tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,604 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

416 Commits

Author SHA1 Message Date
Darren Tucker a2cdbda2de - djm@cvs.openbsd.org 2005/09/19 11:47:09 
[sshd.c]
     stop connection abort on rekey with delayed compression enabled when
     post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
 2005-10-03 18:16:02 +10:00
Darren Tucker ce321d8a30 - djm@cvs.openbsd.org 2005/09/13 23:40:07 
[sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
     scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
     ensure that stdio fds are attached; ok deraadt@
 2005-10-03 18:11:24 +10:00
Darren Tucker c6f8219e0d - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed 
process when sshd relies on ssh-random-helper.  Should result in faster
   logins on systems without a real random device or prngd.  ok djm@
 2005-09-27 22:46:32 +10:00
Damien Miller 9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40 
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
 2005-07-26 21:54:56 +10:00
Damien Miller 94cf4c8448 - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c] 
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
   in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
 2005-07-17 17:04:47 +10:00
Damien Miller eccb9de72a - djm@cvs.openbsd.org 2005/06/17 02:44:33 
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
     [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
     [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
     [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
     [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
     make this -Wsign-compare clean; ok avsm@ markus@
     NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
     NB2. more work may be needed to make portable Wsign-compare clean
 2005-06-17 12:59:34 +10:00
Damien Miller 677257fe07 - markus@cvs.openbsd.org 2005/06/16 08:00:00 
[canohost.c channels.c sshd.c]
     don't exit if getpeername fails for forwarded ports; bugzilla #1054;
     ok djm
 2005-06-17 12:55:03 +10:00
Damien Miller 4f1d6b2c11 - djm@cvs.openbsd.org 2005/04/06 09:43:59 
[sshd.c]
     avoid harmless logspam by not performing setsockopt() on non-socket;
     ok markus@
 2005-05-26 11:59:32 +10:00
Darren Tucker f3bb434177 - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in 
handling of password expiry messages returned by AIX's authentication
   routines, originally reported by robvdwal at sara.nl.
 2005-03-31 21:39:25 +10:00
Darren Tucker 2b59a6dad6 - (dtucker) [session.c sshd.c] Bug #125 comment #49: Send disconnect audit 
events earlier, prevents mm_request_send errors reported by Matt Goebel.
 2005-03-06 22:38:51 +11:00
Darren Tucker 96d4710e38 - dtucker@cvs.openbsd.org 2005/02/08 22:24:57 
[sshd.c]
     Provide reason in error message if getnameinfo fails; ok markus@
 2005-02-09 09:53:48 +11:00
Darren Tucker 2e0cf0dca2 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c 
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
 2005-02-08 21:52:47 +11:00
Darren Tucker 269a1ea1c8 - (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c 
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
   (first stage) Add audit instrumentation to sshd, currently disabled by
   default.  with suggestions from and djm@
 2005-02-03 00:20:53 +11:00
Darren Tucker 9dc6c7dbec - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child 
the process.  Since we also unset KRB5CCNAME at startup, if it's set after
   authentication it must have been set by the platform's native auth system.
   This was already done for AIX; this enables it for the general case.
 2005-02-02 18:30:33 +11:00
Darren Tucker 5c14c73429 - otto@cvs.openbsd.org 2005/01/21 08:32:02 
[auth-passwd.c sshd.c]
     Warn in advance for password and account expiry; initialize loginmsg
     buffer earlier and clear it after privsep fork. ok and help dtucker@
     markus@
 2005-01-24 21:55:49 +11:00
Darren Tucker ea7c8127ce - dtucker@cvs.openbsd.org 2005/01/17 22:48:39 
[sshd.c]
     Make debugging output continue after reexec; ok djm@
 2005-01-20 11:03:08 +11:00
Darren Tucker 0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00 
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
 2005-01-20 10:57:56 +11:00
Darren Tucker 3269b13817 - djm@cvs.openbsd.org 2004/09/25 03:45:14 
[sshd.c]
     these printf args are no longer double; ok deraadt@ markus@
 2004-11-05 20:20:59 +11:00
Darren Tucker 178fa66a64 - mickey@cvs.openbsd.org 2004/09/15 18:42:27 
[sshd.c]
     use less doubles in daemons; markus@ ok
 2004-11-05 20:09:09 +11:00
Damien Miller 2aa6d3cfce - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol 
banner. Suggested by deraadt@, ok mouring@, dtucker@
 2004-09-12 16:53:04 +10:00
Darren Tucker 0f56ed16b8 - djm@cvs.openbsd.org 2004/08/28 01:01:48 
[sshd.c]
     don't erroneously close stdin for !reexec case, from Dave Johnson;
     ok markus@
 2004-08-29 16:38:41 +10:00
Darren Tucker eb57862e7c - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling 
messages generated before the postauth privsep split.
 2004-08-12 23:08:14 +10:00
Darren Tucker d8835934c4 - dtucker@cvs.openbsd.org 2004/08/11 11:50:09 
[sshd.c]
     Don't try to close startup_pipe if it's not open; ok djm@
 2004-08-12 22:42:29 +10:00
Darren Tucker 6832b83744 - markus@cvs.openbsd.org 2004/07/28 08:56:22 
[sshd.c]
     call setsid() _before_ re-exec
 2004-08-12 22:36:51 +10:00
Darren Tucker 8ae66a5032 - (dtucker) [sshd.c] Remove duplicate variable imported during sync. 2004-08-12 22:16:55 +10:00
Darren Tucker 0999174755 - dtucker@cvs.openbsd.org 2004/07/17 05:31:41 
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
     Move "Last logged in at.." message generation to the monitor, right
     before recording the new login.  Fixes missing lastlog message when
     /var/log/lastlog is not world-readable and incorrect datestamp when
     multiple sessions are used (bz #463);  much assistance & ok markus@
 2004-07-17 17:05:14 +10:00
Darren Tucker fc9597034b - deraadt@cvs.openbsd.org 2004/07/11 17:48:47 
[channels.c cipher.c clientloop.c clientloop.h compat.h moduli.c
     readconf.c nchan.c pathnames.h progressmeter.c readconf.h servconf.c
     session.c sftp-client.c sftp.c ssh-agent.1 ssh-keygen.c ssh.c ssh1.h
     sshd.c ttymodes.h]
     spaces
 2004-07-17 16:12:08 +10:00
Darren Tucker ba6de952a0 - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c 
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c
   openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c.  Reduces
   diff vs OpenBSD; ok mouring@, tested by tim@ too.
 2004-07-17 14:07:42 +10:00
Damien Miller 386c6a2c70 - avsm@cvs.openbsd.org 2004/06/26 20:07:16 
[sshd.c]
     initialise some fd variables to -1, djm@ ok
 2004-06-30 22:40:20 +10:00
Damien Miller 035a5b47cc - OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2004/06/25 18:43:36
     [sshd.c]
     fix broken fd handling in the re-exec fallback path, particularly when
     /dev/crypto is in use; ok deraadt@ markus@
 2004-06-26 08:16:31 +10:00
Darren Tucker 17c5d03ad3 - (dtucker) [sshd.c] add line missing from reexec sync. 2004-06-25 14:22:23 +10:00
Darren Tucker 586b0b98bf - djm@cvs.openbsd.org 2004/06/25 01:16:09 
[sshd.c]
     only perform tcp wrappers checks when the incoming connection is on a
     socket.  silences useless warnings from regress tests that use
     proxycommand="sshd -i".  prompted by david@ ok markus@
 2004-06-25 13:34:31 +10:00
Darren Tucker 645ab757bd - djm@cvs.openbsd.org 2004/06/24 19:30:54 
[servconf.c servconf.h sshd.c]
     re-exec sshd on accept(); initial work, final debugging and ok markus@
 2004-06-25 13:33:20 +10:00
Damien Miller 232711f6db - djm@cvs.openbsd.org 2004/06/14 01:44:39 
[channels.c clientloop.c misc.c misc.h packet.c ssh-agent.c ssh-keyscan.c]
     [sshd.c]
     set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@
 2004-06-15 10:35:30 +10:00
Damien Miller f675fc4948 - djm@cvs.openbsd.org 2004/06/13 12:53:24 
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
     [ssh-keyscan.c sshconnect2.c sshd.c]
     implement diffie-hellman-group14-sha1 kex method (trivial extension to
     existing diffie-hellman-group1-sha1); ok markus@
 2004-06-15 10:30:09 +10:00
Darren Tucker 12984968fb - (dtucker) [sshd.c] Fix typo in comment. 2004-05-24 13:37:13 +10:00
Darren Tucker e14e005f41 - djm@cvs.openbsd.org 2004/05/09 01:19:28 
[OVERVIEW auth-rsa.c auth1.c kex.c monitor.c session.c sshconnect1.c
     sshd.c] removed: mpaux.c mpaux.h
     kill some more tiny files; ok deraadt@
 2004-05-13 16:30:44 +10:00
Damien Miller 0c889cd9e9 - markus@cvs.openbsd.org 2004/03/11 10:21:17 
[ssh.c sshd.c]
     ssh, sshd: sync version output, ok djm
 2004-03-22 09:36:00 +11:00
Damien Miller b408786db9 - markus@cvs.openbsd.org 2004/03/11 08:36:26 
[sshd.c]
     trim usage; ok deraadt
 2004-03-22 09:35:21 +11:00
Damien Miller bfba354261 - (djm) [sshd.c] Drop supplemental groups if started as root 2004-03-22 09:29:57 +11:00
Damien Miller 57aae982be - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2004/03/03 06:47:52
     [sshd.c]
     change proctiltle after accept(2); ok henning, deraadt, djm
 2004-03-08 23:11:25 +11:00
Darren Tucker 86c093d289 - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h 
openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being
   inherited by the child.  ok djm@
 2004-03-08 22:59:03 +11:00
Darren Tucker 112aaac0ce - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some 
platforms (eg SCO, HP-UX) with logging in the wrong TZ.
 2004-03-08 22:13:12 +11:00
Darren Tucker d592048c36 - djm@cvs.openbsd.org 2004/02/25 00:22:45 
[sshd.c]
     typo in comment
 2004-02-29 20:11:30 +11:00
Darren Tucker efa3706f05 - markus@cvs.openbsd.org 2004/02/23 12:02:33 
[sshd.c]
     backout revision 1.279; set listen socket to non-block; ok henning.
 2004-02-24 09:20:29 +11:00
Darren Tucker a8be9e23d2 - dtucker@cvs.openbsd.org 2004/02/05 05:37:17 
[monitor.c sshd.c]
     Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
 2004-02-06 16:40:27 +11:00
Darren Tucker ecc9d46dc5 - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent 
accidentally inheriting from root's environment.  ok djm@
 2004-02-06 16:04:08 +11:00
Damien Miller 12c150e7e0 - markus@cvs.openbsd.org 2003/12/09 21:53:37 
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@
 2003-12-17 16:31:10 +11:00
Damien Miller b9997192a7 - markus@cvs.openbsd.org 2003/12/09 17:29:04 
[sshd.c]
     fix -o and HUP; ok henning@
 2003-12-17 16:29:22 +11:00
Darren Tucker 3175eb9a5a - markus@cvs.openbsd.org 2003/12/02 17:01:15 
[channels.c session.c ssh-agent.c ssh.h sshd.c]
     use SSH_LISTEN_BACKLOG (=128) in listen(2).
 2003-12-09 19:15:11 +11:00
Damien Miller a8e06cef35 - djm@cvs.openbsd.org 2003/11/21 11:57:03 
[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced)
 2003-11-21 23:48:55 +11:00
Damien Miller f58b58ced1 - jakob@cvs.openbsd.org 2003/11/10 16:23:41 
[bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
     constify. ok markus@ & djm@
 2003-11-17 21:18:23 +11:00
Darren Tucker 4a2505445f - markus@cvs.openbsd.org 2003/10/02 10:41:59 
[sshd.c]
     print openssl version, too, several requests; ok henning/djm.
 2003-10-03 17:57:24 +10:00
Darren Tucker 8fca6b57b4 - markus@cvs.openbsd.org 2003/09/26 08:19:29 
[sshd.c]
     no need to set the listen sockets to non-block; ok deraadt@
 2003-10-02 16:18:22 +10:00
Darren Tucker 3e33cecf71 - markus@cvs.openbsd.org 2003/09/23 20:17:11 
[Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
     ssh-agent.c sshd.c]
     replace fatal_cleanup() and linked list of fatal callbacks with static
     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
     tested by many, ok deraadt@
 2003-10-02 16:12:36 +10:00
Darren Tucker aaa56cb804 - markus@cvs.openbsd.org 2003/09/19 11:33:09 
[packet.c sshd.c]
     do not call packet_close on fatal; ok deraadt
 2003-09-22 21:13:59 +10:00
Damien Miller 1a0c0b9621 - markus@cvs.openbsd.org 2003/08/28 12:54:34 
[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c]
     [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5]
     [sshconnect1.c sshd.c sshd_config sshd_config.5]
     remove kerberos support from ssh1, since it has been replaced with GSSAPI;
     but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
 2003-09-02 22:51:17 +10:00
Ben Lindstrom 5ade9abc37 - (bal) redo how we handle 'mysignal()'. Move it to 
openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to
   be our 'mysignal' by default.  OK djm@
 2003-08-25 01:16:21 +00:00
Damien Miller 59d3d5b8b4 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal 
-lbroken; ok dtucker
 2003-08-22 09:34:41 +10:00
Darren Tucker ec960f2c93 - markus@cvs.openbsd.org 2003/08/13 08:46:31 
[auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config
     ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5]
     remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@,
     fgsch@, miod@, henning@, jakob@ and others
 2003-08-13 20:37:05 +10:00
Darren Tucker 6aaa58c470 - (dtucker) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/07/22 13:35:22
     [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c
     monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1
     ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h]
     remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1);
     test+ok henning@
 - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support.
 - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files.

I hope I got this right....
 2003-08-02 22:24:49 +10:00
Darren Tucker e98dfa323e - markus@cvs.openbsd.org 2003/07/16 10:34:53 
[ssh.c sshd.c]
     don't exit on multiple -v or -d; ok deraadt@
 2003-07-19 19:54:31 +10:00
Darren Tucker fe0078ae49 - markus@cvs.openbsd.org 2003/07/14 12:36:37 
[sshd.c]
     remove undocumented -V option. would be only useful if openssh is used
     as ssh v1 server for ssh.com's ssh v2.
 2003-07-19 19:52:28 +10:00
Darren Tucker b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h] 
Convert aixloginmsg into platform-independant Buffer loginmsg.
 2003-07-08 22:59:59 +10:00
Darren Tucker 9f63f22aa0 - deraadt@cvs.openbsd.org 2003/06/28 16:23:06 
[atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c
     progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c
     sshd.c]
     deal with typing of write vs read in atomicio
 2003-07-03 13:46:56 +10:00
Darren Tucker e53270481c - djm@cvs.openbsd.org 2003/06/28 07:48:10 
[sshd.c]
     report pidfile creation errors, based on patch from Roumen Petrov; ok markus@
 2003-07-03 13:40:44 +10:00
Darren Tucker 502d384b74 - markus@cvs.openbsd.org 2003/06/24 08:23:46 
[auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h
      monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c]
     int -> u_int; ok djm@, deraadt@, mouring@
 2003-06-28 12:38:01 +10:00
Damien Miller 0cbb9dea05 - (djm) Always use mysignal() for SIGALRM 2003-06-04 22:56:15 +10:00
Damien Miller 31b3a0a98f - djm@cvs.openbsd.org 2003/06/04 10:23:48 
[sshd.c]
     remove duplicated group-dropping code; ok markus@
 2003-06-04 20:32:12 +10:00
Damien Miller 61d3680aca - deraadt@cvs.openbsd.org 2003/05/29 16:58:45 
[sshd.c uidswap.c]
     seteuid and setegid; markus ok
 2003-06-02 19:09:48 +10:00
Damien Miller 5d5f054173 RCS ID sync 2003-06-02 19:08:25 +10:00
Damien Miller f2e3e9deba - (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may 
clobber
 2003-06-02 12:15:54 +10:00
Damien Miller 9155a681fd - djm@cvs.openbsd.org 2003/05/24 09:30:40 
[authfile.c monitor.c sftp-common.c sshpty.c]
     cast some types for printing; ok markus@

(missed a hunk)
 2003-05-26 21:34:36 +10:00
Damien Miller 7e1bbc55af - (djm) Remove IPv4 by default hack now that we can specify AF in config 2003-05-18 20:52:40 +10:00
Damien Miller 04cb536054 - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv 
correctly)
 2003-05-15 21:29:10 +10:00
Damien Miller 4e448a31ae - (djm) Add new UsePAM configuration directive to allow runtime control 
over usage of PAM. This allows non-root use of sshd when built with
   --with-pam
 2003-05-14 15:11:48 +10:00
Damien Miller 2372ace572 - markus@cvs.openbsd.org 2003/04/14 14:17:50 
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
     avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
 2003-05-14 13:42:23 +10:00
Damien Miller d558092522 - (djm) RCSID sync w/ OpenBSD 2003-05-14 13:40:06 +10:00
Darren Tucker c437cda328 - (dtucker) Bug #536: Test for and work around openpty/controlling tty 
problem on Linux (fixes "could not set controlling tty" errors).

Also renames STREAMS_PUSH_ACQUIRES_CTTY to the more generic SSHD_ACQUIRES_CTTY
and moves the Solaris-specific comments to configure.ac.
 2003-05-10 17:05:46 +10:00
Damien Miller 996acd2476 *** empty log message *** 2003-04-09 20:59:48 +10:00
Damien Miller 933cc8fb9c - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and 
dtucker@zip.com.au
 2003-03-10 11:38:10 +11:00
Damien Miller 8e7fb33523 - markus@cvs.openbsd.org 2003/02/16 17:09:57 
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
     split kex into client and server code, no need to link
     server code into the client; ok provos@
 2003-02-24 12:03:03 +11:00
Damien Miller 180fc5b236 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2003/01/27 17:06:31
     [sshd.c]
     more specific error message when /var/empty has wrong permissions;
     bug #46, map@appgate.com; ok henning@, provos@, stevesk@
 2003-02-24 11:50:18 +11:00
Damien Miller a8ed44b79e - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More 
systems may be added later.
 2003-01-10 09:53:12 +11:00
Ben Lindstrom c2faa4a504 - markus@cvs.openbsd.org 2002/11/07 16:28:47 
[sshd.c]
     log to stderr if -ie is given, bug #414, prj@po.cwru.edu
 2002-11-09 15:50:03 +00:00
Damien Miller e9264973ad - (djm) OpenBSD CVS Sync 
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
     [compat.c compat.h sshd.c]
     add a generic match for a prober, such as sie big brother;
     idea from stevesk@; markus@ ok
 2002-09-30 11:59:21 +10:00
Damien Miller d27a76de65 - markus@cvs.openbsd.org 2002/09/25 15:19:02 
[sshd.c]
     typo; pilot@monkey.org
 2002-09-27 13:22:31 +10:00
Tim Rice 81ed518b9b Cray fixes (bug 367) based on patch from Wendy Palm @ cray. 
This does not include the deattack.c fixes.
 2002-09-25 17:38:46 -07:00
Damien Miller e1383cee9d - stevesk@cvs.openbsd.org 2002/09/13 19:23:09 
[channels.c sshconnect.c sshd.c]
     remove use of SO_LINGER, it should not be needed. error check
     SO_REUSEADDR. fixup comments. ok markus@
 2002-09-19 11:49:37 +10:00
Ben Lindstrom 41daec7538 - stevesk@cvs.openbsd.org 2002/07/23 16:03:10 
[sshd.c]
     utmp_len is unsigned; display error consistent with other options.
     ok markus@
 2002-07-23 21:15:13 +00:00
Ben Lindstrom 264ee307a8 - markus@cvs.openbsd.org 2002/07/19 15:43:33 
[log.c log.h session.c sshd.c]
     remove fatal cleanups after fork; based on discussions with and code
     from solar.
 2002-07-23 21:01:56 +00:00
Ben Lindstrom 232ccf7754 - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync 
with Cray (mostly #ifdef renaming).  Patch by wendyp@cray.com.
 2002-07-22 23:34:25 +00:00
Tim Rice 9dd30817ef [acconfig.h configure.ac sshd.c] s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ 2002-07-07 13:43:36 -07:00
Ben Lindstrom a962c2fb35 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45 
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
      monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
      sshconnect2.c sshd.c]
     minor KNF
 2002-07-04 00:14:17 +00:00
Ben Lindstrom 5a9d0eaba6 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 
[auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
 2002-07-04 00:12:53 +00:00
Ben Lindstrom 810af968b8 - deraadt@cvs.openbsd.org 2002/06/28 23:05:06 
[sshd.c]
     gidset[2] -> gidset[1]; markus ok
 2002-07-04 00:11:40 +00:00
Ben Lindstrom fbbfa8422f - deraadt@cvs.openbsd.org 2002/06/28 10:08:25 
[sshd.c]
     range check -u option at invocation
 2002-07-04 00:10:34 +00:00
Ben Lindstrom 596273516c - (bal) Cygwin uid0 fix by vinschen@redhat.com 2002-06-27 18:02:21 +00:00
Ben Lindstrom fbcc3f71f2 - markus@cvs.openbsd.org 2002/06/25 18:51:04 
[sshd.c]
     lightweight do_setusercontext after chroot()
 2002-06-25 23:24:18 +00:00
Tim Rice 8eff319298 [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus 
for Cygwin, Cray, & SCO
 2002-06-25 15:35:15 -07:00
Ben Lindstrom 822b634099 - deraadt@cvs.openbsd.org 2002/06/23 10:29:52 
[ssh-agent.c sshd.c]
     some minor KNF and %u
 2002-06-23 21:38:49 +00:00
Ben Lindstrom 5c3855210e - deraadt@cvs.openbsd.org 2002/06/23 03:30:58 
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
      sshpty.c]
     various KNF and %d for unsigned
 2002-06-23 21:23:20 +00:00
Ben Lindstrom 57f08005d3 - stevesk@cvs.openbsd.org 2002/06/22 20:05:27 
[sshd.c]
     don't call setsid() if debugging or run from inetd; no "Operation not
     permitted" errors now; ok millert@ markus@
 2002-06-23 00:37:10 +00:00
Ben Lindstrom 2dfacb3d40 - stevesk@cvs.openbsd.org 2002/06/22 16:40:19 
[sshd.c]
     check /var/empty owner mode; ok provos@
 2002-06-23 00:33:47 +00:00
Ben Lindstrom 23e0f667f8 - markus@cvs.openbsd.org 2002/06/20 23:05:56 
[servconf.c servconf.h session.c sshd.c]
     allow Compression=yes/no in sshd_config
 2002-06-21 01:09:47 +00:00
Ben Lindstrom 837461bf9a - (bal) Build noop setgroups() for cygwin to clean up code (For other 
platforms without the setgroups() requirement, you MUST define
   SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
 2002-06-12 16:57:14 +00:00
Ben Lindstrom ce0f634270 - mpech@cvs.openbsd.org 2002/06/11 05:46:20 
[auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
     pid_t cleanup. Markus need this now to keep hacking.
     markus@, millert@ ok
 2002-06-11 16:42:49 +00:00
Ben Lindstrom a26ea63f8a - markus@cvs.openbsd.org 2002/05/29 11:21:57 
[sshd.c]
     don't start if privsep is enabled and SSH_PRIVSEP_USER or
     _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
 2002-06-06 20:46:25 +00:00
Ben Lindstrom f666fec2d5 - deraadt@cvs.openbsd.org 2002/05/22 23:18:25 
[ssh.c sshd.c]
     spelling; abishoff@arc.nasa.gov
 2002-06-06 19:51:58 +00:00
Kevin Steves bc5bb55755 - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups() 2002-05-21 17:59:13 +00:00
Kevin Steves c5041acef3 - (stevesk) [sshd.c] bug 245; disable setsid() for now 2002-05-21 17:50:21 +00:00
Ben Lindstrom 7339b2a278 - mouring@cvs.openbsd.org 2002/05/15 15:47:49 
[kex.c monitor.c monitor_wrap.c sshd.c]
     'monitor' variable clashes with at least one lame platform (NeXT).  i
     Renamed to 'pmonitor'.  provos@
 - (bal) Fixed up PAM case.  I think.
 2002-05-15 16:25:01 +00:00
Ben Lindstrom 17401b6b77 - millert@cvs.openbsd.org 2002/05/13 15:53:19 
[sshd.c]
     Call setsid() in the child after sshd accepts the connection and forks.
     This is needed for privsep which calls setlogin() when it changes uids.
     Without this, there is a race where the login name of an existing
     connection, as returned by getlogin(), may be changed to the privsep
     user (sshd).  markus@ OK
 2002-05-15 16:17:56 +00:00
Damien Miller 87aea25f1a - (djm) Try to drop supplemental groups at daemon startup. Patch from 
RedHat
 2002-05-10 12:20:24 +10:00
Kevin Steves 0ea1d9d1f2 - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26 
support.  bug #184.  most from dcole@keysoftsys.com.
 2002-04-25 18:17:04 +00:00
Damien Miller 0150c65830 - djm@cvs.openbsd.org 2002/04/23 22:16:29 
[sshd.c]
     Improve error message; ok markus@ stevesk@
 2002-04-24 09:49:09 +10:00
Ben Lindstrom 47fd8112b5 - markus@cvs.openbsd.org 2002/03/30 18:51:15 
[monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
     check waitpid for EINTR; based on patch from peter@ifm.liu.se
 2002-04-02 20:48:19 +00:00
Ben Lindstrom f90f58d846 - stevesk@cvs.openbsd.org 2002/03/23 20:57:26 
[sshd.c]
     setproctitle() after preauth child; ok markus@
 2002-03-26 01:53:03 +00:00
Ben Lindstrom 943481cc77 - markus@cvs.openbsd.org 2002/03/21 21:23:34 
[sshd.c]
     add privsep_preauth() and remove 1 goto; ok provos@
 2002-03-22 03:43:46 +00:00
Ben Lindstrom 1ee9ec32a3 - markus@cvs.openbsd.org 2002/03/21 10:21:20 
[ssh-add.c]
     ignore errors for nonexisting default keys in ssh-add,
     fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
 2002-03-22 03:14:45 +00:00
Ben Lindstrom c743134191 - stevesk@cvs.openbsd.org 2002/03/20 19:12:25 
[servconf.c servconf.h ssh.h sshd.c]
     for unprivileged user, group do:
     pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw).  ok provos@
 2002-03-22 03:11:49 +00:00
Ben Lindstrom 6328ab3989 - markus@cvs.openbsd.org 2002/03/19 10:49:35 
[auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
      sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
      ttymodes.c]
     KNF whitespace
 2002-03-22 02:54:23 +00:00
Ben Lindstrom 08105192fd - markus@cvs.openbsd.org 2002/03/19 10:35:39 
[auth-options.c auth.h session.c session.h sshd.c]
     clean up prototypes
 2002-03-22 02:50:06 +00:00
Ben Lindstrom 7a7edf77ed - stevesk@cvs.openbsd.org 2002/03/19 03:03:43 
[pathnames.h servconf.c servconf.h sshd.c]
     _PATH_PRIVSEP_CHROOT_DIR; ok provos@
 2002-03-22 02:42:37 +00:00
Ben Lindstrom 7a2073c50b - provos@cvs.openbsd.org 2002/03/18 17:50:31 
[auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
      auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
      session.h servconf.h serverloop.c session.c sshd.c]
     integrate privilege separated openssh; its turned off by default for now.
     work done by me and markus@

applied, but outside of ensure that smaller code bits migrated with
their owners.. no work was tried to 'fix' it to work. =)  Later project!
 2002-03-22 02:30:41 +00:00
Ben Lindstrom 73ab9ba45d - provos@cvs.openbsd.org 2002/03/18 01:12:14 
[auth.h auth1.c auth2.c sshd.c]
     have the authentication functions return the authentication context
     and then do_authenticated; okay millert@
 2002-03-22 01:27:35 +00:00
Ben Lindstrom abcb145b38 - markus@cvs.openbsd.org 2002/03/14 16:38:26 
[sshd.c]
     split out ssh1 session key decryption; ok provos@
 2002-03-22 01:10:21 +00:00
Damien Miller 3a5b023330 Stupid djm commits experimental code to head instead of branch 
revert
 2002-03-13 13:19:42 +11:00
Damien Miller 646e7cf3d7 Import of Niels Provos' 20020312 ssh-complete.diff 
PAM, Cygwin and OSF SIA will not work for sure
 2002-03-13 12:47:54 +11:00
Ben Lindstrom 733a2351f5 - stevesk@cvs.openbsd.org 2002/02/27 21:23:13 
[canohost.c channels.c packet.c sshd.c]
     remove unneeded casts in [gs]etsockopt(); ok markus@
 2002-03-05 01:31:28 +00:00
Ben Lindstrom 13c5d3b370 - stevesk@cvs.openbsd.org 2002/02/24 16:09:52 
[sshd.c]
     use u_char* here; ok markus@
 2002-02-26 18:00:48 +00:00
Damien Miller 6a47f30c55 - markus@cvs.openbsd.org 2002/02/11 16:19:39 
[sshd.c]
     include md5.h not hmac.h
 2002-02-13 13:55:06 +11:00
Damien Miller 654c03fd06 - markus@cvs.openbsd.org 2002/02/11 16:17:55 
[sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled
 2002-02-13 13:54:44 +11:00
Damien Miller 5aa5d78e40 - (djm) OpenBSD CVS Sync 
- markus@cvs.openbsd.org 2002/02/04 12:15:25
     [sshd.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
 2002-02-08 22:01:54 +11:00
Damien Miller 0e3b87279c - markus@cvs.openbsd.org 2002/01/13 17:57:37 
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size; ok provos@/mouring@
 2002-01-22 23:26:38 +11:00
Damien Miller dff5099f13 - markus@cvs.openbsd.org 2001/12/28 14:50:54 
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
 2002-01-22 23:16:32 +11:00
Damien Miller d432ccf740 - markus@cvs.openbsd.org 2001/12/28 13:57:33 
[auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
     packet_get_bignum* no longer returns a size
 2002-01-22 23:14:44 +11:00
Damien Miller 48b03fc546 - markus@cvs.openbsd.org 2001/12/27 20:39:58 
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
 2002-01-22 23:11:40 +11:00
Damien Miller 66823cddbe - markus@cvs.openbsd.org 2001/12/27 20:39:58 
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
 2002-01-22 23:11:38 +11:00
Damien Miller da7551677b - markus@cvs.openbsd.org 2001/12/27 18:22:16 
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
     call fatal() for openssl allocation failures
 2002-01-22 23:09:22 +11:00
Damien Miller 9f0f5c64bc - deraadt@cvs.openbsd.org 2001/12/19 07:18:56 
[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else
 2001-12-21 14:45:46 +11:00
Damien Miller 72c336def6 - stevesk@cvs.openbsd.org 2001/12/10 16:45:04 
[sshd.c]
     possible fd leak on error; ok markus@
 2001-12-21 12:44:28 +11:00
Ben Lindstrom ade03f6bad - markus@cvs.openbsd.org 2001/12/06 13:30:06 
[servconf.c servconf.h sshd.8 sshd.c]
     add -o to sshd, too. ok deraadt@
 - (bal) Minor white space fix up in servconf.c
 2001-12-06 18:22:17 +00:00
Ben Lindstrom 1c37c6a518 - deraadt@cvs.openbsd.org 2001/12/05 10:06:12 
[authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c
      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c
      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
     minor KNF
 2001-12-06 18:00:18 +00:00
Ben Lindstrom f8f065bc75 - itojun@cvs.openbsd.org 2001/12/05 03:50:01 
[clientloop.c serverloop.c sshd.c]
     deal with LP64 printf issue with sig_atomic_t.  from thorpej
 2001-12-06 17:52:16 +00:00
Ben Lindstrom 5e71c54b8c - markus@cvs.openbsd.org 2001/11/22 12:34:22 
[clientloop.c serverloop.c sshd.c]
     volatile sig_atomic_t
 2001-12-06 16:48:14 +00:00
Ben Lindstrom d84df989db - markus@cvs.openbsd.org 2001/11/19 11:20:21 
[sshd.c]
     fd leak on HUP; ok stevesk@
 2001-12-06 16:35:40 +00:00
Ben Lindstrom 0795848def - deraadt@cvs.openbsd.org 2001/11/14 20:45:08 
[sshd.c]
     errno saving wrapping in a signal handler
 2001-12-06 16:19:01 +00:00
Damien Miller 6a4a4b9290 - markus@cvs.openbsd.org 2001/11/10 13:19:45 
[sshd.c]
     cleanup libwrap support (remove bogus comment, bogus close(), add debug, etc).
 2001-11-12 11:07:11 +11:00
Damien Miller e4a0ff4748 - markus@cvs.openbsd.org 2001/11/09 19:08:35 
[sshd.c]
     remove extra trailing dot from log message; pilot@naughty.monkey.org
 2001-11-12 11:06:54 +11:00