15ee748f28
- (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
...
to auth-shadow.c, no functional change. ok djm@
2004-02-22 09:43:15 +11:00
2e45cb0fb4
- (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@
2004-02-20 20:37:44 +11:00
051b0acbbc
- (djm) [log.c] Tighten openlog_r tests
2004-02-18 22:59:43 +11:00
82c78b3b9d
- (djm) [log.c] Correct use of HAVE_OPENLOG_R
2004-02-18 15:42:31 +11:00
05a75b6e5b
- jmc@cvs.openbsd.org 2004/02/17 19:35:21
...
[sshd_config.5]
remove cruft left over from RhostsAuthentication removal;
ok markus@
2004-02-18 14:31:23 +11:00
20e1fabace
- djm@cvs.openbsd.org 2004/02/17 11:03:08
...
[sftp.c]
sftp.c and sftp-int.c, together at last; ok markus@
2004-02-18 14:30:55 +11:00
d7d46bb606
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2004/02/17 07:17:29
[sftp-glob.c sftp.c]
Remove useless headers; ok deraadt@
2004-02-18 14:11:13 +11:00
a22897df06
- (dtucker) [configure.ac] Handle case where krb5-config --libs returns a
...
path with a "-" in it. From Sergio.Gelato at astro.su.se.
2004-02-18 11:21:12 +11:00
5cf8ef735c
- (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for
...
display after login. Should fix problems like pam_motd not displaying
anything, noticed by cjwatson at debian.org. ok djm@
2004-02-17 23:20:07 +11:00
ba53b839d3
- (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@
2004-02-17 20:46:59 +11:00
34255b9f4c
- (djm) Bug #698 : Specify FILE: for KRB5CCNAME; patch from
...
stadal@suse.cz and simon@sxw.org.uk
2004-02-17 20:33:52 +11:00
4e60ed74a6
- djm@cvs.openbsd.org 2004/02/17 05:39:51
...
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
[sftp-int.h sftp.c]
switch to license.template for code written by me (belated, I know...)
2004-02-17 17:07:59 +11:00
98225c2950
- (djm) Simplify the license on code I have written. No code changes.
2004-02-17 16:49:41 +11:00
3d5352e156
[configure.ac] Make sure -lcrypto is before -lsocket for sco3. ok mouring@
2004-02-12 09:27:21 -08:00
9ad7e0e805
[Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh]
...
Portablity fixes. Data sftp transfers needs to be world readable. Some
older shells hang on while loops when doing sh -n some_script. OK dtucker@
2004-02-12 07:17:10 -08:00
43fa557ce2
[configure.ac] Fix comment to match code changes in ver 1.117
2004-02-11 14:46:40 -08:00
cee6d4cf5a
- (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check
...
if HAS_SHADOW_EXPIRY is set.
2004-02-11 18:48:52 +11:00
13a707b60d
- (dtucker) [configure.ac] Bug #345 : Do not disable utmp on HP-UX 10.x.
...
ok djm@
2004-02-10 17:15:05 +11:00
c28b88a314
- (dtucker) [configure.ac loginrec.c] Bug #464 : Use updwtmpx on platforms
...
that support it. from & ok mouring@
2004-02-10 16:49:35 +11:00
cfea2063e5
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
...
include from port-aix.h to port-aix.c and remove unnecessary function
definition. Fixes build errors on AIX.
#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c. Sigh.
2004-02-10 15:27:34 +11:00
1921ed9f96
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14 : Use do_pwchange to
...
change expired PAM passwords for SSHv1 connections without privsep.
pam_chauthtok is still used when privsep is disabled. ok djm@
2004-02-10 13:23:28 +11:00
ffae532076
- (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #563 : Prepend ssh_ to compat
...
functions to avoid conflicts with Heimdal's libroken. ok djm@
2004-02-10 13:05:40 +11:00
9df3defdbb
- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
...
defines.h] Bug #14 : Use do_pwchange to support password expiry and force
change for platforms using /etc/shadow. ok djm@
2004-02-10 13:01:14 +11:00
e3dba82dd4
- (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
...
openbsd-compat/port-aix.h] Bug #14 : Use do_pwchange to support AIX's
native password expiry.
2004-02-10 12:50:19 +11:00
693f8a8aae
- (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5.
...
ok djm@, markus@
2004-02-07 12:29:39 +11:00
fc57f71fb1
- dtucker@cvs.openbsd.org 2004/02/06 23:41:13
...
[cipher-ctr.c]
Use EVP_CIPHER_CTX_key_length for key length. ok markus@
(This will fix builds with OpenSSL 0.9.5)
2004-02-07 10:41:48 +11:00
074593538a
- (dtucker) [configure.ac includes.h] Include <sys/stream.h> if present,
...
required on Solaris 2.5.1 for queue_t, which is used by <sys/ptms.h>.
2004-02-06 21:29:41 +11:00
7f73a4955d
- markus@cvs.openbsd.org 2004/02/05 15:33:33
...
[progressmeter.c]
fix ETA for > 4GB; bugzilla #791 ; ok henning@ deraadt@
2004-02-06 16:41:37 +11:00
a8be9e23d2
- dtucker@cvs.openbsd.org 2004/02/05 05:37:17
...
[monitor.c sshd.c]
Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
2004-02-06 16:40:27 +11:00
23bc8d0bff
- markus@cvs.openbsd.org 2004/01/30 09:48:57
...
[auth-passwd.c auth.h pathnames.h session.c]
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).
In -Portable, this is currently only platforms using bsdauth.
2004-02-06 16:24:31 +11:00
819d4526ca
Add bug no.
2004-02-06 16:18:47 +11:00
e45674ae80
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
...
previous authdb setting after auth calls. Fixes problems with setpcred
failing on accounts that use AFS or NIS password registries.
2004-02-06 16:17:51 +11:00
ecc9d46dc5
- (dtucker) [sshd.c] Bug #757 : Clear child's environment to prevent
...
accidentally inheriting from root's environment. ok djm@
2004-02-06 16:04:08 +11:00
f58fb7e727
- (dtucker) [configure.ac] Bug #748 : Always define BROKEN_GETADDRINFO
...
for HP-UX 11.11. If there are known-good configs where this is not
required, please report them. ok djm@
2004-02-06 15:59:06 +11:00
ef3a4a208c
- (dtucker) [session.c] Bug #789 : Do not call do_pam_setcred as a non-root
...
user, since some modules might fail due to lack of privilege. ok djm@
2004-02-06 15:30:50 +11:00
6977fe742b
- (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with
...
OpenSSL >= 0.9.7. ok djm@
2004-02-06 15:26:10 +11:00
9976246dfd
- (dtucker) [acss.c acss.h] Fix $Id tags.
2004-02-06 15:22:43 +11:00
2df334380b
- (dtucker) [configure.ac openbsd-compat/bsd-cray.c openbsd-compat/bsd-cray.h]
...
Bug #775 : Cray fixes from wendy at cray.com
2004-01-30 14:34:21 +11:00
dcc736b7de
- (dtucker) [configure.ac] Add --without-zlib-version-check. Feedback from
...
tim@, ok several
2004-01-30 14:20:59 +11:00
46662bfc21
- djm@cvs.openbsd.org 2004/01/13 09:49:06
...
[sftp-batch.sh]
don't delete thyself when running without obj/ ; ok markus@
2004-01-30 13:02:55 +11:00
633f3e0dd0
- jmc@cvs.openbsd.org 2003/11/07 10:16:44
...
[ssh-com.sh]
adress -> address, and a few more; all from Jonathon Gray;
2004-01-30 13:00:29 +11:00
22991ba2e2
- dtucker@cvs.openbsd.org 2003/10/11 11:49:49
...
[Makefile banner.sh]
Test missing banner file, suppression of banner with ssh -q, check return
code from ssh. ok markus@
2004-01-30 12:58:51 +11:00
77970695de
- (dtucker) [moduli] Import new moduli file from OpenBSD.
2004-01-28 15:44:04 +11:00
4f9f6794c5
- (dtucker) [regress/README.regress] Add tcpwrappers issue, noted by tim@
2004-01-28 12:26:14 +11:00
ec69203e45
- djm@cvs.openbsd.org 2004/01/27 10:08:10
...
[sftp.c]
reorder parsing so user:skey@host:file works (bugzilla #777 )
patch from admorten AT umich.edu; ok markus@
2004-01-27 21:22:00 +11:00
f6723f08e0
- djm@cvs.openbsd.org 2004/01/25 03:49:09
...
[sshconnect.c]
reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785 )
from jclonguet AT free.fr; ok millert@
2004-01-27 21:21:27 +11:00
b2d1c2b3b8
- hshoexer@cvs.openbsd.org 2004/01/23 19:26:33
...
[cipher.c]
rename acss@opebsd.org to acss@openssh.org
ok deraadt@
2004-01-27 21:20:59 +11:00
b21be84471
- mouring@cvs.openbsd.org 2004/01/23 17:57:48
...
[sftp-int.c]
Fix issue pointed out with ls not handling large directories
with embeded paths correctly. OK damien@
2004-01-27 21:20:11 +11:00
4f0fe684da
- (djm) OpenBSD CVS Sync
...
- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
[cipher.c]
enable acss for ssh
ok deraadt@ markus@
- (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
if libcrypto lacks it
2004-01-27 21:19:21 +11:00
01326ebada
[defines.h openbsd-compat/getrrsetbyname.h] Move defines for HFIXEDSZ
...
and T_SIG to getrrsetbyname.h
2004-01-26 21:40:35 -08:00
2597bfd1fb
[configure.ac includes.h] add <sys/ptms.h> for grantpt() and friends.
2004-01-26 19:03:39 -08:00
ba1c2b82c4
[defines.h] Add defines for HFIXEDSZ and T_SIG
2004-01-26 16:02:17 -08:00
eafd8e9c55
20040126
...
[regress/test-exec.sh] RhostsAuthentication is deprecated.
2004-01-26 14:10:10 -08:00
3084a6198c
Typo in regress/README.regress
2004-01-26 09:37:09 -08:00
6814411b3e
- (djm) Typo in openbsd-compat/bsd-openpty.c; from wendyp AT cray.com
2004-01-24 13:50:39 +11:00
fcb6220da0
[configure.ac] Remove hard coded -L/usr/local/lib and
...
-I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \
CPPFLAGS="-I/usr/local/include" ./configure if needed.
2004-01-23 18:35:16 -08:00
3c78c5ed2f
- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
...
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
include kafs.h unless necessary. From deengert at anl.gov.
For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
2004-01-23 22:03:10 +11:00
6369958301
- (dtucker) [contrib/cygwin/README] Document new ssh-host-config options.
...
Patch from vinschen at redhat.com.
2004-01-23 21:35:44 +11:00
2dcd2393f4
- (dtucker) [configure.ac] Bug #788 : Test for zlib.h presence and for
...
zlib >= 1.1.4. Partly from jbasney at ncsa.uiuc.edu. ok djm@
2004-01-23 17:13:33 +11:00
84938141d4
- (djm) Bug #776 : Update contrib/redhat/openssh.spec to dynamically detect
...
Kerberos location (and thus work with Fedora Core 1);
from jason AT devrandom.org
2004-01-23 16:30:03 +11:00
d352636553
- (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from
...
ralf.hack AT pipex.net; ok dtucker@
2004-01-23 14:16:26 +11:00
c900128e55
[contrib/solaris/buildpkg.sh] Allow for the possibility of
...
/usr/local being a symbolic link. Fixes problem reported by Henry Grebler.
2004-01-22 16:10:03 -08:00
7fe8b72771
- (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
...
just HEIMDAL.
Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available. In that case it will be used too.
2004-01-22 12:48:26 +11:00
1d3ca58705
- (dtucker) [configure.ac] Use krb5-config where available for Kerberos/
...
GSSAPI detection, libs and includes. ok djm@
2004-01-22 12:05:34 +11:00
f4da3bb6ca
- deraadt@cvs.openbsd.org 2004/01/11 21:55:06
...
[sshpty.c]
for pty opening, only use the openpty() path. the other stuff only needs
to be in openssh-p; markus ok
- (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
openpty() replacement
2004-01-21 17:07:16 +11:00
e4f5a82d6e
- djm@cvs.openbsd.org 2004/01/21 03:07:59
...
[sftp.c]
initialise infile in main, rather than statically - from portable
2004-01-21 14:11:05 +11:00
fb1310eded
- markus@cvs.openbsd.org 2004/01/19 21:25:15
...
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
2004-01-21 11:02:50 +11:00
a04ad496f6
- markus@cvs.openbsd.org 2004/01/19 09:24:21
...
[channels.c]
fake consumption for half closed channels since the peer is waiting for
window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
2004-01-21 11:02:09 +11:00
f84fed6f71
- markus@cvs.openbsd.org 2004/01/13 19:45:15
...
[compress.c]
cast for portability; millert@
2004-01-21 11:01:23 +11:00
8f341f8b8b
- markus@cvs.openbsd.org 2004/01/13 19:23:15
...
[compress.c session.c]
-Wall; ok henning
2004-01-21 11:00:46 +11:00
86a396857d
- jmc@cvs.openbsd.org 2004/01/13 12:17:33
...
[sftp.1]
remove unnecessary Ic's;
kill whitespace at EOL;
ok djm@
2004-01-21 11:00:04 +11:00
44f75c14f6
- djm@cvs.openbsd.org 2004/01/13 09:25:05
...
[sftp-int.c sftp.1 sftp.c]
Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754 ) and
enable use of "-b -" to accept batchfile from stdin; ok markus@
2004-01-21 10:58:47 +11:00
a8df9248ce
- (dtucker) [auth-pam.c] Add minor debugging.
2004-01-15 00:15:07 +11:00
7ae0962798
- (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add
...
test for case where cleanup has already run.
2004-01-14 23:07:56 +11:00
749bc95bd8
- (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits
...
unexpectedly. with & ok djm@
2004-01-14 22:14:04 +11:00
1b27c8fbcb
- (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes. No
...
functional changes.
This is in preparation for a change to catch the authentication thread
exitting unexpectedly, to split functional and cosmetic changes.
2004-01-13 22:35:58 +11:00
fd0894adae
- (dtucker) [configure.ac] Remove extra (typo) comma.
2004-01-09 00:19:25 +11:00
0234e8607f
- (dtucker) [auth-pam.c defines.h] Bug #783 : move __unused to defines.h and
...
only define if not already. From des at freebsd.org.
2004-01-08 23:32:04 +11:00
409cb328c1
- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
...
Only enable KerberosGetAFSToken if Heimdal's libkafs is found. with jakob@
2004-01-05 22:36:51 +11:00
e918318f2b
- (dtucker) [contrib/ssh-copy-id] Bug #781 : exit if ssh fails. Patch from
...
cjwatson at debian.org.
2004-01-05 08:16:34 +11:00
0f47c53742
- (djm) OSX/Darwin put the PAM headers in a different place, detect this.
...
Report from jakob@
2004-01-02 18:01:30 +11:00
c8ec16651e
- (djm) Remove useless DNS support configure summary message. from jakob@
2004-01-02 17:53:04 +11:00
7a2ea78cc4
- (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from
...
jakob@
2004-01-02 17:52:10 +11:00
2a6b029f99
- (dtucker) [configure.ac] Only test setresuid and setresgid if they exist.
2003-12-31 14:59:17 +11:00
ea2870619d
- dtucker@cvs.openbsd.org 2003/12/31 00:24:50
...
[auth2-passwd.c]
Ignore password change request during password auth (which we currently
don't support) and discard proposed new password. corrections/ok markus@
2003-12-31 11:43:24 +11:00
0b3b97512f
- millert@cvs.openbsd.org 2003/12/29 16:39:50
...
[sshd_config]
KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
2003-12-31 11:38:32 +11:00
22ef508754
- jakob@cvs.openbsd.org 2003/12/23 16:12:10
...
[servconf.c servconf.h session.c sshd_config]
implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-31 11:37:34 +11:00
a32e19c637
- markus@cvs.openbsd.org 2003/12/22 20:29:55
...
[cipher-3des1.c]
EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr
2003-12-31 11:36:00 +11:00
06930c70ad
- djm@cvs.openbsd.org 2003/12/22 09:16:58
...
[moduli.c ssh-keygen.1 ssh-keygen.c]
tidy up moduli generation debugging, add -v (verbose/debug) option to
ssh-keygen; ok markus@
2003-12-31 11:34:51 +11:00
3715be3cd3
- (dtucker) [defines.h] Bug #458 : Define SIZE_T_MAX as UINT_MAX if we
...
typedef size_t ourselves.
2003-12-19 10:58:43 +11:00
07705c788e
- (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
...
authentication. Partially fixes bug #423 . Feedback & ok djm@
Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
authentication thread and once from the main shell child, so we cache the
result, which must be passed from the authentication thread back to the
monitor.
2003-12-18 15:34:31 +11:00
454da0b3dc
- (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban.
2003-12-18 12:52:19 +11:00
563eb99711
- (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are
...
using a real 'signal()' (Noticed by a NeXT Compile)
2003-12-18 00:34:06 +00:00
e937be36c3
- (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645 : Check for
...
setres[ug]id() present but not implemented (eg some Linux/glibc
combinations).
2003-12-17 18:53:26 +11:00
8975ddf11b
- markus@cvs.openbsd.org 2003/12/16 15:51:54
...
[dh.c]
use <= instead of < in dh_estimate; ok provos/hshoexer;
do not return < DH_GRP_MIN
2003-12-17 16:33:53 +11:00
509b0107f0
- markus@cvs.openbsd.org 2003/12/16 15:49:51
...
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
[ssh.c ssh_config.5]
application layer keep alive (ServerAliveInterval ServerAliveCountMax)
for ssh(1), similar to the sshd(8) option; ok beck@; with help from
jmc and dtucker@
2003-12-17 16:33:10 +11:00
baafb981a4
- markus@cvs.openbsd.org 2003/12/14 12:37:21
...
[ssh_config.5]
we don't support GSS KEX; from Simon Wilkinson
2003-12-17 16:32:23 +11:00
d696551443
- dtucker@cvs.openbsd.org 2003/12/09 23:45:32
...
[clientloop.c]
Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@
2003-12-17 16:31:53 +11:00
12c150e7e0
- markus@cvs.openbsd.org 2003/12/09 21:53:37
...
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
9836cf8d71
- markus@cvs.openbsd.org 2003/12/09 17:30:05
...
[ssh.c]
don't modify argv for ssh -o; similar to sshd.c 1.283
2003-12-17 16:30:06 +11:00
Darren Tucker
Damien Miller
Tim Rice
Ben Lindstrom