93576d9538
- deraadt@cvs.openbsd.org 2002/11/21 23:03:51
...
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
sshconnect.c]
KNF
2002-12-23 02:06:19 +00:00
064496feaa
- markus@cvs.openbsd.org 2002/11/21 22:45:31
...
[cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
debug->debug2, unify debug messages
2002-12-23 02:04:22 +00:00
1f53083fc4
- markus@cvs.openbsd.org 2002/11/21 22:22:50
...
[dh.c]
debug->debug2
2002-12-23 02:03:02 +00:00
f49dbff61d
- markus@cvs.openbsd.org 2002/11/18 16:43:44
...
[clientloop.c]
don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN;
e.g. if ssh is used for backup; report Joerg Schilling; ok millert@
2002-12-23 02:01:55 +00:00
44adb8fed9
- fgsch@cvs.openbsd.org 2002/11/15 10:03:09
...
[authfile.c]
lseek(2) may return -1 when getting the public/private key lenght.
Simplify the code and check for errors using fstat(2).
Problem reported by Mauricio Sanchez, markus@ ok.
2002-12-23 02:00:23 +00:00
ab1c12a11c
- (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org
2002-12-05 20:59:33 +11:00
1c9e688548
[configure.ac] fix STDPATH test for IRIX. First reported by advax@triumf.ca.
...
This type of solution tested by <herb@sgi.com>
2002-11-22 13:29:01 -08:00
be2396458e
[configure.ac] remove unused variables no_libsocket and no_libnsl
2002-11-13 15:55:55 -08:00
748fcf9881
[contrib/solaris/opensshd.in] add umask 022 so sshd.pid is not world writable.
2002-11-13 15:50:04 -08:00
f5397c081d
- (bal) AIX does not log login attempts for unknown users (bug #432 ).
...
patch by dtucker@zip.com.au
2002-11-09 16:11:10 +00:00
224313cdae
- (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c
...
ntsec now default if cygwin version beginning w/ version 56. Patch
by Corinna Vinschen <vinschen@redhat.com>
2002-11-09 15:59:27 +00:00
007eb912ea
- markus@cvs.openbsd.org 2002/11/07 22:35:38
...
[scp.c]
check exit status from ssh, and exit(1) if ssh fails; bug#369;
binder@arago.de
2002-11-09 15:54:08 +00:00
b6df73b06a
- markus@cvs.openbsd.org 2002/11/07 22:08:07
...
[readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
because HostbasedAuthentication might be enabled based on the
target host and ssh-keysign(8) does not know the remote hostname
and not trust ssh(1) about the hostname, so we add a new option
EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
2002-11-09 15:52:31 +00:00
c2faa4a504
- markus@cvs.openbsd.org 2002/11/07 16:28:47
...
[sshd.c]
log to stderr if -ie is given, bug #414 , prj@po.cwru.edu
2002-11-09 15:50:03 +00:00
8e879cf691
- markus@cvs.openbsd.org 2002/11/05 20:10:37
...
[sftp-client.c]
typo; GaryF@livevault.com
2002-11-09 15:48:49 +00:00
41ee2b0d77
- markus@cvs.openbsd.org 2002/11/05 19:45:20
...
[monitor.c]
handle overflows for size_t larger than u_int; siw@goneko.de , bug #425
2002-11-09 15:47:47 +00:00
9bda7ae4c6
- markus@cvs.openbsd.org 2002/11/04 10:09:51
...
[packet.c]
log before send disconnect; ok djm@
2002-11-09 15:46:24 +00:00
485075e8fa
- markus@cvs.openbsd.org 2002/11/04 10:07:53
...
[auth.c]
don't compare against pw_home if realpath fails for pw_home (seen
on AFS); ok djm@
2002-11-09 15:45:12 +00:00
ee844912c9
- markus@cvs.openbsd.org 2002/10/23 10:40:16
...
[bufaux.c]
%u for u_int
2002-11-09 15:43:23 +00:00
0cc2a47674
- markus@cvs.openbsd.org 2002/10/23 10:32:13
...
[packet.c]
use %u for u_int
2002-11-09 15:41:39 +00:00
0851381bf7
- itojun@cvs.openbsd.org 2002/10/16 14:31:48
...
[sftp-common.c]
64bit pedant. %llu is "unsigned long long". markus ok
2002-11-09 15:40:34 +00:00
885929cd31
fix changelog
2002-10-21 20:26:16 +10:00
7b3f58cbcd
- (djm) Bug #317 : FreeBSD needs libutil.h for openpty() Report from
...
dirk.meyer@dinoex.sub.org
2002-10-21 10:50:25 +10:00
5a5da88c59
- (djm) Kill ssh-rand-helper children on timeout, patch from
...
dtucker@zip.com.au
2002-10-21 10:13:35 +10:00
3e0064781b
- (bal) More advanced strsep test by Darren Tucker <dtucker@zip.com.au>
2002-10-16 00:24:03 +00:00
97e38d8667
20021015
...
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
2002-10-16 00:13:52 +00:00
94f628f0ab
[contrib/caldera/openssh.spec] make ssh-agent setgid nobody
2002-10-15 13:16:55 -07:00
dc3c757f57
- (bal) Disable post-authentication Privsep for OSF/1. It conflicts with
...
SIA.
2002-10-04 23:54:54 +00:00
901119beab
- (djm) Bug #406 : s/msg_send/ssh_msg_send/ for Mac OS X 1.2
2002-10-04 11:10:04 +10:00
510d51300e
- (djm) Bump RPM spec version numbers
2002-10-03 11:56:58 +10:00
7156fc7da6
- markus@cvs.openbsd.org 2002/10/01 13:24:50
...
[version.h]
OpenSSH 3.5
2002-10-03 11:55:37 +10:00
af9de38c43
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/10/01 20:34:12
[ssh-agent.c]
allow root to access the agent, since there is no protection from root.
2002-10-03 11:54:35 +10:00
d8769625fb
- stevesk@cvs.openbsd.org 2002/09/27 15:46:21
...
[ssh.1]
clarify compression level protocol 1 only; ok markus@ deraadt@
2002-09-30 12:00:55 +10:00
e9264973ad
- (djm) OpenBSD CVS Sync
...
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
[compat.c compat.h sshd.c]
add a generic match for a prober, such as sie big brother;
idea from stevesk@; markus@ ok
2002-09-30 11:59:21 +10:00
50f6123eef
- (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, tweak README
2002-09-30 10:40:39 +10:00
d94e549ea8
- markus@cvs.openbsd.org 2002/09/26 11:38:43
...
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h]
krb4 + privsep; ok dugsong@, deraadt@
2002-09-27 13:25:58 +10:00
d27a76de65
- markus@cvs.openbsd.org 2002/09/25 15:19:02
...
[sshd.c]
typo; pilot@monkey.org
2002-09-27 13:22:31 +10:00
d681d2602c
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/09/25 11:17:16
[sshd_config]
sync LoginGraceTime with default
2002-09-27 13:21:57 +10:00
81ed518b9b
Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
...
This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00
164725f40e
l) Fix issue where successfull login does not clear failure counts
...
in AIX. Patch by dtucker@zip.com.au ok by djm
2002-09-25 23:14:14 +00:00
dcbb6c2dc9
- todd@cvs.openbsd.org 2002/09/24 20:59:44
...
[sshd.8]
tweak the example $HOME/.ssh/rc script to not show on any cmdline the
sensitive data it handles. This fixes bug # 402 as reported by
kolya@mit.edu (Nickolai Zeldovich).
ok markus@ and stevesk@
2002-09-25 12:20:52 +10:00
ef73f50a12
- markus@cvs.openbsd.org 2002/09/24 08:46:04
...
[monitor.c]
only call kerberos code for authctxt->valid
2002-09-25 12:20:17 +10:00
7db40c9e2e
- markus@cvs.openbsd.org 2002/09/23 22:11:05
...
[monitor.c]
only call auth_krb5 if kerberos is enabled; ok deraadt@
2002-09-25 12:19:39 +10:00
b2f844dc51
- (djm) OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2002/09/23 20:46:27
[canohost.c]
change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
2002-09-25 12:19:08 +10:00
2c961cecb0
[configure.ac] s/return/exit/ patch by dtucker@zip.com.au
...
From autoconf guidelines:
"Test programs should exit, not return, from main, because on some
systems (old Suns, at least) the argument to return in main is ignored."
2002-09-23 16:54:10 -07:00
6f0a188857
- stevesk@cvs.openbsd.org 2002/09/20 18:41:29
...
[auth.c]
log illegal user here for missing privsep case (ssh2).
this is executed in the monitor. ok markus@
2002-09-22 01:26:51 +10:00
16aed05578
- stevesk@cvs.openbsd.org 2002/09/19 16:03:15
...
[serverloop.c]
log IP address also; ok markus@
2002-09-22 01:26:27 +10:00
2138d152b2
- markus@cvs.openbsd.org 2002/09/19 15:51:23
...
[ssh-add.c]
typo; cd@kalkatraz.de
2002-09-22 01:26:00 +10:00
a0e4559d72
- (djm) OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2002/09/19 14:53:14
[compat.c]
2002-09-22 01:25:35 +10:00
8c4e18a6ec
- djm@cvs.openbsd.org 2002/09/19 01:58:18
...
[ssh.c sshconnect.c]
bugzilla.mindrot.org #223 - ProxyCommands don't exit.
Patch from dtucker@zip.com.au ; ok markus@
2002-09-19 12:05:02 +10:00
9b037b837a
- itojun@cvs.openbsd.org 2002/09/17 07:47:02
...
[channels.c]
don't quit while creating X11 listening socket.
http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
got from portable. markus ok
2002-09-19 11:54:54 +10:00
86247e2798
- stevesk@cvs.openbsd.org 2002/09/16 22:03:13
...
[sshd.8]
reference moduli(5) in FILES /etc/moduli.
2002-09-19 11:51:53 +10:00
101c4a7bc9
- stevesk@cvs.openbsd.org 2002/09/16 20:12:11
...
[sshd_config.5]
more details on X11Forwarding security issues and threats; ok markus@
2002-09-19 11:51:21 +10:00
a6eb2b7f8e
- stevesk@cvs.openbsd.org 2002/09/16 19:55:33
...
[session.c]
log when _PATH_NOLOGIN exists; ok markus@
2002-09-19 11:50:48 +10:00
e1383cee9d
- stevesk@cvs.openbsd.org 2002/09/13 19:23:09
...
[channels.c sshconnect.c sshd.c]
remove use of SO_LINGER, it should not be needed. error check
SO_REUSEADDR. fixup comments. ok markus@
2002-09-19 11:49:37 +10:00
f37e246f85
- stevesk@cvs.openbsd.org 2002/09/12 19:50:36
...
[session.c ssh.1]
add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384 . ok markus@
2002-09-19 11:47:55 +10:00
db30b12d7b
- (djm) OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2002/09/12 19:11:52
[ssh-agent.c]
%u for uid print; ok markus@
2002-09-19 11:46:58 +10:00
10f3085137
- (djm) Made GNOME askpass programs return non-zero if cancel button is
...
pressed.
2002-09-12 14:49:00 +10:00
1d87176749
trim from 3.3p1 back (look in CVS for the full changelog)
2002-09-12 10:45:32 +10:00
9b481510bb
- (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and
...
fake-queue.h to sys-tree.h and sys-queue.h
2002-09-12 10:43:29 +10:00
622accfdb7
- djm@cvs.openbsd.org 2002/09/12 00:13:06
...
[sftp-int.c]
zap unused var introduced in last commit
2002-09-12 10:34:13 +10:00
771721fa31
- (djm) Added getpeereid() replacement. Properly implemented for systems
...
with SO_PEERCRED support. Faked for systems which lack it.
2002-09-12 10:32:59 +10:00
e1a4981707
- djm@cvs.openbsd.org 2002/09/11 22:41:50
...
[sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
[sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
support for short/long listings and globbing in "ls"; ok markus@
2002-09-12 09:54:25 +10:00
789e95dbe9
- stevesk@cvs.openbsd.org 2002/09/11 18:27:26
...
[authfd.c authfd.h ssh.c]
don't connect to agent to test for presence if we've previously
connected; ok markus@
2002-09-12 09:52:46 +10:00
b5fdfaae13
- stevesk@cvs.openbsd.org 2002/09/11 17:55:03
...
[ssh.1]
add agent and X11 forwarding warning text from ssh_config.5; ok markus@
2002-09-12 09:52:03 +10:00
538f1819d8
- markus@cvs.openbsd.org 2002/09/10 20:24:47
...
[ssh-agent.c]
check the euid of the connecting process with getpeereid(2);
ok provos deraadt stevesk
2002-09-12 09:51:10 +10:00
a10f56151b
- markus@cvs.openbsd.org 2002/09/09 14:54:15
...
[channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
signed vs unsigned from -pedantic; ok henning@
2002-09-12 09:49:15 +10:00
25162f2518
- itojun@cvs.openbsd.org 2002/09/09 06:48:06
...
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
[monitor_wrap.c monitor_wrap.h]
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
2002-09-12 09:47:29 +10:00
4d53d39b07
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/09/08 20:24:08
[hostfile.h]
no comma at end of enumerator list
2002-09-12 09:43:56 +10:00
71eb0c1550
- (djm) Sync openbsd-compat with OpenBSD -current
2002-09-11 10:29:11 +10:00
c34e03e471
- (djm) Bug #138 : Make protocol 1 blowfish work with old OpenSSL.
...
Patch from Robert Halubek <rob@adso.com.pl>
2002-09-10 22:26:17 +10:00
e9994cb4d7
- (djm) Bug #365 : Read /.ssh/environment properly under CygWin.
...
Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
2002-09-10 21:43:53 +10:00
005d4560ed
- (djm) Add support for building gtk2 password requestor from Redhat beta
2002-09-05 16:53:20 +10:00
44d5b60336
- (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from
...
Nalin Dahyabhai <nalin@redhat.com>
2002-09-05 16:46:24 +10:00
539983800d
- (djm) Merge openssh-TODO.patch from Redhat (null) beta
2002-09-05 16:32:02 +10:00
c13486300d
- (djm) OpenBSD CVS Sync
...
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
[servconf.c sshd.8 sshd_config.5]
default LoginGraceTime to 2m; 1m may be too short for slow systems.
ok markus@
2002-09-05 14:35:14 +10:00
fc93d4bd31
- (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt
2002-09-04 23:26:29 +10:00
6b09792a55
- (djm) Fix Redhat RPM build dependancy test
2002-09-04 17:19:04 +10:00
05913badf3
- stevesk@cvs.openbsd.org 2002/08/29 22:54:10
...
[ssh_config.5 sshd_config.5]
state XAuthLocation is a full pathname
2002-09-04 16:51:03 +10:00
50b9a60082
- stevesk@cvs.openbsd.org 2002/08/29 19:49:42
...
[ssh.c]
shrink initial privilege bracket for setuid case; ok markus@
2002-09-04 16:50:06 +10:00
9b1dacdf2c
- stevesk@cvs.openbsd.org 2002/08/29 16:09:02
...
[ssh_config.5]
more on UsePrivilegedPort and setuid root; ok markus@
2002-09-04 16:47:35 +10:00
147bba3453
- stevesk@cvs.openbsd.org 2002/08/29 16:02:54
...
[ssh.1 ssh.c]
deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
2002-09-04 16:46:06 +10:00
ebc2306629
- stevesk@cvs.openbsd.org 2002/08/29 15:57:25
...
[monitor.c session.c sshlogin.c sshlogin.h]
pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
NOTE: there are also p-specific parts to this patch. ok markus@
2002-09-04 16:45:09 +10:00
af65304a3c
- stevesk@cvs.openbsd.org 2002/08/27 17:18:40
...
[ssh_config.5]
some warning text for ForwardAgent and ForwardX11; ok markus@
2002-09-04 16:40:37 +10:00
f7c2391d83
- stevesk@cvs.openbsd.org 2002/08/27 17:13:56
...
[ssh-rsa.c]
RSA_public_decrypt() returns -1 on error so len must be signed;
ok markus@
2002-09-04 16:39:48 +10:00
5a80bba86f
- markus@cvs.openbsd.org 2002/08/22 21:45:41
...
[session.c]
send signal name (not signal number) in "exit-signal" message; noticed
by galb@vandyke.com
2002-09-04 16:39:02 +10:00
de6f2de8ad
- markus@cvs.openbsd.org 2002/08/22 21:33:58
...
[auth1.c auth2.c]
auth_root_allowed() is handled by the monitor in the privsep case,
so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
2002-09-04 16:37:26 +10:00
061d5b144f
- stevesk@cvs.openbsd.org 2002/08/22 20:57:19
...
[ssh-agent.c]
shutdown(SHUT_RDWR) not needed before close here; ok markus@
2002-09-04 16:33:31 +10:00
066928648b
- stevesk@cvs.openbsd.org 2002/08/22 19:38:42
...
[clientloop.c]
format with current EscapeChar; bugzilla #388 from wknox@mitre.org .
ok markus@
2002-09-04 16:32:10 +10:00
58f3486c74
- stevesk@cvs.openbsd.org 2002/08/22 19:27:53
...
[ssh-agent.c]
use common close function; ok markus@
2002-09-04 16:31:21 +10:00
4efdfff6ba
- stevesk@cvs.openbsd.org 2002/08/21 20:10:28
...
[ssh-agent.c]
raise listen backlog; ok markus@
2002-09-04 16:28:18 +10:00
f771ab75f0
- stevesk@cvs.openbsd.org 2002/08/21 19:38:06
...
[servconf.c sshd.8 sshd_config sshd_config.5]
change LoginGraceTime default to 1 minute; ok mouring@ markus@
2002-09-04 16:25:52 +10:00
b83df8d505
- espie@cvs.openbsd.org 2002/08/21 11:20:59
...
[sshd.8]
`RSA' updated to refer to `public key', where it matters.
okay markus@
2002-09-04 16:24:55 +10:00
6cffb9a8cd
- markus@cvs.openbsd.org 2002/08/12 10:46:35
...
[ssh-agent.c]
make ssh-agent setgid, disallow ptrace.
(note: change not yet made in Makefile)
2002-09-04 16:20:26 +10:00
3962119c8a
- (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign
...
it to ULONG_MAX.
2002-08-21 02:54:11 +00:00
479b476af6
- stevesk@cvs.openbsd.org 2002/08/17 23:55:01
...
[ssh_config.5]
ordered list here
2002-08-20 19:04:51 +00:00
3541f18e10
- stevesk@cvs.openbsd.org 2002/08/17 23:07:14
...
[ssh.1]
ForwardAgent has defaulted to no for over 2 years; be more clear here.
2002-08-20 19:03:20 +00:00
bd9bf38b00
- stevesk@cvs.openbsd.org 2002/08/12 17:30:35
...
[ssh.1 sshd.8 sshd_config.5]
more PermitUserEnvironment; ok markus@
2002-08-20 18:54:20 +00:00
15b6120e63
- stevesk@cvs.openbsd.org 2002/08/09 17:41:12
...
[sshd_config.5]
proxy vs. fake display
2002-08-20 18:44:24 +00:00
1f8cf4f4fb
- stevesk@cvs.openbsd.org 2002/08/09 17:21:42
...
[sshd_config.5]
use Op for mdoc conformance; from esr@golux.thyrsus.com
ok aaron@
2002-08-20 18:43:27 +00:00
Ben Lindstrom
Damien Miller
Tim Rice