0425d40194
- markus@cvs.openbsd.org 2003/11/17 11:06:07
...
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h sshconnect2.c ssh-gss.h]
replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
test + ok jakob.
2003-11-17 22:18:21 +11:00
51bf11fcc9
- djm@cvs.openbsd.org 2003/11/17 09:45:39
...
[msg.c msg.h sshconnect2.c ssh-keysign.c]
return error on msg send/receive failure (rather than fatal); ok markus@
2003-11-17 21:20:47 +11:00
91c6aa4468
- markus@cvs.openbsd.org 2003/11/14 13:19:09
...
[sshconnect2.c]
cleanup and minor fixes for the client code; from Simon Wilkinson
2003-11-17 21:20:18 +11:00
655a5e0987
- markus@cvs.openbsd.org 2003/11/02 11:01:03
...
[auth2-gss.c compat.c compat.h sshconnect2.c]
remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
2003-11-03 20:09:03 +11:00
56afe145e0
- avsm@cvs.openbsd.org 2003/10/26 16:57:43
...
[sshconnect2.c]
rename 'supported' static var in userauth_gssapi() to 'gss_supported'
to avoid shadowing the global version. markus@ ok
2003-11-03 20:06:14 +11:00
d05b601895
- markus@cvs.openbsd.org 2003/10/11 08:26:43
...
[sshconnect2.c]
search keys in reverse order; fixes #684
2003-10-15 15:55:59 +10:00
796448276c
- deraadt@cvs.openbsd.org 2003/10/07 21:58:28
...
[sshconnect2.c]
set ptr to NULL after free
2003-10-08 17:37:58 +10:00
046dff2a07
- dtucker@cvs.openbsd.org 2003/10/07 01:47:27
...
[sshconnect2.c]
Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & #707 .
ok markus@
2003-10-08 17:32:02 +10:00
08bbb2f69d
- djm@cvs.openbsd.org 2003/08/25 10:33:33
...
[sshconnect2.c]
fprintf->logit to silence login banner with "ssh -q"; ok markus@
2003-08-26 12:14:05 +10:00
600ad8de76
- deraadt@cvs.openbsd.org 2003/08/24 17:36:52
...
[monitor.c monitor_wrap.c sshconnect2.c]
64 bit cleanups; markus ok
2003-08-26 12:10:48 +10:00
be1a901f99
- markus@cvs.openbsd.org 2003/08/22 13:20:03
...
[sshconnect2.c]
remove support for "kerberos-2@ssh.com"
2003-08-26 12:04:31 +10:00
49aaf4ad52
- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
...
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-26 11:58:16 +10:00
0efd155c3c
- markus@cvs.openbsd.org 2003/08/22 10:56:09
...
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
support GSS API user authentication; patches from Simon Wilkinson,
stripped down and tested by Jakob and myself.
2003-08-26 11:49:55 +10:00
502d384b74
- markus@cvs.openbsd.org 2003/06/24 08:23:46
...
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
int -> u_int; ok djm@, deraadt@, mouring@
2003-06-28 12:38:01 +10:00
f842fcb296
- markus@cvs.openbsd.org 2003/05/15 00:28:28
...
[sshconnect2.c]
cleanup unregister of per-method packet handlers; ok djm@
2003-05-15 12:01:28 +10:00
4d99519535
- (djm) Avoid KrbV leak for MIT Kerberos
2003-05-14 19:23:56 +10:00
9c617693c2
- (djm) Make portable build with MIT krb5 (some issues remain)
2003-05-14 14:31:11 +10:00
3ab496b3dd
- markus@cvs.openbsd.org 2003/05/14 02:15:47
...
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
2003-05-14 13:47:37 +10:00
280ecfb6e4
- markus@cvs.openbsd.org 2003/05/12 16:55:37
...
[sshconnect2.c]
for pubkey authentication try the user keys in the following order:
1. agent keys that are found in the config file
2. other agent keys
3. keys that are only listed in the config file
this helps when an agent has many keys, where the server might
close the connection before the correct key is used. report & ok pb@
2003-05-14 13:46:00 +10:00
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
996acd2476
*** empty log message ***
2003-04-09 20:59:48 +10:00
a5539d2698
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/04/02 09:48:07
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
reapply rekeying chage, tested by henning@, ok djm@
2003-04-09 20:50:06 +10:00
2dc074ef4b
- markus@cvs.openbsd.org 2003/04/01 10:10:23
...
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
2003-04-01 21:43:39 +10:00
0011138d47
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/03/05 22:33:43
[channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
[sftp-server.c ssh-add.c sshconnect2.c]
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-03-10 11:21:17 +11:00
8e7fb33523
- markus@cvs.openbsd.org 2003/02/16 17:09:57
...
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@
2003-02-24 12:03:03 +11:00
1b96cfb975
- (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since
...
we already did s/msg_send/ssh_msg_send/
2002-12-23 02:58:17 +00:00
1d568f9fce
- markus@cvs.openbsd.org 2002/12/13 10:03:15
...
[channels.c misc.c sshconnect2.c]
cleanup debug messages, more useful information for the client user.
2002-12-23 02:44:36 +00:00
064496feaa
- markus@cvs.openbsd.org 2002/11/21 22:45:31
...
[cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
debug->debug2, unify debug messages
2002-12-23 02:04:22 +00:00
901119beab
- (djm) Bug #406 : s/msg_send/ssh_msg_send/ for Mac OS X 1.2
2002-10-04 11:10:04 +10:00
343010ad50
- markus@cvs.openbsd.org 2002/07/01 19:48:46
...
[sshconnect2.c]
for compression=yes, we fallback to no-compression if the server does
not support compression, vice versa for compression=no. ok mouring@
2002-07-04 00:16:25 +00:00
a962c2fb35
- deraadt@cvs.openbsd.org 2002/06/30 21:59:45
...
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
sshconnect2.c sshd.c]
minor KNF
2002-07-04 00:14:17 +00:00
5c3855210e
- deraadt@cvs.openbsd.org 2002/06/23 03:30:58
...
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
sshpty.c]
various KNF and %d for unsigned
2002-06-23 21:23:20 +00:00
cb72e4f6d2
- deraadt@cvs.openbsd.org 2002/06/19 00:27:55
...
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
xmalloc.h]
KNF done automatically while reading....
2002-06-21 00:41:51 +00:00
cec2ea8d02
- markus@cvs.openbsd.org 2002/05/31 10:30:33
...
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
2002-06-06 20:51:04 +00:00
4887da222b
- markus@cvs.openbsd.org 2002/05/25 08:50:39
...
[sshconnect2.c]
execlp->execl; from stevesk
2002-06-06 20:05:57 +00:00
5206b951c6
- markus@cvs.openbsd.org 2002/05/24 08:45:14
...
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
2002-06-06 19:59:29 +00:00
1bad256822
- markus@cvs.openbsd.org 2002/05/23 19:24:30
...
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
2002-06-06 19:57:33 +00:00
c85496222b
[sshconnect2.c] change uint32_t to u_int32_t
2002-03-31 12:49:38 -08:00
38a69e6b53
- markus@cvs.openbsd.org 2002/03/26 15:58:46
...
[readpass.c readpass.h sshconnect2.c]
client side support for PASSWD_CHANGEREQ
2002-03-27 17:28:46 +00:00
6328ab3989
- markus@cvs.openbsd.org 2002/03/19 10:49:35
...
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
ttymodes.c]
KNF whitespace
2002-03-22 02:54:23 +00:00
c58ab02e45
- markus@cvs.openbsd.org 2002/02/25 16:33:27
...
[ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
more u_* fixes
2002-02-26 18:15:09 +00:00
90fd814f90
- markus@cvs.openbsd.org 2002/02/24 19:14:59
...
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
signed vs. unsigned: make size arguments u_int, ok stevesk@
2002-02-26 18:09:42 +00:00
68f45983b2
- markus@cvs.openbsd.org 2002/02/03 17:59:23
...
[sshconnect2.c]
more cross checking if announced vs. used key type; ok stevesk@
2002-02-05 12:23:32 +11:00
3a8262ffcc
- markus@cvs.openbsd.org 2002/01/25 21:00:24
...
[sshconnect2.c]
unused include
2002-02-05 11:53:15 +11:00
0e3b87279c
- markus@cvs.openbsd.org 2002/01/13 17:57:37
...
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
630d6f4479
- markus@cvs.openbsd.org 2001/12/28 15:06:00
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
remove plen from the dispatch fn. it's no longer used.
2002-01-22 23:17:30 +11:00
dff5099f13
- markus@cvs.openbsd.org 2001/12/28 14:50:54
...
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
48b03fc546
- markus@cvs.openbsd.org 2001/12/27 20:39:58
...
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
278f907a2d
- djm@cvs.openbsd.org 2001/12/20 22:50:24
...
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net ; ok markus@
2001-12-21 15:00:19 +11:00
9f0f5c64bc
- deraadt@cvs.openbsd.org 2001/12/19 07:18:56
...
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
[auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
[cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
[match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
[servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
[sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
[ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Damien Miller
Darren Tucker
Ben Lindstrom
Tim Rice