Commit Graph

3707 Commits

Author SHA1 Message Date
Darren Tucker b7d55e3eb5 - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode
and other PAM platforms.
2004-10-06 20:09:32 +10:00
Darren Tucker 59f79c4014 - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ 2004-09-30 21:17:08 +10:00
Darren Tucker 4127f559ad - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one,
which could have caused the justification to be wrong.  ok djm@
2004-09-23 21:35:09 +10:00
Darren Tucker 5d596139d4 - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin
install process.  Patch from vinschen at redhat.com.
2004-09-21 21:35:55 +10:00
Darren Tucker 50fbb45dbd - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too.
ok djm@
2004-09-21 21:32:12 +10:00
Darren Tucker 623d92f0b2 - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile.
Partly by & ok djm@.
2004-09-12 22:36:15 +10:00
Damien Miller 2aa6d3cfce - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
banner. Suggested by deraadt@, ok mouring@, dtucker@
2004-09-12 16:53:04 +10:00
Damien Miller b0aae333fd - (djm) [loginrec.c] xmalloc 2004-09-12 15:26:00 +10:00
Damien Miller 6b0279c084 - (djm) [loginrec.c] __func__ifiy 2004-09-12 15:25:17 +10:00
Damien Miller 8899ed3b62 - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file.
No change in resultant binary
2004-09-12 15:18:55 +10:00
Darren Tucker 5614d8f8c4 - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert
at anl.gov, ok djm@
2004-09-11 23:32:09 +10:00
Darren Tucker a0c2b394b4 - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure.
Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me.  ok djm@
2004-09-11 23:26:37 +10:00
Darren Tucker a2a3ed0010 - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ 2004-09-11 23:09:53 +10:00
Darren Tucker 77fc29eeb3 - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
Bug #892: Send messages from failing PAM account modules to the client via
   SSH2_MSG_USERAUTH_BANNER messages.  Note that this will not happen with
   SSH2 kbdint authentication, which need to be dealt with separately.  ok djm@
2004-09-11 23:07:03 +10:00
Damien Miller 4765679649 - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c]
Make cygwin code more consistent with that which surrounds it
2004-09-11 22:42:09 +10:00
Darren Tucker 0a7e3c6c89 - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change. 2004-09-11 22:28:01 +10:00
Darren Tucker 69687f4b65 - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
failing PAM session modules to user then exit, similar to the way
   /etc/nologin is handled.  ok djm@
2004-09-11 22:17:26 +10:00
Damien Miller 928a19ad9e - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ 2004-09-11 15:18:05 +10:00
Darren Tucker 25a1234ef7 - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability
of shell constructs.  Patch from cjwatson at debian.org.
2004-08-30 21:33:02 +10:00
Darren Tucker 476b7ecfe4 - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from
vinschen at redhat.com.
2004-08-30 21:13:49 +10:00
Darren Tucker 14c372d49d - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
copy required environment variables on Cygwin.  Patch from vinschen at
   redhat.com, ok djm@
2004-08-30 20:42:08 +10:00
Darren Tucker 5a88d00349 - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
accounts with authentication configs that sshd can't support (ie
   SYSTEM=NONE and AUTH1=something).
2004-08-29 21:43:33 +10:00
Darren Tucker cf59d31761 - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. 2004-08-29 21:18:09 +10:00
Darren Tucker b17035fb7f - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64
too; patch from cmadams at hiwaay.net.
2004-08-29 20:33:07 +10:00
Darren Tucker 2a502ff310 - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree
builds too, from vinschen at redhat.com.
2004-08-29 19:52:32 +10:00
Darren Tucker 0521dcb22e - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like
files ending in .exe that aren't binaries; patch from vinschen at redhat.com.
2004-08-29 19:39:09 +10:00
Darren Tucker 07d30e4579 - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
down, needed on some platforms, should be harmless on others.  Patch from
   jason at devrandom.org.
2004-08-29 17:14:31 +10:00
Darren Tucker 2a81adc35c - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not
support FD passing since multiplex requires it.  Noted by tim@
2004-08-29 17:09:34 +10:00
Darren Tucker 48d99d36bb - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check,
fixes configure warning on Solaris reported by wknox at mitre.org.
2004-08-29 17:04:50 +10:00
Darren Tucker 0f56ed16b8 - djm@cvs.openbsd.org 2004/08/28 01:01:48
[sshd.c]
     don't erroneously close stdin for !reexec case, from Dave Johnson;
     ok markus@
2004-08-29 16:38:41 +10:00
Darren Tucker db69390817 - markus@cvs.openbsd.org 2004/08/26 16:00:55
[ssh.1 sshd.8]
     get rid of references to rhosts authentication; with jmc@
2004-08-29 16:37:24 +10:00
Darren Tucker 34620d6f71 - dtucker@cvs.openbsd.org 2004/08/23 14:29:23
[ssh-keysign.c]
     Remove duplicate getuid(), suggested by & ok markus@
2004-08-29 16:32:59 +10:00
Darren Tucker 27a8f6b056 - dtucker@cvs.openbsd.org 2004/08/23 14:26:38
[ssh-keysign.c ssh.c]
     Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
     change in Portable; ok markus@ (CVS ID sync only)
2004-08-29 16:31:28 +10:00
Darren Tucker e6ed83976b - djm@cvs.openbsd.org 2004/08/23 11:48:47
[channels.c]
     typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
2004-08-29 16:29:44 +10:00
Darren Tucker f4b43712c1 - djm@cvs.openbsd.org 2004/08/23 11:48:09
[authfile.c]
     fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
2004-08-29 16:28:39 +10:00
Darren Tucker f00e51d1f2 - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
   From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
2004-08-29 16:12:29 +10:00
Darren Tucker 11bdc01cfe Add filename to ChangeLog entry 2004-08-28 16:17:35 +10:00
Darren Tucker f0c2aeaf3d - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from
vinschen at redhat.com.
2004-08-28 15:46:57 +10:00
Damien Miller b0419f26d0 - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by
Martin.Kraemer AT Fujitsu-Siemens.com
2004-08-23 21:53:28 +10:00
Damien Miller 7daf044aa2 - (djm) [ssh-rand-helper.c] Typo. Found by
Martin.Kraemer AT Fujitsu-Siemens.com
2004-08-23 21:52:08 +10:00
Damien Miller e17cc75fe3 - (djm) Release 3.9p1 2004-08-17 22:50:40 +10:00
Damien Miller d545285ec1 - (djm) Crank RPM spec version numbers 2004-08-17 22:49:12 +10:00
Damien Miller 87c9cca391 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/08/16 08:17:01
     [version.h]
     3.9
2004-08-17 22:47:41 +10:00
Darren Tucker bad5f2d329 - (dtucker) [regress/README.regress] Note compatibility issues with GNU head. 2004-08-17 22:31:32 +10:00
Darren Tucker 21dd0897d5 - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root
to convince Solaris PAM to honour password complexity rules.  ok djm@
2004-08-16 23:12:05 +10:00
Darren Tucker 0cbc3c6509 - (dtucker) [Makefile.in] Fix typo. 2004-08-15 21:01:37 +10:00
Damien Miller 8140959de0 - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker 2004-08-15 19:12:52 +10:00
Damien Miller 36f4965020 - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in
openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c
   openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter
   closefrom() replacement from sudo; ok dtucker@
2004-08-15 18:40:59 +10:00
Darren Tucker 25f60a7ee7 - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
it does the right thing on all platforms.  ok djm@
2004-08-15 17:23:34 +10:00
Darren Tucker 397a2f2612 - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Plug AIX login recording into login_write so logins will be recorded for
   all auth types.
2004-08-15 00:09:11 +10:00
Darren Tucker 3d50c9bda6 - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise
prot.h and shadow.h provide conflicting declarations of getspnam.  ok djm@
2004-08-15 00:01:48 +10:00
Darren Tucker 066969339d - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
Explicitly set umask for mkstemp; ok djm@
2004-08-14 23:55:37 +10:00
Darren Tucker 137e9c97e0 - dtucker@cvs.openbsd.org 2004/08/13 11:09:24
[servconf.c]
     Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
     ok markus@, djm@
2004-08-13 21:30:24 +10:00
Darren Tucker 1ef0bc0b0a - djm@cvs.openbsd.org 2004/08/13 02:51:48
[monitor_fdpass.c]
     extra check for no message case; ok markus, deraadt, hshoexer, henning
2004-08-13 21:29:02 +10:00
Darren Tucker 6e37037fea - jmc@cvs.openbsd.org 2004/08/13 00:01:43
[ssh-keygen.1]
     kill whitespace at eol;
2004-08-13 21:23:25 +10:00
Darren Tucker 0b42e6d95b - jakob@cvs.openbsd.org 2004/08/12 21:41:13
[ssh-keygen.1 ssh.1]
     improve SSHFP documentation; ok deraadt@
2004-08-13 21:22:40 +10:00
Darren Tucker bcf279783a - djm@cvs.openbsd.org 2004/08/12 09:18:24
[sshlogin.c]
     typo in error message, spotted by moritz AT jodeit.org (Id sync only)
2004-08-13 21:21:47 +10:00
Darren Tucker fe6649da0c - avsm@cvs.openbsd.org 2004/08/11 21:44:32
[authfd.c scp.c ssh-keyscan.c]
     use atomicio instead of homegrown equivalents or read/write.
     markus@ ok
2004-08-13 21:19:37 +10:00
Darren Tucker c7a6fc41bf - avsm@cvs.openbsd.org 2004/08/11 21:43:05
[channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
     some signed/unsigned int comparison cleanups; markus@ ok
2004-08-13 21:18:00 +10:00
Darren Tucker 03669a363e - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
redhat.com
2004-08-13 18:37:21 +10:00
Darren Tucker eb57862e7c - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
messages generated before the postauth privsep split.
2004-08-12 23:08:14 +10:00
Darren Tucker 133b757357 - djm@cvs.openbsd.org 2004/08/11 12:01:16
[sshlogin.c]
     make store_lastlog_message() static to appease -Wall; ok markus
2004-08-12 22:50:03 +10:00
Darren Tucker 9c5049a40f - djm@cvs.openbsd.org 2004/08/11 11:59:22
[sshlogin.c]
     check that lseek went were we told it to; ok markus@
     (Id sync only, but similar changes are needed in loginrec.c)
2004-08-12 22:49:00 +10:00
Darren Tucker d8835934c4 - dtucker@cvs.openbsd.org 2004/08/11 11:50:09
[sshd.c]
     Don't try to close startup_pipe if it's not open; ok djm@
2004-08-12 22:42:29 +10:00
Darren Tucker 9fbac71905 - dtucker@cvs.openbsd.org 2004/08/11 11:09:54
[servconf.c]
     Fix minor leak; "looks right" deraadt@
2004-08-12 22:41:44 +10:00
Darren Tucker 9a2bd1116b - djm@cvs.openbsd.org 2004/08/04 10:37:52
[dh.c]
     return group14 when no primes found - fixes hang on empty /etc/moduli;
     ok markus@
2004-08-12 22:40:59 +10:00
Darren Tucker 5cb30ad2ec - markus@cvs.openbsd.org 2004/07/28 09:40:29
[auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
     sshconnect1.c]
     more s/illegal/invalid/
2004-08-12 22:40:24 +10:00
Darren Tucker 6832b83744 - markus@cvs.openbsd.org 2004/07/28 08:56:22
[sshd.c]
     call setsid() _before_ re-exec
2004-08-12 22:36:51 +10:00
Darren Tucker 8ae66a5032 - (dtucker) [sshd.c] Remove duplicate variable imported during sync. 2004-08-12 22:16:55 +10:00
Damien Miller 0670c7396f - djm@cvs.openbsd.org 2004/07/21 11:51:29
[canohost.c]
     bz#902: cache remote port so we don't fatal() in auth_log when remote
     connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
     ok markus@
2004-07-21 21:53:34 +10:00
Damien Miller 2d2ed3d633 - (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid
usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;
2004-07-21 20:54:47 +10:00
Damien Miller 10a445b9e5 - djm@cvs.openbsd.org 2004/07/21 10:36:23
[gss-serv-krb5.c]
     fix function declaration
2004-07-21 20:49:39 +10:00
Damien Miller 30d1f84911 - djm@cvs.openbsd.org 2004/07/21 10:33:31
[auth1.c auth2.c]
     bz#899: Don't display invalid usernames in setproctitle
2004-07-21 20:48:53 +10:00
Damien Miller a22f2d761b - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/07/21 08:56:12
     [auth.c]
     s/Illegal user/Invalid user/; many requests; ok djm, millert, niklas,
     miod, ...
2004-07-21 20:48:24 +10:00
Damien Miller b5a21440a8 - (djm) [regress/README.regress] Remove caveat regarding TCP wrappers, now
that sshd is fixed to behave better; suggested by tim
2004-07-21 20:44:05 +10:00
Damien Miller 8fe0105be4 - (djm) [contrib/redhat/sshd.pam] bz #903: Remove redundant entries; from
peak AT argo.troja.mff.cuni.cz
2004-07-21 11:01:41 +10:00
Damien Miller 23a7027e48 - (djm) [log.c] bz #111: Escape more control characters when sending data
to syslog; from peak AT argo.troja.mff.cuni.cz
2004-07-21 10:52:13 +10:00
Tim Rice 816bd0d087 - (tim) [configure.ac] updwtmpx() on OpenServer seems to add duplicate entry.
Report by rac AT tenzing.org
2004-07-19 10:19:26 -07:00
Damien Miller a6fb77fd6c - (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
2004-07-19 09:39:11 +10:00
Damien Miller 65df174574 - (djm) [openbsd-compat/bsd-arc4random.c] Discard early keystream, like OpenBSD
ok dtucker@
2004-07-19 09:30:38 +10:00
Darren Tucker 0999174755 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
     Move "Last logged in at.." message generation to the monitor, right
     before recording the new login.  Fixes missing lastlog message when
     /var/log/lastlog is not world-readable and incorrect datestamp when
     multiple sessions are used (bz #463);  much assistance & ok markus@
2004-07-17 17:05:14 +10:00
Darren Tucker 3ca4508201 - brad@cvs.openbsd.org 2004/07/12 23:34:25
[ssh-keyscan.1]
     Fix incorrect macro, .I -> .Em
     From: Eric S. Raymond <esr at thyrsus dot com>
     ok jmc@
2004-07-17 16:13:15 +10:00
Darren Tucker fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker ba6de952a0 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
   openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c.  Reduces
   diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
Darren Tucker 5d423f4ece - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
the monitor to properly clean up the PAM thread (Debian bug #252676).
2004-07-11 16:54:08 +10:00
Tim Rice 3b376f08fb - (tim) [contrib/cygwin/README] add minires-devel requirement. Patch from
vinschen AT redhat.com
2004-07-09 10:45:26 -07:00
Darren Tucker e1f17055ed - dtucker@cvs.openbsd.org 2004/07/08 12:47:21
[scp.c]
     Prevent scp from skipping the file following a double-error.
     bz #863, ok markus@
2004-07-08 23:11:44 +10:00
Darren Tucker 042e2e8cbb - dtucker@cvs.openbsd.org 2004/07/03 11:02:25
[monitor_wrap.c]
     Put s/key functions inside #ifdef SKEY same as monitor.c,
     from des@freebsd via bz #330, ok markus@
2004-07-08 23:09:42 +10:00
Darren Tucker cd99fa0648 - dtucker@cvs.openbsd.org 2004/07/03 05:11:33
[sshlogin.c] (RCSID sync only, the corresponding code is not in Portable)
     Use '\0' not 0 for string; ok djm@, deraadt@
2004-07-08 23:08:26 +10:00
Darren Tucker d062da53c7 - (dtucker) [mdoc2man.awk] Teach it to ignore .Bk -words, reported by
strube at physik3.gwdg.de a long time ago.
2004-07-02 18:43:09 +10:00
Tim Rice a5757f0f28 - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within
the same version. Handle the case where someone uses --with-privsep-user=
   and the user name does not match the group name. ok dtucker@
2004-07-01 20:41:15 -07:00
Darren Tucker 1f7e40864f - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
to pam_authenticate for challenge-response auth too.  Originally from
   fcusack at fcusack.com, ok djm@
2004-07-01 14:00:14 +10:00
Darren Tucker e2ba9c2e83 - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes
warnings on compliant platforms.  From paul.a.bolton at bt.com.  ok djm@
2004-07-01 12:38:14 +10:00
Darren Tucker 0a44d1ecf3 - (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
Ensures messages from PAM modules are displayed when privsep=no.

Note: I did not want to just move display_loginmsg since that would change
existing behaviour (order of expiry warnings, "Last Login", motd) to less
like the native tools.
2004-07-01 09:48:29 +10:00
Damien Miller a6b1d169e6 - djm@cvs.openbsd.org 2004/06/30 08:36:59
[session.c]
     unbreak TTY break, diagnosed by darren AT dazwin.com; ok markus@
2004-06-30 22:41:07 +10:00
Damien Miller 386c6a2c70 - avsm@cvs.openbsd.org 2004/06/26 20:07:16
[sshd.c]
     initialise some fd variables to -1, djm@ ok
2004-06-30 22:40:20 +10:00
Damien Miller 26213e556b - jmc@cvs.openbsd.org 2004/06/26 09:14:40
[sshd_config.5]
     new sentence, new line;
2004-06-30 22:39:34 +10:00
Damien Miller 2234bac999 - jmc@cvs.openbsd.org 2004/06/26 09:11:14
[ssh_config.5]
     punctuation and grammar fixes. also, keep the options in order.
2004-06-30 22:38:52 +10:00
Damien Miller 5d1ecebcb5 - OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2004/06/26 09:03:21
     [ssh.1]
     - remove double word
     - rearrange .Bk to keep SYNOPSIS nice
     - -M before -m in options description
2004-06-30 22:37:57 +10:00
Darren Tucker 59e06026d7 - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
appdata_ptr to the conversation function.  ok djm@

By rights we should free the messages too, but if this happens then one
of the modules has already proven itself to be buggy so can we trust
the messages?
2004-06-30 20:34:31 +10:00
Darren Tucker 5288cb242a - (dtucker) [openbsd-compat/port-aix.c] Missing __func__. 2004-06-28 18:11:19 +10:00
Darren Tucker e59b508798 - (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp
rename handling for Linux which returns EPERM for link() on (at least some)
   filesystems that do not support hard links.  sftp-server will fall back to
   stat+rename() in such cases.
2004-06-28 16:01:19 +10:00
Darren Tucker f9eb2b0135 - (dtucker) [regress/README.regress] Document new variables. 2004-06-28 15:52:50 +10:00
Darren Tucker 58cef1f0bb - (dtucker) [mdoc2man.awk] Bug #883: correctly recognise .Pa and .Ev macros. 2004-06-28 15:45:08 +10:00
Tim Rice 5287902643 Minor updates to some README files. 2004-06-27 20:50:35 -07:00
Damien Miller 96d6d7d9a0 - djm@cvs.openbsd.org 2004/06/25 23:21:38
[sftp.c]
     bz #875: fix bad escape char error message; reported by f_mohr AT yahoo.de
2004-06-26 09:21:06 +10:00
Damien Miller 035a5b47cc - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/25 18:43:36
     [sshd.c]
     fix broken fd handling in the re-exec fallback path, particularly when
     /dev/crypto is in use; ok deraadt@ markus@
2004-06-26 08:16:31 +10:00
Darren Tucker aedc1d6a3e - dtucker@cvs.openbsd.org 2004/06/25 05:38:48
[sftp-server.c]
     Fall back to stat+rename if filesystem doesn't doesn't support hard
     links.  bz#823, ok djm@
2004-06-25 17:06:02 +10:00
Darren Tucker 17c5d03ad3 - (dtucker) [sshd.c] add line missing from reexec sync. 2004-06-25 14:22:23 +10:00
Darren Tucker 60bd4098f6 - (dtucker) [configure.ac openbsd-compat/misc.c [openbsd-compat/misc.h]
Add closefrom() for platforms that don't have it.

(might need some tuning later, but I want to be able to test reexec).
2004-06-25 14:03:34 +10:00
Darren Tucker ef3b47a73a - djm@cvs.openbsd.org 2004/06/25 01:25:12
[regress/test-exec.sh]
     clean reexec-specific junk out of text-exec.sh and simplify; idea markus@
2004-06-25 13:46:08 +10:00
Darren Tucker 977a9d21c8 - djm@cvs.openbsd.org 2004/06/24 19:32:00
[regress/Makefile regress/test-exec.sh, added regress/reexec.sh]
     regress test for re-exec corner cases
2004-06-25 13:45:18 +10:00
Darren Tucker 586b0b98bf - djm@cvs.openbsd.org 2004/06/25 01:16:09
[sshd.c]
     only perform tcp wrappers checks when the incoming connection is on a
     socket.  silences useless warnings from regress tests that use
     proxycommand="sshd -i".  prompted by david@ ok markus@
2004-06-25 13:34:31 +10:00
Darren Tucker 645ab757bd - djm@cvs.openbsd.org 2004/06/24 19:30:54
[servconf.c servconf.h sshd.c]
     re-exec sshd on accept(); initial work, final debugging and ok markus@
2004-06-25 13:33:20 +10:00
Darren Tucker b5bc1a6393 - dtucker@cvs.openbsd.org 2004/06/23 14:31:01
[ssh.c]
     Fix counting in master/slave when passing environment variables; ok djm@
2004-06-24 00:34:53 +10:00
Darren Tucker ede07fb0a0 - mouring@cvs.openbsd.org 2004/06/23 00:39:38
[rijndael.c]
     -Wshadow fix up s/encrypt/do_encrypt/.  OK djm@, markus@
2004-06-24 00:33:48 +10:00
Ben Lindstrom ca37219d75 - (bal) [contrib/README] Removed "mdoc2man.pl" reference and added
reference to "findssl.sh"

Also corrected my ChangeLog entries since I placed them in the wrong place.
2004-06-23 04:04:45 +00:00
Tim Rice af4ab6cbf5 - (tim) [regress/try-ciphers.sh] "if ! some_command" is not portable. 2004-06-22 20:53:02 -07:00
Darren Tucker 0a9d43d726 - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move loginrestrictions test to port-aix.c, replace with a generic hook.
2004-06-23 13:45:24 +10:00
Ben Lindstrom ef8f8af86c - (bal) [Makefile.in] Remove opensshd.init on 'make distclean' 2004-06-23 03:21:54 +00:00
Darren Tucker e5a604fdd4 - (dtucker) [cipher.c] encrypt->do_encrypt inside SSH_OLD_EVP to match
-Wshadow change.
2004-06-23 12:28:31 +10:00
Darren Tucker 3b9c0adaab - dtucker@cvs.openbsd.org 2004/06/22 22:55:56
[regress/dynamic-forward.sh regress/test-exec.sh]
     Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@
2004-06-23 09:28:20 +10:00
Darren Tucker 6223eea596 - dtucker@cvs.openbsd.org 2004/06/22 22:45:52
[regress/test-exec.sh]
     Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding
     arbitary options to sshd_config and ssh_config during tests.  ok markus@
2004-06-23 09:25:02 +10:00
Darren Tucker 6eabe64304 - dtucker@cvs.openbsd.org 2004/06/22 22:42:02
[regress/envpass.sh]
     Add quoting for test -z; ok markus@
2004-06-23 09:23:58 +10:00
Darren Tucker a8c73d3b8c - (dtucker) [auth1.c] Ensure do_pam_account is called for Protocol 1
connections with empty passwords.  Patch from davidwu at nbttech.com,
   ok djm@
2004-06-23 09:17:54 +10:00
Darren Tucker b09b677166 - dtucker@cvs.openbsd.org 2004/06/22 05:05:45
[monitor.c monitor_wrap.c]
     Change login->username, will prevent -Wshadow errors in Portable;
     ok markus@
2004-06-22 15:06:46 +10:00
Darren Tucker 430c6a1552 - markus@cvs.openbsd.org 2004/06/22 03:12:13
[regress/envpass.sh regress/multiplex.sh]
     more portable env passing tests
2004-06-22 13:38:56 +10:00
Ben Lindstrom e35bf12eeb - (bal) [auth-passwd.c auth1.c] Clean up unused variables. 2004-06-22 03:37:11 +00:00
Darren Tucker 59bf4a9bd4 - (dtucker) [defines.h] Define __dead if not already defined. 2004-06-22 13:27:16 +10:00
Darren Tucker 5e4e272e8d Missing ChangeLog entry for previous 2004-06-22 13:26:00 +10:00
Darren Tucker 9a52645566 - djm@cvs.openbsd.org 2004/06/22 01:16:39
[sftp.c]
     don't show .files by default in ls, add -a option to turn them back on;
     ok markus
2004-06-22 13:09:55 +10:00
Darren Tucker 15ca6e8842 - djm@cvs.openbsd.org 2004/06/21 22:41:31
[sftp.1]
     document sort options
2004-06-22 13:08:21 +10:00
Darren Tucker a4e9ffa653 - djm@cvs.openbsd.org 2004/06/21 22:30:45
[sftp.c]
     prefix ls option flags with LS_
2004-06-22 13:07:58 +10:00
Darren Tucker b9123453d0 - djm@cvs.openbsd.org 2004/06/21 22:04:50
[sftp.c]
     introduce sorting for ls, same options as /bin/ls; ok markus@
2004-06-22 13:06:45 +10:00
Darren Tucker efa62f98a1 - djm@cvs.openbsd.org 2004/06/21 22:02:58
[log.h]
     mark fatal and cleanup exit as __dead; ok markus@
2004-06-22 12:57:44 +10:00
Darren Tucker 723e945b55 - djm@cvs.openbsd.org 2004/06/21 17:53:03
[session.c]
     fix fd leak for multiple subsystem connections; with markus@
2004-06-22 12:57:08 +10:00
Darren Tucker 3f9fdc7121 - avsm@cvs.openbsd.org 2004/06/21 17:36:31
[auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c
     cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c
     monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c
     ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c
     sshpty.c]
     make ssh -Wshadow clean, no functional changes
     markus@ ok

There are also some portable-specific -Wshadow warnings to be fixed in
monitor.c and montior_wrap.c.
2004-06-22 12:56:01 +10:00
Darren Tucker b357afc0a0 - djm@cvs.openbsd.org 2004/06/20 19:28:12
[sftp.1]
     mention new -n flag
2004-06-22 12:31:23 +10:00
Darren Tucker b215c5d8fe - djm@cvs.openbsd.org 2004/06/20 18:53:39
[sftp.c]
     make "ls -l" listings print user/group names, add "ls -n" to show uid/gid
     (like /bin/ls); idea & ok markus@
2004-06-22 12:30:53 +10:00
Darren Tucker 365433f883 - djm@cvs.openbsd.org 2004/06/20 17:36:59
[ssh.c]
     filter passed env vars at slave in connection sharing case; ok markus@
2004-06-22 12:29:23 +10:00
Tim Rice f7ba8f67b7 (tim) [configure.ac Makefile.in] Only change TEST_SHELL on broken platforms.
OK dtucker@
2004-06-20 10:37:32 -07:00
Tim Rice 5af9db9e0c - (tim) [configure.ac buildpkg.sh.in contrib/solaris/README] move opensshd
init script to top level directory.
2004-06-19 19:31:06 -07:00
Darren Tucker 17db1c47cf - (dtucker) [auth-pam.c] Don't use PAM namespace for
pam_password_change_required either.
2004-06-19 12:54:38 +10:00
Damien Miller 3bbd878c2e - djm@cvs.openbsd.org 2004/06/18 11:11:54
[channels.c clientloop.c]
     Don't explode in clientloop when we receive a bogus channel id, but
     also don't generate them to begin with; ok markus@
2004-06-18 22:23:22 +10:00
Damien Miller b8ea24868f - markus@cvs.openbsd.org 2004/06/18 10:55:43
[ssh.1 ssh.c]
     trim synopsis for -S, allow -S and -oControlMaster, -MM means 'ask'; ok djm
2004-06-18 22:21:55 +10:00
Damien Miller 0809e233a4 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/18 10:40:19
     [ssh.c]
     delay signal handler setup until we have finished talking to the master.
     allow interrupting of setup (e.g. if master is stuck); ok markus@
2004-06-18 22:20:57 +10:00
Darren Tucker 6288dc14fc - dtucker@cvs.openbsd.org 2004/06/18 06:15:51
[multiplex.sh]
     Use -S for scp/sftp to force the use of the ssh being tested.
     ok djm@,markus@
2004-06-18 16:25:35 +10:00
Darren Tucker bd12f1741e - dtucker@cvs.openbsd.org 2004/06/18 06:13:25
[sftp.c]
     Use execvp instead of execv so sftp -S ssh works.  "makes sense" markus@
2004-06-18 16:23:43 +10:00
Darren Tucker ba5c592126 - djm@cvs.openbsd.org 2004/06/17 23:56:57
[ssh.1 ssh.c]
     sync usage() and SYNPOSIS with connection sharing changes
2004-06-18 16:22:39 +10:00
Darren Tucker 13fbe57722 - (dtucker) [regress/README.regress] Add detail on how to run a single
test from the top-level Makefile.
2004-06-18 14:14:43 +10:00
Damien Miller e826a8c9d9 - djm@cvs.openbsd.org 2004/06/17 14:53:27
[regress/multiplex.sh]
     shared connection env passing regress test
2004-06-18 01:23:03 +10:00
Damien Miller 23f0770a1b - djm@cvs.openbsd.org 2004/06/17 15:10:14
[clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
     Add option for confirmation (ControlMaster=ask) via ssh-askpass before
     opening shared connections; ok markus@
2004-06-18 01:19:03 +10:00
Damien Miller 3756dcee24 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/17 14:52:48
     [clientloop.c clientloop.h ssh.c]
     support environment passing over shared connections; ok markus@
2004-06-18 01:17:29 +10:00
Darren Tucker a9972e19e9 - (dtucker) [regress/multiplex.sh] Increase sleep time to 120 sec (60 is not
enough for slow systems, especially if they don't have a kernel RNG).
2004-06-17 17:01:21 +10:00
Darren Tucker 10e7f1929b - (dtucker) [regress/multiplex.sh] add EXEEXT for those platforms that need
it.
2004-06-17 16:36:27 +10:00
Darren Tucker 3e86fc4e99 - dtucker@cvs.openbsd.org 2004/06/17 06:19:06
[regress/multiplex.sh]
     Add small description of failing test to failure message; ok djm@
2004-06-17 16:34:02 +10:00
Darren Tucker ffaa6a5f01 - dtucker@cvs.openbsd.org 2004/06/17 06:00:05
[regress/multiplex.sh]
     Use DATA and COPY for test data rather than hard-coded paths; ok djm@
2004-06-17 16:32:45 +10:00
Darren Tucker ddea13d74d - dtucker@cvs.openbsd.org 2004/06/17 05:51:59
[regress/multiplex.sh]
     Remove datafile between and after tests, kill sshd rather than wait;
     ok djm@
2004-06-17 16:27:43 +10:00
Darren Tucker 8a2f1b3537 - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some
platforms), so test if diff understands it.  Pointed out by tim@, ok djm@
2004-06-17 15:18:32 +10:00
Darren Tucker af16154b00 Add missing regress. 2004-06-16 23:24:19 +10:00
Darren Tucker 5711dca4a6 - dtucker@cvs.openbsd.org 2004/06/16 13:16:40
[multiplex.sh]
     Silence multiplex sftp and scp tests.  ok markus@
2004-06-16 23:23:50 +10:00
Darren Tucker 6f0e35b566 - dtucker@cvs.openbsd.org 2004/06/16 13:15:09
[regress/scp.sh]
    Make scp -r tests use diff -rN not cmp (which won't do dirs.  ok markus@
2004-06-16 23:22:37 +10:00
Darren Tucker 7a06f62b6a - (dtucker) [regress/README.regress]
Add $TEST_SHELL to readme.
2004-06-16 21:08:32 +10:00
Darren Tucker 0e6868e2c4 - (dtucker) [regress/test-exec.sh]
Move Portable-only StrictModes to top of list to make syncs easier.
2004-06-16 20:36:16 +10:00
Darren Tucker 9fe95da3ea Add missing regress/envpass.sh 2004-06-16 20:33:55 +10:00
Darren Tucker a40395663c - djm@cvs.openbsd.org 2004/06/13 15:16:54
[regress/test-exec.sh]
     remove duplicate setting of $SCP; spotted by markus@
2004-06-16 20:31:18 +10:00
Darren Tucker e7d0583f36 - djm@cvs.openbsd.org 2004/06/13 15:04:08
[regress/Makefile regress/test-exec.sh, added regress/multiplex.sh]
     regress test for client multiplexing; ok markus@
2004-06-16 20:22:22 +10:00
Darren Tucker 50433a9243 - dtucker@cvs.openbsd.org 2004/06/13 13:51:02
[regress/Makefile regress/test-exec.sh, added regress/scp-ssh-wrapper.sh
     regress/scp.sh]
     Add scp regression test; with & ok markus@
2004-06-16 20:15:59 +10:00
Darren Tucker 4c37ef08ab - djm@cvs.openbsd.org 2004/04/27 09:47:30
[regress/Makefile regress/test-exec.sh, added regress/envpass.sh]
     regress test for environment passing, SendEnv & AcceptEnv options;
     ok markus@
2004-06-16 20:08:56 +10:00
Darren Tucker a7ea546f1b - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No
code changes.
2004-06-16 12:01:15 +10:00
Damien Miller 03e66f650c - djm@cvs.openbsd.org 2004/06/15 05:45:04
[clientloop.c]
     missed one unset_nonblock; spotted by Tim Rice
2004-06-15 15:47:51 +10:00
Tim Rice 51cee0892f fix typo 2004-06-14 21:25:33 -07:00
Damien Miller 07b6ff12c4 - (djm) [ssh.c] Use separate var for address length 2004-06-15 11:14:45 +10:00
Damien Miller 5e6f4db085 - (djm) Fix Makefile.in for connection sharing changes 2004-06-15 10:44:40 +10:00
Damien Miller 232711f6db - djm@cvs.openbsd.org 2004/06/14 01:44:39
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
     [sshd.c]
     set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
2004-06-15 10:35:30 +10:00
Damien Miller 0e220dbfbc - djm@cvs.openbsd.org 2004/06/13 15:03:02
[channels.c channels.h clientloop.c clientloop.h includes.h readconf.c]
     [readconf.h scp.1 sftp.1 ssh.1 ssh.c ssh_config.5]
     implement session multiplexing in the client (the server has supported
     this since 2.0); ok markus@
2004-06-15 10:34:08 +10:00
Damien Miller 05202ffe21 - dtucker@cvs.openbsd.org 2004/06/13 14:01:42
[ssh.1 ssh_config.5 sshd_config.5]
     List supported ciphers in man pages, tidy up ssh -c;
     "looks fine" jmc@, ok markus@
2004-06-15 10:30:39 +10:00
Damien Miller f675fc4948 - djm@cvs.openbsd.org 2004/06/13 12:53:24
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
     [ssh-keyscan.c sshconnect2.c sshd.c]
     implement diffie-hellman-group14-sha1 kex method (trivial extension to
     existing diffie-hellman-group1-sha1); ok markus@
2004-06-15 10:30:09 +10:00
Damien Miller 7cf17eb78c - pedro@cvs.openbsd.org 2004/06/03 12:22:20
[sftp-client.c sftp.c]
     initialize pointers, ok markus@
2004-06-15 10:28:56 +10:00
Damien Miller 16ea6494b6 - dtucker@cvs.openbsd.org 2004/06/01 14:20:45
[auth2-chall.c]
     Remove redundant #include; ok markus@
2004-06-15 10:28:24 +10:00
Damien Miller 3379385060 - dtucker@cvs.openbsd.org 2004/05/27 00:50:13
[readconf.c]
     Kill dead code after fatal(); ok djm@
2004-06-15 10:27:55 +10:00
Damien Miller 3e4dffb140 - markus@cvs.openbsd.org 2004/05/26 23:02:39
[channels.c]
     missing freeaddrinfo; Andrey Matveev
2004-06-15 10:27:15 +10:00
Damien Miller 350327c042 - djm@cvs.openbsd.org 2004/05/26 08:59:57
[sftp.c]
     exit -> _exit in forked child on error; from andrushock AT korovino.net
2004-06-15 10:24:13 +10:00
Darren Tucker 94befab9dd - (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
ok djm@
2004-06-03 14:53:12 +10:00
Damien Miller 26314f6354 - (djm) [auth-pam.c] Add copyright for local changes 2004-06-01 11:28:20 +10:00
Tim Rice 2d2b9f706f [buildpkg.sh.in] Last minute fix didn't make it in the .in file. :-( 2004-05-30 21:48:40 -07:00
Tim Rice 6f1f758cca - (tim) [configure.ac Makefile.in] Add support for "make package" ok djm@
- (tim) [buildpkg.sh.in] New file. A more flexible version of
   contrib/solaris/buildpkg.sh used for "make package".
2004-05-30 21:38:51 -07:00
Darren Tucker e061b1598a - (dtucker) [auth-pam.c] Use an invalid password for root if
PermitRootLogin != yes or the login is invalid, to prevent leaking
   information.  Based on Openwall's owl-always-auth patch.  ok djm@
2004-05-30 22:04:56 +10:00
Darren Tucker 450a158d7e - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c]: Bug #874: Re-add PAM
support for PasswordAuthentication=yes.  ok djm@
2004-05-30 20:43:59 +10:00
Darren Tucker 0ffe638bbb - (dtucker) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec
contrib/README CREDITS INSTALL] Bug #873: Correct URLs for x11-ssh-askpass
   and Jim Knoble's email address , from Jim himself.
2004-05-27 09:59:31 +10:00
Darren Tucker 12984968fb - (dtucker) [sshd.c] Fix typo in comment. 2004-05-24 13:37:13 +10:00
Darren Tucker b53355eca5 - (dtucker) [auth-pam.c] Bug #839: Ensure that pam authentication "thread"
is terminated if the privsep slave exits during keyboard-interactive
   authentication.  ok djm@
2004-05-24 11:55:36 +10:00
Darren Tucker 89413dbafa - dtucker@cvs.openbsd.org 2004/05/23 23:59:53
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
     Add MaxAuthTries sshd config option; ok markus@
2004-05-24 10:36:23 +10:00
Darren Tucker e534e12127 - jmc@cvs.openbsd.org 2004/05/22 16:01:05
[ssh.1]
     kill whitespace at eol;
2004-05-24 10:35:14 +10:00
Darren Tucker 1973c88898 - djm@cvs.openbsd.org 2004/05/22 06:32:12
[clientloop.c ssh.1]
     use '-h' for help in ~C commandline instead of '-?'; inspired by jmc@
2004-05-24 10:34:36 +10:00
Darren Tucker e7066dfde3 - djm@cvs.openbsd.org 2004/05/21 11:33:11
[channels.c channels.h clientloop.c serverloop.c ssh.1]
     bz #756: add support for the cancel-tcpip-forward request for the server and
     the client (through the ~C commandline). reported by z3p AT twistedmatrix.com;
     ok markus@
2004-05-24 10:18:05 +10:00
Darren Tucker e4ab1157db - markus@cvs.openbsd.org 2004/05/21 08:43:03
[kex.h moduli.c tildexpand.c]
     add prototypes for -Wall; ok djm
2004-05-24 10:14:24 +10:00
Darren Tucker e167582947 - dtucker@cvs.openbsd.org 2004/05/20 10:58:05
[clientloop.c]
     Trivial type fix 0 -> '\0'; ok markus@
2004-05-24 10:13:07 +10:00
Darren Tucker cdf547afe4 - djm@cvs.openbsd.org 2004/05/19 12:17:33
[sftp-client.c sftp.c]
     gracefully abort transfers on receipt of SIGINT, also ignore SIGINT while
     waiting for a command; ok markus@
2004-05-24 10:12:19 +10:00
Ben Lindstrom efec7c23b1 - (bal) [openbsd-compat/sys-queue.h] Reintroduce machinary to handle
old/broken/incomplete <sys/queue.h>.
2004-05-23 06:22:27 +00:00