operation not
permitted" errors now; ok millert@ markus@
2002-06-23 00:37:10 +00:00
Ben Lindstrom
959de99aa0
- stevesk@cvs.openbsd.org 2002/06/22 16:45:29
...
[ssh-agent.1 sshd.8 sshd_config.5]
use process ID vs. pid/PID/process identifier
2002-06-23 00:35:25 +00:00
Ben Lindstrom
c06bf70b41
- stevesk@cvs.openbsd.org 2002/06/22 16:41:57
...
[scp.1]
typo
2002-06-23 00:34:37 +00:00
Ben Lindstrom
2dfacb3d40
- stevesk@cvs.openbsd.org 2002/06/22 16:40:19
...
[sshd.c]
check /var/empty owner mode; ok provos@
2002-06-23 00:33:47 +00:00
Ben Lindstrom
624e3f2065
- stevesk@cvs.openbsd.org 2002/06/22 16:32:54
...
[sshd.8]
add /var/empty in FILES section
2002-06-23 00:32:57 +00:00
Ben Lindstrom
c001cd3577
- naddy@cvs.openbsd.org 2002/06/22 11:51:39
...
[ssh.1]
typo
2002-06-23 00:32:11 +00:00
Ben Lindstrom
bf69e3b95d
- stevesk@cvs.openbsd.org 2002/06/22 02:40:23
...
[ssh.1]
section 5 not 4 for ssh_config
2002-06-23 00:31:24 +00:00
Ben Lindstrom
5590aa5b1f
- OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2002/06/22 02:00:29
[ssh.h]
correct comment
2002-06-23 00:30:30 +00:00
Ben Lindstrom
883844dc07
- (bal) add extern char *getopt. Based on report by dtucker@zip.com.au
2002-06-23 00:20:50 +00:00
Ben Lindstrom
1a1b851775
- (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
2002-06-23 00:18:15 +00:00
Kevin Steves
90d5de7670
- (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
2002-06-22 18:51:48 +00:00
Ben Lindstrom
ee9ac35fc2
- (bal) getopt now can be staticly compiled on those platforms missing
...
optreset. Patch by binder@arago.de
2002-06-22 00:26:59 +00:00
Damien Miller
f102bf6e50
- (djm) Release 3.3p1
2002-06-22 01:44:45 +10:00
Damien Miller
263d68fc56
- (djm) Update README.privsep; spotted by fries@
2002-06-22 00:45:50 +10:00
Damien Miller
53baddb775
- (djm) contrib/redhat/openssh.spec hacking:
...
- Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
- Add new {ssh,sshd}_config.5 manpages
- Add new ssh-keysign program and remove setuid from ssh client
2002-06-21 16:42:41 +10:00
Damien Miller
4903eb4b74
- (djm) Warn and disable compression on platforms which can't handle both
...
useprivilegeseparation=yes and compression=yes
2002-06-21 16:20:44 +10:00
Damien Miller
444f9fca60
- ID sync for auth-passwd.c
2002-06-21 16:05:12 +10:00
Damien Miller
2d6b83353b
- djm@cvs.openbsd.org 2002/06/21 05:50:51
...
[monitor.c]
Don't initialise compression buffers when compression=no in sshd_config;
ok Niels@
2002-06-21 15:59:49 +10:00
Ben Lindstrom
90ac0b5945
- (bal) Still more Makefile.in updates for ssh{d}_config.5
2002-06-21 01:38:53 +00:00
Ben Lindstrom
900464e454
- (bal) Missed integrating ssh_config.5 and sshd_config.5
2002-06-21 01:24:01 +00:00
Ben Lindstrom
47e1b40c08
- stevesk@cvs.openbsd.org 2002/05/25 20:40:08
...
[LICENCE]
missed Per Allansson (auth2-chall.c)
2002-06-21 01:19:12 +00:00
Ben Lindstrom
1b8d730b7d
- markus@cvs.openbsd.org 2002/06/20 23:37:12
...
[sshd_config]
add Compression
2002-06-21 01:11:36 +00:00
Ben Lindstrom
23e0f667f8
- markus@cvs.openbsd.org 2002/06/20 23:05:56
...
[servconf.c servconf.h session.c sshd.c]
allow Compression=yes/no in sshd_config
2002-06-21 01:09:47 +00:00
Ben Lindstrom
9721e92ba8
- stevesk@cvs.openbsd.org 2002/06/20 20:03:34
...
[ssh_config sshd_config]
refer to config file man page
2002-06-21 01:06:03 +00:00
Ben Lindstrom
ba8e0dd7a0
tevesk@cvs.openbsd.org 2002/06/20 20:00:05
...
[scp.1 sftp.1]
ssh_config(5)
2002-06-21 01:00:40 +00:00
Ben Lindstrom
9f04903c50
- stevesk@cvs.openbsd.org 2002/06/20 19:56:07
...
[ssh.1 sshd.8]
move configuration file options from ssh.1/sshd.8 to
ssh_config.5/sshd_config.5; ok deraadt@ millert@
2002-06-21 00:59:05 +00:00
Ben Lindstrom
402c6cc681
- markus@cvs.openbsd.org 2002/06/19 18:01:00
...
[cipher.c monitor.c monitor_wrap.c packet.c packet.h]
make the monitor sync the transfer ssh1 session key;
transfer keycontext only for RC4 (this is still depends on EVP
implementation details and is broken).
2002-06-21 00:43:42 +00:00
Ben Lindstrom
cb72e4f6d2
- deraadt@cvs.openbsd.org 2002/06/19 00:27:55
...
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
Ben Lindstrom
115422f918
- (bal) Cygwin special handling of empty passwords wrong. Patch by
...
vinschen@redhat.com
2002-06-21 00:26:22 +00:00
Ben Lindstrom
45933dd9aa
- deraadt@cvs.openbsd.org 2002/06/17 06:05:56
...
[scp.c]
make usage like man page
2002-06-21 00:10:58 +00:00
Ben Lindstrom
61c183bea3
- itojun@cvs.openbsd.org 2002/06/16 21:30:58
...
[ssh-keyscan.c]
use TAILQ_xx macro. from lukem@netbsd. markus ok
2002-06-21 00:09:54 +00:00
Ben Lindstrom
2b266b7f08
- markus@cvs.openbsd.org 2002/06/15 01:27:48
...
[authfd.c authfd.h ssh-add.c ssh-agent.c]
remove the CONSTRAIN_IDENTITY messages and introduce a new
ADD_ID message with contraints instead. contraints can be
only added together with the private key.
2002-06-21 00:08:39 +00:00
Ben Lindstrom
c90f8a98ea
- markus@cvs.openbsd.org 2002/06/15 00:07:38
...
[authfd.c authfd.h ssh-add.c ssh-agent.c]
fix stupid typo
2002-06-21 00:06:54 +00:00
Ben Lindstrom
4eb4c4e1ef
- markus@cvs.openbsd.org 2002/06/15 00:01:36
...
[authfd.c authfd.h ssh-add.c ssh-agent.c]
break agent key lifetime protocol and allow other contraints for key
usage.
2002-06-21 00:04:48 +00:00
Ben Lindstrom
f0bfa839bd
- (bal) Fixed AIX environment handling, use setpcred() instead of existing
...
code. (Bugzilla Bug 261)
2002-06-21 00:01:18 +00:00
Ben Lindstrom
3c73dfe55e
- todd@cvs.openbsd.org 2002/06/14 21:35:00
...
[monitor_wrap.c]
spelling; from Brian Poole <raj@cerias.purdue.edu>
2002-06-20 23:53:53 +00:00
Ben Lindstrom
0e23ebcc8b
- (bal) typo of setgroup for cygwin. Patch by vinschen@redhat.com
2002-06-13 21:34:57 +00:00
Ben Lindstrom
b7ae94dd0b
- (bal) Some platforms don't have ONLCR (Notable Mint)
2002-06-12 17:32:30 +00:00
Ben Lindstrom
837461bf9a
- (bal) Build noop setgroups() for cygwin to clean up code (For other
...
platforms without the setgroups() requirement, you MUST define
SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
2002-06-12 16:57:14 +00:00
Ben Lindstrom
da394cae04
- markus@cvs.openbsd.org 2002/06/12 01:09:52
...
[ssh.c]
ssh_connect returns 0 on success
2002-06-12 16:11:12 +00:00
Ben Lindstrom
2415757253
- markus@cvs.openbsd.org 2002/06/11 23:03:54
...
[ssh.c]
remove unused cruft.
2002-06-12 16:09:39 +00:00
Ben Lindstrom
1aa6427c0f
- (bal) Cygwin fix up from swap uid clean up in ssh.c patch by
...
vinschen@redhat.com
2002-06-11 20:28:05 +00:00
Ben Lindstrom
9a17c9a568
- itojun@cvs.openbsd.org 2002/06/11 08:11:45
...
[canohost.c]
use "ntop" only after initialized
2002-06-11 16:47:22 +00:00
Ben Lindstrom
ce0f634270
- mpech@cvs.openbsd.org 2002/06/11 05:46:20
...
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
pid_t cleanup. Markus need this now to keep hacking.
markus@, millert@ ok
2002-06-11 16:42:49 +00:00
Ben Lindstrom
f9c4884c8e
- markus@cvs.openbsd.org 2002/06/11 04:14:26
...
[ssh.c sshconnect.c sshconnect.h]
no longer use uidswap.[ch] from the ssh client
run less code with euid==0 if ssh is installed setuid root
just switch the euid, don't switch the complete set of groups
(this is only needed by sshd). ok provos@
2002-06-11 16:37:51 +00:00
Ben Lindstrom
8bb6f36c8f
- markus@cvs.openbsd.org 2002/06/10 22:28:41
...
[channels.c channels.h session.c]
move creation of agent socket to session.c; no need for uidswapping
in channel.c.
2002-06-11 15:59:02 +00:00
Ben Lindstrom
914d03758b
- stevesk@cvs.openbsd.org 2002/06/10 21:21:10
...
[ssh_config]
update defaults for RhostsRSAAuthentication and RhostsAuthentication
here too (all options commented out with default value).
2002-06-11 15:55:01 +00:00
Ben Lindstrom
2bf8276393
- stevesk@cvs.openbsd.org 2002/06/10 17:45:20
...
[readconf.c ssh.1]
change RhostsRSAAuthentication and RhostsAuthentication default to no
since ssh is no longer setuid root by default; ok markus@
2002-06-11 15:53:05 +00:00
Ben Lindstrom
1775c9c97a
- stevesk@cvs.openbsd.org 2002/06/10 17:36:23
...
[ssh-add.1 ssh-add.c]
use convtime() to parse and validate key lifetime. can now
use '-t 2h' etc. ok markus@ provos@
2002-06-11 15:51:54 +00:00
Ben Lindstrom
11d470de34
- stevesk@cvs.openbsd.org 2002/06/10 16:56:30
...
[ssh-keysign.8]
merge in stuff from my man page; ok markus@
2002-06-11 15:50:13 +00:00
Ben Lindstrom
2779d28a0f
- stevesk@cvs.openbsd.org 2002/06/10 16:53:06
...
[auth-rsa.c ssh-rsa.c]
display minimum RSA modulus in error(); ok markus@
2002-06-11 15:47:42 +00:00
Ben Lindstrom
18a32a7efa
- itojun@cvs.openbsd.org 2002/06/09 22:17:21
...
[sshconnect.c]
pass salen to sockaddr_ntop so that we are happy on linux/solaris
2002-06-11 15:46:34 +00:00
Ben Lindstrom
5cac423871
- stevesk@cvs.openbsd.org 2002/06/09 22:15:15
...
[ssh.1]
update for no setuid root and ssh-keysign; ok deraadt@
2002-06-11 15:45:02 +00:00
Ben Lindstrom
494709decb
- (bal) ssh-agent.c RCSD fix (|unexpand already done)
2002-06-11 15:42:53 +00:00
Ben Lindstrom
05efee1092
- (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
...
sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
independant of them)
2002-06-09 20:20:58 +00:00
Ben Lindstrom
2749e1c8f5
- markus@cvs.openbsd.org 2002/06/09 04:33:27
...
[sshconnect.c]
abort() - > fatal()
2002-06-09 20:16:22 +00:00
Ben Lindstrom
159ac2e8cd
- itojun@cvs.openbsd.org 2002/06/08 21:15:27
...
[sshconnect.c]
always use getnameinfo. (diag message only)
2002-06-09 20:14:54 +00:00
Ben Lindstrom
2e17b08e48
- markus@cvs.openbsd.org 2002/06/08 12:46:14
...
[readconf.c]
silently ignore deprecated options, since FallBackToRsh might be passed
by remote scp commands.
2002-06-09 20:13:27 +00:00
Ben Lindstrom
af0c6d6a8c
- markus@cvs.openbsd.org 2002/06/08 12:36:53
...
[scp.c]
remove FallBackToRsh
2002-06-09 20:06:29 +00:00
Ben Lindstrom
7a7483d72e
- markus@cvs.openbsd.org 2002/06/08 05:41:18
...
[ssh_config]
remove FallBackToRsh/UseRsh
2002-06-09 20:05:35 +00:00
Ben Lindstrom
1c2bafebb3
- markus@cvs.openbsd.org 2002/06/08 05:40:01
...
[readconf.c]
just warn about Deprecated options for now
2002-06-09 20:04:50 +00:00
Ben Lindstrom
4daea86fd4
- markus@cvs.openbsd.org 2002/06/08 05:17:01
...
[readconf.c readconf.h ssh.1 ssh.c]
deprecate FallBackToRsh and UseRsh; patch from djm@
2002-06-09 20:04:02 +00:00
Ben Lindstrom
a20715788d
- markus@cvs.openbsd.org 2002/06/08 05:07:09
...
[ssh-keysign.c]
only accept 20 byte session ids
2002-06-09 20:01:48 +00:00
Ben Lindstrom
ece420413b
- markus@cvs.openbsd.org 2002/06/08 05:07:56
...
[ssh.c]
nuke ptrace comment
2002-06-09 20:00:09 +00:00
Ben Lindstrom
2ab1968da2
- (bal) Removed --{enable/disable}-suid-ssh
...
this was mistakenly commited with the __progname fix to ssh-keysign.
2002-06-07 16:49:11 +00:00
Ben Lindstrom
378a417389
- (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by
...
Bertrand.Velle@apogee-com.fr
2002-06-07 14:49:56 +00:00
Ben Lindstrom
3545352dc4
- (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au
2002-06-07 14:37:00 +00:00
Ben Lindstrom
03bab2861e
- (bal) Reverse logic, use __func__ first since it's C99
2002-06-07 03:19:35 +00:00
Ben Lindstrom
db41d2390c
- (bal) ssh-keysign should build and install correctly now. Phase two
...
would be to clean out any dead wood and disable ssh setuid on install.
2002-06-07 03:11:38 +00:00
Ben Lindstrom
b85ab30a6e
- (bal) Refixed auth2.c. It was never fully commited while spliting out
...
authentication to different files.
2002-06-07 02:05:25 +00:00
Ben Lindstrom
4eeccc79f6
- (bal) monitor_mm.c typos.
2002-06-07 01:57:25 +00:00
Ben Lindstrom
88d26ed408
- (bal) Forgot to add msg.c Makefile.in.
2002-06-07 01:53:59 +00:00
Ben Lindstrom
a93f12f396
- (bal) Missed msg.[ch] in merge. Required for ssh-keysign.
2002-06-07 01:51:06 +00:00
Ben Lindstrom
937df1d630
- markus@cvs.openbsd.org 2002/06/06 17:30:11
...
[sftp-server.c]
use get_int() macro (hide iqueue)
2002-06-06 21:58:35 +00:00
Ben Lindstrom
2c14047ada
- markus@cvs.openbsd.org 2002/06/06 17:12:44
...
[sftp-server.c]
discard remaining bytes of current request; ok provos@
2002-06-06 21:57:54 +00:00
Ben Lindstrom
d9d6ab6372
- stevesk@cvs.openbsd.org 2002/06/06 01:09:41
...
[monitor.h]
no trailing comma in enum; china@thewrittenword.com
2002-06-06 21:57:01 +00:00
Ben Lindstrom
61d328acf9
- markus@cvs.openbsd.org 2002/06/05 21:55:44
...
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -t life, Set lifetime (in seconds) when adding identities;
ok provos@
2002-06-06 21:54:57 +00:00
Ben Lindstrom
163f3b8f6b
- markus@cvs.openbsd.org 2002/06/05 20:56:39
...
[ssh-add.c]
add -x/-X to usage
2002-06-06 21:53:11 +00:00
Ben Lindstrom
2f71704b42
- markus@cvs.openbsd.org 2002/06/05 19:57:12
...
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -x for lock and -X for unlocking the agent.
todo: encrypt private keys with locked...
2002-06-06 21:52:03 +00:00
Ben Lindstrom
21d1ed8303
- markus@cvs.openbsd.org 2002/06/05 16:48:54
...
[ssh-agent.c]
copy current request into an extra buffer and just flush this
request on errors, ok provos@
2002-06-06 21:48:57 +00:00
Ben Lindstrom
b7788f3ebe
- markus@cvs.openbsd.org 2002/06/05 16:08:07
...
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
2002-06-06 21:46:08 +00:00
Ben Lindstrom
22fa01cdea
- markus@cvs.openbsd.org 2002/06/05 16:08:07
...
[ssh-agent.1 ssh-agent.c]
'-a bind_address' binds the agent to user-specified unix-domain
socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
2002-06-06 21:46:07 +00:00
Ben Lindstrom
7d9c38f37a
- markus@cvs.openbsd.org 2002/06/04 23:05:49
...
[cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
__FUNCTION__ -> __func__
NOTE: This includes all portable references also.
2002-06-06 21:40:51 +00:00
Ben Lindstrom
3dca4f55f2
- markus@cvs.openbsd.org 2002/06/04 23:02:06
...
[packet.c]
remove __FUNCTION__
2002-06-06 20:59:25 +00:00
Ben Lindstrom
f67e07711f
- markus@cvs.openbsd.org 2002/06/04 19:53:40
...
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
2002-06-06 20:58:19 +00:00
Ben Lindstrom
dcf6bfbfbd
- markus@cvs.openbsd.org 2002/06/04 19:42:35
...
[monitor.c]
only allow enabled authentication methods; ok provos@
2002-06-06 20:57:17 +00:00
Ben Lindstrom
2e14bc71e6
- deraadt@cvs.openbsd.org 2002/06/03 12:04:07
...
[ssh.h]
compatiblity -> compatibility
decriptor -> descriptor
authentciated -> authenticated
transmition -> transmission
2002-06-06 20:56:07 +00:00
Ben Lindstrom
ceae9d1c33
- markus@cvs.openbsd.org 2002/05/31 13:20:50
...
[ssh-rsa.c]
pad received signature with leading zeros, because RSA_verify expects
a signature of RSA_size. the drafts says the signature is transmitted
unpadded (e.g. putty does not pad), reported by anakin@pobox.com
2002-06-06 20:55:04 +00:00
Ben Lindstrom
01fff0c9d4
- markus@cvs.openbsd.org 2002/05/31 13:16:48
...
[key.c]
add comment:
key_verify returns 1 for a correct signature, 0 for an incorrect signature
and -1 on error.
2002-06-06 20:54:07 +00:00
Ben Lindstrom
511bb24c5b
- markus@cvs.openbsd.org 2002/05/31 11:35:15
...
[auth.h auth2.c]
move Authmethod definitons to per-method file.
NOTE: The rest of this patch is with the import of the auth2-*.c files.
2002-06-06 20:52:37 +00:00
Ben Lindstrom
cec2ea8d02
- markus@cvs.openbsd.org 2002/05/31 10:30:33
...
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
2002-06-06 20:51:04 +00:00
Ben Lindstrom
f088f4374a
- markus@cvs.openbsd.org 2002/05/30 08:07:31
...
[cipher.c]
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
our own implementation. allow use of AES hardware via libcrypto,
ok deraadt@
2002-06-06 20:50:07 +00:00
Ben Lindstrom
a26ea63f8a
- markus@cvs.openbsd.org 2002/05/29 11:21:57
...
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
2002-06-06 20:46:25 +00:00
Ben Lindstrom
20abb75f53
- stevesk@cvs.openbsd.org 2002/05/29 03:06:30
...
[ssh.1 sshd.8]
spelling
2002-06-06 20:45:33 +00:00
Ben Lindstrom
10d9936413
- stevesk@cvs.openbsd.org 2002/05/28 21:24:00
...
[uidswap.c]
use correct function name in fatal()
[See the patch above, I saw it before apply the next patch. <sigh>]
2002-06-06 20:44:06 +00:00
Ben Lindstrom
ca8943e6de
- (bal) Corrected debug() in uidswap.c to match upstream.
2002-06-06 20:42:04 +00:00
Ben Lindstrom
abff1dd050
- stevesk@cvs.openbsd.org 2002/05/28 17:28:02
...
[uidswap.c]
format spec change/casts and some KNF; ok markus@
2002-06-06 20:38:49 +00:00
Ben Lindstrom
105ccbe192
- stevesk@cvs.openbsd.org 2002/05/28 16:45:27
...
[monitor_mm.c]
print strerror(errno) on mmap/munmap error; ok markus@
2002-06-06 20:33:06 +00:00
Ben Lindstrom
033a49c7cc
- stevesk@cvs.openbsd.org 2002/05/26 20:35:10
...
[ssh.1]
sort ChallengeResponseAuthentication; ok markus@
2002-06-06 20:30:28 +00:00
Ben Lindstrom
855bf3ac3c
- markus@cvs.openbsd.org 2002/05/25 18:51:07
...
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
auth2-passwd.c auth2-pubkey.c Makefile.in]
split auth2.c into one file per method; ok provos@/deraadt@
NOTE: Merged back noticable cygwin and pam stuff. May need review to
ensure I did not miss anything.
2002-06-06 20:27:55 +00:00
Ben Lindstrom
4887da222b
- markus@cvs.openbsd.org 2002/05/25 08:50:39
...
[sshconnect2.c]
execlp->execl; from stevesk
2002-06-06 20:05:57 +00:00
Ben Lindstrom
5206b951c6
- markus@cvs.openbsd.org 2002/05/24 08:45:14
...
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
2002-06-06 19:59:29 +00:00
Ben Lindstrom
9e5bb579f9
- markus@cvs.openbsd.org 2002/05/23 19:39:34
...
[ssh.c]
add comment about ssh-keysign
2002-06-06 19:58:27 +00:00
Ben Lindstrom
1bad256822
- markus@cvs.openbsd.org 2002/05/23 19:24:30
...
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
2002-06-06 19:57:33 +00:00
Ben Lindstrom
f666fec2d5
- deraadt@cvs.openbsd.org 2002/05/22 23:18:25
...
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
2002-06-06 19:51:58 +00:00
Ben Lindstrom
38ed63d759
- deraadt@cvs.openbsd.org 2002/05/19 20:54:52
...
[log.h]
extra commas in enum not 100% portable
2002-06-06 19:51:06 +00:00
Ben Lindstrom
fac7769f64
- stevesk@cvs.openbsd.org 2002/05/16 22:09:59
...
[session.c ssh.c]
don't limit xauth pathlen on client side and longer print length on
server when debug; ok markus@
2002-06-06 19:49:54 +00:00
Ben Lindstrom
6a24641365
- markus@cvs.openbsd.org 2002/05/16 22:02:50
...
[cipher.c kex.h mac.c]
fix warnings (openssl 0.9.7 requires const)
2002-06-06 19:48:16 +00:00
Ben Lindstrom
fb62a69488
- markus@cvs.openbsd.org 2002/05/15 21:56:38
...
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
2002-06-06 19:47:11 +00:00
Kevin Steves
df75dd21f5
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
...
setsockopt from debug to error for now).
2002-06-04 20:52:19 +00:00
Tim Rice
28bbb0c458
[configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
...
build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
last monitor_fdpass.c changes that are no longer needed with new tests.
Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
2002-05-27 17:37:32 -07:00
Damien Miller
8ce8296fd0
sync scard/
2002-05-22 14:24:01 +10:00
Damien Miller
23dc10ddac
crank rpm spec versions
2002-05-22 14:14:54 +10:00
Damien Miller
667fb25f47
Crank version
...
(also missed changelog message)
2002-05-22 14:14:00 +10:00
Damien Miller
74cc5bb851
fix spelling mistakes spotted by Solar Designer <solar@openwall.com>
2002-05-22 11:02:15 +10:00
Kevin Steves
bc5bb55755
- (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
2002-05-21 17:59:13 +00:00
Kevin Steves
c5041acef3
- (stevesk) [sshd.c] bug 245; disable setsid() for now
2002-05-21 17:50:21 +00:00
Tim Rice
9de793cc6c
[configure.ac] remove extra MD5_MSG="no" line.
2002-05-17 08:59:22 -07:00
Ben Lindstrom
4e67d38a7e
- (bal) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/05/15 21:05:29
[version.h]
enter OpenSSH_3.2.2
- (bal) Caldara, Suse, and Redhat openssh.specs updated.
2002-05-15 21:50:14 +00:00
Ben Lindstrom
c5c15dde32
- markus@cvs.openbsd.org 2002/05/15 21:02:53
...
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
Ben Lindstrom
c57bbf158d
- millert@cvs.openbsd.org 2002/05/06 23:34:33
...
[ssh.1 sshd.8]
Kill/adjust r(login|exec)d? references now that those are no longer in
the tree.
2002-05-15 21:36:45 +00:00
Ben Lindstrom
bb2ce36d4d
- deraadt@cvs.openbsd.org 2002/05/04 02:39:35
...
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
Ben Lindstrom
2b70e5603f
- (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy.
2002-05-15 16:39:51 +00:00
Ben Lindstrom
7339b2a278
- mouring@cvs.openbsd.org 2002/05/15 15:47:49
...
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
2002-05-15 16:25:01 +00:00
Ben Lindstrom
bdde330d2f
- markus@cvs.openbsd.org 2002/05/13 21:26:49
...
[auth-rhosts.c]
handle debug messages during rhosts-rsa and hostbased authentication;
ok provos@
2002-05-15 16:19:37 +00:00
Ben Lindstrom
17401b6b77
- millert@cvs.openbsd.org 2002/05/13 15:53:19
...
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
2002-05-15 16:17:56 +00:00
Ben Lindstrom
a574cda45b
- markus@cvs.openbsd.org 2002/05/13 20:44:58
...
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
2002-05-15 16:16:14 +00:00
Ben Lindstrom
58d4dafeb1
- itojun@cvs.openbsd.org 2002/05/13 02:37:39
...
[auth-skey.c auth2.c]
less warnings. skey_{respond,query} are public (in auth.h)
2002-05-15 16:14:36 +00:00
Ben Lindstrom
966bfdae6b
- stevesk@cvs.openbsd.org 2002/05/11 20:24:48
...
[ssh.h]
typo in comment
2002-05-15 16:09:57 +00:00
Ben Lindstrom
973be0083b
- deraadt@cvs.openbsd.org 2002/05/08 21:06:34
...
[ssh.h]
move to sshd.sshd instead
2002-05-15 16:08:48 +00:00
Ben Lindstrom
1650ba3f57
- deraadt@cvs.openbsd.org 2002/05/07 19:54:36
...
[ssh.h]
use ssh uid
2002-05-15 16:07:11 +00:00
Ben Lindstrom
beecf74e2b
- (bal) CVS ID fix up on auth-passwd.c
2002-05-15 15:59:17 +00:00
Damien Miller
860e929fa2
wrap
2002-05-15 10:12:29 +10:00
Damien Miller
ee5e3b2d8a
wrap
2002-05-15 10:08:17 +10:00
Tim Rice
8dd6febf73
update version.
2002-05-14 09:03:46 -07:00
Tim Rice
fd6fd24a71
remove reference to UnixWare 7 and OpenUNIX 8
...
from PAM-enabled pragraph. UnixWare has no PAM.
2002-05-13 20:50:38 -07:00
Tim Rice
1e28c9e6ba
20020514
...
[sshpty.c] set tty modes when allocating old style bsd ptys to
match what newer style ptys have when allocated. Based on a patch by
Roger Cornelius <rac@tenzing.org>
[README.privsep] UnixWare 7 and OpenUNIX 8 work.
2002-05-13 17:07:18 -07:00
Kevin Steves
f8defa2327
- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
2002-05-13 23:31:09 +00:00
Damien Miller
05720356d6
- (djm) Add INSTALL warning about SSH protocol 1 blowfish w/ OpenSSL < 0.9.6
2002-05-13 15:22:21 +10:00
Damien Miller
f71d2a5d44
- (djm) Bug #234 : missing readpassphrase declaration and defines
2002-05-13 15:14:08 +10:00
Kevin Steves
0228155f06
- (stevesk) add initial README.privsep
2002-05-13 03:57:04 +00:00
Kevin Steves
c81e12976e
- (stevesk) [configure.ac] nicer message: --with-privsep-user=user
2002-05-13 03:51:40 +00:00
Damien Miller
b7cb96934e
- (djm) Update RPM spec file: different superuser path, use
...
/var/empty/sshd for privsep
2002-05-13 13:26:57 +10:00
Damien Miller
f58c672f0e
- (djm) Add --with-privsep-path configure option
2002-05-13 13:15:42 +10:00
Damien Miller
5ad9fd9820
- (djm) Bug #231 : UsePrivilegeSeparation turns off Banner.
2002-05-13 11:07:41 +10:00
Damien Miller
a18bbd398e
- (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
...
the superuser receives.
2002-05-13 10:48:57 +10:00
Tim Rice
802b956868
fix for systems that have both HAVE_ACCRIGHTS_IN_MSGHDR and
...
HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h has #define msg_accrights msg_control
2002-05-11 15:30:04 -07:00
Tim Rice
aef7371fe4
applied a rework of djm's OpenSSL search cleanup patch.
...
Now only searches system and /usr/local/ssl (OpenSSL's default install path)
Others must use --with-ssl-dir=....
2002-05-11 13:17:42 -07:00
Kevin Steves
f98fb721a0
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
...
check for root forced expire. Still don't check for inactive.
2002-05-10 15:48:52 +00:00