Commit Graph

2208 Commits

Author SHA1 Message Date
Ben Lindstrom f9c4884c8e - markus@cvs.openbsd.org 2002/06/11 04:14:26
[ssh.c sshconnect.c sshconnect.h]
     no longer use uidswap.[ch] from the ssh client
     run less code with euid==0 if ssh is installed setuid root
     just switch the euid, don't switch the complete set of groups
     (this is only needed by sshd). ok provos@
2002-06-11 16:37:51 +00:00
Ben Lindstrom 8bb6f36c8f - markus@cvs.openbsd.org 2002/06/10 22:28:41
[channels.c channels.h session.c]
     move creation of agent socket to session.c; no need for uidswapping
     in channel.c.
2002-06-11 15:59:02 +00:00
Ben Lindstrom 914d03758b - stevesk@cvs.openbsd.org 2002/06/10 21:21:10
[ssh_config]
     update defaults for RhostsRSAAuthentication and RhostsAuthentication
     here too (all options commented out with default value).
2002-06-11 15:55:01 +00:00
Ben Lindstrom 2bf8276393 - stevesk@cvs.openbsd.org 2002/06/10 17:45:20
[readconf.c ssh.1]
     change RhostsRSAAuthentication and RhostsAuthentication default to no
     since ssh is no longer setuid root by default; ok markus@
2002-06-11 15:53:05 +00:00
Ben Lindstrom 1775c9c97a - stevesk@cvs.openbsd.org 2002/06/10 17:36:23
[ssh-add.1 ssh-add.c]
     use convtime() to parse and validate key lifetime.  can now
     use '-t 2h' etc.  ok markus@ provos@
2002-06-11 15:51:54 +00:00
Ben Lindstrom 11d470de34 - stevesk@cvs.openbsd.org 2002/06/10 16:56:30
[ssh-keysign.8]
     merge in stuff from my man page; ok markus@
2002-06-11 15:50:13 +00:00
Ben Lindstrom 2779d28a0f - stevesk@cvs.openbsd.org 2002/06/10 16:53:06
[auth-rsa.c ssh-rsa.c]
     display minimum RSA modulus in error(); ok markus@
2002-06-11 15:47:42 +00:00
Ben Lindstrom 18a32a7efa - itojun@cvs.openbsd.org 2002/06/09 22:17:21
[sshconnect.c]
     pass salen to sockaddr_ntop so that we are happy on linux/solaris
2002-06-11 15:46:34 +00:00
Ben Lindstrom 5cac423871 - stevesk@cvs.openbsd.org 2002/06/09 22:15:15
[ssh.1]
     update for no setuid root and ssh-keysign; ok deraadt@
2002-06-11 15:45:02 +00:00
Ben Lindstrom 494709decb - (bal) ssh-agent.c RCSD fix (|unexpand already done) 2002-06-11 15:42:53 +00:00
Ben Lindstrom 05efee1092 - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
   independant of them)
2002-06-09 20:20:58 +00:00
Ben Lindstrom 2749e1c8f5 - markus@cvs.openbsd.org 2002/06/09 04:33:27
[sshconnect.c]
     abort() - > fatal()
2002-06-09 20:16:22 +00:00
Ben Lindstrom 159ac2e8cd - itojun@cvs.openbsd.org 2002/06/08 21:15:27
[sshconnect.c]
     always use getnameinfo.  (diag message only)
2002-06-09 20:14:54 +00:00
Ben Lindstrom 2e17b08e48 - markus@cvs.openbsd.org 2002/06/08 12:46:14
[readconf.c]
     silently ignore deprecated options, since FallBackToRsh might be passed
     by remote scp commands.
2002-06-09 20:13:27 +00:00
Ben Lindstrom af0c6d6a8c - markus@cvs.openbsd.org 2002/06/08 12:36:53
[scp.c]
     remove FallBackToRsh
2002-06-09 20:06:29 +00:00
Ben Lindstrom 7a7483d72e - markus@cvs.openbsd.org 2002/06/08 05:41:18
[ssh_config]
     remove FallBackToRsh/UseRsh
2002-06-09 20:05:35 +00:00
Ben Lindstrom 1c2bafebb3 - markus@cvs.openbsd.org 2002/06/08 05:40:01
[readconf.c]
     just warn about Deprecated options for now
2002-06-09 20:04:50 +00:00
Ben Lindstrom 4daea86fd4 - markus@cvs.openbsd.org 2002/06/08 05:17:01
[readconf.c readconf.h ssh.1 ssh.c]
     deprecate FallBackToRsh and UseRsh; patch from djm@
2002-06-09 20:04:02 +00:00
Ben Lindstrom a20715788d - markus@cvs.openbsd.org 2002/06/08 05:07:09
[ssh-keysign.c]
     only accept 20 byte session ids
2002-06-09 20:01:48 +00:00
Ben Lindstrom ece420413b - markus@cvs.openbsd.org 2002/06/08 05:07:56
[ssh.c]
     nuke ptrace comment
2002-06-09 20:00:09 +00:00
Ben Lindstrom 2ab1968da2 - (bal) Removed --{enable/disable}-suid-ssh
this was mistakenly commited with the __progname fix to ssh-keysign.
2002-06-07 16:49:11 +00:00
Ben Lindstrom 378a417389 - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by
Bertrand.Velle@apogee-com.fr
2002-06-07 14:49:56 +00:00
Ben Lindstrom 3545352dc4 - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au 2002-06-07 14:37:00 +00:00
Ben Lindstrom 03bab2861e - (bal) Reverse logic, use __func__ first since it's C99 2002-06-07 03:19:35 +00:00
Ben Lindstrom db41d2390c - (bal) ssh-keysign should build and install correctly now. Phase two
would be to clean out any dead wood and disable ssh setuid on install.
2002-06-07 03:11:38 +00:00
Ben Lindstrom b85ab30a6e - (bal) Refixed auth2.c. It was never fully commited while spliting out
authentication to different files.
2002-06-07 02:05:25 +00:00
Ben Lindstrom 4eeccc79f6 - (bal) monitor_mm.c typos. 2002-06-07 01:57:25 +00:00
Ben Lindstrom 88d26ed408 - (bal) Forgot to add msg.c Makefile.in. 2002-06-07 01:53:59 +00:00
Ben Lindstrom a93f12f396 - (bal) Missed msg.[ch] in merge. Required for ssh-keysign. 2002-06-07 01:51:06 +00:00
Ben Lindstrom 937df1d630 - markus@cvs.openbsd.org 2002/06/06 17:30:11
[sftp-server.c]
     use get_int() macro (hide iqueue)
2002-06-06 21:58:35 +00:00
Ben Lindstrom 2c14047ada - markus@cvs.openbsd.org 2002/06/06 17:12:44
[sftp-server.c]
     discard remaining bytes of current request; ok provos@
2002-06-06 21:57:54 +00:00
Ben Lindstrom d9d6ab6372 - stevesk@cvs.openbsd.org 2002/06/06 01:09:41
[monitor.h]
     no trailing comma in enum; china@thewrittenword.com
2002-06-06 21:57:01 +00:00
Ben Lindstrom 61d328acf9 - markus@cvs.openbsd.org 2002/06/05 21:55:44
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
     ssh-add -t life,  Set lifetime (in seconds) when adding identities;
     ok provos@
2002-06-06 21:54:57 +00:00
Ben Lindstrom 163f3b8f6b - markus@cvs.openbsd.org 2002/06/05 20:56:39
[ssh-add.c]
     add -x/-X to usage
2002-06-06 21:53:11 +00:00
Ben Lindstrom 2f71704b42 - markus@cvs.openbsd.org 2002/06/05 19:57:12
[authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
     ssh-add -x for lock and -X for unlocking the agent.
     todo: encrypt private keys with locked...
2002-06-06 21:52:03 +00:00
Ben Lindstrom 21d1ed8303 - markus@cvs.openbsd.org 2002/06/05 16:48:54
[ssh-agent.c]
     copy current request into an extra buffer and just flush this
     request on errors, ok provos@
2002-06-06 21:48:57 +00:00
Ben Lindstrom b7788f3ebe - markus@cvs.openbsd.org 2002/06/05 16:08:07
[ssh-agent.1 ssh-agent.c]
     '-a bind_address' binds the agent to user-specified unix-domain
     socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
2002-06-06 21:46:08 +00:00
Ben Lindstrom 22fa01cdea - markus@cvs.openbsd.org 2002/06/05 16:08:07
[ssh-agent.1 ssh-agent.c]
     '-a bind_address' binds the agent to user-specified unix-domain
     socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
2002-06-06 21:46:07 +00:00
Ben Lindstrom 7d9c38f37a - markus@cvs.openbsd.org 2002/06/04 23:05:49
[cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
     __FUNCTION__ -> __func__

NOTE: This includes all portable references also.
2002-06-06 21:40:51 +00:00
Ben Lindstrom 3dca4f55f2 - markus@cvs.openbsd.org 2002/06/04 23:02:06
[packet.c]
     remove __FUNCTION__
2002-06-06 20:59:25 +00:00
Ben Lindstrom f67e07711f - markus@cvs.openbsd.org 2002/06/04 19:53:40
[monitor.c]
     save the session id (hash) for ssh2 (it will be passed with the
     initial sign request) and verify that this value is used during
     authentication; ok provos@
2002-06-06 20:58:19 +00:00
Ben Lindstrom dcf6bfbfbd - markus@cvs.openbsd.org 2002/06/04 19:42:35
[monitor.c]
     only allow enabled authentication methods; ok provos@
2002-06-06 20:57:17 +00:00
Ben Lindstrom 2e14bc71e6 - deraadt@cvs.openbsd.org 2002/06/03 12:04:07
[ssh.h]
     compatiblity -> compatibility
     decriptor -> descriptor
     authentciated -> authenticated
     transmition -> transmission
2002-06-06 20:56:07 +00:00
Ben Lindstrom ceae9d1c33 - markus@cvs.openbsd.org 2002/05/31 13:20:50
[ssh-rsa.c]
     pad received signature with leading zeros, because RSA_verify expects
     a signature of RSA_size. the drafts says the signature is transmitted
     unpadded (e.g. putty does not pad), reported by anakin@pobox.com
2002-06-06 20:55:04 +00:00
Ben Lindstrom 01fff0c9d4 - markus@cvs.openbsd.org 2002/05/31 13:16:48
[key.c]
     add comment:
     key_verify returns 1 for a correct signature, 0 for an incorrect signature
     and -1 on error.
2002-06-06 20:54:07 +00:00
Ben Lindstrom 511bb24c5b - markus@cvs.openbsd.org 2002/05/31 11:35:15
[auth.h auth2.c]
     move Authmethod definitons to per-method file.

NOTE: The rest of this patch is with the import of the auth2-*.c files.
2002-06-06 20:52:37 +00:00
Ben Lindstrom cec2ea8d02 - markus@cvs.openbsd.org 2002/05/31 10:30:33
[sshconnect2.c]
     extent ssh-keysign protocol:
     pass # of socket-fd to ssh-keysign, keysign verfies locally used
     ip-address using this socket-fd, restricts fake local hostnames
     to actual local hostnames; ok stevesk@
2002-06-06 20:51:04 +00:00
Ben Lindstrom f088f4374a - markus@cvs.openbsd.org 2002/05/30 08:07:31
[cipher.c]
     use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
     our own implementation. allow use of AES hardware via libcrypto,
     ok deraadt@
2002-06-06 20:50:07 +00:00
Ben Lindstrom a26ea63f8a - markus@cvs.openbsd.org 2002/05/29 11:21:57
[sshd.c]
     don't start if privsep is enabled and SSH_PRIVSEP_USER or
     _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
2002-06-06 20:46:25 +00:00
Ben Lindstrom 20abb75f53 - stevesk@cvs.openbsd.org 2002/05/29 03:06:30
[ssh.1 sshd.8]
     spelling
2002-06-06 20:45:33 +00:00