Commit Graph

401 Commits

Author SHA1 Message Date
Darren Tucker ea7c8127ce - dtucker@cvs.openbsd.org 2005/01/17 22:48:39
[sshd.c]
     Make debugging output continue after reexec; ok djm@
2005-01-20 11:03:08 +11:00
Darren Tucker 0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
2005-01-20 10:57:56 +11:00
Darren Tucker 3269b13817 - djm@cvs.openbsd.org 2004/09/25 03:45:14
[sshd.c]
     these printf args are no longer double; ok deraadt@ markus@
2004-11-05 20:20:59 +11:00
Darren Tucker 178fa66a64 - mickey@cvs.openbsd.org 2004/09/15 18:42:27
[sshd.c]
     use less doubles in daemons; markus@ ok
2004-11-05 20:09:09 +11:00
Damien Miller 2aa6d3cfce - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
banner. Suggested by deraadt@, ok mouring@, dtucker@
2004-09-12 16:53:04 +10:00
Darren Tucker 0f56ed16b8 - djm@cvs.openbsd.org 2004/08/28 01:01:48
[sshd.c]
     don't erroneously close stdin for !reexec case, from Dave Johnson;
     ok markus@
2004-08-29 16:38:41 +10:00
Darren Tucker eb57862e7c - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
messages generated before the postauth privsep split.
2004-08-12 23:08:14 +10:00
Darren Tucker d8835934c4 - dtucker@cvs.openbsd.org 2004/08/11 11:50:09
[sshd.c]
     Don't try to close startup_pipe if it's not open; ok djm@
2004-08-12 22:42:29 +10:00
Darren Tucker 6832b83744 - markus@cvs.openbsd.org 2004/07/28 08:56:22
[sshd.c]
     call setsid() _before_ re-exec
2004-08-12 22:36:51 +10:00
Darren Tucker 8ae66a5032 - (dtucker) [sshd.c] Remove duplicate variable imported during sync. 2004-08-12 22:16:55 +10:00
Darren Tucker 0999174755 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
     Move "Last logged in at.." message generation to the monitor, right
     before recording the new login.  Fixes missing lastlog message when
     /var/log/lastlog is not world-readable and incorrect datestamp when
     multiple sessions are used (bz #463);  much assistance & ok markus@
2004-07-17 17:05:14 +10:00
Darren Tucker fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
2004-07-17 16:12:08 +10:00
Darren Tucker ba6de952a0 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
   openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c.  Reduces
   diff vs OpenBSD; ok mouring@, tested by tim@ too.
2004-07-17 14:07:42 +10:00
Damien Miller 386c6a2c70 - avsm@cvs.openbsd.org 2004/06/26 20:07:16
[sshd.c]
     initialise some fd variables to -1, djm@ ok
2004-06-30 22:40:20 +10:00
Damien Miller 035a5b47cc - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/25 18:43:36
     [sshd.c]
     fix broken fd handling in the re-exec fallback path, particularly when
     /dev/crypto is in use; ok deraadt@ markus@
2004-06-26 08:16:31 +10:00
Darren Tucker 17c5d03ad3 - (dtucker) [sshd.c] add line missing from reexec sync. 2004-06-25 14:22:23 +10:00
Darren Tucker 586b0b98bf - djm@cvs.openbsd.org 2004/06/25 01:16:09
[sshd.c]
     only perform tcp wrappers checks when the incoming connection is on a
     socket.  silences useless warnings from regress tests that use
     proxycommand="sshd -i".  prompted by david@ ok markus@
2004-06-25 13:34:31 +10:00
Darren Tucker 645ab757bd - djm@cvs.openbsd.org 2004/06/24 19:30:54
[servconf.c servconf.h sshd.c]
     re-exec sshd on accept(); initial work, final debugging and ok markus@
2004-06-25 13:33:20 +10:00
Damien Miller 232711f6db - djm@cvs.openbsd.org 2004/06/14 01:44:39
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
     [sshd.c]
     set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
2004-06-15 10:35:30 +10:00
Damien Miller f675fc4948 - djm@cvs.openbsd.org 2004/06/13 12:53:24
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
     [ssh-keyscan.c sshconnect2.c sshd.c]
     implement diffie-hellman-group14-sha1 kex method (trivial extension to
     existing diffie-hellman-group1-sha1); ok markus@
2004-06-15 10:30:09 +10:00
Darren Tucker 12984968fb - (dtucker) [sshd.c] Fix typo in comment. 2004-05-24 13:37:13 +10:00
Darren Tucker e14e005f41 - djm@cvs.openbsd.org 2004/05/09 01:19:28
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
     sshd.c] removed: mpaux.c mpaux.h
     kill some more tiny files; ok deraadt@
2004-05-13 16:30:44 +10:00
Damien Miller 0c889cd9e9 - markus@cvs.openbsd.org 2004/03/11 10:21:17
[ssh.c sshd.c]
     ssh, sshd: sync version output, ok djm
2004-03-22 09:36:00 +11:00
Damien Miller b408786db9 - markus@cvs.openbsd.org 2004/03/11 08:36:26
[sshd.c]
     trim usage; ok deraadt
2004-03-22 09:35:21 +11:00
Damien Miller bfba354261 - (djm) [sshd.c] Drop supplemental groups if started as root 2004-03-22 09:29:57 +11:00
Damien Miller 57aae982be - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/03/03 06:47:52
     [sshd.c]
     change proctiltle after accept(2); ok henning, deraadt, djm
2004-03-08 23:11:25 +11:00
Darren Tucker 86c093d289 - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h
openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
   inherited by the child.  ok djm@
2004-03-08 22:59:03 +11:00
Darren Tucker 112aaac0ce - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some
platforms (eg SCO, HP-UX) with logging in the wrong TZ.
2004-03-08 22:13:12 +11:00
Darren Tucker d592048c36 - djm@cvs.openbsd.org 2004/02/25 00:22:45
[sshd.c]
     typo in comment
2004-02-29 20:11:30 +11:00
Darren Tucker efa3706f05 - markus@cvs.openbsd.org 2004/02/23 12:02:33
[sshd.c]
     backout revision 1.279; set listen socket to non-block; ok henning.
2004-02-24 09:20:29 +11:00
Darren Tucker a8be9e23d2 - dtucker@cvs.openbsd.org 2004/02/05 05:37:17
[monitor.c sshd.c]
     Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
2004-02-06 16:40:27 +11:00
Darren Tucker ecc9d46dc5 - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent
accidentally inheriting from root's environment.  ok djm@
2004-02-06 16:04:08 +11:00
Damien Miller 12c150e7e0 - markus@cvs.openbsd.org 2003/12/09 21:53:37
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@
2003-12-17 16:31:10 +11:00
Damien Miller b9997192a7 - markus@cvs.openbsd.org 2003/12/09 17:29:04
[sshd.c]
     fix -o and HUP; ok henning@
2003-12-17 16:29:22 +11:00
Darren Tucker 3175eb9a5a - markus@cvs.openbsd.org 2003/12/02 17:01:15
[channels.c session.c ssh-agent.c ssh.h sshd.c]
     use SSH_LISTEN_BACKLOG (=128) in listen(2).
2003-12-09 19:15:11 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
2003-11-21 23:48:55 +11:00
Damien Miller f58b58ced1 - jakob@cvs.openbsd.org 2003/11/10 16:23:41
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
     constify. ok markus@ & djm@
2003-11-17 21:18:23 +11:00
Darren Tucker 4a2505445f - markus@cvs.openbsd.org 2003/10/02 10:41:59
[sshd.c]
     print openssl version, too, several requests; ok henning/djm.
2003-10-03 17:57:24 +10:00
Darren Tucker 8fca6b57b4 - markus@cvs.openbsd.org 2003/09/26 08:19:29
[sshd.c]
     no need to set the listen sockets to non-block; ok deraadt@
2003-10-02 16:18:22 +10:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
2003-10-02 16:12:36 +10:00
Darren Tucker aaa56cb804 - markus@cvs.openbsd.org 2003/09/19 11:33:09
[packet.c sshd.c]
     do not call packet_close on fatal; ok deraadt
2003-09-22 21:13:59 +10:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
2003-09-02 22:51:17 +10:00
Ben Lindstrom 5ade9abc37 - (bal) redo how we handle 'mysignal()'. Move it to
openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
   be our 'mysignal' by default.  OK djm@
2003-08-25 01:16:21 +00:00
Damien Miller 59d3d5b8b4 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
-lbroken; ok dtucker
2003-08-22 09:34:41 +10:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
2003-08-13 20:37:05 +10:00
Darren Tucker 6aaa58c470 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
2003-08-02 22:24:49 +10:00
Darren Tucker e98dfa323e - markus@cvs.openbsd.org 2003/07/16 10:34:53
[ssh.c sshd.c]
     don't exit on multiple -v or -d; ok deraadt@
2003-07-19 19:54:31 +10:00
Darren Tucker fe0078ae49 - markus@cvs.openbsd.org 2003/07/14 12:36:37
[sshd.c]
     remove undocumented -V option. would be only useful if openssh is used
     as ssh v1 server for ssh.com's ssh v2.
2003-07-19 19:52:28 +10:00
Darren Tucker b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Darren Tucker 9f63f22aa0 - deraadt@cvs.openbsd.org 2003/06/28 16:23:06
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
     progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
     sshd.c]
     deal with typing of write vs read in atomicio
2003-07-03 13:46:56 +10:00
Darren Tucker e53270481c - djm@cvs.openbsd.org 2003/06/28 07:48:10
[sshd.c]
     report pidfile creation errors, based on patch from Roumen Petrov; ok markus@
2003-07-03 13:40:44 +10:00
Darren Tucker 502d384b74 - markus@cvs.openbsd.org 2003/06/24 08:23:46
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
      monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
     int -> u_int; ok djm@, deraadt@, mouring@
2003-06-28 12:38:01 +10:00
Damien Miller 0cbb9dea05 - (djm) Always use mysignal() for SIGALRM 2003-06-04 22:56:15 +10:00
Damien Miller 31b3a0a98f - djm@cvs.openbsd.org 2003/06/04 10:23:48
[sshd.c]
     remove duplicated group-dropping code; ok markus@
2003-06-04 20:32:12 +10:00
Damien Miller 61d3680aca - deraadt@cvs.openbsd.org 2003/05/29 16:58:45
[sshd.c uidswap.c]
     seteuid and setegid; markus ok
2003-06-02 19:09:48 +10:00
Damien Miller 5d5f054173 RCS ID sync 2003-06-02 19:08:25 +10:00
Damien Miller f2e3e9deba - (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
clobber
2003-06-02 12:15:54 +10:00
Damien Miller 9155a681fd - djm@cvs.openbsd.org 2003/05/24 09:30:40
[authfile.c monitor.c sftp-common.c sshpty.c]
     cast some types for printing; ok markus@

(missed a hunk)
2003-05-26 21:34:36 +10:00
Damien Miller 7e1bbc55af - (djm) Remove IPv4 by default hack now that we can specify AF in config 2003-05-18 20:52:40 +10:00
Damien Miller 04cb536054 - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv
correctly)
2003-05-15 21:29:10 +10:00
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
2003-05-14 15:11:48 +10:00
Damien Miller 2372ace572 - markus@cvs.openbsd.org 2003/04/14 14:17:50
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
     avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
2003-05-14 13:42:23 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Darren Tucker c437cda328 - (dtucker) Bug #536: Test for and work around openpty/controlling tty
problem on Linux (fixes "could not set controlling tty" errors).

Also renames STREAMS_PUSH_ACQUIRES_CTTY to the more generic SSHD_ACQUIRES_CTTY
and moves the Solaris-specific comments to configure.ac.
2003-05-10 17:05:46 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller 933cc8fb9c - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and
dtucker@zip.com.au
2003-03-10 11:38:10 +11:00
Damien Miller 8e7fb33523 - markus@cvs.openbsd.org 2003/02/16 17:09:57
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
     split kex into client and server code, no need to link
     server code into the client; ok provos@
2003-02-24 12:03:03 +11:00
Damien Miller 180fc5b236 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/01/27 17:06:31
     [sshd.c]
     more specific error message when /var/empty has wrong permissions;
     bug #46, map@appgate.com; ok henning@, provos@, stevesk@
2003-02-24 11:50:18 +11:00
Damien Miller a8ed44b79e - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
systems may be added later.
2003-01-10 09:53:12 +11:00
Ben Lindstrom c2faa4a504 - markus@cvs.openbsd.org 2002/11/07 16:28:47
[sshd.c]
     log to stderr if -ie is given, bug #414, prj@po.cwru.edu
2002-11-09 15:50:03 +00:00
Damien Miller e9264973ad - (djm) OpenBSD CVS Sync
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
     [compat.c compat.h sshd.c]
     add a generic match for a prober, such as sie big brother;
     idea from stevesk@; markus@ ok
2002-09-30 11:59:21 +10:00
Damien Miller d27a76de65 - markus@cvs.openbsd.org 2002/09/25 15:19:02
[sshd.c]
     typo; pilot@monkey.org
2002-09-27 13:22:31 +10:00
Tim Rice 81ed518b9b Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
Damien Miller e1383cee9d - stevesk@cvs.openbsd.org 2002/09/13 19:23:09
[channels.c sshconnect.c sshd.c]
     remove use of SO_LINGER, it should not be needed. error check
     SO_REUSEADDR. fixup comments. ok markus@
2002-09-19 11:49:37 +10:00
Ben Lindstrom 41daec7538 - stevesk@cvs.openbsd.org 2002/07/23 16:03:10
[sshd.c]
     utmp_len is unsigned; display error consistent with other options.
     ok markus@
2002-07-23 21:15:13 +00:00
Ben Lindstrom 264ee307a8 - markus@cvs.openbsd.org 2002/07/19 15:43:33
[log.c log.h session.c sshd.c]
     remove fatal cleanups after fork; based on discussions with and code
     from solar.
2002-07-23 21:01:56 +00:00
Ben Lindstrom 232ccf7754 - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
with Cray (mostly #ifdef renaming).  Patch by wendyp@cray.com.
2002-07-22 23:34:25 +00:00
Tim Rice 9dd30817ef [acconfig.h configure.ac sshd.c] s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ 2002-07-07 13:43:36 -07:00
Ben Lindstrom a962c2fb35 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
      monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
      sshconnect2.c sshd.c]
     minor KNF
2002-07-04 00:14:17 +00:00
Ben Lindstrom 5a9d0eaba6 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
[auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
2002-07-04 00:12:53 +00:00
Ben Lindstrom 810af968b8 - deraadt@cvs.openbsd.org 2002/06/28 23:05:06
[sshd.c]
     gidset[2] -> gidset[1]; markus ok
2002-07-04 00:11:40 +00:00
Ben Lindstrom fbbfa8422f - deraadt@cvs.openbsd.org 2002/06/28 10:08:25
[sshd.c]
     range check -u option at invocation
2002-07-04 00:10:34 +00:00
Ben Lindstrom 596273516c - (bal) Cygwin uid0 fix by vinschen@redhat.com 2002-06-27 18:02:21 +00:00
Ben Lindstrom fbcc3f71f2 - markus@cvs.openbsd.org 2002/06/25 18:51:04
[sshd.c]
     lightweight do_setusercontext after chroot()
2002-06-25 23:24:18 +00:00
Tim Rice 8eff319298 [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
for Cygwin, Cray, & SCO
2002-06-25 15:35:15 -07:00
Ben Lindstrom 822b634099 - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
[ssh-agent.c sshd.c]
     some minor KNF and %u
2002-06-23 21:38:49 +00:00
Ben Lindstrom 5c3855210e - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
      sshpty.c]
     various KNF and %d for unsigned
2002-06-23 21:23:20 +00:00
Ben Lindstrom 57f08005d3 - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
[sshd.c]
     don't call setsid() if debugging or run from inetd; no "Operation not
     permitted" errors now; ok millert@ markus@
2002-06-23 00:37:10 +00:00
Ben Lindstrom 2dfacb3d40 - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
[sshd.c]
     check /var/empty owner mode; ok provos@
2002-06-23 00:33:47 +00:00
Ben Lindstrom 23e0f667f8 - markus@cvs.openbsd.org 2002/06/20 23:05:56
[servconf.c servconf.h session.c sshd.c]
     allow Compression=yes/no in sshd_config
2002-06-21 01:09:47 +00:00
Ben Lindstrom 837461bf9a - (bal) Build noop setgroups() for cygwin to clean up code (For other
platforms without the setgroups() requirement, you MUST define
   SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
2002-06-12 16:57:14 +00:00
Ben Lindstrom ce0f634270 - mpech@cvs.openbsd.org 2002/06/11 05:46:20
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
     pid_t cleanup. Markus need this now to keep hacking.
     markus@, millert@ ok
2002-06-11 16:42:49 +00:00
Ben Lindstrom a26ea63f8a - markus@cvs.openbsd.org 2002/05/29 11:21:57
[sshd.c]
     don't start if privsep is enabled and SSH_PRIVSEP_USER or
     _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
2002-06-06 20:46:25 +00:00
Ben Lindstrom f666fec2d5 - deraadt@cvs.openbsd.org 2002/05/22 23:18:25
[ssh.c sshd.c]
     spelling; abishoff@arc.nasa.gov
2002-06-06 19:51:58 +00:00
Kevin Steves bc5bb55755 - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups() 2002-05-21 17:59:13 +00:00
Kevin Steves c5041acef3 - (stevesk) [sshd.c] bug 245; disable setsid() for now 2002-05-21 17:50:21 +00:00
Ben Lindstrom 7339b2a278 - mouring@cvs.openbsd.org 2002/05/15 15:47:49
[kex.c monitor.c monitor_wrap.c sshd.c]
     'monitor' variable clashes with at least one lame platform (NeXT).  i
     Renamed to 'pmonitor'.  provos@
 - (bal) Fixed up PAM case.  I think.
2002-05-15 16:25:01 +00:00
Ben Lindstrom 17401b6b77 - millert@cvs.openbsd.org 2002/05/13 15:53:19
[sshd.c]
     Call setsid() in the child after sshd accepts the connection and forks.
     This is needed for privsep which calls setlogin() when it changes uids.
     Without this, there is a race where the login name of an existing
     connection, as returned by getlogin(), may be changed to the privsep
     user (sshd).  markus@ OK
2002-05-15 16:17:56 +00:00
Damien Miller 87aea25f1a - (djm) Try to drop supplemental groups at daemon startup. Patch from
RedHat
2002-05-10 12:20:24 +10:00
Kevin Steves 0ea1d9d1f2 - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
support.  bug #184.  most from dcole@keysoftsys.com.
2002-04-25 18:17:04 +00:00
Damien Miller 0150c65830 - djm@cvs.openbsd.org 2002/04/23 22:16:29
[sshd.c]
     Improve error message; ok markus@ stevesk@
2002-04-24 09:49:09 +10:00
Ben Lindstrom 47fd8112b5 - markus@cvs.openbsd.org 2002/03/30 18:51:15
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
     check waitpid for EINTR; based on patch from peter@ifm.liu.se
2002-04-02 20:48:19 +00:00
Ben Lindstrom f90f58d846 - stevesk@cvs.openbsd.org 2002/03/23 20:57:26
[sshd.c]
     setproctitle() after preauth child; ok markus@
2002-03-26 01:53:03 +00:00
Ben Lindstrom 943481cc77 - markus@cvs.openbsd.org 2002/03/21 21:23:34
[sshd.c]
     add privsep_preauth() and remove 1 goto; ok provos@
2002-03-22 03:43:46 +00:00
Ben Lindstrom 1ee9ec32a3 - markus@cvs.openbsd.org 2002/03/21 10:21:20
[ssh-add.c]
     ignore errors for nonexisting default keys in ssh-add,
     fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
2002-03-22 03:14:45 +00:00
Ben Lindstrom c743134191 - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
[servconf.c servconf.h ssh.h sshd.c]
     for unprivileged user, group do:
     pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw).  ok provos@
2002-03-22 03:11:49 +00:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom 08105192fd - markus@cvs.openbsd.org 2002/03/19 10:35:39
[auth-options.c auth.h session.c session.h sshd.c]
     clean up prototypes
2002-03-22 02:50:06 +00:00
Ben Lindstrom 7a7edf77ed - stevesk@cvs.openbsd.org 2002/03/19 03:03:43
[pathnames.h servconf.c servconf.h sshd.c]
     _PATH_PRIVSEP_CHROOT_DIR; ok provos@
2002-03-22 02:42:37 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
2002-03-22 02:30:41 +00:00
Ben Lindstrom 73ab9ba45d - provos@cvs.openbsd.org 2002/03/18 01:12:14
[auth.h auth1.c auth2.c sshd.c]
     have the authentication functions return the authentication context
     and then do_authenticated; okay millert@
2002-03-22 01:27:35 +00:00
Ben Lindstrom abcb145b38 - markus@cvs.openbsd.org 2002/03/14 16:38:26
[sshd.c]
     split out ssh1 session key decryption; ok provos@
2002-03-22 01:10:21 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch
revert
2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Ben Lindstrom 733a2351f5 - stevesk@cvs.openbsd.org 2002/02/27 21:23:13
[canohost.c channels.c packet.c sshd.c]
     remove unneeded casts in [gs]etsockopt(); ok markus@
2002-03-05 01:31:28 +00:00
Ben Lindstrom 13c5d3b370 - stevesk@cvs.openbsd.org 2002/02/24 16:09:52
[sshd.c]
     use u_char* here; ok markus@
2002-02-26 18:00:48 +00:00
Damien Miller 6a47f30c55 - markus@cvs.openbsd.org 2002/02/11 16:19:39
[sshd.c]
     include md5.h not hmac.h
2002-02-13 13:55:06 +11:00
Damien Miller 654c03fd06 - markus@cvs.openbsd.org 2002/02/11 16:17:55
[sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled
2002-02-13 13:54:44 +11:00
Damien Miller 5aa5d78e40 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/02/04 12:15:25
     [sshd.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
2002-02-08 22:01:54 +11:00
Damien Miller 0e3b87279c - markus@cvs.openbsd.org 2002/01/13 17:57:37
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size; ok provos@/mouring@
2002-01-22 23:26:38 +11:00
Damien Miller dff5099f13 - markus@cvs.openbsd.org 2001/12/28 14:50:54
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
Damien Miller d432ccf740 - markus@cvs.openbsd.org 2001/12/28 13:57:33
[auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
     packet_get_bignum* no longer returns a size
2002-01-22 23:14:44 +11:00
Damien Miller 48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller 66823cddbe - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:38 +11:00
Damien Miller da7551677b - markus@cvs.openbsd.org 2001/12/27 18:22:16
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
     call fatal() for openssl allocation failures
2002-01-22 23:09:22 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Damien Miller 72c336def6 - stevesk@cvs.openbsd.org 2001/12/10 16:45:04
[sshd.c]
     possible fd leak on error; ok markus@
2001-12-21 12:44:28 +11:00
Ben Lindstrom ade03f6bad - markus@cvs.openbsd.org 2001/12/06 13:30:06
[servconf.c servconf.h sshd.8 sshd.c]
     add -o to sshd, too. ok deraadt@
 - (bal) Minor white space fix up in servconf.c
2001-12-06 18:22:17 +00:00
Ben Lindstrom 1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
2001-12-06 18:00:18 +00:00
Ben Lindstrom f8f065bc75 - itojun@cvs.openbsd.org 2001/12/05 03:50:01
[clientloop.c serverloop.c sshd.c]
     deal with LP64 printf issue with sig_atomic_t.  from thorpej
2001-12-06 17:52:16 +00:00
Ben Lindstrom 5e71c54b8c - markus@cvs.openbsd.org 2001/11/22 12:34:22
[clientloop.c serverloop.c sshd.c]
     volatile sig_atomic_t
2001-12-06 16:48:14 +00:00
Ben Lindstrom d84df989db - markus@cvs.openbsd.org 2001/11/19 11:20:21
[sshd.c]
     fd leak on HUP; ok stevesk@
2001-12-06 16:35:40 +00:00
Ben Lindstrom 0795848def - deraadt@cvs.openbsd.org 2001/11/14 20:45:08
[sshd.c]
     errno saving wrapping in a signal handler
2001-12-06 16:19:01 +00:00
Damien Miller 6a4a4b9290 - markus@cvs.openbsd.org 2001/11/10 13:19:45
[sshd.c]
     cleanup libwrap support (remove bogus comment, bogus close(), add debug, etc).
2001-11-12 11:07:11 +11:00
Damien Miller e4a0ff4748 - markus@cvs.openbsd.org 2001/11/09 19:08:35
[sshd.c]
     remove extra trailing dot from log message; pilot@naughty.monkey.org
2001-11-12 11:06:54 +11:00
Damien Miller 00b61645eb - markus@cvs.openbsd.org 2001/10/24 08:41:41
[sshd.c]
     mention remote port in debug message
2001-11-12 10:51:23 +11:00
Ben Lindstrom 1bae404457 - stevesk@cvs.openbsd.org 2001/10/02 22:56:09
[sshd.c]
     #include "channels.h" for channel_set_af()
2001-10-03 17:46:39 +00:00
Ben Lindstrom 908afed17f - markus@cvs.openbsd.org 2001/10/01 21:38:53
[channels.c channels.h ssh.c sshd.c]
     remove ugliness; vp@drexel.edu via angelos
2001-10-03 17:34:59 +00:00
Damien Miller ffbe69890d - (djm) Revert setgroups call, it causes problems on OS-X 2001-09-18 14:03:03 +10:00
Damien Miller ebf989e601 - (djm) Clear supplemental groups at sshd start to prevent them from
being propogated to random PAM modules. Based on patch from Redhat via
   Pekka Savola <pekkas@netcore.fi>
2001-09-15 21:12:49 +10:00
Ben Lindstrom ce89dacda8 - camield@cvs.openbsd.org 2001/08/23 17:59:31
[sshd.c]
     end request with 0, not NULL
     ok markus@
2001-09-12 16:58:04 +00:00
Ben Lindstrom 6db66ff387 - (bal) Second around of UNICOS patches. A few other things left.
Patches by William L. Jones <jones@mail.utexas.edu>
2001-08-06 23:29:16 +00:00
Ben Lindstrom 794325ac7a - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
[sshd.8 sshd.c]
     add -t option to test configuration file and keys; pekkas@netcore.fi
     ok markus@
2001-08-06 21:09:07 +00:00
Ben Lindstrom ec95ed9b4c - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
      servconf.c servconf.h session.c sshconnect1.c sshd.c]
     Kerberos v5 support for SSH1, mostly from Assar Westerlund
     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
Ben Lindstrom 980978639c - markus@cvs.openbsd.org 2001/06/23 19:12:43
[sshd.c]
     pidfile/sigterm race; bbraun@synack.net
2001-06-25 05:10:20 +00:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
2001-06-25 05:01:22 +00:00
Ben Lindstrom ec46e0b5fd - markus@cvs.openbsd.org 2001/06/04 23:07:21
[clientloop.c serverloop.c sshd.c]
     set flags in the signal handlers, do real work in the main loop,
     ok provos@
2001-06-09 01:27:31 +00:00
Ben Lindstrom 80c6d77085 - markus@cvs.openbsd.org 2001/05/28 23:58:35
[packet.c packet.h sshconnect.c sshd.c]
     remove some lines, simplify.
2001-06-05 21:09:18 +00:00
Ben Lindstrom 1bda4c835e - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
[misc.c misc.h servconf.c sshd.8 sshd.c]
     sshd command-line arguments and configuration file options that
     specify time may be expressed using a sequence of the form:
     time[qualifier], where time is a positive integer value and qualifier
     is one of the following:
         <none>,s,m,h,d,w
     Examples:
         600     600 seconds (10 minutes)
         10m     10 minutes
         1h30m   1 hour 30 minutes (90 minutes)
     ok markus@
2001-06-05 19:59:08 +00:00
Ben Lindstrom 551ea37576 - markus@cvs.openbsd.org 2001/05/18 14:13:29
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
     improved kbd-interactive support. work by per@appgate.com and me
2001-06-05 18:56:16 +00:00