Commit Graph

6004 Commits

Author SHA1 Message Date
Tim Rice ded8fa0bc9 - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets.
Patch from Corinna Vinschen.
2010-03-11 22:32:02 -08:00
Tim Rice 2bde3eec69 - (tim) [openssh/Makefile.in] Now that scard is gone, no need to
make $(datadir)
2010-03-11 22:18:13 -08:00
Tim Rice fa233ba73b - (tim) [contrib/suse/openssh.spec] crank version number here too.
report by imorgan AT nas.nasa.gov
2010-03-10 16:12:02 -08:00
Darren Tucker c9fe39b1a4 - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO
so setting it in CFLAGS correctly skips IPv6 tests.
2010-03-09 20:42:30 +11:00
Damien Miller 081c976e1c - djm@cvs.openbsd.org 2010/03/08 00:28:55
[ssh-keygen.1]
     document permit-agent-forwarding certificate constraint; patch from
     stevesk@
2010-03-08 11:30:00 +11:00
Damien Miller 958678726c - (djm) Release OpenSSH-5.4p1 2010-03-08 09:50:17 +11:00
Damien Miller 6bf31786cf - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
crank version numbers
2010-03-08 09:41:02 +11:00
Damien Miller 3e1ee491f3 - djm@cvs.openbsd.org 2010/03/07 22:16:01
[ssh-keygen.c]
     make internal strptime string match strftime format;
     suggested by vinschen AT redhat.com and markus@
2010-03-08 09:24:11 +11:00
Damien Miller b3bc331e09 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/03/07 22:01:32
     [version.h]
     openssh-5.4
2010-03-08 09:03:33 +11:00
Darren Tucker cd70e1b813 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
     Hold authentication debug messages until after successful authentication.
     Fixes an info leak of environment variables specified in authorized_keys,
     reported by Jacob Appelbaum.  ok djm@
2010-03-07 23:05:17 +11:00
Darren Tucker ac0c4c9c1d - (dtucker) [session.c] Also initialize creds to NULL for handing to
setpcred.
2010-03-07 13:32:16 +11:00
Darren Tucker c738e6c646 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and
do not set real uid, since that's needed for the chroot, and will be set
   by permanently_set_uid.
2010-03-07 13:21:12 +11:00
Darren Tucker b3d20a3ff0 - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that
it gets the passwd struct from the LAM that knows about the user which is
   not necessarily the default.  Patch from Alexandre Letourneau.
2010-03-07 11:56:59 +11:00
Damien Miller 5059d8d7e6 - djm@cvs.openbsd.org 2010/03/05 10:28:21
[ssh-add.1 ssh.1 ssh_config.5]
     mention loading of certificate files from [private]-cert.pub when
     they are present; feedback and ok jmc@
2010-03-05 21:31:11 +11:00
Damien Miller 922b541329 - jmc@cvs.openbsd.org 2010/03/05 08:31:20
[ssh.1]
     document certificate authentication; help/ok djm
2010-03-05 21:30:54 +11:00
Damien Miller 98339054f9 - jmc@cvs.openbsd.org 2010/03/05 06:50:35
[ssh.1 sshd.8]
     tweak previous;
2010-03-05 21:30:35 +11:00
Damien Miller 9527f228ae - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@ 2010-03-05 15:04:35 +11:00
Damien Miller b068d0ad6d - djm@cvs.openbsd.org 2010/03/05 02:58:11
[auth.c]
     make the warning for a revoked key louder and more noticable
2010-03-05 14:03:03 +11:00
Damien Miller 48b6021721 - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure
on some platforms
2010-03-05 11:40:19 +11:00
Damien Miller 689b872842 - djm@cvs.openbsd.org 2010/03/04 23:27:25
[auth-options.c ssh-keygen.c]
     "force-command" is not spelled "forced-command"; spotted by
     imorgan AT nas.nasa.gov
2010-03-05 10:42:24 +11:00
Damien Miller a7dab8bfe5 - djm@cvs.openbsd.org 2010/03/04 23:19:29
[ssh.1 sshd.8]
     move section on CA and revoked keys from ssh.1 to sshd.8's known hosts
     format section and rework it a bit; requested by jmc@
2010-03-05 10:42:05 +11:00
Damien Miller c6db99ec14 - djm@cvs.openbsd.org 2010/03/04 23:17:25
[sshd_config.5]
     missing word; spotted by jmc@
2010-03-05 10:41:45 +11:00
Damien Miller 8f6c337563 - jmc@cvs.openbsd.org 2010/03/04 22:52:40
[ssh-keygen.1]
     fix Bk/Ek;
2010-03-05 10:41:26 +11:00
Tim Rice 179eee081a - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older
compilers. OK djm@
2010-03-04 12:48:05 -08:00
Damien Miller f2b70cad75 - djm@cvs.openbsd.org 2010/03/04 20:35:08
[ssh-keygen.1 ssh-keygen.c]
     Add a -L flag to print the contents of a certificate; ok markus@
2010-03-05 07:39:35 +11:00
Damien Miller 72b33820af - jmc@cvs.openbsd.org 2010/03/04 12:51:25
[ssh.1 sshd_config.5]
     tweak previous;
2010-03-05 07:39:01 +11:00
Damien Miller 700dcfa3e0 - djm@cvs.openbsd.org 2010/03/04 10:38:23
[regress/cert-hostkey.sh regress/cert-userkey.sh]
     additional regression tests for revoked keys and TrustedUserCAKeys
2010-03-04 21:58:01 +11:00
Damien Miller 017d1e777e - djm@cvs.openbsd.org 2010/03/03 00:47:23
[regress/cert-hostkey.sh regress/cert-userkey.sh]
     add an extra test to ensure that authentication with the wrong
     certificate fails as it should (and it does)
2010-03-04 21:57:21 +11:00
Damien Miller 1aed65eb27 - djm@cvs.openbsd.org 2010/03/04 10:36:03
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
     [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
     [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
     Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
     are trusted to authenticate users (in addition than doing it per-user
     in authorized_keys).

     Add a RevokedKeys option to sshd_config and a @revoked marker to
     known_hosts to allow keys to me revoked and banned for user or host
     authentication.

     feedback and ok markus@
2010-03-04 21:53:35 +11:00
Damien Miller 2befbad9b3 - djm@cvs.openbsd.org 2010/03/04 01:44:57
[key.c]
     use buffer_get_string_ptr_ret() where we are checking the return
     value explicitly instead of the fatal()-causing buffer_get_string_ptr()
2010-03-04 21:52:18 +11:00
Damien Miller fe588e3c84 - djm@cvs.openbsd.org 2010/03/03 22:50:40
[PROTOCOL.certkeys]
     s/similar same/similar/; from imorgan AT nas.nasa.gov
2010-03-04 21:52:00 +11:00
Damien Miller cd38c9c555 - djm@cvs.openbsd.org 2010/03/03 22:49:50
[sshd.8]
     the authorized_keys option for CA keys is "cert-authority", not
     "from=cert-authority". spotted by imorgan AT nas.nasa.gov
2010-03-04 21:51:37 +11:00
Damien Miller 41396573af - OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/03/03 01:44:36
     [auth-options.c key.c]
     reject strings with embedded ASCII nul chars in certificate key IDs,
     principal names and constraints
2010-03-04 21:51:11 +11:00
Damien Miller e1abf4d6bc - (djm) [regress/Makefile] Cleanup sshd_proxy_orig 2010-03-04 21:41:29 +11:00
Damien Miller d45f3b6cc7 - (djm) [.cvsignore] Ignore ssh-pkcs11-helper 2010-03-04 21:09:46 +11:00
Damien Miller 661ffc1fd6 - (djm) [contrib/redhat/openssh.spec] Replace obsolete BuildPreReq
on XFree86-devel with neutral /usr/include/X11/Xlib.h;
   imorgan AT nas.nasa.gov in bz#1731
2010-03-04 21:09:24 +11:00
Damien Miller 910f209c1d - (djm) [ssh-keygen.c] Use correct local variable, instead of
maybe-undefined global "optarg"
2010-03-04 14:17:22 +11:00
Damien Miller 386dbc05e9 - (djm) [regress/cert-userkey.sh] s/echo -n/echon/ here too 2010-03-03 13:22:41 +11:00
Damien Miller 2ca342b84b - djm@cvs.openbsd.org 2010/03/02 23:20:57
[ssh-keygen.c]
     POSIX strptime is stricter than OpenBSD's so do a little dance to
     appease it.
2010-03-03 12:14:15 +11:00
Damien Miller fb84e5950e - djm@cvs.openbsd.org 2010/03/02 23:20:57
[ssh-keygen.c]
     POSIX strptime is stricter than OpenBSD's so do a little dance to
     appease it.
2010-03-03 10:26:04 +11:00
Damien Miller 0bd41861bb - otto@cvs.openbsd.org 2010/03/01 11:07:06
[ssh-add.c]
     zap what seems to be a left-over debug message; ok markus@
2010-03-03 10:25:41 +11:00
Damien Miller 15f5b560b1 - jmc@cvs.openbsd.org 2010/02/26 22:09:28
[ssh-keygen.1 ssh.1 sshd.8]
     tweak previous;
2010-03-03 10:25:21 +11:00
Damien Miller 25b97dd454 - (djm) [PROTOCOL.certkeys] Add RCS Ident 2010-03-03 10:24:00 +11:00
Tim Rice c5b0cb3b7d - (tim) [config.guess config.sub] Bug 1722: Update to latest versions from
http://git.savannah.gnu.org/gitweb/ (2009-12-30 and 2010-01-22
   respectively).
2010-03-01 15:57:42 -08:00
Darren Tucker 9af0cb9acc - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM
adjust log at verbose only, since according to cjwatson in bug #1470
   some virtualization platforms don't allow writes.
2010-03-01 15:52:49 +11:00
Darren Tucker c614c78c53 - (dtucker) [regress/{cert-hostkey,cfgmatch,cipher-speed}.sh} Replace
"echo -n" with "echon" for portability.
2010-03-01 12:49:05 +11:00
Tim Rice bff24b8ad2 - (tim) [ssh-pkcs11-helper.c] Move declarations before calling functions
to make older compilers (gcc 2.95) happy.
2010-02-28 14:51:56 -08:00
Damien Miller acc9b29486 - (djm) [auth.c] On Cygwin, refuse usernames that have differences in
case from that matched in the system password database. On this
   platform, passwords are stored case-insensitively, but sshd requires
   exact case matching for Match blocks in sshd_config(5). Based on
   a patch from vinschen AT redhat.com.
2010-03-01 04:36:54 +11:00
Damien Miller d05951fcee - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment
variables copied into sshd child processes. From vinschen AT redhat.com
2010-02-28 03:29:33 +11:00
Damien Miller 09a24db2d7 - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded 2010-02-28 03:28:05 +11:00