Commit Graph

287 Commits

Author SHA1 Message Date
Damien Miller 942da039d2 - (djm) OpenBSD CVS changes:
- markus@cvs.openbsd.org  2000/07/22 03:14:37
     [servconf.c servconf.h sshd.8 sshd.c sshd_config]
     random early drop; ok theo, niels
   - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
     [ssh.1]
     typo
   - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
     [sshd.8]
     many fixes from pepper@mail.reppep.com
   - provos@cvs.openbsd.org  2000/08/01 13:01:42
     [Makefile.in util.c aux.c]
     rename aux.c to util.c to help with cygwin port
   - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
     [authfd.c]
     correct sun_len; Alexander@Leidinger.net
   - provos@cvs.openbsd.org  2000/08/02 10:27:17
     [readconf.c sshd.8]
     disable kerberos authentication by default
   - provos@cvs.openbsd.org  2000/08/02 11:27:05
     [sshd.8 readconf.c auth-krb4.c]
     disallow kerberos authentication if we can't verify the TGT; from
     dugsong@
     kerberos authentication is on by default only if you have a srvtab.
   - markus@cvs.openbsd.org  2000/08/04 14:30:07
     [auth.c]
     unused
   - markus@cvs.openbsd.org  2000/08/04 14:30:35
     [sshd_config]
     MaxStartups
   - markus@cvs.openbsd.org  2000/08/15 13:20:46
     [authfd.c]
     cleanup; ok niels@
   - markus@cvs.openbsd.org  2000/08/17 14:05:10
     [session.c]
     cleanup login(1)-like jobs, no duplicate utmp entries
   - markus@cvs.openbsd.org  2000/08/17 14:06:34
     [session.c sshd.8 sshd.c]
      sshd -u len, similar to telnetd
2000-08-18 13:59:06 +10:00
Damien Miller 994cf1426d - (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org  2000/07/16 02:27:22
     [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c]
     make ssh-add accept dsa keys (the agent does not)
   - djm@cvs.openbsd.org     2000/07/17 19:25:02
     [sshd.c]
     Another closing of stdin; ok deraadt
   - markus@cvs.openbsd.org  2000/07/19 18:33:12
     [dsa.c]
     missing free, reorder
   - markus@cvs.openbsd.org  2000/07/20 16:23:14
     [ssh-keygen.1]
     document input and output files
2000-07-21 10:19:44 +10:00
Damien Miller 182ee6e6d9 - (djm) OpenBSD CVS Updates:
- deraadt@cvs.openbsd.org 2000/07/11 02:11:34
     [session.c sshd.c ]
     make MaxStartups code still work with -d; djm
   - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
     [readconf.c ssh_config]
     disable FallBackToRsh by default
2000-07-12 09:45:27 +10:00
Damien Miller 4d97ba2257 - (djm) Fix problem with debug mode and MaxStartups 2000-07-11 18:15:50 +10:00
Damien Miller 3702396526 - (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org  2000/06/26 03:22:29
     [authfd.c]
     cleanup, less cut&paste
   - markus@cvs.openbsd.org  2000/06/26 15:59:19
     [servconf.c servconf.h session.c sshd.8 sshd.c]
     MaxStartups: limit number of unauthenticated connections, work by
     theo and me
   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
     [session.c]
     use no_x11_forwarding_flag correctly; provos ok
   - provos@cvs.openbsd.org  2000/07/05 15:35:57
     [sshd.c]
     typo
   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
     Insert more missing .El directives. Our troff really should identify
     these and spit out a warning.
   - todd@cvs.openbsd.org    2000/07/06 21:55:04
     [auth-rsa.c auth2.c ssh-keygen.c]
     clean code is good code
   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
     [serverloop.c]
     sense of port forwarding flag test was backwards
   - provos@cvs.openbsd.org  2000/07/08 17:17:31
     [compat.c readconf.c]
     replace strtok with strsep; from David Young <dyoung@onthejob.net>
   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
     [auth.h]
     KNF
   - ho@cvs.openbsd.org      2000/07/08 19:27:33
     [compat.c readconf.c]
     Better conditions for strsep() ending.
   - ho@cvs.openbsd.org      2000/07/10 10:27:05
     [readconf.c]
     Get the correct message on errors. (niels@ ok)
   - ho@cvs.openbsd.org      2000/07/10 10:30:25
     [cipher.c kex.c servconf.c]
     strtok() --> strsep(). (niels@ ok)
2000-07-11 17:31:38 +10:00
Damien Miller f9b625c36e - (djm) Fix pam sprintf fix
- (djm) Cleanup entropy collection code a little more. Split initialisation
   from seeding, perform intialisation immediatly at start, be careful with
   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
2000-07-09 22:42:32 +10:00
Damien Miller b8c656e744 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
support. Enable using "USE_SIA=1 ./configure [options]"
2000-06-28 15:22:41 +10:00
Damien Miller bf7f466206 - OpenBSD CVS Updates:
- markus@cvs.openbsd.org  2000/06/22 10:32:27
     [sshd.c]
     missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
   - djm@cvs.openbsd.org     2000/06/22 17:55:00
     [auth-krb4.c key.c radix.c uuencode.c]
     Missing CVS idents; ok markus
2000-06-23 10:16:38 +10:00
Damien Miller b1715dc0cf - OpenBSD CVS updates:
- markus@cvs.openbsd.org
    [session.c]
    make x11-fwd work w/ localhost (xauth add host/unix:11)
    [cipher.c compat.c readconf.c servconf.c]
    check strtok() != NULL; ok niels@
    [key.c]
    fix key_read() for uuencoded keys w/o '='
    [serverloop.c]
    group ssh1 vs. ssh2 in serverloop
    [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
    split kexinit/kexdh, factor out common code
    [readconf.c ssh.1 ssh.c]
    forwardagent defaults to no, add ssh -A
  - theo@cvs.openbsd.org
    [session.c]
    just some line shortening
2000-05-30 13:44:51 +10:00
Damien Miller d999ae26b7 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de> 2000-05-20 12:49:31 +10:00
Damien Miller c4be7ce669 - RSAless operation patch from kevin_oconnor@standardandpoors.com 2000-05-17 23:02:03 +10:00
Damien Miller dcb6ecd1b3 - OpenBSD CVS update:
- markus@cvs.openbsd.org
    [ssh.c]
    fix usage()
    [ssh2.h]
    draft-ietf-secsh-architecture-05.txt
    [ssh.1]
    document ssh -T -N (ssh2 only)
    [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
    enable nonblocking IO for sshd w/ proto 1, too; split out common code
    [aux.c]
    missing include
2000-05-17 22:34:22 +10:00
Damien Miller e247cc402b - Remove references to SSLeay.
- Big OpenBSD CVS update
  - markus@cvs.openbsd.org
    [clientloop.c]
    - typo
    [session.c]
    - update proctitle on pty alloc/dealloc, e.g. w/ windows client
    [session.c]
    - update proctitle for proto 1, too
    [channels.h nchan.c serverloop.c session.c sshd.c]
    - use c-style comments
  - deraadt@cvs.openbsd.org
    [scp.c]
    - more atomicio
  - markus@cvs.openbsd.org
    [channels.c]
    - set O_NONBLOCK
    [ssh.1]
    - update AUTHOR
    [readconf.c ssh-keygen.c ssh.h]
    - default DSA key file ~/.ssh/id_dsa
    [clientloop.c]
    - typo, rm verbose debug
  - deraadt@cvs.openbsd.org
    [ssh-keygen.1]
    - document DSA use of ssh-keygen
    [sshd.8]
    - a start at describing what i understand of the DSA side
    [ssh-keygen.1]
    - document -X and -x
    [ssh-keygen.c]
    - simplify usage
  - markus@cvs.openbsd.org
    [sshd.8]
    - there is no rhosts_dsa
    [ssh-keygen.1]
    - document -y, update -X,-x
    [nchan.c]
    - fix close for non-open ssh1 channels
    [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
    - s/DsaKey/HostDSAKey/, document option
    [sshconnect2.c]
    - respect number_of_password_prompts
    [channels.c channels.h servconf.c servconf.h session.c sshd.8]
    - GatewayPorts for sshd, ok deraadt@
    [ssh-add.1 ssh-agent.1 ssh.1]
    - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
    [ssh.1]
    - more info on proto 2
    [sshd.8]
    - sync AUTHOR w/ ssh.1
    [key.c key.h sshconnect.c]
    - print key type when talking about host keys
    [packet.c]
    - clear padding in ssh2
    [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
    - replace broken uuencode w/ libc b64_ntop
    [auth2.c]
    - log failure before sending the reply
    [key.c radix.c uuencode.c]
    - remote trailing comments before calling __b64_pton
    [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
    [sshconnect2.c sshd.8]
    - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 12:03:14 +10:00
Damien Miller 6f83b8e34d - OpenBSD CVS update
[channels.c]
   - init all fds, close all fds.
   [sshconnect2.c]
   - check whether file exists before asking for passphrase
   [servconf.c servconf.h sshd.8 sshd.c]
   - PidFile, pr 1210
   [channels.c]
   - EINTR
   [channels.c]
   - unbreak, ok niels@
   [sshd.c]
   - unlink pid file, ok niels@
   [auth2.c]
   - Add missing #ifdefs; ok - markus
2000-05-02 09:23:45 +10:00
Damien Miller eba71bab9b - Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2]
   - interop w/ F-secure windows client
   - sync documentation
   - ssh_host_dsa_key not ssh_dsa_key
   [auth-rsa.c]
   - missing fclose
   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
   [sshd.c uuencode.c uuencode.h authfile.h]
   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
     for trading keys with the real and the original SSH, directly from the
     people who invented the SSH protocol.
   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
   [sshconnect1.c sshconnect2.c]
   - split auth/sshconnect in one file per protocol version
   [sshconnect2.c]
   - remove debug
   [uuencode.c]
   - add trailing =
   [version.h]
   - OpenSSH-2.0
   [ssh-keygen.1 ssh-keygen.c]
   - add -R flag: exit code indicates if RSA is alive
   [sshd.c]
   - remove unused
     silent if -Q is specified
   [ssh.h]
   - host key becomes /etc/ssh_host_dsa_key
   [readconf.c servconf.c ]
   - ssh/sshd default to proto 1 and 2
   [uuencode.c]
   - remove debug
   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
   - xfree DSA blobs
   [auth2.c serverloop.c session.c]
   - cleanup logging for sshd/2, respect PasswordAuth no
   [sshconnect2.c]
   - less debug, respect .ssh/config
   [README.openssh2 channels.c channels.h]
   - clientloop.c session.c ssh.c
   - support for x11-fwding, client+server
2000-04-29 23:57:08 +10:00
Damien Miller 166fca8894 - Sync with OpenBSD CVS:
[clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
  - pid_t
  [session.c]
  - remove bogus chan_read_failed. this could cause data
    corruption (missing data) at end of a SSH2 session.
2000-04-20 07:42:21 +10:00
Damien Miller 8bb73be04e - OpenBSD CVS updates
[channels.c]
   - fix pr 1196, listen_port and port_to_connect interchanged
   [scp.c]
   - after completion, replace the progress bar ETA counter with a final
     elapsed time; my idea, aaron wrote the patch
   [ssh_config sshd_config]
   - show 'Protocol' as an example, ok markus@
   [sshd.c]
   - missing xfree()
 - Add missing header to bsd-misc.c
2000-04-19 16:26:12 +10:00
Damien Miller 5f05637b0e - Reduce diff against OpenBSD source
- All OpenSSL includes are now unconditionally referenced as
     openssl/foo.h
   - Pick up formatting changes
   - Other minor changed (typecasts, etc) that I missed
2000-04-16 12:31:48 +10:00
Damien Miller 4af51306d9 - OpenBSD CVS updates.
[ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   - whitespace cleanup
2000-04-16 11:18:38 +10:00
Damien Miller 22c772609a - Merged OpenBSD updates to include paths. 2000-04-13 12:26:34 +10:00
Damien Miller 78928793fb - OpenBSD CVS updates:
- [channels.c]
     repair x11-fwd
   - [sshconnect.c]
     fix passwd prompt for ssh2, less debugging output.
   - [clientloop.c compat.c dsa.c kex.c sshd.c]
     less debugging output
   - [kex.c kex.h sshconnect.c sshd.c]
     check for reasonable public DH values
   - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
     [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
     add Cipher and Protocol options to ssh/sshd, e.g.:
     ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
     arcfour,3des-cbc'
   - [sshd.c]
     print 1.99 only if server supports both
2000-04-12 20:17:38 +10:00
Damien Miller efb4afe026 - More large OpenBSD CVS updates:
- [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
     [session.h ssh.h sshd.c README.openssh2]
     ssh2 server side, see README.openssh2; enable with 'sshd -2'
   - [channels.c]
     no adjust after close
   - [sshd.c compat.c ]
     interop w/ latest ssh.com windows client.
2000-04-12 18:45:05 +10:00
Damien Miller 1383bd8eb9 - OpenBSD CVS update:
- [channels.c]
     close efd on eof
   - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
     ssh2 client implementation, interops w/ ssh.com and lsh servers.
   - [sshconnect.c]
     missing free.
   - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
     remove unused argument, split cipher_mask()
   - [clientloop.c]
     re-order: group ssh1 vs. ssh2
 - Make Redhat spec require openssl >= 0.9.5a
2000-04-06 12:32:37 +10:00
Damien Miller b38eff8e4f - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
- [auth.c session.c sshd.c auth.h]
     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
   - [bufaux.c bufaux.h]
     support ssh2 bignums
   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
     [readconf.c ssh.c ssh.h serverloop.c]
     replace big switch() with function tables (prepare for ssh2)
   - [ssh2.h]
     ssh2 message type codes
   - [sshd.8]
     reorder Xr to avoid cutting
   - [serverloop.c]
     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
   - [channels.c]
     missing close
     allow bigger packets
   - [cipher.c cipher.h]
     support ssh2 ciphers
   - [compress.c]
     cleanup, less code
   - [dispatch.c dispatch.h]
     function tables for different message types
   - [log-server.c]
     do not log() if debuggin to stderr
     rename a cpp symbol, to avoid param.h collision
   - [mpaux.c]
     KNF
   - [nchan.c]
     sync w/ channels.c
2000-04-01 11:09:21 +10:00
Damien Miller 450a7a1ff4 - OpenBSD CVS update
- [auth-krb4.c]
     -Wall
   - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
     [match.h ssh.c ssh.h sshconnect.c sshd.c]
     initial support for DSA keys. ok deraadt@, niels@
   - [cipher.c cipher.h]
     remove unused cipher_attack_detected code
   - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
     Fix some formatting problems I missed before.
   - [ssh.1 sshd.8]
     fix spelling errors, From: FreeBSD
   - [ssh.c]
     switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
2000-03-26 13:04:51 +10:00
Damien Miller 7684ee17ee - OpenBSD CVS updates:
- [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
     [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
     [sshd.c]
     pedantic: signed vs. unsigned, void*-arithm, etc
   - [ssh.1 sshd.8]
     Various cleanups and standardizations.
2000-03-17 23:40:15 +11:00
Damien Miller 02491e9632 - OpenBSD CVS change
[sshd.c]
    - disallow guessing of root password
2000-03-11 11:58:28 +11:00
Damien Miller 98c7ad60ec - OpenBSD CVS updates to v1.2.3
[ssh.h atomicio.c]
	 - int atomicio -> ssize_t (for alpha). ok deraadt@
	[auth-rsa.c]
	 - delay MD5 computation until client sends response, free() early, cleanup.
	[cipher.c]
	 - void* -> unsigned char*, ok niels@
	[hostfile.c]
	 - remove unused variable 'len'. fix comments.
	 - remove unused variable
	[log-client.c log-server.c]
	 - rename a cpp symbol, to avoid param.h collision
	[packet.c]
	 - missing xfree()
	 - getsockname() requires initialized tolen; andy@guildsoftware.com
	 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
	from Holger.Trapp@Informatik.TU-Chemnitz.DE
	[pty.c pty.h]
	 - register cleanup for pty earlier. move code for pty-owner handling to
   	pty.c ok provos@, dugsong@
	[readconf.c]
	 - turn off x11-fwd for the client, too.
	[rsa.c]
	 - PKCS#1 padding
	[scp.c]
	 - allow '.' in usernames; from jedgar@fxp.org
	[servconf.c]
	 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
	 - sync with sshd_config
	[ssh-keygen.c]
	 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
	[ssh.1]
	 - Change invalid 'CHAT' loglevel to 'VERBOSE'
	[ssh.c]
	 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
	 - turn off x11-fwd for the client, too.
	[sshconnect.c]
	 - missing xfree()
	 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
	 - read error vs. "Connection closed by remote host"
	[sshd.8]
	 - ie. -> i.e.,
	 - do not link to a commercial page..
	 - sync with sshd_config
	[sshd.c]
	 - no need for poll.h; from bright@wintelcom.net
	 - log with level log() not fatal() if peer behaves badly.
	 - don't panic if client behaves strange. ok deraadt@
	 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
	 - delay close() of pty until the pty has been chowned back to root
	 - oops, fix comment, too.
	 - missing xfree()
	 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
   	(http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
	 - register cleanup for pty earlier. move code for pty-owner handling to
      pty.c ok provos@, dugsong@
	 - create x11 cookie file
	 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
	 - version 1.2.3
 - Cleaned up
2000-03-09 21:27:49 +11:00
Damien Miller 3c7eeb2af5 - Don't permanently fail on bind() if getaddrinfo has more choices left for
us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
   Miskiewicz <misiek@pld.org.pl>
2000-03-03 22:35:33 +11:00
Damien Miller c7d8dbbb0d - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de 2000-03-02 23:30:53 +11:00
Damien Miller a22ba0152c - Big cleanup of autoconf code
- Rearranged to be a little more logical
   - Added -R option for Solaris
   - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
     to detect library and header location _and_ ensure library has proper
     RSA support built in (this is a problem with OpenSSL 0.9.5).
2000-03-02 23:09:20 +11:00
Damien Miller 1852246d30 - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu 2000-02-03 01:07:07 +11:00
Damien Miller fa51a83f54 - Reorder PAM initialisation so it does not mess up lastlog. Reported
by Andre Lucas <andre.lucas@dial.pipex.com>
2000-01-26 11:07:22 +11:00
Damien Miller 1fa154bb1e - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
2000-01-23 10:32:03 +11:00
Damien Miller f052aaf9f6 - OpenBSD CVS updates:
- [packet.c]
     use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
     from Holger.Trapp@Informatik.TU-Chemnitz.DE
   - [sshd.c]
     log with level log() not fatal() if peer behaves badly.
   - [readpass.c]
     instead of blocking SIGINT, catch it ourselves, so that we can clean
     the tty modes up and kill ourselves -- instead of our process group
     leader (scp, cvs, ...) going away and leaving us in noecho mode.
     people with cbreak shells never even noticed..
2000-01-22 19:47:21 +11:00
Damien Miller 396691ad5d - Update to latest OpenBSD CVS:
- [auth-rsa.c]
     - fix user/1056, sshd keeps restrictions; dbt@meat.net
   - [sshconnect.c]
     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
     - destroy keys earlier
     - split key exchange (kex) and user authentication (user-auth), ok: provos@
   - [sshd.c]
     - no need for poll.h; from bright@wintelcom.net
     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
     - split key exchange (kex) and user authentication (user-auth), ok: provos@
2000-01-20 22:44:08 +11:00
Damien Miller 7d80e3484b - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
addresses using getaddrinfo(). Added a configure switch to make the
   default lookup mode AF_INET
2000-01-19 14:36:49 +11:00
Damien Miller 34132e54cb - Merged OpenBSD IPv6 patch:
- [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
     [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
     [hostfile.c sshd_config]
     ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
     features: sshd allows multiple ListenAddress and Port options. note
     that libwrap is not IPv6-ready. (based on patches from
     fujiwara@rcac.tdi.co.jp)
   - [ssh.c canohost.c]
     more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
     from itojun@
   - [channels.c]
     listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
   - [packet.h]
     allow auth-kerberos for IPv4 only
   - [scp.1 sshd.8 servconf.h scp.c]
     document -4, -6, and 'ssh -L 2022/::1/22'
   - [ssh.c]
     'ssh @host' is illegal (null user name), from
     karsten@gedankenpolizei.de
   - [sshconnect.c]
     better error message
   - [sshd.c]
     allow auth-kerberos for IPv4 only
 - Big IPv6 merge:
   - Cleanup overrun in sockaddr copying on RHL 6.1
   - Replacements for getaddrinfo, getnameinfo, etc based on versions
     from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
   - Replacement for missing structures on systems that lack IPv6
   - record_login needed to know about AF_INET6 addresses
   - Borrowed more code from OpenBSD: rresvport_af and requisites
2000-01-14 15:45:46 +11:00
Damien Miller e72b7af17e - Removed most of the pam code into its own file auth-pam.[ch]. This
cleaned up sshd.c up significantly.
 - Several other cleanups
1999-12-30 15:08:44 +11:00
Damien Miller ac3a4b4a96 - Calls to pam_setcred, patch from Nalin Dahyabhai
<nalin@thermo.stat.ncsu.edu>
1999-12-29 10:25:40 +11:00
Damien Miller d00d1611e4 - Print whether OpenSSH was compiled with RSARef, patch from
Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
1999-12-29 10:17:09 +11:00
Damien Miller beb4ba5a68 - Portability fixes for Irix 5.3 (now compiles OK!)
- autoconf and other misc cleanups
1999-12-28 15:09:35 +11:00
Damien Miller d33201e916 typo 1999-12-27 10:55:23 +11:00
Damien Miller 373d2917a8 - PAM bugfix. PermitEmptyPassword was being ignored.
- Fixed PAM config files to allow empty passwords if server does.
 - Explained spurious PAM auth warning workaround in UPGRADING
1999-12-27 10:45:54 +11:00
Damien Miller d49621ea53 - Disable logging of PAM success and failures, PAM is verbose enough.
Unfortunatly there is currently no way to disable auth failure
   messages. Mention this in UPGRADING file and sent message to PAM
   developers
1999-12-26 14:04:33 +11:00
Damien Miller 3b623d900e Better fix for PAM logging 1999-12-26 13:31:06 +11:00
Damien Miller 32b3cf2c96 19991226
- Enabled utmpx support by default for Solaris
 - Cleanup sshd.c PAM a little more

19991225
 - Merged fixes from Ben Taylor <bent@clark.net>
 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
 - Disabled logging of PAM password authentication failures when password
   is empty. (e.g start of authentication loop). Reported by Naz
   <96na@eng.cam.ac.uk>)
1999-12-26 10:21:48 +11:00
Damien Miller 2e1b082dfb - Prepare for 1.2.1pre20
19991225
 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
 - Cleanup of auth-passwd.c for shadow and MD5 passwords
 - Cleanup and bugfix of PAM authentication code

19991223
 - Merged later HPUX patch from Andre Lucas
   <andre.lucas@dial.pipex.com>
 - Above patch included better utmpx support from Ben Taylor
   <bent@clark.net>:
1999-12-25 10:11:29 +11:00
Damien Miller 6ae00d6c96 - Some older systems don't have poll.h, they use sys/poll.h instead
- Doc updates
1999-12-14 15:43:03 +11:00
Damien Miller a34a28bf86 - OpenBSD CVS Changes
- [canohost.c]
     fix get_remote_port() and friends for sshd -i;
     Holger.Trapp@Informatik.TU-Chemnitz.DE
   - [mpaux.c]
     make code simpler. no need for memcpy. niels@ ok
   - [pty.c]
     namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
     fix proto; markus
   - [ssh.1]
      typo; mark.baushke@solipsa.com
   - [channels.c ssh.c ssh.h sshd.c]
     type conflict for 'extern Type *options' in channels.c; dot@dotat.at
   - [sshconnect.c]
     move checking of hostkey into own function.
   - [version.h]
     OpenSSH-1.2.1
1999-12-14 10:47:15 +11:00
Damien Miller 50945fa861 - OpenBSD CVS updates:
- [readpass.c]
     avoid stdio; based on work by markus, millert, and I
   - [sshd.c]
     make sure the client selects a supported cipher
   - [sshd.c]
     fix sighup handling.  accept would just restart and daemon handled
     sighup only after the next connection was accepted. use poll on
     listen sock now.
   - [sshd.c]
     make that a fatal
1999-12-09 10:31:37 +11:00
Damien Miller bf1c9b2012 - Import of patch from Ben Taylor <bent@clark.net>:
- Improved PAM support
   - "uninstall" rule for Makefile
   - utmpx support
   - Should fix PAM problems on Solaris
1999-12-09 10:16:54 +11:00
Damien Miller 037a0dc083 - Merged more OpenBSD changes:
- [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
     move atomicio into it's own file.  wrap all socket write()s which
     were doing write(sock, buf, len) != len, with atomicio() calls.
   - [auth-skey.c]
     fd leak
   - [authfile.c]
     properly name fd variable
   - [channels.c]
     display great hatred towards strcpy
   - [pty.c pty.h sshd.c]
     use openpty() if it exists (it does on BSD4_4)
   - [tildexpand.c]
     check for ~ expansion past MAXPATHLEN
 - Modified helper.c to use new atomicio function.
 - Reformat Makefile a little
 - Moved RC4 routines from rc4.[ch] into helper.c
 - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
1999-12-07 15:38:31 +11:00
Damien Miller eabf3417bc - Fix PAM account and session being called multiple times. Problem
reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
1999-12-07 14:56:27 +11:00
Damien Miller dc33fc3910 Small cleanup of PAM code 1999-12-04 20:24:48 +11:00
Damien Miller 5428f646ad - More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
   - [channels.c]
     report from mrwizard@psu.edu via djm@ibs.com.au
   - [channels.c]
     set SO_REUSEADDR and SO_LINGER for forwarded ports.
     chip@valinux.com via damien@ibs.com.au
   - [nchan.c]
     it's not an error() if shutdown_write failes in nchan.
   - [readconf.c]
     remove dead #ifdef-0-code
   - [readconf.c servconf.c]
     strcasecmp instead of tolower
   - [scp.c]
     progress meter overflow fix from damien@ibs.com.au
   - [ssh-add.1 ssh-add.c]
     SSH_ASKPASS support
   - [ssh.1 ssh.c]
     postpone fork_after_authentication until command execution,
     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
     plus: use daemon() for backgrounding
1999-11-25 11:54:57 +11:00
Damien Miller 9072e18896 *** empty log message *** 1999-11-25 10:42:08 +11:00
Damien Miller 95def09838 - Merged very large OpenBSD source code reformat
- OpenBSD CVS updates
   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
     [ssh.h sshd.8 sshd.c]
     syslog changes:
     * Unified Logmessage for all auth-types, for success and for failed
     * Standard connections get only ONE line in the LOG when level==LOG:
       Auth-attempts are logged only, if authentication is:
          a) successfull or
          b) with passwd or
          c) we had more than AUTH_FAIL_LOG failues
     * many log() became verbose()
     * old behaviour with level=VERBOSE
   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
     messages. allows use of s/key in windows (ttssh, securecrt) and
     ssh-1.2.27 clients without 'ssh -v', ok: niels@
   - [sshd.8]
     -V, for fallback to openssh in SSH2 compatibility mode
   - [sshd.c]
     fix sigchld race; cjc5@po.cwru.edu
1999-11-25 00:26:21 +11:00
Damien Miller 3744b51918 - Numerous little Solaris fixes 1999-11-23 11:24:32 +11:00
Damien Miller 859cec0250 - Added autoconf test and macro to deal with old PAM libraries
pam_strerror definition (one arg vs two).
1999-11-22 14:27:24 +11:00
Damien Miller 431f66b68c - [OVERVIEW README] typos; green@freebsd
- [ssh-keygen.c]
      replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
      exit if writing the key fails (no infinit loop)
      print usage() everytime we get bad options
    - [ssh-keygen.c] overflow, djm@mindrot.org
    - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-21 18:31:57 +11:00
Damien Miller 6162d1215b - OpenBSD CVS Changes
- [channels.c]
      make this compile, bad markus
    - [log.c readconf.c servconf.c ssh.h]
      bugfix: loglevels are per host in clientconfig,
      factor out common log-level parsing code.
    - [servconf.c]
      remove unused index (-Wall)
    - [ssh-agent.c]
      only one 'extern char *__progname'
    - [sshd.8]
      document SIGHUP, -Q to synopsis
    - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
      [channels.c clientloop.c]
      SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
      [hope this time my ISP stays alive during commit]
1999-11-21 13:23:52 +11:00
Damien Miller 23b783952a - Merged OpenBSD CVS changes
- [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
     more %d vs. %s in fmt-strings
   - [authfd.c]
     Integers should not be printed with %s
1999-11-19 08:25:48 +11:00
Damien Miller 5bbbd364c9 - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com> 1999-11-19 07:56:21 +11:00
Damien Miller 81428f9d10 - Merged OpenBSD CVS changes
- [scp.c] foregroundproc() in scp
   - [sshconnect.h] include fingerprint.h
   - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
     changes.
 - Added openssh.com info to README
1999-11-18 09:28:11 +11:00
Damien Miller 10f6f6ba9e - Merged OpenBSD CVS changes
- [ChangeLog.Ylonen] noone needs this anymore
   - [authfd.c] close-on-exec for auth-socket, ok deraadt
   - [hostfile.c]
     in known_hosts key lookup the entry for the bits does not need
     to match, all the information is contained in n and e. This
     solves the problem with buggy servers announcing the wrong
     modulus length.  markus and me.
   - [serverloop.c]
     bugfix: check for space if child has terminated, from:
     iedowse@maths.tcd.ie
   - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
     [fingerprint.c fingerprint.h]
     rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
   - [ssh-agent.1] typo
   - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
   - [sshd.c]
     force logging to stderr while loading private key file
     (lost while converting to new log-levels)
1999-11-17 17:29:08 +11:00
Damien Miller 7e8e820153 - Merged OpenBSD CVS changes:
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
     [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
     the keysize of rsa-parameter 'n' is passed implizit,
     a few more checks and warnings about 'pretended' keysizes.
   - [cipher.c cipher.h packet.c packet.h sshd.c]
     remove support for cipher RC4
   - [ssh.c]
     a note for legay systems about secuity issues with permanently_set_uid(),
     the private hostkey and ptrace()
   - [sshconnect.c]
     more detailed messages about adding and checking hostkeys
1999-11-16 13:37:16 +11:00
Damien Miller 3f905872b0 - Merged more Solaris compability from Marc G. Fournier
<marc.fournier@acadiau.ca>
 - Wrote autoconf tests for __progname symbol
1999-11-15 17:10:57 +11:00
Damien Miller 3bd49ec5c4 - Various small cleanups to bring diff (against OpenBSD) size down. 1999-11-15 15:40:55 +11:00
Damien Miller 2ccf661cbe - Merged more OpenBSD CVS changes:
[auth-krb4.c]
          - disconnect if getpeername() fails
          - missing xfree(*client)
        [canohost.c]
          - disconnect if getpeername() fails
          - fix comment: we _do_ disconnect if ip-options are set
        [sshd.c]
          - disconnect if getpeername() fails
          - move checking of remote port to central place
        [auth-rhosts.c] move checking of remote port to central place
        [log-server.c] avoid extra fd per sshd, from millert@
        [readconf.c] print _all_ bad config-options in ssh(1), too
        [readconf.h] print _all_ bad config-options in ssh(1), too
        [ssh.c] print _all_ bad config-options in ssh(1), too
        [sshconnect.c] disconnect if getpeername() fails
 - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
1999-11-15 15:25:10 +11:00
Damien Miller 6d7b2cd1a3 - Merged yet more changes from OpenBSD CVS
- [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
     [ssh.c ssh.h sshconnect.c sshd.c]
     make all access to options via 'extern Options options'
     and 'extern ServerOptions options' respectively;
     options are no longer passed as arguments:
      * make options handling more consistent
      * remove #include "readconf.h" from ssh.h
      * readconf.h is only included if necessary
   - [mpaux.c] clear temp buffer
   - [servconf.c] print _all_ bad options found in configfile
1999-11-12 15:19:27 +11:00
Damien Miller 322650927b - Merged changes from OpenBSD CVS
- [sshd.c] session_key_int may be zero
   - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
     IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
     deraadt,millert
 - Brought default sshd_config more in line with OpenBSDs
1999-11-12 11:33:04 +11:00
Damien Miller 776af5de4f - Merged changes from OpenBSD CVS
- [sshd.c] session_key_int may be zero
1999-11-12 08:49:09 +11:00
Damien Miller 9fa19b633d Merged sshd connection failure patch from Markus Friedl <markus@cvs.openbsd.org> 1999-11-11 20:44:05 +11:00
Damien Miller 5ce662a920 - Merged more OpenBSD CVS changes:
- [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
     + krb-cleanup cleanup
   - [clientloop.c log-client.c log-server.c ]
     [readconf.c readconf.h servconf.c servconf.h ]
     [ssh.1 ssh.c ssh.h sshd.8]
     add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
     obsoletes QuietMode and FascistLogging in sshd.
1999-11-11 17:57:39 +11:00
Damien Miller fd7c911f09 Merged OpenBSD CVS changes that go away 1999-11-08 16:15:55 +11:00
Damien Miller 356a0b004a Lots of changes:
- Removed lots of unnecessary checks from autoconf
 - Added support and autoconf test for openpty() function (Unix98 pty support)
 - Fix for scp not finding ssh if not installed as /usr/bin/ssh
 - Added TODO file
 - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
   - Added ssh-askpass program
   - Added ssh-askpass support to ssh-add.c
   - Create symlinks for slogin on install
   - Fix "distclean" target in makefile
   - Added example for ssh-agent to manpage
   - Added support for PAM_TEXT_INFO messages
   - Disable internal /etc/nologin support if PAM enabled
 - Merged latest OpenBSD CVS changes:
   - [sshd.c] don't send fail-msg but disconnect if too many authentication
     failures
   - [sshd.c] replace assert() with error, fatal or packet_disconnect
   - [sshd.c] remove unused argument. ok dugsong
   - [sshd.c] typo
   - [rsa.c] clear buffers used for encryption. ok: niels
   - [rsa.c] replace assert() with error, fatal or packet_disconnect
 - Fixed coredump after merge of OpenBSD rsa.c patch
1999-11-08 15:30:59 +11:00
Damien Miller 0aa8e5395c Merged one line cleanup from OBSD CVS 1999-11-02 19:05:02 +11:00
Damien Miller d0562b3cdc Fix off by one error in PAM env patch
Tidy changelog
1999-10-29 13:09:40 +10:00
Damien Miller 07a826d854 - Make distclean now removed configure script
- Improved PAM logging
 - Added some debug() calls for PAM
1999-10-29 11:49:20 +10:00
Damien Miller 5eeedae9fe make install patch
Picked up lost bit of OpenBSD update to ssh.h

Fix compile warning in new pam_env stuff
1999-10-29 10:21:15 +10:00
Damien Miller 9438816a5c Integrated PAM environment patch from Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
Integrated make install patch from Niels Kristian Bech Jensen <nkbj@image.dk>
1999-10-29 09:57:31 +10:00
Damien Miller a37010e466 Renamed open* -> * at request of Theo de Raadt <deraadt@cvs.openbsd.org> 1999-10-29 09:18:29 +10:00
Damien Miller 062307657e Big rename ssh* -> openssh* 1999-10-28 14:03:14 +10:00
Damien Miller 3d112efc67 Big PAM cleanup
Added header for arc4random to mktemp.c

Fixed return type of arc4random
1999-10-28 13:20:30 +10:00
Damien Miller 332e67fde2 Attempt to clean up PAM code
Use PWDB getpw* functions if HAVE_PWDB defined

Minor other tidyups
1999-10-27 23:42:05 +10:00
Damien Miller d4a8b7e34d Initial revision 1999-10-27 13:42:43 +10:00