djm [Tue, 13 Nov 2001 12:46:18 +0000 (12:46 +0000)]
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
djm [Mon, 12 Nov 2001 00:40:11 +0000 (00:40 +0000)]
- (djm) Reorder portable-specific server options so that they come first.
This should help reduce diff collisions for new server options (as they
will appear at the end)
djm [Mon, 12 Nov 2001 00:06:32 +0000 (00:06 +0000)]
- markus@cvs.openbsd.org 2001/11/09 18:59:23
[clientloop.c serverloop.c]
don't memset too much memory, ok millert@
original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
djm [Mon, 12 Nov 2001 00:06:06 +0000 (00:06 +0000)]
- markus@cvs.openbsd.org 2001/11/08 20:02:24
[auth.c]
don't print ROOT in CAPS for the authentication messages, i.e.
Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
becomes
Accepted publickey for root from 127.0.0.1 port 42734 ssh2
djm [Mon, 12 Nov 2001 00:02:52 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2001/11/07 16:03:17
[packet.c packet.h sshconnect2.c]
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
stevesk [Fri, 9 Nov 2001 20:22:16 +0000 (20:22 +0000)]
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
if permit_empty_passwd == 0 so null password check cannot be bypassed.
jayaraj@amritapuri.com OpenBSD bug 2168
tim [Sat, 3 Nov 2001 19:09:32 +0000 (19:09 +0000)]
[ contrib/caldera/openssh.spec contrib/caldera/sshd.init]
Updates from Raymund Will <ray@caldera.de>
[acconfig.h configure.in] Clean up login checks.
Problem reported by Jim Knoble <jmknoble@pobox.com>
tim [Thu, 25 Oct 2001 17:01:30 +0000 (17:01 +0000)]
Give path given in --with-xxx= for pcre,zlib, and
tcp-wrappers precedence over system libraries and includes.
Report from Dave Dykstra <dwd@bell-labs.com>
tim [Wed, 24 Oct 2001 05:36:54 +0000 (05:36 +0000)]
[configure.in] Fix test for broken dirname. Based on patch from
Dave Dykstra <dwd@bell-labs.com>. Remove un-needed test for zlib.h.
[contrib/caldera/openssh.spec, contrib/redhat/openssh.spec,
contrib/suse/openssh.spec] Update version to match version.h
tim [Mon, 22 Oct 2001 00:53:58 +0000 (00:53 +0000)]
[configure.in] Clean up library testing.
Add optional PATH to --with-pcre, --with-zlib, --with-tcp-wrappers
based on patch by albert chin (china@thewrittenword.com)
Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading
of patches to configure.in
Replace obsolete AC_STRUCT_ST_BLKSIZE with AC_CHECK_MEMBERS
Add test for broken dirname() on Solaris 2.5.1 by
Dan Astoorian <djast@cs.toronto.edu>
[acconfig.h aclocal.m4 defines.h configure.in]
Better socklen_t patch by albert chin (china@thewrittenword.com)
[scp.c]
Replace obsolete HAVE_ST_BLKSIZE with HAVE_STRUCT_STAT_ST_BLKSIZE
[Makefile.in] When running make in top level, always do make in openbsd-compat
patch by Dave Dykstra <dwd@bell-labs.com>
djm [Fri, 12 Oct 2001 01:35:50 +0000 (01:35 +0000)]
- markus@cvs.openbsd.org 2001/10/11 13:45:21
[session.c]
delay detach of session if a channel gets closed but the child is
still alive. however, release pty, since the fd's to the child are
already closed.
djm [Fri, 12 Oct 2001 01:35:04 +0000 (01:35 +0000)]
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/10/10 22:18:47
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c session.h]
try to keep channels open until an exit-status message is sent.
don't kill the login shells if the shells stdin/out/err is closed.
this should now work:
ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
djm [Wed, 10 Oct 2001 05:08:36 +0000 (05:08 +0000)]
- markus@cvs.openbsd.org 2001/10/09 19:51:18
[serverloop.c]
close all channels if the connection to the remote host has been closed,
should fix sshd's hanging with WCHAN==wait
djm [Wed, 10 Oct 2001 05:03:58 +0000 (05:03 +0000)]
- markus@cvs.openbsd.org 2001/10/07 17:49:40
[channels.c channels.h]
avoid possible FD_ISSET overflow for channels established
during channnel_after_select() (used for dynamic channels).
mouring [Wed, 3 Oct 2001 17:39:38 +0000 (17:39 +0000)]
- markus@cvs.openbsd.org 2001/10/01 21:51:16
[readconf.c readconf.h ssh.1 sshconnect.c]
add NoHostAuthenticationForLocalhost; note that the hostkey is
now check for localhost, too.