djm [Fri, 21 Dec 2001 03:56:54 +0000 (03:56 +0000)]
- stevesk@cvs.openbsd.org 2001/12/19 17:16:13
[authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
change the buffer/packet interface to use void* vs. char*; ok markus@
djm [Fri, 21 Dec 2001 03:53:11 +0000 (03:53 +0000)]
- markus@cvs.openbsd.org 2001/12/19 16:09:39
[serverloop.c]
fix race between SIGCHLD and select with an additional pipe. writing
to the pipe on SIGCHLD wakes up select(). using pselect() is not
portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
initial idea by pmenage@ensim.com; ok deraadt@, djm@
djm [Fri, 21 Dec 2001 01:52:39 +0000 (01:52 +0000)]
- jakob@cvs.openbsd.org 2001/12/18 10:06:24
[auth-rsa.c]
log fingerprint on successful public key authentication, simplify usage of key structs; ok markus@
djm [Fri, 21 Dec 2001 01:39:51 +0000 (01:39 +0000)]
- stevesk@cvs.openbsd.org 2001/12/08 17:49:28
[channels.c pathnames.h]
use only one path to X11 UNIX domain socket vs. an array of paths
to try. report from djast@cs.toronto.edu. ok markus@
djm [Thu, 20 Dec 2001 23:28:07 +0000 (23:28 +0000)]
- (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
server. I have found this necessary to avoid server hangs with X input
extensions (e.g. kinput2). Enable by setting the environment variable
"GNOME_SSH_ASKPASS_NOGRAB"
stevesk [Wed, 19 Dec 2001 17:58:01 +0000 (17:58 +0000)]
- (stevesk) OpenBSD CVS sync X11 localhost display
- stevesk@cvs.openbsd.org 2001/11/29 14:10:51
[channels.h channels.c session.c]
sshd X11 fake server will now listen on localhost by default:
$ echo $DISPLAY
localhost:12.0
$ netstat -an|grep 6012
tcp 0 0 127.0.0.1.6012 *.* LISTEN
tcp6 0 0 ::1.6012 *.* LISTEN
sshd_config gatewayports=yes can be used to revert back to the old
behavior. will control this with another option later. ok markus@
- stevesk@cvs.openbsd.org 2001/12/19 08:43:11
[includes.h session.c]
handle utsname.nodename case for FamilyLocal X authorization; ok markus@
mouring [Thu, 6 Dec 2001 18:22:17 +0000 (18:22 +0000)]
- markus@cvs.openbsd.org 2001/12/06 13:30:06
[servconf.c servconf.h sshd.8 sshd.c]
add -o to sshd, too. ok deraadt@
- (bal) Minor white space fix up in servconf.c
mouring [Thu, 6 Dec 2001 17:55:26 +0000 (17:55 +0000)]
- itojun@cvs.openbsd.org 2001/12/05 03:56:39
[auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c
sshconnect2.c]
make it compile with more strict prototype checking
mouring [Thu, 6 Dec 2001 17:45:19 +0000 (17:45 +0000)]
- stevesk@cvs.openbsd.org 2001/11/30 20:39:28
[ssh.c]
sscanf() length dependencies are clearer now; can also shrink proto
and data if desired, but i have not done that. ok markus@
mouring [Thu, 6 Dec 2001 17:41:25 +0000 (17:41 +0000)]
- markus@cvs.openbsd.org 2001/11/29 22:08:48
[auth-rsa.c]
fix protocol error: send 'failed' message instead of a 2nd challenge
(happens if the same key is in authorized_keys twice).
reported Ralf_Meister@genua.de; ok djm@
mouring [Thu, 6 Dec 2001 16:32:47 +0000 (16:32 +0000)]
- stevesk@cvs.openbsd.org 2001/11/17 19:14:34
[auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
enum/int type cleanup where it made sense to do so; ok markus@
tim [Tue, 27 Nov 2001 01:19:43 +0000 (01:19 +0000)]
[contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c]
Allow SSHD to install as service under WIndows 9x/Me
[configure.ac] Fix to allow linking against PCRE on Cygwin
Patches by Corinna Vinschen <vinschen@redhat.com>
djm [Tue, 13 Nov 2001 12:46:18 +0000 (12:46 +0000)]
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
djm [Mon, 12 Nov 2001 00:40:11 +0000 (00:40 +0000)]
- (djm) Reorder portable-specific server options so that they come first.
This should help reduce diff collisions for new server options (as they
will appear at the end)
djm [Mon, 12 Nov 2001 00:06:32 +0000 (00:06 +0000)]
- markus@cvs.openbsd.org 2001/11/09 18:59:23
[clientloop.c serverloop.c]
don't memset too much memory, ok millert@
original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
djm [Mon, 12 Nov 2001 00:06:06 +0000 (00:06 +0000)]
- markus@cvs.openbsd.org 2001/11/08 20:02:24
[auth.c]
don't print ROOT in CAPS for the authentication messages, i.e.
Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
becomes
Accepted publickey for root from 127.0.0.1 port 42734 ssh2
djm [Mon, 12 Nov 2001 00:02:52 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2001/11/07 16:03:17
[packet.c packet.h sshconnect2.c]
pad using the padding field from the ssh2 packet instead of sending
extra ignore messages. tested against several other ssh servers.
stevesk [Fri, 9 Nov 2001 20:22:16 +0000 (20:22 +0000)]
- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
if permit_empty_passwd == 0 so null password check cannot be bypassed.
jayaraj@amritapuri.com OpenBSD bug 2168
tim [Sat, 3 Nov 2001 19:09:32 +0000 (19:09 +0000)]
[ contrib/caldera/openssh.spec contrib/caldera/sshd.init]
Updates from Raymund Will <ray@caldera.de>
[acconfig.h configure.in] Clean up login checks.
Problem reported by Jim Knoble <jmknoble@pobox.com>
tim [Thu, 25 Oct 2001 17:01:30 +0000 (17:01 +0000)]
Give path given in --with-xxx= for pcre,zlib, and
tcp-wrappers precedence over system libraries and includes.
Report from Dave Dykstra <dwd@bell-labs.com>
tim [Wed, 24 Oct 2001 05:36:54 +0000 (05:36 +0000)]
[configure.in] Fix test for broken dirname. Based on patch from
Dave Dykstra <dwd@bell-labs.com>. Remove un-needed test for zlib.h.
[contrib/caldera/openssh.spec, contrib/redhat/openssh.spec,
contrib/suse/openssh.spec] Update version to match version.h
tim [Mon, 22 Oct 2001 00:53:58 +0000 (00:53 +0000)]
[configure.in] Clean up library testing.
Add optional PATH to --with-pcre, --with-zlib, --with-tcp-wrappers
based on patch by albert chin (china@thewrittenword.com)
Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading
of patches to configure.in
Replace obsolete AC_STRUCT_ST_BLKSIZE with AC_CHECK_MEMBERS
Add test for broken dirname() on Solaris 2.5.1 by
Dan Astoorian <djast@cs.toronto.edu>
[acconfig.h aclocal.m4 defines.h configure.in]
Better socklen_t patch by albert chin (china@thewrittenword.com)
[scp.c]
Replace obsolete HAVE_ST_BLKSIZE with HAVE_STRUCT_STAT_ST_BLKSIZE
[Makefile.in] When running make in top level, always do make in openbsd-compat
patch by Dave Dykstra <dwd@bell-labs.com>