djm [Fri, 21 Dec 2001 01:52:39 +0000 (01:52 +0000)]
- jakob@cvs.openbsd.org 2001/12/18 10:06:24
[auth-rsa.c]
log fingerprint on successful public key authentication, simplify usage of key structs; ok markus@
djm [Fri, 21 Dec 2001 01:39:51 +0000 (01:39 +0000)]
- stevesk@cvs.openbsd.org 2001/12/08 17:49:28
[channels.c pathnames.h]
use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@
djm [Thu, 20 Dec 2001 23:28:07 +0000 (23:28 +0000)]
- (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
server. I have found this necessary to avoid server hangs with X input
extensions (e.g. kinput2). Enable by setting the environment variable
"GNOME_SSH_ASKPASS_NOGRAB"
stevesk [Wed, 19 Dec 2001 17:58:01 +0000 (17:58 +0000)]
- (stevesk) OpenBSD CVS sync X11 localhost display
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
[channels.h channels.c session.c]
sshd X11 fake server will now listen on localhost by default:
$ echo $DISPLAY
localhost:12.0
$ netstat -an|grep 6012
tcp 0 0 127.0.0.1.6012 *.* LISTEN
tcp6 0 0 ::1.6012 *.* LISTEN
sshd_config gatewayports=yes can be used to revert back to the old
behavior. will control this with another option later. ok markus@
- stevesk@cvs.openbsd.org 2001/12/19 08:43:11
[includes.h session.c]
handle utsname.nodename case for FamilyLocal X authorization; ok markus@
mouring [Thu, 6 Dec 2001 18:22:17 +0000 (18:22 +0000)]
- markus@cvs.openbsd.org 2001/12/06 13:30:06
[servconf.c servconf.h sshd.8 sshd.c]
add -o to sshd, too. ok deraadt@
- (bal) Minor white space fix up in servconf.c
mouring [Thu, 6 Dec 2001 17:55:26 +0000 (17:55 +0000)]
- itojun@cvs.openbsd.org 2001/12/05 03:56:39
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
sshconnect2.c]
make it compile with more strict prototype checking
mouring [Thu, 6 Dec 2001 17:45:19 +0000 (17:45 +0000)]
- stevesk@cvs.openbsd.org 2001/11/30 20:39:28
[ssh.c]
sscanf() length dependencies are clearer now; can also shrink proto
and data if desired, but i have not done that. ok markus@
mouring [Thu, 6 Dec 2001 17:41:25 +0000 (17:41 +0000)]
- markus@cvs.openbsd.org 2001/11/29 22:08:48
[auth-rsa.c]
fix protocol error: send 'failed' message instead of a 2nd challenge
(happens if the same key is in authorized_keys twice).
reported Ralf_Meister@genua.de; ok djm@
mouring [Thu, 6 Dec 2001 16:32:47 +0000 (16:32 +0000)]
- stevesk@cvs.openbsd.org 2001/11/17 19:14:34
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
tim [Tue, 27 Nov 2001 01:19:43 +0000 (01:19 +0000)]
[contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c]
Allow SSHD to install as service under WIndows 9x/Me
[configure.ac] Fix to allow linking against PCRE on Cygwin
Patches by Corinna Vinschen <vinschen@redhat.com>
djm [Tue, 13 Nov 2001 12:46:18 +0000 (12:46 +0000)]
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
djm [Mon, 12 Nov 2001 00:40:11 +0000 (00:40 +0000)]
- (djm) Reorder portable-specific server options so that they come first.
This should help reduce diff collisions for new server options (as they
will appear at the end)
djm [Mon, 12 Nov 2001 00:06:32 +0000 (00:06 +0000)]
- markus@cvs.openbsd.org 2001/11/09 18:59:23
[clientloop.c serverloop.c]
don't memset too much memory, ok millert@
original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
djm [Mon, 12 Nov 2001 00:06:06 +0000 (00:06 +0000)]
- markus@cvs.openbsd.org 2001/11/08 20:02:24
[auth.c]
don't print ROOT in CAPS for the authentication messages, i.e.
Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
becomes
Accepted publickey for root from 127.0.0.1 port 42734 ssh2
djm [Mon, 12 Nov 2001 00:02:52 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2001/11/07 16:03:17
[packet.c packet.h sshconnect2.c]
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
stevesk [Fri, 9 Nov 2001 20:22:16 +0000 (20:22 +0000)]
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
if permit_empty_passwd == 0 so null password check cannot be bypassed.
jayaraj@amritapuri.com OpenBSD bug 2168
tim [Sat, 3 Nov 2001 19:09:32 +0000 (19:09 +0000)]
[ contrib/caldera/openssh.spec contrib/caldera/sshd.init]
Updates from Raymund Will <ray@caldera.de>
[acconfig.h configure.in] Clean up login checks.
Problem reported by Jim Knoble <jmknoble@pobox.com>
tim [Thu, 25 Oct 2001 17:01:30 +0000 (17:01 +0000)]
Give path given in --with-xxx= for pcre,zlib, and
tcp-wrappers precedence over system libraries and includes.
Report from Dave Dykstra <dwd@bell-labs.com>
tim [Wed, 24 Oct 2001 05:36:54 +0000 (05:36 +0000)]
[configure.in] Fix test for broken dirname. Based on patch from
Dave Dykstra <dwd@bell-labs.com>. Remove un-needed test for zlib.h.
[contrib/caldera/openssh.spec, contrib/redhat/openssh.spec,
contrib/suse/openssh.spec] Update version to match version.h
tim [Mon, 22 Oct 2001 00:53:58 +0000 (00:53 +0000)]
[configure.in] Clean up library testing.
Add optional PATH to --with-pcre, --with-zlib, --with-tcp-wrappers
based on patch by albert chin (china@thewrittenword.com)
Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading
of patches to configure.in
Replace obsolete AC_STRUCT_ST_BLKSIZE with AC_CHECK_MEMBERS
Add test for broken dirname() on Solaris 2.5.1 by
Dan Astoorian <djast@cs.toronto.edu>
[acconfig.h aclocal.m4 defines.h configure.in]
Better socklen_t patch by albert chin (china@thewrittenword.com)
[scp.c]
Replace obsolete HAVE_ST_BLKSIZE with HAVE_STRUCT_STAT_ST_BLKSIZE
[Makefile.in] When running make in top level, always do make in openbsd-compat
patch by Dave Dykstra <dwd@bell-labs.com>