dtucker [Sun, 29 Aug 2004 07:14:31 +0000 (07:14 +0000)]
- (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
down, needed on some platforms, should be harmless on others. Patch from
jason at devrandom.org.
dtucker [Sun, 29 Aug 2004 06:31:28 +0000 (06:31 +0000)]
- dtucker@cvs.openbsd.org 2004/08/23 14:26:38
[ssh-keysign.c ssh.c]
Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
change in Portable; ok markus@ (CVS ID sync only)
dtucker [Sun, 29 Aug 2004 06:12:29 +0000 (06:12 +0000)]
- (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
dtucker [Sat, 14 Aug 2004 14:09:11 +0000 (14:09 +0000)]
- (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Plug AIX login recording into login_write so logins will be recorded for
all auth types.
dtucker [Thu, 12 Aug 2004 12:49:00 +0000 (12:49 +0000)]
- djm@cvs.openbsd.org 2004/08/11 11:59:22
[sshlogin.c]
check that lseek went were we told it to; ok markus@
(Id sync only, but similar changes are needed in loginrec.c)
- djm@cvs.openbsd.org 2004/07/21 11:51:29
[canohost.c]
bz#902: cache remote port so we don't fatal() in auth_log when remote
connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
ok markus@
- (djm) [auth-pam.c] Avoid use of xstrdup and friends in conversation function,
instead return PAM_CONV_ERR, avoiding another path to fatal(); ok dtucker@
- dtucker@cvs.openbsd.org 2004/07/17 05:31:41
[monitor.c monitor_wrap.c session.c session.h sshd.c sshlogin.c]
Move "Last logged in at.." message generation to the monitor, right
before recording the new login. Fixes missing lastlog message when
/var/log/lastlog is not world-readable and incorrect datestamp when
multiple sessions are used (bz #463); much assistance & ok markus@
- dtucker@cvs.openbsd.org 2004/07/03 11:02:25
[monitor_wrap.c]
Put s/key functions inside #ifdef SKEY same as monitor.c,
from des@freebsd via bz #330, ok markus@
- dtucker@cvs.openbsd.org 2004/07/03 05:11:33
[sshlogin.c] (RCSID sync only, the corresponding code is not in Portable)
Use '\0' not 0 for string; ok djm@, deraadt@
tim [Fri, 2 Jul 2004 03:41:15 +0000 (03:41 +0000)]
- (tim) [buildpkg.sh.in] Add $REV to bump the package revision within
the same version. Handle the case where someone uses --with-privsep-user=
and the user name does not match the group name. ok dtucker@
- (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
to pam_authenticate for challenge-response auth too. Originally from
fcusack at fcusack.com, ok djm@
dtucker [Wed, 30 Jun 2004 23:48:29 +0000 (23:48 +0000)]
- (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
Ensures messages from PAM modules are displayed when privsep=no.
Note: I did not want to just move display_loginmsg since that would change
existing behaviour (order of expiry warnings, "Last Login", motd) to less
like the native tools.
dtucker [Wed, 30 Jun 2004 10:34:31 +0000 (10:34 +0000)]
- (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
appdata_ptr to the conversation function. ok djm@
By rights we should free the messages too, but if this happens then one
of the modules has already proven itself to be buggy so can we trust
the messages?
dtucker [Mon, 28 Jun 2004 06:01:19 +0000 (06:01 +0000)]
- (dtucker) [acconfig.h configure.ac sftp-server.c] Bug #823: add sftp
rename handling for Linux which returns EPERM for link() on (at least some)
filesystems that do not support hard links. sftp-server will fall back to
stat+rename() in such cases.
djm [Fri, 25 Jun 2004 22:16:31 +0000 (22:16 +0000)]
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2004/06/25 18:43:36
[sshd.c]
fix broken fd handling in the re-exec fallback path, particularly when
/dev/crypto is in use; ok deraadt@ markus@
dtucker [Fri, 25 Jun 2004 07:06:02 +0000 (07:06 +0000)]
- dtucker@cvs.openbsd.org 2004/06/25 05:38:48
[sftp-server.c]
Fall back to stat+rename if filesystem doesn't doesn't support hard
links. bz#823, ok djm@
dtucker [Fri, 25 Jun 2004 03:34:31 +0000 (03:34 +0000)]
- djm@cvs.openbsd.org 2004/06/25 01:16:09
[sshd.c]
only perform tcp wrappers checks when the incoming connection is on a
socket. silences useless warnings from regress tests that use
proxycommand="sshd -i". prompted by david@ ok markus@
dtucker [Tue, 22 Jun 2004 23:28:20 +0000 (23:28 +0000)]
- dtucker@cvs.openbsd.org 2004/06/22 22:55:56
[regress/dynamic-forward.sh regress/test-exec.sh]
Allow setting of port for regress from TEST_SSH_PORT variable; ok markus@
dtucker [Tue, 22 Jun 2004 23:25:02 +0000 (23:25 +0000)]
- dtucker@cvs.openbsd.org 2004/06/22 22:45:52
[regress/test-exec.sh]
Add TEST_SSH_SSHD_CONFOPTS and TEST_SSH_SSH_CONFOPTS to allow adding
arbitary options to sshd_config and ssh_config during tests. ok markus@