tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,223 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

207 Commits

Author SHA1 Message Date
Damien Miller a29b95ec3a - dtucker@cvs.openbsd.org 2006/12/13 08:34:39 
[servconf.c]
     Make PermitOpen work with multiple values like the man pages says.
     bz #1267 with details from peter at dmtz.com, with & ok djm@
 2007-01-05 16:28:36 +11:00
Damien Miller 565ca3f600 - dtucker@cvs.openbsd.org 2006/08/14 12:40:25 
[servconf.c servconf.h sshd_config.5]
     Add ability to match groups to Match keyword in sshd_config.  Feedback
     djm@, stevesk@, ok stevesk@.
 2006-08-19 00:23:15 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42 
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
 2006-08-05 12:39:39 +10:00
Damien Miller 4dec5d75da - stevesk@cvs.openbsd.org 2006/08/01 23:36:12 
[authfile.c channels.c progressmeter.c scard.c servconf.c ssh.c]
     clean extra spaces
 2006-08-05 11:38:40 +10:00
Damien Miller a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48 
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
 2006-08-05 11:37:59 +10:00
Damien Miller e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17 
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
 2006-08-05 11:34:19 +10:00
Damien Miller b8fe89c4d9 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c] 
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c]
   [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c]
   [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c]
   [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c]
   [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c]
   [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c]
   [openbsd-compat/mktemp.c openbsd-compat/port-linux.c]
   [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c]
   [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c]
   make the portable tree compile again - sprinkle unistd.h and string.h
   back in. Don't redefine __unused, as it turned out to be used in
   headers on Linux, and replace its use in auth-pam.c with ARGSUSED
 2006-07-24 14:51:00 +10:00
Damien Miller e3476ed03b - stevesk@cvs.openbsd.org 2006/07/22 20:48:23 
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h
 2006-07-24 14:13:33 +10:00
Damien Miller a765cf4b66 - dtucker@cvs.openbsd.org 2006/07/21 12:43:36 
[channels.c channels.h servconf.c servconf.h sshd_config.5]
     Make PermitOpen take a list of permitted ports and act more like most
     other keywords (ie the first match is the effective setting). This
     also makes it easier to override a previously set PermitOpen. ok djm@
 2006-07-24 14:08:13 +10:00
Damien Miller e275443f66 - dtucker@cvs.openbsd.org 2006/07/19 13:07:10 
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
     Add ForceCommand keyword to sshd_config, equivalent to the "command="
     key option, man page entry and example in sshd_config.
     Feedback & ok djm@, man page corrections & ok jmc@
 2006-07-24 14:06:47 +10:00
Damien Miller d1de9950e5 - dtucker@cvs.openbsd.org 2006/07/19 08:56:41 
[servconf.c sshd_config.5]
     Add support for X11Forwaring, X11DisplayOffset and X11UseLocalhost to
     Match.  ok djm@
 2006-07-24 14:05:48 +10:00
Damien Miller 9b439df18a - dtucker@cvs.openbsd.org 2006/07/17 12:06:00 
[channels.c channels.h servconf.c sshd_config.5]
     Add PermitOpen directive to sshd_config which is equivalent to the
     "permitopen" key option.  Allows server admin to allow TCP port
     forwarding only two specific host/port pairs.  Useful when combined
     with Match.
     If permitopen is used in both sshd_config and a key option, both
     must allow a given connection before it will be permitted.
     Note that users can still use external forwarders such as netcat,
     so to be those must be controlled too for the limits to be effective.
     Feedback & ok djm@, man page corrections & ok jmc@.
 2006-07-24 14:04:00 +10:00
Damien Miller e6b3b610ec - stevesk@cvs.openbsd.org 2006/07/17 01:31:10 
[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h
 2006-07-24 14:01:23 +10:00
Damien Miller be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52 
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
 2006-07-24 13:51:51 +10:00
Darren Tucker 4515047e47 - dtucker@cvs.openbsd.org 2006/07/12 11:34:58 
[sshd.c servconf.h servconf.c sshd_config.5 auth.c]
     Add support for conditional directives to sshd_config via a "Match"
     keyword, which works similarly to the "Host" directive in ssh_config.
     Lines after a Match line override the default set in the main section
     if the condition on the Match line is true, eg
     AllowTcpForwarding yes
     Match User anoncvs
             AllowTcpForwarding no
     will allow port forwarding by all users except "anoncvs".
     Currently only a very small subset of directives are supported.
     ok djm@
 2006-07-12 22:34:17 +10:00
Damien Miller e3b60b524e - stevesk@cvs.openbsd.org 2006/07/08 21:47:12 
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
     [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
     [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
     move #include <sys/socket.h> out of includes.h
 2006-07-10 21:08:03 +10:00
Damien Miller 917f9b6b6e - djm@cvs.openbsd.org 2006/07/06 10:47:05 
[servconf.c servconf.h session.c sshd_config.5]
     support arguments to Subsystem commands; ok markus@
 2006-07-10 20:36:47 +10:00
Damien Miller 57c30117c1 - djm@cvs.openbsd.org 2006/03/25 13:17:03 
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files
 2006-03-26 14:24:48 +11:00
Damien Miller 78f16cb07b - dtucker@cvs.openbsd.org 2006/03/19 11:51:52 
[servconf.c]
     Correct strdelim null test; ok djm@
 2006-03-26 13:54:37 +11:00
Damien Miller 928b23684a - djm@cvs.openbsd.org 2006/03/19 02:24:05 
[dh.c readconf.c servconf.c]
     potential NULL pointer dereferences detected by Coverity
     via elad AT netbsd.org; ok deraadt@
 2006-03-26 13:53:32 +11:00
Damien Miller b0fb6872ed - deraadt@cvs.openbsd.org 2006/03/19 18:51:18 
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die
 2006-03-26 00:03:21 +11:00
Damien Miller 7b58e80036 - reyk@cvs.openbsd.org 2005/12/08 18:34:11 
[auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
     [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
     two changes to the new ssh tunnel support. this breaks compatibility
     with the initial commit but is required for a portable approach.
     - make the tunnel id u_int and platform friendly, use predefined types.
     - support configuration of layer 2 (ethernet) or layer 3
     (point-to-point, default) modes. configuration is done using the
     Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
     restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
     in sshd_config(5).
     ok djm@, man page bits by jmc@
 2005-12-13 19:33:19 +11:00
Damien Miller d27b947178 - reyk@cvs.openbsd.org 2005/12/06 22:38:28 
[auth-options.c auth-options.h channels.c channels.h clientloop.c]
     [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
     [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
     [sshconnect.h sshd.8 sshd_config sshd_config.5]
     Add support for tun(4) forwarding over OpenSSH, based on an idea and
     initial channel code bits by markus@. This is a simple and easy way to
     use OpenSSH for ad hoc virtual private network connections, e.g.
     administrative tunnels or secure wireless access. It's based on a new
     ssh channel and works similar to the existing TCP forwarding support,
     except that it depends on the tun(4) network interface on both ends of
     the connection for layer 2 or layer 3 tunneling. This diff also adds
     support for LocalCommand in the ssh(1) client.

     ok djm@, markus@, jmc@ (manpages), tested and discussed with others
 2005-12-13 19:29:02 +11:00
Damien Miller 203c70579e - dtucker@cvs.openbsd.org 2005/08/06 10:03:12 
[servconf.c]
     Unbreak sshd ListenAddress for bare IPv6 addresses.
 2005-08-12 22:11:37 +10:00
Damien Miller 9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40 
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
 2005-07-26 21:54:56 +10:00
Damien Miller eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33 
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
 2005-06-17 12:59:34 +10:00
Damien Miller 17b23d8657 - markus@cvs.openbsd.org 2005/05/16 15:30:51 
[readconf.c servconf.c]
     check return value from strdelim() for NULL (AddressFamily); mpech
 2005-05-26 12:11:56 +10:00
Darren Tucker 47eede77ed - deraadt@cvs.openbsd.org 2005/03/10 22:01:05 
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
     readconf.c bufaux.c sftp.c]
     spacing
 2005-03-14 23:08:12 +11:00
Damien Miller f91ee4c3de - djm@cvs.openbsd.org 2005/03/01 10:09:52 
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
     [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
     [sshd_config.5]
     bz#413: allow optional specification of bind address for port forwardings.
     Patch originally by Dan Astorian, but worked on by several people
     Adds GatewayPorts=clientspecified option on server to allow remote
     forwards to bind to client-specified ports.
 2005-03-01 21:24:33 +11:00
Darren Tucker 0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00 
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
 2005-01-20 10:57:56 +11:00
Darren Tucker 137e9c97e0 - dtucker@cvs.openbsd.org 2004/08/13 11:09:24 
[servconf.c]
     Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
     ok markus@, djm@
 2004-08-13 21:30:24 +10:00
Darren Tucker 9fbac71905 - dtucker@cvs.openbsd.org 2004/08/11 11:09:54 
[servconf.c]
     Fix minor leak; "looks right" deraadt@
 2004-08-12 22:41:44 +10:00
Darren Tucker fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
 2004-07-17 16:12:08 +10:00
Darren Tucker 645ab757bd - djm@cvs.openbsd.org 2004/06/24 19:30:54 
[servconf.c servconf.h sshd.c]
     re-exec sshd on accept(); initial work, final debugging and ok markus@
 2004-06-25 13:33:20 +10:00
Darren Tucker 89413dbafa - dtucker@cvs.openbsd.org 2004/05/23 23:59:53 
[auth.c auth.h auth1.c auth2.c servconf.c servconf.h sshd_config sshd_config.5]
     Add MaxAuthTries sshd config option; ok markus@
 2004-05-24 10:36:23 +10:00
Darren Tucker 06f2bd8bde - deraadt@cvs.openbsd.org 2004/05/08 00:01:37 
[auth.c clientloop.c misc.h servconf.c ssh.c sshpty.h sshtty.c
     tildexpand.c], removed: sshtty.h tildexpand.h
     make two tiny header files go away; djm ok
 2004-05-13 16:06:46 +10:00
Darren Tucker 46bc075474 - djm@cvs.openbsd.org 2004/04/27 09:46:37 
[readconf.c readconf.h servconf.c servconf.h session.c session.h ssh.c
     ssh_config.5 sshd_config.5]
     bz #815: implement ability to pass specified environment variables from
     the client to the server; ok markus@
 2004-05-02 22:11:30 +10:00
Darren Tucker 3c78c5ed2f - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] 
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
   include kafs.h unless necessary.  From deengert at anl.gov.

For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
 2004-01-23 22:03:10 +11:00
Darren Tucker 409cb328c1 - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c] 
Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
 2004-01-05 22:36:51 +11:00
Darren Tucker 22ef508754 - jakob@cvs.openbsd.org 2003/12/23 16:12:10 
[servconf.c servconf.h session.c sshd_config]
     implement KerberosGetAFSToken server option. ok markus@, beck@
 2003-12-31 11:37:34 +11:00
Damien Miller 12c150e7e0 - markus@cvs.openbsd.org 2003/12/09 21:53:37 
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@
 2003-12-17 16:31:10 +11:00
Darren Tucker a49d36e7b9 - markus@cvs.openbsd.org 2003/09/29 20:19:57 
[servconf.c sshd_config]
     GSSAPICleanupCreds -> GSSAPICleanupCredentials
 2003-10-02 16:20:54 +10:00
Damien Miller 5c3a55846a - (djm) Sync with V_3_7 branch: 
- (djm) Fix SSH1 challenge kludge
   - (djm) Bug #671: Fix builds on OpenBSD
   - (djm) Bug #676: Fix PAM stack corruption
   - (djm) Fix bad free() in PAM code
   - (djm) Don't call pam_end before pam_init
   - (djm) Enable build with old OpenSSL again
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 2003-09-23 22:12:38 +10:00
Damien Miller fb10e9abe8 - markus@cvs.openbsd.org 2003/09/01 18:15:50 
[readconf.c readconf.h servconf.c servconf.h ssh.c]
     remove unused kerberos code; ok henning@
 2003-09-02 22:58:22 +10:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34 
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
 2003-09-02 22:51:17 +10:00
Darren Tucker 0efd155c3c - markus@cvs.openbsd.org 2003/08/22 10:56:09 
[auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c
     gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c
     readconf.h servconf.c servconf.h session.c session.h ssh-gss.h
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
 2003-08-26 11:49:55 +10:00
Damien Miller 30912f7259 - (djm) Bug #629: Mark ssh_config option "pamauthenticationviakbdint" 
as deprecated. Remove mention from README.privsep. Patch from
   aet AT cc.hut.fi
 2003-08-26 10:48:14 +10:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31 
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
 2003-08-13 20:37:05 +10:00
Darren Tucker 6aaa58c470 - (dtucker) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
 2003-08-02 22:24:49 +10:00
Damien Miller 865173ee03 - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from 
simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
 2003-06-04 19:06:59 +10:00
Damien Miller 3a961dc0d3 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/06/02 09:17:34
     [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
     [canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
     [sshd_config.5]
     deprecate VerifyReverseMapping since it's dangerous if combined
     with IP based access control as noted by Mike Harding; replace with
     a UseDNS option, UseDNS is on by default and includes the
     VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
     ok deraadt@, djm@
 - (djm) Fix portable-specific uses of verify_reverse_mapping too
 2003-06-03 10:25:48 +10:00
Damien Miller 6ac2c48a19 - (djm) Add warning for UsePAM when built without PAM support 2003-05-16 11:42:35 +10:00
Damien Miller f9b3feb847 - jakob@cvs.openbsd.org 2003/05/15 14:02:47 
[readconf.c servconf.c]
     warn for unsupported config option. ok markus@
 2003-05-16 11:38:32 +10:00
Damien Miller 156cbe8c67 - (djm) Enable UsePAM when built --with-pam 2003-05-15 14:16:41 +10:00
Damien Miller d248b5bd1b - jakob@cvs.openbsd.org 2003/05/15 04:08:44 
[readconf.c servconf.c]
     disable kerberos when not supported. ok markus@
 2003-05-15 14:15:23 +10:00
Damien Miller 2aa0ab463f - jakob@cvs.openbsd.org 2003/05/15 01:48:10 
[readconf.c readconf.h servconf.c servconf.h]
     always parse kerberos options. ok djm@ markus@
 - (djm) Always parse UsePAM
 2003-05-15 12:05:28 +10:00
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control 
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
 2003-05-14 15:11:48 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller 9f82c8fa4f - markus@cvs.openbsd.org 2003/02/21 09:05:53 
[servconf.c]
     print sshd_config filename in debug2 mode.
 2003-02-24 12:04:33 +11:00
Damien Miller c13486300d - (djm) OpenBSD CVS Sync 
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
     [servconf.c sshd.8 sshd_config.5]
     default LoginGraceTime to 2m; 1m may be too short for slow systems.
     ok markus@
 2002-09-05 14:35:14 +10:00
Damien Miller f771ab75f0 - stevesk@cvs.openbsd.org 2002/08/21 19:38:06 
[servconf.c sshd.8 sshd_config sshd_config.5]
     change LoginGraceTime default to 1 minute; ok mouring@ markus@
 2002-09-04 16:25:52 +10:00
Ben Lindstrom 5d860f02ca - markus@cvs.openbsd.org 2002/07/30 17:03:55 
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
     add PermitUserEnvironment (off by default!); from dot@dotat.at;
     ok provos, deraadt
 2002-08-01 01:28:38 +00:00
Tim Rice 40017b0e7a (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c 
openbsd-compat/Makefile.in] support compression on platforms that
  have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
  Based on patch from nalin@redhat.com of code extracted from Owl's package
 2002-07-14 13:36:49 -07:00
Ben Lindstrom 6b0c96ab59 - (bal) if mmap() is substandard, don't allow compression on server side. 
Post 'event' we will add more options.
 2002-06-25 03:22:03 +00:00
Ben Lindstrom e135363422 - deraadt@cvs.openbsd.org 2002/06/23 09:46:51 
[bufaux.c servconf.c]
     minor KNF.  things the fingers do while you read
 2002-06-23 21:29:23 +00:00
Damien Miller 4903eb4b74 - (djm) Warn and disable compression on platforms which can't handle both 
useprivilegeseparation=yes and compression=yes
 2002-06-21 16:20:44 +10:00
Ben Lindstrom 23e0f667f8 - markus@cvs.openbsd.org 2002/06/20 23:05:56 
[servconf.c servconf.h session.c sshd.c]
     allow Compression=yes/no in sshd_config
 2002-06-21 01:09:47 +00:00
Ben Lindstrom fb62a69488 - markus@cvs.openbsd.org 2002/05/15 21:56:38 
[servconf.c sshd.8 sshd_config]
     re-enable privsep and disable setuid for post-3.2.2
 2002-06-06 19:47:11 +00:00
Ben Lindstrom c5c15dde32 - markus@cvs.openbsd.org 2002/05/15 21:02:53 
[servconf.c sshd.8 sshd_config]
     disable privsep and enable setuid for the 3.2.2 release
 2002-05-15 21:37:34 +00:00
Ben Lindstrom bb2ce36d4d - deraadt@cvs.openbsd.org 2002/05/04 02:39:35 
[servconf.c sshd.8 sshd_config]
     enable privsep by default; provos ok
(historical)
 2002-05-15 21:35:43 +00:00
Damien Miller d7de14b6ad - markus@cvs.openbsd.org 2002/04/22 16:16:53 
[servconf.c sshd.8 sshd_config]
     do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
 2002-04-23 21:04:51 +10:00
Damien Miller e4ccf100e0 - (djm) OpenBSD CVS Sync 
- deraadt@cvs.openbsd.org 2002/04/20 09:02:03
     [servconf.c]
     No, afs requires explicit enabling
 2002-04-23 20:40:28 +10:00
Damien Miller fd4c9eee25 - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk> 2002-04-13 11:04:40 +10:00
Ben Lindstrom c743134191 - stevesk@cvs.openbsd.org 2002/03/20 19:12:25 
[servconf.c servconf.h ssh.h sshd.c]
     for unprivileged user, group do:
     pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw).  ok provos@
 2002-03-22 03:11:49 +00:00
Ben Lindstrom 7a7edf77ed - stevesk@cvs.openbsd.org 2002/03/19 03:03:43 
[pathnames.h servconf.c servconf.h sshd.c]
     _PATH_PRIVSEP_CHROOT_DIR; ok provos@
 2002-03-22 02:42:37 +00:00
Ben Lindstrom 01426a67c8 - stevesk@cvs.openbsd.org 2002/03/18 23:52:51 
[servconf.c]
     UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
     provos@
 2002-03-22 02:40:03 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31 
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
 2002-03-22 02:30:41 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch 
revert
 2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff 
PAM, Cygwin and OSF SIA will not work for sure
 2002-03-13 12:47:54 +11:00
Damien Miller fcd9320440 - markus@cvs.openbsd.org 2002/02/04 12:15:25 
[log.c log.h readconf.c servconf.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
 2002-02-05 12:26:34 +11:00
Damien Miller c5d8635d6a - markus@cvs.openbsd.org 2002/01/29 14:32:03 
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@
 2002-02-05 12:13:41 +11:00
Damien Miller 95c249ff47 - stevesk@cvs.openbsd.org 2002/01/27 14:57:46 
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
 2002-02-05 12:11:34 +11:00
Damien Miller 4fbf08a8f0 - stevesk@cvs.openbsd.org 2002/01/22 02:52:41 
[servconf.c]
     typo in error message; from djast@cs.toronto.edu
 2002-01-22 23:35:09 +11:00
Damien Miller 7fc2373f17 - stevesk@cvs.openbsd.org 2002/01/04 18:14:16 
[servconf.c sshd.8]
     protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
     /etc/ssh_host_dsa_key like we have in sshd_config.  ok markus@
 2002-01-22 23:19:11 +11:00
Damien Miller f51b0e1a30 - stevesk@cvs.openbsd.org 2002/01/04 17:59:17 
[readconf.c servconf.c]
     remove #ifdef _PATH_XAUTH/#endif; ok markus@
 2002-01-22 23:18:49 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Ben Lindstrom ade03f6bad - markus@cvs.openbsd.org 2001/12/06 13:30:06 
[servconf.c servconf.h sshd.8 sshd.c]
     add -o to sshd, too. ok deraadt@
 - (bal) Minor white space fix up in servconf.c
 2001-12-06 18:22:17 +00:00
Ben Lindstrom 1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12 
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
 2001-12-06 18:00:18 +00:00
Ben Lindstrom 65366a8c76 - stevesk@cvs.openbsd.org 2001/11/17 19:14:34 
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
     enum/int type cleanup where it made sense to do so; ok markus@
 2001-12-06 16:32:47 +00:00
Damien Miller 527366ccba - markus@cvs.openbsd.org 2001/11/12 11:17:07 
[servconf.c]
     enable authorized_keys2 again. tested by fries@
 2001-11-14 00:03:14 +11:00
Damien Miller 726273e129 - (djm) Reorder portable-specific server options so that they come first. 
This should help reduce diff collisions for new server options (as they
   will appear at the end)
 2001-11-12 11:40:11 +11:00
Damien Miller 75413ac499 - markus@cvs.openbsd.org 2001/11/11 13:02:31 
[servconf.c]
     make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if AuthorizedKeysFile is specified.
 2001-11-12 11:14:35 +11:00
Ben Lindstrom 91e9868e4f - jakob@cvs.openbsd.org 2001/08/16 19:18:34 
[servconf.c servconf.h session.c sshd.8]
     deprecate CheckMail. ok markus@
 2001-09-12 16:32:14 +00:00
Damien Miller c4b7feabe0 - itojun@cvs.openbsd.org 2001/07/11 00:24:53 
[servconf.c]
     make it compilable in all 4 combination of KRB4/KRB5 settings.
     dugsong ok
     XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and
     -I/usr/include/kerberosV?
 2001-07-14 12:20:32 +10:00
Damien Miller 4085785276 - OpenBSD CVS Sync 
- stevesk@cvs.openbsd.org 2001/07/08 15:23:38
     [servconf.c]
     fix ``MaxStartups max''; ok markus@
 2001-07-14 12:17:33 +10:00
Kevin Steves 27fd19291a whitespace sync 2001-07-04 18:29:14 +00:00
Ben Lindstrom eb7a84c49e - dugsong@cvs.openbsd.org 2001/06/26 17:41:49 
[servconf.c]
     #include <kafs.h>
 2001-07-04 04:48:36 +00:00
Ben Lindstrom ec95ed9b4c - dugsong@cvs.openbsd.org 2001/06/26 16:15:25 
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
      servconf.c servconf.h session.c sshconnect1.c sshd.c]
     Kerberos v5 support for SSH1, mostly from Assar Westerlund
     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
 2001-07-04 04:21:14 +00:00
Ben Lindstrom bba81213b9 - itojun@cvs.openbsd.org 2001/06/23 15:12:20 
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
      ssh-keygen.c ssh-keyscan.c]
     more strict prototypes.  raise warning level in Makefile.inc.
     markus ok'ed
     TODO; cleanup headers
 2001-06-25 05:01:22 +00:00