tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,183 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

166 Commits

Author SHA1 Message Date
Damien Miller 63b94128cb - (djm) OpenBSD CVS Sync 
- stevesk@cvs.openbsd.org 2006/08/06 01:13:32
     [compress.c monitor.c monitor_wrap.c]
     "zlib.h" can be <zlib.h>; ok djm@ markus@
 2006-08-19 00:21:46 +10:00
Damien Miller 9ab00b44c1 - stevesk@cvs.openbsd.org 2006/08/04 20:46:05 
[monitor.c session.c ssh-agent.c]
     spaces
 2006-08-05 12:40:11 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
 2006-08-05 12:39:39 +10:00
Damien Miller e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
 2006-08-05 11:34:19 +10:00
Damien Miller 8dbffe7904 - stevesk@cvs.openbsd.org 2006/07/26 02:35:17 
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h
 2006-08-05 11:02:17 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Darren Tucker 3997249346 - stevesk@cvs.openbsd.org 2006/07/11 20:07:25 
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@
 2006-07-12 22:22:46 +10:00
Damien Miller 57cf638577 - stevesk@cvs.openbsd.org 2006/07/09 15:15:11 
[auth2-none.c authfd.c authfile.c includes.h misc.c monitor.c]
     [readpass.c scp.c serverloop.c sftp-client.c sftp-server.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
     [sshlogin.c sshpty.c]
     move #include <fcntl.h> out of includes.h
 2006-07-10 21:13:46 +10:00
Damien Miller 194a1cb018 - stevesk@cvs.openbsd.org 2006/07/08 23:30:06 
[log.c]
     move user includes after /usr/include files
 2006-07-10 21:09:22 +10:00
Damien Miller e33b60343b - stevesk@cvs.openbsd.org 2006/07/08 21:48:53 
[monitor.c session.c]
     missed these from last commit:
     move #include <sys/socket.h> out of includes.h
 2006-07-10 21:08:34 +10:00
Damien Miller e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
 2006-07-10 21:08:03 +10:00
Damien Miller 9f2abc47eb - stevesk@cvs.openbsd.org 2006/07/06 16:03:53 
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@
 2006-07-10 20:53:08 +10:00
Darren Tucker f14b2aa672 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor 
and slave, we can remove the special-case handling in the audit hook in
   auth_log.
 2006-05-21 18:26:40 +10:00
Darren Tucker d8093e49bf - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c 
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
   in Portable-only code; since calloc zeros, remove now-redundant memsets.
   Also add a couple of sanity checks.  With & ok djm@
 2006-05-04 16:24:34 +10:00
Damien Miller 7a8f5b330d - dtucker@cvs.openbsd.org 2006/03/30 11:40:21 
[auth.c monitor.c]
     Prevent duplicate log messages when privsep=yes; ok djm@
 2006-03-31 23:14:23 +11:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller 07d86bec5e - djm@cvs.openbsd.org 2006/03/25 00:05:41 
[auth-bsdauth.c auth-skey.c auth.c auth2-chall.c channels.c]
     [clientloop.c deattack.c gss-genr.c kex.c key.c misc.c moduli.c]
     [monitor.c monitor_wrap.c packet.c scard.c sftp-server.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.c sshconnect2.c sshd.c uuencode.c]
     [xmalloc.c xmalloc.h]
     introduce xcalloc() and xasprintf() failure-checked allocations
     functions and use them throughout openssh

     xcalloc is particularly important because malloc(nmemb * size) is a
     dangerous idiom (subject to integer overflow) and it is time for it
     to die

     feedback and ok deraadt@
 2006-03-26 14:19:21 +11:00
Damien Miller 9f3bd53acd - deraadt@cvs.openbsd.org 2006/03/20 18:27:50 
[monitor.c]
     spacing
 2006-03-26 14:07:52 +11:00
Damien Miller 9096740f6c - deraadt@cvs.openbsd.org 2006/03/20 18:26:55 
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
     [ssh-rsa.c ssh.c sshlogin.c]
     annoying spacing fixes getting in the way of real diffs
 2006-03-26 14:07:26 +11:00
Damien Miller 96937bd914 - djm@cvs.openbsd.org 2006/03/20 04:09:44 
[monitor.c]
     memory leaks detected by Coverity via elad AT netbsd.org;
     deraadt@ ok
     that should be all of them now
 2006-03-26 14:01:54 +11:00
Damien Miller c91e556d8a - deraadt@cvs.openbsd.org 2006/03/19 18:53:12 
[kex.c kex.h monitor.c myproposal.h session.c]
     spacing
 2006-03-26 13:58:55 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Damien Miller 6645e7a70d - (djm) [auth-pam.c clientloop.c includes.h monitor.c session.c] 
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
   [sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/glob.c openbsd-compat/mktemp.c]
   [openbsd-compat/readpassphrase.c] Lots of include fixes for
   OpenSolaris
 2006-03-15 14:42:54 +11:00
Damien Miller a63128d1a8 - djm@cvs.openbsd.org 2006/03/07 09:07:40 
[kex.c kex.h monitor.c myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
     Implement the diffie-hellman-group-exchange-sha256 key exchange method
     using the SHA256 code in libc (and wrapper to make it into an OpenSSL
     EVP), interop tested against CVS PuTTY
     NB. no portability bits committed yet
 2006-03-15 12:08:28 +11:00
Damien Miller 6ff3caddb6 oops, this commit is really: 
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
     [clientloop.c includes.h monitor.c progressmeter.c scp.c]
     [serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
     move #include <signal.h> out of includes.h; ok markus@

the previous was:

   - stevesk@cvs.openbsd.org 2006/02/20 17:19:54
     [auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
     [authfile.c clientloop.c includes.h readconf.c scp.c session.c]
     [sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
     [sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
     [sshconnect2.c sshd.c sshpty.c]
     move #include <sys/stat.h> out of includes.h; ok markus@
 2006-03-15 11:52:09 +11:00
Damien Miller 9cf6d077fb - stevesk@cvs.openbsd.org 2006/02/10 01:44:27 
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
     [sftp.c sshconnect.c sshconnect2.c sshd.c]
     move #include <sys/wait.h> out of includes.h; ok markus@
 2006-03-15 11:29:24 +11:00
Damien Miller 0b70b54abc - stevesk@cvs.openbsd.org 2006/02/08 13:15:44 
[gss-serv.c monitor.c]
     small KNF
 2006-03-15 11:20:03 +11:00
Damien Miller 03e2003a23 - stevesk@cvs.openbsd.org 2006/02/08 12:15:27 
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
     [session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
     [sshd.c sshpty.c]
     move #include <paths.h> out of includes.h; ok markus@
 2006-03-15 11:16:59 +11:00
Damien Miller 6fd6defbce - stevesk@cvs.openbsd.org 2005/10/13 22:24:31 
[auth2-gss.c gss-genr.c gss-serv.c monitor.c]
     KNF; ok djm@
 2005-11-05 15:07:05 +11:00
Darren Tucker d4f04ae247 - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep 
child during PAM account check without clearing it.  This restores the
   post-login warnings such as LDAP password expiry.  Patch from Tomas Mraz
   with help from several others.
 2005-09-30 10:23:21 +10:00
Damien Miller 04b65335a8 - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls 2005-07-17 17:53:31 +10:00
Darren Tucker 69152291e7 - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read 
will free as needed.  ok tim@ djm@
 2005-04-03 12:44:23 +10:00
Darren Tucker de0de39082 - (dtucker) [monitor.c] Remaining part of fix for bug #1006. 2005-03-31 23:52:04 +10:00
Darren Tucker 47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05 
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
 2005-03-14 23:08:12 +11:00
Darren Tucker 3745e2bb62 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor 
when attempting to audit disconnect events.  Reported by Phil Dibowitz.
 2005-03-06 22:31:35 +11:00
Darren Tucker 5b53026f71 - dtucker@cvs.openbsd.org 2005/01/30 11:18:08 
[monitor.c]
     Make code match intent; ok djm@
 2005-02-09 09:52:17 +11:00
Darren Tucker 2e0cf0dca2 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c 
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
 2005-02-08 21:52:47 +11:00
Darren Tucker 598ba7b5e2 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. 2005-02-04 15:05:08 +11:00
Darren Tucker 269a1ea1c8 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c 
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
   (first stage) Add audit instrumentation to sshd, currently disabled by
   default.  with suggestions from and djm@
 2005-02-03 00:20:53 +11:00
Darren Tucker 77fc29eeb3 - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c] 
Bug #892: Send messages from failing PAM account modules to the client via
   SSH2_MSG_USERAUTH_BANNER messages.  Note that this will not happen with
   SSH2 kbdint authentication, which need to be dealt with separately.  ok djm@
 2004-09-11 23:07:03 +10:00
Darren Tucker 0999174755 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
     Move "Last logged in at.." message generation to the monitor, right
     before recording the new login.  Fixes missing lastlog message when
     /var/log/lastlog is not world-readable and incorrect datestamp when
     multiple sessions are used (bz #463);  much assistance & ok markus@
 2004-07-17 17:05:14 +10:00
Darren Tucker b09b677166 - dtucker@cvs.openbsd.org 2004/06/22 05:05:45 
[monitor.c monitor_wrap.c]
     Change login->username, will prevent -Wshadow errors in Portable;
     ok markus@
 2004-06-22 15:06:46 +10:00
Darren Tucker 7eda592ef0 - (dtucker) [monitor.c] Fix Portable-specific -Wshadow warnings on "socket". 2004-06-22 13:22:50 +10:00
Darren Tucker 3f9fdc7121 - avsm@cvs.openbsd.org 2004/06/21 17:36:31 
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
     cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
     monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
     ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
     sshpty.c]
     make ssh -Wshadow clean, no functional changes
     markus@ ok

There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
 2004-06-22 12:56:01 +10:00
Damien Miller f675fc4948 - djm@cvs.openbsd.org 2004/06/13 12:53:24 
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
     [ssh-keyscan.c sshconnect2.c sshd.c]
     implement diffie-hellman-group14-sha1 kex method (trivial extension to
     existing diffie-hellman-group1-sha1); ok markus@
 2004-06-15 10:30:09 +10:00
Darren Tucker 1f8311c836 - deraadt@cvs.openbsd.org 2004/05/11 19:01:43 
[auth.c auth2-none.c authfile.c channels.c monitor.c monitor_mm.c
     packet.c packet.h progressmeter.c session.c openbsd-compat/xmmap.c]
     improve some code lint did not like; djm millert ok
 2004-05-13 16:39:33 +10:00
Darren Tucker e14e005f41 - djm@cvs.openbsd.org 2004/05/09 01:19:28 
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
     sshd.c] removed: mpaux.c mpaux.h
     kill some more tiny files; ok deraadt@
 2004-05-13 16:30:44 +10:00
Darren Tucker 06a8cfe796 - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly 
4-arg, with compatibility for 3-arg versions.  From djm@, ok me.
 2004-04-14 17:24:30 +10:00
Ben Lindstrom 036768e48c - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested 
limiting scope and dtucker@ agreed.
 2004-04-08 16:12:30 +00:00
Ben Lindstrom 1b9f2a6b44 - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers 
back and #undef TARGET_OS_MAC instead.  (Bug report pending with Apple)
 2004-04-08 05:11:03 +00:00
Ben Lindstrom a8104b5c92 - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see 
if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X)
   are starting to restrict it as internal since it is not needed by
    developers any more. (Patch based on Apple tree)
- (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since
    krb5 on MacOS/X conflicts.  There may be a better solution, but this will
    work for now.
 2004-04-07 04:16:11 +00:00
Darren Tucker dbf7a74ee5 - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c 
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
   even if keyboard-interactive is not used by the client.  Prevents segfaults
   in some cases where the user's password is expired (note this is not
   considered a security exposure).  ok djm@
 2004-03-08 23:04:06 +11:00
Darren Tucker a8be9e23d2 - dtucker@cvs.openbsd.org 2004/02/05 05:37:17 
[monitor.c sshd.c]
     Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
 2004-02-06 16:40:27 +11:00
Damien Miller 787b2ec18c more whitespace (tabs this time) 2003-11-21 23:56:47 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Damien Miller f96d18362d - djm@cvs.openbsd.org 2003/11/18 10:53:07 
[monitor.c]
     unbreak fake authloop for non-existent users (my screwup). Spotted and
     tested by dtucker@; ok markus@
 2003-11-18 22:01:48 +11:00
Damien Miller 6aef38f5ac - (djm) Fix early exit for root auth success when UsePAM=yes and 
PermitRootLogin=no
 2003-11-18 10:45:20 +11:00
Damien Miller 0425d40194 - markus@cvs.openbsd.org 2003/11/17 11:06:07 
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h sshconnect2.c ssh-gss.h]
     replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
     test + ok jakob.
 2003-11-17 22:18:21 +11:00
Damien Miller 3e3b5145e5 - djm@cvs.openbsd.org 2003/11/04 08:54:09 
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
     [session.c]
     standardise arguments to auth methods - they should all take authctxt.
     check authctxt->valid rather then pw != NULL; ok markus@
 2003-11-17 21:13:40 +11:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11 
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
 2003-10-02 16:12:36 +10:00
Damien Miller 856f0be669 - markus@cvs.openbsd.org 2003/08/26 09:58:43 
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
     [auth2.c monitor.c]
     fix passwd auth for 'username leaks via timing'; with djm@, original
     patches from solar
 2003-09-03 07:32:45 +10:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34 
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
 2003-09-02 22:51:17 +10:00
Darren Tucker 600ad8de76 - deraadt@cvs.openbsd.org 2003/08/24 17:36:52 
[monitor.c monitor_wrap.c sshconnect2.c]
     64 bit cleanups; markus ok
 2003-08-26 12:10:48 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09 
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
 2003-08-26 11:49:55 +10:00
Damien Miller 1f499fd368 - (djm) Bug #564: Perform PAM account checks for all authentications when 
UsePAM=yes; ok dtucker
 2003-08-25 13:08:49 +10:00
Darren Tucker 6aaa58c470 - (dtucker) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
 2003-08-02 22:24:49 +10:00
Darren Tucker 502d384b74 - markus@cvs.openbsd.org 2003/06/24 08:23:46 
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
      monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
     int -> u_int; ok djm@, deraadt@, mouring@
 2003-06-28 12:38:01 +10:00
Damien Miller 469954debd - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/06/12 07:57:38
     [monitor.c sshlogin.c sshpty.c]
     typos; dtucker at zip.com.au
 2003-06-18 20:25:33 +10:00
Damien Miller 3a961dc0d3 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
 2003-06-03 10:25:48 +10:00
Damien Miller 04bd8b0bcc - djm@cvs.openbsd.org 2003/05/24 09:30:40 
[authfile.c monitor.c sftp-common.c sshpty.c]
     cast some types for printing; ok markus@
 2003-05-25 14:38:33 +10:00
Damien Miller be64d43d01 - markus@cvs.openbsd.org 2003/05/14 08:57:49 
[monitor.c]
     http://bugzilla.mindrot.org/show_bug.cgi?id=560
     Privsep child continues to run after monitor killed.
     Pass monitor signals through to child; Darren Tucker
 2003-05-14 19:31:12 +10:00
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control 
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
 2003-05-14 15:11:48 +10:00
Damien Miller 3ab496b3dd - markus@cvs.openbsd.org 2003/05/14 02:15:47 
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
     implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
     server interops with commercial client; ok jakob@ djm@
 2003-05-14 13:47:37 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 4f9f42a9bb - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with 
proper challenge-response module
 2003-05-10 19:28:02 +10:00
Damien Miller eab4bae038 - (djm) Add back radix.o (used by AFS support), after it went missing from 
Makefile many moons ago
 - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
 - (djm) Fix blibpath specification for AIX/gcc
 - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
 2003-04-29 23:22:40 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller a5539d2698 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/04/02 09:48:07
     [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
     [readconf.h serverloop.c sshconnect2.c]
     reapply rekeying chage, tested by henning@, ok djm@
 2003-04-09 20:50:06 +10:00
Damien Miller 2dc074ef4b - markus@cvs.openbsd.org 2003/04/01 10:10:23 
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
     [readconf.h serverloop.c sshconnect2.c]
     rekeying bugfixes and automatic rekeying:
     * both client and server rekey _automatically_
           (a) after 2^31 packets, because after 2^32 packets
               the sequence number for packets wraps
           (b) after 2^(blocksize_in_bits/4) blocks
       (see: draft-ietf-secsh-newmodes-00.txt)
       (a) and (b) are _enabled_ by default, and only disabled for known
       openssh versions, that don't support rekeying properly.
     * client option 'RekeyLimit'
     * do not reply to requests during rekeying
   - markus@cvs.openbsd.org 2003/04/01 10:22:21
     [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
     [readconf.h serverloop.c sshconnect2.c]
     backout rekeying changes (for 3.6.1)
 2003-04-01 21:43:39 +10:00
Damien Miller b062c293e0 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/03/23 19:02:00
     [monitor.c]
     unbreak rekeying for privsep; ok millert@
 2003-03-24 09:12:09 +11:00
Damien Miller 0011138d47 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/03/05 22:33:43
     [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
     [sftp-server.c ssh-add.c sshconnect2.c]
     fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
 2003-03-10 11:21:17 +11:00
Damien Miller 06ebedf365 - markus@cvs.openbsd.org 2003/02/16 17:30:33 
[monitor.c monitor_wrap.c]
     fix permitrootlogin forced-commands-only for privsep; bux #387; ok provos@
 2003-02-24 12:03:38 +11:00
Damien Miller b7df3af154 - markus@cvs.openbsd.org 2003/02/04 09:33:22 
[monitor.c monitor_wrap.c]
     skey/bsdauth: use 0 to indicate failure instead of -1, because
     the buffer API only supports unsigned ints.
 2003-02-24 11:55:46 +11:00
Ben Lindstrom 41ee2b0d77 - markus@cvs.openbsd.org 2002/11/05 19:45:20 
[monitor.c]
     handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
 2002-11-09 15:47:47 +00:00
Damien Miller d94e549ea8 - markus@cvs.openbsd.org 2002/09/26 11:38:43 
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h]
     krb4 + privsep; ok dugsong@, deraadt@
 2002-09-27 13:25:58 +10:00
Damien Miller ef73f50a12 - markus@cvs.openbsd.org 2002/09/24 08:46:04 
[monitor.c]
     only call kerberos code for authctxt->valid
 2002-09-25 12:20:17 +10:00
Damien Miller 7db40c9e2e - markus@cvs.openbsd.org 2002/09/23 22:11:05 
[monitor.c]
     only call auth_krb5 if kerberos is enabled; ok deraadt@
 2002-09-25 12:19:39 +10:00
Damien Miller a10f56151b - markus@cvs.openbsd.org 2002/09/09 14:54:15 
[channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
     signed vs unsigned from -pedantic; ok henning@
 2002-09-12 09:49:15 +10:00
Damien Miller 25162f2518 - itojun@cvs.openbsd.org 2002/09/09 06:48:06 
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
     [monitor_wrap.c monitor_wrap.h]
     kerberos support for privsep.  confirmed to work by lha@stacken.kth.se
     patch from markus
 2002-09-12 09:47:29 +10:00
Damien Miller ebc2306629 - stevesk@cvs.openbsd.org 2002/08/29 15:57:25 
[monitor.c session.c sshlogin.c sshlogin.h]
     pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
     NOTE: there are also p-specific parts to this patch. ok markus@
 2002-09-04 16:45:09 +10:00
Ben Lindstrom 0a4f7542da - millert@cvs.openbsd.org 2002/08/02 14:43:15 
[monitor.c monitor_mm.c]
     Change mm_zalloc() sanity checks to be more in line with what
     we do in calloc() and add a check to monitor_mm.c.
     OK provos@ and markus@
 2002-08-20 18:36:25 +00:00
Ben Lindstrom 7cea16bad5 - stevesk@cvs.openbsd.org 2002/07/22 17:32:56 
[monitor.c]
     u_int here; ok provos@
 2002-07-23 21:13:40 +00:00
Ben Lindstrom eec16fcb27 - deraadt@cvs.openbsd.org 2002/06/27 10:35:47 
[auth2-none.c monitor.c sftp-client.c]
     use xfree()
 2002-07-04 00:06:15 +00:00
Ben Lindstrom 35a2cb9b41 - deraadt@cvs.openbsd.org 2002/06/27 09:08:00 
[monitor.c]
     improve mm_zalloc check; markus ok
 2002-07-04 00:05:06 +00:00
Ben Lindstrom d5502180cd - deraadt@cvs.openbsd.org 2002/06/26 14:49:36 
[monitor.c]
     correct %u
 2002-06-27 00:12:57 +00:00
Damien Miller 530a754d38 - deraadt@cvs.openbsd.org 2002/06/26 13:20:57 
[monitor.c]
     be careful in mm_zalloc
 2002-06-26 23:27:11 +10:00
Kevin Steves cfae58c059 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM 2002-06-25 22:43:19 +00:00
Ben Lindstrom e1c0912cb6 - stevesk@cvs.openbsd.org 2002/06/22 23:09:51 
[monitor.c]
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@
 2002-06-23 00:38:24 +00:00
Damien Miller 2d6b83353b - djm@cvs.openbsd.org 2002/06/21 05:50:51 
[monitor.c]
     Don't initialise compression buffers when compression=no in sshd_config;
     ok Niels@
 2002-06-21 15:59:49 +10:00
Ben Lindstrom 402c6cc681 - markus@cvs.openbsd.org 2002/06/19 18:01:00 
[cipher.c monitor.c monitor_wrap.c packet.c packet.h]
     make the monitor sync the transfer ssh1 session key;
     transfer keycontext only for RC4 (this is still depends on EVP
     implementation details and is broken).
 2002-06-21 00:43:42 +00:00