Commit Graph

509 Commits

Author SHA1 Message Date
Damien Miller 54e3773ccb - djm@cvs.openbsd.org 2008/02/10 10:54:29
[servconf.c session.c]
     delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
     home, rather than the user who starts sshd (probably root)
2008-02-10 22:48:55 +11:00
Damien Miller d8cb1f184f - djm@cvs.openbsd.org 2008/02/08 23:24:07
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
     [sshd_config.5]
     add sshd_config ChrootDirectory option to chroot(2) users to a directory
     and tweak internal sftp server to work with it (no special files in
     chroot required). ok markus@
2008-02-10 22:40:12 +11:00
Damien Miller dfc24258a7 - markus@cvs.openbsd.org 2008/02/04 21:53:00
[session.c sftp-server.c sftp.h]
     link sftp-server into sshd; feedback and ok djm@
2008-02-10 22:29:40 +11:00
Damien Miller 14b017d6f2 - gilles@cvs.openbsd.org 2007/09/11 15:47:17
[session.c ssh-keygen.c sshlogin.c]
     use strcspn to properly overwrite '\n' in fgets returned buffer
     ok pyr@, ray@, millert@, moritz@, chl@
2007-09-17 16:09:15 +10:00
Damien Miller 6ef50134c2 - djm@cvs.openbsd.org 2007/08/23 02:55:51
[auth-passwd.c auth.c session.c]
     missed include bits from last commit
     NB. RCS ID sync only for portable
2007-09-17 11:54:24 +10:00
Damien Miller 6572db28fd - djm@cvs.openbsd.org 2007/08/23 02:49:43
[auth-passwd.c auth.c session.c]
     unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
     NB. RCS ID sync only for portable
2007-09-17 11:52:59 +10:00
Darren Tucker 9142e1c66d - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
connections too.  Based on a patch from Sandro Wefel, with & ok djm@
2007-08-16 23:28:04 +10:00
Darren Tucker 2d9636471b - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
called with PAM_ESTABLISH_CRED at least once, which resolves a problem
   with pam_dhkeys.  Patch from David Leonard, ok djm@
2007-08-13 23:11:56 +10:00
Tim Rice 99203ec48b 20070326
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-26 09:35:28 -07:00
Darren Tucker 82a3d2bc6f - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
[auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
     spaces
2007-02-19 22:10:25 +11:00
Damien Miller 990b1a80b5 - djm@cvs.openbsd.org 2006/10/09 23:36:11
[session.c]
     xmalloc -> xcalloc that was missed previously, from portable
     (NB. Id sync only for portable, obviously)
2006-10-24 03:01:56 +10:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Damien Miller d5fe0baa73 - djm@cvs.openbsd.org 2006/08/29 10:40:19
[channels.c session.c]
     normalise some inconsistent (but harmless) NULL pointer checks
     spotted by the Stanford SATURN tool, via Isil Dillig;
     ok markus@ deraadt@
2006-08-30 11:07:39 +10:00
Damien Miller 3f8123c804 - markus@cvs.openbsd.org 2006/08/18 09:15:20
[auth.h session.c sshd.c]
     delay authentication related cleanups until we're authenticated and
     all alarms have been cancelled; ok deraadt
2006-08-19 00:32:46 +10:00
Damien Miller 9ab00b44c1 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05
[monitor.c session.c ssh-agent.c]
     spaces
2006-08-05 12:40:11 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00
Damien Miller 8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
2006-08-05 11:02:17 +10:00
Damien Miller ad5ecbf072 - (djm) [session.c]
fix compile error with -Werror -Wall: 'path' is only used in
   do_setup_env() if HAVE_LOGIN_CAP is not defined
2006-07-24 15:03:06 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
2006-07-24 14:13:33 +10:00
Damien Miller 1cdde6f536 - stevesk@cvs.openbsd.org 2006/07/20 15:26:15
[auth1.c serverloop.c session.c sshconnect2.c]
     missed some needed #include <unistd.h> when KERBEROS5=no; issue from
     massimo@cedoc.mo.it
2006-07-24 14:07:35 +10:00
Damien Miller e275443f66 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
     Add ForceCommand keyword to sshd_config, equivalent to the "command="
     key option, man page entry and example in sshd_config.
     Feedback & ok djm@, man page corrections & ok jmc@
2006-07-24 14:06:47 +10:00
Darren Tucker 3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
2006-07-12 22:22:46 +10:00
Darren Tucker e7d4b19f75 - markus@cvs.openbsd.org 2006/07/11 18:50:48
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
     channels.h readconf.c]
     add ExitOnForwardFailure: terminate the connection if ssh(1)
     cannot set up all requested dynamic, local, and remote port
     forwardings. ok djm, dtucker, stevesk, jmc
2006-07-12 22:17:10 +10:00
Damien Miller e33b60343b - stevesk@cvs.openbsd.org 2006/07/08 21:48:53
[monitor.c session.c]
     missed these from last commit:
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:34 +10:00
Damien Miller e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
2006-07-10 21:08:03 +10:00
Damien Miller 9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
2006-07-10 20:53:08 +10:00
Damien Miller 917f9b6b6e - djm@cvs.openbsd.org 2006/07/06 10:47:05
[servconf.c servconf.h session.c sshd_config.5]
     support arguments to Subsystem commands; ok markus@
2006-07-10 20:36:47 +10:00
Damien Miller efc04e70b8 - stevesk@cvs.openbsd.org 2006/07/03 17:59:32
[channels.c includes.h]
     move #include <arpa/inet.h> out of includes.h; old ok djm@
     (portable needed session.c too)
2006-07-10 20:26:27 +10:00
Damien Miller 427a1d57bb - stevesk@cvs.openbsd.org 2006/07/02 22:45:59
[groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
     move #include <grp.h> out of includes.h
     (portable needed uidswap.c too)
2006-07-10 20:20:33 +10:00
Darren Tucker d8093e49bf - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
   in Portable-only code; since calloc zeros, remove now-redundant memsets.
   Also add a couple of sanity checks.  With & ok djm@
2006-05-04 16:24:34 +10:00
Damien Miller 525a0b090f - djm@cvs.openbsd.org 2006/04/20 21:53:44
[includes.h session.c sftp.c]
     Switch from using pipes to socketpairs for communication between
     sftp/scp and ssh, and between sshd and its subprocesses. This saves
     a file descriptor per session and apparently makes userland ppp over
     ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
     decision on a per-platform basis)
2006-04-23 12:10:49 +10:00
Damien Miller 73b42d2bb0 - (djm) [Makefile.in configure.ac session.c sshpty.c]
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
   [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
   [openbsd-compat/port-linux.h] Add support for SELinux, setting
   the execution and TTY contexts. based on patch from Daniel Walsh,
   bz #880; ok dtucker@
2006-04-22 21:26:08 +10:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
2006-03-26 14:24:48 +11:00
Damien Miller 36812092ec - djm@cvs.openbsd.org 2006/03/25 01:13:23
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
     [uidswap.c]
     change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
     to xrealloc(p, new_nmemb, new_itemsize).

     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@
2006-03-26 14:22:47 +11:00
Damien Miller 9096740f6c - deraadt@cvs.openbsd.org 2006/03/20 18:26:55
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
     [ssh-rsa.c ssh.c sshlogin.c]
     annoying spacing fixes getting in the way of real diffs
2006-03-26 14:07:26 +11:00
Damien Miller c91e556d8a - deraadt@cvs.openbsd.org 2006/03/19 18:53:12
[kex.c kex.h monitor.c myproposal.h session.c]
     spacing
2006-03-26 13:58:55 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
2006-03-26 00:03:21 +11:00
Damien Miller 6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c]
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
2006-03-15 14:42:54 +11:00
Damien Miller 1cf76d97f9 - djm@cvs.openbsd.org 2006/02/28 01:10:21
[session.c]
     fix logout recording when privilege separation is disabled, analysis and
     patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
     NB. ID sync only - patch already in portable
2006-03-15 12:01:14 +11:00
Damien Miller 6ff3caddb6 oops, this commit is really:
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
     [clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@

the previous was:

   - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
     [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
     [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
     [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
     [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
     [sshconnect2.c sshd.c sshpty.c]
     move #include <sys/stat.h> out of includes.h; ok markus@
2006-03-15 11:52:09 +11:00
Damien Miller f17883e6a0 - stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@
2006-03-15 11:45:54 +11:00
Damien Miller 574c41fdb3 - stevesk@cvs.openbsd.org 2006/02/20 16:36:15
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
     move #include <sys/un.h> out of includes.h; ok djm@
2006-03-15 11:40:10 +11:00
Damien Miller 9cf6d077fb - stevesk@cvs.openbsd.org 2006/02/10 01:44:27
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
     [sftp.c sshconnect.c sshconnect2.c sshd.c]
     move #include <sys/wait.h> out of includes.h; ok markus@
2006-03-15 11:29:24 +11:00
Damien Miller 03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
2006-03-15 11:16:59 +11:00
Tim Rice 83d2f5fedf - (tim) [session.c] Logout records were not updated on systems with
post auth privsep disabled due to bug 1086 changes. Analysis and patch
   by vinschen at redhat.com. OK tim@, dtucker@.
2006-02-07 15:17:44 -08:00
Damien Miller 7bff1a9b5e - djm@cvs.openbsd.org 2005/12/24 02:27:41
[session.c sshd.c]
     eliminate some code duplicated in privsep and non-privsep paths, and
     explicitly clear SIGALRM handler; "groovy" deraadt@
2005-12-24 14:59:12 +11:00
Darren Tucker 635518705a - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
[ssh_config.5 session.c]
     spelling: fowarding, fowarded
2005-12-20 16:14:15 +11:00
Damien Miller d47c62a714 - markus@cvs.openbsd.org 2005/12/12 13:46:18
[channels.c channels.h session.c]
     make sure protocol messages for internal channels are ignored.
     allow adjust messages for non-open channels; with and ok djm@
2005-12-13 19:33:57 +11:00
Damien Miller 788f212aed - djm@cvs.openbsd.org 2005/10/30 08:52:18
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
     [ssh.c sshconnect.c sshconnect1.c sshd.c]
     no need to escape single quotes in comments, no binary change
2005-11-05 15:14:59 +11:00
Damien Miller 39eda6eb6a - djm@cvs.openbsd.org 2005/10/10 10:23:08
[channels.c channels.h clientloop.c serverloop.c session.c]
     fix regression I introduced in 4.2: X11 forwardings initiated after
     a session has exited (e.g. "(sleep 5; xterm) &") would not start.
     bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
2005-11-05 14:52:50 +11:00
Darren Tucker 42308a4374 - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
enabled, instead allow PAM to handle it.  Note that on platforms using PAM,
   the pam_nologin module should be added to sshd's session stack in order to
   maintain exising behaviour.  Based on patch and discussion from t8m at
   centrum.cz, ok djm@
2005-10-30 15:31:55 +11:00
Tim Rice 66fd217e8e - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
   libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
   Feedback and OK dtucker@
2005-08-31 09:59:49 -07:00
Tim Rice 2291c00ab2 - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
   openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
   openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
   on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
   by tim@. Feedback and OK dtucker@
2005-08-26 13:15:19 -07:00
Damien Miller 9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
2005-07-26 21:54:56 +10:00
Damien Miller 0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
Damien Miller 2b9b045d93 - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
- djm@cvs.openbsd.org 2005/07/17 06:49:04
     [channels.c channels.h session.c session.h]
     Fix a number of X11 forwarding channel leaks:
     1. Refuse multiple X11 forwarding requests on the same session
     2. Clean up all listeners after a single_connection X11 forward, not just
        the one that made the single connection
     3. Destroy X11 listeners when the session owning them goes away
     testing and ok dtucker@
2005-07-17 17:19:24 +10:00
Damien Miller 46d38de48b - djm@cvs.openbsd.org 2005/07/16 01:35:24
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
     [sshconnect.c]
     spacing
2005-07-17 17:02:09 +10:00
Damien Miller eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
2005-06-17 12:59:34 +10:00
Damien Miller 7dff869dd9 tiny KNF nit 2005-05-26 11:34:51 +10:00
Darren Tucker 48554152b9 - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
UseLogin is set as PAM is not used to establish credentials in that
   case.  Found by Michael Selvesteen, ok djm@
2005-04-21 19:50:55 +10:00
Darren Tucker 2b59a6dad6 - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
events earlier, prevents mm_request_send errors reported by Matt Goebel.
2005-03-06 22:38:51 +11:00
Darren Tucker c97b01af62 - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
authentication early enough to be available to PAM session modules when
   privsep=yes.  Patch from deengert at anl.gov, ok'ed in principle by Sam
   Hartman and similar to Debian's ssh-krb5 package.
2005-02-16 16:47:37 +11:00
Darren Tucker 33370e0287 - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
the username to be passed to the passwd command when changing expired
   passwords.  ok djm@
2005-02-09 22:17:28 +11:00
Darren Tucker 2e0cf0dca2 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker 269a1ea1c8 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
   (first stage) Add audit instrumentation to sshd, currently disabled by
   default.  with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker 9dc6c7dbec - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process.  Since we also unset KRB5CCNAME at startup, if it's set after
   authentication it must have been set by the platform's native auth system.
   This was already done for AIX; this enables it for the general case.
2005-02-02 18:30:33 +11:00
Darren Tucker 172a5e8cb8 - markus@cvs.openbsd.org 2004/12/23 17:35:48
[session.c]
     check for NULL; from mpech
2005-01-20 10:55:46 +11:00
Darren Tucker a2a3ed0010 - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ 2004-09-11 23:09:53 +10:00
Darren Tucker 69687f4b65 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
failing PAM session modules to user then exit, similar to the way
   /etc/nologin is handled.  ok djm@
2004-09-11 22:17:26 +10:00
Darren Tucker 14c372d49d - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
copy required environment variables on Cygwin.  Patch from vinschen at
   redhat.com, ok djm@
2004-08-30 20:42:08 +10:00
Darren Tucker 5cb30ad2ec - markus@cvs.openbsd.org 2004/07/28 09:40:29
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
     sshconnect1.c]
     more s/illegal/invalid/
2004-08-12 22:40:24 +10:00
Darren Tucker 0999174755 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
     Move "Last logged in at.." message generation to the monitor, right
     before recording the new login.  Fixes missing lastlog message when
     /var/log/lastlog is not world-readable and incorrect datestamp when
     multiple sessions are used (bz #463);  much assistance & ok markus@
2004-07-17 17:05:14 +10:00
Darren Tucker fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker 0a44d1ecf3 - (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
Ensures messages from PAM modules are displayed when privsep=no.

Note: I did not want to just move display_loginmsg since that would change
existing behaviour (order of expiry warnings, "Last Login", motd) to less
like the native tools.
2004-07-01 09:48:29 +10:00
Damien Miller a6b1d169e6 - djm@cvs.openbsd.org 2004/06/30 08:36:59
[session.c]
     unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
2004-06-30 22:41:07 +10:00
Darren Tucker 723e945b55 - djm@cvs.openbsd.org 2004/06/21 17:53:03
[session.c]
     fix fd leak for multiple subsystem connections; with markus@
2004-06-22 12:57:08 +10:00
Darren Tucker 1f8311c836 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
     packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
     improve some code lint did not like; djm millert ok
2004-05-13 16:39:33 +10:00
Darren Tucker e14e005f41 - djm@cvs.openbsd.org 2004/05/09 01:19:28
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
     sshd.c] removed: mpaux.c mpaux.h
     kill some more tiny files; ok deraadt@
2004-05-13 16:30:44 +10:00
Darren Tucker 46bc075474 - djm@cvs.openbsd.org 2004/04/27 09:46:37
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
     ssh_config.5 sshd_config.5]
     bz #815: implement ability to pass specified environment variables from
     the client to the server; ok markus@
2004-05-02 22:11:30 +10:00
Damien Miller 9c870f966a - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache
file using FILE: method, fixes problems on Mac OSX.
   Patch from simon@sxw.org.uk; ok dtucker@
2004-04-16 22:47:55 +10:00
Darren Tucker ac7c998a2d - (dtucker) [session.c] Flush stdout after displaying loginmsg. From
f_mohr at yahoo.de.
2004-04-07 08:04:09 +10:00
Darren Tucker b385059346 - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent
duplicate login messages for mutli-session logins.  ok djm@
2004-03-27 16:44:21 +11:00
Darren Tucker 1825f26d21 - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the
non-interactive path.  ok djm@
2004-02-24 00:01:27 +11:00
Darren Tucker 1921ed9f96 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
change expired PAM passwords for SSHv1 connections without privsep.
   pam_chauthtok is still used when privsep is disabled.  ok djm@
2004-02-10 13:23:28 +11:00
Darren Tucker 23bc8d0bff - markus@cvs.openbsd.org 2004/01/30 09:48:57
[auth-passwd.c auth.h pathnames.h session.c]
     support for password change; ok dtucker@
     (set password-dead=1w in login.conf to use this).
     In -Portable, this is currently only platforms using bsdauth.
2004-02-06 16:24:31 +11:00
Darren Tucker ef3a4a208c - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root
user, since some modules might fail due to lack of privilege.  ok djm@
2004-02-06 15:30:50 +11:00
Darren Tucker 3c78c5ed2f - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
   include kafs.h unless necessary.  From deengert at anl.gov.

For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
2004-01-23 22:03:10 +11:00
Damien Miller d352636553 - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from
ralf.hack AT pipex.net; ok dtucker@
2004-01-23 14:16:26 +11:00
Darren Tucker 7fe8b72771 - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
just HEIMDAL.

Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available.  In that case it will be used too.
2004-01-22 12:48:26 +11:00
Damien Miller 8f341f8b8b - markus@cvs.openbsd.org 2004/01/13 19:23:15
[compress.c session.c]
     -Wall; ok henning
2004-01-21 11:00:46 +11:00
Darren Tucker 409cb328c1 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
2004-01-05 22:36:51 +11:00
Darren Tucker 22ef508754 - jakob@cvs.openbsd.org 2003/12/23 16:12:10
[servconf.c servconf.h session.c sshd_config]
     implement KerberosGetAFSToken server option. ok markus@, beck@
2003-12-31 11:37:34 +11:00
Darren Tucker 3175eb9a5a - markus@cvs.openbsd.org 2003/12/02 17:01:15
[channels.c session.c ssh-agent.c ssh.h sshd.c]
     use SSH_LISTEN_BACKLOG (=128) in listen(2).
2003-12-09 19:15:11 +11:00
Damien Miller ce34674a9f sync whitespace - no code change 2003-11-22 14:41:58 +11:00
Damien Miller 787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller c756e9b56e - (djm) Export environment variables from authentication subprocess to
parent. Part of Bug #717
2003-11-17 21:41:42 +11:00
Damien Miller 3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
2003-11-17 21:13:40 +11:00
Darren Tucker 072a7b178c - markus@cvs.openbsd.org 2003/10/14 19:54:39
[session.c ssh-agent.c]
     10X for mkdtemp; djm@
2003-10-15 16:10:25 +10:00
Darren Tucker 8846a07639 - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
cleanup functions.  With & ok djm@
2003-10-07 11:30:15 +10:00
Darren Tucker f391ba6730 - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations.
Based on patches by Matthias Koeppe and Thomas Baden.  ok djm@
2003-10-02 20:07:09 +10:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Darren Tucker fb16b2411e - markus@cvs.openbsd.org 2003/09/18 08:49:45
[deattack.c misc.c session.c ssh-agent.c]
     more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
     ok millert@
2003-09-22 21:04:23 +10:00
Darren Tucker c11b1e8420 - (dtucker) [session.c] Bug #643: Fix size_t -> u_int and fix null deref
when /etc/default/login doesn't exist or isn't readable.  Fixes from
   jparsons-lists at saffron.net and georg.oppenberg at deu mci com.
2003-09-19 20:56:51 +10:00
Darren Tucker e1a790d0d1 - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve
PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it
   (eg Solaris, Reliant Unix).  Patch from Robert.Dahlem at siemens.com.  ok djm@
2003-09-16 11:52:19 +10:00
Damien Miller 341c6e687c - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session
management (now done in do_setusercontext). Largely from
   michael_steffens AT hp.com
2003-09-02 23:18:52 +10:00
Damien Miller 324948b320 - markus@cvs.openbsd.org 2003/08/31 13:29:05
[session.c]
     call ssh_gssapi_storecreds conditionally from do_exec();
     with sxw@inf.ed.ac.uk
2003-09-02 22:55:45 +10:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Darren Tucker 49aaf4ad52 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-26 11:58:16 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
Damien Miller 1f499fd368 - (djm) Bug #564: Perform PAM account checks for all authentications when
UsePAM=yes; ok dtucker
2003-08-25 13:08:49 +10:00
Darren Tucker 3bdbd848ea - markus@cvs.openbsd.org 2003/08/13 08:33:02
[session.c]
     use more portable tcsendbreak(3) and ignore break_length;
     ok deraadt, millert
2003-08-13 20:31:05 +10:00
Darren Tucker d85efee437 - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge. 2003-08-13 20:28:14 +10:00
Darren Tucker 80649c5fa6 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin
specific defines and includes to bsd-cygwin_util.h.  Fixes build error too.
2003-08-07 16:28:16 +10:00
Darren Tucker b9d3f41ceb - (dtucker) [session.c] Have session_break_req not attempt to send a break
if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin).
2003-08-07 13:24:24 +10:00
Darren Tucker 6aaa58c470 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
2003-08-02 22:24:49 +10:00
Darren Tucker b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Darren Tucker 793e817d49 - (dtucker) Check return value of setpcred(). 2003-07-08 21:01:04 +10:00
Darren Tucker a0c0b63112 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
Include AIX headers for authentication functions and make calls match
   prototypes.  Test for and handle 3-args and 4-arg variants of loginfailed.
2003-07-08 20:52:12 +10:00
Damien Miller 3a961dc0d3 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
Damien Miller 54c459866e - markus@cvs.openbsd.org 2003/05/14 22:24:42
[clientloop.c session.c ssh.1]
     allow to send a BREAK to the remote system; ok various
2003-05-15 10:20:13 +10:00
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
2003-05-14 15:11:48 +10:00
Damien Miller b1ca8bb159 - markus@cvs.openbsd.org 2003/05/11 20:30:25
[channels.c clientloop.c serverloop.c session.c ssh.c]
     make channel_new() strdup the 'remote_name' (not the caller); ok theo
2003-05-14 13:45:42 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Ben Lindstrom c8c548d248 - (bal) Disable Privsep for Tru64 after pre-authentication due to issues
with SIA.  Also, clean up of tru64 support patch by Chris Adams
   <cmadams@hiwaay.net>
2003-03-21 01:18:09 +00:00
Damien Miller 0011138d47 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/05 22:33:43
     [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
     [sftp-server.c ssh-add.c sshconnect2.c]
     fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-03-10 11:21:17 +11:00
Damien Miller 1a3ccb07c5 - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me;
From vinschen@redhat.com
2003-02-24 13:04:01 +11:00
Damien Miller 97f39ae810 - markus@cvs.openbsd.org 2003/02/06 09:26:23
[session.c]
     missing call to setproctitle() after authentication; ok provos@
2003-02-24 11:57:01 +11:00
Damien Miller a8ed44b79e - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
systems may be added later.
2003-01-10 09:53:12 +11:00
Damien Miller f25c18d7e8 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
2003-01-07 17:38:58 +11:00
Damien Miller dfedbf8e5a - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from
mii@ornl.gov
2003-01-03 14:52:53 +11:00
Kevin Steves 678ee51ff3 - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable
parts of pass addrlen with sockaddr * fix.
    from Hajimu UMEMOTO <ume@FreeBSD.org>
2003-01-01 23:43:55 +00:00
Ben Lindstrom 46767607e2 - markus@cvs.openbsd.org 2002/12/10 08:56:00
[session.c]
     Make sure $SHELL points to the shell from the password file, even if shell
     is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
2002-12-23 02:26:08 +00:00
Ben Lindstrom 611797ed15 - stevesk@cvs.openbsd.org 2002/12/04 04:36:47
[session.c]
     remove xauth entries before add; PR 2994 from janjaap@stack.nl.
     ok markus@
2002-12-23 02:15:57 +00:00
Tim Rice 81ed518b9b Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
Ben Lindstrom 164725f40e l) Fix issue where successfull login does not clear failure counts
in AIX.  Patch by dtucker@zip.com.au ok by djm
2002-09-25 23:14:14 +00:00
Damien Miller a6eb2b7f8e - stevesk@cvs.openbsd.org 2002/09/16 19:55:33
[session.c]
     log when _PATH_NOLOGIN exists; ok markus@
2002-09-19 11:50:48 +10:00
Damien Miller f37e246f85 - stevesk@cvs.openbsd.org 2002/09/12 19:50:36
[session.c ssh.1]
     add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@
2002-09-19 11:47:55 +10:00
Damien Miller e9994cb4d7 - (djm) Bug #365: Read /.ssh/environment properly under CygWin.
Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
2002-09-10 21:43:53 +10:00
Damien Miller ebc2306629 - stevesk@cvs.openbsd.org 2002/08/29 15:57:25
[monitor.c session.c sshlogin.c sshlogin.h]
     pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
     NOTE: there are also p-specific parts to this patch. ok markus@
2002-09-04 16:45:09 +10:00
Damien Miller 5a80bba86f - markus@cvs.openbsd.org 2002/08/22 21:45:41
[session.c]
     send signal name (not signal number) in "exit-signal" message; noticed
     by galb@vandyke.com
2002-09-04 16:39:02 +10:00
Ben Lindstrom 5d860f02ca - markus@cvs.openbsd.org 2002/07/30 17:03:55
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
     add PermitUserEnvironment (off by default!); from dot@dotat.at;
     ok provos, deraadt
2002-08-01 01:28:38 +00:00
Ben Lindstrom b9051ec9a4 - markus@cvs.openbsd.org 2002/07/22 11:03:06
[session.c]
     fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
2002-07-23 21:11:09 +00:00
Ben Lindstrom 264ee307a8 - markus@cvs.openbsd.org 2002/07/19 15:43:33
[log.c log.h session.c sshd.c]
     remove fatal cleanups after fork; based on discussions with and code
     from solar.
2002-07-23 21:01:56 +00:00
Kevin Steves 38b050a0f5 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
freed by the caller; add free_pam_environment() and use it.
2002-07-23 00:44:07 +00:00
Ben Lindstrom 938b828566 - (bal) Remove unused tty defined in do_setusercontext() pointed out by
dtucker@zip.com.au plus a a more KNF since I am near it.
2002-07-15 17:58:34 +00:00
Ben Lindstrom 51b2488aad - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess. 2002-07-04 03:08:40 +00:00
Ben Lindstrom 5a9d0eaba6 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
[auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
2002-07-04 00:12:53 +00:00
Damien Miller 990070a8c5 - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
[session.c]
     disclose less information from environment files; based on input
     from djm, and dschultz@uclink.Berkeley.EDU
2002-06-26 23:51:06 +10:00
Damien Miller a0796cad4a - markus@cvs.openbsd.org 2002/06/26 08:58:26
[session.c]
     limit # of env vars to 1000; ok deraadt/djm
2002-06-26 19:15:07 +10:00
Damien Miller f18cd162d3 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ 2002-06-26 19:12:59 +10:00
Ben Lindstrom b129be657c 20020626
- (bal) moved aix_usrinfo() and noted not setting real TTY.  Patch by
   dtucker@zip.com.au
2002-06-25 17:12:26 +00:00
Ben Lindstrom a9d2c89fc5 - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
[channels.c channels.h session.c session.h]
     display, screen, row, col, xpixel, ypixel are u_int; markus ok
  - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
    xpixel are u_int.
2002-06-23 21:48:28 +00:00
Ben Lindstrom e23f4a3d28 - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
[session.c]
     compression_level is u_int
2002-06-23 21:40:16 +00:00
Ben Lindstrom 23e0f667f8 - markus@cvs.openbsd.org 2002/06/20 23:05:56
[servconf.c servconf.h session.c sshd.c]
     allow Compression=yes/no in sshd_config
2002-06-21 01:09:47 +00:00
Ben Lindstrom f0bfa839bd - (bal) Fixed AIX environment handling, use setpcred() instead of existing
code.  (Bugzilla Bug 261)
2002-06-21 00:01:18 +00:00
Ben Lindstrom ce0f634270 - mpech@cvs.openbsd.org 2002/06/11 05:46:20
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
     pid_t cleanup. Markus need this now to keep hacking.
     markus@, millert@ ok
2002-06-11 16:42:49 +00:00
Ben Lindstrom 8bb6f36c8f - markus@cvs.openbsd.org 2002/06/10 22:28:41
[channels.c channels.h session.c]
     move creation of agent socket to session.c; no need for uidswapping
     in channel.c.
2002-06-11 15:59:02 +00:00
Ben Lindstrom 5a6abdae0f unexpand 2002-06-09 19:41:48 +00:00
Ben Lindstrom 378a417389 - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by
Bertrand.Velle@apogee-com.fr
2002-06-07 14:49:56 +00:00
Ben Lindstrom fac7769f64 - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
[session.c ssh.c]
     don't limit xauth pathlen on client side and longer print length on
     server when debug; ok markus@
2002-06-06 19:49:54 +00:00
Damien Miller a18bbd398e - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
the superuser receives.
2002-05-13 10:48:57 +10:00
Kevin Steves 5feaaefaf2 - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX 2002-04-23 20:45:55 +00:00
Ben Lindstrom c447fee9f1 - markus@cvs.openbsd.org 2002/03/29 18:59:32
[session.c session.h]
     retrieve last login time before the pty is allocated, store per session
2002-04-02 20:35:35 +00:00
Ben Lindstrom 2bf56e2dba - markus@cvs.openbsd.org 2002/03/28 15:34:51
[session.c]
     do not call record_login twice (for use_privsep)
2002-04-02 20:32:46 +00:00
Kevin Steves b4799a31a5 - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
it can be removed. only used on solaris. will no longer compile with
   privsep shuffling.
2002-03-24 23:19:54 +00:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom 08105192fd - markus@cvs.openbsd.org 2002/03/19 10:35:39
[auth-options.c auth.h session.c session.h sshd.c]
     clean up prototypes
2002-03-22 02:50:06 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
2002-03-22 02:30:41 +00:00
Ben Lindstrom b481e1323e - provos@cvs.openbsd.org 2002/03/18 03:41:08
[auth.c session.c]
     move auth_approval into getpwnamallow with help from millert@
2002-03-22 01:35:47 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch
revert
2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Ben Lindstrom c004135b72 - (bal) Last AIX patch. Moved aix_usrinfo() outside of do_setuserconext()
since we need more session information than provided by that function.
2002-02-25 15:48:02 +00:00
Tim Rice e06ae4a4bc [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
patch by wknox@mitre.org (William Knox).
[sshlogin.h] declare record_utmp_only for session.c
2002-02-24 17:56:46 -08:00
Ben Lindstrom 839ac4f8aa - (bal) Part two.. Drop unused AIX header, fix up missing char *cp. All
that is left is handling aix_usrinfo().
2002-02-24 20:42:46 +00:00
Ben Lindstrom 3107efc12a - (bal) Minor session.c for cygwin. mispelt 'is_winnt' variable. 2002-02-21 15:37:02 +00:00
Ben Lindstrom e37f63ffa0 - markus@cvs.openbsd.org 2002/02/16 00:51:44
[session.c]
     typo
 - (bal) CVS ID sync since the last two patches were merged mistakenly
2002-02-19 21:58:19 +00:00
Ben Lindstrom 4e97e85c03 - (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/02/15 23:11:26
     [session.c]
     split do_child(), ok mouring@

Compiles under Redhat 7.2.. I cannot give any promises.. but I spent a
good hour and half ensure all the right bits are in the right spots.. and
it does seem to help out quite a bit for readiblity.
2002-02-19 21:50:43 +00:00
Ben Lindstrom a9c039cf04 - (bal) Migrated AIX getuserattr and usrinfo code to
openbsd-compat/port-aix.[c] to improve readilbity of do_child() and
   simplify our diffs against upstream source.
2002-02-19 20:27:55 +00:00
Ben Lindstrom f095a85882 - (bal) Migrate IRIX jobs/projects/audit/etc code to
openbsd-compat/port-irix.[ch] to improve readiblity of do_child()
2002-02-19 20:02:48 +00:00
Damien Miller 19a5945105 - markus@cvs.openbsd.org 2002/02/14 23:28:00
[channels.h session.c ssh.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
2002-02-19 15:20:57 +11:00
Damien Miller 05eda437a6 - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
2002-02-10 18:32:28 +11:00
Damien Miller f3dcf1fc88 - markus@cvs.openbsd.org 2002/02/06 14:37:22
[session.c]
     minor KNF
2002-02-08 22:06:48 +11:00
Damien Miller f3451a2181 - (djm) Cleanup after sync:
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2002-02-05 12:40:46 +11:00
Damien Miller c7ef63dd41 - markus@cvs.openbsd.org 2002/02/03 17:53:25
[auth1.c serverloop.c session.c session.h]
     don't use channel_input_channel_request and callback
     use new server_input_channel_req() instead:
     	server_input_channel_req does generic request parsing on server side
     	session_input_channel_req handles just session specific things now
     ok djm@
2002-02-05 12:21:42 +11:00
Damien Miller 5fab4b9b1d - markus@cvs.openbsd.org 2002/01/29 22:46:41
[session.c]
     don't depend on servconf.c; ok djm@
2002-02-05 12:15:07 +11:00
Damien Miller baa0870852 - stevesk@cvs.openbsd.org 2002/01/29 16:29:02
[session.c]
     limit subsystem length in log; ok markus@
2002-02-05 12:14:10 +11:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller 95c249ff47 - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
2002-02-05 12:11:34 +11:00
Damien Miller 512bccbb5a - stevesk@cvs.openbsd.org 2002/01/26 16:44:22
[includes.h session.c]
     revert code to add x11 localhost display authorization entry for
     hostname/unix:d and uts.nodename/unix:d if nodename was different than
     hostname.  just add entry for unix:d instead.  ok markus@
2002-02-05 12:11:02 +11:00
Damien Miller dff5099f13 - markus@cvs.openbsd.org 2001/12/28 14:50:54
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
Damien Miller 48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller 66823cddbe - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:38 +11:00
Damien Miller bb9ffc18ca - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
fixed env var size limit in the process. Report from Corinna Vinschen
   <vinschen@redhat.com>
2002-01-08 10:59:32 +11:00
Damien Miller e737856350 - markus@cvs.openbsd.org 2001/12/20 16:37:29
[channels.c channels.h session.c]
     setup x11 listen socket for just one connect if the client requests so.
     (v2 only, but the openssh client does not support this feature).
2001-12-21 14:58:35 +11:00
Damien Miller 8db9a84310 Sync RCSIDs from Kevin's already committed patch 2001-12-21 14:51:28 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00