tim [Thu, 12 Feb 2004 15:17:10 +0000 (15:17 +0000)]
[Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh]
Portablity fixes. Data sftp transfers needs to be world readable. Some
older shells hang on while loops when doing sh -n some_script. OK dtucker@
dtucker [Tue, 10 Feb 2004 04:27:34 +0000 (04:27 +0000)]
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
include from port-aix.h to port-aix.c and remove unnecessary function
definition. Fixes build errors on AIX.
#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c. Sigh.
dtucker [Tue, 10 Feb 2004 02:23:28 +0000 (02:23 +0000)]
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
change expired PAM passwords for SSHv1 connections without privsep.
pam_chauthtok is still used when privsep is disabled. ok djm@
dtucker [Tue, 10 Feb 2004 02:01:14 +0000 (02:01 +0000)]
- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
defines.h] Bug #14: Use do_pwchange to support password expiry and force
change for platforms using /etc/shadow. ok djm@
dtucker [Fri, 6 Feb 2004 23:41:48 +0000 (23:41 +0000)]
- dtucker@cvs.openbsd.org 2004/02/06 23:41:13
[cipher-ctr.c]
Use EVP_CIPHER_CTX_key_length for key length. ok markus@
(This will fix builds with OpenSSL 0.9.5)
dtucker [Fri, 6 Feb 2004 05:24:31 +0000 (05:24 +0000)]
- markus@cvs.openbsd.org 2004/01/30 09:48:57
[auth-passwd.c auth.h pathnames.h session.c]
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).
In -Portable, this is currently only platforms using bsdauth.
dtucker [Fri, 6 Feb 2004 05:17:51 +0000 (05:17 +0000)]
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls. Fixes problems with setpcred
failing on accounts that use AFS or NIS password registries.
dtucker [Fri, 6 Feb 2004 04:59:06 +0000 (04:59 +0000)]
- (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO
for HP-UX 11.11. If there are known-good configs where this is not
required, please report them. ok djm@
dtucker [Fri, 30 Jan 2004 01:58:51 +0000 (01:58 +0000)]
- dtucker@cvs.openbsd.org 2003/10/11 11:49:49
[Makefile banner.sh]
Test missing banner file, suppression of banner with ssh -q, check return
code from ssh. ok markus@
djm [Tue, 27 Jan 2004 10:22:00 +0000 (10:22 +0000)]
- djm@cvs.openbsd.org 2004/01/27 10:08:10
[sftp.c]
reorder parsing so user:skey@host:file works (bugzilla #777)
patch from admorten AT umich.edu; ok markus@
djm [Tue, 27 Jan 2004 10:21:27 +0000 (10:21 +0000)]
- djm@cvs.openbsd.org 2004/01/25 03:49:09
[sshconnect.c]
reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785)
from jclonguet AT free.fr; ok millert@
djm [Tue, 27 Jan 2004 10:20:11 +0000 (10:20 +0000)]
- mouring@cvs.openbsd.org 2004/01/23 17:57:48
[sftp-int.c]
Fix issue pointed out with ls not handling large directories
with embeded paths correctly. OK damien@
djm [Tue, 27 Jan 2004 10:19:21 +0000 (10:19 +0000)]
- (djm) OpenBSD CVS Sync
- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
[cipher.c]
enable acss for ssh
ok deraadt@ markus@
- (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
if libcrypto lacks it
tim [Sat, 24 Jan 2004 02:35:16 +0000 (02:35 +0000)]
[configure.ac] Remove hard coded -L/usr/local/lib and
-I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \
CPPFLAGS="-I/usr/local/include" ./configure if needed.
dtucker [Fri, 23 Jan 2004 11:03:10 +0000 (11:03 +0000)]
- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
include kafs.h unless necessary. From deengert at anl.gov.
For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
djm [Fri, 23 Jan 2004 05:30:03 +0000 (05:30 +0000)]
- (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect
Kerberos location (and thus work with Fedora Core 1);
from jason AT devrandom.org
dtucker [Thu, 22 Jan 2004 01:48:26 +0000 (01:48 +0000)]
- (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
just HEIMDAL.
Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available. In that case it will be used too.
djm [Wed, 21 Jan 2004 06:07:16 +0000 (06:07 +0000)]
- deraadt@cvs.openbsd.org 2004/01/11 21:55:06
[sshpty.c]
for pty opening, only use the openpty() path. the other stuff only needs
to be in openssh-p; markus ok
- (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
openpty() replacement
djm [Wed, 21 Jan 2004 00:02:50 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2004/01/19 21:25:15
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
djm [Wed, 21 Jan 2004 00:02:09 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2004/01/19 09:24:21
[channels.c]
fake consumption for half closed channels since the peer is waiting for
window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
djm [Tue, 20 Jan 2004 23:58:47 +0000 (23:58 +0000)]
- djm@cvs.openbsd.org 2004/01/13 09:25:05
[sftp-int.c sftp.1 sftp.c]
Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and
enable use of "-b -" to accept batchfile from stdin; ok markus@
dtucker [Wed, 31 Dec 2003 00:43:24 +0000 (00:43 +0000)]
- dtucker@cvs.openbsd.org 2003/12/31 00:24:50
[auth2-passwd.c]
Ignore password change request during password auth (which we currently
don't support) and discard proposed new password. corrections/ok markus@
dtucker [Thu, 18 Dec 2003 04:34:31 +0000 (04:34 +0000)]
- (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
authentication. Partially fixes bug #423. Feedback & ok djm@
Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
authentication thread and once from the main shell child, so we cache the
result, which must be passed from the authentication thread back to the
monitor.
djm [Wed, 17 Dec 2003 05:33:10 +0000 (05:33 +0000)]
- markus@cvs.openbsd.org 2003/12/16 15:49:51
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
[ssh.c ssh_config.5]
application layer keep alive (ServerAliveInterval ServerAliveCountMax)
for ssh(1), similar to the sshd(8) option; ok beck@; with help from
jmc and dtucker@
djm [Wed, 17 Dec 2003 05:31:10 +0000 (05:31 +0000)]
- markus@cvs.openbsd.org 2003/12/09 21:53:37
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
djm [Wed, 17 Dec 2003 05:27:32 +0000 (05:27 +0000)]
20031217
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/12/09 15:28:43
[serverloop.c]
make ClientKeepAlive work for ssh -N, too (no login shell requested).
1) send a bogus channel request if we find a channel
2) send a bogus global request if we don't have a channel
ok + test beck@
dtucker [Tue, 9 Dec 2003 13:54:38 +0000 (13:54 +0000)]
- dtucker@cvs.openbsd.org 2003/12/09 13:52:55
[moduli.c]
Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
they can't be used for Diffie-Hellman. Assistance and ok djm@
dtucker [Tue, 9 Dec 2003 08:07:13 +0000 (08:07 +0000)]
- markus@cvs.openbsd.org 2003/12/02 12:15:10
[progressmeter.c]
improvments from andreas@:
* saner speed estimate for transfers that takes less than a second by
rounding the time to 1 second.
* when the transfer is finished calculate the actual total speed
rather than the current speed which is given during the transfer