Damien Miller
6b6d5be591
- Release 4.1p1
2005-05-26 11:34:36 +10:00
Darren Tucker
ae8c91ec07
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
...
allocation when retrieving core Windows environment. Add CYGWIN variable
to propagated variables. Patch from vinschen at redhat.com, ok djm@
2005-05-25 19:42:10 +10:00
Darren Tucker
328118aa79
- (dtucker) [auth-pam.c] Since people don't seem to be getting the message
...
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
USE_POSIX_THREADS will now generate an error so we don't silently change
behaviour. ok djm@
2005-05-25 16:18:09 +10:00
Damien Miller
4d8f560c39
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
2005-05-25 14:43:47 +10:00
Damien Miller
df548bc310
- (djm) [openbsd-compat/readpassphrase.c] bz #950 : Retry tcsetattr to ensure
...
terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
"looks ok" dtucker@
2005-05-24 15:54:27 +10:00
Tim Rice
b58bd0327e
20050512
...
- (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
hard link section. Bug 1038.
2005-05-12 10:32:19 -07:00
Darren Tucker
fa2211d93d
- (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
...
user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com.
2005-05-09 23:48:17 +10:00
Damien Miller
4f10e25684
- (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
...
unix domain socket, so catch that too; from jakob@ ok dtucker@
2005-05-04 15:33:09 +10:00
Darren Tucker
5b115d4401
- (dtucker) [canohost.c] normalise socket addresses returned by
...
get_remote_hostname(). This means that IPv4 addresses in log messages
on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
addresses only for 4-in-6 mapped connections, regardless of whether
or not the machine is IPv6 enabled. ok djm@
2005-05-03 19:05:32 +10:00
Darren Tucker
149da8577e
typo
2005-04-25 17:03:29 +10:00
Darren Tucker
af342556b9
- (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
...
"make tests" works even if you'r building on a filesystem that doesn't
support sockets. From deengert at anl.gov, ok djm@
2005-04-25 17:01:26 +10:00
Darren Tucker
bf2b398327
- (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
...
will clean up anyway. From tim@
2005-04-25 14:49:48 +10:00
Darren Tucker
faefd2e73d
- (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
...
existence of a process since it's more portable. Found by jbasney at
ncsa.uiuc.edu; ok tim@
2005-04-25 14:48:22 +10:00
Darren Tucker
2f0b5c4869
- (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
...
1.2.1.2 or higher. With tim@, ok djm@
2005-04-24 17:52:22 +10:00
Tim Rice
4149ebc0db
- (tim) [config.guess] Add support for OpenServer 6.
2005-04-23 18:17:29 -07:00
Darren Tucker
48554152b9
- (dtucker) [session.c] Bug #1024 : Don't check pam_session_is_open if
...
UseLogin is set as PAM is not used to establish credentials in that
case. Found by Michael Selvesteen, ok djm@
2005-04-21 19:50:55 +10:00
Darren Tucker
8d158c9937
- (dtucker) [INSTALL] Fix s/key text too.
2005-04-19 15:40:51 +10:00
Darren Tucker
ad1e5e286c
- (dtucker) [INSTALL] Put the s/key text and URL back together.
2005-04-19 15:31:49 +10:00
Darren Tucker
d9c88138f7
- (dtucker) [INSTALL] Reference README.privsep for the privilege separation
...
requirements. Pointed out by Bengt Svensson.
2005-04-19 12:21:21 +10:00
Tim Rice
2f97b8b088
- (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
2005-04-11 19:00:18 -07:00
Darren Tucker
0f5eeff23d
- (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
...
sys_auth_passwd, pointed out by cmadams at hiwaay.net.
2005-04-05 21:00:47 +10:00
Darren Tucker
00cadb8c35
- (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
...
Tru64. Patch from cmadams at hiwaay.net.
2005-04-05 20:58:37 +10:00
Darren Tucker
9d2562cf20
- (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
2005-04-05 19:22:45 +10:00
Darren Tucker
69152291e7
- (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
...
will free as needed. ok tim@ djm@
2005-04-03 12:44:23 +10:00
Damien Miller
4942de5719
- djm@cvs.openbsd.org 2005/04/02 12:41:16
...
[scp.c]
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
build
2005-04-03 10:16:39 +10:00
Damien Miller
3dae15c611
- deraadt@cvs.openbsd.org 2005/03/31 18:39:21
...
[scp.c]
copy argv[] element instead of smashing the one that ps will see; ok otto
2005-04-03 10:16:11 +10:00
Darren Tucker
de0de39082
- (dtucker) [monitor.c] Remaining part of fix for bug #1006 .
2005-03-31 23:52:04 +10:00
Darren Tucker
73ba43798a
- (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
...
message on some platforms. Patch from pete at seebeyond.com via djm.
2005-03-31 21:51:54 +10:00
Darren Tucker
f3bb434177
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006 : fix bug in
...
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
2005-03-31 21:39:25 +10:00
Darren Tucker
83d5a9866d
- jmc@cvs.openbsd.org 2005/03/18 17:05:00
...
[sshd_config.5]
typo;
2005-03-31 21:33:50 +10:00
Darren Tucker
1f04ca240d
- markus@cvs.openbsd.org 2005/03/16 21:17:39
...
[version.h]
4.1
2005-03-31 21:31:54 +10:00
Darren Tucker
5ede2ad8a7
- jmc@cvs.openbsd.org 2005/03/16 11:10:38
...
[ssh_config.5]
get the syntax right for {Local,Remote}Forward;
based on a diff from markus;
problem report from ponraj;
ok dtucker@ markus@ deraadt@
2005-03-31 21:31:10 +10:00
Darren Tucker
6e1defdc5a
- (dtucker) [contrib/aix/buildbff.sh] Bug #1005 : Look up only the user we're
...
interested in which is much faster in large (eg LDAP or NIS) environments.
Patch from dleonard at vintela.com.
2005-03-29 23:24:12 +10:00
Darren Tucker
e66519d942
- (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
...
of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
2005-03-21 22:46:34 +11:00
Darren Tucker
1df61452ea
- (dtucker) [configure.ac] Make configure error out if the user specifies
...
--with-libedit but the required libs can't be found, rather than silently
ignoring and continuing. ok tim@
2005-03-21 09:58:07 +11:00
Darren Tucker
86a5f8dd0a
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
...
and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
with & ok tim@
2005-03-21 09:55:17 +11:00
Tim Rice
eae17cc80e
- (tim) [configure.ac] remove trailing white space.
2005-03-17 16:52:20 -08:00
Tim Rice
35cc69dcb4
- (tim) [configure.ac] make some configure options a little more error proof.
2005-03-17 16:44:25 -08:00
Tim Rice
8bb561b500
- (tim) [configure.ac] portability changes on test statements. Some shells
...
have problems with -a operator.
2005-03-17 16:23:19 -08:00
Tim Rice
12ee8e241e
- (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
...
Make --without-opensc work.
2005-03-17 13:37:04 -08:00
Tim Rice
c3939e22fd
- (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
...
with a rpm -F
2005-03-14 17:24:51 -08:00
Darren Tucker
c53c3a423c
credit patch author
2005-03-14 23:24:43 +11:00
Darren Tucker
11327cc5d7
- markus@cvs.openbsd.org 2005/03/14 11:46:56
...
[buffer.c buffer.h channels.c]
limit input buffer size for channels; bugzilla #896 ; with and ok dtucker@
2005-03-14 23:22:25 +11:00
Darren Tucker
a8f553df53
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
...
[auth.c]
Populate host for log message for logins denied by AllowUsers and
DenyUsers (bz #999 ); ok markus@
2005-03-14 23:17:27 +11:00
Darren Tucker
da1adbc2cc
- dtucker@cvs.openbsd.org 2005/03/14 10:09:03
...
[ssh-keygen.1]
Correct description of -H (bz #997 ); ok markus@, punctuation jmc@
2005-03-14 23:15:58 +11:00
Darren Tucker
1adc2bd8d7
- jmc@cvs.openbsd.org 2005/03/12 11:55:03
...
[ssh_config.5]
escape `.' at eol to avoid double spacing issues;
2005-03-14 23:14:20 +11:00
Darren Tucker
9f438a9d63
- markus@cvs.openbsd.org 2005/03/11 14:59:06
...
[ssh-keygen.c]
typo, missing \n; mpech
2005-03-14 23:09:18 +11:00
Darren Tucker
90b9e02230
- deraadt@cvs.openbsd.org 2005/03/10 22:40:38
...
[auth-options.c]
spacing
2005-03-14 23:08:50 +11:00
Darren Tucker
47eede77ed
- deraadt@cvs.openbsd.org 2005/03/10 22:01:05
...
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
readconf.c bufaux.c sftp.c]
spacing
2005-03-14 23:08:12 +11:00
Darren Tucker
f899e6a526
20050312
...
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
output ends up in the client's output, causing regress failures. Found
by Corinna Vinschen.
(got 4.0 branch and HEAD slightly askew, this is to resync)
2005-03-14 23:02:46 +11:00
Darren Tucker
1d55ca748d
- dtucker@cvs.openbsd.org 2005/03/10 10:15:02
...
[readconf.c]
Check listen addresses for null, prevents xfree from dying during
ClearAllForwardings (bz #996 ). From Craig Leres, ok markus@
2005-03-14 22:58:40 +11:00
Darren Tucker
a21380b70e
- (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
...
localized name of the local administrators group more reliable. From
vinschen at redhat.com.
2005-03-13 21:20:18 +11:00
Darren Tucker
835903da7b
- (djm) [log.c] Fix dumb syntax error; ok dtucker@
...
(pulled from 4.0 branch).
2005-03-09 20:12:47 +11:00
Damien Miller
aa1dba62b0
- (djm) Release OpenSSH 4.0p1
2005-03-09 11:03:08 +11:00
Damien Miller
6f632bf2aa
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update spec file versions
2005-03-09 11:02:41 +11:00
Damien Miller
aca8626cf7
- djm@cvs.openbsd.org 2005/03/08 23:49:48
...
[version.h]
OpenSSH 4.0
2005-03-09 11:00:42 +11:00
Damien Miller
b096ac4674
- jmc@cvs.openbsd.org 2005/03/07 23:41:54
...
[ssh.1 ssh_config.5]
more macro simplification;
2005-03-09 11:00:05 +11:00
Darren Tucker
50c7db92d6
- (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
...
so that regress tests behave. From Chris Adams.
2005-03-09 10:02:55 +11:00
Tim Rice
c390c8dc68
- (tim) [configure.ac] SCO 3.2v4.2 no longer supported. This platform is
...
too old and too broken.
2005-03-07 01:21:37 -08:00
Darren Tucker
4b9ac3319e
- (dtucker) [regress/test-exec.sh] Put SUDO in the right place.
2005-03-07 19:15:06 +11:00
Darren Tucker
5d909f0773
- djm@cvs.openbsd.org 2005/03/04 08:48:46
...
[Makefile envpass.sh]
regress test for SendEnv config parsing bug; ok dtucker@
2005-03-07 18:35:34 +11:00
Darren Tucker
894823ec69
- djm@cvs.openbsd.org 2005/02/27 23:13:36
...
[login-timeout.sh]
avoid nameservice lookups in regress test; ok dtucker@
2005-03-07 18:34:04 +11:00
Darren Tucker
a0f3ba71a0
- dtucker@cvs.openbsd.org 2005/02/27 11:33:30
...
[multiplex.sh test-exec.sh sshd-log-wrapper.sh]
Add optional capability to log output from regress commands; ok markus@
Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
2005-03-07 18:33:02 +11:00
Darren Tucker
b712fccc18
- david@cvs.openbsd.org 2005/01/14 04:21:18
...
[Makefile test-exec.sh]
pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
2005-03-07 18:27:28 +11:00
Darren Tucker
68f7213a2c
- fgsch@cvs.openbsd.org 2004/12/10 01:31:30
...
[Makefile sftp-glob.sh]
some globbing regress; prompted and ok djm@
2005-03-07 18:25:53 +11:00
Darren Tucker
1c56ef6ac3
- (dtucker) OpenBSD CVS Sync (regress/)
...
- fgsch@cvs.openbsd.org 2004/12/10 01:31:30
[Makefile]
some globbing regress; prompted and ok djm@
2005-03-07 17:36:18 +11:00
Darren Tucker
0d0966934e
- (dtucker) [configure.ac] Disable gettext search when configuring with
...
BSM audit support for the time being. ok djm@
2005-03-07 17:34:45 +11:00
Darren Tucker
2b59a6dad6
- (dtucker) [session.c sshd.c] Bug #125 comment #49 : Send disconnect audit
...
events earlier, prevents mm_request_send errors reported by Matt Goebel.
2005-03-06 22:38:51 +11:00
Darren Tucker
3745e2bb62
- (dtucker) [monitor.c] Bug #125 comment #47 : fix errors returned by monitor
...
when attempting to audit disconnect events. Reported by Phil Dibowitz.
2005-03-06 22:31:35 +11:00
Damien Miller
f8e7accd01
- djm@cvs.openbsd.org 2005/03/04 08:48:06
...
[readconf.c]
fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
2005-03-05 11:22:50 +11:00
Damien Miller
b022b23584
- jmc@cvs.openbsd.org 2005/03/02 11:45:01
...
[ssh.1]
missing word;
2005-03-05 11:22:36 +11:00
Damien Miller
7ffa367a93
- (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch
...
from vinschen at redhat.com
2005-03-05 11:20:40 +11:00
Tim Rice
f8f3016f9e
- (tim) [regress/agent-ptrace.sh] add another possible gdb error.
2005-03-02 21:49:56 -08:00
Damien Miller
947219e6e6
- djm@cvs.openbsd.org 2005/03/02 02:21:07
...
[ssh.1]
bz#987: mention ForwardX11Trusted in ssh.1,
reported by andrew.benham AT thus.net; ok deraadt@
2005-03-02 13:22:30 +11:00
Damien Miller
89eac8010a
- djm@cvs.openbsd.org 2005/03/02 01:27:41
...
[ssh-keygen.c]
ignore hostnames with metachars when hashing; ok deraadt@
2005-03-02 12:33:04 +11:00
Damien Miller
1227d4c93c
- djm@cvs.openbsd.org 2005/03/02 01:00:06
...
[sshconnect.c]
fix addition of new hashed hostnames when CheckHostIP=yes;
found and ok dtucker@
2005-03-02 12:06:51 +11:00
Damien Miller
265d309ebc
- jmc@cvs.openbsd.org 2005/03/01 18:15:56
...
[ssh-keygen.1]
sort options (no attempt made at synopsis clean up though);
spelling (occurance -> occurrence);
use prompt before examples;
grammar;
2005-03-02 12:05:06 +11:00
Damien Miller
792c01749a
- jmc@cvs.openbsd.org 2005/03/01 17:32:19
...
[ssh-add.1]
sort options;
2005-03-02 12:04:50 +11:00
Damien Miller
02faeceb56
- jmc@cvs.openbsd.org 2005/03/01 17:22:06
...
[ssh.c]
sync usage() w/ man SYNOPSIS;
ok markus@
2005-03-02 12:04:32 +11:00
Damien Miller
27e9c5125e
- jmc@cvs.openbsd.org 2005/03/01 17:19:35
...
[scp.1 sftp.1]
add HashKnownHosts to -o list;
ok markus@
2005-03-02 12:04:16 +11:00
Damien Miller
9a2fdbd0d6
- jmc@cvs.openbsd.org 2005/03/01 15:47:14
...
[ssh-keyscan.1 ssh-keyscan.c]
sort options and sync usage();
2005-03-02 12:04:01 +11:00
Damien Miller
4c9c6fdcfe
- jmc@cvs.openbsd.org 2005/03/01 15:05:00
...
[ssh-keygen.1]
whitespace;
2005-03-02 12:03:43 +11:00
Damien Miller
718fd4b9b8
- jmc@cvs.openbsd.org 2005/03/01 14:59:49
...
[sshd.8]
new sentence, new line;
whitespace;
2005-03-02 12:03:23 +11:00
Damien Miller
f8c5546290
- jmc@cvs.openbsd.org 2005/03/01 14:55:23
...
[ssh_config.5]
do not mark up punctuation;
whitespace;
2005-03-02 12:03:05 +11:00
Damien Miller
36bf7dd184
- jmc@cvs.openbsd.org 2005/03/01 14:47:58
...
[ssh.1]
remove some unneccesary macros;
do not mark up punctuation;
2005-03-02 12:02:47 +11:00
Damien Miller
4b42d7f195
- djm@cvs.openbsd.org 2005/03/01 10:42:49
...
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
add tools for managing known_hosts files with hashed hostnames, including
hashing existing files and deleting hosts by name; ok markus@ deraadt@
2005-03-01 21:48:35 +11:00
Damien Miller
db7b8171ee
- djm@cvs.openbsd.org 2005/03/01 10:41:28
...
[ssh-keyscan.1 ssh-keyscan.c]
option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
2005-03-01 21:48:03 +11:00
Damien Miller
e1776155d1
- djm@cvs.openbsd.org 2005/03/01 10:40:27
...
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
[sshconnect.c sshd.8]
add support for hashing host names and addresses added to known_hosts
files, to improve privacy of which hosts user have been visiting; ok
markus@ deraadt@
2005-03-01 21:47:37 +11:00
Damien Miller
f91ee4c3de
- djm@cvs.openbsd.org 2005/03/01 10:09:52
...
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Damien Miller
1717fd422f
- djm@cvs.openbsd.org 2005/02/28 00:54:10
...
[ssh_config.5]
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
orion AT cora.nwra.com; ok markus@
2005-03-01 21:17:31 +11:00
Damien Miller
70a908ec89
- jmc@cvs.openbsd.org 2005/02/25 10:55:13
...
[sshd.8]
add /etc/motd and $HOME/.hushlogin to FILES;
from michael knudsen;
2005-03-01 21:17:09 +11:00
Damien Miller
64e8d44fbd
- djm@cvs.openbsd.org 2005/02/20 22:59:06
...
[sftp.c]
turn on ssh batch mode when in sftp batch mode, patch from
jdmossh AT nand.net;
ok markus@
2005-03-01 21:16:47 +11:00
Damien Miller
9b8073e1e0
- djm@cvs.openbsd.org 2005/02/18 03:05:53
...
[canohost.c]
better error messages for getnameinfo failures; ok dtucker@
2005-03-01 21:16:18 +11:00
Damien Miller
3eb48b6245
- otto@cvs.openbsd.org 2005/02/16 09:56:44
...
[ssh.c]
Better diagnostic if an identity file is not accesible. ok markus@ djm@
2005-03-01 21:15:46 +11:00
Darren Tucker
dc8fc62103
- (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
...
binaries without the config files. Primarily useful for packaging.
Patch from phil at usc.edu. ok djm@
2005-02-26 10:12:38 +11:00
Darren Tucker
3804903a09
- (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
...
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
more. Patch from vinschen at redhat.com.
2005-02-26 10:07:37 +11:00
Darren Tucker
34233830a1
- (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
...
Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
2005-02-26 10:04:28 +11:00
Damien Miller
848b993639
- (djm) [configure.ac] in_addr_t test needs sys/types.h too
2005-02-24 12:12:34 +11:00
Darren Tucker
2ea9b18918
- (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from
...
vinschen at redhat.com.
2005-02-22 17:57:13 +11:00
Darren Tucker
04cfbe04aa
- (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
...
unrelated platforms to be configured incorrectly.
2005-02-20 23:27:11 +11:00
Darren Tucker
d9f88915a2
- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
...
defines.h] Bug #125 : Add *EXPERIMENTAL* BSM audit support. Configure
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
parts by John R. Jackson. ok djm@
2005-02-20 21:01:48 +11:00
Darren Tucker
3c774c52f3
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
...
compiler warnings on AIX.
2005-02-16 22:49:31 +11:00
Darren Tucker
c97b01af62
- (dtucker) [session.c] Bug #918 : store credentials from gssapi-with-mic
...
authentication early enough to be available to PAM session modules when
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
Hartman and similar to Debian's ssh-krb5 package.
2005-02-16 16:47:37 +11:00
Darren Tucker
ca6e7a7e8b
- (dtucker) [configure.ac] Bug #893 : check for libresolv early on Reliant
...
Unix; prevents problems relating to the location of -lresolv in the
link order.
2005-02-16 16:19:17 +11:00
Darren Tucker
a91f5ee618
- (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
...
by the system headers.
2005-02-16 14:20:06 +11:00
Darren Tucker
7b48d25527
- (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
...
via mkstemp in some configurations. ok djm@
2005-02-16 13:20:07 +11:00
Damien Miller
ed462d9a45
write seed to temporary file and atomically rename into place; ok dtucker@
2005-02-16 13:02:45 +11:00
Darren Tucker
a39f83eeee
- (dtucker) [loginrec.c] Add missing #include.
2005-02-15 22:19:28 +11:00
Darren Tucker
691d5235ca
- (dtucker) [README.platform auth.c configure.ac loginrec.c
...
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835 : enable IPv6
on AIX where possible (see README.platform for details) and work around
a misfeature of AIX's getnameinfo. ok djm@
2005-02-15 21:45:57 +11:00
Darren Tucker
f04c361675
- (dtucker) [config.sh.in] Collect oslevel -r too.
2005-02-15 21:26:32 +11:00
Darren Tucker
15af68f767
- (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.
2005-02-11 18:32:13 +11:00
Darren Tucker
1b6f2291e4
- (dtucker) [configure.ac] Tidy up configure --help output.
2005-02-11 16:11:49 +11:00
Darren Tucker
2f9573df71
- (dtucker) [configure.ac] Bug #919 : Provide visible feedback for the
...
--disable-etc-default-login configure option.
2005-02-10 22:28:54 +11:00
Darren Tucker
33370e0287
- (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
...
the username to be passed to the passwd command when changing expired
passwords. ok djm@
2005-02-09 22:17:28 +11:00
Darren Tucker
c7e38d59e9
- (dtucker) [configure.ac] Bug #854 : prepend pwd to relative --with-ssl-dir
...
paths. ok djm@
2005-02-09 22:12:30 +11:00
Darren Tucker
92170a8626
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
...
disable_forwarding() from compat library. Prevent linker errrors trying
to resolve it for binaries other than sshd. ok djm@
2005-02-09 17:08:23 +11:00
Darren Tucker
96d4710e38
- dtucker@cvs.openbsd.org 2005/02/08 22:24:57
...
[sshd.c]
Provide reason in error message if getnameinfo fails; ok markus@
2005-02-09 09:53:48 +11:00
Darren Tucker
5b53026f71
- dtucker@cvs.openbsd.org 2005/01/30 11:18:08
...
[monitor.c]
Make code match intent; ok djm@
2005-02-09 09:52:17 +11:00
Darren Tucker
43d8e28763
- jmc@cvs.openbsd.org 2005/01/28 18:14:09
...
[ssh_config.5]
wording;
ok markus@
2005-02-09 09:51:08 +11:00
Darren Tucker
79a7acfebd
- jmc@cvs.openbsd.org 2005/01/28 15:05:43
...
[ssh_config.5]
grammar;
2005-02-09 09:48:57 +11:00
Darren Tucker
3f166dfcb5
- dtucker@cvs.openbsd.org 2005/01/28 09:45:53
...
[ssh_config]
Make it clear that the example entries in ssh_config are only some of the
commonly-used options and refer the user to ssh_config(5) for more
details; ok djm@
2005-02-09 09:46:47 +11:00
Darren Tucker
2e0cf0dca2
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
...
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker
b4d3012d2e
- (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
2005-02-08 21:06:55 +11:00
Darren Tucker
feb6f7f244
- (dtucker) [regress/test-exec.sh] Bug #912 : Set _POSIX2_VERSION for the
...
regress tests so newer versions of GNU head(1) behave themselves. Patch
by djm, so ok me.
2005-02-08 20:17:17 +11:00
Darren Tucker
40d9a63788
- (dtucker) [auth.c] Fix parens in audit log check.
2005-02-04 15:19:44 +11:00
Darren Tucker
598ba7b5e2
- (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
2005-02-04 15:05:08 +11:00
Darren Tucker
6dce99142b
typo
2005-02-03 15:07:37 +11:00
Darren Tucker
269a1ea1c8
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
...
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125 :
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker
2fba993080
- (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
...
Bug #974 : Teach sshd to write failed login records to btmp for failed auth
attempts (currently only for password, kbdint and C/R, only on Linux and
HP-UX), based on code from login.c from util-linux. With ashok_kovai at
hotmail.com, ok djm@
2005-02-02 23:30:24 +11:00
Darren Tucker
9dc6c7dbec
- (dtucker) [session.c sshd.c] Bug #445 : Propogate KRB5CCNAME if set to child
...
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
2005-02-02 18:30:33 +11:00
Darren Tucker
42d9dc75ed
- (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
...
Make record_failed_login() call provide hostname rather than having the
implementations having to do lookups themselves. Only affects AIX and
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
2005-02-02 17:10:11 +11:00
Darren Tucker
ad7646a59a
- (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
...
rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@
2005-02-02 10:43:59 +11:00
Darren Tucker
9dca099aec
- (dtucker) [sshd_config.5] Bug #701 : remove warning about
...
keyboard-interactive since this is no longer the case.
2005-02-01 19:16:45 +11:00
Darren Tucker
9b5495d23e
- (dtucker) [log.c] Bug #973 : force log_init() to open syslog, since on some
...
platforms syslog will revert to its default values. This may result in
messages from external libraries (eg libwrap) being sent to a different
facility.
2005-02-01 17:35:09 +11:00
Darren Tucker
218f178cb2
- dtucker@cvs.openbsd.org 2005/01/24 11:47:13
...
[auth-passwd.c]
#if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
2005-01-24 22:50:47 +11:00
Darren Tucker
1b7223c005
- dtucker@cvs.openbsd.org 2005/01/24 10:29:06
...
[moduli]
Import new moduli; requested by deraadt@ a week ago
2005-01-24 22:00:40 +11:00
Darren Tucker
ba66df81a3
- dtucker@cvs.openbsd.org 2005/01/24 10:22:06
...
[scp.c sftp.c]
Have scp and sftp wait for the spawned ssh to exit before they exit
themselves. This prevents ssh from being unable to restore terminal
modes (not normally a problem on OpenBSD but common with -Portable
on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950);
ok djm@ markus@
2005-01-24 21:57:40 +11:00
Darren Tucker
660db78af2
- djm@cvs.openbsd.org 2005/01/23 10:18:12
...
[cipher.c]
config option "Ciphers" should be case-sensitive; ok dtucker@
2005-01-24 21:57:11 +11:00
Darren Tucker
094cd0ba02
- dtucker@cvs.openbsd.org 2005/01/22 08:17:59
...
[auth.c]
Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
DenyGroups. bz #909 , ok djm@
2005-01-24 21:56:48 +11:00
Darren Tucker
5c14c73429
- otto@cvs.openbsd.org 2005/01/21 08:32:02
...
[auth-passwd.c sshd.c]
Warn in advance for password and account expiry; initialize loginmsg
buffer earlier and clear it after privsep fork. ok and help dtucker@
markus@
2005-01-24 21:55:49 +11:00
Darren Tucker
3c66080aa2
- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936 : Remove pam from
...
the list of available kbdint devices if UsePAM=no. ok djm@
2005-01-20 22:20:50 +11:00
Darren Tucker
33bc334a8b
- (dtucker) [loginrec.h] Bug #952 : Increase size of username field to 128
...
bytes to prevent errors from login_init_entry() when the username is
exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@
2005-01-20 22:07:29 +11:00
Darren Tucker
d231186fd0
- djm@cvs.openbsd.org 2004/12/22 02:13:19
...
[cipher-ctr.c cipher.c]
remove fallback AES support for old OpenSSL, as OpenBSD has had it for
many years now; ok deraadt@
(Id sync only: Portable will continue to support older OpenSSLs)
2005-01-20 13:27:56 +11:00
Darren Tucker
36a3d60347
- (dtucker) [auth-pam.c] Bug #971 : Prevent leaking information about user
...
existence via keyboard-interactive/pam, in conjunction with previous
auth2-chall.c change; with Colin Watson and djm.
2005-01-20 12:43:38 +11:00
Darren Tucker
611649ebf0
- dtucker@cvs.openbsd.org 2005/01/19 13:11:47
...
[auth-bsdauth.c auth2-chall.c]
Have keyboard-interactive code call the drivers even for responses for
invalid logins. This allows the drivers themselves to decide how to
handle them and prevent leaking information where possible. Existing
behaviour for bsdauth is maintained by checking authctxt->valid in the
bsdauth driver. Note that any third-party kbdint drivers will now need
to be able to handle responses for invalid logins. ok markus@
2005-01-20 11:05:34 +11:00
Darren Tucker
ea7c8127ce
- dtucker@cvs.openbsd.org 2005/01/17 22:48:39
...
[sshd.c]
Make debugging output continue after reexec; ok djm@
2005-01-20 11:03:08 +11:00
Darren Tucker
f0e792ec1c
- dtucker@cvs.openbsd.org 2005/01/17 03:25:46
...
[moduli.c]
Correct spelling: SCHNOOR->SCHNORR; ok djm@
2005-01-20 11:02:26 +11:00
Darren Tucker
b3509014ce
- jmc@cvs.openbsd.org 2005/01/08 00:41:19
...
[sshd_config.5]
`login'(n) -> `log in'(v);
2005-01-20 11:01:46 +11:00
Darren Tucker
b2161e37f5
- markus@cvs.openbsd.org 2005/01/05 08:51:32
...
[sshconnect.c]
remove dead code, log connect() failures with level error, ok djm@
2005-01-20 11:00:46 +11:00
Darren Tucker
0f38323222
- djm@cvs.openbsd.org 2004/12/23 23:11:00
...
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
bz #898 : support AddressFamily in sshd_config. from
peak@argo.troja.mff.cuni.cz ; ok deraadt@
2005-01-20 10:57:56 +11:00