djm [Tue, 22 Jan 2002 12:34:35 +0000 (12:34 +0000)]
- markus@cvs.openbsd.org 2002/01/21 22:30:12
[cipher.c compat.c myproposal.h]
remove "rijndael-*", just use "aes-" since this how rijndael is called
in the drafts; ok stevesk@
djm [Tue, 22 Jan 2002 12:33:45 +0000 (12:33 +0000)]
- stevesk@cvs.openbsd.org 2002/01/18 20:46:34
[sshd.8]
clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
allard@oceanpark.com; ok markus@
djm [Tue, 22 Jan 2002 12:32:07 +0000 (12:32 +0000)]
- stevesk@cvs.openbsd.org 2002/01/16 17:40:23
[sshd_config]
The stategy now used for options in the default sshd_config shipped
with OpenSSH is to specify options with their default value where
possible, but leave them commented. Uncommented options change a
default value. Subsystem is currently the only default option
changed. ok markus@
djm [Tue, 22 Jan 2002 12:27:11 +0000 (12:27 +0000)]
- markus@cvs.openbsd.org 2002/01/13 21:31:20
[channels.h nchan.c]
add chan_set_[io]state(), order states, state is now an u_int,
simplifies debugging messages; ok provos@
djm [Tue, 22 Jan 2002 12:26:38 +0000 (12:26 +0000)]
- markus@cvs.openbsd.org 2002/01/13 17:57:37
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
use buffer API and avoid static strings of fixed size; ok provos@/mouring@
djm [Tue, 22 Jan 2002 12:24:13 +0000 (12:24 +0000)]
- markus@cvs.openbsd.org 2002/01/11 13:39:36
[auth2.c dispatch.c dispatch.h kex.c]
a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED'
dispatch_range(): set handler for a ranges message types
use dispatch_protocol_ignore() for authentication requests after
successful authentication (the drafts requirement).
serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting.
djm [Tue, 22 Jan 2002 12:19:38 +0000 (12:19 +0000)]
- markus@cvs.openbsd.org 2002/01/05 10:43:40
[channels.c]
fix hanging x11 channels for rejected cookies (e.g. XAUTHORITY=/dev/null xbiff)
bug #36, based on patch from djast@cs.toronto.edu
djm [Tue, 22 Jan 2002 12:19:11 +0000 (12:19 +0000)]
- stevesk@cvs.openbsd.org 2002/01/04 18:14:16
[servconf.c sshd.8]
protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
/etc/ssh_host_dsa_key like we have in sshd_config. ok markus@
djm [Tue, 22 Jan 2002 12:05:59 +0000 (12:05 +0000)]
- djm@cvs.openbsd.org 2001/12/21 10:06:43
[ssh-add.1 ssh-add.c]
Try all standard key files (id_rsa, id_dsa, identity) when invoked with
no arguments; ok markus@
djm [Tue, 22 Jan 2002 10:57:53 +0000 (10:57 +0000)]
- (djm) autoconf hacking:
- We don't support --without-zlib currently, so don't allow it.
- Rework cryptographic random number support detection. We now detect
whether OpenSSL seeds itself. If it does, then we don't bother with
the ssh-rand-helper program. You can force the use of ssh-rand-helper
using the --with-rand-helper configure argument
- Simplify and clean up ssh-rand-helper configuration
djm [Mon, 21 Jan 2002 12:44:12 +0000 (12:44 +0000)]
- (djm) Rework ssh-rand-helper:
- Reduce quantity of ifdef code, in preparation for ssh_rand_conf
- Always seed from system calls, even when doing PRNGd seeding
- Tidy and comment #define knobs
- Remove unused facility for multiple runs through command list
- KNF, cleanup, update copyright
djm [Mon, 7 Jan 2002 23:59:32 +0000 (23:59 +0000)]
- (djm) Merge Cygwin copy_environment with do_pam_environment, removing
fixed env var size limit in the process. Report from Corinna Vinschen
<vinschen@redhat.com>
djm [Sun, 23 Dec 2001 14:41:47 +0000 (14:41 +0000)]
- (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from
solar@openwall.com
- (djm) Rework entropy code. If the OpenSSL PRNG is has not been
internally seeded, execute a subprogram "ssh-rand-helper" to obtain
some entropy for us. Rewrite the old in-process entropy collecter as
an example ssh-rand-helper.
- (djm) Always perform ssh_prng_cmds path lookups in configure, even if
we don't end up using ssh_prng_cmds (so we always get a valid file)
djm [Fri, 21 Dec 2001 04:00:19 +0000 (04:00 +0000)]
- djm@cvs.openbsd.org 2001/12/20 22:50:24
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
[sshconnect2.c]
Conformance fix: we should send failing packet sequence number when
responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
yakk@yakk.dot.net; ok markus@
djm [Fri, 21 Dec 2001 03:58:35 +0000 (03:58 +0000)]
- markus@cvs.openbsd.org 2001/12/20 16:37:29
[channels.c channels.h session.c]
setup x11 listen socket for just one connect if the client requests so.
(v2 only, but the openssh client does not support this feature).
djm [Fri, 21 Dec 2001 03:56:54 +0000 (03:56 +0000)]
- stevesk@cvs.openbsd.org 2001/12/19 17:16:13
[authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
change the buffer/packet interface to use void* vs. char*; ok markus@
djm [Fri, 21 Dec 2001 03:53:11 +0000 (03:53 +0000)]
- markus@cvs.openbsd.org 2001/12/19 16:09:39
[serverloop.c]
fix race between SIGCHLD and select with an additional pipe. writing
to the pipe on SIGCHLD wakes up select(). using pselect() is not
portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
initial idea by pmenage@ensim.com; ok deraadt@, djm@
djm [Fri, 21 Dec 2001 01:52:39 +0000 (01:52 +0000)]
- jakob@cvs.openbsd.org 2001/12/18 10:06:24
[auth-rsa.c]
log fingerprint on successful public key authentication, simplify usage of key structs; ok markus@
djm [Fri, 21 Dec 2001 01:39:51 +0000 (01:39 +0000)]
- stevesk@cvs.openbsd.org 2001/12/08 17:49:28
[channels.c pathnames.h]
use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@
djm [Thu, 20 Dec 2001 23:28:07 +0000 (23:28 +0000)]
- (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
server. I have found this necessary to avoid server hangs with X input
extensions (e.g. kinput2). Enable by setting the environment variable
"GNOME_SSH_ASKPASS_NOGRAB"
stevesk [Wed, 19 Dec 2001 17:58:01 +0000 (17:58 +0000)]
- (stevesk) OpenBSD CVS sync X11 localhost display
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
[channels.h channels.c session.c]
sshd X11 fake server will now listen on localhost by default:
$ echo $DISPLAY
localhost:12.0
$ netstat -an|grep 6012
tcp 0 0 127.0.0.1.6012 *.* LISTEN
tcp6 0 0 ::1.6012 *.* LISTEN
sshd_config gatewayports=yes can be used to revert back to the old
behavior. will control this with another option later. ok markus@
- stevesk@cvs.openbsd.org 2001/12/19 08:43:11
[includes.h session.c]
handle utsname.nodename case for FamilyLocal X authorization; ok markus@