Commit Graph

2494 Commits

Author SHA1 Message Date
Ben Lindstrom fac7769f64 - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
[session.c ssh.c]
     don't limit xauth pathlen on client side and longer print length on
     server when debug; ok markus@
2002-06-06 19:49:54 +00:00
Ben Lindstrom 6a24641365 - markus@cvs.openbsd.org 2002/05/16 22:02:50
[cipher.c kex.h mac.c]
     fix warnings (openssl 0.9.7 requires const)
2002-06-06 19:48:16 +00:00
Ben Lindstrom fb62a69488 - markus@cvs.openbsd.org 2002/05/15 21:56:38
[servconf.c sshd.8 sshd_config]
     re-enable privsep and disable setuid for post-3.2.2
2002-06-06 19:47:11 +00:00
Kevin Steves df75dd21f5 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
setsockopt from debug to error for now).
2002-06-04 20:52:19 +00:00
Tim Rice 28bbb0c458 [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
last monitor_fdpass.c changes that are no longer needed with new tests.
Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
2002-05-27 17:37:32 -07:00
Damien Miller 116e6dfaad unbreak (aaarrrgggh - stupid vi) 2002-05-22 15:06:28 +10:00
Damien Miller 8ce8296fd0 sync scard/ 2002-05-22 14:24:01 +10:00
Damien Miller 23dc10ddac crank rpm spec versions 2002-05-22 14:14:54 +10:00
Damien Miller 667fb25f47 Crank version
(also missed changelog message)
2002-05-22 14:14:00 +10:00
Damien Miller 13e35a0ea2 rcsid sync 2002-05-22 14:04:11 +10:00
Damien Miller 74cc5bb851 fix spelling mistakes spotted by Solar Designer <solar@openwall.com> 2002-05-22 11:02:15 +10:00
Kevin Steves bc5bb55755 - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups() 2002-05-21 17:59:13 +00:00
Kevin Steves c5041acef3 - (stevesk) [sshd.c] bug 245; disable setsid() for now 2002-05-21 17:50:21 +00:00
Tim Rice 9de793cc6c [configure.ac] remove extra MD5_MSG="no" line. 2002-05-17 08:59:22 -07:00
Damien Miller 8ae0d8c185 p1 2002-05-16 09:25:38 +10:00
Ben Lindstrom 4e67d38a7e - (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/05/15 21:05:29
     [version.h]
     enter OpenSSH_3.2.2
 - (bal) Caldara, Suse, and Redhat openssh.specs updated.
2002-05-15 21:50:14 +00:00
Ben Lindstrom c5c15dde32 - markus@cvs.openbsd.org 2002/05/15 21:02:53
[servconf.c sshd.8 sshd_config]
     disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
Ben Lindstrom c57bbf158d - millert@cvs.openbsd.org 2002/05/06 23:34:33
[ssh.1 sshd.8]
     Kill/adjust r(login|exec)d? references now that those are no longer in
     the tree.
2002-05-15 21:36:45 +00:00
Ben Lindstrom bb2ce36d4d - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
[servconf.c sshd.8 sshd_config]
     enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
Ben Lindstrom 2b70e5603f - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy. 2002-05-15 16:39:51 +00:00
Ben Lindstrom 7339b2a278 - mouring@cvs.openbsd.org 2002/05/15 15:47:49
[kex.c monitor.c monitor_wrap.c sshd.c]
     'monitor' variable clashes with at least one lame platform (NeXT).  i
     Renamed to 'pmonitor'.  provos@
 - (bal) Fixed up PAM case.  I think.
2002-05-15 16:25:01 +00:00
Ben Lindstrom bdde330d2f - markus@cvs.openbsd.org 2002/05/13 21:26:49
[auth-rhosts.c]
     handle debug messages during rhosts-rsa and hostbased authentication;
     ok provos@
2002-05-15 16:19:37 +00:00
Ben Lindstrom 17401b6b77 - millert@cvs.openbsd.org 2002/05/13 15:53:19
[sshd.c]
     Call setsid() in the child after sshd accepts the connection and forks.
     This is needed for privsep which calls setlogin() when it changes uids.
     Without this, there is a race where the login name of an existing
     connection, as returned by getlogin(), may be changed to the privsep
     user (sshd).  markus@ OK
2002-05-15 16:17:56 +00:00
Ben Lindstrom a574cda45b - markus@cvs.openbsd.org 2002/05/13 20:44:58
[auth-options.c auth.c auth.h]
     move the packet_send_debug handling from auth-options.c to auth.c;
     ok provos@
2002-05-15 16:16:14 +00:00
Ben Lindstrom 58d4dafeb1 - itojun@cvs.openbsd.org 2002/05/13 02:37:39
[auth-skey.c auth2.c]
     less warnings.  skey_{respond,query} are public (in auth.h)
2002-05-15 16:14:36 +00:00
Ben Lindstrom 966bfdae6b - stevesk@cvs.openbsd.org 2002/05/11 20:24:48
[ssh.h]
     typo in comment
2002-05-15 16:09:57 +00:00
Ben Lindstrom 973be0083b - deraadt@cvs.openbsd.org 2002/05/08 21:06:34
[ssh.h]
     move to sshd.sshd instead
2002-05-15 16:08:48 +00:00
Ben Lindstrom 1650ba3f57 - deraadt@cvs.openbsd.org 2002/05/07 19:54:36
[ssh.h]
     use ssh uid
2002-05-15 16:07:11 +00:00
Ben Lindstrom beecf74e2b - (bal) CVS ID fix up on auth-passwd.c 2002-05-15 15:59:17 +00:00
Damien Miller 860e929fa2 wrap 2002-05-15 10:12:29 +10:00
Damien Miller ee5e3b2d8a wrap 2002-05-15 10:08:17 +10:00
Tim Rice 8dd6febf73 update version. 2002-05-14 09:03:46 -07:00
Tim Rice fd6fd24a71 remove reference to UnixWare 7 and OpenUNIX 8
from PAM-enabled pragraph. UnixWare has no PAM.
2002-05-13 20:50:38 -07:00
Tim Rice 1e28c9e6ba 20020514
[sshpty.c] set tty modes when allocating old style bsd ptys to
match what newer style ptys have when allocated. Based on a patch by
Roger Cornelius <rac@tenzing.org>
[README.privsep] UnixWare 7 and OpenUNIX 8 work.
2002-05-13 17:07:18 -07:00
Kevin Steves f8defa2327 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. 2002-05-13 23:31:09 +00:00
Damien Miller 05720356d6 - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/ OpenSSL < 0.9.6 2002-05-13 15:22:21 +10:00
Damien Miller f71d2a5d44 - (djm) Bug #234: missing readpassphrase declaration and defines 2002-05-13 15:14:08 +10:00
Damien Miller 903e115698 align summary 2002-05-13 14:41:31 +10:00
Damien Miller 4c95417415 unbreak 2002-05-13 14:12:05 +10:00
Kevin Steves 0228155f06 - (stevesk) add initial README.privsep 2002-05-13 03:57:04 +00:00
Kevin Steves c81e12976e - (stevesk) [configure.ac] nicer message: --with-privsep-user=user 2002-05-13 03:51:40 +00:00
Damien Miller d81c02d653 unbreak 2002-05-13 13:30:17 +10:00
Damien Miller b7cb96934e - (djm) Update RPM spec file: different superuser path, use
/var/empty/sshd for privsep
2002-05-13 13:26:57 +10:00
Damien Miller f58c672f0e - (djm) Add --with-privsep-path configure option 2002-05-13 13:15:42 +10:00
Damien Miller 5ad9fd9820 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. 2002-05-13 11:07:41 +10:00
Damien Miller 80080753cd - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
the superuser receives.
2002-05-13 10:56:51 +10:00
Damien Miller a18bbd398e - (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
the superuser receives.
2002-05-13 10:48:57 +10:00
Tim Rice 802b956868 fix for systems that have both HAVE_ACCRIGHTS_IN_MSGHDR and
HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h has #define msg_accrights msg_control
2002-05-11 15:30:04 -07:00
Tim Rice aef7371fe4 applied a rework of djm's OpenSSL search cleanup patch.
Now only searches system and /usr/local/ssl (OpenSSL's default install path)
 Others must use --with-ssl-dir=....
2002-05-11 13:17:42 -07:00
Kevin Steves f98fb721a0 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
check for root forced expire.  Still don't check for inactive.
2002-05-10 15:48:52 +00:00