8ea84561c4
- (dtucker) [INSTALL] Give PAM its own heading.
2007-08-17 22:12:14 +10:00
ea43c49650
- (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.
2007-08-17 22:10:10 +10:00
1a32953e48
- (dtucker) [INSTALL] Group the parts describing random options and PAM
...
implementations together which is hopefully more coherent.
2007-08-17 22:03:09 +10:00
637cc404c6
typo
2007-08-17 21:40:22 +10:00
1a9176bf22
- (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
...
accounts and that's what the code looks for, so make man page and code
agree. Pointed out by Roumen Petrov.
2007-08-17 09:42:32 +10:00
9142e1c66d
- (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
...
connections too. Based on a patch from Sandro Wefel, with & ok djm@
2007-08-16 23:28:04 +10:00
fc5d188b34
- stevesk@cvs.openbsd.org 2007/08/15 12:13:41
...
[ssh_config.5]
tun device forwarding now honours ExitOnForwardFailure; ok markus@
2007-08-15 22:20:22 +10:00
9d81fdc664
- (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec
...
contrib/suse/openssh.spec] Crank version.
2007-08-15 19:22:20 +10:00
794f97026e
- (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.
...
ok djm@
2007-08-15 19:17:43 +10:00
69fe0e1398
- markus@cvs.openbsd.org 2007/08/15 08:16:49
...
[version.h]
openssh 4.7
2007-08-15 19:14:52 +10:00
513d13accd
- markus@cvs.openbsd.org 2007/08/15 08:14:46
...
[clientloop.c]
do NOT fall back to the trused x11 cookie if generation of an untrusted
cookie fails; from security-alert at sun.com; ok dtucker
2007-08-15 19:13:41 +10:00
2d9636471b
- (dtucker) [session.c] Bug #1339 : ensure that pam_setcred() is always
...
called with PAM_ESTABLISH_CRED at least once, which resolves a problem
with pam_dhkeys. Patch from David Leonard, ok djm@
2007-08-13 23:11:56 +10:00
8acb3b665b
- (dtucker) [configure.ac] Bug #1343 : Set DISABLE_FD_PASSING for QNX6. From.
...
Matt Kraai, ok djm@.
2007-08-10 14:36:12 +10:00
57d4ca9681
- (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
2007-08-10 14:32:34 +10:00
7015e9667a
Credit Bernhard Simon who also reported this.
2007-08-09 15:03:23 +10:00
a5b6f72a52
- (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't
...
used anywhere and are a potential source of warnings.
2007-08-09 14:37:52 +10:00
6f6b27d515
- (dtucker) [README.platform] Document the interaction between PermitRootLogin
...
and the AIX native login restrictions.
2007-08-09 14:31:53 +10:00
863cfa0e6f
- (dtucker) [openbsd-compat/port-aix.c] Comment typo.
2007-08-09 14:29:47 +10:00
b3ce9fec30
- djm@cvs.openbsd.org 2007/08/07 07:32:53
...
[clientloop.c clientloop.h ssh.c]
bz#1232: ensure that any specified LocalCommand is executed after the
tunnel device is opened. Also, make failures to open a tunnel device
fatal when ExitOnForwardFailure is active.
Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
2007-08-08 14:32:41 +10:00
647d97b1ab
- sobrado@cvs.openbsd.org 2007/08/06 19:16:06
...
[scp.1 scp.c]
the ellipsis is not an optional argument; while here, sync the usage
and synopsis of commands
lots of good ideas by jmc@
ok jmc@
2007-08-08 14:29:58 +10:00
932040285f
- ray@cvs.openbsd.org 2007/07/12 05:48:05
...
[key.c]
Delint: remove some unreachable statements, from Bret Lambert.
OK markus@ and dtucker@.
2007-08-08 14:28:26 +10:00
cd22d30f32
- (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}|
2007-07-24 21:40:59 -07:00
ffe3a8ec7e
- (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5)
...
files are installed.
2007-07-24 21:16:07 -07:00
bf0212d1b7
- (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call.
...
Report/patch by David.Leonard AT quest.com
2007-07-24 20:54:09 -07:00
947fd59f7a
- (tim) [openssh.xml.in] make FMRI match what package scripts use.
2007-07-24 13:13:42 -07:00
0d7b93473c
- (djm) bz#1325: Fix SELinux in permissive mode where it would
...
incorrectly fatal() on errors. patch from cjwatson AT debian.org;
ok dtucker
2007-06-28 08:48:02 +10:00
febf0f5668
- (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
Add an implementation of poll() built on top of select(2). Code from
OpenNTPD with changes suggested by djm. ok djm@
2007-06-25 22:15:12 +10:00
dc4a779fbb
- dtucker@cvs.openbsd.org 2007/06/25 12:02:27
...
[atomicio.c]
Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
2007-06-25 22:08:10 +10:00
9e223240ac
- (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
...
atomicio.
2007-06-25 19:06:53 +10:00
ae09cb8a71
- dtucker@cvs.openbsd.org 2007/06/25 08:20:03
...
[channels.c]
Correct test for window updates every three packets; prevents sending
window updates for every single packet. ok markus@
2007-06-25 19:04:46 +10:00
ab17f7d67b
- djm@cvs.openbsd.org 2007/06/19 02:04:43
...
[atomicio.c]
if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
avoid a spin if it is not yet ready for reading/writing; ok dtucker@
2007-06-25 19:04:12 +10:00
132367f76f
- djm@cvs.openbsd.org 2007/06/14 22:48:05
...
[ssh.c]
when waiting for the multiplex exit status, read until the master end
writes an entire int of data *and* closes the client_fd; fixes mux
regression spotted by dtucker, ok dtucker@
2007-06-25 18:59:17 +10:00
d989adadd3
- djm@cvs.openbsd.org 2007/06/14 21:43:25
...
[ssh.c]
handle EINTR when waiting for mux exit status properly
2007-06-25 18:34:43 +10:00
067263e848
- djm@cvs.openbsd.org 2007/06/13 00:21:27
...
[scp.c]
don't ftruncate() non-regular files; bz#1236 reported by wood AT
xmission.com; ok dtucker@
2007-06-25 18:32:33 +10:00
7dae3d296e
- (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
...
of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
subsequent <0.9.7 test.
2007-06-14 23:47:31 +10:00
a2ed75582f
- (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
...
sections. Fixes builds with early OpenSSL 0.9.6 versions.
2007-06-14 23:38:39 +10:00
cb52017ad9
- (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
...
USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
shared with umac.c. Allows building with OpenSSL 0.9.5 again including
umac support. With tim@ djm@, ok djm.
2007-06-14 23:21:32 +10:00
bed63112f5
- dtucker@cvs.openbsd.org 2007/06/12 13:54:28
...
[scp.c]
Encode filename with strnvis if the name contains a newline (which can't
be represented in the scp protocol), from bz #891 . ok markus@
2007-06-13 00:02:07 +10:00
0409e15078
- jmc@cvs.openbsd.org 2007/06/12 13:43:55
...
[ssh.1]
add -K to SYNOPSIS;
2007-06-13 00:00:58 +10:00
930cb0b718
- jmc@cvs.openbsd.org 2007/06/12 13:41:03
...
[ssh-add.1]
identies -> identities;
2007-06-13 00:00:27 +10:00
b1e128f75a
- dtucker@cvs.openbsd.org 2007/06/12 11:56:15
...
[gss-genr.c]
Pass GSS OID to gss_display_status to provide better information in
error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
2007-06-12 23:44:36 +10:00
2604749651
- djm@cvs.openbsd.org 2007/06/12 11:45:27
...
[ssh.c]
improved exit message from multiplex slave sessions; bz #1262
reported by alexandre.nunes AT gmail.com; ok dtucker@
2007-06-12 23:44:10 +10:00
415bddc1bd
- djm@cvs.openbsd.org 2007/06/12 11:15:17
...
[ssh.c ssh.1]
Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
and is useful for hosts with /home on Kerberised NFS; bz #1312
patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
2007-06-12 23:43:16 +10:00
2cbec749d7
- djm@cvs.openbsd.org 2007/06/12 11:11:08
...
[ssh.c]
fix slave exit value when a control master goes away without passing the
full exit status by ensuring that the slave reads a full int. bz#1261
reported by frekko AT gmail.com; ok markus@ dtucker@
2007-06-12 23:41:33 +10:00
43ce902449
- djm@cvs.openbsd.org 2007/06/12 08:24:20
...
[scp.c]
make scp try to skip FIFOs rather than blocking when nothing is listening.
depends on the platform supporting sane O_NONBLOCK semantics for open
on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
bz #856 ; report by cjwatson AT debian.org; ok markus@
2007-06-12 23:41:06 +10:00
8f6d0ed60e
- djm@cvs.openbsd.org 2007/06/12 08:20:00
...
[ssh-gss.h gss-serv.c gss-genr.c]
relocate server-only GSSAPI code from libssh to server; bz #1225
patch from simon AT sxw.org.uk; ok markus@ dtucker@
2007-06-12 23:40:39 +10:00
29a5707acc
- djm@cvs.openbsd.org 2007/06/12 07:41:00
...
[ssh-add.1]
better document ssh-add's -d option (delete identies from agent), bz#1224
new text based on some provided by andrewmc-debian AT celt.dias.ie;
ok dtucker@
2007-06-12 23:39:52 +10:00
395ecc2bde
- markus@cvs.openbsd.org 2007/06/11 09:14:00
...
[channels.h]
increase default channel windows; ok djm
2007-06-12 23:38:53 +10:00
3191a8e8ba
- markus@cvs.openbsd.org 2007/06/11 08:04:44
...
[channels.c]
send 'window adjust' messages every tree packets and do not wait
until 50% of the window is consumed. ok djm dtucker
2007-06-11 18:33:15 +10:00
725286e223
- (dtucker) [includes.h] Bug #1243 : HAVE_PATHS -> HAVE_PATHS_H. Should
...
prevent warnings about redefinitions of various things in paths.h.
Spotted by cartmanltd at hotmail.com.
2007-06-11 14:44:02 +10:00
Darren Tucker
Damien Miller
Tim Rice