dtucker [Mon, 23 Feb 2004 23:37:33 +0000 (23:37 +0000)]
- (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found
with krb5-config, hunt down gssapi.h and friends. Based partially on patch
from deengert at anl.gov.
For the MIT Kerberos bug against krb5-config related to this see:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=2240
dtucker [Mon, 23 Feb 2004 22:21:41 +0000 (22:21 +0000)]
- markus@cvs.openbsd.org 2004/02/23 15:12:46
[bufaux.c]
encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka
and drop support for negative BNs; ok otto@
dtucker [Tue, 17 Feb 2004 12:20:07 +0000 (12:20 +0000)]
- (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for
display after login. Should fix problems like pam_motd not displaying
anything, noticed by cjwatson at debian.org. ok djm@
djm [Tue, 17 Feb 2004 06:07:59 +0000 (06:07 +0000)]
- djm@cvs.openbsd.org 2004/02/17 05:39:51
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
[sftp-int.h sftp.c]
switch to license.template for code written by me (belated, I know...)
tim [Thu, 12 Feb 2004 15:17:10 +0000 (15:17 +0000)]
[Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh]
Portablity fixes. Data sftp transfers needs to be world readable. Some
older shells hang on while loops when doing sh -n some_script. OK dtucker@
dtucker [Tue, 10 Feb 2004 04:27:34 +0000 (04:27 +0000)]
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
include from port-aix.h to port-aix.c and remove unnecessary function
definition. Fixes build errors on AIX.
#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c. Sigh.
dtucker [Tue, 10 Feb 2004 02:23:28 +0000 (02:23 +0000)]
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
change expired PAM passwords for SSHv1 connections without privsep.
pam_chauthtok is still used when privsep is disabled. ok djm@
dtucker [Tue, 10 Feb 2004 02:01:14 +0000 (02:01 +0000)]
- (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
defines.h] Bug #14: Use do_pwchange to support password expiry and force
change for platforms using /etc/shadow. ok djm@
dtucker [Fri, 6 Feb 2004 23:41:48 +0000 (23:41 +0000)]
- dtucker@cvs.openbsd.org 2004/02/06 23:41:13
[cipher-ctr.c]
Use EVP_CIPHER_CTX_key_length for key length. ok markus@
(This will fix builds with OpenSSL 0.9.5)
dtucker [Fri, 6 Feb 2004 05:24:31 +0000 (05:24 +0000)]
- markus@cvs.openbsd.org 2004/01/30 09:48:57
[auth-passwd.c auth.h pathnames.h session.c]
support for password change; ok dtucker@
(set password-dead=1w in login.conf to use this).
In -Portable, this is currently only platforms using bsdauth.
dtucker [Fri, 6 Feb 2004 05:17:51 +0000 (05:17 +0000)]
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls. Fixes problems with setpcred
failing on accounts that use AFS or NIS password registries.
dtucker [Fri, 6 Feb 2004 04:59:06 +0000 (04:59 +0000)]
- (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO
for HP-UX 11.11. If there are known-good configs where this is not
required, please report them. ok djm@
dtucker [Fri, 30 Jan 2004 01:58:51 +0000 (01:58 +0000)]
- dtucker@cvs.openbsd.org 2003/10/11 11:49:49
[Makefile banner.sh]
Test missing banner file, suppression of banner with ssh -q, check return
code from ssh. ok markus@
djm [Tue, 27 Jan 2004 10:22:00 +0000 (10:22 +0000)]
- djm@cvs.openbsd.org 2004/01/27 10:08:10
[sftp.c]
reorder parsing so user:skey@host:file works (bugzilla #777)
patch from admorten AT umich.edu; ok markus@
djm [Tue, 27 Jan 2004 10:21:27 +0000 (10:21 +0000)]
- djm@cvs.openbsd.org 2004/01/25 03:49:09
[sshconnect.c]
reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785)
from jclonguet AT free.fr; ok millert@
djm [Tue, 27 Jan 2004 10:20:11 +0000 (10:20 +0000)]
- mouring@cvs.openbsd.org 2004/01/23 17:57:48
[sftp-int.c]
Fix issue pointed out with ls not handling large directories
with embeded paths correctly. OK damien@
djm [Tue, 27 Jan 2004 10:19:21 +0000 (10:19 +0000)]
- (djm) OpenBSD CVS Sync
- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
[cipher.c]
enable acss for ssh
ok deraadt@ markus@
- (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
if libcrypto lacks it
tim [Sat, 24 Jan 2004 02:35:16 +0000 (02:35 +0000)]
[configure.ac] Remove hard coded -L/usr/local/lib and
-I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \
CPPFLAGS="-I/usr/local/include" ./configure if needed.
dtucker [Fri, 23 Jan 2004 11:03:10 +0000 (11:03 +0000)]
- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
include kafs.h unless necessary. From deengert at anl.gov.
For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
djm [Fri, 23 Jan 2004 05:30:03 +0000 (05:30 +0000)]
- (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect
Kerberos location (and thus work with Fedora Core 1);
from jason AT devrandom.org
dtucker [Thu, 22 Jan 2004 01:48:26 +0000 (01:48 +0000)]
- (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
just HEIMDAL.
Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available. In that case it will be used too.
djm [Wed, 21 Jan 2004 06:07:16 +0000 (06:07 +0000)]
- deraadt@cvs.openbsd.org 2004/01/11 21:55:06
[sshpty.c]
for pty opening, only use the openpty() path. the other stuff only needs
to be in openssh-p; markus ok
- (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
openpty() replacement
djm [Wed, 21 Jan 2004 00:02:50 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2004/01/19 21:25:15
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
djm [Wed, 21 Jan 2004 00:02:09 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2004/01/19 09:24:21
[channels.c]
fake consumption for half closed channels since the peer is waiting for
window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
djm [Tue, 20 Jan 2004 23:58:47 +0000 (23:58 +0000)]
- djm@cvs.openbsd.org 2004/01/13 09:25:05
[sftp-int.c sftp.1 sftp.c]
Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and
enable use of "-b -" to accept batchfile from stdin; ok markus@
dtucker [Wed, 31 Dec 2003 00:43:24 +0000 (00:43 +0000)]
- dtucker@cvs.openbsd.org 2003/12/31 00:24:50
[auth2-passwd.c]
Ignore password change request during password auth (which we currently
don't support) and discard proposed new password. corrections/ok markus@