Commit Graph

4112 Commits

Author SHA1 Message Date
Darren Tucker 2fba993080 - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
Bug #974: Teach sshd to write failed login records to btmp for failed auth
   attempts (currently only for password, kbdint and C/R, only on Linux and
   HP-UX), based on code from login.c from util-linux. With ashok_kovai at
   hotmail.com, ok djm@
2005-02-02 23:30:24 +11:00
Darren Tucker 9dc6c7dbec - (dtucker) [session.c sshd.c] Bug #445: Propogate KRB5CCNAME if set to child
the process.  Since we also unset KRB5CCNAME at startup, if it's set after
   authentication it must have been set by the platform's native auth system.
   This was already done for AIX; this enables it for the general case.
2005-02-02 18:30:33 +11:00
Darren Tucker 42d9dc75ed - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
Make record_failed_login() call provide hostname rather than having the
   implementations having to do lookups themselves.  Only affects AIX and
   UNICOS (the latter only uses the "user" parameter anyway).  ok djm@
2005-02-02 17:10:11 +11:00
Darren Tucker ad7646a59a - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
rev 1.11 from OpenBSD and make it use fchdir if available.  ok djm@
2005-02-02 10:43:59 +11:00
Darren Tucker 9dca099aec - (dtucker) [sshd_config.5] Bug #701: remove warning about
keyboard-interactive since this is no longer the case.
2005-02-01 19:16:45 +11:00
Darren Tucker 9b5495d23e - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some
platforms syslog will revert to its default values.  This may result in
   messages from external libraries (eg libwrap) being sent to a different
   facility.
2005-02-01 17:35:09 +11:00
Darren Tucker 218f178cb2 - dtucker@cvs.openbsd.org 2005/01/24 11:47:13
[auth-passwd.c]
     #if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
2005-01-24 22:50:47 +11:00
Darren Tucker 1b7223c005 - dtucker@cvs.openbsd.org 2005/01/24 10:29:06
[moduli]
     Import new moduli; requested by deraadt@ a week ago
2005-01-24 22:00:40 +11:00
Darren Tucker ba66df81a3 - dtucker@cvs.openbsd.org 2005/01/24 10:22:06
[scp.c sftp.c]
     Have scp and sftp wait for the spawned ssh to exit before they exit
     themselves.  This prevents ssh from being unable to restore terminal
     modes (not normally a problem on OpenBSD but common with -Portable
     on POSIX platforms).  From peak at argo.troja.mff.cuni.cz (bz#950);
     ok djm@ markus@
2005-01-24 21:57:40 +11:00
Darren Tucker 660db78af2 - djm@cvs.openbsd.org 2005/01/23 10:18:12
[cipher.c]
     config option "Ciphers" should be case-sensitive; ok dtucker@
2005-01-24 21:57:11 +11:00
Darren Tucker 094cd0ba02 - dtucker@cvs.openbsd.org 2005/01/22 08:17:59
[auth.c]
     Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
     DenyGroups.  bz #909, ok djm@
2005-01-24 21:56:48 +11:00
Darren Tucker 5c14c73429 - otto@cvs.openbsd.org 2005/01/21 08:32:02
[auth-passwd.c sshd.c]
     Warn in advance for password and account expiry; initialize loginmsg
     buffer earlier and clear it after privsep fork. ok and help dtucker@
     markus@
2005-01-24 21:55:49 +11:00
Darren Tucker 3c66080aa2 - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
the list of available kbdint devices if UsePAM=no.  ok djm@
2005-01-20 22:20:50 +11:00
Darren Tucker 33bc334a8b - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
bytes to prevent errors from login_init_entry() when the username is
   exactly 64 bytes(!) long.  From brhamon at cisco.com, ok djm@
2005-01-20 22:07:29 +11:00
Darren Tucker d5bfa8f9d8 Oops, did not intend to commit this yet 2005-01-20 13:29:51 +11:00
Darren Tucker d231186fd0 - djm@cvs.openbsd.org 2004/12/22 02:13:19
[cipher-ctr.c cipher.c]
     remove fallback AES support for old OpenSSL, as OpenBSD has had it for
     many years now; ok deraadt@
     (Id sync only: Portable will continue to support older OpenSSLs)
2005-01-20 13:27:56 +11:00
Darren Tucker 36a3d60347 - (dtucker) [auth-pam.c] Bug #971: Prevent leaking information about user
existence via keyboard-interactive/pam, in conjunction with previous
   auth2-chall.c change; with Colin Watson and djm.
2005-01-20 12:43:38 +11:00
Darren Tucker 611649ebf0 - dtucker@cvs.openbsd.org 2005/01/19 13:11:47
[auth-bsdauth.c auth2-chall.c]
     Have keyboard-interactive code call the drivers even for responses for
     invalid logins.  This allows the drivers themselves to decide how to
     handle them and prevent leaking information where possible.  Existing
     behaviour for bsdauth is maintained by checking authctxt->valid in the
     bsdauth driver.  Note that any third-party kbdint drivers will now need
     to be able to handle responses for invalid logins.  ok markus@
2005-01-20 11:05:34 +11:00
Darren Tucker ea7c8127ce - dtucker@cvs.openbsd.org 2005/01/17 22:48:39
[sshd.c]
     Make debugging output continue after reexec; ok djm@
2005-01-20 11:03:08 +11:00
Darren Tucker f0e792ec1c - dtucker@cvs.openbsd.org 2005/01/17 03:25:46
[moduli.c]
     Correct spelling: SCHNOOR->SCHNORR; ok djm@
2005-01-20 11:02:26 +11:00
Darren Tucker b3509014ce - jmc@cvs.openbsd.org 2005/01/08 00:41:19
[sshd_config.5]
     `login'(n) -> `log in'(v);
2005-01-20 11:01:46 +11:00
Darren Tucker b2161e37f5 - markus@cvs.openbsd.org 2005/01/05 08:51:32
[sshconnect.c]
     remove dead code, log connect() failures with level error, ok djm@
2005-01-20 11:00:46 +11:00
Darren Tucker 0f38323222 - djm@cvs.openbsd.org 2004/12/23 23:11:00
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
     bz #898: support AddressFamily in sshd_config. from
     peak@argo.troja.mff.cuni.cz; ok deraadt@
2005-01-20 10:57:56 +11:00
Darren Tucker 7cfeecf670 - markus@cvs.openbsd.org 2004/12/23 17:38:07
[ssh-keygen.c]
     leak; from mpech
2005-01-20 10:56:31 +11:00
Darren Tucker 172a5e8cb8 - markus@cvs.openbsd.org 2004/12/23 17:35:48
[session.c]
     check for NULL; from mpech
2005-01-20 10:55:46 +11:00
Darren Tucker 24c710e498 - (dtucker) [survey.sh.in] Remove any blank lines from the output of
ccver-v and ccver-V.
2005-01-18 12:45:42 +11:00
Darren Tucker 72c025d9f0 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
"make survey" and "make send-survey".  This will provide data on the
   configure parameters, platform and platform features to the development
   team, which will allow (among other things) better targetting of testing.
   It's entirely voluntary and is off be default. ok djm@
2005-01-18 12:05:18 +11:00
Darren Tucker 5caa78b1b7 - (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since
on some wacky platforms (eg old AIXes), dd will refuse to create an output
   file if it doesn't exist.
2004-12-20 12:35:42 +11:00
Darren Tucker 8686ed7508 - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
from prngd is enabled at compile time but fails at run time, eg because
   prngd is not running.  Note that if you have prngd running when OpenSSH is
   built, OpenSSL will consider itself internally seeded and rand-helper won't
   be built at all unless explicitly enabled via --with-rand-helper.  ok djm@
2004-12-20 12:05:08 +11:00
Darren Tucker 442a383418 - (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
amarendra.godbole at ge com.
2004-12-13 18:08:32 +11:00
Darren Tucker f0f90989fa - dtucker@cvs.openbsd.org 2004/12/11 01:48:56
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
     Fix debug call in error path of authorized_keys processing and fix related
     warnings; ok djm@
2004-12-11 13:39:50 +11:00
Darren Tucker 596dcfa21f - fgsch@cvs.openbsd.org 2004/12/10 03:10:42
[sftp.c]
     - fix globbed ls for paths the same lenght as the globbed path when
       we have a unique matching.
     - fix globbed ls in case of a directory when we have a unique matching.
     - as a side effect, if the path does not exist error (used to silently
       ignore).
     - don't do extra do_lstat() if we only have one matching file.
     djm@ ok
2004-12-11 13:37:22 +11:00
Darren Tucker 56c9598e5e - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/12/06 16:00:43
     [bufaux.c]
     use 0x00 not \0 since buf[] is a bignum
2004-12-11 13:34:56 +11:00
Tim Rice 0f83d2907c [configure.ac] Comment some non obvious platforms in the target-specific
case statement. Suggested and OK by dtucker@
2004-12-08 18:29:58 -08:00
Darren Tucker 641b34c72b - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. 2004-12-07 11:26:15 +11:00
Darren Tucker d028fea13a - dtucker@cvs.openbsd.org 2004/12/06 10:49:56
[test-exec.sh]
     Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@
2004-12-06 23:16:29 +11:00
Darren Tucker cc0603d4b6 - dtucker@cvs.openbsd.org 2004/11/25 09:39:27
[test-exec.sh]
     Remove obsolete RhostsAuthentication from test config; ok markus@
2004-12-06 23:13:50 +11:00
Darren Tucker 79ec66e980 - djm@cvs.openbsd.org 2004/11/07 00:32:41
[multiplex.sh]
     regression tests for new multiplex commands
2004-12-06 23:12:15 +11:00
Darren Tucker 124f58ecba - djm@cvs.openbsd.org 2004/10/29 23:59:22
[Makefile added brokenkeys.sh]
     regression test for handling of corrupt keys in authorized_keys file
2004-12-06 23:07:37 +11:00
Darren Tucker 71b5643598 - djm@cvs.openbsd.org 2004/10/08 02:01:50
[reexec.sh]
     shrink and tidy; ok dtucker@
2004-12-06 23:05:52 +11:00
Darren Tucker 3206e57e93 - david@cvs.openbsd.org 2004/07/09 19:45:43
[Makefile]
     add a missing CLEANFILES used in the re-exec test
2004-12-06 23:04:57 +11:00
Darren Tucker ccf0779185 - dtucker@cvs.openbsd.org 2004/07/08 12:59:35
[scp.sh]
     Regress test for bz #863 (scp double-error), requires $SUDO.  ok markus@
2004-12-06 23:03:27 +11:00
Darren Tucker a372960fa9 - djm@cvs.openbsd.org 2004/06/26 06:16:07
[reexec.sh]
     don't change the name of the copied sshd for the reexec fallback test,
     makes life simpler for portable
2004-12-06 23:00:27 +11:00
Darren Tucker c0dc1c9bfa Resync Ids 2004-12-06 22:58:11 +11:00
Darren Tucker 22cc741096 - dtucker@cvs.openbsd.org 2004/12/06 11:41:03
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
     Discard over-length authorized_keys entries rather than complaining when
     they don't decode.  bz #884, with & ok djm@
2004-12-06 22:47:41 +11:00
Darren Tucker 16e254d179 - jaredy@cvs.openbsd.org 2004/12/05 23:55:07
[sftp.1]
     - explain that patterns can be used as arguments in get/put/ls/etc
       commands (prodded by Michael Knudsen)
     - describe ls flags as a list
     - other minor improvements
     ok jmc, djm
2004-12-06 22:46:45 +11:00
Darren Tucker e2f189a841 - djm@cvs.openbsd.org 2004/11/29 07:41:24
[sftp-client.h sftp.c]
     Some small fixes from moritz@jodeit.org. ok deraadt@
2004-12-06 22:45:53 +11:00
Darren Tucker 0133a727ac - jmc@cvs.openbsd.org 2004/11/29 00:05:17
[sftp.1]
     missing full stop;
2004-12-06 22:44:32 +11:00
Darren Tucker cd516efea1 - (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/11/25 22:22:14
     [sftp-client.c sftp.c]
     leak; from mpech
2004-12-06 22:43:43 +11:00
Darren Tucker ba2abb3699 - (dtucker) [TODO WARNING.RNG] Update to reflect current reality. ok djm@ 2004-12-06 22:40:10 +11:00