Commit Graph

483 Commits

Author SHA1 Message Date
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Ben Lindstrom c8c548d248 - (bal) Disable Privsep for Tru64 after pre-authentication due to issues
with SIA.  Also, clean up of tru64 support patch by Chris Adams
   <cmadams@hiwaay.net>
2003-03-21 01:18:09 +00:00
Damien Miller 0011138d47 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/05 22:33:43
     [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
     [sftp-server.c ssh-add.c sshconnect2.c]
     fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-03-10 11:21:17 +11:00
Damien Miller 1a3ccb07c5 - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me;
From vinschen@redhat.com
2003-02-24 13:04:01 +11:00
Damien Miller 97f39ae810 - markus@cvs.openbsd.org 2003/02/06 09:26:23
[session.c]
     missing call to setproctitle() after authentication; ok provos@
2003-02-24 11:57:01 +11:00
Damien Miller a8ed44b79e - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
systems may be added later.
2003-01-10 09:53:12 +11:00
Damien Miller f25c18d7e8 - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
2003-01-07 17:38:58 +11:00
Damien Miller dfedbf8e5a - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from
mii@ornl.gov
2003-01-03 14:52:53 +11:00
Kevin Steves 678ee51ff3 - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable
parts of pass addrlen with sockaddr * fix.
    from Hajimu UMEMOTO <ume@FreeBSD.org>
2003-01-01 23:43:55 +00:00
Ben Lindstrom 46767607e2 - markus@cvs.openbsd.org 2002/12/10 08:56:00
[session.c]
     Make sure $SHELL points to the shell from the password file, even if shell
     is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
2002-12-23 02:26:08 +00:00
Ben Lindstrom 611797ed15 - stevesk@cvs.openbsd.org 2002/12/04 04:36:47
[session.c]
     remove xauth entries before add; PR 2994 from janjaap@stack.nl.
     ok markus@
2002-12-23 02:15:57 +00:00
Tim Rice 81ed518b9b Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
Ben Lindstrom 164725f40e l) Fix issue where successfull login does not clear failure counts
in AIX.  Patch by dtucker@zip.com.au ok by djm
2002-09-25 23:14:14 +00:00
Damien Miller a6eb2b7f8e - stevesk@cvs.openbsd.org 2002/09/16 19:55:33
[session.c]
     log when _PATH_NOLOGIN exists; ok markus@
2002-09-19 11:50:48 +10:00
Damien Miller f37e246f85 - stevesk@cvs.openbsd.org 2002/09/12 19:50:36
[session.c ssh.1]
     add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@
2002-09-19 11:47:55 +10:00
Damien Miller e9994cb4d7 - (djm) Bug #365: Read /.ssh/environment properly under CygWin.
Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
2002-09-10 21:43:53 +10:00
Damien Miller ebc2306629 - stevesk@cvs.openbsd.org 2002/08/29 15:57:25
[monitor.c session.c sshlogin.c sshlogin.h]
     pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
     NOTE: there are also p-specific parts to this patch. ok markus@
2002-09-04 16:45:09 +10:00
Damien Miller 5a80bba86f - markus@cvs.openbsd.org 2002/08/22 21:45:41
[session.c]
     send signal name (not signal number) in "exit-signal" message; noticed
     by galb@vandyke.com
2002-09-04 16:39:02 +10:00
Ben Lindstrom 5d860f02ca - markus@cvs.openbsd.org 2002/07/30 17:03:55
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
     add PermitUserEnvironment (off by default!); from dot@dotat.at;
     ok provos, deraadt
2002-08-01 01:28:38 +00:00
Ben Lindstrom b9051ec9a4 - markus@cvs.openbsd.org 2002/07/22 11:03:06
[session.c]
     fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
2002-07-23 21:11:09 +00:00
Ben Lindstrom 264ee307a8 - markus@cvs.openbsd.org 2002/07/19 15:43:33
[log.c log.h session.c sshd.c]
     remove fatal cleanups after fork; based on discussions with and code
     from solar.
2002-07-23 21:01:56 +00:00
Kevin Steves 38b050a0f5 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
freed by the caller; add free_pam_environment() and use it.
2002-07-23 00:44:07 +00:00
Ben Lindstrom 938b828566 - (bal) Remove unused tty defined in do_setusercontext() pointed out by
dtucker@zip.com.au plus a a more KNF since I am near it.
2002-07-15 17:58:34 +00:00
Ben Lindstrom 51b2488aad - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess. 2002-07-04 03:08:40 +00:00
Ben Lindstrom 5a9d0eaba6 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
[auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
2002-07-04 00:12:53 +00:00
Damien Miller 990070a8c5 - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
[session.c]
     disclose less information from environment files; based on input
     from djm, and dschultz@uclink.Berkeley.EDU
2002-06-26 23:51:06 +10:00
Damien Miller a0796cad4a - markus@cvs.openbsd.org 2002/06/26 08:58:26
[session.c]
     limit # of env vars to 1000; ok deraadt/djm
2002-06-26 19:15:07 +10:00
Damien Miller f18cd162d3 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@ 2002-06-26 19:12:59 +10:00
Ben Lindstrom b129be657c 20020626
- (bal) moved aix_usrinfo() and noted not setting real TTY.  Patch by
   dtucker@zip.com.au
2002-06-25 17:12:26 +00:00
Ben Lindstrom a9d2c89fc5 - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
[channels.c channels.h session.c session.h]
     display, screen, row, col, xpixel, ypixel are u_int; markus ok
  - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
    xpixel are u_int.
2002-06-23 21:48:28 +00:00
Ben Lindstrom e23f4a3d28 - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
[session.c]
     compression_level is u_int
2002-06-23 21:40:16 +00:00
Ben Lindstrom 23e0f667f8 - markus@cvs.openbsd.org 2002/06/20 23:05:56
[servconf.c servconf.h session.c sshd.c]
     allow Compression=yes/no in sshd_config
2002-06-21 01:09:47 +00:00
Ben Lindstrom f0bfa839bd - (bal) Fixed AIX environment handling, use setpcred() instead of existing
code.  (Bugzilla Bug 261)
2002-06-21 00:01:18 +00:00
Ben Lindstrom ce0f634270 - mpech@cvs.openbsd.org 2002/06/11 05:46:20
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
     pid_t cleanup. Markus need this now to keep hacking.
     markus@, millert@ ok
2002-06-11 16:42:49 +00:00
Ben Lindstrom 8bb6f36c8f - markus@cvs.openbsd.org 2002/06/10 22:28:41
[channels.c channels.h session.c]
     move creation of agent socket to session.c; no need for uidswapping
     in channel.c.
2002-06-11 15:59:02 +00:00
Ben Lindstrom 5a6abdae0f unexpand 2002-06-09 19:41:48 +00:00
Ben Lindstrom 378a417389 - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by
Bertrand.Velle@apogee-com.fr
2002-06-07 14:49:56 +00:00
Ben Lindstrom fac7769f64 - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
[session.c ssh.c]
     don't limit xauth pathlen on client side and longer print length on
     server when debug; ok markus@
2002-06-06 19:49:54 +00:00
Damien Miller a18bbd398e - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
the superuser receives.
2002-05-13 10:48:57 +10:00
Kevin Steves 5feaaefaf2 - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX 2002-04-23 20:45:55 +00:00
Ben Lindstrom c447fee9f1 - markus@cvs.openbsd.org 2002/03/29 18:59:32
[session.c session.h]
     retrieve last login time before the pty is allocated, store per session
2002-04-02 20:35:35 +00:00
Ben Lindstrom 2bf56e2dba - markus@cvs.openbsd.org 2002/03/28 15:34:51
[session.c]
     do not call record_login twice (for use_privsep)
2002-04-02 20:32:46 +00:00
Kevin Steves b4799a31a5 - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
it can be removed. only used on solaris. will no longer compile with
   privsep shuffling.
2002-03-24 23:19:54 +00:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
2002-03-22 02:54:23 +00:00
Ben Lindstrom 08105192fd - markus@cvs.openbsd.org 2002/03/19 10:35:39
[auth-options.c auth.h session.c session.h sshd.c]
     clean up prototypes
2002-03-22 02:50:06 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
2002-03-22 02:30:41 +00:00
Ben Lindstrom b481e1323e - provos@cvs.openbsd.org 2002/03/18 03:41:08
[auth.c session.c]
     move auth_approval into getpwnamallow with help from millert@
2002-03-22 01:35:47 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch
revert
2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff
PAM, Cygwin and OSF SIA will not work for sure
2002-03-13 12:47:54 +11:00
Ben Lindstrom c004135b72 - (bal) Last AIX patch. Moved aix_usrinfo() outside of do_setuserconext()
since we need more session information than provided by that function.
2002-02-25 15:48:02 +00:00
Tim Rice e06ae4a4bc [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
patch by wknox@mitre.org (William Knox).
[sshlogin.h] declare record_utmp_only for session.c
2002-02-24 17:56:46 -08:00
Ben Lindstrom 839ac4f8aa - (bal) Part two.. Drop unused AIX header, fix up missing char *cp. All
that is left is handling aix_usrinfo().
2002-02-24 20:42:46 +00:00
Ben Lindstrom 3107efc12a - (bal) Minor session.c for cygwin. mispelt 'is_winnt' variable. 2002-02-21 15:37:02 +00:00
Ben Lindstrom e37f63ffa0 - markus@cvs.openbsd.org 2002/02/16 00:51:44
[session.c]
     typo
 - (bal) CVS ID sync since the last two patches were merged mistakenly
2002-02-19 21:58:19 +00:00
Ben Lindstrom 4e97e85c03 - (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/02/15 23:11:26
     [session.c]
     split do_child(), ok mouring@

Compiles under Redhat 7.2.. I cannot give any promises.. but I spent a
good hour and half ensure all the right bits are in the right spots.. and
it does seem to help out quite a bit for readiblity.
2002-02-19 21:50:43 +00:00
Ben Lindstrom a9c039cf04 - (bal) Migrated AIX getuserattr and usrinfo code to
openbsd-compat/port-aix.[c] to improve readilbity of do_child() and
   simplify our diffs against upstream source.
2002-02-19 20:27:55 +00:00
Ben Lindstrom f095a85882 - (bal) Migrate IRIX jobs/projects/audit/etc code to
openbsd-compat/port-irix.[ch] to improve readiblity of do_child()
2002-02-19 20:02:48 +00:00
Damien Miller 19a5945105 - markus@cvs.openbsd.org 2002/02/14 23:28:00
[channels.h session.c ssh.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
2002-02-19 15:20:57 +11:00
Damien Miller 05eda437a6 - (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
2002-02-10 18:32:28 +11:00
Damien Miller f3dcf1fc88 - markus@cvs.openbsd.org 2002/02/06 14:37:22
[session.c]
     minor KNF
2002-02-08 22:06:48 +11:00
Damien Miller f3451a2181 - (djm) Cleanup after sync:
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2002-02-05 12:40:46 +11:00
Damien Miller c7ef63dd41 - markus@cvs.openbsd.org 2002/02/03 17:53:25
[auth1.c serverloop.c session.c session.h]
     don't use channel_input_channel_request and callback
     use new server_input_channel_req() instead:
     	server_input_channel_req does generic request parsing on server side
     	session_input_channel_req handles just session specific things now
     ok djm@
2002-02-05 12:21:42 +11:00
Damien Miller 5fab4b9b1d - markus@cvs.openbsd.org 2002/01/29 22:46:41
[session.c]
     don't depend on servconf.c; ok djm@
2002-02-05 12:15:07 +11:00
Damien Miller baa0870852 - stevesk@cvs.openbsd.org 2002/01/29 16:29:02
[session.c]
     limit subsystem length in log; ok markus@
2002-02-05 12:14:10 +11:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
2002-02-05 12:13:41 +11:00
Damien Miller 95c249ff47 - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
2002-02-05 12:11:34 +11:00
Damien Miller 512bccbb5a - stevesk@cvs.openbsd.org 2002/01/26 16:44:22
[includes.h session.c]
     revert code to add x11 localhost display authorization entry for
     hostname/unix:d and uts.nodename/unix:d if nodename was different than
     hostname.  just add entry for unix:d instead.  ok markus@
2002-02-05 12:11:02 +11:00
Damien Miller dff5099f13 - markus@cvs.openbsd.org 2001/12/28 14:50:54
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
2002-01-22 23:16:32 +11:00
Damien Miller 48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:40 +11:00
Damien Miller 66823cddbe - markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
2002-01-22 23:11:38 +11:00
Damien Miller bb9ffc18ca - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
fixed env var size limit in the process. Report from Corinna Vinschen
   <vinschen@redhat.com>
2002-01-08 10:59:32 +11:00
Damien Miller e737856350 - markus@cvs.openbsd.org 2001/12/20 16:37:29
[channels.c channels.h session.c]
     setup x11 listen socket for just one connect if the client requests so.
     (v2 only, but the openssh client does not support this feature).
2001-12-21 14:58:35 +11:00
Damien Miller 8db9a84310 Sync RCSIDs from Kevin's already committed patch 2001-12-21 14:51:28 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
2001-12-21 14:45:46 +11:00
Kevin Steves 366298c696 - (stevesk) OpenBSD CVS sync X11 localhost display
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
     [channels.h channels.c session.c]
     sshd X11 fake server will now listen on localhost by default:
     $ echo $DISPLAY
     localhost:12.0
     $ netstat -an|grep 6012
     tcp        0      0  127.0.0.1.6012         *.*                    LISTEN
     tcp6       0      0  ::1.6012               *.*                    LISTEN
     sshd_config gatewayports=yes can be used to revert back to the old
     behavior.  will control this with another option later.  ok markus@
   - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
     [includes.h session.c]
     handle utsname.nodename case for FamilyLocal X authorization; ok markus@
2001-12-19 17:58:01 +00:00
Ben Lindstrom ccd8d07b3c - stevesk@cvs.openbsd.org 2001/12/06 18:09:23
[channels.c session.c]
     strncpy->strlcpy.  remaining strncpy's are necessary.  ok markus@
2001-12-07 17:26:48 +00:00
Ben Lindstrom 38b951cdb2 - markus@cvs.openbsd.org 2001/12/01 21:41:48
[session.c sshd.8]
     don't pass user defined variables to /usr/bin/login
2001-12-06 17:47:47 +00:00
Damien Miller e49d0966b5 - (djm) AIX login{success,failed} changes. Move loginsuccess call to
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
   K.Wolkersdorfer@fz-juelich.de and others
2001-11-13 23:46:18 +11:00
Damien Miller c3aa3dd70c - (djm) Disconnect if no tty and PAM reports password expired 2001-10-28 22:34:52 +11:00
Damien Miller 0585d51a52 - markus@cvs.openbsd.org 2001/10/11 13:45:21
[session.c]
     delay detach of session if a channel gets closed but the child is
     still alive.  however, release pty, since the fd's to the child are
     already closed.
2001-10-12 11:35:50 +10:00
Damien Miller 3ec2759ad4 - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/10/10 22:18:47
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c session.h]
     try to keep channels open until an exit-status message is sent.
     don't kill the login shells if the shells stdin/out/err is closed.
     this should now work:
     ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
2001-10-12 11:35:04 +10:00
Damien Miller 52b77beb65 - markus@cvs.openbsd.org 2001/10/09 21:59:41
[channels.c channels.h serverloop.c session.c session.h]
     simplify session close: no more delayed session_close, no more blocking wait() calls.
2001-10-10 15:14:37 +10:00
Damien Miller ae45246696 - markus@cvs.openbsd.org 2001/10/09 19:32:49
[session.c]
     stat subsystem command before calling do_exec, and return error to client.
2001-10-10 15:08:06 +10:00
Damien Miller 139d4cd908 - markus@cvs.openbsd.org 2001/10/09 10:12:08
[session.c]
     chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
2001-10-10 15:07:44 +10:00
Damien Miller 9c75142917 - markus@cvs.openbsd.org 2001/10/06 00:36:42
[session.c]
     fix typo in error message, sync with do_exec_nopty
2001-10-10 15:02:46 +10:00
Kevin Steves a0957d6898 - (stevesk) session.c: declare do_pre_login() before use
wayned@users.sourceforge.net
2001-09-27 19:50:26 +00:00
Ben Lindstrom 37e41c9019 - markus@cvs.openbsd.org 2001/09/16 14:46:54
[session.c]
      calls krb_afslog() after setting $HOME; mattiasa@e.kth.se; fixes
      pr 1943b
2001-09-16 22:17:15 +00:00
Damien Miller 599d8eba16 - (djm) Make do_pre_login static to avoid prototype #ifdef hell 2001-09-15 12:25:53 +10:00
Ben Lindstrom b09f6b5b02 - markus@cvs.openbsd.org 2001/09/14
[session.c]
     command=xxx overwrites subsystems, too
2001-09-14 23:12:07 +00:00
Ben Lindstrom 91e9868e4f - jakob@cvs.openbsd.org 2001/08/16 19:18:34
[servconf.c servconf.h session.c sshd.8]
     deprecate CheckMail. ok markus@
2001-09-12 16:32:14 +00:00
Damien Miller efb1edfc7f - deraadt@cvs.openbsd.org 2001/07/09 07:04:53
[session.c sftp-int.c]
     correct type on last arg to execl(); nordin@cse.ogi.edu
2001-07-14 12:19:36 +10:00
Damien Miller c62f1fc3ff - (djm) Enable /etc/nologin check on PAM systems, as some lack the
pam_nologin module. Report from William Yodlowsky
   <bsd@openbsd.rutgers.edu>
2001-07-14 11:54:05 +10:00
Kevin Steves 8f63caa197 - (stevesk) more sync for session.c 2001-07-04 18:23:02 +00:00
Ben Lindstrom 4983d5ebd5 - markus@cvs.openbsd.org 2001/07/02 13:59:15
[serverloop.c session.c session.h]
     wait until !session_have_children(); bugreport from
     Lutz.Jaenicke@aet.TU-Cottbus.DE
2001-07-04 05:17:40 +00:00
Ben Lindstrom bddd551e11 - markus@cvs.openbsd.org 2001/06/27 02:12:54
[serverloop.c serverloop.h session.c session.h]
     quick hack to make ssh2 work again.
2001-07-04 04:53:53 +00:00
Ben Lindstrom ec95ed9b4c - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
      servconf.c servconf.h session.c sshconnect1.c sshd.c]
     Kerberos v5 support for SSH1, mostly from Assar Westerlund
     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
2001-07-04 04:21:14 +00:00
Ben Lindstrom 4469723325 - markus@cvs.openbsd.org 2001/06/25 08:25:41
[channels.c channels.h cipher.c clientloop.c compat.c compat.h
      hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
      session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
     update copyright for 2001
2001-07-04 03:32:30 +00:00
Kevin Steves 9b26f96c12 - (stevesk) session.c: use u_int for envsize 2001-06-29 17:52:17 +00:00
Damien Miller 665af9cae7 - (djm) Reintroduce pam_session call for non-pty sessions. 2001-06-27 09:34:15 +10:00
Damien Miller 2d5ac08f13 -Wall 2001-06-25 17:07:59 +10:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
2001-06-25 05:01:22 +00:00
Ben Lindstrom 07094e52e7 - markus@cvs.openbsd.org 2001/06/21 21:08:25
[session.c]
      don't reset forced_command (we allow multiple login shells in
      ssh2); dwd@bell-labs.com
2001-06-25 03:59:43 +00:00
Ben Lindstrom 0a7ca6c7ba - markus@cvs.openbsd.org 2001/06/19 15:40:45
[session.c]
     allocate and free at the same level.
2001-06-21 03:17:42 +00:00
Ben Lindstrom 699776e9ec - markus@cvs.openbsd.org 2001/06/19 14:09:45
[session.c sshd.8]
     disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
2001-06-21 03:14:49 +00:00
Ben Lindstrom c85ab8afab - markus@cvs.openbsd.org 2001/06/19 12:34:09
[session.c]
     cleanup forced command handling, from dwd@bell-labs.com
2001-06-21 03:13:10 +00:00
Ben Lindstrom 7a83722577 - OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/06/13 09:10:31
     [session.c]
     typo, use pid not s->pid, mstone@cs.loyola.edu
2001-06-13 19:23:32 +00:00
Ben Lindstrom c51ae1bdaa - markus@cvs.openbsd.org 2001/06/12 21:30:57
[session.c]
     unused
2001-06-13 04:43:52 +00:00
Ben Lindstrom 2bcdf064d8 - markus@cvs.openbsd.org 2001/06/12 21:21:29
[session.c]
     remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
     we do already trust $HOME/.ssh
     you can use .ssh/sshrc and .ssh/environment if you want to customize
     the location of the xauth cookies
2001-06-13 04:41:41 +00:00
Ben Lindstrom 49c126044d - markus@cvs.openbsd.org 2001/06/12 16:10:38
[session.c]
     merge ssh1/ssh2 tty msg parse and alloc code
2001-06-13 04:37:36 +00:00
Ben Lindstrom 7eaf8e4e26 - markus@cvs.openbsd.org 2001/06/12 10:58:29
[session.c]
     merge session_free into session_close()
     merge pty_cleanup_proc into session_pty_cleanup()
2001-06-13 04:35:43 +00:00
Ben Lindstrom 88259fbbc5 - markus@cvs.openbsd.org 2001/06/11 10:18:24
[session.c]
     reset pointer to NULL after xfree(); report from solar@openwall.com
2001-06-12 00:21:34 +00:00
Ben Lindstrom 4d3f227699 - markus@cvs.openbsd.org 2001/06/07 22:25:02
[session.c]
     don't overwrite errno
     delay deletion of the xauth cookie
2001-06-09 01:44:07 +00:00
Ben Lindstrom cb3929d1d9 - markus@cvs.openbsd.org 2001/06/05 16:46:19
[session.c]
     let session_close() delete the pty.  deny x11fwd if xauthfile is set.
2001-06-09 01:34:15 +00:00
Ben Lindstrom 768176b240 - markus@cvs.openbsd.org 2001/06/04 23:16:16
[session.c]
     merge ssh1/2 x11-fwd setup, create listener after tmp-dir
2001-06-09 01:29:12 +00:00
Ben Lindstrom 983c098311 - markus@cvs.openbsd.org 2001/06/04 21:59:43
[channels.c channels.h session.c]
     switch uid when cleaning up tmp files and sockets; reported by
     zen-parse@gmx.net on bugtraq
2001-06-09 01:20:06 +00:00
Ben Lindstrom 838394ca26 - markus@cvs.openbsd.org 2001/06/03 14:55:39
[channels.c channels.h session.c]
     use fatal_register_cleanup instead of atexit, sync with x11 authdir
     handling
2001-06-09 01:11:59 +00:00
Ben Lindstrom c763767f18 [NOTE: Next patch will sync nchan.c, channels.c and channels.h and all this
pain will be over.]
   - markus@cvs.openbsd.org 2001/05/31 10:30:17
     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
      packet.c serverloop.c session.c ssh.c]
     undo the .c file split, just merge the header and keep the cvs
     history
2001-06-09 00:36:26 +00:00
Ben Lindstrom e6455aee8f [NOTE: File split is was not done in Portabl Tree]
- markus@cvs.openbsd.org 2001/05/30 12:55:13
     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
      packet.c serverloop.c session.c ssh.c ssh1.h]
     channel layer cleanup: merge header files and split .c files
2001-06-09 00:17:10 +00:00
Ben Lindstrom 7d68fbf4c5 - djm@cvs.openbsd.org 2001/05/19 00:36:40
[session.c]
     Disable X11 forwarding if xauth binary is not found. Patch from Nalin
     Dahyabhai <nalin@redhat.com>; ok markus@
2001-06-05 19:29:20 +00:00
Ben Lindstrom 97c677d4f0 - (bal) UseLogin patch for Solaris/UNICOS. Patch by Wayne Davison
<wayne@blorf.net>
2001-05-08 20:33:05 +00:00
Ben Lindstrom 5428bea574 - (bal) White Space and #ifdef sync with OpenBSD 2001-05-06 02:53:25 +00:00
Ben Lindstrom 60402fd42a - markus@cvs.openbsd.org 2001/05/03 15:45:15
[session.c]
     exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au
2001-05-03 22:37:26 +00:00
Ben Lindstrom 005dd22c97 - markus@cvs.openbsd.org 2001/04/17 19:34:25
[session.c]
     move auth_approval to do_authenticated().
     do_child(): nuke hostkeys from memory
     don't source .ssh/rc for subsystems.
2001-04-18 15:29:33 +00:00
Damien Miller 364a9bd9ce - Fix OSF SIA support displaying too much information for quiet
logins and logins where access was denied by SIA. Patch from Chris Adams
   <cmadams@hiwaay.net>
2001-04-16 18:37:05 +10:00
Damien Miller cf205e8f35 - djm@cvs.openbsd.org 2001/04/16 08:19:31
[session.c]
     Split motd and hushlogin checks into seperate functions, helps for
     portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
2001-04-16 18:29:15 +10:00
Ben Lindstrom ae8e2d30db - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
[clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
     protocol 2 tty modes support; ok markus@
2001-04-14 23:13:02 +00:00
Ben Lindstrom 3fcf1a22b5 - markus@cvs.openbsd.org 2001/04/06 21:00:17
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
      ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
     do gid/groups-swap in addition to uid-swap, should help if /home/group
     is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
     to olar@openwall.com is comments.  we had many requests for this.
2001-04-08 18:26:59 +00:00
Ben Lindstrom f15a386511 - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
[canohost.c canohost.h session.c]
     move get_remote_name_or_ip() to canohost.[ch]; for portable.  ok markus@
2001-04-05 23:32:17 +00:00
Damien Miller f9e9300947 - (djm) Reestablish PAM credentials (which can be supplemental group
memberships) after initgroups() blows them away. Report and suggested
   fix from Nalin Dahyabhai <nalin@redhat.com>
2001-03-27 16:12:24 +10:00
Ben Lindstrom 7bfff36ca3 - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
[servconf.c servconf.h session.c sshd.8 sshd_config]
     PrintLastLog option; from chip@valinux.com with some minor
     changes by me.  ok markus@
2001-03-26 05:45:53 +00:00
Ben Lindstrom 6029432ec5 - djm@cvs.openbsd.org 2001/03/25 00:01:34
[session.c]
     shorten; ok markus@
2001-03-26 05:38:25 +00:00
Damien Miller b44fe0617d - (djm) Pull out our own SIGPIPE hacks 2001-03-24 15:39:38 +11:00
Ben Lindstrom de71cda078 - markus@cvs.openbsd.org 2001/03/23 14:28:32
[session.c sshd.c]
     ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
2001-03-24 00:43:26 +00:00
Ben Lindstrom d9267454ca - markus@cvs.openbsd.org 2001/03/21 21:06:30
[session.c]
     missing init; from mib@unimelb.edu.au
2001-03-22 02:06:57 +00:00
Ben Lindstrom b31783d547 - markus@cvs.openbsd.org 2001/03/21 11:43:45
[auth1.c auth2.c session.c session.h]
     merge common ssh v1/2 code
2001-03-22 02:02:12 +00:00
Ben Lindstrom fc9b07de19 - markus@cvs.openbsd.org 2001/03/20 19:21:21
[session.c]
     remove unused arg
2001-03-22 01:27:23 +00:00
Ben Lindstrom b4c961d822 - markus@cvs.openbsd.org 2001/03/20 19:21:21
[session.c]
     remove unused arg
2001-03-22 01:25:37 +00:00
Ben Lindstrom eebc4a2ed3 - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
resync
2001-03-22 01:22:03 +00:00
Damien Miller bebd8be67b - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de> 2001-03-22 11:58:15 +11:00
Damien Miller b69407dd7a - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
suggested fix from Mike Battersby <mib@unimelb.edu.au>
2001-03-21 16:13:03 +11:00
Damien Miller be08176963 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
VanDevender <stevev@darkwing.uoregon.edu>
2001-03-21 11:11:57 +11:00
Ben Lindstrom 7bb8b49596 - markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
     implement "permitopen" key option, restricts -L style forwarding to
     to specified host:port pairs. based on work by harlan@genua.de
2001-03-17 00:47:54 +00:00
Ben Lindstrom 86fe8686b9 - markus@cvs.openbsd.org 2001/03/15 22:07:08
[session.c]
     pass Session to do_child + KNF
2001-03-17 00:32:57 +00:00
Damien Miller 168a700cc6 - Support usrinfo() on AIX. Based on patch from Gert Doering
<gert@greenie.muc.de>
2001-03-17 10:29:50 +11:00
Ben Lindstrom 9c5324422e - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c 2001-03-05 07:33:14 +00:00
Ben Lindstrom 92a2e38f8e - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
     make copyright lines the same format
2001-03-05 06:59:27 +00:00
Damien Miller c594633b49 - (djm) Fully revert PAM session patch. All PAM session init is now done
before the final fork().
2001-02-28 11:46:11 +11:00
Damien Miller 7bd1c6262b - (djm) Fix PAM fix 2001-02-27 10:48:01 +11:00
Damien Miller 5a7613186b - (djm) Move PAM init to after fork for non-Solaris derived PAMs 2001-02-27 09:28:23 +11:00
Ben Lindstrom 7603b2d244 - markus@cvs.openbsd.org 2001/02/23 15:37:45
[session.c]
     handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
2001-02-26 20:13:32 +00:00
Ben Lindstrom 38e60935bb - (bal) Generalize lack of UNIX sockets since this also effects Cray
not just Cygwin.  Based on patch by Wendy Palm <wendyp@cray.com>
2001-02-24 00:55:04 +00:00
Ben Lindstrom e1bd29bc9e - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com> 2001-02-21 20:00:28 +00:00
Kevin Steves ff793a27b8 - (stevesk) session.c: back out to where we were before:
- (djm) Move PAM session initialisation until after fork in sshd. Patch
      from Nalin Dahyabhai <nalin@redhat.com>
2001-02-21 16:36:51 +00:00
Ben Lindstrom 94bce40720 - (bal) Reverted out of 2001/02/15 patch by djm below because it
breaks Solaris.
        - (djm) Move PAM session setup back to before setuid to user.
          fixes problems on Solaris-drived PAMs.
2001-02-21 05:53:33 +00:00
Ben Lindstrom d95c09cc83 - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
pty.[ch] -> sshpty.[ch]
2001-02-18 19:13:33 +00:00
Damien Miller 60396b060b - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
enable with --with-bsd-auth.
2001-02-18 17:01:00 +11:00
Ben Lindstrom 8dcdeb8421 - markus@cvs.openbsd.org 2001/02/16 14:03:43
[session.c]
     proper payload-length check for x11 w/o screen-number
2001-02-16 16:02:14 +00:00
Damien Miller 217f567187 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
2001-02-16 12:12:41 +11:00
Damien Miller 646aa60b41 - (djm) Clean up PAM namespace. Suggested by Darren Moffat
<Darren.Moffat@eng.sun.com>
2001-02-15 11:51:32 +11:00
Damien Miller e8b5b04521 - (djm) Move PAM session setup back to before setuid to user. Fixes
problems on Solaris-derived PAMs.
2001-02-15 11:32:15 +11:00
Kevin Steves 7fafa5ccbe - (stevesk) fix for SIA patch, misplaced session_setup_sia() 2001-02-13 18:45:00 +00:00
Damien Miller 92ddb7d6f0 - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
<cmadams@hiwaay.net> with a little modification and KNF.
2001-02-14 01:25:23 +11:00
Damien Miller 6b4146ad73 - (djm) Move PAM session initialisation until after fork in sshd. Patch
from Nalin Dahyabhai <nalin@redhat.com>
2001-02-14 00:45:51 +11:00
Kevin Steves 7f982bf6c9 - (stevesk) session.c: remove debugging code. 2001-02-12 15:07:52 +00:00
Kevin Steves 43cdef3ba5 missed session.c part of:
- stevesk@cvs.openbsd.org 2001/02/08 10:11:23
     [session.c sftp-client.c]
     %i -> %d
2001-02-11 14:12:08 +00:00
Ben Lindstrom 31ca54aa86 - itojun@cvs.openbsd.org 2001/02/08 19:30:52
sync with netbsd tree changes.
     - more strict prototypes, include necessary headers
     - use paths.h/pathnames.h decls
     - size_t typecase to int -> u_long
2001-02-09 02:11:24 +00:00
Kevin Steves ef4eea9bad - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
[many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
Damien Miller 3380426358 NB: big update - may break stuff. Please test!
- (djm) OpenBSD CVS sync:
   - markus@cvs.openbsd.org  2001/02/03 03:08:38
     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
     [sshd_config]
     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
   - markus@cvs.openbsd.org  2001/02/03 03:19:51
     [ssh.1 sshd.8 sshd_config]
     Skey is now called ChallengeResponse
   - markus@cvs.openbsd.org  2001/02/03 03:43:09
     [sshd.8]
     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
     channel. note from Erik.Anggard@cygate.se (pr/1659)
   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
     [ssh.1]
     typos; ok markus@
   - djm@cvs.openbsd.org     2001/02/04 04:11:56
     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
     Basic interactive sftp client; ok theo@
 - (djm) Update RPM specs for new sftp binary
 - (djm) Update several bits for new optional reverse lookup stuff. I
   think I got them all.
2001-02-04 23:20:18 +11:00
Ben Lindstrom 226cfa0378 Hopefully things did not get mixed around too much. It compiles under
Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - markus@cvs.openbsd.org 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - markus@cvs.openbsd.org 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - markus@cvs.openbsd.org 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     andrew@pimlott.ne.mediaone.net
   - djm@cvs.openbsd.org 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - djm@cvs.openbsd.org 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - markus@cvs.openbsd.org 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.
2001-01-22 05:34:40 +00:00
Ben Lindstrom b100ec9542 - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
Also removed some of the 'ISSUES' comments that have been verified by djm.
2001-01-19 05:37:32 +00:00
Ben Lindstrom db65e8fded Please grep through the source and look for 'ISSUE' comments and verify
that I was able to get all the portable bits in the right location.  As for
the SKEY comment there is an email out to Markus as to how it should be
resolved.  Until then I just #ifdef SKEY/#endif out the whole block.

 - (bal) OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/18 16:20:21
     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
      sshd.8 sshd.c]
     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
     systems
   - markus@cvs.openbsd.org 2001/01/18 16:59:59
     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
      session.h sshconnect1.c]
     1) removes fake skey from sshd, since this will be much
        harder with /usr/libexec/auth/login_XXX
     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
     3) make addition of BSD_AUTH and other challenge reponse methods
        easier.
   - markus@cvs.openbsd.org 2001/01/18 17:12:43
     [auth-chall.c auth2-chall.c]
     rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 04:26:52 +00:00
Ben Lindstrom bf555ba621 NOTE: This update changes the RSA key generation. *NEW RSA KEYS
NEED TO BE GENERATED*  =)  Refer to to entry "2001/01/16 19:20:06"
      for more details.

20010118
 - (bal) Super Sized OpenBSD Resync
   - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
     [sshd.c]
     maxfd+1
   - markus@cvs.openbsd.org 2001/01/13 17:59:18
     [ssh-keygen.1]
     small ssh-keygen manpage cleanup; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:03:07
     [scp.c ssh-keygen.c sshd.c]
     getopt() returns -1 not EOF; stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:06:54
     [ssh-keyscan.c]
     use SSH_DEFAULT_PORT; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:12:47
     [ssh-keyscan.c]
     free() -> xfree(); fix memory leak; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/13 18:14:13
     [ssh-add.c]
     typo, from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org 2001/01/13 18:32:50
     [packet.c session.c ssh.c sshconnect.c sshd.c]
     split out keepalive from packet_interactive (from dale@accentre.com)
     set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
   - markus@cvs.openbsd.org 2001/01/13 18:36:45
     [packet.c packet.h]
     reorder, typo
   - markus@cvs.openbsd.org 2001/01/13 18:38:00
     [auth-options.c]
     fix comment
   - markus@cvs.openbsd.org 2001/01/13 18:43:31
     [session.c]
     Wall
   - markus@cvs.openbsd.org 2001/01/13 19:14:08
     [clientloop.h clientloop.c ssh.c]
     move callback to headerfile
   - markus@cvs.openbsd.org 2001/01/15 21:40:10
     [ssh.c]
     use log() instead of stderr
   - markus@cvs.openbsd.org 2001/01/15 21:43:51
     [dh.c]
     use error() not stderr!
   - markus@cvs.openbsd.org 2001/01/15 21:45:29
     [sftp-server.c]
     rename must fail if newpath exists, debug off by default
   - markus@cvs.openbsd.org 2001/01/15 21:46:38
     [sftp-server.c]
     readable long listing for sftp-server, ok deraadt@
   - markus@cvs.openbsd.org 2001/01/16 19:20:06
     [key.c ssh-rsa.c]
     make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
     galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
     since they are in the wrong format, too. they must be removed from
     .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
     (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
     .ssh/authorized_keys2) additionally, we now check that
     BN_num_bits(rsa->n) >= 768.
   - markus@cvs.openbsd.org 2001/01/16 20:54:27
     [sftp-server.c]
     remove some statics. simpler handles; idea from nisse@lysator.liu.se
   - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
     [bufaux.c radix.c sshconnect.h sshconnect1.c]
     indent
 - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
   be missing such feature.
2001-01-18 02:04:35 +00:00
Ben Lindstrom d26dcf3371 20010107
- (bal) OpenBSD Sync
   - markus@cvs.openbsd.org 2001/01/06 11:23:27
     [ssh-rsa.c]
     remove unused
   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
     [ssh-keyscan.1]
     missing .El
   - markus@cvs.openbsd.org 2001/01/04 22:41:03
     [session.c sshconnect.c]
     consistent use of _PATH_BSHELL; from stevesk@pobox.com
   - djm@cvs.openbsd.org 2001/01/04 22:35:32
     [ssh.1 sshd.8]
     Mention AES as available SSH2 Cipher; ok markus
   - markus@cvs.openbsd.org 2001/01/04 22:25:58
     [sshd.c]
     sync usage()/man with defaults; from stevesk@pobox.com
   - markus@cvs.openbsd.org 2001/01/04 22:21:26
     [sshconnect2.c]
     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
     that prints a banner (e.g. /etc/issue.net)
2001-01-06 15:18:16 +00:00
Ben Lindstrom 46c162204b One way to massive patch. <sigh> It compiles and works under Linux..
And I think I have all the bits right from the OpenBSD tree.
20001222
 - Updated RCSID for pty.c
 - (bal) OpenBSD CVS Updates:
  - markus@cvs.openbsd.org 2000/12/21 15:10:16
    [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
    print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
  - markus@cvs.openbsd.org 2000/12/20 19:26:56
    [authfile.c]
    allow ssh -i userkey for root
  - markus@cvs.openbsd.org 2000/12/20 19:37:21
    [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
    fix prototypes; from stevesk@pobox.com
  - markus@cvs.openbsd.org 2000/12/20 19:32:08
    [sshd.c]
    init pointer to NULL; report from Jan.Ivan@cern.ch
  - markus@cvs.openbsd.org 2000/12/19 23:17:54
    [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
     auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
     bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
     crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
     key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
     packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
     serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
     ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
     uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
    replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
    unsigned' with u_char.
2000-12-22 01:43:59 +00:00
Damien Miller 152cea206a - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
from Andreas M. Kirchwitz <amk@krell.zikzak.de>
2000-12-13 19:21:51 +11:00
Damien Miller 43dc8da75c - (djm) Back out all the serverloop.c hacks. sshd will now hang again
if there are background children with open fds.
2000-11-29 15:55:17 +11:00
Damien Miller a2e53ccb64 - (djm) Fix(?) the ssh hang-on-logout/data-from-child race 2000-11-29 11:26:45 +11:00
Ben Lindstrom 1492029371 20001123
- (bal) Merge OpenBSD changes:
   - markus@cvs.openbsd.org  2000/11/15 22:31:36
     [auth-options.c]
     case insensitive key options; from stevesk@sweeden.hp.com
   - markus@cvs.openbsd.org  2000/11/16 17:55:43
     [dh.c]
     do not use perror() in sshd, after child is forked()
   - markus@cvs.openbsd.org  2000/11/14 23:42:40
     [auth-rsa.c]
     parse option only if key matches; fix some confusing seen by the client
   - markus@cvs.openbsd.org  2000/11/14 23:44:19
     [session.c]
     check no_agent_forward_flag for ssh-2, too
   - markus@cvs.openbsd.org  2000/11/15
     [ssh-agent.1]
     reorder SYNOPSIS; typo, use .It
   - markus@cvs.openbsd.org  2000/11/14 23:48:55
     [ssh-agent.c]
     do not reorder keys if a key is removed
   - markus@cvs.openbsd.org  2000/11/15 19:58:08
     [ssh.c]
     just ignore non existing user keys
   - millert@cvs.openbsd.org  200/11/15 20:24:43
     [ssh-keygen.c]
     Add missing \n at end of error message.
2000-11-21 21:24:55 +00:00
Ben Lindstrom 49a79c0976 - (stevek) Reworked progname support.
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c.  Patch by
   Shinichi Maruyama <marya@st.jip.co.jp>

I assume the progname patch was finished.  I believe stevek is on vacation,
but it passes compiling under Linux and NeXTStep.
2000-11-17 03:47:20 +00:00
Damien Miller 0bc1bd814e - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/11/06 16:04:56
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c ssh.c]
     agent forwarding and -R for ssh2, based on work from
     jhuuskon@messi.uku.fi
   - markus@cvs.openbsd.org  2000/11/06 16:13:27
     [ssh.c sshconnect.c sshd.c]
     do not disabled rhosts(rsa) if server port > 1024; from
     pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/11/06 16:16:35
     [sshconnect.c]
     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
   - markus@cvs.openbsd.org  2000/11/09 18:04:40
     [auth1.c]
     typo; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/11/12 12:03:28
     [ssh-agent.c]
     off-by-one when removing a key from the agent
   - markus@cvs.openbsd.org  2000/11/12 12:50:39
     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
     add support for RSA to SSH2.  please test.
     there are now 3 types of keys: RSA1 is used by ssh-1 only,
     RSA and DSA are used by SSH2.
     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
 - (djm) Fix up Makefile and Redhat init script to create RSA host keys
 - (djm) Change to interim version
2000-11-13 22:57:25 +11:00
Ben Lindstrom 980754ce49 20001112
- (bal) SCO Patch to add needed libraries for configure.in.  Patch by
   Phillips Porch <root@theporch.com>
 - (bal) IRIX patch to adding Job Limits.  Patch by Denis Parker <dcp@sgi.com>
2000-11-12 00:04:24 +00:00
Damien Miller 69b69aa50d - (djm) Sync with OpenBSD:
- markus@cvs.openbsd.org  2000/10/16 15:46:32
     [ssh.1]
     fixes from pekkas@netcore.fi
   - markus@cvs.openbsd.org  2000/10/17 14:28:11
     [atomicio.c]
     return number of characters processed; ok deraadt@
   - markus@cvs.openbsd.org  2000/10/18 12:04:02
     [atomicio.c]
     undo
   - markus@cvs.openbsd.org  2000/10/18 12:23:02
     [scp.c]
     replace atomicio(read,...) with read(); ok deraadt@
   - markus@cvs.openbsd.org  2000/10/18 12:42:00
     [session.c]
     restore old record login behaviour
   - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
     [auth-skey.c]
     fmt string problem in unused code
   - provos@cvs.openbsd.org  2000/10/19 10:45:16
     [sshconnect2.c]
     don't reference freed memory. okay deraadt@
   - markus@cvs.openbsd.org  2000/10/21 11:04:23
     [canohost.c]
     typo, eramore@era-t.ericsson.se; ok niels@
   - markus@cvs.openbsd.org  2000/10/23 13:31:55
     [cipher.c]
     non-alignment dependent swap_bytes(); from
     simonb@wasabisystems.com/netbsd
   - markus@cvs.openbsd.org  2000/10/26 12:38:28
     [compat.c]
     add older vandyke products
   - markus@cvs.openbsd.org  2000/10/27 01:32:19
     [channels.c channels.h clientloop.c serverloop.c session.c]
     [ssh.c util.c]
     enable non-blocking IO on channels, and tty's (except for the
     client ttys).
   - markus@cvs.openbsd.org  2000/10/27 01:48:22
     channels.c channels.h clientloop.c
     deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com
2000-10-28 14:19:58 +11:00
Damien Miller 50a41ed079 - (djm) Sync with OpenBSD:
- markus@cvs.openbsd.org  2000/10/14 04:01:15
     [cipher.c]
     debug3
   - markus@cvs.openbsd.org  2000/10/14 04:07:23
     [scp.c]
     remove spaces from arguments; from djm@mindrot.org
   - markus@cvs.openbsd.org  2000/10/14 06:09:46
     [ssh.1]
     Cipher is for SSH-1 only
   - markus@cvs.openbsd.org  2000/10/14 06:12:09
     [servconf.c servconf.h serverloop.c session.c sshd.8]
     AllowTcpForwarding; from naddy@
   - markus@cvs.openbsd.org  2000/10/14 06:16:56
     [auth2.c compat.c compat.h sshconnect2.c version.h]
     OpenSSH_2.3; note that is is not complete, but the version number
     needs to be changed for interoperability reasons
   - markus@cvs.openbsd.org  2000/10/14 06:19:45
     [auth-rsa.c]
     do not send RSA challenge if key is not allowed by key-options; from
     eivind@ThinkSec.com
   - markus@cvs.openbsd.org  2000/10/15 08:14:01
     [rijndael.c session.c]
     typos; from stevesk@sweden.hp.com
   - markus@cvs.openbsd.org  2000/10/15 08:18:31
     [rijndael.c]
     typo
 - Copy manpages back over from OpenBSD - too tedious to wade through diffs
2000-10-16 12:14:42 +11:00
Damien Miller 5993935f76 - (djm) Fix ssh2 hang on background processes at logout. 2000-10-15 12:21:32 +11:00
Kevin Steves c368a3c939 comparing against buf and not hostname; openbsd tree has this
problem also.
2000-10-14 16:10:06 +00:00
Kevin Steves 8d3ebb418a get_last_login_time() called twice. 2000-10-14 15:31:35 +00:00
Kevin Steves 092f2effc5 - (stevesk) ~/.hushlogin shouldn't cause required password change to
be bypassed.
2000-10-14 13:36:13 +00:00
Damien Miller 874d77bb13 - (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org  2000/09/30 10:27:44
     [log.c]
     allow loglevel debug
   - markus@cvs.openbsd.org  2000/10/03 11:59:57
     [packet.c]
     hmac->mac
   - markus@cvs.openbsd.org  2000/10/03 12:03:03
     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
     move fake-auth from auth1.c to individual auth methods, disables s/key in
     debug-msg
   - markus@cvs.openbsd.org  2000/10/03 12:16:48
     ssh.c
     do not resolve canonname, i have no idea why this was added oin ossh
   - markus@cvs.openbsd.org  2000/10/09 15:30:44
     ssh-keygen.1 ssh-keygen.c
     -X now reads private ssh.com DSA keys, too.
   - markus@cvs.openbsd.org  2000/10/09 15:32:34
     auth-options.c
     clear options on every call.
   - markus@cvs.openbsd.org  2000/10/09 15:51:00
     authfd.c authfd.h
     interop with ssh-agent2, from <res@shore.net>
   - markus@cvs.openbsd.org  2000/10/10 14:20:45
     compat.c
     use rexexp for version string matching
   - provos@cvs.openbsd.org  2000/10/10 22:02:18
     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
     First rough implementation of the diffie-hellman group exchange.  The
     client can ask the server for bigger groups to perform the diffie-hellman
     in, thus increasing the attack complexity when using ciphers with longer
     keys.  University of Windsor provided network, T the company.
   - markus@cvs.openbsd.org  2000/10/11 13:59:52
     [auth-rsa.c auth2.c]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:00:27
     [auth-options.h]
     clear auth options unless auth sucessfull
   - markus@cvs.openbsd.org  2000/10/11 14:03:27
     [scp.1 scp.c]
     support 'scp -o' with help from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/10/11 14:11:35
     [dh.c]
     Wall
   - markus@cvs.openbsd.org  2000/10/11 14:14:40
     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
     add support for s/key (kbd-interactive) to ssh2, based on work by
     mkiernan@avantgo.com and me
   - markus@cvs.openbsd.org  2000/10/11 14:27:24
     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
     [sshconnect2.c sshd.c]
     new cipher framework
   - markus@cvs.openbsd.org  2000/10/11 14:45:21
     [cipher.c]
     remove DES
   - markus@cvs.openbsd.org  2000/10/12 03:59:20
     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
     enable DES in SSH-1 clients only
   - markus@cvs.openbsd.org  2000/10/12 08:21:13
     [kex.h packet.c]
     remove unused
   - markus@cvs.openbsd.org  2000/10/13 12:34:46
     [sshd.c]
     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
   - markus@cvs.openbsd.org  2000/10/13 12:59:15
     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
     rijndael/aes support
   - markus@cvs.openbsd.org  2000/10/13 13:10:54
     [sshd.8]
     more info about -V
   - markus@cvs.openbsd.org  2000/10/13 13:12:02
     [myproposal.h]
     prefer no compression
2000-10-14 16:23:11 +11:00
Damien Miller 15b2952cd8 - (djm) Revert SSH2 serverloop hack, will find a better way. 2000-10-14 12:33:48 +11:00
Kevin Steves 48b7cc0dd7 - (stevesk) Fix detection of pw_class struct member in configure;
patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
2000-10-07 13:24:00 +00:00
Damien Miller 05dd7950f9 - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com> 2000-10-01 00:42:48 +11:00
Damien Miller cf3888d396 - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
very short lived X connections. Bug report from Tobias Oetiker
   <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
2000-09-30 14:17:52 +11:00
Damien Miller cb5e44a440 - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
tidy necessary differences. Use Markus' new debugN() in entropy.c
2000-09-29 12:12:36 +11:00
Damien Miller 15e7d4b64c - (djm) Fix SSH2 not terminating until all background tasks done problem. 2000-09-29 10:57:35 +11:00
Damien Miller 9d5705a4b3 - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
password change patch.
 - (djm) Bring licenses on my stuff in line with OpenBSD's
2000-09-16 16:09:27 +11:00
Damien Miller e4340be5b3 - (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org  2000/09/05 02:59:57
     [session.c]
     print hostname (not hushlogin)
   - markus@cvs.openbsd.org  2000/09/05 13:18:48
     [authfile.c ssh-add.c]
     enable ssh-add -d for DSA keys
   - markus@cvs.openbsd.org  2000/09/05 13:20:49
     [sftp-server.c]
     cleanup
   - markus@cvs.openbsd.org  2000/09/06 03:46:41
     [authfile.h]
     prototype
   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
     [ALL]
     cleanup copyright notices on all files.  I have attempted to be
     accurate with the details.  everything is now under Tatu's licence
     (which I copied from his readme), and/or the core-sdi bsd-ish thing
     for deattack, or various openbsd developers under a 2-term bsd
     licence.  We're not changing any rules, just being accurate.
   - markus@cvs.openbsd.org  2000/09/07 14:40:30
     [channels.c channels.h clientloop.c serverloop.c ssh.c]
     cleanup window and packet sizes for ssh2 flow control; ok niels
   - markus@cvs.openbsd.org  2000/09/07 14:53:00
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/09/07 15:13:37
     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
     [pty.c readconf.c]
     some more Copyright fixes
   - markus@cvs.openbsd.org  2000/09/08 03:02:51
     [README.openssh2]
     bye bye
   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
     [LICENCE cipher.c]
     a few more comments about it being ARC4 not RC4
   - markus@cvs.openbsd.org  2000/09/12 14:53:11
     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
     multiple debug levels
   - markus@cvs.openbsd.org  2000/09/14 14:25:15
     [clientloop.c]
     typo
   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
     [ssh-agent.c]
     check return value for setenv(3) for failure, and deal appropriately
2000-09-16 13:29:08 +11:00
Damien Miller bac2d8aa5e - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com> 2000-09-05 16:13:06 +11:00
Damien Miller 7b28dc5eb0 20000905
- (djm) Import OpenBSD CVS changes
   - markus@cvs.openbsd.org  2000/08/31 15:52:24
     [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
     implement a SFTP server. interops with sftp2, scp2 and the windows
     client from ssh.com
   - markus@cvs.openbsd.org  2000/08/31 15:56:03
     [README.openssh2]
     sync
   - markus@cvs.openbsd.org  2000/08/31 16:05:42
     [session.c]
     Wall
   - markus@cvs.openbsd.org  2000/08/31 16:09:34
     [authfd.c ssh-agent.c]
     add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
   - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
     [scp.1 scp.c]
     cleanup and fix -S support; stevesk@sweden.hp.com
   - markus@cvs.openbsd.org  2000/09/01 16:29:32
     [sftp-server.c]
     portability fixes
   - markus@cvs.openbsd.org  2000/09/01 16:32:41
     [sftp-server.c]
     fix cast; mouring@pconline.com
   - itojun@cvs.openbsd.org  2000/09/03 09:23:28
     [ssh-add.1 ssh.1]
     add missing .El against .Bl.
   - markus@cvs.openbsd.org  2000/09/04 13:03:41
     [session.c]
     missing close; ok theo
   - markus@cvs.openbsd.org  2000/09/04 13:07:21
     [session.c]
     fix get_last_login_time order; from andre@van-veen.de
   - markus@cvs.openbsd.org  2000/09/04 13:10:09
     [sftp-server.c]
     more cast fixes; from mouring@pconline.com
   - markus@cvs.openbsd.org  2000/09/04 13:06:04
     [session.c]
     set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
 - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
2000-09-05 13:34:53 +11:00
Damien Miller 87d29ed405 - (djm) Compile warning fixes from Mark Miller <markm@swoon.net> 2000-08-30 09:21:22 +11:00
Damien Miller caf6dd6d21 - More OpenBSD updates:
- deraadt@cvs.openbsd.org 2000/08/24 15:46:59
     [scp.c]
     off_t in sink, to fix files > 2GB, i think, test is still running ;-)
   - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
     [session.c]
     Wall
   - markus@cvs.openbsd.org  2000/08/26 04:33:43
     [compat.c]
     ssh.com-2.3.0
   - markus@cvs.openbsd.org  2000/08/27 12:18:05
     [compat.c]
     compatibility with future ssh.com versions
   - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
     [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
     print uid/gid as unsigned
   - markus@cvs.openbsd.org  2000/08/28 13:51:00
     [ssh.c]
     enable -n and -f for ssh2
   - markus@cvs.openbsd.org  2000/08/28 14:19:53
     [ssh.c]
     allow combination of -N and -f
   - markus@cvs.openbsd.org  2000/08/28 14:20:56
     [util.c]
     util.c
   - markus@cvs.openbsd.org  2000/08/28 14:22:02
     [util.c]
     undo
   - markus@cvs.openbsd.org  2000/08/28 14:23:38
     [util.c]
     don't complain if setting NONBLOCK fails with ENODEV
2000-08-29 11:33:50 +11:00
Damien Miller ad833b3e65 - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
- (djm) OpenBSD CVS updates:
   - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
     [ssh.c]
     accept remsh as a valid name as well; roman@buildpoint.com
   - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
     [deattack.c crc32.c packet.c]
     rename crc32() to ssh_crc32() to avoid zlib name clash.  do not move to
     libz crc32 function yet, because it has ugly "long"'s in it;
     oneill@cs.sfu.ca
   - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
     [scp.1 scp.c]
     -S prog support; tv@debian.org
   - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
     [scp.c]
     knf
   - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
     [log-client.c]
     shorten
   - markus@cvs.openbsd.org  2000/08/19 12:48:11
     [channels.c channels.h clientloop.c ssh.c ssh.h]
     support for ~. in ssh2
   - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
     [crc32.h]
     proper prototype
   - markus@cvs.openbsd.org  2000/08/19 15:34:44
     [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
     [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
     [fingerprint.c fingerprint.h]
     add SSH2/DSA support to the agent and some other DSA related cleanups.
     (note that we cannot talk to ssh.com's ssh2 agents)
   - markus@cvs.openbsd.org  2000/08/19 15:55:52
     [channels.c channels.h clientloop.c]
     more ~ support for ssh2
   - markus@cvs.openbsd.org  2000/08/19 16:21:19
     [clientloop.c]
     oops
   - millert@cvs.openbsd.org 2000/08/20 12:25:53
     [session.c]
     We have to stash the result of get_remote_name_or_ip() before we
     close our socket or getpeername() will get EBADF and the process
     will exit.  Only a problem for "UseLogin yes".
   - millert@cvs.openbsd.org 2000/08/20 12:30:59
     [session.c]
     Only check /etc/nologin if "UseLogin no" since login(1) may have its
     own policy on determining who is allowed to login when /etc/nologin
     is present.  Also use the _PATH_NOLOGIN define.
   - millert@cvs.openbsd.org 2000/08/20 12:42:43
     [auth1.c auth2.c session.c ssh.c]
     Add calls to setusercontext() and login_get*().  We basically call
     setusercontext() in most places where previously we did a setlogin().
     Add default login.conf file and put root in the "daemon" login class.
   - millert@cvs.openbsd.org 2000/08/21 10:23:31
     [session.c]
     Fix incorrect PATH setting; noted by Markus.
2000-08-23 10:46:23 +10:00
Damien Miller 942da039d2 - (djm) OpenBSD CVS changes:
- markus@cvs.openbsd.org  2000/07/22 03:14:37
     [servconf.c servconf.h sshd.8 sshd.c sshd_config]
     random early drop; ok theo, niels
   - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
     [ssh.1]
     typo
   - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
     [sshd.8]
     many fixes from pepper@mail.reppep.com
   - provos@cvs.openbsd.org  2000/08/01 13:01:42
     [Makefile.in util.c aux.c]
     rename aux.c to util.c to help with cygwin port
   - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
     [authfd.c]
     correct sun_len; Alexander@Leidinger.net
   - provos@cvs.openbsd.org  2000/08/02 10:27:17
     [readconf.c sshd.8]
     disable kerberos authentication by default
   - provos@cvs.openbsd.org  2000/08/02 11:27:05
     [sshd.8 readconf.c auth-krb4.c]
     disallow kerberos authentication if we can't verify the TGT; from
     dugsong@
     kerberos authentication is on by default only if you have a srvtab.
   - markus@cvs.openbsd.org  2000/08/04 14:30:07
     [auth.c]
     unused
   - markus@cvs.openbsd.org  2000/08/04 14:30:35
     [sshd_config]
     MaxStartups
   - markus@cvs.openbsd.org  2000/08/15 13:20:46
     [authfd.c]
     cleanup; ok niels@
   - markus@cvs.openbsd.org  2000/08/17 14:05:10
     [session.c]
     cleanup login(1)-like jobs, no duplicate utmp entries
   - markus@cvs.openbsd.org  2000/08/17 14:06:34
     [session.c sshd.8 sshd.c]
      sshd -u len, similar to telnetd
2000-08-18 13:59:06 +10:00
Damien Miller 0da2eaaf06 - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br> 2000-08-15 11:32:59 +10:00
Damien Miller 348c9b7a95 - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com> 2000-08-15 10:01:22 +10:00
Damien Miller d17b8d5aee - (djm) Define AIX hard limits if headers don't. Report from
Bill Painter <william.t.painter@lmco.com>
2000-08-09 14:42:28 +10:00
Damien Miller 182ee6e6d9 - (djm) OpenBSD CVS Updates:
- deraadt@cvs.openbsd.org 2000/07/11 02:11:34
     [session.c sshd.c ]
     make MaxStartups code still work with -d; djm
   - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
     [readconf.c ssh_config]
     disable FallBackToRsh by default
2000-07-12 09:45:27 +10:00
Damien Miller 4d97ba2257 - (djm) Fix problem with debug mode and MaxStartups 2000-07-11 18:15:50 +10:00
Damien Miller 3702396526 - (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org  2000/06/26 03:22:29
     [authfd.c]
     cleanup, less cut&paste
   - markus@cvs.openbsd.org  2000/06/26 15:59:19
     [servconf.c servconf.h session.c sshd.8 sshd.c]
     MaxStartups: limit number of unauthenticated connections, work by
     theo and me
   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
     [session.c]
     use no_x11_forwarding_flag correctly; provos ok
   - provos@cvs.openbsd.org  2000/07/05 15:35:57
     [sshd.c]
     typo
   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
     Insert more missing .El directives. Our troff really should identify
     these and spit out a warning.
   - todd@cvs.openbsd.org    2000/07/06 21:55:04
     [auth-rsa.c auth2.c ssh-keygen.c]
     clean code is good code
   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
     [serverloop.c]
     sense of port forwarding flag test was backwards
   - provos@cvs.openbsd.org  2000/07/08 17:17:31
     [compat.c readconf.c]
     replace strtok with strsep; from David Young <dyoung@onthejob.net>
   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
     [auth.h]
     KNF
   - ho@cvs.openbsd.org      2000/07/08 19:27:33
     [compat.c readconf.c]
     Better conditions for strsep() ending.
   - ho@cvs.openbsd.org      2000/07/10 10:27:05
     [readconf.c]
     Get the correct message on errors. (niels@ ok)
   - ho@cvs.openbsd.org      2000/07/10 10:30:25
     [cipher.c kex.c servconf.c]
     strtok() --> strsep(). (niels@ ok)
2000-07-11 17:31:38 +10:00
Damien Miller 65964d6082 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
<tbert@abac.com>
2000-07-11 09:16:22 +10:00
Damien Miller 5fc8565d20 - (djm) AIX getuserattr() session initialisation from Tom Bertelson
<tbert@abac.com>
2000-07-09 23:53:07 +10:00
Damien Miller 7b413d2d17 - (djm) Replace "/bin/sh" with _PATH_BSHELL
- (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
2000-07-01 13:24:21 +10:00
Damien Miller b8c656e744 - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
support. Enable using "USE_SIA=1 ./configure [options]"
2000-06-28 15:22:41 +10:00
Damien Miller 91606b17d2 - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
Irix 6.x array sessions, project id's, and system audit trail id.
2000-06-28 08:22:29 +10:00
Damien Miller 7a445bb8d8 error -> fatal 2000-06-26 13:12:37 +10:00
Damien Miller 099f505f95 - (djm) Automatically generate host key during "make install". Suggested
by Gary E. Miller <gem@rellim.com>
 - (djm) Paranoia before kill() system call
2000-06-22 20:57:11 +10:00
Damien Miller f6d9e22189 - OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/06/17 09:58:46
     [channels.c]
     everyone says "nix it" (remove protocol 2 debugging message)
   - markus@cvs.openbsd.org  2000/06/17 13:24:34
     [sshconnect.c]
     allow extended server banners
   - markus@cvs.openbsd.org  2000/06/17 14:30:10
     [sshconnect.c]
     missing atomicio, typo
   - jakob@cvs.openbsd.org   2000/06/17 16:52:34
     [servconf.c servconf.h session.c sshd.8 sshd_config]
     add support for ssh v2 subsystems. ok markus@.
   - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
     [readconf.c servconf.c]
     include = in WHITESPACE; markus ok
   - markus@cvs.openbsd.org  2000/06/17 19:09:10
     [auth2.c]
     implement bug compatibility with ssh-2.0.13 pubkey, server side
   - markus@cvs.openbsd.org  2000/06/17 21:00:28
     [compat.c]
     initial support for ssh.com's 2.2.0
   - markus@cvs.openbsd.org  2000/06/17 21:16:09
     [scp.c]
     typo
   - markus@cvs.openbsd.org  2000/06/17 22:05:02
     [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
     split auth-rsa option parsing into auth-options
     add options support to authorized_keys2
   - markus@cvs.openbsd.org  2000/06/17 22:42:54
     [session.c]
     typo
2000-06-18 14:50:44 +10:00
Damien Miller 0c043c1fd3 Missed some bits of the OpenBSD patch somewhere (?!) 2000-06-07 21:22:38 +10:00
Damien Miller d3a185709d - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
 - (djm) OpenBSD CVS updates:
  - todd@cvs.openbsd.org
    [sshconnect2.c]
    teach protocol v2 to count login failures properly and also enable an
    explanation of why the password prompt comes up again like v1; this is NOT
    crypto
  - markus@cvs.openbsd.org
    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
    xauth_location support; pr 1234
    [readconf.c sshconnect2.c]
    typo, unused
    [session.c]
    allow use_login only for login sessions, otherwise remote commands are
    execed with uid==0
    [sshd.8]
    document UseLogin better
    [version.h]
    OpenSSH 2.1.1
    [auth-rsa.c]
    fix match_hostname() logic for auth-rsa: deny access if we have a
    negative match or no match at all
    [channels.c hostfile.c match.c]
    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
    kris@FreeBSD.org
2000-06-07 19:55:44 +10:00
Damien Miller b1715dc0cf - OpenBSD CVS updates:
- markus@cvs.openbsd.org
    [session.c]
    make x11-fwd work w/ localhost (xauth add host/unix:11)
    [cipher.c compat.c readconf.c servconf.c]
    check strtok() != NULL; ok niels@
    [key.c]
    fix key_read() for uuencoded keys w/o '='
    [serverloop.c]
    group ssh1 vs. ssh2 in serverloop
    [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
    split kexinit/kexdh, factor out common code
    [readconf.c ssh.1 ssh.c]
    forwardagent defaults to no, add ssh -A
  - theo@cvs.openbsd.org
    [session.c]
    just some line shortening
2000-05-30 13:44:51 +10:00
Damien Miller d999ae26b7 - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de> 2000-05-20 12:49:31 +10:00
Damien Miller f3c6cf1383 - Avoid WCOREDUMP complation errors for systems that lack it
- Avoid SIGCHLD warnings from entropy commands
2000-05-17 22:08:29 +10:00
Damien Miller d2c208a2d3 - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix 2000-05-17 22:00:02 +10:00
Damien Miller e247cc402b - Remove references to SSLeay.
- Big OpenBSD CVS update
  - markus@cvs.openbsd.org
    [clientloop.c]
    - typo
    [session.c]
    - update proctitle on pty alloc/dealloc, e.g. w/ windows client
    [session.c]
    - update proctitle for proto 1, too
    [channels.h nchan.c serverloop.c session.c sshd.c]
    - use c-style comments
  - deraadt@cvs.openbsd.org
    [scp.c]
    - more atomicio
  - markus@cvs.openbsd.org
    [channels.c]
    - set O_NONBLOCK
    [ssh.1]
    - update AUTHOR
    [readconf.c ssh-keygen.c ssh.h]
    - default DSA key file ~/.ssh/id_dsa
    [clientloop.c]
    - typo, rm verbose debug
  - deraadt@cvs.openbsd.org
    [ssh-keygen.1]
    - document DSA use of ssh-keygen
    [sshd.8]
    - a start at describing what i understand of the DSA side
    [ssh-keygen.1]
    - document -X and -x
    [ssh-keygen.c]
    - simplify usage
  - markus@cvs.openbsd.org
    [sshd.8]
    - there is no rhosts_dsa
    [ssh-keygen.1]
    - document -y, update -X,-x
    [nchan.c]
    - fix close for non-open ssh1 channels
    [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
    - s/DsaKey/HostDSAKey/, document option
    [sshconnect2.c]
    - respect number_of_password_prompts
    [channels.c channels.h servconf.c servconf.h session.c sshd.8]
    - GatewayPorts for sshd, ok deraadt@
    [ssh-add.1 ssh-agent.1 ssh.1]
    - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
    [ssh.1]
    - more info on proto 2
    [sshd.8]
    - sync AUTHOR w/ ssh.1
    [key.c key.h sshconnect.c]
    - print key type when talking about host keys
    [packet.c]
    - clear padding in ssh2
    [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
    - replace broken uuencode w/ libc b64_ntop
    [auth2.c]
    - log failure before sending the reply
    [key.c radix.c uuencode.c]
    - remote trailing comments before calling __b64_pton
    [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
    [sshconnect2.c sshd.8]
    - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
 - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 12:03:14 +10:00
Damien Miller 70fb671d21 - Fixed __progname symbol collisions reported by Andre Lucas
<andre.lucas@dial.pipex.com>
2000-05-01 20:59:50 +10:00
Damien Miller 1b26ab286f sync missed changes 2000-04-30 10:12:49 +10:00
Damien Miller bd483e7690 - More OpenBSD updates:
[session.c]
   - don't call chan_write_failed() if we are not writing
   [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
   - keysize warnings error() -> log()
2000-04-30 10:00:53 +10:00
Damien Miller eba71bab9b - Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2]
   - interop w/ F-secure windows client
   - sync documentation
   - ssh_host_dsa_key not ssh_dsa_key
   [auth-rsa.c]
   - missing fclose
   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
   [sshd.c uuencode.c uuencode.h authfile.h]
   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
     for trading keys with the real and the original SSH, directly from the
     people who invented the SSH protocol.
   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
   [sshconnect1.c sshconnect2.c]
   - split auth/sshconnect in one file per protocol version
   [sshconnect2.c]
   - remove debug
   [uuencode.c]
   - add trailing =
   [version.h]
   - OpenSSH-2.0
   [ssh-keygen.1 ssh-keygen.c]
   - add -R flag: exit code indicates if RSA is alive
   [sshd.c]
   - remove unused
     silent if -Q is specified
   [ssh.h]
   - host key becomes /etc/ssh_host_dsa_key
   [readconf.c servconf.c ]
   - ssh/sshd default to proto 1 and 2
   [uuencode.c]
   - remove debug
   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
   - xfree DSA blobs
   [auth2.c serverloop.c session.c]
   - cleanup logging for sshd/2, respect PasswordAuth no
   [sshconnect2.c]
   - less debug, respect .ssh/config
   [README.openssh2 channels.c channels.h]
   - clientloop.c session.c ssh.c
   - support for x11-fwding, client+server
2000-04-29 23:57:08 +10:00
Damien Miller 06d84b78e9 - Define __progname in session.c if libc doesn't 2000-04-21 16:13:07 +10:00
Damien Miller 166fca8894 - Sync with OpenBSD CVS:
[clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
  - pid_t
  [session.c]
  - remove bogus chan_read_failed. this could cause data
    corruption (missing data) at end of a SSH2 session.
2000-04-20 07:42:21 +10:00
Damien Miller 5f05637b0e - Reduce diff against OpenBSD source
- All OpenSSL includes are now unconditionally referenced as
     openssl/foo.h
   - Pick up formatting changes
   - Other minor changed (typecasts, etc) that I missed
2000-04-16 12:31:48 +10:00
Damien Miller 4af51306d9 - OpenBSD CVS updates.
[ssh.1 ssh.c]
   - ssh -2
   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
   [session.c sshconnect.c]
   - check payload for (illegal) extra data
   [ALL]
   - whitespace cleanup
2000-04-16 11:18:38 +10:00
Damien Miller efb4afe026 - More large OpenBSD CVS updates:
- [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
     [session.h ssh.h sshd.c README.openssh2]
     ssh2 server side, see README.openssh2; enable with 'sshd -2'
   - [channels.c]
     no adjust after close
   - [sshd.c compat.c ]
     interop w/ latest ssh.com windows client.
2000-04-12 18:45:05 +10:00
Damien Miller b38eff8e4f - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
- [auth.c session.c sshd.c auth.h]
     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
   - [bufaux.c bufaux.h]
     support ssh2 bignums
   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
     [readconf.c ssh.c ssh.h serverloop.c]
     replace big switch() with function tables (prepare for ssh2)
   - [ssh2.h]
     ssh2 message type codes
   - [sshd.8]
     reorder Xr to avoid cutting
   - [serverloop.c]
     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
   - [channels.c]
     missing close
     allow bigger packets
   - [cipher.c cipher.h]
     support ssh2 ciphers
   - [compress.c]
     cleanup, less code
   - [dispatch.c dispatch.h]
     function tables for different message types
   - [log-server.c]
     do not log() if debuggin to stderr
     rename a cpp symbol, to avoid param.h collision
   - [mpaux.c]
     KNF
   - [nchan.c]
     sync w/ channels.c
2000-04-01 11:09:21 +10:00