tim [Sat, 24 Jan 2004 02:35:16 +0000 (02:35 +0000)]
[configure.ac] Remove hard coded -L/usr/local/lib and
-I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \
CPPFLAGS="-I/usr/local/include" ./configure if needed.
dtucker [Fri, 23 Jan 2004 11:03:10 +0000 (11:03 +0000)]
- (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
Change AFS symbol to USE_AFS to prevent namespace collisions, do not
include kafs.h unless necessary. From deengert at anl.gov.
For consistency, all of the libkafs bits are now inside "#if defined(KRB5)
&& defined(USE_AFS)".
djm [Fri, 23 Jan 2004 05:30:03 +0000 (05:30 +0000)]
- (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect
Kerberos location (and thus work with Fedora Core 1);
from jason AT devrandom.org
dtucker [Thu, 22 Jan 2004 01:48:26 +0000 (01:48 +0000)]
- (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
just HEIMDAL.
Currently this will make no difference, as only Heimdal (which defines KRB5
anyway) has libkafs, however a libkafs that works with MIT may become
available. In that case it will be used too.
djm [Wed, 21 Jan 2004 06:07:16 +0000 (06:07 +0000)]
- deraadt@cvs.openbsd.org 2004/01/11 21:55:06
[sshpty.c]
for pty opening, only use the openpty() path. the other stuff only needs
to be in openssh-p; markus ok
- (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
openpty() replacement
djm [Wed, 21 Jan 2004 00:02:50 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2004/01/19 21:25:15
[auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
djm [Wed, 21 Jan 2004 00:02:09 +0000 (00:02 +0000)]
- markus@cvs.openbsd.org 2004/01/19 09:24:21
[channels.c]
fake consumption for half closed channels since the peer is waiting for
window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
djm [Tue, 20 Jan 2004 23:58:47 +0000 (23:58 +0000)]
- djm@cvs.openbsd.org 2004/01/13 09:25:05
[sftp-int.c sftp.1 sftp.c]
Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and
enable use of "-b -" to accept batchfile from stdin; ok markus@
dtucker [Wed, 31 Dec 2003 00:43:24 +0000 (00:43 +0000)]
- dtucker@cvs.openbsd.org 2003/12/31 00:24:50
[auth2-passwd.c]
Ignore password change request during password auth (which we currently
don't support) and discard proposed new password. corrections/ok markus@
dtucker [Thu, 18 Dec 2003 04:34:31 +0000 (04:34 +0000)]
- (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
authentication. Partially fixes bug #423. Feedback & ok djm@
Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
authentication thread and once from the main shell child, so we cache the
result, which must be passed from the authentication thread back to the
monitor.
djm [Wed, 17 Dec 2003 05:33:10 +0000 (05:33 +0000)]
- markus@cvs.openbsd.org 2003/12/16 15:49:51
[clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
[ssh.c ssh_config.5]
application layer keep alive (ServerAliveInterval ServerAliveCountMax)
for ssh(1), similar to the sshd(8) option; ok beck@; with help from
jmc and dtucker@
djm [Wed, 17 Dec 2003 05:31:10 +0000 (05:31 +0000)]
- markus@cvs.openbsd.org 2003/12/09 21:53:37
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
djm [Wed, 17 Dec 2003 05:27:32 +0000 (05:27 +0000)]
20031217
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/12/09 15:28:43
[serverloop.c]
make ClientKeepAlive work for ssh -N, too (no login shell requested).
1) send a bogus channel request if we find a channel
2) send a bogus global request if we don't have a channel
ok + test beck@
dtucker [Tue, 9 Dec 2003 13:54:38 +0000 (13:54 +0000)]
- dtucker@cvs.openbsd.org 2003/12/09 13:52:55
[moduli.c]
Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
they can't be used for Diffie-Hellman. Assistance and ok djm@
dtucker [Tue, 9 Dec 2003 08:07:13 +0000 (08:07 +0000)]
- markus@cvs.openbsd.org 2003/12/02 12:15:10
[progressmeter.c]
improvments from andreas@:
* saner speed estimate for transfers that takes less than a second by
rounding the time to 1 second.
* when the transfer is finished calculate the actual total speed
rather than the current speed which is given during the transfer
djm [Mon, 24 Nov 2003 02:07:45 +0000 (02:07 +0000)]
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/11/23 23:17:34
[ssh-keyscan.c]
from portable - use sysconf to detect fd limit; ok markus@
(tidy diff by adding SSH_SSFDMAX macro to defines.h)
dtucker [Sat, 22 Nov 2003 03:25:15 +0000 (03:25 +0000)]
- (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net.
Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
is enabled, rely on SIA to check for locked accounts if enabled. ok djm@
dtucker [Sat, 22 Nov 2003 03:16:56 +0000 (03:16 +0000)]
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move AIX specific password authentication code to port-aix.c, call
authenticate() until reenter flag is clear.
djm [Tue, 18 Nov 2003 11:01:48 +0000 (11:01 +0000)]
- djm@cvs.openbsd.org 2003/11/18 10:53:07
[monitor.c]
unbreak fake authloop for non-existent users (my screwup). Spotted and
tested by dtucker@; ok markus@
dtucker [Tue, 18 Nov 2003 01:42:07 +0000 (01:42 +0000)]
- (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,
and use it for do_pam_session. Fixes problems like pam_motd not displaying
anything. ok djm@
djm [Mon, 17 Nov 2003 11:18:21 +0000 (11:18 +0000)]
- markus@cvs.openbsd.org 2003/11/17 11:06:07
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h sshconnect2.c ssh-gss.h]
replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
test + ok jakob.
djm [Mon, 17 Nov 2003 10:13:40 +0000 (10:13 +0000)]
- djm@cvs.openbsd.org 2003/11/04 08:54:09
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
djm [Mon, 17 Nov 2003 10:09:50 +0000 (10:09 +0000)]
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/11/03 09:03:37
[auth-chall.c]
make this a little more idiot-proof; ok markus@
(includes portable-specific changes)