f67e07711f
- markus@cvs.openbsd.org 2002/06/04 19:53:40
...
[monitor.c]
save the session id (hash) for ssh2 (it will be passed with the
initial sign request) and verify that this value is used during
authentication; ok provos@
2002-06-06 20:58:19 +00:00
dcf6bfbfbd
- markus@cvs.openbsd.org 2002/06/04 19:42:35
...
[monitor.c]
only allow enabled authentication methods; ok provos@
2002-06-06 20:57:17 +00:00
2e14bc71e6
- deraadt@cvs.openbsd.org 2002/06/03 12:04:07
...
[ssh.h]
compatiblity -> compatibility
decriptor -> descriptor
authentciated -> authenticated
transmition -> transmission
2002-06-06 20:56:07 +00:00
ceae9d1c33
- markus@cvs.openbsd.org 2002/05/31 13:20:50
...
[ssh-rsa.c]
pad received signature with leading zeros, because RSA_verify expects
a signature of RSA_size. the drafts says the signature is transmitted
unpadded (e.g. putty does not pad), reported by anakin@pobox.com
2002-06-06 20:55:04 +00:00
01fff0c9d4
- markus@cvs.openbsd.org 2002/05/31 13:16:48
...
[key.c]
add comment:
key_verify returns 1 for a correct signature, 0 for an incorrect signature
and -1 on error.
2002-06-06 20:54:07 +00:00
511bb24c5b
- markus@cvs.openbsd.org 2002/05/31 11:35:15
...
[auth.h auth2.c]
move Authmethod definitons to per-method file.
NOTE: The rest of this patch is with the import of the auth2-*.c files.
2002-06-06 20:52:37 +00:00
cec2ea8d02
- markus@cvs.openbsd.org 2002/05/31 10:30:33
...
[sshconnect2.c]
extent ssh-keysign protocol:
pass # of socket-fd to ssh-keysign, keysign verfies locally used
ip-address using this socket-fd, restricts fake local hostnames
to actual local hostnames; ok stevesk@
2002-06-06 20:51:04 +00:00
f088f4374a
- markus@cvs.openbsd.org 2002/05/30 08:07:31
...
[cipher.c]
use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
our own implementation. allow use of AES hardware via libcrypto,
ok deraadt@
2002-06-06 20:50:07 +00:00
a26ea63f8a
- markus@cvs.openbsd.org 2002/05/29 11:21:57
...
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
2002-06-06 20:46:25 +00:00
20abb75f53
- stevesk@cvs.openbsd.org 2002/05/29 03:06:30
...
[ssh.1 sshd.8]
spelling
2002-06-06 20:45:33 +00:00
10d9936413
- stevesk@cvs.openbsd.org 2002/05/28 21:24:00
...
[uidswap.c]
use correct function name in fatal()
[See the patch above, I saw it before apply the next patch. <sigh>]
2002-06-06 20:44:06 +00:00
ca8943e6de
- (bal) Corrected debug() in uidswap.c to match upstream.
2002-06-06 20:42:04 +00:00
abff1dd050
- stevesk@cvs.openbsd.org 2002/05/28 17:28:02
...
[uidswap.c]
format spec change/casts and some KNF; ok markus@
2002-06-06 20:38:49 +00:00
105ccbe192
- stevesk@cvs.openbsd.org 2002/05/28 16:45:27
...
[monitor_mm.c]
print strerror(errno) on mmap/munmap error; ok markus@
2002-06-06 20:33:06 +00:00
033a49c7cc
- stevesk@cvs.openbsd.org 2002/05/26 20:35:10
...
[ssh.1]
sort ChallengeResponseAuthentication; ok markus@
2002-06-06 20:30:28 +00:00
855bf3ac3c
- markus@cvs.openbsd.org 2002/05/25 18:51:07
...
[auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
auth2-passwd.c auth2-pubkey.c Makefile.in]
split auth2.c into one file per method; ok provos@/deraadt@
NOTE: Merged back noticable cygwin and pam stuff. May need review to
ensure I did not miss anything.
2002-06-06 20:27:55 +00:00
4887da222b
- markus@cvs.openbsd.org 2002/05/25 08:50:39
...
[sshconnect2.c]
execlp->execl; from stevesk
2002-06-06 20:05:57 +00:00
5206b951c6
- markus@cvs.openbsd.org 2002/05/24 08:45:14
...
[sshconnect2.c]
stat ssh-keysign first, print error if stat fails;
some debug->error; fix comment
2002-06-06 19:59:29 +00:00
9e5bb579f9
- markus@cvs.openbsd.org 2002/05/23 19:39:34
...
[ssh.c]
add comment about ssh-keysign
2002-06-06 19:58:27 +00:00
1bad256822
- markus@cvs.openbsd.org 2002/05/23 19:24:30
...
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
authentication in protocol v2 (needs to access the hostkeys).
Note: Makefile.in untested. Will test after merge is finished.
2002-06-06 19:57:33 +00:00
f666fec2d5
- deraadt@cvs.openbsd.org 2002/05/22 23:18:25
...
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
2002-06-06 19:51:58 +00:00
38ed63d759
- deraadt@cvs.openbsd.org 2002/05/19 20:54:52
...
[log.h]
extra commas in enum not 100% portable
2002-06-06 19:51:06 +00:00
fac7769f64
- stevesk@cvs.openbsd.org 2002/05/16 22:09:59
...
[session.c ssh.c]
don't limit xauth pathlen on client side and longer print length on
server when debug; ok markus@
2002-06-06 19:49:54 +00:00
6a24641365
- markus@cvs.openbsd.org 2002/05/16 22:02:50
...
[cipher.c kex.h mac.c]
fix warnings (openssl 0.9.7 requires const)
2002-06-06 19:48:16 +00:00
fb62a69488
- markus@cvs.openbsd.org 2002/05/15 21:56:38
...
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
2002-06-06 19:47:11 +00:00
df75dd21f5
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
...
setsockopt from debug to error for now).
2002-06-04 20:52:19 +00:00
28bbb0c458
[configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
...
build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
last monitor_fdpass.c changes that are no longer needed with new tests.
Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
2002-05-27 17:37:32 -07:00
8ce8296fd0
sync scard/
2002-05-22 14:24:01 +10:00
23dc10ddac
crank rpm spec versions
2002-05-22 14:14:54 +10:00
667fb25f47
Crank version
...
(also missed changelog message)
2002-05-22 14:14:00 +10:00
74cc5bb851
fix spelling mistakes spotted by Solar Designer <solar@openwall.com>
2002-05-22 11:02:15 +10:00
bc5bb55755
- (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
2002-05-21 17:59:13 +00:00
c5041acef3
- (stevesk) [sshd.c] bug 245; disable setsid() for now
2002-05-21 17:50:21 +00:00
9de793cc6c
[configure.ac] remove extra MD5_MSG="no" line.
2002-05-17 08:59:22 -07:00
4e67d38a7e
- (bal) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/05/15 21:05:29
[version.h]
enter OpenSSH_3.2.2
- (bal) Caldara, Suse, and Redhat openssh.specs updated.
2002-05-15 21:50:14 +00:00
c5c15dde32
- markus@cvs.openbsd.org 2002/05/15 21:02:53
...
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
c57bbf158d
- millert@cvs.openbsd.org 2002/05/06 23:34:33
...
[ssh.1 sshd.8]
Kill/adjust r(login|exec)d? references now that those are no longer in
the tree.
2002-05-15 21:36:45 +00:00
bb2ce36d4d
- deraadt@cvs.openbsd.org 2002/05/04 02:39:35
...
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
2b70e5603f
- (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy.
2002-05-15 16:39:51 +00:00
7339b2a278
- mouring@cvs.openbsd.org 2002/05/15 15:47:49
...
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
2002-05-15 16:25:01 +00:00
bdde330d2f
- markus@cvs.openbsd.org 2002/05/13 21:26:49
...
[auth-rhosts.c]
handle debug messages during rhosts-rsa and hostbased authentication;
ok provos@
2002-05-15 16:19:37 +00:00
17401b6b77
- millert@cvs.openbsd.org 2002/05/13 15:53:19
...
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
2002-05-15 16:17:56 +00:00
a574cda45b
- markus@cvs.openbsd.org 2002/05/13 20:44:58
...
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
2002-05-15 16:16:14 +00:00
58d4dafeb1
- itojun@cvs.openbsd.org 2002/05/13 02:37:39
...
[auth-skey.c auth2.c]
less warnings. skey_{respond,query} are public (in auth.h)
2002-05-15 16:14:36 +00:00
966bfdae6b
- stevesk@cvs.openbsd.org 2002/05/11 20:24:48
...
[ssh.h]
typo in comment
2002-05-15 16:09:57 +00:00
973be0083b
- deraadt@cvs.openbsd.org 2002/05/08 21:06:34
...
[ssh.h]
move to sshd.sshd instead
2002-05-15 16:08:48 +00:00
1650ba3f57
- deraadt@cvs.openbsd.org 2002/05/07 19:54:36
...
[ssh.h]
use ssh uid
2002-05-15 16:07:11 +00:00
beecf74e2b
- (bal) CVS ID fix up on auth-passwd.c
2002-05-15 15:59:17 +00:00
860e929fa2
wrap
2002-05-15 10:12:29 +10:00
ee5e3b2d8a
wrap
2002-05-15 10:08:17 +10:00
8dd6febf73
update version.
2002-05-14 09:03:46 -07:00
fd6fd24a71
remove reference to UnixWare 7 and OpenUNIX 8
...
from PAM-enabled pragraph. UnixWare has no PAM.
2002-05-13 20:50:38 -07:00
1e28c9e6ba
20020514
...
[sshpty.c] set tty modes when allocating old style bsd ptys to
match what newer style ptys have when allocated. Based on a patch by
Roger Cornelius <rac@tenzing.org>
[README.privsep] UnixWare 7 and OpenUNIX 8 work.
2002-05-13 17:07:18 -07:00
f8defa2327
- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
2002-05-13 23:31:09 +00:00
05720356d6
- (djm) Add INSTALL warning about SSH protocol 1 blowfish w/ OpenSSL < 0.9.6
2002-05-13 15:22:21 +10:00
f71d2a5d44
- (djm) Bug #234 : missing readpassphrase declaration and defines
2002-05-13 15:14:08 +10:00
0228155f06
- (stevesk) add initial README.privsep
2002-05-13 03:57:04 +00:00
c81e12976e
- (stevesk) [configure.ac] nicer message: --with-privsep-user=user
2002-05-13 03:51:40 +00:00
b7cb96934e
- (djm) Update RPM spec file: different superuser path, use
...
/var/empty/sshd for privsep
2002-05-13 13:26:57 +10:00
f58c672f0e
- (djm) Add --with-privsep-path configure option
2002-05-13 13:15:42 +10:00
5ad9fd9820
- (djm) Bug #231 : UsePrivilegeSeparation turns off Banner.
2002-05-13 11:07:41 +10:00
a18bbd398e
- (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
...
the superuser receives.
2002-05-13 10:48:57 +10:00
802b956868
fix for systems that have both HAVE_ACCRIGHTS_IN_MSGHDR and
...
HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h has #define msg_accrights msg_control
2002-05-11 15:30:04 -07:00
aef7371fe4
applied a rework of djm's OpenSSL search cleanup patch.
...
Now only searches system and /usr/local/ssl (OpenSSL's default install path)
Others must use --with-ssl-dir=....
2002-05-11 13:17:42 -07:00
f98fb721a0
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
...
check for root forced expire. Still don't check for inactive.
2002-05-10 15:48:52 +00:00
0b47814b43
- (bal) Back all the way out of auth-passwd.c changes. Breaks too many
...
things that don't set pw->pw_passwd.
2002-05-10 02:40:15 +00:00
87aea25f1a
- (djm) Try to drop supplemental groups at daemon startup. Patch from
...
RedHat
2002-05-10 12:20:24 +10:00
cfe4a89eef
- (djm) Rework RedHat RPM files. Based on spec from Nalin
...
Dahyabhai <nalin@redhat.com> and patches from
Pekka Savola <pekkas@netcore.fi>
2002-05-10 12:19:23 +10:00
a7a5d6d1b5
Unbreak make -f Makefile.in distprep
2002-05-09 07:05:59 -07:00
ffc868ff83
- (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
2002-05-09 15:59:13 +10:00
0502a471e0
set SHELL in Makefile in case someone makes from a non bourne compatable shell
2002-05-08 16:04:14 -07:00
63cf84199d
fix logic on when seed_rng() is called.
...
Report by Chris Maxwell <maxwell@cs.dal.ca>
2002-05-08 15:57:18 -07:00
4bd2a19890
Add truncate() emulation to address Bug 208
2002-05-07 19:51:31 -07:00
f762a4bea5
- (djm) Don't reinitialise PAM credentials before we have started PAM.
...
Report from Pekka Savola <pekkas@netcore.fi>
2002-05-08 12:27:55 +10:00
a33501bb5f
- (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
...
<pekkas@netcore.fi>
2002-05-08 12:24:42 +10:00
52910ddc66
- (djm) Unbreak auth-passwd.c for PAM and SIA
2002-05-08 12:18:26 +10:00
532bbdb99b
- (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
2002-05-06 23:06:08 +00:00
804357ace9
- (djm) Fix readpassphase compilation for systems which have it
2002-05-01 22:00:22 +10:00
38cd435892
- (djm) Import OpenBSD regression tests. Requires BSD make to run
2002-05-01 13:17:33 +10:00
2f09289e74
[contrib/caldera/openssh.spec] update fixUP to reflect changes in sshd_config.
...
[contrib/cygwin/README] remove reference to regex.
patch from Corinna Vinschen <vinschen@redhat.com>
2002-04-29 20:53:12 -07:00
aa100c546c
- (djm) Bug #180 : Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
...
patch from openssh@misc.tecq.org
2002-04-26 16:54:34 +10:00
ae9d5af0de
- (djm) Disable PAM password expiry until a complete fix for bug #188 exists
2002-04-26 11:27:24 +10:00
13ce922cc6
- (djm) Bug #137 , #209 : fix make problems for scard/Ssh.bin, do uudecode
...
during distprep only
2002-04-26 11:25:40 +10:00
0ea1d9d1f2
- (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
...
support. bug #184 . most from dcole@keysoftsys.com .
2002-04-25 18:17:04 +00:00
30e494fbca
- (stevesk) [defines.h] remove USE_TIMEVAL; unused
2002-04-25 17:56:07 +00:00
0150c65830
- djm@cvs.openbsd.org 2002/04/23 22:16:29
...
[sshd.c]
Improve error message; ok markus@ stevesk@
2002-04-24 09:49:09 +10:00
11ec28176e
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/04/23 12:54:10
[version.h]
3.2.1
2002-04-24 09:48:14 +10:00
5feaaefaf2
- (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
2002-04-23 20:45:55 +00:00
03df6cd83c
- (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
2002-04-23 20:11:13 +00:00
78cf8c377f
- markus@cvs.openbsd.org 2002/04/23 12:58:26
...
[radix.c]
send complete ticket; semerad@ss1000.ms.mff.cuni.cz
2002-04-23 16:41:12 +02:00
f75fcc61f4
wrap an out of control line
2002-04-23 23:32:38 +10:00
fa2bb69d16
- (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid
...
sizeof(long long int) == 4 breakage. Patch from Matthew Clarke
<Matthew_Clarke@mindlink.bc.ca>
2002-04-23 23:22:25 +10:00
f1b9d11a3e
- (djm) Bug #214 : Fix utmp for Irix (don't strip "tty"). Patch from
...
Kevin Taylor <no@nowhere.org> (??) via Philipp Grau
<phgrau@zedat.fu-berlin.de>
2002-04-23 23:09:19 +10:00
d77facda1a
- (djm) Bug #213 : Simplify CMSG_ALIGN macros to avoid symbol clashes.
...
Reported by Doug Manton <dmanton@emea.att.com>
2002-04-23 22:59:51 +10:00
f5fea44ae3
- (djm) Define BROKEN_REALPATH for AIX, patch from
...
Antti Tapaninen <aet@cc.hut.fi>
2002-04-23 22:52:45 +10:00
654a4ef969
- (djm) Redhat spec enables KrbV by default
2002-04-23 21:17:17 +10:00
0b3894d5b5
- (djm) Update RPM spec file versions
2002-04-23 21:15:31 +10:00
ef7c11de6e
- (djm) Trim ChangeLog to include only post-3.1 changes
2002-04-23 21:13:32 +10:00
2797f7f03a
- markus@cvs.openbsd.org 2002/04/22 21:04:52
...
[channels.c clientloop.c clientloop.h ssh.c]
request reply (success/failure) for -R style fwd in protocol v2,
depends on ordered replies.
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215 ; ok provos@
2002-04-23 21:09:44 +10:00
d7de14b6ad
- markus@cvs.openbsd.org 2002/04/22 16:16:53
...
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
2002-04-23 21:04:51 +10:00
Ben Lindstrom
Kevin Steves
Tim Rice
Damien Miller
Markus Friedl