Commit Graph

3860 Commits

Author SHA1 Message Date
Damien Miller 6b6d5be591 - Release 4.1p1 2005-05-26 11:34:36 +10:00
Darren Tucker ae8c91ec07 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
allocation when retrieving core Windows environment.  Add CYGWIN variable
   to propagated variables.  Patch from vinschen at redhat.com, ok djm@
2005-05-25 19:42:10 +10:00
Darren Tucker 328118aa79 - (dtucker) [auth-pam.c] Since people don't seem to be getting the message
that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
   idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK.  Attempting to use
   USE_POSIX_THREADS will now generate an error so we don't silently change
   behaviour.  ok djm@
2005-05-25 16:18:09 +10:00
Damien Miller 4d8f560c39 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
2005-05-25 14:43:47 +10:00
Damien Miller df548bc310 - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
   "looks ok" dtucker@
2005-05-24 15:54:27 +10:00
Tim Rice b58bd0327e 20050512
- (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
   hard link section. Bug 1038.
2005-05-12 10:32:19 -07:00
Darren Tucker fa2211d93d - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
user-mode mounts in Cygwin installation.  Patch from vinschen at redhat.com.
2005-05-09 23:48:17 +10:00
Damien Miller 4f10e25684 - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
unix domain socket, so catch that too; from jakob@ ok dtucker@
2005-05-04 15:33:09 +10:00
Darren Tucker 5b115d4401 - (dtucker) [canohost.c] normalise socket addresses returned by
get_remote_hostname().  This means that IPv4 addresses in log messages
   on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
   AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
   addresses only for 4-in-6 mapped connections, regardless of whether
   or not the machine is IPv6 enabled.  ok djm@
2005-05-03 19:05:32 +10:00
Darren Tucker 149da8577e typo 2005-04-25 17:03:29 +10:00
Darren Tucker af342556b9 - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
"make tests" works even if you'r building on a filesystem that doesn't
   support sockets.  From deengert at anl.gov, ok djm@
2005-04-25 17:01:26 +10:00
Darren Tucker bf2b398327 - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
will clean up anyway.  From tim@
2005-04-25 14:49:48 +10:00
Darren Tucker faefd2e73d - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
existence of a process since it's more portable.  Found by jbasney at
   ncsa.uiuc.edu; ok tim@
2005-04-25 14:48:22 +10:00
Darren Tucker 2f0b5c4869 - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
1.2.1.2 or higher.  With tim@, ok djm@
2005-04-24 17:52:22 +10:00
Tim Rice 4149ebc0db - (tim) [config.guess] Add support for OpenServer 6. 2005-04-23 18:17:29 -07:00
Darren Tucker 48554152b9 - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
UseLogin is set as PAM is not used to establish credentials in that
   case.  Found by Michael Selvesteen, ok djm@
2005-04-21 19:50:55 +10:00
Darren Tucker 8d158c9937 - (dtucker) [INSTALL] Fix s/key text too. 2005-04-19 15:40:51 +10:00
Darren Tucker ad1e5e286c - (dtucker) [INSTALL] Put the s/key text and URL back together. 2005-04-19 15:31:49 +10:00
Darren Tucker d9c88138f7 - (dtucker) [INSTALL] Reference README.privsep for the privilege separation
requirements.  Pointed out by Bengt Svensson.
2005-04-19 12:21:21 +10:00
Tim Rice 2f97b8b088 - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME 2005-04-11 19:00:18 -07:00
Darren Tucker 0f5eeff23d - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
sys_auth_passwd, pointed out by cmadams at hiwaay.net.
2005-04-05 21:00:47 +10:00
Darren Tucker 00cadb8c35 - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
Tru64.  Patch from cmadams at hiwaay.net.
2005-04-05 20:58:37 +10:00
Darren Tucker 9d2562cf20 - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@ 2005-04-05 19:22:45 +10:00
Darren Tucker 69152291e7 - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
will free as needed.  ok tim@ djm@
2005-04-03 12:44:23 +10:00
Damien Miller 4942de5719 - djm@cvs.openbsd.org 2005/04/02 12:41:16
[scp.c]
     since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
     build
2005-04-03 10:16:39 +10:00
Damien Miller 3dae15c611 - deraadt@cvs.openbsd.org 2005/03/31 18:39:21
[scp.c]
     copy argv[] element instead of smashing the one that ps will see; ok otto
2005-04-03 10:16:11 +10:00
Darren Tucker de0de39082 - (dtucker) [monitor.c] Remaining part of fix for bug #1006. 2005-03-31 23:52:04 +10:00
Darren Tucker 73ba43798a - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
message on some platforms.  Patch from pete at seebeyond.com via djm.
2005-03-31 21:51:54 +10:00
Darren Tucker f3bb434177 - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
handling of password expiry messages returned by AIX's authentication
   routines, originally reported by robvdwal at sara.nl.
2005-03-31 21:39:25 +10:00
Darren Tucker 83d5a9866d - jmc@cvs.openbsd.org 2005/03/18 17:05:00
[sshd_config.5]
     typo;
2005-03-31 21:33:50 +10:00
Darren Tucker 1f04ca240d - markus@cvs.openbsd.org 2005/03/16 21:17:39
[version.h]
     4.1
2005-03-31 21:31:54 +10:00
Darren Tucker 5ede2ad8a7 - jmc@cvs.openbsd.org 2005/03/16 11:10:38
[ssh_config.5]
     get the syntax right for {Local,Remote}Forward;
     based on a diff from markus;
     problem report from ponraj;
     ok dtucker@ markus@ deraadt@
2005-03-31 21:31:10 +10:00
Darren Tucker 6e1defdc5a - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
interested in which is much faster in large (eg LDAP or NIS) environments.
   Patch from dleonard at vintela.com.
2005-03-29 23:24:12 +10:00
Darren Tucker e66519d942 - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
2005-03-21 22:46:34 +11:00
Darren Tucker 1df61452ea - (dtucker) [configure.ac] Make configure error out if the user specifies
--with-libedit but the required libs can't be found, rather than silently
   ignoring and continuing.  ok tim@
2005-03-21 09:58:07 +11:00
Darren Tucker 86a5f8dd0a - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
and -Lyes to CFLAGS and LIBS.  Pointed out by peter at slagheap.net,
   with & ok tim@
2005-03-21 09:55:17 +11:00
Tim Rice eae17cc80e - (tim) [configure.ac] remove trailing white space. 2005-03-17 16:52:20 -08:00
Tim Rice 35cc69dcb4 - (tim) [configure.ac] make some configure options a little more error proof. 2005-03-17 16:44:25 -08:00
Tim Rice 8bb561b500 - (tim) [configure.ac] portability changes on test statements. Some shells
have problems with -a operator.
2005-03-17 16:23:19 -08:00
Tim Rice 12ee8e241e - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
Make --without-opensc work.
2005-03-17 13:37:04 -08:00
Tim Rice c3939e22fd - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
with a rpm -F
2005-03-14 17:24:51 -08:00
Darren Tucker c53c3a423c credit patch author 2005-03-14 23:24:43 +11:00
Darren Tucker 11327cc5d7 - markus@cvs.openbsd.org 2005/03/14 11:46:56
[buffer.c buffer.h channels.c]
     limit input buffer size for channels; bugzilla #896; with and ok dtucker@
2005-03-14 23:22:25 +11:00
Darren Tucker a8f553df53 - dtucker@cvs.openbsd.org 2005/03/14 11:44:42
[auth.c]
     Populate host for log message for logins denied by AllowUsers and
     DenyUsers (bz #999); ok markus@
2005-03-14 23:17:27 +11:00
Darren Tucker da1adbc2cc - dtucker@cvs.openbsd.org 2005/03/14 10:09:03
[ssh-keygen.1]
     Correct description of -H (bz #997);  ok markus@, punctuation jmc@
2005-03-14 23:15:58 +11:00
Darren Tucker 1adc2bd8d7 - jmc@cvs.openbsd.org 2005/03/12 11:55:03
[ssh_config.5]
     escape `.' at eol to avoid double spacing issues;
2005-03-14 23:14:20 +11:00
Darren Tucker 9f438a9d63 - markus@cvs.openbsd.org 2005/03/11 14:59:06
[ssh-keygen.c]
     typo, missing \n; mpech
2005-03-14 23:09:18 +11:00
Darren Tucker 90b9e02230 - deraadt@cvs.openbsd.org 2005/03/10 22:40:38
[auth-options.c]
     spacing
2005-03-14 23:08:50 +11:00
Darren Tucker 47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
2005-03-14 23:08:12 +11:00
Darren Tucker f899e6a526 20050312
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
   output ends up in the client's output, causing regress failures.  Found
   by Corinna Vinschen.

(got 4.0 branch and HEAD slightly askew, this is to resync)
2005-03-14 23:02:46 +11:00
Darren Tucker 1d55ca748d - dtucker@cvs.openbsd.org 2005/03/10 10:15:02
[readconf.c]
     Check listen addresses for null, prevents xfree from dying during
     ClearAllForwardings (bz #996).  From  Craig Leres, ok markus@
2005-03-14 22:58:40 +11:00
Darren Tucker a21380b70e - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
localized name of the local administrators group more reliable.  From
   vinschen at redhat.com.
2005-03-13 21:20:18 +11:00
Darren Tucker 835903da7b - (djm) [log.c] Fix dumb syntax error; ok dtucker@
(pulled from 4.0 branch).
2005-03-09 20:12:47 +11:00
Damien Miller aa1dba62b0 - (djm) Release OpenSSH 4.0p1 2005-03-09 11:03:08 +11:00
Damien Miller 6f632bf2aa - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update spec file versions
2005-03-09 11:02:41 +11:00
Damien Miller aca8626cf7 - djm@cvs.openbsd.org 2005/03/08 23:49:48
[version.h]
     OpenSSH 4.0
2005-03-09 11:00:42 +11:00
Damien Miller b096ac4674 - jmc@cvs.openbsd.org 2005/03/07 23:41:54
[ssh.1 ssh_config.5]
     more macro simplification;
2005-03-09 11:00:05 +11:00
Darren Tucker 50c7db92d6 - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
so that regress tests behave.  From Chris Adams.
2005-03-09 10:02:55 +11:00
Tim Rice c390c8dc68 - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. This platform is
too old and too broken.
2005-03-07 01:21:37 -08:00
Darren Tucker 4b9ac3319e - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. 2005-03-07 19:15:06 +11:00
Darren Tucker 5d909f0773 - djm@cvs.openbsd.org 2005/03/04 08:48:46
[Makefile envpass.sh]
     regress test for SendEnv config parsing bug; ok dtucker@
2005-03-07 18:35:34 +11:00
Darren Tucker 894823ec69 - djm@cvs.openbsd.org 2005/02/27 23:13:36
[login-timeout.sh]
     avoid nameservice lookups in regress test; ok dtucker@
2005-03-07 18:34:04 +11:00
Darren Tucker a0f3ba71a0 - dtucker@cvs.openbsd.org 2005/02/27 11:33:30
[multiplex.sh test-exec.sh sshd-log-wrapper.sh]
     Add optional capability to log output from regress commands; ok markus@
     Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
2005-03-07 18:33:02 +11:00
Darren Tucker b712fccc18 - david@cvs.openbsd.org 2005/01/14 04:21:18
[Makefile test-exec.sh]
     pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
2005-03-07 18:27:28 +11:00
Darren Tucker 68f7213a2c - fgsch@cvs.openbsd.org 2004/12/10 01:31:30
[Makefile sftp-glob.sh]
     some globbing regress; prompted and ok djm@
2005-03-07 18:25:53 +11:00
Darren Tucker 1c56ef6ac3 - (dtucker) OpenBSD CVS Sync (regress/)
- fgsch@cvs.openbsd.org 2004/12/10 01:31:30
     [Makefile]
     some globbing regress; prompted and ok djm@
2005-03-07 17:36:18 +11:00
Darren Tucker 0d0966934e - (dtucker) [configure.ac] Disable gettext search when configuring with
BSM audit support for the time being.  ok djm@
2005-03-07 17:34:45 +11:00
Darren Tucker 2b59a6dad6 - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit
events earlier, prevents mm_request_send errors reported by Matt Goebel.
2005-03-06 22:38:51 +11:00
Darren Tucker 3745e2bb62 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor
when attempting to audit disconnect events.  Reported by Phil Dibowitz.
2005-03-06 22:31:35 +11:00
Damien Miller f8e7accd01 - djm@cvs.openbsd.org 2005/03/04 08:48:06
[readconf.c]
     fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
2005-03-05 11:22:50 +11:00
Damien Miller b022b23584 - jmc@cvs.openbsd.org 2005/03/02 11:45:01
[ssh.1]
     missing word;
2005-03-05 11:22:36 +11:00
Damien Miller 7ffa367a93 - (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch
from vinschen at redhat.com
2005-03-05 11:20:40 +11:00
Tim Rice f8f3016f9e - (tim) [regress/agent-ptrace.sh] add another possible gdb error. 2005-03-02 21:49:56 -08:00
Damien Miller 947219e6e6 - djm@cvs.openbsd.org 2005/03/02 02:21:07
[ssh.1]
     bz#987: mention ForwardX11Trusted in ssh.1,
     reported by andrew.benham AT thus.net; ok deraadt@
2005-03-02 13:22:30 +11:00
Damien Miller 89eac8010a - djm@cvs.openbsd.org 2005/03/02 01:27:41
[ssh-keygen.c]
     ignore hostnames with metachars when hashing; ok deraadt@
2005-03-02 12:33:04 +11:00
Damien Miller 1227d4c93c - djm@cvs.openbsd.org 2005/03/02 01:00:06
[sshconnect.c]
     fix addition of new hashed hostnames when CheckHostIP=yes;
     found and ok dtucker@
2005-03-02 12:06:51 +11:00
Damien Miller 265d309ebc - jmc@cvs.openbsd.org 2005/03/01 18:15:56
[ssh-keygen.1]
     sort options (no attempt made at synopsis clean up though);
     spelling (occurance -> occurrence);
     use prompt before examples;
     grammar;
2005-03-02 12:05:06 +11:00
Damien Miller 792c01749a - jmc@cvs.openbsd.org 2005/03/01 17:32:19
[ssh-add.1]
     sort options;
2005-03-02 12:04:50 +11:00
Damien Miller 02faeceb56 - jmc@cvs.openbsd.org 2005/03/01 17:22:06
[ssh.c]
     sync usage() w/ man SYNOPSIS;
     ok markus@
2005-03-02 12:04:32 +11:00
Damien Miller 27e9c5125e - jmc@cvs.openbsd.org 2005/03/01 17:19:35
[scp.1 sftp.1]
     add HashKnownHosts to -o list;
     ok markus@
2005-03-02 12:04:16 +11:00
Damien Miller 9a2fdbd0d6 - jmc@cvs.openbsd.org 2005/03/01 15:47:14
[ssh-keyscan.1 ssh-keyscan.c]
     sort options and sync usage();
2005-03-02 12:04:01 +11:00
Damien Miller 4c9c6fdcfe - jmc@cvs.openbsd.org 2005/03/01 15:05:00
[ssh-keygen.1]
     whitespace;
2005-03-02 12:03:43 +11:00
Damien Miller 718fd4b9b8 - jmc@cvs.openbsd.org 2005/03/01 14:59:49
[sshd.8]
     new sentence, new line;
     whitespace;
2005-03-02 12:03:23 +11:00
Damien Miller f8c5546290 - jmc@cvs.openbsd.org 2005/03/01 14:55:23
[ssh_config.5]
     do not mark up punctuation;
     whitespace;
2005-03-02 12:03:05 +11:00
Damien Miller 36bf7dd184 - jmc@cvs.openbsd.org 2005/03/01 14:47:58
[ssh.1]
     remove some unneccesary macros;
     do not mark up punctuation;
2005-03-02 12:02:47 +11:00
Damien Miller 4b42d7f195 - djm@cvs.openbsd.org 2005/03/01 10:42:49
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
     add tools for managing known_hosts files with hashed hostnames, including
     hashing existing files and deleting hosts by name; ok markus@ deraadt@
2005-03-01 21:48:35 +11:00
Damien Miller db7b8171ee - djm@cvs.openbsd.org 2005/03/01 10:41:28
[ssh-keyscan.1 ssh-keyscan.c]
     option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
2005-03-01 21:48:03 +11:00
Damien Miller e1776155d1 - djm@cvs.openbsd.org 2005/03/01 10:40:27
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
     [sshconnect.c sshd.8]
     add support for hashing host names and addresses added to known_hosts
     files, to improve privacy of which hosts user have been visiting; ok
     markus@ deraadt@
2005-03-01 21:47:37 +11:00
Damien Miller f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
Damien Miller 1717fd422f - djm@cvs.openbsd.org 2005/02/28 00:54:10
[ssh_config.5]
     bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
     orion AT cora.nwra.com; ok markus@
2005-03-01 21:17:31 +11:00
Damien Miller 70a908ec89 - jmc@cvs.openbsd.org 2005/02/25 10:55:13
[sshd.8]
     add /etc/motd and $HOME/.hushlogin to FILES;
     from michael knudsen;
2005-03-01 21:17:09 +11:00
Damien Miller 64e8d44fbd - djm@cvs.openbsd.org 2005/02/20 22:59:06
[sftp.c]
     turn on ssh batch mode when in sftp batch mode, patch from
     jdmossh AT nand.net;
     ok markus@
2005-03-01 21:16:47 +11:00
Damien Miller 9b8073e1e0 - djm@cvs.openbsd.org 2005/02/18 03:05:53
[canohost.c]
     better error messages for getnameinfo failures; ok dtucker@
2005-03-01 21:16:18 +11:00
Damien Miller 3eb48b6245 - otto@cvs.openbsd.org 2005/02/16 09:56:44
[ssh.c]
     Better diagnostic if an identity file is not accesible. ok markus@ djm@
2005-03-01 21:15:46 +11:00
Darren Tucker dc8fc62103 - (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
binaries without the config files.  Primarily useful for packaging.
   Patch from phil at usc.edu.  ok djm@
2005-02-26 10:12:38 +11:00
Darren Tucker 3804903a09 - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
   more.  Patch from vinschen at redhat.com.
2005-02-26 10:07:37 +11:00
Darren Tucker 34233830a1 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
Remove two obsolete Cygwin #ifdefs.  Patch from vinschen at redhat.com.
2005-02-26 10:04:28 +11:00
Damien Miller 848b993639 - (djm) [configure.ac] in_addr_t test needs sys/types.h too 2005-02-24 12:12:34 +11:00
Darren Tucker 2ea9b18918 - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from
vinschen at redhat.com.
2005-02-22 17:57:13 +11:00
Darren Tucker 04cfbe04aa - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
unrelated platforms to be configured incorrectly.
2005-02-20 23:27:11 +11:00
Darren Tucker d9f88915a2 - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support.  Configure
   --with-audit=bsm to enable.  Patch originally from Sun Microsystems,
   parts by John R. Jackson.  ok djm@
2005-02-20 21:01:48 +11:00
Darren Tucker 3c774c52f3 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
compiler warnings on AIX.
2005-02-16 22:49:31 +11:00
Darren Tucker c97b01af62 - (dtucker) [session.c] Bug #918: store credentials from gssapi-with-mic
authentication early enough to be available to PAM session modules when
   privsep=yes.  Patch from deengert at anl.gov, ok'ed in principle by Sam
   Hartman and similar to Debian's ssh-krb5 package.
2005-02-16 16:47:37 +11:00
Darren Tucker ca6e7a7e8b - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant
Unix; prevents problems relating to the location of -lresolv in the
   link order.
2005-02-16 16:19:17 +11:00
Darren Tucker a91f5ee618 - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
by the system headers.
2005-02-16 14:20:06 +11:00
Darren Tucker 7b48d25527 - (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
via mkstemp in some configurations.  ok djm@
2005-02-16 13:20:07 +11:00
Damien Miller ed462d9a45 write seed to temporary file and atomically rename into place; ok dtucker@ 2005-02-16 13:02:45 +11:00
Darren Tucker a39f83eeee - (dtucker) [loginrec.c] Add missing #include. 2005-02-15 22:19:28 +11:00
Darren Tucker 691d5235ca - (dtucker) [README.platform auth.c configure.ac loginrec.c
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
   on AIX where possible (see README.platform for details) and work around
   a misfeature of AIX's getnameinfo.  ok djm@
2005-02-15 21:45:57 +11:00
Darren Tucker f04c361675 - (dtucker) [config.sh.in] Collect oslevel -r too. 2005-02-15 21:26:32 +11:00
Darren Tucker 15af68f767 - (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too. 2005-02-11 18:32:13 +11:00
Darren Tucker 1b6f2291e4 - (dtucker) [configure.ac] Tidy up configure --help output. 2005-02-11 16:11:49 +11:00
Darren Tucker 2f9573df71 - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the
--disable-etc-default-login configure option.
2005-02-10 22:28:54 +11:00
Darren Tucker 33370e0287 - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
the username to be passed to the passwd command when changing expired
   passwords.  ok djm@
2005-02-09 22:17:28 +11:00
Darren Tucker c7e38d59e9 - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir
paths.  ok djm@
2005-02-09 22:12:30 +11:00
Darren Tucker 92170a8626 - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
disable_forwarding() from compat library. Prevent linker errrors trying
   to resolve it for binaries other than sshd.  ok djm@
2005-02-09 17:08:23 +11:00
Darren Tucker 96d4710e38 - dtucker@cvs.openbsd.org 2005/02/08 22:24:57
[sshd.c]
     Provide reason in error message if getnameinfo fails; ok markus@
2005-02-09 09:53:48 +11:00
Darren Tucker 5b53026f71 - dtucker@cvs.openbsd.org 2005/01/30 11:18:08
[monitor.c]
     Make code match intent; ok djm@
2005-02-09 09:52:17 +11:00
Darren Tucker 43d8e28763 - jmc@cvs.openbsd.org 2005/01/28 18:14:09
[ssh_config.5]
     wording;
     ok markus@
2005-02-09 09:51:08 +11:00
Darren Tucker 79a7acfebd - jmc@cvs.openbsd.org 2005/01/28 15:05:43
[ssh_config.5]
     grammar;
2005-02-09 09:48:57 +11:00
Darren Tucker 3f166dfcb5 - dtucker@cvs.openbsd.org 2005/01/28 09:45:53
[ssh_config]
     Make it clear that the example entries in ssh_config are only some of the
     commonly-used options and refer the user to ssh_config(5) for more
     details; ok djm@
2005-02-09 09:46:47 +11:00
Darren Tucker 2e0cf0dca2 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
2005-02-08 21:52:47 +11:00
Darren Tucker b4d3012d2e - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. 2005-02-08 21:06:55 +11:00
Darren Tucker feb6f7f244 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the
regress tests so newer versions of GNU head(1) behave themselves.  Patch
   by djm, so ok me.
2005-02-08 20:17:17 +11:00
Darren Tucker 40d9a63788 - (dtucker) [auth.c] Fix parens in audit log check. 2005-02-04 15:19:44 +11:00
Darren Tucker 598ba7b5e2 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. 2005-02-04 15:05:08 +11:00
Darren Tucker 6dce99142b typo 2005-02-03 15:07:37 +11:00
Darren Tucker 269a1ea1c8 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
   (first stage) Add audit instrumentation to sshd, currently disabled by
   default.  with suggestions from and djm@
2005-02-03 00:20:53 +11:00
Darren Tucker 2fba993080 - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
Bug #974: Teach sshd to write failed login records to btmp for failed auth
   attempts (currently only for password, kbdint and C/R, only on Linux and
   HP-UX), based on code from login.c from util-linux. With ashok_kovai at
   hotmail.com, ok djm@
2005-02-02 23:30:24 +11:00
Darren Tucker 9dc6c7dbec - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process.  Since we also unset KRB5CCNAME at startup, if it's set after
   authentication it must have been set by the platform's native auth system.
   This was already done for AIX; this enables it for the general case.
2005-02-02 18:30:33 +11:00
Darren Tucker 42d9dc75ed - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
Make record_failed_login() call provide hostname rather than having the
   implementations having to do lookups themselves.  Only affects AIX and
   UNICOS (the latter only uses the "user" parameter anyway).  ok djm@
2005-02-02 17:10:11 +11:00
Darren Tucker ad7646a59a - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
rev 1.11 from OpenBSD and make it use fchdir if available.  ok djm@
2005-02-02 10:43:59 +11:00
Darren Tucker 9dca099aec - (dtucker) [sshd_config.5] Bug #701: remove warning about
keyboard-interactive since this is no longer the case.
2005-02-01 19:16:45 +11:00
Darren Tucker 9b5495d23e - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
platforms syslog will revert to its default values.  This may result in
   messages from external libraries (eg libwrap) being sent to a different
   facility.
2005-02-01 17:35:09 +11:00
Darren Tucker 218f178cb2 - dtucker@cvs.openbsd.org 2005/01/24 11:47:13
[auth-passwd.c]
     #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
2005-01-24 22:50:47 +11:00
Darren Tucker 1b7223c005 - dtucker@cvs.openbsd.org 2005/01/24 10:29:06
[moduli]
     Import new moduli; requested by deraadt@ a week ago
2005-01-24 22:00:40 +11:00
Darren Tucker ba66df81a3 - dtucker@cvs.openbsd.org 2005/01/24 10:22:06
[scp.c sftp.c]
     Have scp and sftp wait for the spawned ssh to exit before they exit
     themselves.  This prevents ssh from being unable to restore terminal
     modes (not normally a problem on OpenBSD but common with -Portable
     on POSIX platforms).  From peak at argo.troja.mff.cuni.cz (bz#950);
     ok djm@ markus@
2005-01-24 21:57:40 +11:00
Darren Tucker 660db78af2 - djm@cvs.openbsd.org 2005/01/23 10:18:12
[cipher.c]
     config option "Ciphers" should be case-sensitive; ok dtucker@
2005-01-24 21:57:11 +11:00
Darren Tucker 094cd0ba02 - dtucker@cvs.openbsd.org 2005/01/22 08:17:59
[auth.c]
     Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
     DenyGroups.  bz #909, ok djm@
2005-01-24 21:56:48 +11:00
Darren Tucker 5c14c73429 - otto@cvs.openbsd.org 2005/01/21 08:32:02
[auth-passwd.c sshd.c]
     Warn in advance for password and account expiry; initialize loginmsg
     buffer earlier and clear it after privsep fork. ok and help dtucker@
     markus@
2005-01-24 21:55:49 +11:00
Darren Tucker 3c66080aa2 - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
the list of available kbdint devices if UsePAM=no.  ok djm@
2005-01-20 22:20:50 +11:00
Darren Tucker 33bc334a8b - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
bytes to prevent errors from login_init_entry() when the username is
   exactly 64 bytes(!) long.  From brhamon at cisco.com, ok djm@
2005-01-20 22:07:29 +11:00
Darren Tucker d231186fd0 - djm@cvs.openbsd.org 2004/12/22 02:13:19
[cipher-ctr.c cipher.c]
     remove fallback AES support for old OpenSSL, as OpenBSD has had it for
     many years now; ok deraadt@
     (Id sync only: Portable will continue to support older OpenSSLs)
2005-01-20 13:27:56 +11:00
Darren Tucker 36a3d60347 - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
existence via keyboard-interactive/pam, in conjunction with previous
   auth2-chall.c change; with Colin Watson and djm.
2005-01-20 12:43:38 +11:00
Darren Tucker 611649ebf0 - dtucker@cvs.openbsd.org 2005/01/19 13:11:47
[auth-bsdauth.c auth2-chall.c]
     Have keyboard-interactive code call the drivers even for responses for
     invalid logins.  This allows the drivers themselves to decide how to
     handle them and prevent leaking information where possible.  Existing
     behaviour for bsdauth is maintained by checking authctxt->valid in the
     bsdauth driver.  Note that any third-party kbdint drivers will now need
     to be able to handle responses for invalid logins.  ok markus@
2005-01-20 11:05:34 +11:00
Darren Tucker ea7c8127ce - dtucker@cvs.openbsd.org 2005/01/17 22:48:39
[sshd.c]
     Make debugging output continue after reexec; ok djm@
2005-01-20 11:03:08 +11:00
Darren Tucker f0e792ec1c - dtucker@cvs.openbsd.org 2005/01/17 03:25:46
[moduli.c]
     Correct spelling: SCHNOOR->SCHNORR; ok djm@
2005-01-20 11:02:26 +11:00
Darren Tucker b3509014ce - jmc@cvs.openbsd.org 2005/01/08 00:41:19
[sshd_config.5]
     `login'(n) -> `log in'(v);
2005-01-20 11:01:46 +11:00
Darren Tucker b2161e37f5 - markus@cvs.openbsd.org 2005/01/05 08:51:32
[sshconnect.c]
     remove dead code, log connect() failures with level error, ok djm@
2005-01-20 11:00:46 +11:00
Darren Tucker 0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
2005-01-20 10:57:56 +11:00