tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,760 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

384 Commits

Author SHA1 Message Date
Darren Tucker 0a44d1ecf3 - (dtucker) [session.c] Call display_loginmsg again after do_pam_session. 
Ensures messages from PAM modules are displayed when privsep=no.

Note: I did not want to just move display_loginmsg since that would change
existing behaviour (order of expiry warnings, "Last Login", motd) to less
like the native tools.
 2004-07-01 09:48:29 +10:00
Damien Miller a6b1d169e6 - djm@cvs.openbsd.org 2004/06/30 08:36:59 
[session.c]
     unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
 2004-06-30 22:41:07 +10:00
Darren Tucker 723e945b55 - djm@cvs.openbsd.org 2004/06/21 17:53:03 
[session.c]
     fix fd leak for multiple subsystem connections; with markus@
 2004-06-22 12:57:08 +10:00
Darren Tucker 1f8311c836 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43 
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
     packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
     improve some code lint did not like; djm millert ok
 2004-05-13 16:39:33 +10:00
Darren Tucker e14e005f41 - djm@cvs.openbsd.org 2004/05/09 01:19:28 
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
     sshd.c] removed: mpaux.c mpaux.h
     kill some more tiny files; ok deraadt@
 2004-05-13 16:30:44 +10:00
Darren Tucker 46bc075474 - djm@cvs.openbsd.org 2004/04/27 09:46:37 
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
     ssh_config.5 sshd_config.5]
     bz #815: implement ability to pass specified environment variables from
     the client to the server; ok markus@
 2004-05-02 22:11:30 +10:00
Damien Miller 9c870f966a - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache 
file using FILE: method, fixes problems on Mac OSX.
   Patch from simon@sxw.org.uk; ok dtucker@
 2004-04-16 22:47:55 +10:00
Darren Tucker ac7c998a2d - (dtucker) [session.c] Flush stdout after displaying loginmsg. From 
f_mohr at yahoo.de.
 2004-04-07 08:04:09 +10:00
Darren Tucker b385059346 - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent 
duplicate login messages for mutli-session logins.  ok djm@
 2004-03-27 16:44:21 +11:00
Darren Tucker 1825f26d21 - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the 
non-interactive path.  ok djm@
 2004-02-24 00:01:27 +11:00
Darren Tucker 1921ed9f96 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to 
change expired PAM passwords for SSHv1 connections without privsep.
   pam_chauthtok is still used when privsep is disabled.  ok djm@
 2004-02-10 13:23:28 +11:00
Darren Tucker 23bc8d0bff - markus@cvs.openbsd.org 2004/01/30 09:48:57 
[auth-passwd.c auth.h pathnames.h session.c]
     support for password change; ok dtucker@
     (set password-dead=1w in login.conf to use this).
     In -Portable, this is currently only platforms using bsdauth.
 2004-02-06 16:24:31 +11:00
Darren Tucker ef3a4a208c - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root 
user, since some modules might fail due to lack of privilege.  ok djm@
 2004-02-06 15:30:50 +11:00
Darren Tucker 3c78c5ed2f - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] 
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
   include kafs.h unless necessary.  From deengert at anl.gov.

For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
 2004-01-23 22:03:10 +11:00
Damien Miller d352636553 - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from 
ralf.hack AT pipex.net; ok dtucker@
 2004-01-23 14:16:26 +11:00
Darren Tucker 7fe8b72771 - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not 
just HEIMDAL.

Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available.  In that case it will be used too.
 2004-01-22 12:48:26 +11:00
Damien Miller 8f341f8b8b - markus@cvs.openbsd.org 2004/01/13 19:23:15 
[compress.c session.c]
     -Wall; ok henning
 2004-01-21 11:00:46 +11:00
Darren Tucker 409cb328c1 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] 
Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
 2004-01-05 22:36:51 +11:00
Darren Tucker 22ef508754 - jakob@cvs.openbsd.org 2003/12/23 16:12:10 
[servconf.c servconf.h session.c sshd_config]
     implement KerberosGetAFSToken server option. ok markus@, beck@
 2003-12-31 11:37:34 +11:00
Darren Tucker 3175eb9a5a - markus@cvs.openbsd.org 2003/12/02 17:01:15 
[channels.c session.c ssh-agent.c ssh.h sshd.c]
     use SSH_LISTEN_BACKLOG (=128) in listen(2).
 2003-12-09 19:15:11 +11:00
Damien Miller ce34674a9f sync whitespace - no code change 2003-11-22 14:41:58 +11:00
Damien Miller 787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Damien Miller c756e9b56e - (djm) Export environment variables from authentication subprocess to 
parent. Part of Bug #717
 2003-11-17 21:41:42 +11:00
Damien Miller 3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09 
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
 2003-11-17 21:13:40 +11:00
Darren Tucker 072a7b178c - markus@cvs.openbsd.org 2003/10/14 19:54:39 
[session.c ssh-agent.c]
     10X for mkdtemp; djm@
 2003-10-15 16:10:25 +10:00
Darren Tucker 8846a07639 - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static 
cleanup functions.  With & ok djm@
 2003-10-07 11:30:15 +10:00
Darren Tucker f391ba6730 - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations. 
Based on patches by Matthias Koeppe and Thomas Baden.  ok djm@
 2003-10-02 20:07:09 +10:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11 
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
 2003-10-02 16:12:36 +10:00
Darren Tucker fb16b2411e - markus@cvs.openbsd.org 2003/09/18 08:49:45 
[deattack.c misc.c session.c ssh-agent.c]
     more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
     ok millert@
 2003-09-22 21:04:23 +10:00
Darren Tucker c11b1e8420 - (dtucker) [session.c] Bug #643: Fix size_t -> u_int and fix null deref 
when /etc/default/login doesn't exist or isn't readable.  Fixes from
   jparsons-lists at saffron.net and georg.oppenberg at deu mci com.
 2003-09-19 20:56:51 +10:00
Darren Tucker e1a790d0d1 - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve 
PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it
   (eg Solaris, Reliant Unix).  Patch from Robert.Dahlem at siemens.com.  ok djm@
 2003-09-16 11:52:19 +10:00
Damien Miller 341c6e687c - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session 
management (now done in do_setusercontext). Largely from
   michael_steffens AT hp.com
 2003-09-02 23:18:52 +10:00
Damien Miller 324948b320 - markus@cvs.openbsd.org 2003/08/31 13:29:05 
[session.c]
     call ssh_gssapi_storecreds conditionally from do_exec();
     with sxw@inf.ed.ac.uk
 2003-09-02 22:55:45 +10:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34 
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
 2003-09-02 22:51:17 +10:00
Darren Tucker 49aaf4ad52 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h 
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
 2003-08-26 11:58:16 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09 
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
 2003-08-26 11:49:55 +10:00
Damien Miller 1f499fd368 - (djm) Bug #564: Perform PAM account checks for all authentications when 
UsePAM=yes; ok dtucker
 2003-08-25 13:08:49 +10:00
Darren Tucker 3bdbd848ea - markus@cvs.openbsd.org 2003/08/13 08:33:02 
[session.c]
     use more portable tcsendbreak(3) and ignore break_length;
     ok deraadt, millert
 2003-08-13 20:31:05 +10:00
Darren Tucker d85efee437 - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge. 2003-08-13 20:28:14 +10:00
Darren Tucker 80649c5fa6 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin 
specific defines and includes to bsd-cygwin_util.h.  Fixes build error too.
 2003-08-07 16:28:16 +10:00
Darren Tucker b9d3f41ceb - (dtucker) [session.c] Have session_break_req not attempt to send a break 
if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
 2003-08-07 13:24:24 +10:00
Darren Tucker 6aaa58c470 - (dtucker) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
 2003-08-02 22:24:49 +10:00
Darren Tucker b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h] 
Convert aixloginmsg into platform-independant Buffer loginmsg.
 2003-07-08 22:59:59 +10:00
Darren Tucker 793e817d49 - (dtucker) Check return value of setpcred(). 2003-07-08 21:01:04 +10:00
Darren Tucker a0c0b63112 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] 
Include AIX headers for authentication functions and make calls match
   prototypes.  Test for and handle 3-args and 4-arg variants of loginfailed.
 2003-07-08 20:52:12 +10:00
Damien Miller 3a961dc0d3 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
 2003-06-03 10:25:48 +10:00
Damien Miller 54c459866e - markus@cvs.openbsd.org 2003/05/14 22:24:42 
[clientloop.c session.c ssh.1]
     allow to send a BREAK to the remote system; ok various
 2003-05-15 10:20:13 +10:00
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control 
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
 2003-05-14 15:11:48 +10:00
Damien Miller b1ca8bb159 - markus@cvs.openbsd.org 2003/05/11 20:30:25 
[channels.c clientloop.c serverloop.c session.c ssh.c]
     make channel_new() strdup the 'remote_name' (not the caller); ok theo
 2003-05-14 13:45:42 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Ben Lindstrom c8c548d248 - (bal) Disable Privsep for Tru64 after pre-authentication due to issues 
with SIA.  Also, clean up of tru64 support patch by Chris Adams
   <cmadams@hiwaay.net>
 2003-03-21 01:18:09 +00:00
Damien Miller 0011138d47 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/03/05 22:33:43
     [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
     [sftp-server.c ssh-add.c sshconnect2.c]
     fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
 2003-03-10 11:21:17 +11:00
Damien Miller 1a3ccb07c5 - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me; 
From vinschen@redhat.com
 2003-02-24 13:04:01 +11:00
Damien Miller 97f39ae810 - markus@cvs.openbsd.org 2003/02/06 09:26:23 
[session.c]
     missing call to setproctitle() after authentication; ok provos@
 2003-02-24 11:57:01 +11:00
Damien Miller a8ed44b79e - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More 
systems may be added later.
 2003-01-10 09:53:12 +11:00
Damien Miller f25c18d7e8 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from 
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
 2003-01-07 17:38:58 +11:00
Damien Miller dfedbf8e5a - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from 
mii@ornl.gov
 2003-01-03 14:52:53 +11:00
Kevin Steves 678ee51ff3 - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable 
parts of pass addrlen with sockaddr * fix.
    from Hajimu UMEMOTO <ume@FreeBSD.org>
 2003-01-01 23:43:55 +00:00
Ben Lindstrom 46767607e2 - markus@cvs.openbsd.org 2002/12/10 08:56:00 
[session.c]
     Make sure $SHELL points to the shell from the password file, even if shell
     is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
 2002-12-23 02:26:08 +00:00
Ben Lindstrom 611797ed15 - stevesk@cvs.openbsd.org 2002/12/04 04:36:47 
[session.c]
     remove xauth entries before add; PR 2994 from janjaap@stack.nl.
     ok markus@
 2002-12-23 02:15:57 +00:00
Tim Rice 81ed518b9b Cray fixes (bug 367) based on patch from Wendy Palm @ cray. 
This does not include the deattack.c fixes.
 2002-09-25 17:38:46 -07:00
Ben Lindstrom 164725f40e l) Fix issue where successfull login does not clear failure counts 
in AIX.  Patch by dtucker@zip.com.au ok by djm
 2002-09-25 23:14:14 +00:00
Damien Miller a6eb2b7f8e - stevesk@cvs.openbsd.org 2002/09/16 19:55:33 
[session.c]
     log when _PATH_NOLOGIN exists; ok markus@
 2002-09-19 11:50:48 +10:00
Damien Miller f37e246f85 - stevesk@cvs.openbsd.org 2002/09/12 19:50:36 
[session.c ssh.1]
     add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@
 2002-09-19 11:47:55 +10:00
Damien Miller e9994cb4d7 - (djm) Bug #365: Read /.ssh/environment properly under CygWin. 
Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
 2002-09-10 21:43:53 +10:00
Damien Miller ebc2306629 - stevesk@cvs.openbsd.org 2002/08/29 15:57:25 
[monitor.c session.c sshlogin.c sshlogin.h]
     pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
     NOTE: there are also p-specific parts to this patch. ok markus@
 2002-09-04 16:45:09 +10:00
Damien Miller 5a80bba86f - markus@cvs.openbsd.org 2002/08/22 21:45:41 
[session.c]
     send signal name (not signal number) in "exit-signal" message; noticed
     by galb@vandyke.com
 2002-09-04 16:39:02 +10:00
Ben Lindstrom 5d860f02ca - markus@cvs.openbsd.org 2002/07/30 17:03:55 
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
     add PermitUserEnvironment (off by default!); from dot@dotat.at;
     ok provos, deraadt
 2002-08-01 01:28:38 +00:00
Ben Lindstrom b9051ec9a4 - markus@cvs.openbsd.org 2002/07/22 11:03:06 
[session.c]
     fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
 2002-07-23 21:11:09 +00:00
Ben Lindstrom 264ee307a8 - markus@cvs.openbsd.org 2002/07/19 15:43:33 
[log.c log.h session.c sshd.c]
     remove fatal cleanups after fork; based on discussions with and code
     from solar.
 2002-07-23 21:01:56 +00:00
Kevin Steves 38b050a0f5 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be 
freed by the caller; add free_pam_environment() and use it.
 2002-07-23 00:44:07 +00:00
Ben Lindstrom 938b828566 - (bal) Remove unused tty defined in do_setusercontext() pointed out by 
dtucker@zip.com.au plus a a more KNF since I am near it.
 2002-07-15 17:58:34 +00:00
Ben Lindstrom 51b2488aad - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess. 2002-07-04 03:08:40 +00:00
Ben Lindstrom 5a9d0eaba6 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 
[auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
 2002-07-04 00:12:53 +00:00
Damien Miller 990070a8c5 - deraadt@cvs.openbsd.org 2002/06/26 13:49:26 
[session.c]
     disclose less information from environment files; based on input
     from djm, and dschultz@uclink.Berkeley.EDU
 2002-06-26 23:51:06 +10:00
Damien Miller a0796cad4a - markus@cvs.openbsd.org 2002/06/26 08:58:26 
[session.c]
     limit # of env vars to 1000; ok deraadt/djm
 2002-06-26 19:15:07 +10:00
Damien Miller f18cd162d3 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ 2002-06-26 19:12:59 +10:00
Ben Lindstrom b129be657c 20020626 
- (bal) moved aix_usrinfo() and noted not setting real TTY.  Patch by
   dtucker@zip.com.au
 2002-06-25 17:12:26 +00:00
Ben Lindstrom a9d2c89fc5 - deraadt@cvs.openbsd.org 2002/06/23 21:06:41 
[channels.c channels.h session.c session.h]
     display, screen, row, col, xpixel, ypixel are u_int; markus ok
  - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
    xpixel are u_int.
 2002-06-23 21:48:28 +00:00
Ben Lindstrom e23f4a3d28 - deraadt@cvs.openbsd.org 2002/06/23 20:39:45 
[session.c]
     compression_level is u_int
 2002-06-23 21:40:16 +00:00
Ben Lindstrom 23e0f667f8 - markus@cvs.openbsd.org 2002/06/20 23:05:56 
[servconf.c servconf.h session.c sshd.c]
     allow Compression=yes/no in sshd_config
 2002-06-21 01:09:47 +00:00
Ben Lindstrom f0bfa839bd - (bal) Fixed AIX environment handling, use setpcred() instead of existing 
code.  (Bugzilla Bug 261)
 2002-06-21 00:01:18 +00:00
Ben Lindstrom ce0f634270 - mpech@cvs.openbsd.org 2002/06/11 05:46:20 
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
     pid_t cleanup. Markus need this now to keep hacking.
     markus@, millert@ ok
 2002-06-11 16:42:49 +00:00
Ben Lindstrom 8bb6f36c8f - markus@cvs.openbsd.org 2002/06/10 22:28:41 
[channels.c channels.h session.c]
     move creation of agent socket to session.c; no need for uidswapping
     in channel.c.
 2002-06-11 15:59:02 +00:00
Ben Lindstrom 5a6abdae0f unexpand 2002-06-09 19:41:48 +00:00
Ben Lindstrom 378a417389 - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by 
Bertrand.Velle@apogee-com.fr
 2002-06-07 14:49:56 +00:00
Ben Lindstrom fac7769f64 - stevesk@cvs.openbsd.org 2002/05/16 22:09:59 
[session.c ssh.c]
     don't limit xauth pathlen on client side and longer print length on
     server when debug; ok markus@
 2002-06-06 19:49:54 +00:00
Damien Miller a18bbd398e - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH 
the superuser receives.
 2002-05-13 10:48:57 +10:00
Kevin Steves 5feaaefaf2 - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX 2002-04-23 20:45:55 +00:00
Ben Lindstrom c447fee9f1 - markus@cvs.openbsd.org 2002/03/29 18:59:32 
[session.c session.h]
     retrieve last login time before the pty is allocated, store per session
 2002-04-02 20:35:35 +00:00
Ben Lindstrom 2bf56e2dba - markus@cvs.openbsd.org 2002/03/28 15:34:51 
[session.c]
     do not call record_login twice (for use_privsep)
 2002-04-02 20:32:46 +00:00
Kevin Steves b4799a31a5 - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure 
it can be removed. only used on solaris. will no longer compile with
   privsep shuffling.
 2002-03-24 23:19:54 +00:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35 
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
 2002-03-22 02:54:23 +00:00
Ben Lindstrom 08105192fd - markus@cvs.openbsd.org 2002/03/19 10:35:39 
[auth-options.c auth.h session.c session.h sshd.c]
     clean up prototypes
 2002-03-22 02:50:06 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31 
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
 2002-03-22 02:30:41 +00:00
Ben Lindstrom b481e1323e - provos@cvs.openbsd.org 2002/03/18 03:41:08 
[auth.c session.c]
     move auth_approval into getpwnamallow with help from millert@
 2002-03-22 01:35:47 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch 
revert
 2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff 
PAM, Cygwin and OSF SIA will not work for sure
 2002-03-13 12:47:54 +11:00
Ben Lindstrom c004135b72 - (bal) Last AIX patch. Moved aix_usrinfo() outside of do_setuserconext() 
since we need more session information than provided by that function.
 2002-02-25 15:48:02 +00:00
Tim Rice e06ae4a4bc [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84 
patch by wknox@mitre.org (William Knox).
[sshlogin.h] declare record_utmp_only for session.c
 2002-02-24 17:56:46 -08:00
Ben Lindstrom 839ac4f8aa - (bal) Part two.. Drop unused AIX header, fix up missing char *cp. All 
that is left is handling aix_usrinfo().
 2002-02-24 20:42:46 +00:00
Ben Lindstrom 3107efc12a - (bal) Minor session.c for cygwin. mispelt 'is_winnt' variable. 2002-02-21 15:37:02 +00:00
Ben Lindstrom e37f63ffa0 - markus@cvs.openbsd.org 2002/02/16 00:51:44 
[session.c]
     typo
 - (bal) CVS ID sync since the last two patches were merged mistakenly
 2002-02-19 21:58:19 +00:00
Ben Lindstrom 4e97e85c03 - (bal) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2002/02/15 23:11:26
     [session.c]
     split do_child(), ok mouring@

Compiles under Redhat 7.2.. I cannot give any promises.. but I spent a
good hour and half ensure all the right bits are in the right spots.. and
it does seem to help out quite a bit for readiblity.
 2002-02-19 21:50:43 +00:00
Ben Lindstrom a9c039cf04 - (bal) Migrated AIX getuserattr and usrinfo code to 
openbsd-compat/port-aix.[c] to improve readilbity of do_child() and
   simplify our diffs against upstream source.
 2002-02-19 20:27:55 +00:00
Ben Lindstrom f095a85882 - (bal) Migrate IRIX jobs/projects/audit/etc code to 
openbsd-compat/port-irix.[ch] to improve readiblity of do_child()
 2002-02-19 20:02:48 +00:00
Damien Miller 19a5945105 - markus@cvs.openbsd.org 2002/02/14 23:28:00 
[channels.h session.c ssh.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
 2002-02-19 15:20:57 +11:00
Damien Miller 05eda437a6 - (djm) OpenBSD CVS Sync 
- deraadt@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
 2002-02-10 18:32:28 +11:00
Damien Miller f3dcf1fc88 - markus@cvs.openbsd.org 2002/02/06 14:37:22 
[session.c]
     minor KNF
 2002-02-08 22:06:48 +11:00
Damien Miller f3451a2181 - (djm) Cleanup after sync: 
- :%s/reverse_mapping_check/verify_reverse_mapping/g
 2002-02-05 12:40:46 +11:00
Damien Miller c7ef63dd41 - markus@cvs.openbsd.org 2002/02/03 17:53:25 
[auth1.c serverloop.c session.c session.h]
     don't use channel_input_channel_request and callback
     use new server_input_channel_req() instead:
     	server_input_channel_req does generic request parsing on server side
     	session_input_channel_req handles just session specific things now
     ok djm@
 2002-02-05 12:21:42 +11:00
Damien Miller 5fab4b9b1d - markus@cvs.openbsd.org 2002/01/29 22:46:41 
[session.c]
     don't depend on servconf.c; ok djm@
 2002-02-05 12:15:07 +11:00
Damien Miller baa0870852 - stevesk@cvs.openbsd.org 2002/01/29 16:29:02 
[session.c]
     limit subsystem length in log; ok markus@
 2002-02-05 12:14:10 +11:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03 
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
 2002-02-05 12:13:41 +11:00
Damien Miller 95c249ff47 - stevesk@cvs.openbsd.org 2002/01/27 14:57:46 
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
 2002-02-05 12:11:34 +11:00
Damien Miller 512bccbb5a - stevesk@cvs.openbsd.org 2002/01/26 16:44:22 
[includes.h session.c]
     revert code to add x11 localhost display authorization entry for
     hostname/unix:d and uts.nodename/unix:d if nodename was different than
     hostname.  just add entry for unix:d instead.  ok markus@
 2002-02-05 12:11:02 +11:00
Damien Miller dff5099f13 - markus@cvs.openbsd.org 2001/12/28 14:50:54 
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
 2002-01-22 23:16:32 +11:00
Damien Miller 48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58 
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
 2002-01-22 23:11:40 +11:00
Damien Miller 66823cddbe - markus@cvs.openbsd.org 2001/12/27 20:39:58 
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
 2002-01-22 23:11:38 +11:00
Damien Miller bb9ffc18ca - (djm) Merge Cygwin copy_environment with do_pam_environment, removing 
fixed env var size limit in the process. Report from Corinna Vinschen
   <vinschen@redhat.com>
 2002-01-08 10:59:32 +11:00
Damien Miller e737856350 - markus@cvs.openbsd.org 2001/12/20 16:37:29 
[channels.c channels.h session.c]
     setup x11 listen socket for just one connect if the client requests so.
     (v2 only, but the openssh client does not support this feature).
 2001-12-21 14:58:35 +11:00
Damien Miller 8db9a84310 Sync RCSIDs from Kevin's already committed patch 2001-12-21 14:51:28 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Kevin Steves 366298c696 - (stevesk) OpenBSD CVS sync X11 localhost display 
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
     [channels.h channels.c session.c]
     sshd X11 fake server will now listen on localhost by default:
     $ echo $DISPLAY
     localhost:12.0
     $ netstat -an|grep 6012
     tcp        0      0  127.0.0.1.6012         *.*                    LISTEN
     tcp6       0      0  ::1.6012               *.*                    LISTEN
     sshd_config gatewayports=yes can be used to revert back to the old
     behavior.  will control this with another option later.  ok markus@
   - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
     [includes.h session.c]
     handle utsname.nodename case for FamilyLocal X authorization; ok markus@
 2001-12-19 17:58:01 +00:00
Ben Lindstrom ccd8d07b3c - stevesk@cvs.openbsd.org 2001/12/06 18:09:23 
[channels.c session.c]
     strncpy->strlcpy.  remaining strncpy's are necessary.  ok markus@
 2001-12-07 17:26:48 +00:00
Ben Lindstrom 38b951cdb2 - markus@cvs.openbsd.org 2001/12/01 21:41:48 
[session.c sshd.8]
     don't pass user defined variables to /usr/bin/login
 2001-12-06 17:47:47 +00:00
Damien Miller e49d0966b5 - (djm) AIX login{success,failed} changes. Move loginsuccess call to 
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
   K.Wolkersdorfer@fz-juelich.de and others
 2001-11-13 23:46:18 +11:00
Damien Miller c3aa3dd70c - (djm) Disconnect if no tty and PAM reports password expired 2001-10-28 22:34:52 +11:00
Damien Miller 0585d51a52 - markus@cvs.openbsd.org 2001/10/11 13:45:21 
[session.c]
     delay detach of session if a channel gets closed but the child is
     still alive.  however, release pty, since the fd's to the child are
     already closed.
 2001-10-12 11:35:50 +10:00
Damien Miller 3ec2759ad4 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2001/10/10 22:18:47
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c session.h]
     try to keep channels open until an exit-status message is sent.
     don't kill the login shells if the shells stdin/out/err is closed.
     this should now work:
     ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
 2001-10-12 11:35:04 +10:00
Damien Miller 52b77beb65 - markus@cvs.openbsd.org 2001/10/09 21:59:41 
[channels.c channels.h serverloop.c session.c session.h]
     simplify session close: no more delayed session_close, no more blocking wait() calls.
 2001-10-10 15:14:37 +10:00
Damien Miller ae45246696 - markus@cvs.openbsd.org 2001/10/09 19:32:49 
[session.c]
     stat subsystem command before calling do_exec, and return error to client.
 2001-10-10 15:08:06 +10:00
Damien Miller 139d4cd908 - markus@cvs.openbsd.org 2001/10/09 10:12:08 
[session.c]
     chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
 2001-10-10 15:07:44 +10:00
Damien Miller 9c75142917 - markus@cvs.openbsd.org 2001/10/06 00:36:42 
[session.c]
     fix typo in error message, sync with do_exec_nopty
 2001-10-10 15:02:46 +10:00
Kevin Steves a0957d6898 - (stevesk) session.c: declare do_pre_login() before use 
wayned@users.sourceforge.net
 2001-09-27 19:50:26 +00:00
Ben Lindstrom 37e41c9019 - markus@cvs.openbsd.org 2001/09/16 14:46:54 
[session.c]
      calls krb_afslog() after setting $HOME; mattiasa@e.kth.se; fixes
      pr 1943b
 2001-09-16 22:17:15 +00:00
Damien Miller 599d8eba16 - (djm) Make do_pre_login static to avoid prototype #ifdef hell 2001-09-15 12:25:53 +10:00
Ben Lindstrom b09f6b5b02 - markus@cvs.openbsd.org 2001/09/14 
[session.c]
     command=xxx overwrites subsystems, too
 2001-09-14 23:12:07 +00:00
Ben Lindstrom 91e9868e4f - jakob@cvs.openbsd.org 2001/08/16 19:18:34 
[servconf.c servconf.h session.c sshd.8]
     deprecate CheckMail. ok markus@
 2001-09-12 16:32:14 +00:00
Damien Miller efb1edfc7f - deraadt@cvs.openbsd.org 2001/07/09 07:04:53 
[session.c sftp-int.c]
     correct type on last arg to execl(); nordin@cse.ogi.edu
 2001-07-14 12:19:36 +10:00
Damien Miller c62f1fc3ff - (djm) Enable /etc/nologin check on PAM systems, as some lack the 
pam_nologin module. Report from William Yodlowsky
   <bsd@openbsd.rutgers.edu>
 2001-07-14 11:54:05 +10:00
Kevin Steves 8f63caa197 - (stevesk) more sync for session.c 2001-07-04 18:23:02 +00:00
Ben Lindstrom 4983d5ebd5 - markus@cvs.openbsd.org 2001/07/02 13:59:15 
[serverloop.c session.c session.h]
     wait until !session_have_children(); bugreport from
     Lutz.Jaenicke@aet.TU-Cottbus.DE
 2001-07-04 05:17:40 +00:00
Ben Lindstrom bddd551e11 - markus@cvs.openbsd.org 2001/06/27 02:12:54 
[serverloop.c serverloop.h session.c session.h]
     quick hack to make ssh2 work again.
 2001-07-04 04:53:53 +00:00
Ben Lindstrom ec95ed9b4c - dugsong@cvs.openbsd.org 2001/06/26 16:15:25 
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
      servconf.c servconf.h session.c sshconnect1.c sshd.c]
     Kerberos v5 support for SSH1, mostly from Assar Westerlund
     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
 2001-07-04 04:21:14 +00:00
Ben Lindstrom 4469723325 - markus@cvs.openbsd.org 2001/06/25 08:25:41 
[channels.c channels.h cipher.c clientloop.c compat.c compat.h
      hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
      session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
     update copyright for 2001
 2001-07-04 03:32:30 +00:00
Kevin Steves 9b26f96c12 - (stevesk) session.c: use u_int for envsize 2001-06-29 17:52:17 +00:00
Damien Miller 665af9cae7 - (djm) Reintroduce pam_session call for non-pty sessions. 2001-06-27 09:34:15 +10:00